#include "saml2/metadata/Metadata.h"
#include "saml2/metadata/MetadataProvider.h"
+#include <boost/ptr_container/ptr_vector.hpp>
#include <xmltooling/logging.h>
#include <xmltooling/XMLToolingConfig.h>
#include <xmltooling/io/HTTPRequest.h>
using namespace xmltooling::logging;
using namespace xmltooling;
using namespace std;
+using boost::ptr_vector;
namespace opensaml {
namespace saml1p {
throw BindingException("Artifact profile requires ArtifactResolver and MetadataProvider implementations be supplied.");
// Import the artifacts.
- vector<SAMLArtifact*> artifacts;
+ vector<SAMLArtifact*> artifactptrs; // needed for compatibility with non-Boost API in ArtifactResolver
+ ptr_vector<SAMLArtifact> artifacts;
for (vector<const char*>::const_iterator raw=SAMLart.begin(); raw!=SAMLart.end(); ++raw) {
try {
log.debug("processing encoded artifact (%s)", *raw);
log.warn("replay cache was not provided, this is a serious security risk!");
artifacts.push_back(SAMLArtifact::parse(*raw));
+ artifactptrs.push_back(&(artifacts.back()));
}
catch (ArtifactException&) {
log.error("error parsing artifact (%s)", *raw);
- for_each(artifacts.begin(), artifacts.end(), xmltooling::cleanup<SAMLArtifact>());
- throw;
- }
- catch (XMLToolingException&) {
- for_each(artifacts.begin(), artifacts.end(), xmltooling::cleanup<SAMLArtifact>());
throw;
}
}
log.debug("attempting to determine source of artifact(s)...");
MetadataProvider::Criteria& mc = policy.getMetadataProviderCriteria();
- mc.artifact = artifacts.front();
+ mc.artifact = &(artifacts.front());
mc.role = policy.getRole();
mc.protocol = samlconstants::SAML11_PROTOCOL_ENUM;
mc.protocol2 = samlconstants::SAML10_PROTOCOL_ENUM;
if (!provider.first) {
log.error(
"metadata lookup failed, unable to determine issuer of artifact (0x%s)",
- SAMLArtifact::toHex(artifacts.front()->getBytes()).c_str()
+ SAMLArtifact::toHex(artifacts.front().getBytes()).c_str()
);
- for_each(artifacts.begin(), artifacts.end(), xmltooling::cleanup<SAMLArtifact>());
throw BindingException("Metadata lookup failed, unable to determine artifact issuer");
}
if (!provider.second || !dynamic_cast<const IDPSSODescriptor*>(provider.second)) {
log.error("unable to find compatible SAML 1.x role (%s) in metadata", policy.getRole()->toString().c_str());
- for_each(artifacts.begin(), artifacts.end(), xmltooling::cleanup<SAMLArtifact>());
throw BindingException("Unable to find compatible metadata role for artifact issuer.");
}
// Set Issuer for the policy.
policy.setIssuer(provider.first->getEntityID());
policy.setIssuerMetadata(provider.second);
- try {
- log.debug("calling ArtifactResolver...");
- auto_ptr<Response> response(
- m_artifactResolver->resolve(artifacts, dynamic_cast<const IDPSSODescriptor&>(*provider.second), policy)
- );
+ log.debug("calling ArtifactResolver...");
+ auto_ptr<Response> response(
+ m_artifactResolver->resolve(artifactptrs, dynamic_cast<const IDPSSODescriptor&>(*provider.second), policy)
+ );
- // The policy should be enforced against the Response by the resolve step.
+ // The policy should be enforced against the Response by the resolve step.
- for_each(artifacts.begin(), artifacts.end(), xmltooling::cleanup<SAMLArtifact>());
- return response.release();
- }
- catch (XMLToolingException&) {
- for_each(artifacts.begin(), artifacts.end(), xmltooling::cleanup<SAMLArtifact>());
- throw;
- }
+ return response.release();
}
#include "saml1/core/Assertions.h"
#include "saml1/profile/AssertionValidator.h"
+#include <boost/bind.hpp>
#include <xmltooling/logging.h>
#include <xmltooling/XMLToolingConfig.h>
#include <xmltooling/util/NDC.h>
using namespace opensaml::saml1;
using namespace xmltooling::logging;
using namespace xmltooling;
+using namespace boost;
using namespace std;
AssertionValidator::AssertionValidator(const XMLCh* recipient, const vector<const XMLCh*>* audiences, time_t ts)
// Now we process conditions, starting with the known types and then extensions.
const vector<AudienceRestrictionCondition*>& acvec = conds->getAudienceRestrictionConditions();
- for (vector<AudienceRestrictionCondition*>::const_iterator ac = acvec.begin(); ac!=acvec.end(); ++ac)
- validateCondition(*ac);
+ for_each(acvec.begin(), acvec.end(), boost::bind(&AssertionValidator::validateCondition, this, _1));
const vector<DoNotCacheCondition*>& dncvec = conds->getDoNotCacheConditions();
- for (vector<DoNotCacheCondition*>::const_iterator dnc = dncvec.begin(); dnc!=dncvec.end(); ++dnc)
- validateCondition(*dnc);
+ for_each(dncvec.begin(), dncvec.end(), boost::bind(&AssertionValidator::validateCondition, this, _1));
const vector<Condition*>& convec = conds->getConditions();
- for (vector<Condition*>::const_iterator c = convec.begin(); c!=convec.end(); ++c)
- validateCondition(*c);
+ for_each(convec.begin(), convec.end(), boost::bind(&AssertionValidator::validateCondition, this, _1));
}
void AssertionValidator::validateCondition(const Condition* c) const
throw BindingException("Artifact binding requires ArtifactResolver and MetadataProvider implementations be supplied.");
// Import the artifact.
- SAMLArtifact* artifact=nullptr;
+ auto_ptr<SAMLArtifact> artifact;
try {
log.debug("processing encoded artifact (%s)", SAMLart);
else
log.warn("replay cache was not provided, this is a serious security risk!");
- artifact = SAMLArtifact::parse(SAMLart);
+ artifact.reset(SAMLArtifact::parse(SAMLart));
}
catch (ArtifactException&) {
log.error("error parsing artifact (%s)", SAMLart);
}
// Check the type.
- auto_ptr<SAML2Artifact> artifact2(dynamic_cast<SAML2Artifact*>(artifact));
- if (!artifact2.get()) {
- delete artifact;
+ SAML2Artifact* artifact2 = dynamic_cast<SAML2Artifact*>(artifact.get());
+ if (!artifact2) {
log.error("wrong artifact type");
throw BindingException("Artifact binding requires SAML 2.0 artifact.");
}
log.debug("attempting to determine source of artifact...");
MetadataProvider::Criteria& mc = policy.getMetadataProviderCriteria();
- mc.artifact = artifact;
+ mc.artifact = artifact.get();
mc.role = policy.getRole();
mc.protocol = samlconstants::SAML20P_NS;
pair<const EntityDescriptor*,const RoleDescriptor*> provider=policy.getMetadataProvider()->getEntityDescriptor(mc);
log.debug("calling ArtifactResolver...");
auto_ptr<ArtifactResponse> response(
- m_artifactResolver->resolve(*(artifact2.get()), dynamic_cast<const SSODescriptorType&>(*provider.second), policy)
+ m_artifactResolver->resolve(*artifact2, dynamic_cast<const SSODescriptorType&>(*provider.second), policy)
);
// The policy should be enforced against the ArtifactResponse by the resolve step.
{
public:
SAML2ECPEncoder(const DOMElement* e, const XMLCh* ns) : m_actor("http://schemas.xmlsoap.org/soap/actor/next"),
- m_providerName(e ? e->getAttributeNS(ns, ProviderName) : nullptr), m_idpList(nullptr) {
+ m_providerName(e ? e->getAttributeNS(ns, ProviderName) : nullptr) {
DOMElement* child = e ? XMLHelper::getFirstChildElement(e, SAML20P_NS, IDPList::LOCAL_NAME) : nullptr;
if (child)
- m_idpList = dynamic_cast<IDPList*>(XMLObjectBuilder::buildOneFromElement(child));
+ m_idpList.reset(dynamic_cast<IDPList*>(XMLObjectBuilder::buildOneFromElement(child)));
}
virtual ~SAML2ECPEncoder() {
- delete m_idpList;
}
const XMLCh* getProtocolFamily() const {
private:
auto_ptr_XMLCh m_actor;
const XMLCh* m_providerName;
- IDPList* m_idpList;
+ auto_ptr<IDPList> m_idpList;
AnyElementBuilder m_anyBuilder;
};
hdrblock->getUnknownXMLObjects().push_back(request->getIssuer()->clone());
if (request->getScoping() && request->getScoping()->getIDPList())
hdrblock->getUnknownXMLObjects().push_back(request->getScoping()->getIDPList()->clone());
- else if (m_idpList)
+ else if (m_idpList.get())
hdrblock->getUnknownXMLObjects().push_back(m_idpList->clone());
header->getUnknownXMLObjects().push_back(hdrblock);
}
mutable sitemap_t m_sources;
mutable groupmap_t m_groups;
- mutable xmltooling::Mutex* m_credentialLock;
+ std::auto_ptr<xmltooling::KeyInfoResolver> m_resolverWrapper;
+ std::auto_ptr<xmltooling::Mutex> m_credentialLock;
typedef std::map< const RoleDescriptor*, std::vector<xmltooling::Credential*> > credmap_t;
mutable credmap_t m_credentialMap;
const credmap_t::mapped_type& resolveCredentials(const RoleDescriptor& role) const;
mutable std::string m_feedTag;
private:
- void disco(std::string& s, const EntityDescriptor* entity, bool& first) const;
- void disco(std::string& s, const EntitiesDescriptor* group, bool& first) const;
+ void discoEntity(std::string& s, const EntityDescriptor* entity, bool& first) const;
+ void discoGroup(std::string& s, const EntitiesDescriptor* group, bool& first) const;
bool m_legacyOrgNames;
};
#include "saml2/metadata/MetadataCredentialContext.h"
#include "saml2/metadata/MetadataCredentialCriteria.h"
+#include <boost/iterator/indirect_iterator.hpp>
+#include <boost/lambda/bind.hpp>
+#include <boost/lambda/if.hpp>
+#include <boost/lambda/lambda.hpp>
#include <xercesc/util/XMLUniDefs.hpp>
#include <xmltooling/logging.h>
#include <xmltooling/XMLToolingConfig.h>
using namespace opensaml::saml2md;
using namespace xmltooling::logging;
using namespace xmltooling;
+using namespace boost::lambda;
+using namespace boost;
using namespace std;
using opensaml::SAMLArtifact;
static const XMLCh _KeyInfoResolver[] = UNICODE_LITERAL_15(K,e,y,I,n,f,o,R,e,s,o,l,v,e,r);
-static const XMLCh type[] = UNICODE_LITERAL_4(t,y,p,e);
+static const XMLCh _type[] = UNICODE_LITERAL_4(t,y,p,e);
AbstractMetadataProvider::AbstractMetadataProvider(const DOMElement* e)
- : ObservableMetadataProvider(e), m_lastUpdate(0), m_resolver(nullptr), m_credentialLock(nullptr)
+ : ObservableMetadataProvider(e), m_lastUpdate(0), m_resolver(nullptr), m_credentialLock(Mutex::create())
{
e = XMLHelper::getFirstChildElement(e, _KeyInfoResolver);
if (e) {
- string t = XMLHelper::getAttrString(e, nullptr, type);
- if (!t.empty())
- m_resolver = XMLToolingConfig::getConfig().KeyInfoResolverManager.newPlugin(t.c_str(), e);
- else
+ string t = XMLHelper::getAttrString(e, nullptr, _type);
+ if (!t.empty()) {
+ m_resolverWrapper.reset(XMLToolingConfig::getConfig().KeyInfoResolverManager.newPlugin(t.c_str(), e));
+ m_resolver = m_resolverWrapper.get();
+ }
+ else {
throw UnknownExtensionException("<KeyInfoResolver> element found with no type attribute");
+ }
}
- m_credentialLock = Mutex::create();
}
AbstractMetadataProvider::~AbstractMetadataProvider()
{
for (credmap_t::iterator c = m_credentialMap.begin(); c!=m_credentialMap.end(); ++c)
for_each(c->second.begin(), c->second.end(), xmltooling::cleanup<Credential>());
- delete m_credentialLock;
- delete m_resolver;
}
void AbstractMetadataProvider::outputStatus(ostream& os) const
auto_ptr_char id(site->getEntityID());
if (id.get()) {
if (replace) {
- m_sites.erase(id.get());
+ // The data structure here needs work.
+ // We have to find all the sites stored against the replaced ID. Then we have to
+ // search for those sites in the entire set of sites tracked by the sources map and
+ // remove them from both places.
+ set<const EntityDescriptor*> existingSites;
+ pair<sitemap_t::const_iterator,sitemap_t::const_iterator> existingRange = m_sites.equal_range(id.get());
+ static pair<set<const EntityDescriptor*>::iterator,bool> (set<const EntityDescriptor*>::* ins)(const EntityDescriptor* const &) =
+ &set<const EntityDescriptor*>::insert;
+ for_each(
+ existingRange.first, existingRange.second,
+ lambda::bind(ins, boost::ref(existingSites), lambda::bind(&sitemap_t::value_type::second, _1))
+ );
+ m_sites.erase(existingRange.first, existingRange.second);
for (sitemap_t::iterator s = m_sources.begin(); s != m_sources.end();) {
- if (s->second == site) {
+ if (existingSites.count(s->second) > 0) {
sitemap_t::iterator temp = s;
++s;
m_sources.erase(temp);
if (!metacrit)
throw MetadataException("Cannot resolve credentials without a MetadataCredentialCriteria object.");
- Lock lock(m_credentialLock);
+ Lock lock(m_credentialLock.get());
const credmap_t::mapped_type& creds = resolveCredentials(metacrit->getRole());
- for (credmap_t::mapped_type::const_iterator c = creds.begin(); c!=creds.end(); ++c)
- if (metacrit->matches(*(*c)))
- return *c;
+ // Indirect iterator derefs the pointers in the vector to pass to the matches() method by reference.
+ credmap_t::mapped_type::const_iterator c = find_if(
+ creds.begin(), creds.end(), lambda::bind(&CredentialCriteria::matches, metacrit, boost::ref(*_1))
+ );
+ if (c != creds.end())
+ return *c;
return nullptr;
}
if (!metacrit)
throw MetadataException("Cannot resolve credentials without a MetadataCredentialCriteria object.");
- Lock lock(m_credentialLock);
+ Lock lock(m_credentialLock.get());
const credmap_t::mapped_type& creds = resolveCredentials(metacrit->getRole());
- for (credmap_t::mapped_type::const_iterator c = creds.begin(); c!=creds.end(); ++c)
- if (metacrit->matches(*(*c)))
- results.push_back(*c);
+ // Add matching creds to results array.
+ static void (vector<const Credential*>::* push_back)(const Credential* const &) = &vector<const Credential*>::push_back;
+ for_each(
+ creds.begin(), creds.end(),
+ if_(lambda::bind(&CredentialCriteria::matches, metacrit, boost::ref(*_1)))[lambda::bind(push_back, boost::ref(results), _1)]
+ );
+
return results.size();
}
const AbstractMetadataProvider::credmap_t::mapped_type& AbstractMetadataProvider::resolveCredentials(const RoleDescriptor& role) const
{
credmap_t::const_iterator i = m_credentialMap.find(&role);
- if (i!=m_credentialMap.end())
+ if (i != m_credentialMap.end())
return i->second;
const KeyInfoResolver* resolver = m_resolver ? m_resolver : XMLToolingConfig::getConfig().getKeyInfoResolver();
const vector<KeyDescriptor*>& keys = role.getKeyDescriptors();
AbstractMetadataProvider::credmap_t::mapped_type& resolved = m_credentialMap[&role];
- for (vector<KeyDescriptor*>::const_iterator k = keys.begin(); k!=keys.end(); ++k) {
- if ((*k)->getKeyInfo()) {
- auto_ptr<MetadataCredentialContext> mcc(new MetadataCredentialContext(*(*k)));
+ for (indirect_iterator<vector<KeyDescriptor*>::const_iterator> k = make_indirect_iterator(keys.begin());
+ k != make_indirect_iterator(keys.end()); ++k) {
+ if (k->getKeyInfo()) {
+ auto_ptr<MetadataCredentialContext> mcc(new MetadataCredentialContext(*k));
Credential* c = resolver->resolve(mcc.get());
mcc.release();
resolved.push_back(c);
e = XMLHelper::getFirstChildElement(e);
while (e) {
if (XMLString::equals(e->getLocalName(), Exclude) && e->hasChildNodes()) {
- m_set.insert(e->getFirstChild()->getNodeValue());
+ m_set.insert(e->getFirstChild()->getTextContent());
}
e = XMLHelper::getNextSiblingElement(e);
}
doFilter(entities);
return;
}
- catch (bad_cast) {
+ catch (bad_cast&) {
}
try {
throw MetadataFilterException("BlacklistMetadataFilter instructed to filter the root/only entity in the metadata.");
return;
}
- catch (bad_cast) {
+ catch (bad_cast&) {
}
throw MetadataFilterException("BlacklistMetadataFilter was given an improper metadata instance to filter.");
#include <memory>
#include <functional>
+#include <boost/bind.hpp>
+#include <boost/ptr_container/ptr_vector.hpp>
#include <xercesc/util/XMLUniDefs.hpp>
#include <xmltooling/logging.h>
#include <xmltooling/util/Threads.h>
using namespace xmlsignature;
using namespace xmltooling::logging;
using namespace xmltooling;
+using namespace boost;
using namespace std;
namespace opensaml {
vector<const Credential*>::size_type resolve(vector<const Credential*>& results, const CredentialCriteria* criteria=nullptr) const;
string getCacheTag() const {
- Lock lock(m_trackerLock);
+ Lock lock(m_trackerLock.get());
return m_feedTag;
}
if (wrapArray)
os << '[';
// Lock each provider in turn and suck in its feed.
- for (vector<MetadataProvider*>::const_iterator m = m_providers.begin(); m != m_providers.end(); ++m) {
- DiscoverableMetadataProvider* d = dynamic_cast<DiscoverableMetadataProvider*>(*m);
+ for (ptr_vector<MetadataProvider>::iterator m = m_providers.begin(); m != m_providers.end(); ++m) {
+ DiscoverableMetadataProvider* d = dynamic_cast<DiscoverableMetadataProvider*>(&(*m));
if (d) {
Locker locker(d);
d->outputFeed(os, first, false);
void onEvent(const ObservableMetadataProvider& provider) const {
// Reset the cache tag for the feed.
- Lock lock(m_trackerLock);
+ Lock lock(m_trackerLock.get());
SAMLConfig::getConfig().generateRandomBytes(m_feedTag, 4);
m_feedTag = SAMLArtifact::toHex(m_feedTag);
emitChangeEvent();
private:
bool m_firstMatch;
- mutable Mutex* m_trackerLock;
- ThreadKey* m_tlsKey;
- vector<MetadataProvider*> m_providers;
+ auto_ptr<Mutex> m_trackerLock;
+ auto_ptr<ThreadKey> m_tlsKey;
+ mutable ptr_vector<MetadataProvider> m_providers;
mutable set<tracker_t*> m_trackers;
static void tracker_cleanup(void*);
Category& m_log;
struct SAML_DLLLOCAL tracker_t {
tracker_t(const ChainingMetadataProvider* m) : m_metadata(m) {
- Lock lock(m_metadata->m_trackerLock);
+ Lock lock(m_metadata->m_trackerLock.get());
m_metadata->m_trackers.insert(this);
}
if (ptr) {
// free the tracker after removing it from the parent plugin's tracker set
tracker_t* t = reinterpret_cast<tracker_t*>(ptr);
- Lock lock(t->m_metadata->m_trackerLock);
+ Lock lock(t->m_metadata->m_trackerLock.get());
t->m_metadata->m_trackers.erase(t);
delete t;
}
}
ChainingMetadataProvider::ChainingMetadataProvider(const DOMElement* e)
- : ObservableMetadataProvider(e), m_firstMatch(true), m_trackerLock(nullptr), m_tlsKey(nullptr),
+ : ObservableMetadataProvider(e), m_firstMatch(true), m_trackerLock(Mutex::create()), m_tlsKey(ThreadKey::create(tracker_cleanup)),
m_log(Category::getInstance(SAML_LOGCAT".Metadata.Chaining"))
{
if (XMLString::equals(e ? e->getAttributeNS(nullptr, precedence) : nullptr, last))
}
e = XMLHelper::getNextSiblingElement(e, _MetadataProvider);
}
- m_trackerLock = Mutex::create();
- m_tlsKey = ThreadKey::create(tracker_cleanup);
}
ChainingMetadataProvider::~ChainingMetadataProvider()
{
- delete m_tlsKey;
- delete m_trackerLock;
for_each(m_trackers.begin(), m_trackers.end(), xmltooling::cleanup<tracker_t>());
- for_each(m_providers.begin(), m_providers.end(), xmltooling::cleanup<MetadataProvider>());
}
void ChainingMetadataProvider::init()
{
- for (vector<MetadataProvider*>::const_iterator i=m_providers.begin(); i!=m_providers.end(); ++i) {
+ for (ptr_vector<MetadataProvider>::iterator i = m_providers.begin(); i != m_providers.end(); ++i) {
try {
- (*i)->init();
+ i->init();
}
catch (exception& ex) {
m_log.crit("failure initializing MetadataProvider: %s", ex.what());
void ChainingMetadataProvider::outputStatus(ostream& os) const
{
- for (vector<MetadataProvider*>::const_iterator i=m_providers.begin(); i!=m_providers.end(); ++i) {
- (*i)->outputStatus(os);
- }
+ for_each(m_providers.begin(), m_providers.end(), boost::bind(&MetadataProvider::outputStatus, _1, boost::ref(os)));
}
Lockable* ChainingMetadataProvider::lock()
void* ptr=m_tlsKey->getData();
if (ptr) {
tracker_t* t = reinterpret_cast<tracker_t*>(ptr);
- for_each(t->m_locked.begin(), t->m_locked.end(), mem_fun<void,Lockable>(&Lockable::unlock));
+ for_each(t->m_locked.begin(), t->m_locked.end(), mem_fun(&Lockable::unlock));
t->m_locked.clear();
t->m_objectMap.clear();
}
MetadataProvider* held = nullptr;
const EntitiesDescriptor* ret = nullptr;
const EntitiesDescriptor* cur = nullptr;
- for (vector<MetadataProvider*>::const_iterator i=m_providers.begin(); i!=m_providers.end(); ++i) {
- tracker->lock_if(*i);
- if (cur=(*i)->getEntitiesDescriptor(name,requireValidMetadata)) {
+ for (ptr_vector<MetadataProvider>::iterator i = m_providers.begin(); i != m_providers.end(); ++i) {
+ tracker->lock_if(&(*i));
+ if (cur=i->getEntitiesDescriptor(name,requireValidMetadata)) {
// Are we using a first match policy?
if (m_firstMatch) {
// Save locked provider.
- tracker->remember(*i);
+ tracker->remember(&(*i));
return cur;
}
}
// Save off the latest match.
- held = *i;
+ held = &(*i);
ret = cur;
}
else {
// No match, so just unlock this one and move on.
- tracker->unlock_if(*i);
+ tracker->unlock_if(&(*i));
}
}
MetadataProvider* held = nullptr;
pair<const EntityDescriptor*,const RoleDescriptor*> ret = pair<const EntityDescriptor*,const RoleDescriptor*>(nullptr,nullptr);
pair<const EntityDescriptor*,const RoleDescriptor*> cur = ret;
- for (vector<MetadataProvider*>::const_iterator i=m_providers.begin(); i!=m_providers.end(); ++i) {
- tracker->lock_if(*i);
- cur = (*i)->getEntityDescriptor(criteria);
+ for (ptr_vector<MetadataProvider>::iterator i = m_providers.begin(); i != m_providers.end(); ++i) {
+ tracker->lock_if(&(*i));
+ cur = i->getEntityDescriptor(criteria);
if (cur.first) {
if (criteria.role) {
// We want a role also. Did we find one?
if (held)
tracker->unlock_if(held);
// Save locked provider and role mapping.
- tracker->remember(*i, cur.first);
+ tracker->remember(&(*i), cur.first);
return cur;
}
}
// Save off the latest match.
- held = *i;
+ held = &(*i);
ret = cur;
}
else {
// but save this one if we didn't have the role yet.
if (ret.second) {
// We already had a role, so let's stick with that.
- tracker->unlock_if(*i);
+ tracker->unlock_if(&(*i));
}
else {
// This is at least as good, so toss anything we had and keep it.
if (held)
tracker->unlock_if(held);
- held = *i;
+ held = &(*i);
ret = cur;
}
}
tracker->unlock_if(held);
// Save locked provider.
- tracker->remember(*i, cur.first);
+ tracker->remember(&(*i), cur.first);
return cur;
}
}
// Save off the latest match.
- held = *i;
+ held = &(*i);
ret = cur;
}
}
else {
// No match, so just unlock this one and move on.
- tracker->unlock_if(*i);
+ tracker->unlock_if(&(*i));
}
}
#include <fstream>
#include <sstream>
+#include <boost/bind.hpp>
+#include <boost/iterator/indirect_iterator.hpp>
#include <xmltooling/logging.h>
#include <xmltooling/XMLToolingConfig.h>
using namespace opensaml::saml2md;
using namespace xmltooling;
+using namespace boost;
using namespace std;
DiscoverableMetadataProvider::DiscoverableMetadataProvider(const DOMElement* e) : MetadataProvider(e), m_legacyOrgNames(false)
m_feed.erase();
bool first = true;
const XMLObject* object = getMetadata();
- disco(m_feed, dynamic_cast<const EntitiesDescriptor*>(object), first);
- disco(m_feed, dynamic_cast<const EntityDescriptor*>(object), first);
+ discoGroup(m_feed, dynamic_cast<const EntitiesDescriptor*>(object), first);
+ discoEntity(m_feed, dynamic_cast<const EntityDescriptor*>(object), first);
SAMLConfig::getConfig().generateRandomBytes(m_feedTag, 4);
m_feedTag = SAMLArtifact::toHex(m_feedTag);
return s;
}
-void DiscoverableMetadataProvider::disco(string& s, const EntityDescriptor* entity, bool& first) const
+void DiscoverableMetadataProvider::discoEntity(string& s, const EntityDescriptor* entity, bool& first) const
{
time_t now = time(nullptr);
if (entity && entity->isValid(now)) {
json_safe(s, entityid.get());
s += '\"';
bool extFound = false;
- for (vector<IDPSSODescriptor*>::const_iterator idp = idps.begin(); !extFound && idp != idps.end(); ++idp) {
- if ((*idp)->isValid(now) && (*idp)->getExtensions()) {
- const vector<XMLObject*>& exts = const_cast<const Extensions*>((*idp)->getExtensions())->getUnknownXMLObjects();
+ for (indirect_iterator<vector<IDPSSODescriptor*>::const_iterator> idp = make_indirect_iterator(idps.begin());
+ !extFound && idp != make_indirect_iterator(idps.end()); ++idp) {
+ if (idp->isValid(now) && idp->getExtensions()) {
+ const vector<XMLObject*>& exts = const_cast<const Extensions*>(idp->getExtensions())->getUnknownXMLObjects();
for (vector<XMLObject*>::const_iterator ext = exts.begin(); !extFound && ext != exts.end(); ++ext) {
const UIInfo* info = dynamic_cast<UIInfo*>(*ext);
if (info) {
const vector<DisplayName*>& dispnames = info->getDisplayNames();
if (!dispnames.empty()) {
s += ",\n \"DisplayNames\": [";
- for (vector<DisplayName*>::const_iterator dispname = dispnames.begin(); dispname != dispnames.end(); ++dispname) {
- if (dispname != dispnames.begin())
+ for (indirect_iterator<vector<DisplayName*>::const_iterator> dispname = make_indirect_iterator(dispnames.begin());
+ dispname != make_indirect_iterator(dispnames.end()); ++dispname) {
+ if (dispname.base() != dispnames.begin())
s += ',';
- auto_arrayptr<char> val(toUTF8((*dispname)->getName()));
- auto_ptr_char lang((*dispname)->getLang());
+ auto_arrayptr<char> val(toUTF8(dispname->getName()));
+ auto_ptr_char lang(dispname->getLang());
s += "\n {\n \"value\": \"";
json_safe(s, val.get());
s += "\",\n \"lang\": \"";
const vector<Description*>& descs = info->getDescriptions();
if (!descs.empty()) {
s += ",\n \"Descriptions\": [";
- for (vector<Description*>::const_iterator desc = descs.begin(); desc != descs.end(); ++desc) {
- if (desc != descs.begin())
+ for (indirect_iterator<vector<Description*>::const_iterator> desc = make_indirect_iterator(descs.begin());
+ desc != make_indirect_iterator(descs.end()); ++desc) {
+ if (desc.base() != descs.begin())
s += ',';
- auto_arrayptr<char> val(toUTF8((*desc)->getDescription()));
- auto_ptr_char lang((*desc)->getLang());
+ auto_arrayptr<char> val(toUTF8(desc->getDescription()));
+ auto_ptr_char lang(desc->getLang());
s += "\n {\n \"value\": \"";
json_safe(s, val.get());
s += "\",\n \"lang\": \"";
const vector<Keywords*>& keywords = info->getKeywordss();
if (!keywords.empty()) {
s += ",\n \"Keywords\": [";
- for (vector<Keywords*>::const_iterator words = keywords.begin(); words != keywords.end(); ++words) {
- if (words != keywords.begin())
+ for (indirect_iterator<vector<Keywords*>::const_iterator> words = make_indirect_iterator(keywords.begin());
+ words != make_indirect_iterator(keywords.end()); ++words) {
+ if (words.base() != keywords.begin())
s += ',';
- auto_arrayptr<char> val(toUTF8((*words)->getValues()));
- auto_ptr_char lang((*words)->getLang());
+ auto_arrayptr<char> val(toUTF8(words->getValues()));
+ auto_ptr_char lang(words->getLang());
s += "\n {\n \"value\": \"";
json_safe(s, val.get());
s += "\",\n \"lang\": \"";
const vector<InformationURL*>& infurls = info->getInformationURLs();
if (!infurls.empty()) {
s += ",\n \"InformationURLs\": [";
- for (vector<InformationURL*>::const_iterator infurl = infurls.begin(); infurl != infurls.end(); ++infurl) {
- if (infurl != infurls.begin())
+ for (indirect_iterator<vector<InformationURL*>::const_iterator> infurl = make_indirect_iterator(infurls.begin());
+ infurl != make_indirect_iterator(infurls.end()); ++infurl) {
+ if (infurl.base() != infurls.begin())
s += ',';
- auto_ptr_char val((*infurl)->getURL());
- auto_ptr_char lang((*infurl)->getLang());
+ auto_ptr_char val(infurl->getURL());
+ auto_ptr_char lang(infurl->getLang());
s += "\n {\n \"value\": \"";
json_safe(s, val.get());
s += "\",\n \"lang\": \"";
const vector<PrivacyStatementURL*>& privs = info->getPrivacyStatementURLs();
if (!privs.empty()) {
s += ",\n \"PrivacyStatementURLs\": [";
- for (vector<PrivacyStatementURL*>::const_iterator priv = privs.begin(); priv != privs.end(); ++priv) {
- if (priv != privs.begin())
+ for (indirect_iterator<vector<PrivacyStatementURL*>::const_iterator> priv = make_indirect_iterator(privs.begin());
+ priv != make_indirect_iterator(privs.end()); ++priv) {
+ if (priv.base() != privs.begin())
s += ',';
- auto_ptr_char val((*priv)->getURL());
- auto_ptr_char lang((*priv)->getLang());
+ auto_ptr_char val(priv->getURL());
+ auto_ptr_char lang(priv->getLang());
s += "\n {\n \"value\": \"";
json_safe(s, val.get());
s += "\",\n \"lang\": \"";
const vector<Logo*>& logos = info->getLogos();
if (!logos.empty()) {
s += ",\n \"Logos\": [";
- for (vector<Logo*>::const_iterator logo = logos.begin(); logo != logos.end(); ++logo) {
- if (logo != logos.begin())
+ for (indirect_iterator<vector<Logo*>::const_iterator> logo = make_indirect_iterator(logos.begin());
+ logo != make_indirect_iterator(logos.end()); ++logo) {
+ if (logo.base() != logos.begin())
s += ',';
s += "\n {\n";
- auto_ptr_char val((*logo)->getURL());
+ auto_ptr_char val(logo->getURL());
s += " \"value\": \"";
json_safe(s, val.get());
ostringstream ht;
- ht << (*logo)->getHeight().second;
+ ht << logo->getHeight().second;
s += "\",\n \"height\": \"";
s += ht.str();
ostringstream wt;
- wt << (*logo)->getWidth().second;
+ wt << logo->getWidth().second;
s += "\",\n \"width\": \"";
s += wt.str();
s += '\"';
- if ((*logo)->getLang()) {
- auto_ptr_char lang((*logo)->getLang());
+ if (logo->getLang()) {
+ auto_ptr_char lang(logo->getLang());
s += ",\n \"lang\": \"";
s += lang.get();
s += '\"';
if (m_legacyOrgNames && !extFound) {
const Organization* org = nullptr;
- for (vector<IDPSSODescriptor*>::const_iterator idp = idps.begin(); !org && idp != idps.end(); ++idp) {
- if ((*idp)->isValid(now))
- org = (*idp)->getOrganization();
+ for (indirect_iterator<vector<IDPSSODescriptor*>::const_iterator> idp = make_indirect_iterator(idps.begin());
+ !org && idp != make_indirect_iterator(idps.end()); ++idp) {
+ if (idp->isValid(now))
+ org = idp->getOrganization();
}
if (!org)
org = entity->getOrganization();
const vector<OrganizationDisplayName*>& odns = org->getOrganizationDisplayNames();
if (!odns.empty()) {
s += ",\n \"DisplayNames\": [";
- for (vector<OrganizationDisplayName*>::const_iterator dispname = odns.begin(); dispname != odns.end(); ++dispname) {
- if (dispname != odns.begin())
+ for (indirect_iterator<vector<OrganizationDisplayName*>::const_iterator> dispname = make_indirect_iterator(odns.begin());
+ dispname != make_indirect_iterator(odns.end()); ++dispname) {
+ if (dispname.base() != odns.begin())
s += ',';
- auto_arrayptr<char> val(toUTF8((*dispname)->getName()));
- auto_ptr_char lang((*dispname)->getLang());
+ auto_arrayptr<char> val(toUTF8(dispname->getName()));
+ auto_ptr_char lang(dispname->getLang());
s += "\n {\n \"value\": \"";
json_safe(s, val.get());
s += "\",\n \"lang\": \"";
}
}
-void DiscoverableMetadataProvider::disco(string& s, const EntitiesDescriptor* group, bool& first) const
+void DiscoverableMetadataProvider::discoGroup(string& s, const EntitiesDescriptor* group, bool& first) const
{
if (group) {
- const vector<EntitiesDescriptor*>& groups = group->getEntitiesDescriptors();
- for (vector<EntitiesDescriptor*>::const_iterator i = groups.begin(); i != groups.end(); ++i)
- disco(s, *i, first);
-
- const vector<EntityDescriptor*>& sites = group->getEntityDescriptors();
- for (vector<EntityDescriptor*>::const_iterator j = sites.begin(); j != sites.end(); ++j)
- disco(s, *j, first);
+ for_each(
+ group->getEntitiesDescriptors().begin(), group->getEntitiesDescriptors().end(),
+ boost::bind(&DiscoverableMetadataProvider::discoGroup, boost::ref(this), boost::ref(s), _1, boost::ref(first))
+ );
+ for_each(
+ group->getEntityDescriptors().begin(), group->getEntityDescriptors().end(),
+ boost::bind(&DiscoverableMetadataProvider::discoEntity, boost::ref(this), boost::ref(s), _1, boost::ref(first))
+ );
}
}
#include "saml2/metadata/Metadata.h"
#include "saml2/metadata/MetadataFilter.h"
+#include <boost/bind.hpp>
+#include <boost/iterator/indirect_iterator.hpp>
#include <xmltooling/logging.h>
#include <xmltooling/util/NDC.h>
using namespace opensaml::saml2md;
using namespace xmltooling::logging;
using namespace xmltooling;
+using namespace boost;
using namespace std;
namespace opensaml {
e = XMLHelper::getFirstChildElement(e);
while (e) {
if (XMLString::equals(e->getLocalName(), Include) && e->hasChildNodes()) {
- m_set.insert(e->getFirstChild()->getNodeValue());
+ m_set.insert(e->getFirstChild()->getTextContent());
}
e = XMLHelper::getNextSiblingElement(e);
}
doFilter(dynamic_cast<EntitiesDescriptor&>(xmlObject));
return;
}
- catch (bad_cast) {
+ catch (bad_cast&) {
}
try {
throw MetadataFilterException("WhitelistMetadataFilter instructed to filter the root/only entity in the metadata.");
return;
}
- catch (bad_cast) {
+ catch (bad_cast&) {
}
throw MetadataFilterException("WhitelistMetadataFilter was given an improper metadata instance to filter.");
}
const vector<EntitiesDescriptor*>& groups=const_cast<const EntitiesDescriptor&>(entities).getEntitiesDescriptors();
- for (vector<EntitiesDescriptor*>::const_iterator j=groups.begin(); j!=groups.end(); j++)
- doFilter(*(*j));
+ for_each(
+ make_indirect_iterator(groups.begin()), make_indirect_iterator(groups.end()),
+ boost::bind(
+ static_cast<void (WhitelistMetadataFilter::*)(EntitiesDescriptor&) const>(&WhitelistMetadataFilter::doFilter), boost::ref(this), _1
+ )
+ );
}
#include "saml2/core/Assertions.h"
#include "saml2/profile/AssertionValidator.h"
+#include <boost/bind.hpp>
#include <xmltooling/logging.h>
#include <xmltooling/XMLToolingConfig.h>
#include <xmltooling/util/NDC.h>
using namespace opensaml::saml2;
using namespace xmltooling::logging;
using namespace xmltooling;
+using namespace boost;
using namespace std;
AssertionValidator::AssertionValidator(const XMLCh* recipient, const vector<const XMLCh*>* audiences, time_t ts)
// Now we process conditions, starting with the known types and then extensions.
const vector<AudienceRestriction*>& acvec = conds->getAudienceRestrictions();
- for (vector<AudienceRestriction*>::const_iterator ac = acvec.begin(); ac!=acvec.end(); ++ac)
- validateCondition(*ac);
+ for_each(acvec.begin(), acvec.end(), boost::bind(&AssertionValidator::validateCondition, this, _1));
const vector<OneTimeUse*>& dncvec = conds->getOneTimeUses();
- for (vector<OneTimeUse*>::const_iterator dnc = dncvec.begin(); dnc!=dncvec.end(); ++dnc)
- validateCondition(*dnc);
+ for_each(dncvec.begin(), dncvec.end(), boost::bind(&AssertionValidator::validateCondition, this, _1));
const vector<Condition*>& convec = conds->getConditions();
- for (vector<Condition*>::const_iterator c = convec.begin(); c!=convec.end(); ++c)
- validateCondition(*c);
+ for_each(convec.begin(), convec.end(), boost::bind(&AssertionValidator::validateCondition, this, _1));
}
void AssertionValidator::validateCondition(const Condition* c) const
#include "util/SAMLConstants.h"
#include <ctime>
+#include <boost/ptr_container/ptr_vector.hpp>
#include <xercesc/util/XMLUniDefs.hpp>
#include <xmltooling/logging.h>
#include <xmltooling/XMLToolingConfig.h>
using namespace opensaml;
using namespace xmltooling::logging;
using namespace xmltooling;
+using namespace boost;
using namespace std;
namespace opensaml {
DelegationRestrictionRule(const DOMElement* e);
virtual ~DelegationRestrictionRule() {
- for_each(m_delegates.begin(), m_delegates.end(), xmltooling::cleanup<Delegate>());
}
const char* getType() const {
return DELEGATION_POLICY_RULE;
bool evaluate(const XMLObject& message, const GenericRequest* request, SecurityPolicy& policy) const;
private:
- vector<Delegate*> m_delegates;
+ ptr_vector<Delegate> m_delegates;
enum {
MATCH_ANY,
MATCH_NEWEST,
_isSameDelegate(const Delegate* d) : m_operand(d) {}
// d1 is the input from the message, d2 is from the policy
- bool operator()(const Delegate* d1, const Delegate* d2) const {
+ bool operator()(const Delegate* d1, const Delegate& d2) const {
if (!d1->getNameID()) {
Category::getInstance(SAML_LOGCAT".SecurityPolicyRule.DelegationRestriction").error(
"rule doesn't support evaluation of BaseID or EncryptedID in a Delegate"
);
return false;
}
- if (!d2->getConfirmationMethod() || XMLString::equals(d1->getConfirmationMethod(), d2->getConfirmationMethod())) {
- return matches(d1->getNameID(), d2->getNameID());
+ if (!d2.getConfirmationMethod() || XMLString::equals(d1->getConfirmationMethod(), d2.getConfirmationMethod())) {
+ return matches(d1->getNameID(), d2.getNameID());
}
return false;
}
// d is from the policy
- bool operator()(const Delegate* d) const {
+ bool operator()(const Delegate& d) const {
return this->operator()(m_operand, d);
}
};
else if (m && *m && !XMLString::equals(m, any))
throw SecurityPolicyException("Invalid value for \"match\" attribute in Delegation rule.");
- try {
- DOMElement* d = XMLHelper::getFirstChildElement(e, samlconstants::SAML20_DELEGATION_CONDITION_NS, Delegate::LOCAL_NAME);
- while (d) {
- auto_ptr<XMLObject> wrapper(XMLObjectBuilder::buildOneFromElement(d));
- Delegate* down = dynamic_cast<Delegate*>(wrapper.get());
- if (down) {
- m_delegates.push_back(down);
- wrapper.release();
- }
- d = XMLHelper::getNextSiblingElement(d, samlconstants::SAML20_DELEGATION_CONDITION_NS, Delegate::LOCAL_NAME);
+ DOMElement* d = XMLHelper::getFirstChildElement(e, samlconstants::SAML20_DELEGATION_CONDITION_NS, Delegate::LOCAL_NAME);
+ while (d) {
+ auto_ptr<XMLObject> wrapper(XMLObjectBuilder::buildOneFromElement(d));
+ Delegate* down = dynamic_cast<Delegate*>(wrapper.get());
+ if (down) {
+ m_delegates.push_back(down);
+ wrapper.release();
}
- }
- catch (exception&) {
- for_each(m_delegates.begin(), m_delegates.end(), xmltooling::cleanup<Delegate>());
- throw;
+ d = XMLHelper::getNextSiblingElement(d, samlconstants::SAML20_DELEGATION_CONDITION_NS, Delegate::LOCAL_NAME);
}
}
}
SAML2AssertionPolicy::SAML2AssertionPolicy(
const MetadataProvider* metadataProvider, const xmltooling::QName* role, const TrustEngine* trustEngine, bool validate
- ) : SecurityPolicy(metadataProvider, role, trustEngine, validate)
+ ) : SecurityPolicy(metadataProvider, role, trustEngine, validate), m_confirmation(nullptr)
{
}
void SAML2AssertionPolicy::_reset(bool messageOnly)
{
- m_confirmation = false;
+ m_confirmation = nullptr;
}
const SubjectConfirmation* SAML2AssertionPolicy::getSubjectConfirmation() const