From: Scott Cantor Date: Mon, 14 Jul 2008 03:23:35 +0000 (+0000) Subject: Disallow metadata that's statically invalid at the time of load. X-Git-Tag: 2.1.0~7 X-Git-Url: http://www.project-moonshot.org/gitweb/?p=shibboleth%2Fcpp-opensaml.git;a=commitdiff_plain;h=54defb705dea8ca076f36cf6b747977ed0a48453;hp=4f13d41e6fb5c89be08b56afd964c9972f234b36 Disallow metadata that's statically invalid at the time of load. --- diff --git a/saml/saml2/metadata/impl/DynamicMetadataProvider.cpp b/saml/saml2/metadata/impl/DynamicMetadataProvider.cpp index 2db9a48..b7b53f1 100644 --- a/saml/saml2/metadata/impl/DynamicMetadataProvider.cpp +++ b/saml/saml2/metadata/impl/DynamicMetadataProvider.cpp @@ -114,20 +114,12 @@ pair DynamicMetadataProvider::get // Filter it, which may throw. doFilters(*entity2.get()); - log.info("caching resolved metadata for (%s)", name.c_str()); + time_t now = time(NULL); - // Translate cacheDuration into validUntil. - time_t exp = m_maxCacheDuration; - if (entity2->getCacheDuration()) - exp = min(m_maxCacheDuration, entity2->getCacheDurationEpoch()); - exp += time(NULL); - if (entity2->getValidUntil()) { - if (exp < entity2->getValidUntilEpoch()) - entity2->setValidUntil(exp); - } - else { - entity2->setValidUntil(exp); - } + if (entity2->getValidUntil() && entity2->getValidUntilEpoch() < now + 60) + throw MetadataException("Metadata was already invalid at the time of retrieval."); + + log.info("caching resolved metadata for (%s)", name.c_str()); // Upgrade our lock so we can cache the new metadata. m_lock->unlock(); @@ -137,7 +129,11 @@ pair DynamicMetadataProvider::get emitChangeEvent(); // Make sure we clear out any existing copies, including stale metadata or if somebody snuck in. - index(entity2.release(), SAMLTIME_MAX, true); + time_t exp = m_maxCacheDuration; + if (entity2->getCacheDuration()) + exp = min(m_maxCacheDuration, entity2->getCacheDurationEpoch()); + exp += now; + index(entity2.release(), exp, true); // Downgrade back to a read lock. m_lock->unlock();