Add context API to metadata filters.

diff --git a/saml/profile/impl/ConditionsRule.cpp b/saml/profile/impl/ConditionsRule.cpp
index 3c36517..a390c2c 100644 (file)
--- a/saml/profile/impl/ConditionsRule.cpp
+++ b/saml/profile/impl/ConditionsRule.cpp
@@ -99,7 +99,7 @@ ConditionsRule::ConditionsRule(const DOMElement* e) : m_doc(nullptr)
                 log.info("building SecurityPolicyRule of type %s", t.c_str());
                 m_rules.push_back(SAMLConfig::getConfig().SecurityPolicyRuleManager.newPlugin(t.c_str(), e));
             }
                 log.info("building SecurityPolicyRule of type %s", t.c_str());
                 m_rules.push_back(SAMLConfig::getConfig().SecurityPolicyRuleManager.newPlugin(t.c_str(), e));
             }

-            catch (exception& ex) {
+            catch (std::exception& ex) {

                 log.crit("error building SecurityPolicyRule: %s", ex.what());
             }
         }
                 log.crit("error building SecurityPolicyRule: %s", ex.what());
             }
         }

diff --git a/saml/saml2/metadata/MetadataFilter.h b/saml/saml2/metadata/MetadataFilter.h
index ed89cbb..641decb 100644 (file)
--- a/saml/saml2/metadata/MetadataFilter.h
+++ b/saml/saml2/metadata/MetadataFilter.h
@@ -33,6 +33,18 @@ namespace opensaml {
     namespace saml2md {
 
         /**
     namespace saml2md {
 
         /**

+         * Marker interface for supplying environmental context to filters.
+         */
+        class SAML_API MetadataFilterContext
+        {
+            MAKE_NONCOPYABLE(MetadataFilterContext);
+        protected:
+            MetadataFilterContext();
+        public:
+            virtual ~MetadataFilterContext();
+        };
+
+        /**

          * A metadata filter is used to process metadata after resolution and unmarshalling.
          *
          * Some filters might remove everything but identity provider roles, decreasing the data a service provider
          * A metadata filter is used to process metadata after resolution and unmarshalling.
          *
          * Some filters might remove everything but identity provider roles, decreasing the data a service provider


@@ -55,12 +67,22 @@ namespace opensaml {
             virtual const char* getId() const=0;
 
             /**
             virtual const char* getId() const=0;
 
             /**

+             * @deprecated
+             * Filters the given metadata. Exceptions should generally not be thrown to
+             * signal the removal of information, only for systemic processing failure.
+             *
+             * @param xmlObject the metadata to be filtered
+             */
+            virtual void doFilter(xmltooling::XMLObject& xmlObject) const;
+
+            /**

              * Filters the given metadata. Exceptions should generally not be thrown to
              * signal the removal of information, only for systemic processing failure.
              *
              * Filters the given metadata. Exceptions should generally not be thrown to
              * signal the removal of information, only for systemic processing failure.
              *

-             * @param xmlObject the metadata to be filtered.
+             * @param ctx       context interface, or nullptr
+             * @param xmlObject the metadata to be filtered

              */
              */

-            virtual void doFilter(xmltooling::XMLObject& xmlObject) const=0;
+            virtual void doFilter(MetadataFilterContext* ctx, xmltooling::XMLObject& xmlObject) const;

         };
 
         /**
         };
 
         /**


@@ -69,22 +91,22 @@ namespace opensaml {
         void SAML_API registerMetadataFilters();
 
         /** MetadataFilter that deletes blacklisted entities. */
         void SAML_API registerMetadataFilters();
 
         /** MetadataFilter that deletes blacklisted entities. */

-        #define BLACKLIST_METADATA_FILTER  "Blacklist"
+        #define BLACKLIST_METADATA_FILTER           "Blacklist"

 
         /** MetadataFilter that deletes all but whitelisted entities. */
 
         /** MetadataFilter that deletes all but whitelisted entities. */

-        #define WHITELIST_METADATA_FILTER  "Whitelist"
+        #define WHITELIST_METADATA_FILTER           "Whitelist"

 
         /** MetadataFilter that verifies signatures and filters out any that don't pass. */
 
         /** MetadataFilter that verifies signatures and filters out any that don't pass. */

-        #define SIGNATURE_METADATA_FILTER  "Signature"
+        #define SIGNATURE_METADATA_FILTER           "Signature"

 
         /** MetadataFilter that enforces expiration requirements. */
 
         /** MetadataFilter that enforces expiration requirements. */

-        #define REQUIREVALIDUNTIL_METADATA_FILTER  "RequireValidUntil"
+        #define REQUIREVALIDUNTIL_METADATA_FILTER   "RequireValidUntil"

 
         /** MetadataFilter that removes non-retained roles. */
 
         /** MetadataFilter that removes non-retained roles. */

-        #define ENTITYROLE_METADATA_FILTER  "EntityRoleWhiteList"
+        #define ENTITYROLE_METADATA_FILTER          "EntityRoleWhiteList"

 
         /** MetadataFilter that adds EntityAttributes extension. */
 
         /** MetadataFilter that adds EntityAttributes extension. */

-        #define ENTITYATTR_METADATA_FILTER "EntityAttributes"
+        #define ENTITYATTR_METADATA_FILTER          "EntityAttributes"

 
         DECL_XMLTOOLING_EXCEPTION(MetadataFilterException,SAML_EXCEPTIONAPI(SAML_API),opensaml::saml2md,MetadataException,Exceptions related to metadata filtering);
     };
 
         DECL_XMLTOOLING_EXCEPTION(MetadataFilterException,SAML_EXCEPTIONAPI(SAML_API),opensaml::saml2md,MetadataException,Exceptions related to metadata filtering);
     };

diff --git a/saml/saml2/metadata/MetadataProvider.h b/saml/saml2/metadata/MetadataProvider.h
index 05d2493..eea4120 100644 (file)
--- a/saml/saml2/metadata/MetadataProvider.h
+++ b/saml/saml2/metadata/MetadataProvider.h
@@ -31,6 +31,7 @@
 
 #include <vector>
 #include <iostream>
 
 #include <vector>
 #include <iostream>

+#include <boost/shared_ptr.hpp>

 #include <boost/ptr_container/ptr_vector.hpp>
 #include <xmltooling/exceptions.h>
 #include <xmltooling/security/CredentialResolver.h>
 #include <boost/ptr_container/ptr_vector.hpp>
 #include <xmltooling/exceptions.h>
 #include <xmltooling/security/CredentialResolver.h>


@@ -51,6 +52,7 @@ namespace opensaml {
         class SAML_API RoleDescriptor;
         class SAML_API MetadataCredentialResolver;
         class SAML_API MetadataFilter;
         class SAML_API RoleDescriptor;
         class SAML_API MetadataCredentialResolver;
         class SAML_API MetadataFilter;

+        class SAML_API MetadataFilterContext;

 
 #if defined (_MSC_VER)
         #pragma warning( push )
 
 #if defined (_MSC_VER)
         #pragma warning( push )


@@ -121,6 +123,15 @@ namespace opensaml {
             virtual MetadataFilter* removeMetadataFilter(MetadataFilter* oldFilter);
 
             /**
             virtual MetadataFilter* removeMetadataFilter(MetadataFilter* oldFilter);
 
             /**

+             * Sets a filtering context object for use by the filtering process.
+             * <p>The MetadataProvider takes ownership of the object. Any existing
+             * object is cleared.
+             *
+             * @param ctx   a context object
+             */
+            void setContext(MetadataFilterContext* ctx);
+
+            /**

              * Should be called after instantiating provider and adding filters, but before
              * performing any lookup operations. Allows the provider to defer initialization
              * processes that are likely to result in exceptions until after the provider is
              * Should be called after instantiating provider and adding filters, but before
              * performing any lookup operations. Allows the provider to defer initialization
              * processes that are likely to result in exceptions until after the provider is


@@ -251,6 +262,7 @@ namespace opensaml {
             void doFilters(xmltooling::XMLObject& xmlObject) const;
 
         private:
             void doFilters(xmltooling::XMLObject& xmlObject) const;
 
         private:

+            boost::shared_ptr<MetadataFilterContext> m_filterContext;

             boost::ptr_vector<MetadataFilter> m_filters;
         };
 
             boost::ptr_vector<MetadataFilter> m_filters;
         };
 

diff --git a/saml/saml2/metadata/impl/MetadataProvider.cpp b/saml/saml2/metadata/impl/MetadataProvider.cpp
index f7b98d0..98acde7 100644 (file)
--- a/saml/saml2/metadata/impl/MetadataProvider.cpp
+++ b/saml/saml2/metadata/impl/MetadataProvider.cpp
@@ -107,7 +107,12 @@ MetadataProvider::MetadataProvider(const DOMElement* e)
                 string t = XMLHelper::getAttrString(child, nullptr, _type);
                 if (!t.empty()) {
                     log.info("building MetadataFilter of type %s", t.c_str());
                 string t = XMLHelper::getAttrString(child, nullptr, _type);
                 if (!t.empty()) {
                     log.info("building MetadataFilter of type %s", t.c_str());

-                    m_filters.push_back(conf.MetadataFilterManager.newPlugin(t.c_str(), child));
+                    auto_ptr<MetadataFilter> np(conf.MetadataFilterManager.newPlugin(t.c_str(), child));
+                    m_filters.push_back(np.get());
+                    np.release();
+                }
+                else {
+                    log.error("MetadataFilter element missing type attribute.");

                 }
             }
             else if (XMLString::equals(child->getLocalName(), SigFilter)) {
                 }
             }
             else if (XMLString::equals(child->getLocalName(), SigFilter)) {


@@ -162,15 +167,17 @@ MetadataFilter* MetadataProvider::removeMetadataFilter(MetadataFilter* oldFilter
     return nullptr;
 }
 
     return nullptr;
 }
 

+void MetadataProvider::setContext(MetadataFilterContext* ctx)
+{
+    m_filterContext.reset(ctx);
+}
+

 void MetadataProvider::doFilters(XMLObject& xmlObject) const
 {
 void MetadataProvider::doFilters(XMLObject& xmlObject) const
 {

-#ifdef _DEBUG
-    NDC ndc("doFilters");
-#endif
-    Category& log=Category::getInstance(SAML_LOGCAT".Metadata");
+    Category& log = Category::getInstance(SAML_LOGCAT".Metadata");

     for (ptr_vector<MetadataFilter>::const_iterator i = m_filters.begin(); i != m_filters.end(); i++) {
         log.info("applying metadata filter (%s)", i->getId());
     for (ptr_vector<MetadataFilter>::const_iterator i = m_filters.begin(); i != m_filters.end(); i++) {
         log.info("applying metadata filter (%s)", i->getId());

-        i->doFilter(xmlObject);
+        i->doFilter(m_filterContext.get(), xmlObject);

     }
 }
 
     }
 }
 


@@ -226,3 +233,22 @@ MetadataFilter::MetadataFilter()
 MetadataFilter::~MetadataFilter()
 {
 }
 MetadataFilter::~MetadataFilter()
 {
 }

+
+void MetadataFilter::doFilter(MetadataFilterContext* ctx, xmltooling::XMLObject& xmlObject) const
+{
+    // Default call into deprecated method.
+    doFilter(xmlObject);
+}
+
+void MetadataFilter::doFilter(xmltooling::XMLObject& xmlObject) const
+{
+    // Empty default for deprecated method.
+}
+
+MetadataFilterContext::MetadataFilterContext()
+{
+}
+
+MetadataFilterContext::~MetadataFilterContext()
+{
+}