From: Scott Cantor Date: Wed, 14 Dec 2011 09:24:33 +0000 (+0000) Subject: Boost changes X-Git-Tag: 2.5.0~57 X-Git-Url: http://www.project-moonshot.org/gitweb/?p=shibboleth%2Fcpp-opensaml.git;a=commitdiff_plain;h=b200befa360fe74b3b8865a654f54a6647723755 Boost changes --- diff --git a/saml/saml1/binding/impl/SAML1ArtifactDecoder.cpp b/saml/saml1/binding/impl/SAML1ArtifactDecoder.cpp index 0927174..6706a62 100644 --- a/saml/saml1/binding/impl/SAML1ArtifactDecoder.cpp +++ b/saml/saml1/binding/impl/SAML1ArtifactDecoder.cpp @@ -33,6 +33,7 @@ #include "saml2/metadata/Metadata.h" #include "saml2/metadata/MetadataProvider.h" +#include #include #include #include @@ -45,6 +46,7 @@ using namespace opensaml; using namespace xmltooling::logging; using namespace xmltooling; using namespace std; +using boost::ptr_vector; namespace opensaml { namespace saml1p { @@ -93,7 +95,8 @@ XMLObject* SAML1ArtifactDecoder::decode( throw BindingException("Artifact profile requires ArtifactResolver and MetadataProvider implementations be supplied."); // Import the artifacts. - vector artifacts; + vector artifactptrs; // needed for compatibility with non-Boost API in ArtifactResolver + ptr_vector artifacts; for (vector::const_iterator raw=SAMLart.begin(); raw!=SAMLart.end(); ++raw) { try { log.debug("processing encoded artifact (%s)", *raw); @@ -110,21 +113,17 @@ XMLObject* SAML1ArtifactDecoder::decode( log.warn("replay cache was not provided, this is a serious security risk!"); artifacts.push_back(SAMLArtifact::parse(*raw)); + artifactptrs.push_back(&(artifacts.back())); } catch (ArtifactException&) { log.error("error parsing artifact (%s)", *raw); - for_each(artifacts.begin(), artifacts.end(), xmltooling::cleanup()); - throw; - } - catch (XMLToolingException&) { - for_each(artifacts.begin(), artifacts.end(), xmltooling::cleanup()); throw; } } log.debug("attempting to determine source of artifact(s)..."); MetadataProvider::Criteria& mc = policy.getMetadataProviderCriteria(); - mc.artifact = artifacts.front(); + mc.artifact = &(artifacts.front()); mc.role = policy.getRole(); mc.protocol = samlconstants::SAML11_PROTOCOL_ENUM; mc.protocol2 = samlconstants::SAML10_PROTOCOL_ENUM; @@ -132,9 +131,8 @@ XMLObject* SAML1ArtifactDecoder::decode( if (!provider.first) { log.error( "metadata lookup failed, unable to determine issuer of artifact (0x%s)", - SAMLArtifact::toHex(artifacts.front()->getBytes()).c_str() + SAMLArtifact::toHex(artifacts.front().getBytes()).c_str() ); - for_each(artifacts.begin(), artifacts.end(), xmltooling::cleanup()); throw BindingException("Metadata lookup failed, unable to determine artifact issuer"); } @@ -145,26 +143,18 @@ XMLObject* SAML1ArtifactDecoder::decode( if (!provider.second || !dynamic_cast(provider.second)) { log.error("unable to find compatible SAML 1.x role (%s) in metadata", policy.getRole()->toString().c_str()); - for_each(artifacts.begin(), artifacts.end(), xmltooling::cleanup()); throw BindingException("Unable to find compatible metadata role for artifact issuer."); } // Set Issuer for the policy. policy.setIssuer(provider.first->getEntityID()); policy.setIssuerMetadata(provider.second); - try { - log.debug("calling ArtifactResolver..."); - auto_ptr response( - m_artifactResolver->resolve(artifacts, dynamic_cast(*provider.second), policy) - ); + log.debug("calling ArtifactResolver..."); + auto_ptr response( + m_artifactResolver->resolve(artifactptrs, dynamic_cast(*provider.second), policy) + ); - // The policy should be enforced against the Response by the resolve step. + // The policy should be enforced against the Response by the resolve step. - for_each(artifacts.begin(), artifacts.end(), xmltooling::cleanup()); - return response.release(); - } - catch (XMLToolingException&) { - for_each(artifacts.begin(), artifacts.end(), xmltooling::cleanup()); - throw; - } + return response.release(); } diff --git a/saml/saml1/profile/impl/AssertionValidator.cpp b/saml/saml1/profile/impl/AssertionValidator.cpp index ff00b8f..11e5b99 100644 --- a/saml/saml1/profile/impl/AssertionValidator.cpp +++ b/saml/saml1/profile/impl/AssertionValidator.cpp @@ -28,6 +28,7 @@ #include "saml1/core/Assertions.h" #include "saml1/profile/AssertionValidator.h" +#include #include #include #include @@ -35,6 +36,7 @@ using namespace opensaml::saml1; using namespace xmltooling::logging; using namespace xmltooling; +using namespace boost; using namespace std; AssertionValidator::AssertionValidator(const XMLCh* recipient, const vector* audiences, time_t ts) @@ -78,16 +80,13 @@ void AssertionValidator::validateAssertion(const Assertion& assertion) const // Now we process conditions, starting with the known types and then extensions. const vector& acvec = conds->getAudienceRestrictionConditions(); - for (vector::const_iterator ac = acvec.begin(); ac!=acvec.end(); ++ac) - validateCondition(*ac); + for_each(acvec.begin(), acvec.end(), boost::bind(&AssertionValidator::validateCondition, this, _1)); const vector& dncvec = conds->getDoNotCacheConditions(); - for (vector::const_iterator dnc = dncvec.begin(); dnc!=dncvec.end(); ++dnc) - validateCondition(*dnc); + for_each(dncvec.begin(), dncvec.end(), boost::bind(&AssertionValidator::validateCondition, this, _1)); const vector& convec = conds->getConditions(); - for (vector::const_iterator c = convec.begin(); c!=convec.end(); ++c) - validateCondition(*c); + for_each(convec.begin(), convec.end(), boost::bind(&AssertionValidator::validateCondition, this, _1)); } void AssertionValidator::validateCondition(const Condition* c) const diff --git a/saml/saml2/binding/impl/SAML2ArtifactDecoder.cpp b/saml/saml2/binding/impl/SAML2ArtifactDecoder.cpp index 336ddab..dafe381 100644 --- a/saml/saml2/binding/impl/SAML2ArtifactDecoder.cpp +++ b/saml/saml2/binding/impl/SAML2ArtifactDecoder.cpp @@ -95,7 +95,7 @@ XMLObject* SAML2ArtifactDecoder::decode( throw BindingException("Artifact binding requires ArtifactResolver and MetadataProvider implementations be supplied."); // Import the artifact. - SAMLArtifact* artifact=nullptr; + auto_ptr artifact; try { log.debug("processing encoded artifact (%s)", SAMLart); @@ -110,7 +110,7 @@ XMLObject* SAML2ArtifactDecoder::decode( else log.warn("replay cache was not provided, this is a serious security risk!"); - artifact = SAMLArtifact::parse(SAMLart); + artifact.reset(SAMLArtifact::parse(SAMLart)); } catch (ArtifactException&) { log.error("error parsing artifact (%s)", SAMLart); @@ -118,16 +118,15 @@ XMLObject* SAML2ArtifactDecoder::decode( } // Check the type. - auto_ptr artifact2(dynamic_cast(artifact)); - if (!artifact2.get()) { - delete artifact; + SAML2Artifact* artifact2 = dynamic_cast(artifact.get()); + if (!artifact2) { log.error("wrong artifact type"); throw BindingException("Artifact binding requires SAML 2.0 artifact."); } log.debug("attempting to determine source of artifact..."); MetadataProvider::Criteria& mc = policy.getMetadataProviderCriteria(); - mc.artifact = artifact; + mc.artifact = artifact.get(); mc.role = policy.getRole(); mc.protocol = samlconstants::SAML20P_NS; pair provider=policy.getMetadataProvider()->getEntityDescriptor(mc); @@ -154,7 +153,7 @@ XMLObject* SAML2ArtifactDecoder::decode( log.debug("calling ArtifactResolver..."); auto_ptr response( - m_artifactResolver->resolve(*(artifact2.get()), dynamic_cast(*provider.second), policy) + m_artifactResolver->resolve(*artifact2, dynamic_cast(*provider.second), policy) ); // The policy should be enforced against the ArtifactResponse by the resolve step. diff --git a/saml/saml2/binding/impl/SAML2ECPEncoder.cpp b/saml/saml2/binding/impl/SAML2ECPEncoder.cpp index f2e8d19..cd9ac82 100644 --- a/saml/saml2/binding/impl/SAML2ECPEncoder.cpp +++ b/saml/saml2/binding/impl/SAML2ECPEncoder.cpp @@ -59,13 +59,12 @@ namespace opensaml { { public: SAML2ECPEncoder(const DOMElement* e, const XMLCh* ns) : m_actor("http://schemas.xmlsoap.org/soap/actor/next"), - m_providerName(e ? e->getAttributeNS(ns, ProviderName) : nullptr), m_idpList(nullptr) { + m_providerName(e ? e->getAttributeNS(ns, ProviderName) : nullptr) { DOMElement* child = e ? XMLHelper::getFirstChildElement(e, SAML20P_NS, IDPList::LOCAL_NAME) : nullptr; if (child) - m_idpList = dynamic_cast(XMLObjectBuilder::buildOneFromElement(child)); + m_idpList.reset(dynamic_cast(XMLObjectBuilder::buildOneFromElement(child))); } virtual ~SAML2ECPEncoder() { - delete m_idpList; } const XMLCh* getProtocolFamily() const { @@ -87,7 +86,7 @@ namespace opensaml { private: auto_ptr_XMLCh m_actor; const XMLCh* m_providerName; - IDPList* m_idpList; + auto_ptr m_idpList; AnyElementBuilder m_anyBuilder; }; @@ -176,7 +175,7 @@ long SAML2ECPEncoder::encode( hdrblock->getUnknownXMLObjects().push_back(request->getIssuer()->clone()); if (request->getScoping() && request->getScoping()->getIDPList()) hdrblock->getUnknownXMLObjects().push_back(request->getScoping()->getIDPList()->clone()); - else if (m_idpList) + else if (m_idpList.get()) hdrblock->getUnknownXMLObjects().push_back(m_idpList->clone()); header->getUnknownXMLObjects().push_back(hdrblock); } diff --git a/saml/saml2/metadata/AbstractMetadataProvider.h b/saml/saml2/metadata/AbstractMetadataProvider.h index 8e256cd..0fe617d 100644 --- a/saml/saml2/metadata/AbstractMetadataProvider.h +++ b/saml/saml2/metadata/AbstractMetadataProvider.h @@ -151,7 +151,8 @@ namespace opensaml { mutable sitemap_t m_sources; mutable groupmap_t m_groups; - mutable xmltooling::Mutex* m_credentialLock; + std::auto_ptr m_resolverWrapper; + std::auto_ptr m_credentialLock; typedef std::map< const RoleDescriptor*, std::vector > credmap_t; mutable credmap_t m_credentialMap; const credmap_t::mapped_type& resolveCredentials(const RoleDescriptor& role) const; diff --git a/saml/saml2/metadata/DiscoverableMetadataProvider.h b/saml/saml2/metadata/DiscoverableMetadataProvider.h index a8f4e7b..2086705 100644 --- a/saml/saml2/metadata/DiscoverableMetadataProvider.h +++ b/saml/saml2/metadata/DiscoverableMetadataProvider.h @@ -94,8 +94,8 @@ namespace opensaml { mutable std::string m_feedTag; private: - void disco(std::string& s, const EntityDescriptor* entity, bool& first) const; - void disco(std::string& s, const EntitiesDescriptor* group, bool& first) const; + void discoEntity(std::string& s, const EntityDescriptor* entity, bool& first) const; + void discoGroup(std::string& s, const EntitiesDescriptor* group, bool& first) const; bool m_legacyOrgNames; }; diff --git a/saml/saml2/metadata/impl/AbstractMetadataProvider.cpp b/saml/saml2/metadata/impl/AbstractMetadataProvider.cpp index 9dd9bc4..d97f5ef 100644 --- a/saml/saml2/metadata/impl/AbstractMetadataProvider.cpp +++ b/saml/saml2/metadata/impl/AbstractMetadataProvider.cpp @@ -31,6 +31,10 @@ #include "saml2/metadata/MetadataCredentialContext.h" #include "saml2/metadata/MetadataCredentialCriteria.h" +#include +#include +#include +#include #include #include #include @@ -44,32 +48,34 @@ using namespace opensaml::saml2md; using namespace xmltooling::logging; using namespace xmltooling; +using namespace boost::lambda; +using namespace boost; using namespace std; using opensaml::SAMLArtifact; static const XMLCh _KeyInfoResolver[] = UNICODE_LITERAL_15(K,e,y,I,n,f,o,R,e,s,o,l,v,e,r); -static const XMLCh type[] = UNICODE_LITERAL_4(t,y,p,e); +static const XMLCh _type[] = UNICODE_LITERAL_4(t,y,p,e); AbstractMetadataProvider::AbstractMetadataProvider(const DOMElement* e) - : ObservableMetadataProvider(e), m_lastUpdate(0), m_resolver(nullptr), m_credentialLock(nullptr) + : ObservableMetadataProvider(e), m_lastUpdate(0), m_resolver(nullptr), m_credentialLock(Mutex::create()) { e = XMLHelper::getFirstChildElement(e, _KeyInfoResolver); if (e) { - string t = XMLHelper::getAttrString(e, nullptr, type); - if (!t.empty()) - m_resolver = XMLToolingConfig::getConfig().KeyInfoResolverManager.newPlugin(t.c_str(), e); - else + string t = XMLHelper::getAttrString(e, nullptr, _type); + if (!t.empty()) { + m_resolverWrapper.reset(XMLToolingConfig::getConfig().KeyInfoResolverManager.newPlugin(t.c_str(), e)); + m_resolver = m_resolverWrapper.get(); + } + else { throw UnknownExtensionException(" element found with no type attribute"); + } } - m_credentialLock = Mutex::create(); } AbstractMetadataProvider::~AbstractMetadataProvider() { for (credmap_t::iterator c = m_credentialMap.begin(); c!=m_credentialMap.end(); ++c) for_each(c->second.begin(), c->second.end(), xmltooling::cleanup()); - delete m_credentialLock; - delete m_resolver; } void AbstractMetadataProvider::outputStatus(ostream& os) const @@ -109,9 +115,21 @@ void AbstractMetadataProvider::indexEntity(EntityDescriptor* site, time_t& valid auto_ptr_char id(site->getEntityID()); if (id.get()) { if (replace) { - m_sites.erase(id.get()); + // The data structure here needs work. + // We have to find all the sites stored against the replaced ID. Then we have to + // search for those sites in the entire set of sites tracked by the sources map and + // remove them from both places. + set existingSites; + pair existingRange = m_sites.equal_range(id.get()); + static pair::iterator,bool> (set::* ins)(const EntityDescriptor* const &) = + &set::insert; + for_each( + existingRange.first, existingRange.second, + lambda::bind(ins, boost::ref(existingSites), lambda::bind(&sitemap_t::value_type::second, _1)) + ); + m_sites.erase(existingRange.first, existingRange.second); for (sitemap_t::iterator s = m_sources.begin(); s != m_sources.end();) { - if (s->second == site) { + if (existingSites.count(s->second) > 0) { sitemap_t::iterator temp = s; ++s; m_sources.erase(temp); @@ -298,12 +316,15 @@ const Credential* AbstractMetadataProvider::resolve(const CredentialCriteria* cr if (!metacrit) throw MetadataException("Cannot resolve credentials without a MetadataCredentialCriteria object."); - Lock lock(m_credentialLock); + Lock lock(m_credentialLock.get()); const credmap_t::mapped_type& creds = resolveCredentials(metacrit->getRole()); - for (credmap_t::mapped_type::const_iterator c = creds.begin(); c!=creds.end(); ++c) - if (metacrit->matches(*(*c))) - return *c; + // Indirect iterator derefs the pointers in the vector to pass to the matches() method by reference. + credmap_t::mapped_type::const_iterator c = find_if( + creds.begin(), creds.end(), lambda::bind(&CredentialCriteria::matches, metacrit, boost::ref(*_1)) + ); + if (c != creds.end()) + return *c; return nullptr; } @@ -315,27 +336,32 @@ vector::size_type AbstractMetadataProvider::resolve( if (!metacrit) throw MetadataException("Cannot resolve credentials without a MetadataCredentialCriteria object."); - Lock lock(m_credentialLock); + Lock lock(m_credentialLock.get()); const credmap_t::mapped_type& creds = resolveCredentials(metacrit->getRole()); - for (credmap_t::mapped_type::const_iterator c = creds.begin(); c!=creds.end(); ++c) - if (metacrit->matches(*(*c))) - results.push_back(*c); + // Add matching creds to results array. + static void (vector::* push_back)(const Credential* const &) = &vector::push_back; + for_each( + creds.begin(), creds.end(), + if_(lambda::bind(&CredentialCriteria::matches, metacrit, boost::ref(*_1)))[lambda::bind(push_back, boost::ref(results), _1)] + ); + return results.size(); } const AbstractMetadataProvider::credmap_t::mapped_type& AbstractMetadataProvider::resolveCredentials(const RoleDescriptor& role) const { credmap_t::const_iterator i = m_credentialMap.find(&role); - if (i!=m_credentialMap.end()) + if (i != m_credentialMap.end()) return i->second; const KeyInfoResolver* resolver = m_resolver ? m_resolver : XMLToolingConfig::getConfig().getKeyInfoResolver(); const vector& keys = role.getKeyDescriptors(); AbstractMetadataProvider::credmap_t::mapped_type& resolved = m_credentialMap[&role]; - for (vector::const_iterator k = keys.begin(); k!=keys.end(); ++k) { - if ((*k)->getKeyInfo()) { - auto_ptr mcc(new MetadataCredentialContext(*(*k))); + for (indirect_iterator::const_iterator> k = make_indirect_iterator(keys.begin()); + k != make_indirect_iterator(keys.end()); ++k) { + if (k->getKeyInfo()) { + auto_ptr mcc(new MetadataCredentialContext(*k)); Credential* c = resolver->resolve(mcc.get()); mcc.release(); resolved.push_back(c); diff --git a/saml/saml2/metadata/impl/BlacklistMetadataFilter.cpp b/saml/saml2/metadata/impl/BlacklistMetadataFilter.cpp index 12907bb..283047c 100644 --- a/saml/saml2/metadata/impl/BlacklistMetadataFilter.cpp +++ b/saml/saml2/metadata/impl/BlacklistMetadataFilter.cpp @@ -75,7 +75,7 @@ BlacklistMetadataFilter::BlacklistMetadataFilter(const DOMElement* e) e = XMLHelper::getFirstChildElement(e); while (e) { if (XMLString::equals(e->getLocalName(), Exclude) && e->hasChildNodes()) { - m_set.insert(e->getFirstChild()->getNodeValue()); + m_set.insert(e->getFirstChild()->getTextContent()); } e = XMLHelper::getNextSiblingElement(e); } @@ -94,7 +94,7 @@ void BlacklistMetadataFilter::doFilter(XMLObject& xmlObject) const doFilter(entities); return; } - catch (bad_cast) { + catch (bad_cast&) { } try { @@ -103,7 +103,7 @@ void BlacklistMetadataFilter::doFilter(XMLObject& xmlObject) const throw MetadataFilterException("BlacklistMetadataFilter instructed to filter the root/only entity in the metadata."); return; } - catch (bad_cast) { + catch (bad_cast&) { } throw MetadataFilterException("BlacklistMetadataFilter was given an improper metadata instance to filter."); diff --git a/saml/saml2/metadata/impl/ChainingMetadataProvider.cpp b/saml/saml2/metadata/impl/ChainingMetadataProvider.cpp index 5bb1f50..067e6ff 100644 --- a/saml/saml2/metadata/impl/ChainingMetadataProvider.cpp +++ b/saml/saml2/metadata/impl/ChainingMetadataProvider.cpp @@ -34,6 +34,8 @@ #include #include +#include +#include #include #include #include @@ -45,6 +47,7 @@ using namespace opensaml; using namespace xmlsignature; using namespace xmltooling::logging; using namespace xmltooling; +using namespace boost; using namespace std; namespace opensaml { @@ -74,7 +77,7 @@ namespace opensaml { vector::size_type resolve(vector& results, const CredentialCriteria* criteria=nullptr) const; string getCacheTag() const { - Lock lock(m_trackerLock); + Lock lock(m_trackerLock.get()); return m_feedTag; } @@ -82,8 +85,8 @@ namespace opensaml { if (wrapArray) os << '['; // Lock each provider in turn and suck in its feed. - for (vector::const_iterator m = m_providers.begin(); m != m_providers.end(); ++m) { - DiscoverableMetadataProvider* d = dynamic_cast(*m); + for (ptr_vector::iterator m = m_providers.begin(); m != m_providers.end(); ++m) { + DiscoverableMetadataProvider* d = dynamic_cast(&(*m)); if (d) { Locker locker(d); d->outputFeed(os, first, false); @@ -95,7 +98,7 @@ namespace opensaml { void onEvent(const ObservableMetadataProvider& provider) const { // Reset the cache tag for the feed. - Lock lock(m_trackerLock); + Lock lock(m_trackerLock.get()); SAMLConfig::getConfig().generateRandomBytes(m_feedTag, 4); m_feedTag = SAMLArtifact::toHex(m_feedTag); emitChangeEvent(); @@ -108,9 +111,9 @@ namespace opensaml { private: bool m_firstMatch; - mutable Mutex* m_trackerLock; - ThreadKey* m_tlsKey; - vector m_providers; + auto_ptr m_trackerLock; + auto_ptr m_tlsKey; + mutable ptr_vector m_providers; mutable set m_trackers; static void tracker_cleanup(void*); Category& m_log; @@ -119,7 +122,7 @@ namespace opensaml { struct SAML_DLLLOCAL tracker_t { tracker_t(const ChainingMetadataProvider* m) : m_metadata(m) { - Lock lock(m_metadata->m_trackerLock); + Lock lock(m_metadata->m_trackerLock.get()); m_metadata->m_trackers.insert(this); } @@ -166,14 +169,14 @@ void ChainingMetadataProvider::tracker_cleanup(void* ptr) if (ptr) { // free the tracker after removing it from the parent plugin's tracker set tracker_t* t = reinterpret_cast(ptr); - Lock lock(t->m_metadata->m_trackerLock); + Lock lock(t->m_metadata->m_trackerLock.get()); t->m_metadata->m_trackers.erase(t); delete t; } } ChainingMetadataProvider::ChainingMetadataProvider(const DOMElement* e) - : ObservableMetadataProvider(e), m_firstMatch(true), m_trackerLock(nullptr), m_tlsKey(nullptr), + : ObservableMetadataProvider(e), m_firstMatch(true), m_trackerLock(Mutex::create()), m_tlsKey(ThreadKey::create(tracker_cleanup)), m_log(Category::getInstance(SAML_LOGCAT".Metadata.Chaining")) { if (XMLString::equals(e ? e->getAttributeNS(nullptr, precedence) : nullptr, last)) @@ -198,23 +201,18 @@ ChainingMetadataProvider::ChainingMetadataProvider(const DOMElement* e) } e = XMLHelper::getNextSiblingElement(e, _MetadataProvider); } - m_trackerLock = Mutex::create(); - m_tlsKey = ThreadKey::create(tracker_cleanup); } ChainingMetadataProvider::~ChainingMetadataProvider() { - delete m_tlsKey; - delete m_trackerLock; for_each(m_trackers.begin(), m_trackers.end(), xmltooling::cleanup()); - for_each(m_providers.begin(), m_providers.end(), xmltooling::cleanup()); } void ChainingMetadataProvider::init() { - for (vector::const_iterator i=m_providers.begin(); i!=m_providers.end(); ++i) { + for (ptr_vector::iterator i = m_providers.begin(); i != m_providers.end(); ++i) { try { - (*i)->init(); + i->init(); } catch (exception& ex) { m_log.crit("failure initializing MetadataProvider: %s", ex.what()); @@ -228,9 +226,7 @@ void ChainingMetadataProvider::init() void ChainingMetadataProvider::outputStatus(ostream& os) const { - for (vector::const_iterator i=m_providers.begin(); i!=m_providers.end(); ++i) { - (*i)->outputStatus(os); - } + for_each(m_providers.begin(), m_providers.end(), boost::bind(&MetadataProvider::outputStatus, _1, boost::ref(os))); } Lockable* ChainingMetadataProvider::lock() @@ -244,7 +240,7 @@ void ChainingMetadataProvider::unlock() void* ptr=m_tlsKey->getData(); if (ptr) { tracker_t* t = reinterpret_cast(ptr); - for_each(t->m_locked.begin(), t->m_locked.end(), mem_fun(&Lockable::unlock)); + for_each(t->m_locked.begin(), t->m_locked.end(), mem_fun(&Lockable::unlock)); t->m_locked.clear(); t->m_objectMap.clear(); } @@ -271,13 +267,13 @@ const EntitiesDescriptor* ChainingMetadataProvider::getEntitiesDescriptor(const MetadataProvider* held = nullptr; const EntitiesDescriptor* ret = nullptr; const EntitiesDescriptor* cur = nullptr; - for (vector::const_iterator i=m_providers.begin(); i!=m_providers.end(); ++i) { - tracker->lock_if(*i); - if (cur=(*i)->getEntitiesDescriptor(name,requireValidMetadata)) { + for (ptr_vector::iterator i = m_providers.begin(); i != m_providers.end(); ++i) { + tracker->lock_if(&(*i)); + if (cur=i->getEntitiesDescriptor(name,requireValidMetadata)) { // Are we using a first match policy? if (m_firstMatch) { // Save locked provider. - tracker->remember(*i); + tracker->remember(&(*i)); return cur; } @@ -288,12 +284,12 @@ const EntitiesDescriptor* ChainingMetadataProvider::getEntitiesDescriptor(const } // Save off the latest match. - held = *i; + held = &(*i); ret = cur; } else { // No match, so just unlock this one and move on. - tracker->unlock_if(*i); + tracker->unlock_if(&(*i)); } } @@ -320,9 +316,9 @@ pair ChainingMetadataProvider::ge MetadataProvider* held = nullptr; pair ret = pair(nullptr,nullptr); pair cur = ret; - for (vector::const_iterator i=m_providers.begin(); i!=m_providers.end(); ++i) { - tracker->lock_if(*i); - cur = (*i)->getEntityDescriptor(criteria); + for (ptr_vector::iterator i = m_providers.begin(); i != m_providers.end(); ++i) { + tracker->lock_if(&(*i)); + cur = i->getEntityDescriptor(criteria); if (cur.first) { if (criteria.role) { // We want a role also. Did we find one? @@ -333,7 +329,7 @@ pair ChainingMetadataProvider::ge if (held) tracker->unlock_if(held); // Save locked provider and role mapping. - tracker->remember(*i, cur.first); + tracker->remember(&(*i), cur.first); return cur; } @@ -359,7 +355,7 @@ pair ChainingMetadataProvider::ge } // Save off the latest match. - held = *i; + held = &(*i); ret = cur; } else { @@ -367,13 +363,13 @@ pair ChainingMetadataProvider::ge // but save this one if we didn't have the role yet. if (ret.second) { // We already had a role, so let's stick with that. - tracker->unlock_if(*i); + tracker->unlock_if(&(*i)); } else { // This is at least as good, so toss anything we had and keep it. if (held) tracker->unlock_if(held); - held = *i; + held = &(*i); ret = cur; } } @@ -386,7 +382,7 @@ pair ChainingMetadataProvider::ge tracker->unlock_if(held); // Save locked provider. - tracker->remember(*i, cur.first); + tracker->remember(&(*i), cur.first); return cur; } @@ -407,13 +403,13 @@ pair ChainingMetadataProvider::ge } // Save off the latest match. - held = *i; + held = &(*i); ret = cur; } } else { // No match, so just unlock this one and move on. - tracker->unlock_if(*i); + tracker->unlock_if(&(*i)); } } diff --git a/saml/saml2/metadata/impl/DiscoverableMetadataProvider.cpp b/saml/saml2/metadata/impl/DiscoverableMetadataProvider.cpp index ce5950b..275f351 100644 --- a/saml/saml2/metadata/impl/DiscoverableMetadataProvider.cpp +++ b/saml/saml2/metadata/impl/DiscoverableMetadataProvider.cpp @@ -31,11 +31,14 @@ #include #include +#include +#include #include #include using namespace opensaml::saml2md; using namespace xmltooling; +using namespace boost; using namespace std; DiscoverableMetadataProvider::DiscoverableMetadataProvider(const DOMElement* e) : MetadataProvider(e), m_legacyOrgNames(false) @@ -53,8 +56,8 @@ void DiscoverableMetadataProvider::generateFeed() m_feed.erase(); bool first = true; const XMLObject* object = getMetadata(); - disco(m_feed, dynamic_cast(object), first); - disco(m_feed, dynamic_cast(object), first); + discoGroup(m_feed, dynamic_cast(object), first); + discoEntity(m_feed, dynamic_cast(object), first); SAMLConfig::getConfig().generateRandomBytes(m_feedTag, 4); m_feedTag = SAMLArtifact::toHex(m_feedTag); @@ -111,7 +114,7 @@ static string& json_safe(string& s, const char* buf) return s; } -void DiscoverableMetadataProvider::disco(string& s, const EntityDescriptor* entity, bool& first) const +void DiscoverableMetadataProvider::discoEntity(string& s, const EntityDescriptor* entity, bool& first) const { time_t now = time(nullptr); if (entity && entity->isValid(now)) { @@ -127,9 +130,10 @@ void DiscoverableMetadataProvider::disco(string& s, const EntityDescriptor* enti json_safe(s, entityid.get()); s += '\"'; bool extFound = false; - for (vector::const_iterator idp = idps.begin(); !extFound && idp != idps.end(); ++idp) { - if ((*idp)->isValid(now) && (*idp)->getExtensions()) { - const vector& exts = const_cast((*idp)->getExtensions())->getUnknownXMLObjects(); + for (indirect_iterator::const_iterator> idp = make_indirect_iterator(idps.begin()); + !extFound && idp != make_indirect_iterator(idps.end()); ++idp) { + if (idp->isValid(now) && idp->getExtensions()) { + const vector& exts = const_cast(idp->getExtensions())->getUnknownXMLObjects(); for (vector::const_iterator ext = exts.begin(); !extFound && ext != exts.end(); ++ext) { const UIInfo* info = dynamic_cast(*ext); if (info) { @@ -137,11 +141,12 @@ void DiscoverableMetadataProvider::disco(string& s, const EntityDescriptor* enti const vector& dispnames = info->getDisplayNames(); if (!dispnames.empty()) { s += ",\n \"DisplayNames\": ["; - for (vector::const_iterator dispname = dispnames.begin(); dispname != dispnames.end(); ++dispname) { - if (dispname != dispnames.begin()) + for (indirect_iterator::const_iterator> dispname = make_indirect_iterator(dispnames.begin()); + dispname != make_indirect_iterator(dispnames.end()); ++dispname) { + if (dispname.base() != dispnames.begin()) s += ','; - auto_arrayptr val(toUTF8((*dispname)->getName())); - auto_ptr_char lang((*dispname)->getLang()); + auto_arrayptr val(toUTF8(dispname->getName())); + auto_ptr_char lang(dispname->getLang()); s += "\n {\n \"value\": \""; json_safe(s, val.get()); s += "\",\n \"lang\": \""; @@ -154,11 +159,12 @@ void DiscoverableMetadataProvider::disco(string& s, const EntityDescriptor* enti const vector& descs = info->getDescriptions(); if (!descs.empty()) { s += ",\n \"Descriptions\": ["; - for (vector::const_iterator desc = descs.begin(); desc != descs.end(); ++desc) { - if (desc != descs.begin()) + for (indirect_iterator::const_iterator> desc = make_indirect_iterator(descs.begin()); + desc != make_indirect_iterator(descs.end()); ++desc) { + if (desc.base() != descs.begin()) s += ','; - auto_arrayptr val(toUTF8((*desc)->getDescription())); - auto_ptr_char lang((*desc)->getLang()); + auto_arrayptr val(toUTF8(desc->getDescription())); + auto_ptr_char lang(desc->getLang()); s += "\n {\n \"value\": \""; json_safe(s, val.get()); s += "\",\n \"lang\": \""; @@ -171,11 +177,12 @@ void DiscoverableMetadataProvider::disco(string& s, const EntityDescriptor* enti const vector& keywords = info->getKeywordss(); if (!keywords.empty()) { s += ",\n \"Keywords\": ["; - for (vector::const_iterator words = keywords.begin(); words != keywords.end(); ++words) { - if (words != keywords.begin()) + for (indirect_iterator::const_iterator> words = make_indirect_iterator(keywords.begin()); + words != make_indirect_iterator(keywords.end()); ++words) { + if (words.base() != keywords.begin()) s += ','; - auto_arrayptr val(toUTF8((*words)->getValues())); - auto_ptr_char lang((*words)->getLang()); + auto_arrayptr val(toUTF8(words->getValues())); + auto_ptr_char lang(words->getLang()); s += "\n {\n \"value\": \""; json_safe(s, val.get()); s += "\",\n \"lang\": \""; @@ -188,11 +195,12 @@ void DiscoverableMetadataProvider::disco(string& s, const EntityDescriptor* enti const vector& infurls = info->getInformationURLs(); if (!infurls.empty()) { s += ",\n \"InformationURLs\": ["; - for (vector::const_iterator infurl = infurls.begin(); infurl != infurls.end(); ++infurl) { - if (infurl != infurls.begin()) + for (indirect_iterator::const_iterator> infurl = make_indirect_iterator(infurls.begin()); + infurl != make_indirect_iterator(infurls.end()); ++infurl) { + if (infurl.base() != infurls.begin()) s += ','; - auto_ptr_char val((*infurl)->getURL()); - auto_ptr_char lang((*infurl)->getLang()); + auto_ptr_char val(infurl->getURL()); + auto_ptr_char lang(infurl->getLang()); s += "\n {\n \"value\": \""; json_safe(s, val.get()); s += "\",\n \"lang\": \""; @@ -205,11 +213,12 @@ void DiscoverableMetadataProvider::disco(string& s, const EntityDescriptor* enti const vector& privs = info->getPrivacyStatementURLs(); if (!privs.empty()) { s += ",\n \"PrivacyStatementURLs\": ["; - for (vector::const_iterator priv = privs.begin(); priv != privs.end(); ++priv) { - if (priv != privs.begin()) + for (indirect_iterator::const_iterator> priv = make_indirect_iterator(privs.begin()); + priv != make_indirect_iterator(privs.end()); ++priv) { + if (priv.base() != privs.begin()) s += ','; - auto_ptr_char val((*priv)->getURL()); - auto_ptr_char lang((*priv)->getLang()); + auto_ptr_char val(priv->getURL()); + auto_ptr_char lang(priv->getLang()); s += "\n {\n \"value\": \""; json_safe(s, val.get()); s += "\",\n \"lang\": \""; @@ -222,24 +231,25 @@ void DiscoverableMetadataProvider::disco(string& s, const EntityDescriptor* enti const vector& logos = info->getLogos(); if (!logos.empty()) { s += ",\n \"Logos\": ["; - for (vector::const_iterator logo = logos.begin(); logo != logos.end(); ++logo) { - if (logo != logos.begin()) + for (indirect_iterator::const_iterator> logo = make_indirect_iterator(logos.begin()); + logo != make_indirect_iterator(logos.end()); ++logo) { + if (logo.base() != logos.begin()) s += ','; s += "\n {\n"; - auto_ptr_char val((*logo)->getURL()); + auto_ptr_char val(logo->getURL()); s += " \"value\": \""; json_safe(s, val.get()); ostringstream ht; - ht << (*logo)->getHeight().second; + ht << logo->getHeight().second; s += "\",\n \"height\": \""; s += ht.str(); ostringstream wt; - wt << (*logo)->getWidth().second; + wt << logo->getWidth().second; s += "\",\n \"width\": \""; s += wt.str(); s += '\"'; - if ((*logo)->getLang()) { - auto_ptr_char lang((*logo)->getLang()); + if (logo->getLang()) { + auto_ptr_char lang(logo->getLang()); s += ",\n \"lang\": \""; s += lang.get(); s += '\"'; @@ -255,9 +265,10 @@ void DiscoverableMetadataProvider::disco(string& s, const EntityDescriptor* enti if (m_legacyOrgNames && !extFound) { const Organization* org = nullptr; - for (vector::const_iterator idp = idps.begin(); !org && idp != idps.end(); ++idp) { - if ((*idp)->isValid(now)) - org = (*idp)->getOrganization(); + for (indirect_iterator::const_iterator> idp = make_indirect_iterator(idps.begin()); + !org && idp != make_indirect_iterator(idps.end()); ++idp) { + if (idp->isValid(now)) + org = idp->getOrganization(); } if (!org) org = entity->getOrganization(); @@ -265,11 +276,12 @@ void DiscoverableMetadataProvider::disco(string& s, const EntityDescriptor* enti const vector& odns = org->getOrganizationDisplayNames(); if (!odns.empty()) { s += ",\n \"DisplayNames\": ["; - for (vector::const_iterator dispname = odns.begin(); dispname != odns.end(); ++dispname) { - if (dispname != odns.begin()) + for (indirect_iterator::const_iterator> dispname = make_indirect_iterator(odns.begin()); + dispname != make_indirect_iterator(odns.end()); ++dispname) { + if (dispname.base() != odns.begin()) s += ','; - auto_arrayptr val(toUTF8((*dispname)->getName())); - auto_ptr_char lang((*dispname)->getLang()); + auto_arrayptr val(toUTF8(dispname->getName())); + auto_ptr_char lang(dispname->getLang()); s += "\n {\n \"value\": \""; json_safe(s, val.get()); s += "\",\n \"lang\": \""; @@ -287,15 +299,16 @@ void DiscoverableMetadataProvider::disco(string& s, const EntityDescriptor* enti } } -void DiscoverableMetadataProvider::disco(string& s, const EntitiesDescriptor* group, bool& first) const +void DiscoverableMetadataProvider::discoGroup(string& s, const EntitiesDescriptor* group, bool& first) const { if (group) { - const vector& groups = group->getEntitiesDescriptors(); - for (vector::const_iterator i = groups.begin(); i != groups.end(); ++i) - disco(s, *i, first); - - const vector& sites = group->getEntityDescriptors(); - for (vector::const_iterator j = sites.begin(); j != sites.end(); ++j) - disco(s, *j, first); + for_each( + group->getEntitiesDescriptors().begin(), group->getEntitiesDescriptors().end(), + boost::bind(&DiscoverableMetadataProvider::discoGroup, boost::ref(this), boost::ref(s), _1, boost::ref(first)) + ); + for_each( + group->getEntityDescriptors().begin(), group->getEntityDescriptors().end(), + boost::bind(&DiscoverableMetadataProvider::discoEntity, boost::ref(this), boost::ref(s), _1, boost::ref(first)) + ); } } diff --git a/saml/saml2/metadata/impl/WhitelistMetadataFilter.cpp b/saml/saml2/metadata/impl/WhitelistMetadataFilter.cpp index b1590a4..ecedc3e 100644 --- a/saml/saml2/metadata/impl/WhitelistMetadataFilter.cpp +++ b/saml/saml2/metadata/impl/WhitelistMetadataFilter.cpp @@ -28,12 +28,15 @@ #include "saml2/metadata/Metadata.h" #include "saml2/metadata/MetadataFilter.h" +#include +#include #include #include using namespace opensaml::saml2md; using namespace xmltooling::logging; using namespace xmltooling; +using namespace boost; using namespace std; namespace opensaml { @@ -75,7 +78,7 @@ WhitelistMetadataFilter::WhitelistMetadataFilter(const DOMElement* e) e = XMLHelper::getFirstChildElement(e); while (e) { if (XMLString::equals(e->getLocalName(), Include) && e->hasChildNodes()) { - m_set.insert(e->getFirstChild()->getNodeValue()); + m_set.insert(e->getFirstChild()->getTextContent()); } e = XMLHelper::getNextSiblingElement(e); } @@ -91,7 +94,7 @@ void WhitelistMetadataFilter::doFilter(XMLObject& xmlObject) const doFilter(dynamic_cast(xmlObject)); return; } - catch (bad_cast) { + catch (bad_cast&) { } try { @@ -100,7 +103,7 @@ void WhitelistMetadataFilter::doFilter(XMLObject& xmlObject) const throw MetadataFilterException("WhitelistMetadataFilter instructed to filter the root/only entity in the metadata."); return; } - catch (bad_cast) { + catch (bad_cast&) { } throw MetadataFilterException("WhitelistMetadataFilter was given an improper metadata instance to filter."); @@ -124,6 +127,10 @@ void WhitelistMetadataFilter::doFilter(EntitiesDescriptor& entities) const } const vector& groups=const_cast(entities).getEntitiesDescriptors(); - for (vector::const_iterator j=groups.begin(); j!=groups.end(); j++) - doFilter(*(*j)); + for_each( + make_indirect_iterator(groups.begin()), make_indirect_iterator(groups.end()), + boost::bind( + static_cast(&WhitelistMetadataFilter::doFilter), boost::ref(this), _1 + ) + ); } diff --git a/saml/saml2/profile/impl/Assertion20Validator.cpp b/saml/saml2/profile/impl/Assertion20Validator.cpp index 6e815c3..1a2a1a3 100644 --- a/saml/saml2/profile/impl/Assertion20Validator.cpp +++ b/saml/saml2/profile/impl/Assertion20Validator.cpp @@ -28,6 +28,7 @@ #include "saml2/core/Assertions.h" #include "saml2/profile/AssertionValidator.h" +#include #include #include #include @@ -35,6 +36,7 @@ using namespace opensaml::saml2; using namespace xmltooling::logging; using namespace xmltooling; +using namespace boost; using namespace std; AssertionValidator::AssertionValidator(const XMLCh* recipient, const vector* audiences, time_t ts) @@ -77,16 +79,13 @@ void AssertionValidator::validateAssertion(const Assertion& assertion) const // Now we process conditions, starting with the known types and then extensions. const vector& acvec = conds->getAudienceRestrictions(); - for (vector::const_iterator ac = acvec.begin(); ac!=acvec.end(); ++ac) - validateCondition(*ac); + for_each(acvec.begin(), acvec.end(), boost::bind(&AssertionValidator::validateCondition, this, _1)); const vector& dncvec = conds->getOneTimeUses(); - for (vector::const_iterator dnc = dncvec.begin(); dnc!=dncvec.end(); ++dnc) - validateCondition(*dnc); + for_each(dncvec.begin(), dncvec.end(), boost::bind(&AssertionValidator::validateCondition, this, _1)); const vector& convec = conds->getConditions(); - for (vector::const_iterator c = convec.begin(); c!=convec.end(); ++c) - validateCondition(*c); + for_each(convec.begin(), convec.end(), boost::bind(&AssertionValidator::validateCondition, this, _1)); } void AssertionValidator::validateCondition(const Condition* c) const diff --git a/saml/saml2/profile/impl/DelegationRestrictionRule.cpp b/saml/saml2/profile/impl/DelegationRestrictionRule.cpp index 304d4b2..66e92a7 100644 --- a/saml/saml2/profile/impl/DelegationRestrictionRule.cpp +++ b/saml/saml2/profile/impl/DelegationRestrictionRule.cpp @@ -31,6 +31,7 @@ #include "util/SAMLConstants.h" #include +#include #include #include #include @@ -39,6 +40,7 @@ using namespace opensaml::saml2; using namespace opensaml; using namespace xmltooling::logging; using namespace xmltooling; +using namespace boost; using namespace std; namespace opensaml { @@ -49,7 +51,6 @@ namespace opensaml { DelegationRestrictionRule(const DOMElement* e); virtual ~DelegationRestrictionRule() { - for_each(m_delegates.begin(), m_delegates.end(), xmltooling::cleanup()); } const char* getType() const { return DELEGATION_POLICY_RULE; @@ -57,7 +58,7 @@ namespace opensaml { bool evaluate(const XMLObject& message, const GenericRequest* request, SecurityPolicy& policy) const; private: - vector m_delegates; + ptr_vector m_delegates; enum { MATCH_ANY, MATCH_NEWEST, @@ -93,21 +94,21 @@ namespace opensaml { _isSameDelegate(const Delegate* d) : m_operand(d) {} // d1 is the input from the message, d2 is from the policy - bool operator()(const Delegate* d1, const Delegate* d2) const { + bool operator()(const Delegate* d1, const Delegate& d2) const { if (!d1->getNameID()) { Category::getInstance(SAML_LOGCAT".SecurityPolicyRule.DelegationRestriction").error( "rule doesn't support evaluation of BaseID or EncryptedID in a Delegate" ); return false; } - if (!d2->getConfirmationMethod() || XMLString::equals(d1->getConfirmationMethod(), d2->getConfirmationMethod())) { - return matches(d1->getNameID(), d2->getNameID()); + if (!d2.getConfirmationMethod() || XMLString::equals(d1->getConfirmationMethod(), d2.getConfirmationMethod())) { + return matches(d1->getNameID(), d2.getNameID()); } return false; } // d is from the policy - bool operator()(const Delegate* d) const { + bool operator()(const Delegate& d) const { return this->operator()(m_operand, d); } }; @@ -132,21 +133,15 @@ DelegationRestrictionRule::DelegationRestrictionRule(const DOMElement* e) else if (m && *m && !XMLString::equals(m, any)) throw SecurityPolicyException("Invalid value for \"match\" attribute in Delegation rule."); - try { - DOMElement* d = XMLHelper::getFirstChildElement(e, samlconstants::SAML20_DELEGATION_CONDITION_NS, Delegate::LOCAL_NAME); - while (d) { - auto_ptr wrapper(XMLObjectBuilder::buildOneFromElement(d)); - Delegate* down = dynamic_cast(wrapper.get()); - if (down) { - m_delegates.push_back(down); - wrapper.release(); - } - d = XMLHelper::getNextSiblingElement(d, samlconstants::SAML20_DELEGATION_CONDITION_NS, Delegate::LOCAL_NAME); + DOMElement* d = XMLHelper::getFirstChildElement(e, samlconstants::SAML20_DELEGATION_CONDITION_NS, Delegate::LOCAL_NAME); + while (d) { + auto_ptr wrapper(XMLObjectBuilder::buildOneFromElement(d)); + Delegate* down = dynamic_cast(wrapper.get()); + if (down) { + m_delegates.push_back(down); + wrapper.release(); } - } - catch (exception&) { - for_each(m_delegates.begin(), m_delegates.end(), xmltooling::cleanup()); - throw; + d = XMLHelper::getNextSiblingElement(d, samlconstants::SAML20_DELEGATION_CONDITION_NS, Delegate::LOCAL_NAME); } } } diff --git a/saml/saml2/profile/impl/SAML2AssertionPolicy.cpp b/saml/saml2/profile/impl/SAML2AssertionPolicy.cpp index 4fcfcdf..120f7bb 100644 --- a/saml/saml2/profile/impl/SAML2AssertionPolicy.cpp +++ b/saml/saml2/profile/impl/SAML2AssertionPolicy.cpp @@ -34,7 +34,7 @@ using namespace xmltooling; SAML2AssertionPolicy::SAML2AssertionPolicy( const MetadataProvider* metadataProvider, const xmltooling::QName* role, const TrustEngine* trustEngine, bool validate - ) : SecurityPolicy(metadataProvider, role, trustEngine, validate) + ) : SecurityPolicy(metadataProvider, role, trustEngine, validate), m_confirmation(nullptr) { } @@ -50,7 +50,7 @@ void SAML2AssertionPolicy::reset(bool messageOnly) void SAML2AssertionPolicy::_reset(bool messageOnly) { - m_confirmation = false; + m_confirmation = nullptr; } const SubjectConfirmation* SAML2AssertionPolicy::getSubjectConfirmation() const