X-Git-Url: http://www.project-moonshot.org/gitweb/?p=shibboleth%2Fcpp-opensaml.git;a=blobdiff_plain;f=saml%2Fsaml2%2Fmetadata%2Fimpl%2FXMLMetadataProvider.cpp;h=6986b9dd0d1a041463871b3726185fc16ff32002;hp=19730baf1cba913fc4046534ce3180930655594f;hb=1462057b3b9ae7e165d34d988e30b14c213672ca;hpb=1cc00cad473a796373e8a327e5d37bee4c74b411

diff --git a/saml/saml2/metadata/impl/XMLMetadataProvider.cpp b/saml/saml2/metadata/impl/XMLMetadataProvider.cpp
index 19730ba..6986b9d 100644
--- a/saml/saml2/metadata/impl/XMLMetadataProvider.cpp
+++ b/saml/saml2/metadata/impl/XMLMetadataProvider.cpp
@@ -71,57 +71,13 @@ namespace opensaml {
                 shutdown();
             }
 
-            void init() {
-                try {
-                    if (!m_id.empty()) {
-                        string threadid("[");
-                        threadid += m_id + ']';
-                        logging::NDC::push(threadid);
-                    }
-                    background_load();
-                    startup();
-                }
-                catch (...) {
-                    startup();
-                    if (!m_id.empty()) {
-                        logging::NDC::pop();
-                    }
-                    throw;
-                }
-
-                if (!m_id.empty()) {
-                    logging::NDC::pop();
-                }
-            }
+            void init();
 
             const char* getId() const {
                 return m_id.c_str();
             }
 
-            void outputStatus(ostream& os) const {
-                os << "<MetadataProvider";
-
-                if (getId() && *getId()) {
-                    os << " id='" << getId() << "'";
-                }
-
-                if (!m_source.empty()) {
-                    os << " source='" << m_source << "'";
-                }
-
-                if (m_lastUpdate > 0) {
-                    DateTime ts(m_lastUpdate);
-                    ts.parseDateTime();
-                    auto_ptr_char timestamp(ts.getFormattedString());
-                    os << " lastUpdate='" << timestamp.get() << "'";
-                }
-
-                if (!m_local && m_reloadInterval > 0) {
-                    os << " reloadInterval='" << m_reloadInterval << "'";
-                }
-
-                os << "/>";
-            }
+            void outputStatus(ostream& os) const;
 
             const XMLObject* getMetadata() const {
                 return m_object.get();
@@ -137,7 +93,7 @@ namespace opensaml {
             time_t computeNextRefresh();
 
             scoped_ptr<XMLObject> m_object;
-            bool m_discoveryFeed;
+            bool m_discoveryFeed,m_dropDOM;
             double m_refreshDelayFactor;
             unsigned int m_backoffFactor;
             time_t m_minRefreshDelay,m_maxRefreshDelay,m_lastValidUntil;
@@ -149,8 +105,32 @@ namespace opensaml {
         }
 
         static const XMLCh discoveryFeed[] =        UNICODE_LITERAL_13(d,i,s,c,o,v,e,r,y,F,e,e,d);
+        static const XMLCh dropDOM[] =              UNICODE_LITERAL_7(d,r,o,p,D,O,M);
         static const XMLCh minRefreshDelay[] =      UNICODE_LITERAL_15(m,i,n,R,e,f,r,e,s,h,D,e,l,a,y);
         static const XMLCh refreshDelayFactor[] =   UNICODE_LITERAL_18(r,e,f,r,e,s,h,D,e,l,a,y,F,a,c,t,o,r);
+
+        // TODO: need to move this into xmltooling as a utility function
+        static void xml_encode(ostream& os, const char* start)
+        {
+            size_t pos;
+            while (start && *start) {
+                pos = strcspn(start, "\"<>&");
+                if (pos > 0) {
+                    os.write(start,pos);
+                    start += pos;
+                }
+                else {
+                    switch (*start) {
+                        case '"':   os << "&quot;";     break;
+                        case '<':   os << "&lt;";       break;
+                        case '>':   os << "&gt;";       break;
+                        case '&':   os << "&amp;";      break;
+                        default:    os << *start;
+                    }
+                    start++;
+                }
+            }
+        }
     };
 };
 
@@ -160,8 +140,9 @@ namespace opensaml {
 
 XMLMetadataProvider::XMLMetadataProvider(const DOMElement* e)
     : MetadataProvider(e), AbstractMetadataProvider(e), DiscoverableMetadataProvider(e),
-        ReloadableXMLFile(e, Category::getInstance(SAML_LOGCAT".MetadataProvider.XML"), false),
+        ReloadableXMLFile(e, Category::getInstance(SAML_LOGCAT ".MetadataProvider.XML"), false),
         m_discoveryFeed(XMLHelper::getAttrBool(e, true, discoveryFeed)),
+        m_dropDOM(XMLHelper::getAttrBool(e, true, dropDOM)),
         m_refreshDelayFactor(0.75), m_backoffFactor(1),
         m_minRefreshDelay(XMLHelper::getAttrInt(e, 600, minRefreshDelay)),
         m_maxRefreshDelay(m_reloadInterval), m_lastValidUntil(SAMLTIME_MAX)
@@ -184,6 +165,30 @@ XMLMetadataProvider::XMLMetadataProvider(const DOMElement* e)
     }
 }
 
+void XMLMetadataProvider::init()
+{
+    try {
+        if (!m_id.empty()) {
+            string threadid("[");
+            threadid += m_id + ']';
+            logging::NDC::push(threadid);
+        }
+        background_load();
+        startup();
+    }
+    catch (...) {
+        startup();
+        if (!m_id.empty()) {
+            logging::NDC::pop();
+        }
+        throw;
+    }
+
+    if (!m_id.empty()) {
+        logging::NDC::pop();
+    }
+}
+
 pair<bool,DOMElement*> XMLMetadataProvider::load(bool backup)
 {
     if (!backup) {
@@ -210,11 +215,17 @@ pair<bool,DOMElement*> XMLMetadataProvider::load(bool backup)
     try {
         SchemaValidators.validate(xmlObject.get());
     }
-    catch (exception& ex) {
-        m_log.error("metadata intance failed manual validation checking: %s", ex.what());
+    catch (std::exception& ex) {
+        m_log.error("metadata instance failed manual validation checking: %s", ex.what());
         throw MetadataException("Metadata instance failed manual validation checking.");
     }
 
+    const TimeBoundSAMLObject* validityCheck = dynamic_cast<TimeBoundSAMLObject*>(xmlObject.get());
+    if (!validityCheck || !validityCheck->isValid()) {
+        m_log.error("metadata instance was invalid at time of acquisition");
+        throw MetadataException("Metadata instance was invalid at time of acquisition.");
+    }
+
     // This is the best place to take a backup, since it's superficially "correct" metadata.
     string backupKey;
     if (!backup && !m_backing.empty()) {
@@ -226,7 +237,7 @@ pair<bool,DOMElement*> XMLMetadataProvider::load(bool backup)
             ofstream backer(backupKey.c_str());
             backer << *(raw.second->getOwnerDocument());
         }
-        catch (exception& ex) {
+        catch (std::exception& ex) {
             m_log.crit("exception while backing up metadata: %s", ex.what());
             backupKey.erase();
         }
@@ -235,7 +246,7 @@ pair<bool,DOMElement*> XMLMetadataProvider::load(bool backup)
     try {
         doFilters(*xmlObject);
     }
-    catch (exception&) {
+    catch (std::exception&) {
         if (!backupKey.empty())
             remove(backupKey.c_str());
         throw;
@@ -250,8 +261,10 @@ pair<bool,DOMElement*> XMLMetadataProvider::load(bool backup)
         preserveCacheTag();
     }
 
-    xmlObject->releaseThisAndChildrenDOM();
-    xmlObject->setDocument(nullptr);
+    if (m_dropDOM) {
+        xmlObject->releaseThisAndChildrenDOM();
+        xmlObject->setDocument(nullptr);
+    }
 
     // Swap it in after acquiring write lock if necessary.
     if (m_lock)
@@ -303,14 +316,16 @@ pair<bool,DOMElement*> XMLMetadataProvider::background_load()
             return load(true);
         throw;
     }
-    catch (exception&) {
+    catch (std::exception& ex) {
         if (!m_local) {
             m_reloadInterval = m_minRefreshDelay * m_backoffFactor++;
             if (m_reloadInterval > m_maxRefreshDelay)
                 m_reloadInterval = m_maxRefreshDelay;
             m_log.warn("adjusted reload interval to %u seconds", m_reloadInterval);
-            if (!m_loaded && !m_backing.empty())
+            if (!m_loaded && !m_backing.empty()) {
+                m_log.warn("trying backup file, exception loading remote resource: %s", ex.what());
                 return load(true);
+            }
         }
         throw;
     }
@@ -354,3 +369,29 @@ void XMLMetadataProvider::index(time_t& validUntil)
     }
     indexEntity(dynamic_cast<EntityDescriptor*>(m_object.get()), validUntil);
 }
+
+void XMLMetadataProvider::outputStatus(ostream& os) const
+{
+    os << "<MetadataProvider";
+
+    if (getId() && *getId()) {
+        os << " id='"; xml_encode(os, getId()); os << "'";
+    }
+
+    if (!m_source.empty()) {
+        os << " source='"; xml_encode(os, m_source.c_str()); os << "'";
+    }
+
+    if (m_lastUpdate > 0) {
+        DateTime ts(m_lastUpdate);
+        ts.parseDateTime();
+        auto_ptr_char timestamp(ts.getFormattedString());
+        os << " lastUpdate='" << timestamp.get() << "'";
+    }
+
+    if (!m_local && m_reloadInterval > 0) {
+        os << " reloadInterval='" << m_reloadInterval << "'";
+    }
+
+    os << "/>";
+}