X-Git-Url: http://www.project-moonshot.org/gitweb/?p=shibboleth%2Fcpp-opensaml.git;a=blobdiff_plain;f=saml%2Fsaml2%2Fmetadata%2Fimpl%2FAbstractMetadataProvider.cpp;h=fd7948c93cf2dbb133a02517ef1c5ba3662f26a2;hp=d59e8e2c43ee4f16f0e23a99c16b7fa8cb47a116;hb=17b312daa349580f67cc07fc190125224146cf14;hpb=b1614d3c1fc1f4230ab2a123f43994127c25462c diff --git a/saml/saml2/metadata/impl/AbstractMetadataProvider.cpp b/saml/saml2/metadata/impl/AbstractMetadataProvider.cpp index d59e8e2..fd7948c 100644 --- a/saml/saml2/metadata/impl/AbstractMetadataProvider.cpp +++ b/saml/saml2/metadata/impl/AbstractMetadataProvider.cpp @@ -24,6 +24,7 @@ #include "binding/SAMLArtifact.h" #include "saml2/metadata/Metadata.h" #include "saml2/metadata/AbstractMetadataProvider.h" +#include "saml2/metadata/MetadataCredentialContext.h" #include "saml2/metadata/MetadataCredentialCriteria.h" #include @@ -55,27 +56,40 @@ AbstractMetadataProvider::AbstractMetadataProvider(const DOMElement* e) AbstractMetadataProvider::~AbstractMetadataProvider() { for (credmap_t::iterator c = m_credentialMap.begin(); c!=m_credentialMap.end(); ++c) - for_each(c->second.begin(), c->second.end(), cleanup_pair()); + for_each(c->second.begin(), c->second.end(), xmltooling::cleanup()); delete m_credentialLock; delete m_resolver; } -void AbstractMetadataProvider::emitChangeEvent() +void AbstractMetadataProvider::emitChangeEvent() const { for (credmap_t::iterator c = m_credentialMap.begin(); c!=m_credentialMap.end(); ++c) - for_each(c->second.begin(), c->second.end(), cleanup_pair()); + for_each(c->second.begin(), c->second.end(), xmltooling::cleanup()); m_credentialMap.clear(); ObservableMetadataProvider::emitChangeEvent(); } -void AbstractMetadataProvider::index(EntityDescriptor* site, time_t validUntil) +void AbstractMetadataProvider::index(EntityDescriptor* site, time_t validUntil, bool replace) const { if (validUntil < site->getValidUntilEpoch()) site->setValidUntil(validUntil); auto_ptr_char id(site->getEntityID()); if (id.get()) { - m_sites.insert(make_pair(id.get(),site)); + if (replace) { + m_sites.erase(id.get()); + for (sitemap_t::iterator s = m_sources.begin(); s != m_sources.end();) { + if (s->second == site) { + sitemap_t::iterator temp = s; + ++s; + m_sources.erase(temp); + } + else { + ++s; + } + } + } + m_sites.insert(sitemap_t::value_type(id.get(),site)); } // Process each IdP role. @@ -92,7 +106,7 @@ void AbstractMetadataProvider::index(EntityDescriptor* site, time_t validUntil) if (sid) { auto_ptr_char sourceid(sid->getID()); if (sourceid.get()) { - m_sources.insert(pair(sourceid.get(),site)); + m_sources.insert(sitemap_t::value_type(sourceid.get(),site)); break; } } @@ -100,37 +114,33 @@ void AbstractMetadataProvider::index(EntityDescriptor* site, time_t validUntil) } // Hash the ID. - m_sources.insert( - pair(SAMLConfig::getConfig().hashSHA1(id.get(), true),site) - ); + m_sources.insert(sitemap_t::value_type(SAMLConfig::getConfig().hashSHA1(id.get(), true),site)); // Load endpoints for type 0x0002 artifacts. const vector& locs=const_cast(*i)->getArtifactResolutionServices(); for (vector::const_iterator loc=locs.begin(); loc!=locs.end(); loc++) { auto_ptr_char location((*loc)->getLocation()); if (location.get()) - m_sources.insert(pair(location.get(),site)); + m_sources.insert(sitemap_t::value_type(location.get(),site)); } } // SAML 2.0? if ((*i)->hasSupport(samlconstants::SAML20P_NS)) { // Hash the ID. - m_sources.insert( - pair(SAMLConfig::getConfig().hashSHA1(id.get(), true),site) - ); + m_sources.insert(sitemap_t::value_type(SAMLConfig::getConfig().hashSHA1(id.get(), true),site)); } } } -void AbstractMetadataProvider::index(EntitiesDescriptor* group, time_t validUntil) +void AbstractMetadataProvider::index(EntitiesDescriptor* group, time_t validUntil) const { if (validUntil < group->getValidUntilEpoch()) group->setValidUntil(validUntil); auto_ptr_char name(group->getName()); if (name.get()) { - m_groups.insert(make_pair(name.get(),group)); + m_groups.insert(groupmap_t::value_type(name.get(),group)); } const vector& groups=const_cast(group)->getEntitiesDescriptors(); @@ -142,16 +152,18 @@ void AbstractMetadataProvider::index(EntitiesDescriptor* group, time_t validUnti index(*j,group->getValidUntilEpoch()); } -void AbstractMetadataProvider::clearDescriptorIndex() +void AbstractMetadataProvider::clearDescriptorIndex(bool freeSites) { - m_sources.clear(); + if (freeSites) + for_each(m_sites.begin(), m_sites.end(), cleanup_const_pair()); m_sites.clear(); m_groups.clear(); + m_sources.clear(); } const EntitiesDescriptor* AbstractMetadataProvider::getEntitiesDescriptor(const char* name, bool strict) const { - pair range=m_groups.equal_range(name); + pair range=const_cast(m_groups).equal_range(name); time_t now=time(NULL); for (groupmap_t::const_iterator i=range.first; i!=range.second; i++) @@ -164,31 +176,42 @@ const EntitiesDescriptor* AbstractMetadataProvider::getEntitiesDescriptor(const return NULL; } -const EntityDescriptor* AbstractMetadataProvider::getEntityDescriptor(const char* name, bool strict) const +pair AbstractMetadataProvider::getEntityDescriptor(const Criteria& criteria) const { - pair range=m_sites.equal_range(name); - + pair range; + if (criteria.entityID_ascii) + range = const_cast(m_sites).equal_range(criteria.entityID_ascii); + else if (criteria.entityID_unicode) { + auto_ptr_char id(criteria.entityID_unicode); + range = const_cast(m_sites).equal_range(id.get()); + } + else if (criteria.artifact) + range = const_cast(m_sources).equal_range(criteria.artifact->getSource()); + else + return pair(NULL,NULL); + + pair result; + result.first = NULL; + result.second = NULL; + time_t now=time(NULL); - for (sitemap_t::const_iterator i=range.first; i!=range.second; i++) - if (now < i->second->getValidUntilEpoch()) - return i->second; + for (sitemap_t::const_iterator i=range.first; i!=range.second; i++) { + if (now < i->second->getValidUntilEpoch()) { + result.first = i->second; + break; + } + } - if (!strict && range.first!=range.second) - return range.first->second; + if (!result.first && !criteria.validOnly && range.first!=range.second) + result.first = range.first->second; - return NULL; -} - -const EntityDescriptor* AbstractMetadataProvider::getEntityDescriptor(const SAMLArtifact* artifact) const -{ - pair range=m_sources.equal_range(artifact->getSource()); - - time_t now=time(NULL); - for (sitemap_t::const_iterator i=range.first; i!=range.second; i++) - if (now < i->second->getValidUntilEpoch()) - return i->second; - - return NULL; + if (result.first && criteria.role) { + result.second = result.first->getRoleDescriptor(*criteria.role, criteria.protocol); + if (!result.second && criteria.protocol2) + result.second = result.first->getRoleDescriptor(*criteria.role, criteria.protocol2); + } + + return result; } const Credential* AbstractMetadataProvider::resolve(const CredentialCriteria* criteria) const @@ -201,8 +224,8 @@ const Credential* AbstractMetadataProvider::resolve(const CredentialCriteria* cr const credmap_t::mapped_type& creds = resolveCredentials(metacrit->getRole()); for (credmap_t::mapped_type::const_iterator c = creds.begin(); c!=creds.end(); ++c) - if (matches(*c,criteria)) - return c->second; + if (metacrit->matches(*(*c))) + return *c; return NULL; } @@ -218,8 +241,8 @@ vector::size_type AbstractMetadataProvider::resolve( const credmap_t::mapped_type& creds = resolveCredentials(metacrit->getRole()); for (credmap_t::mapped_type::const_iterator c = creds.begin(); c!=creds.end(); ++c) - if (matches(*c,criteria)) - results.push_back(c->second); + if (metacrit->matches(*(*c))) + results.push_back(*c); return results.size(); } @@ -234,32 +257,11 @@ const AbstractMetadataProvider::credmap_t::mapped_type& AbstractMetadataProvider AbstractMetadataProvider::credmap_t::mapped_type& resolved = m_credentialMap[&role]; for (vector::const_iterator k = keys.begin(); k!=keys.end(); ++k) { if ((*k)->getKeyInfo()) { - Credential* c = resolver->resolve((*k)->getKeyInfo()); - resolved.push_back(make_pair((*k)->getUse(), c)); + auto_ptr mcc(new MetadataCredentialContext(*(*k))); + Credential* c = resolver->resolve(mcc.get()); + mcc.release(); + resolved.push_back(c); } } return resolved; } - -bool AbstractMetadataProvider::matches(const pair& cred, const CredentialCriteria* criteria) const -{ - if (criteria) { - // Check for a usage mismatch. - if ((criteria->getUsage()==CredentialCriteria::SIGNING_CREDENTIAL || criteria->getUsage()==CredentialCriteria::TLS_CREDENTIAL) && - XMLString::equals(cred.first,KeyDescriptor::KEYTYPE_ENCRYPTION)) - return false; - else if (criteria->getUsage()==CredentialCriteria::ENCRYPTION_CREDENTIAL && XMLString::equals(cred.first,KeyDescriptor::KEYTYPE_SIGNING)) - return false; - - if (cred.second->getPublicKey()) { - // See if we have to match a specific key. - auto_ptr critcred( - XMLToolingConfig::getConfig().getKeyInfoResolver()->resolve(*criteria,Credential::RESOLVE_KEYS) - ); - if (critcred.get()) - if (!critcred->isEqual(*(cred.second->getPublicKey()))) - return false; - } - } - return true; -}