From 20a9409171aae7d730229e48f1757fb1e6b42243 Mon Sep 17 00:00:00 2001
From: Scott Cantor <cantor.2@osu.edu>
Date: Wed, 9 Dec 2009 15:58:11 +0000
Subject: [PATCH] Add logging around expired entry detection/use.

---
 .../metadata/impl/AbstractMetadataProvider.cpp     | 30 +++++++++++++++++-----
 1 file changed, 24 insertions(+), 6 deletions(-)

diff --git a/saml/saml2/metadata/impl/AbstractMetadataProvider.cpp b/saml/saml2/metadata/impl/AbstractMetadataProvider.cpp
index 011f3e4..85f7afc 100644
--- a/saml/saml2/metadata/impl/AbstractMetadataProvider.cpp
+++ b/saml/saml2/metadata/impl/AbstractMetadataProvider.cpp
@@ -28,6 +28,7 @@
 #include "saml2/metadata/MetadataCredentialCriteria.h"
 
 #include <xercesc/util/XMLUniDefs.hpp>
+#include <xmltooling/logging.h>
 #include <xmltooling/XMLToolingConfig.h>
 #include <xmltooling/security/Credential.h>
 #include <xmltooling/security/KeyInfoResolver.h>
@@ -36,6 +37,7 @@
 #include <xmltooling/util/XMLHelper.h>
 
 using namespace opensaml::saml2md;
+using namespace xmltooling::logging;
 using namespace xmltooling;
 using namespace std;
 using opensaml::SAMLArtifact;
@@ -174,9 +176,17 @@ const EntitiesDescriptor* AbstractMetadataProvider::getEntitiesDescriptor(const
         if (now < i->second->getValidUntilEpoch())
             return i->second;
     
-    if (!strict && range.first!=range.second)
-        return range.first->second;
-        
+    if (range.first != range.second) {
+        Category& log = Category::getInstance(SAML_LOGCAT".MetadataProvider");
+        if (strict) {
+            log.warn("ignored expired metadata group (%s)", range.first->first.c_str());
+        }
+        else {
+            log.info("no valid metadata found, returning expired metadata group (%s)", range.first->first.c_str());
+            return range.first->second;
+        }
+    }
+
     return NULL;
 }
 
@@ -206,9 +216,17 @@ pair<const EntityDescriptor*,const RoleDescriptor*> AbstractMetadataProvider::ge
         }
     }
     
-    if (!result.first && !criteria.validOnly && range.first!=range.second)
-        result.first = range.first->second;
-        
+    if (!result.first && range.first!=range.second) {
+        Category& log = Category::getInstance(SAML_LOGCAT".MetadataProvider");
+        if (criteria.validOnly) {
+            log.warn("ignored expired metadata instance for (%s)", range.first->first.c_str());
+        }
+        else {
+            log.info("no valid metadata found, returning expired instance for (%s)", range.first->first.c_str());
+            result.first = range.first->second;
+        }
+    }
+
     if (result.first && criteria.role) {
         result.second = result.first->getRoleDescriptor(*criteria.role, criteria.protocol);
         if (!result.second && criteria.protocol2)
-- 
2.1.4