X-Git-Url: http://www.project-moonshot.org/gitweb/?p=shibboleth%2Fcpp-opensaml.git;a=blobdiff_plain;f=saml%2Fsaml2%2Fmetadata%2Fimpl%2FDynamicMetadataProvider.cpp;h=a11f5b913f89af26bd82f4ae62200dfd4212b55b;hp=2db9a48e8d809acdab9036a6a9e630bf77deadbf;hb=384f649a7ef352f15223417de3167bd67224bb00;hpb=529b003774ec45cad19910b845a52a70d273043d

diff --git a/saml/saml2/metadata/impl/DynamicMetadataProvider.cpp b/saml/saml2/metadata/impl/DynamicMetadataProvider.cpp
index 2db9a48..a11f5b9 100644
--- a/saml/saml2/metadata/impl/DynamicMetadataProvider.cpp
+++ b/saml/saml2/metadata/impl/DynamicMetadataProvider.cpp
@@ -1,5 +1,5 @@
 /*
- *  Copyright 2001-2007 Internet2
+ *  Copyright 2001-2009 Internet2
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -26,10 +26,10 @@
 #include "saml2/metadata/DynamicMetadataProvider.h"
 
 #include <xercesc/framework/Wrapper4InputSource.hpp>
-#include <xercesc/framework/URLInputSource.hpp>
 #include <xercesc/util/XMLUniDefs.hpp>
 #include <xmltooling/logging.h>
 #include <xmltooling/util/XMLHelper.h>
+#include <xmltooling/validation/ValidatorSuite.h>
 
 using namespace opensaml::saml2md;
 using namespace xmltooling::logging;
@@ -86,8 +86,9 @@ pair<const EntityDescriptor*,const RoleDescriptor*> DynamicMetadataProvider::get
         auto_ptr_char temp(criteria.entityID_unicode);
         name = temp.get();
     }
-    else if (criteria.artifact)
+    else if (criteria.artifact) {
         name = criteria.artifact->getSource();
+    }
     else
         return entity;
 
@@ -100,34 +101,36 @@ pair<const EntityDescriptor*,const RoleDescriptor*> DynamicMetadataProvider::get
 
         // Verify the entityID.
         if (criteria.entityID_unicode && !XMLString::equals(criteria.entityID_unicode, entity2->getEntityID())) {
-            Category::getInstance(SAML_LOGCAT".MetadataProvider.Dynamic").error("metadata instance did not match expected entityID");
+            log.error("metadata instance did not match expected entityID");
             return entity;
         }
         else {
             auto_ptr_XMLCh temp2(name.c_str());
             if (!XMLString::equals(temp2.get(), entity2->getEntityID())) {
-                Category::getInstance(SAML_LOGCAT".MetadataProvider.Dynamic").error("metadata instance did not match expected entityID");
+                log.error("metadata instance did not match expected entityID");
                 return entity;
             }
         }
 
+        if (!m_validate) {
+            try {
+                SchemaValidators.validate(entity2.get());
+            }
+            catch (exception& ex) {
+                log.error("metadata intance failed manual schema validation checking: ", ex.what());
+                throw MetadataException("Metadata instance failed manual schema validation checking.");
+            }
+        }
+
         // Filter it, which may throw.
         doFilters(*entity2.get());
 
-        log.info("caching resolved metadata for (%s)", name.c_str());
+        time_t now = time(NULL);
 
-        // Translate cacheDuration into validUntil.
-        time_t exp = m_maxCacheDuration;
-        if (entity2->getCacheDuration())
-            exp = min(m_maxCacheDuration, entity2->getCacheDurationEpoch());
-        exp += time(NULL);
-        if (entity2->getValidUntil()) {
-            if (exp < entity2->getValidUntilEpoch())
-                entity2->setValidUntil(exp);
-        }
-        else {
-            entity2->setValidUntil(exp);
-        }
+        if (entity2->getValidUntil() && entity2->getValidUntilEpoch() < now + 60)
+            throw MetadataException("Metadata was already invalid at the time of retrieval.");
+
+        log.info("caching resolved metadata for (%s)", name.c_str());
 
         // Upgrade our lock so we can cache the new metadata.
         m_lock->unlock();
@@ -137,16 +140,18 @@ pair<const EntityDescriptor*,const RoleDescriptor*> DynamicMetadataProvider::get
         emitChangeEvent();
 
         // Make sure we clear out any existing copies, including stale metadata or if somebody snuck in.
-        index(entity2.release(), SAMLTIME_MAX, true);
+        time_t exp = m_maxCacheDuration;
+        if (entity2->getCacheDuration())
+            exp = min(m_maxCacheDuration, entity2->getCacheDurationEpoch());
+        exp += now;
+        index(entity2.release(), exp, true);
 
         // Downgrade back to a read lock.
         m_lock->unlock();
         m_lock->rdlock();
     }
     catch (exception& e) {
-        Category::getInstance(SAML_LOGCAT".MetadataProvider.Dynamic").error(
-            "error while resolving entityID (%s): %s", name.c_str(), e.what()
-            );
+        log.error("error while resolving entityID (%s): %s", name.c_str(), e.what());
         return entity;
     }
 
@@ -157,14 +162,16 @@ pair<const EntityDescriptor*,const RoleDescriptor*> DynamicMetadataProvider::get
 EntityDescriptor* DynamicMetadataProvider::resolve(const Criteria& criteria) const
 {
     string name;
-    if (criteria.entityID_ascii)
+    if (criteria.entityID_ascii) {
         name = criteria.entityID_ascii;
+    }
     else if (criteria.entityID_unicode) {
         auto_ptr_char temp(criteria.entityID_unicode);
         name = temp.get();
     }
-    else if (criteria.artifact)
-        name = criteria.artifact->getSource();
+    else if (criteria.artifact) {
+        throw MetadataException("Unable to resolve metadata dynamically from an artifact.");
+    }
 
     try {
         DOMDocument* doc=NULL;