From: Scott Cantor <cantor.2@osu.edu>
Date: Mon, 23 Apr 2007 18:03:18 +0000 (+0000)
Subject: Move credential/criteria matching to criteria classes.
X-Git-Tag: 2.0-alpha1~44
X-Git-Url: http://www.project-moonshot.org/gitweb/?p=shibboleth%2Fcpp-opensaml.git;a=commitdiff_plain;h=8609db5e5b7aac2ce75fc2fe5fbee8b31a311735

Move credential/criteria matching to criteria classes.
---

diff --git a/saml/saml2/metadata/AbstractMetadataProvider.h b/saml/saml2/metadata/AbstractMetadataProvider.h
index 5373048..c905e59 100644
--- a/saml/saml2/metadata/AbstractMetadataProvider.h
+++ b/saml/saml2/metadata/AbstractMetadataProvider.h
@@ -96,17 +96,6 @@ namespace opensaml {
              */
             virtual void clearDescriptorIndex();
 
-            /**
-             * Returns true iff the Credential matches the criteria supplied, if any.
-             *
-             * @param cred      Credential plus KeyDescriptor usage information
-             * @param criteria  criteria for Credential selection
-             * @return  true iff the Credential applies
-             */
-            virtual bool matches(
-                const std::pair<const XMLCh*,xmltooling::Credential*>& cred, const xmltooling::CredentialCriteria* criteria
-                ) const;
-        
         private:
             typedef std::multimap<std::string,const EntityDescriptor*> sitemap_t;
             typedef std::multimap<std::string,const EntitiesDescriptor*> groupmap_t;
@@ -115,7 +104,7 @@ namespace opensaml {
             groupmap_t m_groups;
 
             mutable xmltooling::Mutex* m_credentialLock;
-            typedef std::map<const RoleDescriptor*, std::vector< std::pair<const XMLCh*,xmltooling::Credential*> > > credmap_t;
+            typedef std::map< const RoleDescriptor*, std::vector<xmltooling::Credential*> > credmap_t;
             mutable credmap_t m_credentialMap;
             const credmap_t::mapped_type& resolveCredentials(const RoleDescriptor& role) const;
         };
diff --git a/saml/saml2/metadata/MetadataCredentialCriteria.h b/saml/saml2/metadata/MetadataCredentialCriteria.h
index ddc2146..7f8d77b 100644
--- a/saml/saml2/metadata/MetadataCredentialCriteria.h
+++ b/saml/saml2/metadata/MetadataCredentialCriteria.h
@@ -24,7 +24,7 @@
 #define __saml_metacrit_h__
 
 #include <saml/base.h>
-#include <saml/saml2/metadata/Metadata.h>
+#include <saml/saml2/metadata/MetadataCredentialContext.h>
 #include <xmltooling/security/CredentialCriteria.h>
 
 namespace opensaml {
@@ -60,6 +60,20 @@ namespace opensaml {
                 return m_role;
             }
 
+            bool matches(xmltooling::Credential& credential) const {
+                const MetadataCredentialContext* context = dynamic_cast<const MetadataCredentialContext*>(credential.getCredentalContext());
+                if (context) {
+                    // Check for a usage mismatch.
+                    if ((getUsage()==CredentialCriteria::SIGNING_CREDENTIAL || getUsage()==CredentialCriteria::TLS_CREDENTIAL) &&
+                            XMLString::equals(context->getKeyDescriptor().getUse(),KeyDescriptor::KEYTYPE_ENCRYPTION))
+                        return false;
+                    else if (getUsage()==CredentialCriteria::ENCRYPTION_CREDENTIAL &&
+                            XMLString::equals(context->getKeyDescriptor().getUse(),KeyDescriptor::KEYTYPE_SIGNING))
+                        return false;
+                }
+                return CredentialCriteria::matches(credential);
+            }
+
         private:
             const RoleDescriptor& m_role;
         };
diff --git a/saml/saml2/metadata/impl/AbstractMetadataProvider.cpp b/saml/saml2/metadata/impl/AbstractMetadataProvider.cpp
index 7036070..e8c7b96 100644
--- a/saml/saml2/metadata/impl/AbstractMetadataProvider.cpp
+++ b/saml/saml2/metadata/impl/AbstractMetadataProvider.cpp
@@ -56,7 +56,7 @@ AbstractMetadataProvider::AbstractMetadataProvider(const DOMElement* e)
 AbstractMetadataProvider::~AbstractMetadataProvider()
 {
     for (credmap_t::iterator c = m_credentialMap.begin(); c!=m_credentialMap.end(); ++c)
-        for_each(c->second.begin(), c->second.end(), cleanup_pair<const XMLCh*,Credential>());
+        for_each(c->second.begin(), c->second.end(), xmltooling::cleanup<Credential>());
     delete m_credentialLock;
     delete m_resolver;
 }
@@ -64,7 +64,7 @@ AbstractMetadataProvider::~AbstractMetadataProvider()
 void AbstractMetadataProvider::emitChangeEvent()
 {
     for (credmap_t::iterator c = m_credentialMap.begin(); c!=m_credentialMap.end(); ++c)
-        for_each(c->second.begin(), c->second.end(), cleanup_pair<const XMLCh*,Credential>());
+        for_each(c->second.begin(), c->second.end(), xmltooling::cleanup<Credential>());
     m_credentialMap.clear();
     ObservableMetadataProvider::emitChangeEvent();
 }
@@ -202,8 +202,8 @@ const Credential* AbstractMetadataProvider::resolve(const CredentialCriteria* cr
     const credmap_t::mapped_type& creds = resolveCredentials(metacrit->getRole());
 
     for (credmap_t::mapped_type::const_iterator c = creds.begin(); c!=creds.end(); ++c)
-        if (matches(*c,criteria))
-            return c->second;
+        if (metacrit->matches(*(*c)))
+            return *c;
     return NULL;
 }
 
@@ -219,8 +219,8 @@ vector<const Credential*>::size_type AbstractMetadataProvider::resolve(
     const credmap_t::mapped_type& creds = resolveCredentials(metacrit->getRole());
 
     for (credmap_t::mapped_type::const_iterator c = creds.begin(); c!=creds.end(); ++c)
-        if (matches(*c,criteria))
-            results.push_back(c->second);
+        if (metacrit->matches(*(*c)))
+            results.push_back(*c);
     return results.size();
 }
 
@@ -238,22 +238,8 @@ const AbstractMetadataProvider::credmap_t::mapped_type& AbstractMetadataProvider
             auto_ptr<MetadataCredentialContext> mcc(new MetadataCredentialContext(*(*k)));
             Credential* c = resolver->resolve(mcc.get());
             mcc.release();
-            resolved.push_back(make_pair((*k)->getUse(), c));
+            resolved.push_back(c);
         }
     }
     return resolved;
 }
-
-bool AbstractMetadataProvider::matches(const pair<const XMLCh*,Credential*>& cred, const CredentialCriteria* criteria) const
-{
-    if (criteria) {
-        // Check for a usage mismatch.
-        if ((criteria->getUsage()==CredentialCriteria::SIGNING_CREDENTIAL || criteria->getUsage()==CredentialCriteria::TLS_CREDENTIAL) &&
-                XMLString::equals(cred.first,KeyDescriptor::KEYTYPE_ENCRYPTION))
-            return false;
-        else if (criteria->getUsage()==CredentialCriteria::ENCRYPTION_CREDENTIAL && XMLString::equals(cred.first,KeyDescriptor::KEYTYPE_SIGNING))
-            return false;
-        return cred.second->matches(*criteria);
-    }
-    return true;
-}