X-Git-Url: http://www.project-moonshot.org/gitweb/?p=shibboleth%2Fcpp-opensaml.git;a=blobdiff_plain;f=saml%2Fsaml2%2Fmetadata%2Fimpl%2FBlacklistMetadataFilter.cpp;h=7081e1337c17362de6219b9ee8377cb9cfc0553d;hp=283047ca08984986e9b6fe2c3391cfbea1415f78;hb=1462057b3b9ae7e165d34d988e30b14c213672ca;hpb=b200befa360fe74b3b8865a654f54a6647723755 diff --git a/saml/saml2/metadata/impl/BlacklistMetadataFilter.cpp b/saml/saml2/metadata/impl/BlacklistMetadataFilter.cpp index 283047c..7081e13 100644 --- a/saml/saml2/metadata/impl/BlacklistMetadataFilter.cpp +++ b/saml/saml2/metadata/impl/BlacklistMetadataFilter.cpp @@ -25,20 +25,22 @@ */ #include "internal.h" +#include "saml2/metadata/EntityMatcher.h" #include "saml2/metadata/Metadata.h" #include "saml2/metadata/MetadataFilter.h" +#include #include -#include using namespace opensaml::saml2md; +using namespace opensaml::saml2; using namespace xmltooling::logging; using namespace xmltooling; +using namespace boost; using namespace std; namespace opensaml { namespace saml2md { - class SAML_DLLLOCAL BlacklistMetadataFilter : public MetadataFilter { public: @@ -49,15 +51,11 @@ namespace opensaml { void doFilter(XMLObject& xmlObject) const; private: - void doFilter(EntitiesDescriptor& entities) const; - - bool found(const XMLCh* id) const { - if (!id) - return false; - return m_set.count(id)==1; - } + void filterGroup(EntitiesDescriptor*) const; + bool included(const EntityDescriptor&) const; - set m_set; + set m_entities; + scoped_ptr m_matcher; }; MetadataFilter* SAML_DLLLOCAL BlacklistMetadataFilterFactory(const DOMElement* const & e) @@ -65,78 +63,88 @@ namespace opensaml { return new BlacklistMetadataFilter(e); } + static const XMLCh Exclude[] = UNICODE_LITERAL_7(E,x,c,l,u,d,e); + static const XMLCh _matcher[] = UNICODE_LITERAL_7(m,a,t,c,h,e,r); }; }; -static const XMLCh Exclude[] = UNICODE_LITERAL_7(E,x,c,l,u,d,e); BlacklistMetadataFilter::BlacklistMetadataFilter(const DOMElement* e) { - e = XMLHelper::getFirstChildElement(e); + string matcher(XMLHelper::getAttrString(e, nullptr, _matcher)); + if (!matcher.empty()) + m_matcher.reset(SAMLConfig::getConfig().EntityMatcherManager.newPlugin(matcher.c_str(), e)); + + e = XMLHelper::getFirstChildElement(e, Exclude); while (e) { - if (XMLString::equals(e->getLocalName(), Exclude) && e->hasChildNodes()) { - m_set.insert(e->getFirstChild()->getTextContent()); + if (e->hasChildNodes()) { + const XMLCh* excl = e->getTextContent(); + if (excl && *excl) + m_entities.insert(excl); } - e = XMLHelper::getNextSiblingElement(e); + e = XMLHelper::getNextSiblingElement(e, Exclude); } } void BlacklistMetadataFilter::doFilter(XMLObject& xmlObject) const { -#ifdef _DEBUG - NDC ndc("doFilter"); -#endif - - try { - EntitiesDescriptor& entities = dynamic_cast(xmlObject); - if (found(entities.getName())) - throw MetadataFilterException("BlacklistMetadataFilter instructed to filter the root/only group in the metadata."); - doFilter(entities); - return; - } - catch (bad_cast&) { - } - - try { - EntityDescriptor& entity = dynamic_cast(xmlObject); - if (found(entity.getEntityID())) - throw MetadataFilterException("BlacklistMetadataFilter instructed to filter the root/only entity in the metadata."); - return; + EntitiesDescriptor* group = dynamic_cast(&xmlObject); + if (group) { + if (group->getName() && !m_entities.empty() && m_entities.count(group->getName()) > 0) + throw MetadataFilterException(BLACKLIST_METADATA_FILTER " MetadataFilter instructed to filter the root group in the metadata."); + filterGroup(group); } - catch (bad_cast&) { + else { + EntityDescriptor* entity = dynamic_cast(&xmlObject); + if (entity) { + if (included(*entity)) + throw MetadataFilterException(BLACKLIST_METADATA_FILTER " MetadataFilter instructed to filter the root/only entity in the metadata."); + } + else { + throw MetadataFilterException(BLACKLIST_METADATA_FILTER " MetadataFilter was given an improper metadata instance to filter."); + } } - - throw MetadataFilterException("BlacklistMetadataFilter was given an improper metadata instance to filter."); } -void BlacklistMetadataFilter::doFilter(EntitiesDescriptor& entities) const +void BlacklistMetadataFilter::filterGroup(EntitiesDescriptor* entities) const { - Category& log=Category::getInstance(SAML_LOGCAT".MetadataFilter.Blacklist"); - - VectorOf(EntityDescriptor) v=entities.getEntityDescriptors(); - for (VectorOf(EntityDescriptor)::size_type i=0; igetEntityID(); - if (found(id)) { - auto_ptr_char id2(id); - log.info("filtering out blacklisted entity (%s)", id2.get()); + Category& log = Category::getInstance(SAML_LOGCAT ".MetadataFilter." WHITELIST_METADATA_FILTER); + + VectorOf(EntityDescriptor) v = entities->getEntityDescriptors(); + for (VectorOf(EntityDescriptor)::size_type i = 0; i < v.size(); ) { + if (included(*v[i])) { + auto_ptr_char id(v[i]->getEntityID()); + log.info("filtering out blacklisted entity (%s)", id.get()); v.erase(v.begin() + i); } else { i++; } } - - VectorOf(EntitiesDescriptor) w=entities.getEntitiesDescriptors(); - for (VectorOf(EntitiesDescriptor)::size_type j=0; jgetName(); - if (found(name)) { + + VectorOf(EntitiesDescriptor) w = entities->getEntitiesDescriptors(); + for (VectorOf(EntitiesDescriptor)::size_type j = 0; j < w.size(); ) { + const XMLCh* name = w[j]->getName(); + if (name && !m_entities.empty() && m_entities.count(name) > 0) { auto_ptr_char name2(name); log.info("filtering out blacklisted group (%s)", name2.get()); w.erase(w.begin() + j); } else { - doFilter(*(w[j])); + filterGroup(w[j]); j++; } } } + +bool BlacklistMetadataFilter::included(const EntityDescriptor& entity) const +{ + // Check for entityID. + if (entity.getEntityID() && !m_entities.empty() && m_entities.count(entity.getEntityID()) > 0) + return true; + + if (m_matcher && m_matcher->matches(entity)) + return true; + + return false; +}