*/
virtual void clearDescriptorIndex();
- /**
- * Returns true iff the Credential matches the criteria supplied, if any.
- *
- * @param cred Credential plus KeyDescriptor usage information
- * @param criteria criteria for Credential selection
- * @return true iff the Credential applies
- */
- virtual bool matches(
- const std::pair<const XMLCh*,xmltooling::Credential*>& cred, const xmltooling::CredentialCriteria* criteria
- ) const;
-
private:
typedef std::multimap<std::string,const EntityDescriptor*> sitemap_t;
typedef std::multimap<std::string,const EntitiesDescriptor*> groupmap_t;
groupmap_t m_groups;
mutable xmltooling::Mutex* m_credentialLock;
- typedef std::map<const RoleDescriptor*, std::vector< std::pair<const XMLCh*,xmltooling::Credential*> > > credmap_t;
+ typedef std::map< const RoleDescriptor*, std::vector<xmltooling::Credential*> > credmap_t;
mutable credmap_t m_credentialMap;
const credmap_t::mapped_type& resolveCredentials(const RoleDescriptor& role) const;
};
#define __saml_metacrit_h__
#include <saml/base.h>
-#include <saml/saml2/metadata/Metadata.h>
+#include <saml/saml2/metadata/MetadataCredentialContext.h>
#include <xmltooling/security/CredentialCriteria.h>
namespace opensaml {
return m_role;
}
+ bool matches(xmltooling::Credential& credential) const {
+ const MetadataCredentialContext* context = dynamic_cast<const MetadataCredentialContext*>(credential.getCredentalContext());
+ if (context) {
+ // Check for a usage mismatch.
+ if ((getUsage()==CredentialCriteria::SIGNING_CREDENTIAL || getUsage()==CredentialCriteria::TLS_CREDENTIAL) &&
+ XMLString::equals(context->getKeyDescriptor().getUse(),KeyDescriptor::KEYTYPE_ENCRYPTION))
+ return false;
+ else if (getUsage()==CredentialCriteria::ENCRYPTION_CREDENTIAL &&
+ XMLString::equals(context->getKeyDescriptor().getUse(),KeyDescriptor::KEYTYPE_SIGNING))
+ return false;
+ }
+ return CredentialCriteria::matches(credential);
+ }
+
private:
const RoleDescriptor& m_role;
};
AbstractMetadataProvider::~AbstractMetadataProvider()
{
for (credmap_t::iterator c = m_credentialMap.begin(); c!=m_credentialMap.end(); ++c)
- for_each(c->second.begin(), c->second.end(), cleanup_pair<const XMLCh*,Credential>());
+ for_each(c->second.begin(), c->second.end(), xmltooling::cleanup<Credential>());
delete m_credentialLock;
delete m_resolver;
}
void AbstractMetadataProvider::emitChangeEvent()
{
for (credmap_t::iterator c = m_credentialMap.begin(); c!=m_credentialMap.end(); ++c)
- for_each(c->second.begin(), c->second.end(), cleanup_pair<const XMLCh*,Credential>());
+ for_each(c->second.begin(), c->second.end(), xmltooling::cleanup<Credential>());
m_credentialMap.clear();
ObservableMetadataProvider::emitChangeEvent();
}
const credmap_t::mapped_type& creds = resolveCredentials(metacrit->getRole());
for (credmap_t::mapped_type::const_iterator c = creds.begin(); c!=creds.end(); ++c)
- if (matches(*c,criteria))
- return c->second;
+ if (metacrit->matches(*(*c)))
+ return *c;
return NULL;
}
const credmap_t::mapped_type& creds = resolveCredentials(metacrit->getRole());
for (credmap_t::mapped_type::const_iterator c = creds.begin(); c!=creds.end(); ++c)
- if (matches(*c,criteria))
- results.push_back(c->second);
+ if (metacrit->matches(*(*c)))
+ results.push_back(*c);
return results.size();
}
auto_ptr<MetadataCredentialContext> mcc(new MetadataCredentialContext(*(*k)));
Credential* c = resolver->resolve(mcc.get());
mcc.release();
- resolved.push_back(make_pair((*k)->getUse(), c));
+ resolved.push_back(c);
}
}
return resolved;
}
-
-bool AbstractMetadataProvider::matches(const pair<const XMLCh*,Credential*>& cred, const CredentialCriteria* criteria) const
-{
- if (criteria) {
- // Check for a usage mismatch.
- if ((criteria->getUsage()==CredentialCriteria::SIGNING_CREDENTIAL || criteria->getUsage()==CredentialCriteria::TLS_CREDENTIAL) &&
- XMLString::equals(cred.first,KeyDescriptor::KEYTYPE_ENCRYPTION))
- return false;
- else if (criteria->getUsage()==CredentialCriteria::ENCRYPTION_CREDENTIAL && XMLString::equals(cred.first,KeyDescriptor::KEYTYPE_SIGNING))
- return false;
- return cred.second->matches(*criteria);
- }
- return true;
-}