static const XMLCh errorFatal[] = UNICODE_LITERAL_10(e,r,r,o,r,F,a,t,a,l);
};
-ClientCertAuthRule::ClientCertAuthRule(const DOMElement* e) : m_errorFatal(false)
+ClientCertAuthRule::ClientCertAuthRule(const DOMElement* e) : m_errorFatal(XMLHelper::getAttrBool(e, false, errorFatal))
{
- if (e) {
- const XMLCh* flag = e->getAttributeNS(nullptr, errorFatal);
- m_errorFatal = (flag && (*flag==chLatin_t || *flag==chDigit_1));
- }
}
bool ClientCertAuthRule::evaluate(const XMLObject& message, const GenericRequest* request, SecurityPolicy& policy) const
#include <xmltooling/logging.h>
#include <xmltooling/XMLToolingConfig.h>
#include <xmltooling/util/ReplayCache.h>
+#include <xmltooling/util/XMLHelper.h>
#include <xercesc/util/XMLUniDefs.hpp>
using namespace opensaml;
static const XMLCh expires[] = UNICODE_LITERAL_7(e,x,p,i,r,e,s);
MessageFlowRule::MessageFlowRule(const DOMElement* e)
- : m_checkReplay(true), m_expires(XMLToolingConfig::getConfig().clock_skew_secs)
+ : m_checkReplay(XMLHelper::getAttrBool(e, true, checkReplay)),
+ m_expires(XMLHelper::getAttrInt(e, XMLToolingConfig::getConfig().clock_skew_secs, expires))
{
- if (e) {
- const XMLCh* attr = e->getAttributeNS(nullptr, checkReplay);
- if (attr && (*attr==chLatin_f || *attr==chDigit_0))
- m_checkReplay = false;
- attr = e->getAttributeNS(nullptr, expires);
- if (attr)
- m_expires = XMLString::parseInt(attr);
- }
}
bool MessageFlowRule::evaluate(const XMLObject& message, const GenericRequest* request, SecurityPolicy& policy) const
return true;
}
-SimpleSigningRule::SimpleSigningRule(const DOMElement* e) : m_errorFatal(false)
+SimpleSigningRule::SimpleSigningRule(const DOMElement* e) : m_errorFatal(XMLHelper::getAttrBool(e, false, errorFatal))
{
- if (e) {
- const XMLCh* flag = e->getAttributeNS(nullptr, errorFatal);
- m_errorFatal = (flag && (*flag==chLatin_t || *flag==chDigit_1));
- }
}
bool SimpleSigningRule::evaluate(const XMLObject& message, const GenericRequest* request, SecurityPolicy& policy) const
static const XMLCh errorFatal[] = UNICODE_LITERAL_10(e,r,r,o,r,F,a,t,a,l);
};
-XMLSigningRule::XMLSigningRule(const DOMElement* e) : m_errorFatal(false)
+XMLSigningRule::XMLSigningRule(const DOMElement* e) : m_errorFatal(XMLHelper::getAttrBool(e, false, errorFatal))
{
- if (e) {
- const XMLCh* flag = e->getAttributeNS(nullptr, errorFatal);
- m_errorFatal = (flag && (*flag==chLatin_t || *flag==chDigit_1));
- }
}
bool XMLSigningRule::evaluate(const XMLObject& message, const GenericRequest* request, SecurityPolicy& policy) const
e = XMLHelper::getFirstChildElement(e, Rule);
while (e) {
- auto_ptr_char temp(e->getAttributeNS(nullptr, type));
- if (temp.get() && *temp.get()) {
+ string t = XMLHelper::getAttrString(e, nullptr, type);
+ if (!t.empty()) {
try {
- log.info("building SecurityPolicyRule of type %s", temp.get());
- m_rules.push_back(SAMLConfig::getConfig().SecurityPolicyRuleManager.newPlugin(temp.get(),e));
+ log.info("building SecurityPolicyRule of type %s", t.c_str());
+ m_rules.push_back(SAMLConfig::getConfig().SecurityPolicyRuleManager.newPlugin(t.c_str(), e));
}
catch (exception& ex) {
log.crit("error building SecurityPolicyRule: %s", ex.what());
static const XMLCh _template[] = UNICODE_LITERAL_8(t,e,m,p,l,a,t,e);
SAML1POSTEncoder::SAML1POSTEncoder(const DOMElement* e, const XMLCh* ns)
+ : m_template(XMLHelper::getAttrString(e, nullptr, _template, ns))
{
- if (e) {
- auto_ptr_char t(e->getAttributeNS(ns, _template));
- if (t.get() && *t.get())
- m_template = t.get();
- }
if (m_template.empty())
throw XMLToolingException("SAML1POSTEncoder requires template XML attribute.");
XMLToolingConfig::getConfig().getPathResolver()->resolve(m_template, PathResolver::XMLTOOLING_CFG_FILE);
class SAML_DLLLOCAL BrowserSSORule : public opensaml::SecurityPolicyRule
{
public:
- BrowserSSORule(const DOMElement* e) {}
+ BrowserSSORule() {}
+ virtual ~BrowserSSORule() {}
- virtual ~BrowserSSORule() {
- }
const char* getType() const {
return SAML1BROWSERSSO_POLICY_RULE;
}
+
bool evaluate(const XMLObject& message, const GenericRequest* request, opensaml::SecurityPolicy& policy) const;
};
- opensaml::SecurityPolicyRule* SAML_DLLLOCAL BrowserSSORuleFactory(const DOMElement* const & e)
+ opensaml::SecurityPolicyRule* SAML_DLLLOCAL BrowserSSORuleFactory(const DOMElement* const &)
{
- return new BrowserSSORule(e);
+ return new BrowserSSORule();
}
class SAML_DLLLOCAL _checkMethod : public unary_function<const SubjectStatement*,void>,
) const;
private:
- bool m_post;
string m_template;
};
static const XMLCh postArtifact[] = UNICODE_LITERAL_12(p,o,s,t,A,r,t,i,f,a,c,t);
};
-SAML2ArtifactEncoder::SAML2ArtifactEncoder(const DOMElement* e, const XMLCh* ns) : m_post(false)
+SAML2ArtifactEncoder::SAML2ArtifactEncoder(const DOMElement* e, const XMLCh* ns)
{
- if (e) {
- const XMLCh* flag = e->getAttributeNS(ns, postArtifact);
- m_post = (flag && (*flag==chLatin_t || *flag==chDigit_1));
- if (m_post) {
- auto_ptr_char t(e->getAttributeNS(ns, _template));
- if (t.get() && *t.get()) {
- m_template = t.get();
- XMLToolingConfig::getConfig().getPathResolver()->resolve(m_template, PathResolver::XMLTOOLING_CFG_FILE);
- }
- }
+ if (XMLHelper::getAttrBool(e, false, postArtifact, ns)) {
+ m_template = XMLHelper::getAttrString(e, nullptr, _template, ns);
+ if (!m_template.empty())
+ XMLToolingConfig::getConfig().getPathResolver()->resolve(m_template, PathResolver::XMLTOOLING_CFG_FILE);
}
}
static const XMLCh _template[] = UNICODE_LITERAL_8(t,e,m,p,l,a,t,e);
-SAML2POSTEncoder::SAML2POSTEncoder(const DOMElement* e, const XMLCh* ns, bool simple) : m_simple(simple)
+SAML2POSTEncoder::SAML2POSTEncoder(const DOMElement* e, const XMLCh* ns, bool simple)
+ : m_template(XMLHelper::getAttrString(e, nullptr, _template, ns)), m_simple(simple)
{
- if (e) {
- auto_ptr_char t(e->getAttributeNS(ns, _template));
- if (t.get() && *t.get())
- m_template = t.get();
- }
if (m_template.empty())
throw XMLToolingException("SAML2POSTEncoder requires template XML attribute.");
XMLToolingConfig::getConfig().getPathResolver()->resolve(m_template, PathResolver::XMLTOOLING_CFG_FILE);
AbstractMetadataProvider::AbstractMetadataProvider(const DOMElement* e)
: ObservableMetadataProvider(e), m_resolver(nullptr), m_credentialLock(nullptr)
{
- e = e ? XMLHelper::getFirstChildElement(e, _KeyInfoResolver) : nullptr;
+ e = XMLHelper::getFirstChildElement(e, _KeyInfoResolver);
if (e) {
- auto_ptr_char t(e->getAttributeNS(nullptr,type));
- if (t.get())
- m_resolver = XMLToolingConfig::getConfig().KeyInfoResolverManager.newPlugin(t.get(),e);
+ string t = XMLHelper::getAttrString(e, nullptr, type);
+ if (!t.empty())
+ m_resolver = XMLToolingConfig::getConfig().KeyInfoResolverManager.newPlugin(t.c_str(), e);
else
throw UnknownExtensionException("<KeyInfoResolver> element found with no type attribute");
}
if (XMLString::equals(e ? e->getAttributeNS(nullptr, precedence) : nullptr, last))
m_firstMatch = false;
- e = e ? XMLHelper::getFirstChildElement(e, _MetadataProvider) : nullptr;
+ e = XMLHelper::getFirstChildElement(e, _MetadataProvider);
while (e) {
- auto_ptr_char temp(e->getAttributeNS(nullptr, _type));
- if (temp.get() && *temp.get()) {
+ string t = XMLHelper::getAttrString(e, nullptr, _type);
+ if (!t.empty()) {
try {
- m_log.info("building MetadataProvider of type %s", temp.get());
- auto_ptr<MetadataProvider> provider(SAMLConfig::getConfig().MetadataProviderManager.newPlugin(temp.get(), e));
+ m_log.info("building MetadataProvider of type %s", t.c_str());
+ auto_ptr<MetadataProvider> provider(SAMLConfig::getConfig().MetadataProviderManager.newPlugin(t.c_str(), e));
ObservableMetadataProvider* obs = dynamic_cast<ObservableMetadataProvider*>(provider.get());
if (obs)
obs->addObserver(this);
};
DynamicMetadataProvider::DynamicMetadataProvider(const DOMElement* e)
- : AbstractMetadataProvider(e), m_maxCacheDuration(28800), m_lock(RWLock::create()), m_refreshDelayFactor(0.75), m_minCacheDuration(600)
+ : AbstractMetadataProvider(e),
+ m_maxCacheDuration(XMLHelper::getAttrInt(e, 28800, maxCacheDuration)),
+ m_lock(RWLock::create()),
+ m_refreshDelayFactor(0.75),
+ m_minCacheDuration(XMLHelper::getAttrInt(e, 600, minCacheDuration)),
+ m_validate(XMLHelper::getAttrBool(e, false, validate))
{
- const XMLCh* flag=e ? e->getAttributeNS(nullptr, validate) : nullptr;
- m_validate=(XMLString::equals(flag,xmlconstants::XML_TRUE) || XMLString::equals(flag,xmlconstants::XML_ONE));
-
- flag = e ? e->getAttributeNS(nullptr, minCacheDuration) : nullptr;
- if (flag && *flag) {
- m_minCacheDuration = XMLString::parseInt(flag);
- if (m_minCacheDuration == 0) {
- Category::getInstance(SAML_LOGCAT".MetadataProvider.Dynamic").error(
- "invalid minCacheDuration setting, using default"
- );
- m_minCacheDuration = 600;
- }
- }
-
- flag = e ? e->getAttributeNS(nullptr, maxCacheDuration) : nullptr;
- if (flag && *flag) {
- m_maxCacheDuration = XMLString::parseInt(flag);
- if (m_maxCacheDuration == 0) {
- Category::getInstance(SAML_LOGCAT".MetadataProvider.Dynamic").error(
- "invalid maxCacheDuration setting, using default"
- );
- m_maxCacheDuration = 28800;
- }
- }
-
if (m_minCacheDuration > m_maxCacheDuration) {
Category::getInstance(SAML_LOGCAT".MetadataProvider.Dynamic").error(
"minCacheDuration setting exceeds maxCacheDuration setting, lowering to match it"
m_minCacheDuration = m_maxCacheDuration;
}
- flag = e ? e->getAttributeNS(nullptr, refreshDelayFactor) : NULL;
- if (flag && *flag) {
- auto_ptr_char delay(flag);
- m_refreshDelayFactor = atof(delay.get());
+ const XMLCh* delay = e ? e->getAttributeNS(nullptr, refreshDelayFactor) : nullptr;
+ if (delay && *delay) {
+ auto_ptr_char temp(delay);
+ m_refreshDelayFactor = atof(temp.get());
if (m_refreshDelayFactor <= 0.0 || m_refreshDelayFactor >= 1.0) {
Category::getInstance(SAML_LOGCAT".MetadataProvider.Dynamic").error(
"invalid refreshDelayFactor setting, using default"
static const XMLCh removeEmptyEntitiesDescriptors[] = UNICODE_LITERAL_30(r,e,m,o,v,e,E,m,p,t,y,E,n,t,i,t,i,e,s,D,e,s,c,r,i,p,t,o,r,s);
EntityRoleMetadataFilter::EntityRoleMetadataFilter(const DOMElement* e)
- : m_removeRolelessEntityDescriptors(true), m_removeEmptyEntitiesDescriptors(true),
+ : m_removeRolelessEntityDescriptors(XMLHelper::getAttrBool(e, true, removeRolelessEntityDescriptors)),
+ m_removeEmptyEntitiesDescriptors(XMLHelper::getAttrBool(e, true, removeEmptyEntitiesDescriptors)),
m_idp(false), m_sp(false), m_authn(false), m_attr(false), m_pdp(false), m_authnq(false), m_attrq(false), m_authzq(false)
{
- const XMLCh* flag = e ? e->getAttributeNS(nullptr, removeRolelessEntityDescriptors) : nullptr;
- if (flag && (*flag == chLatin_f || *flag == chDigit_0))
- m_removeRolelessEntityDescriptors = false;
- flag = e ? e->getAttributeNS(nullptr, removeEmptyEntitiesDescriptors) : nullptr;
- if (flag && (*flag == chLatin_f || *flag == chDigit_0))
- m_removeEmptyEntitiesDescriptors = false;
-
e = XMLHelper::getFirstChildElement(e, RetainedRole);
while (e) {
auto_ptr<xmltooling::QName> q(XMLHelper::getNodeValueAsQName(e));
NDC ndc("MetadataProvider");
#endif
Category& log = Category::getInstance(SAML_LOGCAT".Metadata");
- SAMLConfig& conf=SAMLConfig::getConfig();
+ SAMLConfig& conf = SAMLConfig::getConfig();
// Locate any default recognized filters and plugins.
try {
- DOMElement* child = e ? XMLHelper::getFirstChildElement(e) : nullptr;
+ DOMElement* child = XMLHelper::getFirstChildElement(e);
while (child) {
- if (XMLString::equals(child->getLocalName(),_MetadataFilter)) {
- auto_ptr_char t(child->getAttributeNS(nullptr,type));
- if (t.get() && *t.get()) {
- log.info("building MetadataFilter of type %s", t.get());
- m_filters.push_back(conf.MetadataFilterManager.newPlugin(t.get(),child));
+ if (XMLString::equals(child->getLocalName(), _MetadataFilter)) {
+ string t = XMLHelper::getAttrString(child, nullptr, type);
+ if (!t.empty()) {
+ log.info("building MetadataFilter of type %s", t.c_str());
+ m_filters.push_back(conf.MetadataFilterManager.newPlugin(t.c_str(), child));
}
}
- else if (XMLString::equals(child->getLocalName(),SigFilter)) {
+ else if (XMLString::equals(child->getLocalName(), SigFilter)) {
log.info("building MetadataFilter of type %s", SIGNATURE_METADATA_FILTER);
- m_filters.push_back(conf.MetadataFilterManager.newPlugin(SIGNATURE_METADATA_FILTER,child));
+ m_filters.push_back(conf.MetadataFilterManager.newPlugin(SIGNATURE_METADATA_FILTER, child));
}
- else if (XMLString::equals(child->getLocalName(),Whitelist)) {
+ else if (XMLString::equals(child->getLocalName(), Whitelist)) {
log.info("building MetadataFilter of type %s", WHITELIST_METADATA_FILTER);
- m_filters.push_back(conf.MetadataFilterManager.newPlugin(WHITELIST_METADATA_FILTER,child));
+ m_filters.push_back(conf.MetadataFilterManager.newPlugin(WHITELIST_METADATA_FILTER, child));
}
- else if (XMLString::equals(child->getLocalName(),Blacklist)) {
+ else if (XMLString::equals(child->getLocalName(), Blacklist)) {
log.info("building MetadataFilter of type %s", BLACKLIST_METADATA_FILTER);
- m_filters.push_back(conf.MetadataFilterManager.newPlugin(BLACKLIST_METADATA_FILTER,child));
+ m_filters.push_back(conf.MetadataFilterManager.newPlugin(BLACKLIST_METADATA_FILTER, child));
}
- else if (XMLString::equals(child->getLocalName(),Include)) {
+ else if (XMLString::equals(child->getLocalName(), Include)) {
log.info("building MetadataFilter of type %s", WHITELIST_METADATA_FILTER);
- m_filters.push_back(conf.MetadataFilterManager.newPlugin(WHITELIST_METADATA_FILTER,e));
+ m_filters.push_back(conf.MetadataFilterManager.newPlugin(WHITELIST_METADATA_FILTER, e));
}
- else if (XMLString::equals(child->getLocalName(),Exclude)) {
+ else if (XMLString::equals(child->getLocalName(), Exclude)) {
log.info("building MetadataFilter of type %s", BLACKLIST_METADATA_FILTER);
- m_filters.push_back(conf.MetadataFilterManager.newPlugin(BLACKLIST_METADATA_FILTER,e));
+ m_filters.push_back(conf.MetadataFilterManager.newPlugin(BLACKLIST_METADATA_FILTER, e));
}
child = XMLHelper::getNextSiblingElement(child);
}
MetadataProvider::~MetadataProvider()
{
- for_each(m_filters.begin(),m_filters.end(),xmltooling::cleanup<MetadataFilter>());
+ for_each(m_filters.begin(), m_filters.end(), xmltooling::cleanup<MetadataFilter>());
}
void MetadataProvider::addMetadataFilter(MetadataFilter* newFilter)
static const XMLCh maxValidityInterval[] = UNICODE_LITERAL_19(m,a,x,V,a,l,i,d,i,t,y,I,n,t,e,r,v,a,l);
-RequireValidUntilMetadataFilter::RequireValidUntilMetadataFilter(const DOMElement* e) : m_maxValidityInterval(60 * 60 * 24 * 7)
+RequireValidUntilMetadataFilter::RequireValidUntilMetadataFilter(const DOMElement* e)
+ : m_maxValidityInterval(XMLHelper::getAttrInt(e, 60 * 60 * 24 * 7, maxValidityInterval))
{
- const XMLCh* mvi = e ? e->getAttributeNS(nullptr,maxValidityInterval) : nullptr;
- if (mvi && *mvi) {
- m_maxValidityInterval = XMLString::parseInt(mvi);
- if (m_maxValidityInterval == 0)
- m_maxValidityInterval = 60 * 60 * 24 * 7;
- }
}
void RequireValidUntilMetadataFilter::doFilter(XMLObject& xmlObject) const
static const XMLCh verifyName[] = UNICODE_LITERAL_10(v,e,r,i,f,y,N,a,m,e);
SignatureMetadataFilter::SignatureMetadataFilter(const DOMElement* e)
- : m_verifyRoles(false), m_verifyName(true), m_credResolver(nullptr), m_trust(nullptr), m_log(Category::getInstance(SAML_LOGCAT".MetadataFilter.Signature"))
+ : m_verifyRoles(XMLHelper::getAttrBool(e, false, verifyRoles)),
+ m_verifyName(XMLHelper::getAttrBool(e, true, verifyName)),
+ m_credResolver(nullptr), m_trust(nullptr),
+ m_log(Category::getInstance(SAML_LOGCAT".MetadataFilter.Signature"))
{
- const XMLCh* flag = e ? e->getAttributeNS(nullptr,verifyRoles) : nullptr;
- m_verifyRoles = (flag && (*flag == chLatin_t || *flag == chDigit_1));
-
- flag = e ? e->getAttributeNS(nullptr,verifyName) : nullptr;
- m_verifyName = !(flag && (*flag == chLatin_f || *flag == chDigit_0));
-
if (e && e->hasAttributeNS(nullptr,certificate)) {
// Use a file-based credential resolver rooted here.
- m_credResolver = XMLToolingConfig::getConfig().CredentialResolverManager.newPlugin(FILESYSTEM_CREDENTIAL_RESOLVER,e);
+ m_credResolver = XMLToolingConfig::getConfig().CredentialResolverManager.newPlugin(FILESYSTEM_CREDENTIAL_RESOLVER, e);
return;
}
- DOMElement* sub = e ? XMLHelper::getFirstChildElement(e, _CredentialResolver) : nullptr;
- auto_ptr_char t(sub ? sub->getAttributeNS(nullptr,type) : nullptr);
- if (t.get()) {
- m_credResolver = XMLToolingConfig::getConfig().CredentialResolverManager.newPlugin(t.get(),sub);
- return;
+ DOMElement* sub = XMLHelper::getFirstChildElement(e, _CredentialResolver);
+ if (sub) {
+ string t = XMLHelper::getAttrString(sub, nullptr, type);
+ if (!t.empty()) {
+ m_credResolver = XMLToolingConfig::getConfig().CredentialResolverManager.newPlugin(t.c_str(), sub);
+ return;
+ }
}
- sub = e ? XMLHelper::getFirstChildElement(e, _TrustEngine) : nullptr;
- auto_ptr_char t2(sub ? sub->getAttributeNS(nullptr,type) : nullptr);
- if (t2.get()) {
- TrustEngine* trust = XMLToolingConfig::getConfig().TrustEngineManager.newPlugin(t2.get(),sub);
- if (!(m_trust = dynamic_cast<SignatureTrustEngine*>(trust))) {
- delete trust;
- throw MetadataFilterException("TrustEngine-based SignatureMetadataFilter requires a SignatureTrustEngine plugin.");
+ sub = XMLHelper::getFirstChildElement(e, _TrustEngine);
+ if (sub) {
+ string t = XMLHelper::getAttrString(sub, nullptr, type);
+ if (!t.empty()) {
+ TrustEngine* trust = XMLToolingConfig::getConfig().TrustEngineManager.newPlugin(t.c_str(), sub);
+ if (!(m_trust = dynamic_cast<SignatureTrustEngine*>(trust))) {
+ delete trust;
+ throw MetadataFilterException("TrustEngine-based SignatureMetadataFilter requires a SignatureTrustEngine plugin.");
+ }
+ return;
}
- return;
}
throw MetadataFilterException("SignatureMetadataFilter configuration requires <CredentialResolver> or <TrustEngine> element.");
namespace opensaml {
namespace saml2md {
- static const XMLCh minRefreshDelay[] = UNICODE_LITERAL_15(m,i,n,R,e,f,r,e,s,h,D,e,l,a,y);
- static const XMLCh refreshDelayFactor[] = UNICODE_LITERAL_18(r,e,f,r,e,s,h,D,e,l,a,y,F,a,c,t,o,r);
-
class SAML_DLLLOCAL XMLMetadataProvider : public AbstractMetadataProvider, public ReloadableXMLFile
{
public:
return new XMLMetadataProvider(e);
}
+ static const XMLCh minRefreshDelay[] = UNICODE_LITERAL_15(m,i,n,R,e,f,r,e,s,h,D,e,l,a,y);
+ static const XMLCh refreshDelayFactor[] = UNICODE_LITERAL_18(r,e,f,r,e,s,h,D,e,l,a,y,F,a,c,t,o,r);
};
};
XMLMetadataProvider::XMLMetadataProvider(const DOMElement* e)
: AbstractMetadataProvider(e), ReloadableXMLFile(e, Category::getInstance(SAML_LOGCAT".MetadataProvider.XML"), false),
- m_object(nullptr), m_refreshDelayFactor(0.75), m_backoffFactor(1), m_minRefreshDelay(600),
+ m_object(nullptr), m_refreshDelayFactor(0.75), m_backoffFactor(1),
+ m_minRefreshDelay(XMLHelper::getAttrInt(e, 600, minRefreshDelay)),
m_maxRefreshDelay(m_reloadInterval), m_lastValidUntil(SAMLTIME_MAX)
{
if (!m_local && m_maxRefreshDelay) {
- const XMLCh* setting = e ? e->getAttributeNS(nullptr, refreshDelayFactor) : NULL;
+ const XMLCh* setting = e->getAttributeNS(nullptr, refreshDelayFactor);
if (setting && *setting) {
auto_ptr_char delay(setting);
m_refreshDelayFactor = atof(delay.get());
m_refreshDelayFactor = 0.75;
}
}
- setting = e ? e->getAttributeNS(nullptr, minRefreshDelay) : NULL;
- if (setting && *setting) {
- m_minRefreshDelay = XMLString::parseInt(setting);
- if (m_minRefreshDelay == 0) {
- m_log.error("invalid minRefreshDelay setting, using default");
- m_minRefreshDelay = 600;
- }
- else if (m_minRefreshDelay > m_maxRefreshDelay) {
- m_log.error("minRefreshDelay setting exceeds maxRefreshDelay/refreshInterval setting, lowering to match it");
- m_minRefreshDelay = m_maxRefreshDelay;
- }
+
+ if (m_minRefreshDelay > m_maxRefreshDelay) {
+ m_log.error("minRefreshDelay setting exceeds maxRefreshDelay/refreshInterval setting, lowering to match it");
+ m_minRefreshDelay = m_maxRefreshDelay;
}
}
}
};
};
-BearerConfirmationRule::BearerConfirmationRule(const DOMElement* e) : m_validity(true), m_recipient(true), m_correlation(true), m_fatal(true)
+BearerConfirmationRule::BearerConfirmationRule(const DOMElement* e)
+ : m_validity(XMLHelper::getAttrBool(e, true, checkValidity)),
+ m_recipient(XMLHelper::getAttrBool(e, true, checkRecipient)),
+ m_correlation(XMLHelper::getAttrBool(e, true, checkCorrelation)),
+ m_fatal(XMLHelper::getAttrBool(e, true, missingFatal))
{
- const XMLCh* flag = e ? e->getAttributeNS(nullptr, checkValidity) : nullptr;
- m_validity = (!flag || (*flag != chLatin_f && *flag != chDigit_0));
- flag = e ? e->getAttributeNS(nullptr, checkRecipient) : nullptr;
- m_recipient = (!flag || (*flag != chLatin_f && *flag != chDigit_0));
- flag = e ? e->getAttributeNS(nullptr, checkCorrelation) : nullptr;
- m_correlation = (!flag || (*flag != chLatin_f && *flag != chDigit_0));
- flag = e ? e->getAttributeNS(nullptr, missingFatal) : nullptr;
- m_fatal = (!flag || (*flag != chLatin_f && *flag != chDigit_0));
}
bool BearerConfirmationRule::evaluate(const XMLObject& message, const GenericRequest* request, opensaml::SecurityPolicy& policy) const
}
};
-DelegationRestrictionRule::DelegationRestrictionRule(const DOMElement* e) : m_match(MATCH_ANY), m_maxTime(0)
+DelegationRestrictionRule::DelegationRestrictionRule(const DOMElement* e)
+ : m_match(MATCH_ANY), m_maxTime(XMLHelper::getAttrInt(e, 0, maxTimeSinceDelegation))
{
if (e) {
- const XMLCh* m = e->getAttributeNS(nullptr, match);
+ const XMLCh* m = e ? e->getAttributeNS(nullptr, match) : nullptr;
if (XMLString::equals(m, newest))
m_match = MATCH_NEWEST;
else if (XMLString::equals(m, oldest))
m_match = MATCH_OLDEST;
else if (m && *m && !XMLString::equals(m, any))
throw SecurityPolicyException("Invalid value for \"match\" attribute in Delegation rule.");
- m = e->getAttributeNS(nullptr, maxTimeSinceDelegation);
- if (m && *m)
- m_maxTime = XMLString::parseInt(m);
try {
DOMElement* d = XMLHelper::getFirstChildElement(e, samlconstants::SAML20_DELEGATION_CONDITION_NS, Delegate::LOCAL_NAME);