X-Git-Url: http://www.project-moonshot.org/gitweb/?p=shibboleth%2Fcpp-opensaml.git;a=blobdiff_plain;f=saml%2Fsaml2%2Fmetadata%2Fimpl%2FBlacklistMetadataFilter.cpp;h=7081e1337c17362de6219b9ee8377cb9cfc0553d;hp=9098acd1db3c10d2df2dbb43129c6be91b9506c9;hb=1462057b3b9ae7e165d34d988e30b14c213672ca;hpb=fa5e4dad3c29ef4d01e10cc8f69327e5654732a1 diff --git a/saml/saml2/metadata/impl/BlacklistMetadataFilter.cpp b/saml/saml2/metadata/impl/BlacklistMetadataFilter.cpp index 9098acd..7081e13 100644 --- a/saml/saml2/metadata/impl/BlacklistMetadataFilter.cpp +++ b/saml/saml2/metadata/impl/BlacklistMetadataFilter.cpp @@ -1,17 +1,21 @@ -/* - * Copyright 2001-2006 Internet2 - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at +/** + * Licensed to the University Corporation for Advanced Internet + * Development, Inc. (UCAID) under one or more contributor license + * agreements. See the NOTICE file distributed with this work for + * additional information regarding copyright ownership. + * + * UCAID licenses this file to you under the Apache License, + * Version 2.0 (the "License"); you may not use this file except + * in compliance with the License. You may obtain a copy of the + * License at * - * http://www.apache.org/licenses/LICENSE-2.0 + * http://www.apache.org/licenses/LICENSE-2.0 * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, + * either express or implied. See the License for the specific + * language governing permissions and limitations under the License. */ /** @@ -21,19 +25,22 @@ */ #include "internal.h" +#include "saml2/metadata/EntityMatcher.h" +#include "saml2/metadata/Metadata.h" #include "saml2/metadata/MetadataFilter.h" -#include -#include +#include +#include using namespace opensaml::saml2md; +using namespace opensaml::saml2; +using namespace xmltooling::logging; using namespace xmltooling; -using namespace log4cpp; +using namespace boost; using namespace std; namespace opensaml { namespace saml2md { - class SAML_DLLLOCAL BlacklistMetadataFilter : public MetadataFilter { public: @@ -44,24 +51,11 @@ namespace opensaml { void doFilter(XMLObject& xmlObject) const; private: - void doFilter(EntitiesDescriptor& entities) const; - - bool found(const XMLCh* id) const { - if (!id) - return false; -#ifdef HAVE_GOOD_STL - return m_set.count(id)==1; -#else - auto_ptr_char id2(id); - return m_set.count(id2.get())==1; -#endif - } - -#ifdef HAVE_GOOD_STL - set m_set; -#else - set m_set; -#endif + void filterGroup(EntitiesDescriptor*) const; + bool included(const EntityDescriptor&) const; + + set m_entities; + scoped_ptr m_matcher; }; MetadataFilter* SAML_DLLLOCAL BlacklistMetadataFilterFactory(const DOMElement* const & e) @@ -69,83 +63,88 @@ namespace opensaml { return new BlacklistMetadataFilter(e); } + static const XMLCh Exclude[] = UNICODE_LITERAL_7(E,x,c,l,u,d,e); + static const XMLCh _matcher[] = UNICODE_LITERAL_7(m,a,t,c,h,e,r); }; }; -static const XMLCh Exclude[] = UNICODE_LITERAL_7(E,x,c,l,u,d,e); BlacklistMetadataFilter::BlacklistMetadataFilter(const DOMElement* e) { - e = XMLHelper::getFirstChildElement(e); + string matcher(XMLHelper::getAttrString(e, nullptr, _matcher)); + if (!matcher.empty()) + m_matcher.reset(SAMLConfig::getConfig().EntityMatcherManager.newPlugin(matcher.c_str(), e)); + + e = XMLHelper::getFirstChildElement(e, Exclude); while (e) { - if (XMLString::equals(e->getLocalName(), Exclude) && e->hasChildNodes()) { -#ifdef HAVE_GOOD_STL - m_set.insert(e->getFirstChild()->getNodeValue()); -#else - auto_ptr_char id(e->getFirstChild()->getNodeValue()); - m_set.insert(id.get()); -#endif + if (e->hasChildNodes()) { + const XMLCh* excl = e->getTextContent(); + if (excl && *excl) + m_entities.insert(excl); } - e = XMLHelper::getNextSiblingElement(e); + e = XMLHelper::getNextSiblingElement(e, Exclude); } } void BlacklistMetadataFilter::doFilter(XMLObject& xmlObject) const { -#ifdef _DEBUG - NDC ndc("doFilter"); -#endif - - try { - EntitiesDescriptor& entities = dynamic_cast(xmlObject); - if (found(entities.getName())) - throw MetadataFilterException("BlacklistMetadataFilter instructed to filter the root/only group in the metadata."); - doFilter(entities); - return; - } - catch (bad_cast) { + EntitiesDescriptor* group = dynamic_cast(&xmlObject); + if (group) { + if (group->getName() && !m_entities.empty() && m_entities.count(group->getName()) > 0) + throw MetadataFilterException(BLACKLIST_METADATA_FILTER " MetadataFilter instructed to filter the root group in the metadata."); + filterGroup(group); } - - try { - EntityDescriptor& entity = dynamic_cast(xmlObject); - if (found(entity.getEntityID())) - throw MetadataFilterException("BlacklistMetadataFilter instructed to filter the root/only entity in the metadata."); - return; - } - catch (bad_cast) { + else { + EntityDescriptor* entity = dynamic_cast(&xmlObject); + if (entity) { + if (included(*entity)) + throw MetadataFilterException(BLACKLIST_METADATA_FILTER " MetadataFilter instructed to filter the root/only entity in the metadata."); + } + else { + throw MetadataFilterException(BLACKLIST_METADATA_FILTER " MetadataFilter was given an improper metadata instance to filter."); + } } - - throw MetadataFilterException("BlacklistMetadataFilter was given an improper metadata instance to filter."); } -void BlacklistMetadataFilter::doFilter(EntitiesDescriptor& entities) const +void BlacklistMetadataFilter::filterGroup(EntitiesDescriptor* entities) const { - Category& log=Category::getInstance(SAML_LOGCAT".Metadata"); - - VectorOf(EntityDescriptor) v=entities.getEntityDescriptors(); - for (VectorOf(EntityDescriptor)::size_type i=0; igetEntityID(); - if (found(id)) { - auto_ptr_char id2(id); - log.info("filtering out blacklisted entity (%s)", id2.get()); + Category& log = Category::getInstance(SAML_LOGCAT ".MetadataFilter." WHITELIST_METADATA_FILTER); + + VectorOf(EntityDescriptor) v = entities->getEntityDescriptors(); + for (VectorOf(EntityDescriptor)::size_type i = 0; i < v.size(); ) { + if (included(*v[i])) { + auto_ptr_char id(v[i]->getEntityID()); + log.info("filtering out blacklisted entity (%s)", id.get()); v.erase(v.begin() + i); } else { i++; } } - - VectorOf(EntitiesDescriptor) w=entities.getEntitiesDescriptors(); - for (VectorOf(EntitiesDescriptor)::size_type j=0; jgetName(); - if (found(name)) { + + VectorOf(EntitiesDescriptor) w = entities->getEntitiesDescriptors(); + for (VectorOf(EntitiesDescriptor)::size_type j = 0; j < w.size(); ) { + const XMLCh* name = w[j]->getName(); + if (name && !m_entities.empty() && m_entities.count(name) > 0) { auto_ptr_char name2(name); log.info("filtering out blacklisted group (%s)", name2.get()); w.erase(w.begin() + j); } else { - doFilter(*(w[j])); + filterGroup(w[j]); j++; } } } + +bool BlacklistMetadataFilter::included(const EntityDescriptor& entity) const +{ + // Check for entityID. + if (entity.getEntityID() && !m_entities.empty() && m_entities.count(entity.getEntityID()) > 0) + return true; + + if (m_matcher && m_matcher->matches(entity)) + return true; + + return false; +}