AC_CXX_NAMESPACES
AC_CXX_REQUIRE_STL
+# Boost
+BOOST_REQUIRE
+BOOST_BIND
+BOOST_LAMBDA
+BOOST_PTR_CONTAINER
+BOOST_STRING_ALGO
+CPPFLAGS="$BOOST_CPPFLAGS $CPPFLAGS"
+
# log4shib settings (favor this version over the log4cpp code)
AC_PATH_PROG(LOG4SHIB_CONFIG,log4shib-config)
AC_ARG_WITH(log4shib,
m4\acinclude.m4 = m4\acinclude.m4\r
m4\acx_pthread.m4 = m4\acx_pthread.m4\r
m4\ax_create_pkgconfig_info.m4 = m4\ax_create_pkgconfig_info.m4\r
+ m4\boost.m4 = m4\boost.m4\r
config_win32.h = config_win32.h\r
configure.ac = configure.ac\r
doxygen.am = doxygen.am\r
#include <xmltooling/util/PathResolver.h>
#include <xmltooling/util/Threads.h>
+#include <boost/lambda/bind.hpp>
+#include <boost/lambda/casts.hpp>
+#include <boost/lambda/lambda.hpp>
+
#include <xsec/enc/XSECCryptoException.hpp>
#include <xsec/enc/XSECCryptoProvider.hpp>
#include <xsec/utils/XSECPlatformUtils.hpp>
using namespace xmlsignature;
using namespace xmltooling::logging;
using namespace xmltooling;
+using namespace boost::lambda;
+using namespace boost;
using namespace std;
// Expose entry points when used as an extension library
SAMLConfig::~SAMLConfig()
{
+ delete m_artifactMap;
}
ArtifactMap* SAMLConfig::getArtifactMap() const
void opensaml::annotateException(XMLToolingException* e, const EntityDescriptor* entity, const Status* status, bool rethrow)
{
+ time_t now = time(nullptr);
const RoleDescriptor* role = nullptr;
+ static bool (TimeBoundSAMLObject::* isValid)(time_t) const = &TimeBoundSAMLObject::isValid;
+
if (entity) {
- const list<XMLObject*>& roles=entity->getOrderedChildren();
- for (list<XMLObject*>::const_iterator child=roles.begin(); !role && child!=roles.end(); ++child) {
- role=dynamic_cast<RoleDescriptor*>(*child);
- if (role && !role->isValid())
- role = nullptr;
- }
+ const XMLObject* r = find_if(
+ entity->getOrderedChildren(),
+ (ll_dynamic_cast<const RoleDescriptor*>(_1) != nullptr && lambda::bind(isValid, ll_dynamic_cast<const TimeBoundSAMLObject*>(_1), now))
+ );
+ if (r)
+ role = dynamic_cast<const RoleDescriptor*>(r);
}
+
annotateException(e, role, status, rethrow);
}
private:
xmltooling::StorageService* m_storage;
std::string m_context;
- ArtifactMappings* m_mappings;
+ std::auto_ptr<ArtifactMappings> m_mappings;
unsigned int m_artifactTTL;
};
// information extracted from message
xmltooling::xstring m_messageID;
time_t m_issueInstant;
- saml2::Issuer* m_issuer;
+ std::auto_ptr<saml2::Issuer> m_issuer;
const saml2md::RoleDescriptor* m_issuerRole;
bool m_authenticated;
// components governing policy rules
- IssuerMatchingPolicy* m_matchingPolicy;
+ std::auto_ptr<IssuerMatchingPolicy> m_matchingPolicy;
std::vector<const SecurityPolicyRule*> m_rules;
const saml2md::MetadataProvider* m_metadata;
- xmltooling::QName* m_role;
+ std::auto_ptr<xmltooling::QName> m_role;
const xmltooling::TrustEngine* m_trust;
bool m_validate;
bool m_entityOnly;
#include "binding/SAMLArtifact.h"
#include <ctime>
+#include <boost/lambda/bind.hpp>
+#include <boost/lambda/lambda.hpp>
#include <xercesc/util/XMLUniDefs.hpp>
#include <xmltooling/logging.h>
#include <xmltooling/XMLObjectBuilder.h>
using namespace opensaml;
using namespace xmltooling::logging;
using namespace xmltooling;
+using namespace boost::lambda;
+using namespace boost;
using namespace std;
namespace opensaml {
{
public:
ArtifactMappings() : m_lock(Mutex::create()) {}
- ~ArtifactMappings() {
- delete m_lock;
- for (map<string,Mapping>::iterator i=m_artMap.begin(); i!=m_artMap.end(); ++i)
- delete i->second.m_xml;
- }
+ ~ArtifactMappings() {}
+
void storeContent(XMLObject* content, const SAMLArtifact* artifact, const char* relyingParty, int TTL);
XMLObject* retrieveContent(const SAMLArtifact* artifact, const char* relyingParty);
string getRelyingParty(const SAMLArtifact* artifact);
private:
struct SAML_DLLLOCAL Mapping {
- Mapping() : m_xml(nullptr), m_expires(0) {}
- XMLObject* m_xml;
+ Mapping() : m_expires(0) {}
+ auto_ptr<XMLObject> m_xml;
string m_relying;
time_t m_expires;
};
void removeMapping(const map<string,Mapping>::iterator& i);
- Mutex* m_lock;
+ auto_ptr<Mutex> m_lock;
map<string,Mapping> m_artMap;
multimap<time_t,string> m_expMap;
};
void ArtifactMappings::removeMapping(const map<string,Mapping>::iterator& i)
{
- // Update secondary map.
+ // All elements in the secondary map whose key matches the expiration of the removed mapping.
pair<multimap<time_t,string>::iterator,multimap<time_t,string>::iterator> range =
m_expMap.equal_range(i->second.m_expires);
- for (; range.first != range.second; ++range.first) {
- if (range.first->second == i->first) {
- m_expMap.erase(range.first);
- break;
- }
+
+ // Find an element in the matching range whose value matches the input key.
+ multimap<time_t,string>::iterator el = find_if(
+ range.first, range.second,
+ (lambda::bind(&multimap<time_t,string>::value_type::second, _1) == boost::ref(i->first))
+ );
+ if (el != range.second) {
+ m_expMap.erase(el);
}
- delete i->second.m_xml;
+
m_artMap.erase(i);
}
void ArtifactMappings::storeContent(XMLObject* content, const SAMLArtifact* artifact, const char* relyingParty, int TTL)
{
- Lock wrapper(m_lock);
+ Lock wrapper(m_lock.get());
// Garbage collect any expired artifacts.
- time_t now=time(nullptr);
- multimap<time_t,string>::iterator stop=m_expMap.upper_bound(now);
- for (multimap<time_t,string>::iterator i=m_expMap.begin(); i!=stop; m_expMap.erase(i++)) {
- delete m_artMap[i->second].m_xml;
+ time_t now = time(nullptr);
+ multimap<time_t,string>::iterator stop = m_expMap.upper_bound(now);
+ for (multimap<time_t,string>::iterator i = m_expMap.begin(); i != stop; m_expMap.erase(i++)) {
m_artMap.erase(i->second);
}
// Key is the hexed handle.
string hexed = SAMLArtifact::toHex(artifact->getMessageHandle());
Mapping& m = m_artMap[hexed];
- m.m_xml = content;
+ m.m_xml.reset(content);
if (relyingParty)
m.m_relying = relyingParty;
m.m_expires = now + TTL;
XMLObject* ArtifactMappings::retrieveContent(const SAMLArtifact* artifact, const char* relyingParty)
{
Category& log=Category::getInstance(SAML_LOGCAT".ArtifactMap");
- Lock wrapper(m_lock);
+ Lock wrapper(m_lock.get());
- map<string,Mapping>::iterator i=m_artMap.find(SAMLArtifact::toHex(artifact->getMessageHandle()));
- if (i==m_artMap.end())
+ map<string,Mapping>::iterator i = m_artMap.find(SAMLArtifact::toHex(artifact->getMessageHandle()));
+ if (i == m_artMap.end())
throw BindingException("Requested artifact not in map or may have expired.");
if (!(i->second.m_relying.empty())) {
}
log.debug("resolved artifact for (%s)", relyingParty ? relyingParty : "unknown");
- XMLObject* ret = i->second.m_xml;
- i->second.m_xml = nullptr; // clear member so it doesn't get deleted
+ XMLObject* ret = i->second.m_xml.release();
removeMapping(i);
return ret;
}
string ArtifactMappings::getRelyingParty(const SAMLArtifact* artifact)
{
- map<string,Mapping>::iterator i=m_artMap.find(SAMLArtifact::toHex(artifact->getMessageHandle()));
- if (i==m_artMap.end())
+ map<string,Mapping>::iterator i = m_artMap.find(SAMLArtifact::toHex(artifact->getMessageHandle()));
+ if (i == m_artMap.end())
throw BindingException("Requested artifact not in map or may have expired.");
return i->second.m_relying;
}
ArtifactMap::ArtifactMap(xmltooling::StorageService* storage, const char* context, unsigned int artifactTTL)
- : m_storage(storage), m_context((context && *context) ? context : "opensaml::ArtifactMap"), m_mappings(nullptr), m_artifactTTL(artifactTTL)
+ : m_storage(storage), m_context((context && *context) ? context : "opensaml::ArtifactMap"), m_artifactTTL(artifactTTL)
{
if (!m_storage)
- m_mappings = new ArtifactMappings();
+ m_mappings.reset(new ArtifactMappings());
}
ArtifactMap::ArtifactMap(const DOMElement* e, xmltooling::StorageService* storage)
- : m_storage(storage), m_mappings(nullptr), m_artifactTTL(180)
+ : m_storage(storage), m_artifactTTL(180)
{
if (e) {
auto_ptr_char c(e->getAttributeNS(nullptr, context));
}
if (!m_storage)
- m_mappings = new ArtifactMappings();
+ m_mappings.reset(new ArtifactMappings());
}
ArtifactMap::~ArtifactMap()
{
- delete m_mappings;
}
void ArtifactMap::storeContent(XMLObject* content, const SAMLArtifact* artifact, const char* relyingParty)
#include "binding/SecurityPolicyRule.h"
#include "saml2/core/Assertions.h"
+#include <boost/bind.hpp>
#include <xercesc/util/XMLUniDefs.hpp>
using namespace opensaml::saml2md;
using namespace opensaml::saml2;
using namespace opensaml;
using namespace xmltooling;
+using namespace boost;
using namespace std;
namespace opensaml {
bool validate
) : m_metadataCriteria(nullptr),
m_issueInstant(0),
- m_issuer(nullptr),
m_issuerRole(nullptr),
m_authenticated(false),
- m_matchingPolicy(nullptr),
m_metadata(metadataProvider),
- m_role(nullptr),
+ m_role(role ? new xmltooling::QName(*role) : nullptr),
m_trust(trustEngine),
m_validate(validate),
m_entityOnly(true),
m_ts(0)
{
- if (role)
- m_role = new xmltooling::QName(*role);
}
SecurityPolicy::~SecurityPolicy()
{
- delete m_role;
delete m_metadataCriteria;
- delete m_issuer;
}
const MetadataProvider* SecurityPolicy::getMetadataProvider() const
const xmltooling::QName* SecurityPolicy::getRole() const
{
- return m_role;
+ return m_role.get();
}
const TrustEngine* SecurityPolicy::getTrustEngine() const
void SecurityPolicy::setRole(const xmltooling::QName* role)
{
- delete m_role;
- m_role = role ? new xmltooling::QName(*role) : nullptr;
+ m_role.reset(role ? new xmltooling::QName(*role) : nullptr);
}
void SecurityPolicy::setTrustEngine(const TrustEngine* trust)
void SecurityPolicy::evaluate(const XMLObject& message, const GenericRequest* request)
{
- for (vector<const SecurityPolicyRule*>::const_iterator i=m_rules.begin(); i!=m_rules.end(); ++i)
- (*i)->evaluate(message,request,*this);
+ for_each(
+ m_rules.begin(), m_rules.end(),
+ boost::bind(&SecurityPolicyRule::evaluate, _1, boost::ref(message), request, boost::ref(*this))
+ );
}
void SecurityPolicy::reset(bool messageOnly)
m_messageID.erase();
m_issueInstant=0;
if (!messageOnly) {
- delete m_issuer;
- m_issuer=nullptr;
+ m_issuer.reset();
m_issuerRole=nullptr;
m_authenticated=false;
}
const Issuer* SecurityPolicy::getIssuer() const
{
- return m_issuer;
+ return m_issuer.get();
}
const RoleDescriptor* SecurityPolicy::getIssuerMetadata() const
void SecurityPolicy::setIssuer(const Issuer* issuer)
{
- if (!getIssuerMatchingPolicy().issuerMatches(m_issuer, issuer))
+ if (!getIssuerMatchingPolicy().issuerMatches(m_issuer.get(), issuer))
throw SecurityPolicyException("An Issuer was supplied that conflicts with previous results.");
- if (!m_issuer) {
+ if (!m_issuer.get()) {
if (m_entityOnly && issuer->getFormat() && !XMLString::equals(issuer->getFormat(), NameIDType::ENTITY))
throw SecurityPolicyException("A non-entity Issuer was supplied, violating policy.");
m_issuerRole = nullptr;
- m_issuer=issuer->cloneIssuer();
+ m_issuer.reset(issuer->cloneIssuer());
}
}
void SecurityPolicy::setIssuer(const XMLCh* issuer)
{
- if (!getIssuerMatchingPolicy().issuerMatches(m_issuer, issuer))
+ if (!getIssuerMatchingPolicy().issuerMatches(m_issuer.get(), issuer))
throw SecurityPolicyException("An Issuer was supplied that conflicts with previous results.");
- if (!m_issuer && issuer && *issuer) {
+ if (!m_issuer.get() && issuer && *issuer) {
m_issuerRole = nullptr;
- m_issuer = IssuerBuilder::buildIssuer();
+ m_issuer.reset(IssuerBuilder::buildIssuer());
m_issuer->setName(issuer);
}
}
{
if (issuerRole && m_issuerRole && issuerRole!=m_issuerRole)
throw SecurityPolicyException("A rule supplied a RoleDescriptor that conflicts with previous results.");
- m_issuerRole=issuerRole;
+ m_issuerRole = issuerRole;
}
void SecurityPolicy::setAuthenticated(bool auth)
const SecurityPolicy::IssuerMatchingPolicy& SecurityPolicy::getIssuerMatchingPolicy() const
{
- return m_matchingPolicy ? *m_matchingPolicy : m_defaultMatching;
+ return m_matchingPolicy.get() ? *m_matchingPolicy.get() : m_defaultMatching;
}
void SecurityPolicy::setIssuerMatchingPolicy(IssuerMatchingPolicy* matchingPolicy)
{
- delete m_matchingPolicy;
- m_matchingPolicy = matchingPolicy;
+ m_matchingPolicy.reset(matchingPolicy);
}
#include "encryption/EncryptedKeyResolver.h"
#include "saml2/core/Assertions.h"
+#include <boost/lambda/bind.hpp>
+#include <boost/lambda/lambda.hpp>
+
using namespace xmlencryption;
using opensaml::saml2::EncryptedElementType;
+using namespace boost::lambda;
+using namespace boost;
using namespace std;
opensaml::EncryptedKeyResolver::EncryptedKeyResolver(const EncryptedElementType& ref) : m_ref(ref)
if (base)
return base;
- const vector<EncryptedKey*>& keys=m_ref.getEncryptedKeys();
- for (vector<EncryptedKey*>::const_iterator i=keys.begin(); i!=keys.end(); i++) {
- if ((*i)->getRecipient() == nullptr)
- return (*i);
- else if (XMLString::equals(recipient,(*i)->getRecipient()))
- return (*i);
- }
+ static bool (*equal_fn)(const XMLCh*, const XMLCh*) = &XMLString::equals;
- return nullptr;
+ // Look for first match that has no Recipient attribute, or matches the input recipient.
+ // Using XMLString::equals allows for both to be NULL and still match.
+ vector<EncryptedKey*>::const_iterator k = find_if(
+ m_ref.getEncryptedKeys().begin(), m_ref.getEncryptedKeys().end(),
+ (lambda::bind(&EncryptedKey::getRecipient, _1) == nullptr ||
+ lambda::bind(equal_fn, recipient, lambda::bind(&EncryptedKey::getRecipient, _1)))
+ );
+ return (k != m_ref.getEncryptedKeys().end()) ? (*k) : nullptr;
}
#ifdef WIN32
# define _CRT_SECURE_NO_DEPRECATE 1
# define _CRT_NONSTDC_NO_DEPRECATE 1
+# define _SCL_SECURE_NO_WARNINGS 1
#endif
// Export public APIs
#include "saml1/core/Assertions.h"
#include "saml2/core/Assertions.h"
+#include <boost/bind.hpp>
#include <xmltooling/logging.h>
using namespace opensaml;
using namespace xmltooling::logging;
using namespace xmltooling;
+using namespace boost;
using namespace std;
namespace opensaml {
bool AudienceRestrictionRule::evaluate(const XMLObject& message, const GenericRequest* request, SecurityPolicy& policy) const
{
+ static bool (*equals_fn)(const XMLCh*, const XMLCh*) = &XMLString::equals;
+
const saml2::AudienceRestriction* ac2=dynamic_cast<const saml2::AudienceRestriction*>(&message);
if (ac2) {
const vector<saml2::Audience*>& auds2 = ac2->getAudiences();
- for (vector<saml2::Audience*>::const_iterator a1 = auds2.begin(); a1!=auds2.end(); ++a1) {
- for (vector<xstring>::const_iterator a2 = policy.getAudiences().begin(); a2!=policy.getAudiences().end(); ++a2) {
- if (XMLString::equals((*a1)->getAudienceURI(), a2->c_str()))
- return true;
- }
- for (vector<const XMLCh*>::const_iterator a2 = m_audiences.begin(); a2!=m_audiences.end(); ++a2) {
- if (XMLString::equals((*a1)->getAudienceURI(), *a2))
- return true;
- }
+ for (vector<saml2::Audience*>::const_iterator a1 = auds2.begin(); a1 != auds2.end(); ++a1) {
+ const XMLCh* a1val = (*a1)->getAudienceURI();
+
+ vector<xstring>::const_iterator policyMatch = find_if(
+ policy.getAudiences().begin(), policy.getAudiences().end(),
+ boost::bind(equals_fn, a1val, boost::bind(&xstring::c_str, _1))
+ );
+ if (policyMatch != policy.getAudiences().end())
+ return true;
+
+ vector<const XMLCh*>::const_iterator ruleMatch = find_if(
+ m_audiences.begin(), m_audiences.end(),
+ boost::bind(equals_fn, a1val, _1)
+ );
+ if (ruleMatch != m_audiences.end())
+ return true;
}
ostringstream os;
const saml1::AudienceRestrictionCondition* ac1=dynamic_cast<const saml1::AudienceRestrictionCondition*>(&message);
if (ac1) {
const vector<saml1::Audience*>& auds1 = ac1->getAudiences();
- for (vector<saml1::Audience*>::const_iterator a1 = auds1.begin(); a1!=auds1.end(); ++a1) {
- for (vector<xstring>::const_iterator a2 = policy.getAudiences().begin(); a2!=policy.getAudiences().end(); ++a2) {
- if (XMLString::equals((*a1)->getAudienceURI(), a2->c_str()))
- return true;
- }
- for (vector<const XMLCh*>::const_iterator a2 = m_audiences.begin(); a2!=m_audiences.end(); ++a2) {
- if (XMLString::equals((*a1)->getAudienceURI(), *a2))
- return true;
- }
+ for (vector<saml1::Audience*>::const_iterator a1 = auds1.begin(); a1 != auds1.end(); ++a1) {
+ const XMLCh* a1val = (*a1)->getAudienceURI();
+
+ vector<xstring>::const_iterator policyMatch = find_if(
+ policy.getAudiences().begin(), policy.getAudiences().end(),
+ boost::bind(equals_fn, a1val, boost::bind(&xstring::c_str, _1))
+ );
+ if (policyMatch != policy.getAudiences().end())
+ return true;
+
+ vector<const XMLCh*>::const_iterator ruleMatch = find_if(
+ m_audiences.begin(), m_audiences.end(),
+ boost::bind(equals_fn, a1val, _1)
+ );
+ if (ruleMatch != m_audiences.end())
+ return true;
}
ostringstream os;
#include "saml1/core/Assertions.h"
#include "saml2/core/Assertions.h"
+#include <boost/ptr_container/ptr_vector.hpp>
#include <xercesc/util/XMLUniDefs.hpp>
#include <xmltooling/logging.h>
#include <xmltooling/XMLToolingConfig.h>
using namespace opensaml;
using namespace xmltooling::logging;
using namespace xmltooling;
+using namespace boost;
using namespace std;
namespace opensaml {
ConditionsRule(const DOMElement* e);
virtual ~ConditionsRule() {
- for_each(m_rules.begin(), m_rules.end(), xmltooling::cleanup<SecurityPolicyRule>());
if (m_doc)
m_doc->release();
}
private:
DOMDocument* m_doc;
- vector<SecurityPolicyRule*> m_rules;
+ ptr_vector<SecurityPolicyRule> m_rules;
};
SecurityPolicyRule* SAML_DLLLOCAL ConditionsRuleFactory(const DOMElement* const & e)
const vector<saml2::AudienceRestriction*>& acvec = conds->getAudienceRestrictions();
for (vector<saml2::AudienceRestriction*>::const_iterator ac = acvec.begin(); ac != acvec.end(); ++ac) {
valid = false;
- for (vector<SecurityPolicyRule*>::const_iterator r = m_rules.begin(); !valid && r != m_rules.end(); ++r)
- valid = (*r)->evaluate(*(*ac), request, policy);
+ for (ptr_vector<SecurityPolicyRule>::const_iterator r = m_rules.begin(); !valid && r != m_rules.end(); ++r)
+ valid = r->evaluate(*(*ac), request, policy);
if (!valid)
throw SecurityPolicyException("AudienceRestriction condition not successfully validated by policy.");
}
const vector<saml2::OneTimeUse*>& otvec = conds->getOneTimeUses();
for (vector<saml2::OneTimeUse*>::const_iterator ot = otvec.begin(); ot!=otvec.end(); ++ot) {
valid = false;
- for (vector<SecurityPolicyRule*>::const_iterator r = m_rules.begin(); !valid && r != m_rules.end(); ++r)
- valid = (*r)->evaluate(*(*ot), request, policy);
+ for (ptr_vector<SecurityPolicyRule>::const_iterator r = m_rules.begin(); !valid && r != m_rules.end(); ++r)
+ valid = r->evaluate(*(*ot), request, policy);
if (!valid)
throw SecurityPolicyException("OneTimeUse condition not successfully validated by policy.");
}
const vector<saml2::ProxyRestriction*> pvec = conds->getProxyRestrictions();
for (vector<saml2::ProxyRestriction*>::const_iterator p = pvec.begin(); p != pvec.end(); ++p) {
valid = false;
- for (vector<SecurityPolicyRule*>::const_iterator r = m_rules.begin(); !valid && r != m_rules.end(); ++r)
- valid = (*r)->evaluate(*(*p), request, policy);
+ for (ptr_vector<SecurityPolicyRule>::const_iterator r = m_rules.begin(); !valid && r != m_rules.end(); ++r)
+ valid = r->evaluate(*(*p), request, policy);
if (!valid)
throw SecurityPolicyException("ProxyRestriction condition not successfully validated by policy.");
}
const vector<saml2::Condition*>& convec = conds->getConditions();
for (vector<saml2::Condition*>::const_iterator c = convec.begin(); c != convec.end(); ++c) {
valid = false;
- for (vector<SecurityPolicyRule*>::const_iterator r = m_rules.begin(); !valid && r != m_rules.end(); ++r)
- valid = (*r)->evaluate(*(*c), request, policy);
+ for (ptr_vector<SecurityPolicyRule>::const_iterator r = m_rules.begin(); !valid && r != m_rules.end(); ++r)
+ valid = r->evaluate(*(*c), request, policy);
if (!valid) {
throw SecurityPolicyException(
"Extension condition ($1) not successfully validated by policy.",
const vector<saml1::AudienceRestrictionCondition*>& acvec = conds->getAudienceRestrictionConditions();
for (vector<saml1::AudienceRestrictionCondition*>::const_iterator ac = acvec.begin(); ac != acvec.end(); ++ac) {
valid = false;
- for (vector<SecurityPolicyRule*>::const_iterator r = m_rules.begin(); !valid && r != m_rules.end(); ++r)
- valid = (*r)->evaluate(*(*ac), request, policy);
+ for (ptr_vector<SecurityPolicyRule>::const_iterator r = m_rules.begin(); !valid && r != m_rules.end(); ++r)
+ valid = r->evaluate(*(*ac), request, policy);
if (!valid)
throw SecurityPolicyException("AudienceRestrictionCondition not successfully validated by policy.");
}
const vector<saml1::DoNotCacheCondition*>& dncvec = conds->getDoNotCacheConditions();
for (vector<saml1::DoNotCacheCondition*>::const_iterator dnc = dncvec.begin(); dnc != dncvec.end(); ++dnc) {
valid = false;
- for (vector<SecurityPolicyRule*>::const_iterator r = m_rules.begin(); !valid && r != m_rules.end(); ++r)
- valid = (*r)->evaluate(*(*dnc), request, policy);
+ for (ptr_vector<SecurityPolicyRule>::const_iterator r = m_rules.begin(); !valid && r != m_rules.end(); ++r)
+ valid = r->evaluate(*(*dnc), request, policy);
if (!valid)
throw SecurityPolicyException("DoNotCacheCondition not successfully validated by policy.");
}
const vector<saml1::Condition*>& convec = conds->getConditions();
for (vector<saml1::Condition*>::const_iterator c = convec.begin(); c != convec.end(); ++c) {
valid = false;
- for (vector<SecurityPolicyRule*>::const_iterator r = m_rules.begin(); !valid && r != m_rules.end(); ++r)
- valid = (*r)->evaluate(*(*c), request, policy);
+ for (ptr_vector<SecurityPolicyRule>::const_iterator r = m_rules.begin(); !valid && r != m_rules.end(); ++r)
+ valid = r->evaluate(*(*c), request, policy);
if (!valid) {
throw SecurityPolicyException(
"Extension condition ($1) not successfully validated by policy.",
public:
IgnoreRule(const DOMElement* e)
: m_log(Category::getInstance(SAML_LOGCAT".SecurityPolicyRule.Ignore")), m_qname(XMLHelper::getNodeValueAsQName(e)) {
- if (!m_qname)
+ if (!m_qname.get())
throw SecurityPolicyException("No schema type or element name supplied to Ignore rule.");
}
- virtual ~IgnoreRule() {
- delete m_qname;
- }
+ virtual ~IgnoreRule() {}
const char* getType() const {
return IGNORE_POLICY_RULE;
}
bool evaluate(const XMLObject& message, const GenericRequest* request, SecurityPolicy& policy) const {
if (message.getSchemaType()) {
- if (*m_qname != *(message.getSchemaType()))
+ if (*m_qname.get() != *(message.getSchemaType()))
return false;
m_log.info("ignoring condition with type (%s)", message.getSchemaType()->toString().c_str());
}
else {
- if (*m_qname != message.getElementQName())
+ if (*m_qname.get() != message.getElementQName())
return false;
m_log.info("ignoring condition (%s)", message.getElementQName().toString().c_str());
}
private:
Category& m_log;
- xmltooling::QName* m_qname;
+ auto_ptr<xmltooling::QName> m_qname;
};
SecurityPolicyRule* SAML_DLLLOCAL IgnoreRuleFactory(const DOMElement* const & e)
ref=sig->createReference(&chNull, m_digest ? m_digest : DSIGConstants::s_unicodeStrURISHA1); // whole doc reference
else {
XMLCh* buf=new XMLCh[XMLString::stringLen(id) + 2];
+ auto_arrayptr<XMLCh> bufjanitor(buf);
buf[0]=chPound;
buf[1]=chNull;
XMLString::catString(buf,id);
- try {
- ref=sig->createReference(buf, m_digest ? m_digest : DSIGConstants::s_unicodeStrURISHA1);
- delete[] buf;
- }
- catch(...) {
- delete[] buf;
- throw;
- }
+ ref=sig->createReference(buf, m_digest ? m_digest : DSIGConstants::s_unicodeStrURISHA1);
}
ref->appendEnvelopedSignatureTransform();
}
if (!prefixes.empty()) {
prefixes.erase(prefixes.begin() + prefixes.size() - 1);
- c14n->setInclusiveNamespaces(const_cast<XMLCh*>(prefixes.c_str()));
+ c14n->setInclusiveNamespaces(const_cast<XMLCh*>(prefixes.c_str())); // the cast is for compatibility with old xmlsec
}
}
}
#include "internal.h"
#include "util/CommonDomainCookie.h"
+#include <boost/algorithm/string.hpp>
#include <xercesc/util/Base64.hpp>
#include <xsec/framework/XSECDefs.hpp>
#include <xmltooling/XMLToolingConfig.h>
using namespace opensaml;
using namespace xmltooling;
+using namespace boost;
using namespace std;
const char CommonDomainCookie::CDCName[] = "_saml_idp";
XMLToolingConfig::getConfig().getURLEncoder()->decode(b64);
// Chop it up and save off elements.
- vector<string> templist;
- char* ptr=b64;
- while (*ptr) {
- while (*ptr && isspace(*ptr)) ptr++;
- char* end=ptr;
- while (*end && !isspace(*end)) end++;
- templist.push_back(string(ptr,end-ptr));
- ptr=end;
- }
+ split(m_list, b64, is_space(), algorithm::token_compress_on);
free(b64);
- // Now Base64 decode the list.
+ // Now Base64 decode the list elements, overwriting them.
xsecsize_t len;
- for (vector<string>::iterator i=templist.begin(); i!=templist.end(); ++i) {
+ for (vector<string>::iterator i = m_list.begin(); i != m_list.end(); ++i) {
+ trim(*i);
XMLByte* decoded=Base64::decode(reinterpret_cast<const XMLByte*>(i->c_str()),&len);
if (decoded && *decoded) {
- m_list.push_back(reinterpret_cast<char*>(decoded));
+ i->assign(reinterpret_cast<char*>(decoded));
#ifdef OPENSAML_XERCESC_HAS_XMLBYTE_RELEASE
XMLString::release(&decoded);
#else
const char* CommonDomainCookie::set(const char* entityID)
{
- // First scan the list for this IdP.
- for (vector<string>::iterator i=m_list.begin(); i!=m_list.end(); i++) {
- if (*i == entityID) {
- m_list.erase(i);
- break;
- }
- }
+ // First remove the IdP from the list.
+ m_list.erase(remove(m_list.begin(), m_list.end(), entityID), m_list.end());
// Append it to the end.
m_list.push_back(entityID);
// Now rebuild the delimited list.
xsecsize_t len;
string delimited;
- for (vector<string>::const_iterator j=m_list.begin(); j!=m_list.end(); j++) {
- if (!delimited.empty()) delimited += ' ';
+ for (vector<string>::const_iterator j = m_list.begin(); j != m_list.end(); ++j) {
+ if (!delimited.empty())
+ delimited += ' ';
- XMLByte* b64=Base64::encode(reinterpret_cast<const XMLByte*>(j->c_str()),j->length(),&len);
+ XMLByte* b64 = Base64::encode(reinterpret_cast<const XMLByte*>(j->c_str()), j->length(), &len);
XMLByte *pos, *pos2;
- for (pos=b64, pos2=b64; *pos2; pos2++)
+ for (pos = b64, pos2 = b64; *pos2; ++pos2)
if (isgraph(*pos2))
- *pos++=*pos2;
- *pos=0;
+ *pos++ = *pos2;
+ *pos = 0;
delimited += reinterpret_cast<char*>(b64);
#ifdef OPENSAML_XERCESC_HAS_XMLBYTE_RELEASE
#endif
}
- m_encoded=XMLToolingConfig::getConfig().getURLEncoder()->encode(delimited.c_str());
+ m_encoded = XMLToolingConfig::getConfig().getURLEncoder()->encode(delimited.c_str());
return m_encoded.c_str();
}
SAMLArtifactType0002Test.h \
SAMLArtifactType0004Test.h \
ArtifactMapTest.h \
+ CookieTest.h \
encryption/EncryptedAssertionTest.h \
signature/SAML1AssertionTest.h \
signature/SAML1RequestTest.h \
-<?xml version="1.0" encoding="utf-8"?>\r
+<?xml version="1.0" encoding="utf-8"?>\r
<Project DefaultTargets="Build" ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">\r
<ItemGroup Label="ProjectConfigurations">\r
<ProjectConfiguration Include="Debug|Win32">\r
</ItemDefinitionGroup>\r
<ItemGroup>\r
<ClCompile Include="ArtifactMapTest.cpp" />\r
+ <ClCompile Include="CookieTest.cpp" />\r
<ClCompile Include="SAMLArtifactCreationTest.cpp" />\r
<ClCompile Include="SAMLArtifactType0001Test.cpp" />\r
<ClCompile Include="SAMLArtifactType0002Test.cpp" />\r
</Command>\r
<Outputs Condition="'$(Configuration)|$(Platform)'=='Release|x64'">%(RootDir)%(Directory)%(Filename).cpp;%(Outputs)</Outputs>\r
</CustomBuild>\r
+ <CustomBuild Include="CookieTest.h">\r
+ <Command Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">perl.exe -w $(CxxTestRoot)\cxxtestgen.pl --part --have-eh --have-std --abort-on-fail -o "%(RootDir)%(Directory)%(Filename)".cpp "%(FullPath)"</Command>\r
+ <Command Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">perl.exe -w $(CxxTestRoot)\cxxtestgen.pl --part --have-eh --have-std --abort-on-fail -o "%(RootDir)%(Directory)%(Filename)".cpp "%(FullPath)"</Command>\r
+ <Command Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">perl.exe -w $(CxxTestRoot)\cxxtestgen.pl --part --have-eh --have-std --abort-on-fail -o "%(RootDir)%(Directory)%(Filename)".cpp "%(FullPath)"</Command>\r
+ <Command Condition="'$(Configuration)|$(Platform)'=='Release|x64'">perl.exe -w $(CxxTestRoot)\cxxtestgen.pl --part --have-eh --have-std --abort-on-fail -o "%(RootDir)%(Directory)%(Filename)".cpp "%(FullPath)"</Command>\r
+ <Outputs Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">%(RootDir)%(Directory)%(Filename).cpp;%(Outputs)</Outputs>\r
+ <Outputs Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">%(RootDir)%(Directory)%(Filename).cpp;%(Outputs)</Outputs>\r
+ <Outputs Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">%(RootDir)%(Directory)%(Filename).cpp;%(Outputs)</Outputs>\r
+ <Outputs Condition="'$(Configuration)|$(Platform)'=='Release|x64'">%(RootDir)%(Directory)%(Filename).cpp;%(Outputs)</Outputs>\r
+ </CustomBuild>\r
<ClInclude Include="signature\SAMLSignatureTestBase.h" />\r
<CustomBuild Include="saml2\core\impl\Action20Test.h">\r
<Command Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">perl.exe -w $(CxxTestRoot)\cxxtestgen.pl --part --have-eh --have-std --abort-on-fail -o "%(RootDir)%(Directory)%(Filename)".cpp "%(FullPath)"\r
<Import Project="$(VCTargetsPath)\Microsoft.Cpp.targets" />\r
<ImportGroup Label="ExtensionTargets">\r
</ImportGroup>\r
-</Project>\r
+</Project>
\ No newline at end of file
<ClCompile Include="encryption\EncryptedAssertionTest.cpp">\r
<Filter>Generated Files\encryption</Filter>\r
</ClCompile>\r
+ <ClCompile Include="CookieTest.cpp">\r
+ <Filter>Generated Files</Filter>\r
+ </ClCompile>\r
</ItemGroup>\r
<ItemGroup>\r
<ClInclude Include="signature\SAMLSignatureTestBase.h">\r
<CustomBuild Include="encryption\EncryptedAssertionTest.h">\r
<Filter>Unit Tests\encryption</Filter>\r
</CustomBuild>\r
+ <CustomBuild Include="CookieTest.h">\r
+ <Filter>Unit Tests</Filter>\r
+ </CustomBuild>\r
</ItemGroup>\r
</Project>
\ No newline at end of file