From 6dde4bb7afc0c3b862cfad5cd0c7330814c8421b Mon Sep 17 00:00:00 2001 From: Scott Cantor Date: Wed, 14 Dec 2011 09:24:07 +0000 Subject: [PATCH] Boost related changes --- configure.ac | 8 ++++ cpp-opensaml2.sln | 1 + saml/SAMLConfig.cpp | 23 ++++++--- saml/binding/ArtifactMap.h | 2 +- saml/binding/SecurityPolicy.h | 6 +-- saml/binding/impl/ArtifactMap.cpp | 67 ++++++++++++++------------- saml/binding/impl/SecurityPolicy.cpp | 45 ++++++++---------- saml/encryption/EncryptedKeyResolver.cpp | 22 +++++---- saml/internal.h | 1 + saml/profile/impl/AudienceRestrictionRule.cpp | 54 ++++++++++++++------- saml/profile/impl/ConditionsRule.cpp | 33 ++++++------- saml/profile/impl/IgnoreRule.cpp | 12 ++--- saml/signature/ContentReference.cpp | 12 ++--- saml/util/CommonDomainCookie.cpp | 43 +++++++---------- samltest/Makefile.am | 1 + samltest/samltest.vcxproj | 15 +++++- samltest/samltest.vcxproj.filters | 6 +++ 17 files changed, 197 insertions(+), 154 deletions(-) diff --git a/configure.ac b/configure.ac index 1f22150..9a19812 100644 --- a/configure.ac +++ b/configure.ac @@ -141,6 +141,14 @@ AC_LANG([C++]) AC_CXX_NAMESPACES AC_CXX_REQUIRE_STL +# Boost +BOOST_REQUIRE +BOOST_BIND +BOOST_LAMBDA +BOOST_PTR_CONTAINER +BOOST_STRING_ALGO +CPPFLAGS="$BOOST_CPPFLAGS $CPPFLAGS" + # log4shib settings (favor this version over the log4cpp code) AC_PATH_PROG(LOG4SHIB_CONFIG,log4shib-config) AC_ARG_WITH(log4shib, diff --git a/cpp-opensaml2.sln b/cpp-opensaml2.sln index 8f4e4ff..abf15c9 100644 --- a/cpp-opensaml2.sln +++ b/cpp-opensaml2.sln @@ -61,6 +61,7 @@ Project("{2150E333-8FDC-42A3-9474-1A3956D46DE8}") = "Misc", "Misc", "{08D28DE8-0 m4\acinclude.m4 = m4\acinclude.m4 m4\acx_pthread.m4 = m4\acx_pthread.m4 m4\ax_create_pkgconfig_info.m4 = m4\ax_create_pkgconfig_info.m4 + m4\boost.m4 = m4\boost.m4 config_win32.h = config_win32.h configure.ac = configure.ac doxygen.am = doxygen.am diff --git a/saml/SAMLConfig.cpp b/saml/SAMLConfig.cpp index 5842713..43deb15 100644 --- a/saml/SAMLConfig.cpp +++ b/saml/SAMLConfig.cpp @@ -61,6 +61,10 @@ #include #include +#include +#include +#include + #include #include #include @@ -69,6 +73,8 @@ using namespace opensaml; using namespace xmlsignature; using namespace xmltooling::logging; using namespace xmltooling; +using namespace boost::lambda; +using namespace boost; using namespace std; // Expose entry points when used as an extension library @@ -114,6 +120,7 @@ SAMLConfig::SAMLConfig() : m_artifactMap(nullptr) SAMLConfig::~SAMLConfig() { + delete m_artifactMap; } ArtifactMap* SAMLConfig::getArtifactMap() const @@ -287,15 +294,19 @@ using namespace saml2md; void opensaml::annotateException(XMLToolingException* e, const EntityDescriptor* entity, const Status* status, bool rethrow) { + time_t now = time(nullptr); const RoleDescriptor* role = nullptr; + static bool (TimeBoundSAMLObject::* isValid)(time_t) const = &TimeBoundSAMLObject::isValid; + if (entity) { - const list& roles=entity->getOrderedChildren(); - for (list::const_iterator child=roles.begin(); !role && child!=roles.end(); ++child) { - role=dynamic_cast(*child); - if (role && !role->isValid()) - role = nullptr; - } + const XMLObject* r = find_if( + entity->getOrderedChildren(), + (ll_dynamic_cast(_1) != nullptr && lambda::bind(isValid, ll_dynamic_cast(_1), now)) + ); + if (r) + role = dynamic_cast(r); } + annotateException(e, role, status, rethrow); } diff --git a/saml/binding/ArtifactMap.h b/saml/binding/ArtifactMap.h index 224862c..36bdc23 100644 --- a/saml/binding/ArtifactMap.h +++ b/saml/binding/ArtifactMap.h @@ -110,7 +110,7 @@ namespace opensaml { private: xmltooling::StorageService* m_storage; std::string m_context; - ArtifactMappings* m_mappings; + std::auto_ptr m_mappings; unsigned int m_artifactTTL; }; diff --git a/saml/binding/SecurityPolicy.h b/saml/binding/SecurityPolicy.h index b75b139..72e0233 100644 --- a/saml/binding/SecurityPolicy.h +++ b/saml/binding/SecurityPolicy.h @@ -402,15 +402,15 @@ namespace opensaml { // information extracted from message xmltooling::xstring m_messageID; time_t m_issueInstant; - saml2::Issuer* m_issuer; + std::auto_ptr m_issuer; const saml2md::RoleDescriptor* m_issuerRole; bool m_authenticated; // components governing policy rules - IssuerMatchingPolicy* m_matchingPolicy; + std::auto_ptr m_matchingPolicy; std::vector m_rules; const saml2md::MetadataProvider* m_metadata; - xmltooling::QName* m_role; + std::auto_ptr m_role; const xmltooling::TrustEngine* m_trust; bool m_validate; bool m_entityOnly; diff --git a/saml/binding/impl/ArtifactMap.cpp b/saml/binding/impl/ArtifactMap.cpp index 8403084..62a60ad 100644 --- a/saml/binding/impl/ArtifactMap.cpp +++ b/saml/binding/impl/ArtifactMap.cpp @@ -30,6 +30,8 @@ #include "binding/SAMLArtifact.h" #include +#include +#include #include #include #include @@ -44,6 +46,8 @@ using namespace opensaml; using namespace xmltooling::logging; using namespace xmltooling; +using namespace boost::lambda; +using namespace boost; using namespace std; namespace opensaml { @@ -52,26 +56,23 @@ namespace opensaml { { public: ArtifactMappings() : m_lock(Mutex::create()) {} - ~ArtifactMappings() { - delete m_lock; - for (map::iterator i=m_artMap.begin(); i!=m_artMap.end(); ++i) - delete i->second.m_xml; - } + ~ArtifactMappings() {} + void storeContent(XMLObject* content, const SAMLArtifact* artifact, const char* relyingParty, int TTL); XMLObject* retrieveContent(const SAMLArtifact* artifact, const char* relyingParty); string getRelyingParty(const SAMLArtifact* artifact); private: struct SAML_DLLLOCAL Mapping { - Mapping() : m_xml(nullptr), m_expires(0) {} - XMLObject* m_xml; + Mapping() : m_expires(0) {} + auto_ptr m_xml; string m_relying; time_t m_expires; }; void removeMapping(const map::iterator& i); - Mutex* m_lock; + auto_ptr m_lock; map m_artMap; multimap m_expMap; }; @@ -84,35 +85,37 @@ namespace opensaml { void ArtifactMappings::removeMapping(const map::iterator& i) { - // Update secondary map. + // All elements in the secondary map whose key matches the expiration of the removed mapping. pair::iterator,multimap::iterator> range = m_expMap.equal_range(i->second.m_expires); - for (; range.first != range.second; ++range.first) { - if (range.first->second == i->first) { - m_expMap.erase(range.first); - break; - } + + // Find an element in the matching range whose value matches the input key. + multimap::iterator el = find_if( + range.first, range.second, + (lambda::bind(&multimap::value_type::second, _1) == boost::ref(i->first)) + ); + if (el != range.second) { + m_expMap.erase(el); } - delete i->second.m_xml; + m_artMap.erase(i); } void ArtifactMappings::storeContent(XMLObject* content, const SAMLArtifact* artifact, const char* relyingParty, int TTL) { - Lock wrapper(m_lock); + Lock wrapper(m_lock.get()); // Garbage collect any expired artifacts. - time_t now=time(nullptr); - multimap::iterator stop=m_expMap.upper_bound(now); - for (multimap::iterator i=m_expMap.begin(); i!=stop; m_expMap.erase(i++)) { - delete m_artMap[i->second].m_xml; + time_t now = time(nullptr); + multimap::iterator stop = m_expMap.upper_bound(now); + for (multimap::iterator i = m_expMap.begin(); i != stop; m_expMap.erase(i++)) { m_artMap.erase(i->second); } // Key is the hexed handle. string hexed = SAMLArtifact::toHex(artifact->getMessageHandle()); Mapping& m = m_artMap[hexed]; - m.m_xml = content; + m.m_xml.reset(content); if (relyingParty) m.m_relying = relyingParty; m.m_expires = now + TTL; @@ -122,10 +125,10 @@ void ArtifactMappings::storeContent(XMLObject* content, const SAMLArtifact* arti XMLObject* ArtifactMappings::retrieveContent(const SAMLArtifact* artifact, const char* relyingParty) { Category& log=Category::getInstance(SAML_LOGCAT".ArtifactMap"); - Lock wrapper(m_lock); + Lock wrapper(m_lock.get()); - map::iterator i=m_artMap.find(SAMLArtifact::toHex(artifact->getMessageHandle())); - if (i==m_artMap.end()) + map::iterator i = m_artMap.find(SAMLArtifact::toHex(artifact->getMessageHandle())); + if (i == m_artMap.end()) throw BindingException("Requested artifact not in map or may have expired."); if (!(i->second.m_relying.empty())) { @@ -145,29 +148,28 @@ XMLObject* ArtifactMappings::retrieveContent(const SAMLArtifact* artifact, const } log.debug("resolved artifact for (%s)", relyingParty ? relyingParty : "unknown"); - XMLObject* ret = i->second.m_xml; - i->second.m_xml = nullptr; // clear member so it doesn't get deleted + XMLObject* ret = i->second.m_xml.release(); removeMapping(i); return ret; } string ArtifactMappings::getRelyingParty(const SAMLArtifact* artifact) { - map::iterator i=m_artMap.find(SAMLArtifact::toHex(artifact->getMessageHandle())); - if (i==m_artMap.end()) + map::iterator i = m_artMap.find(SAMLArtifact::toHex(artifact->getMessageHandle())); + if (i == m_artMap.end()) throw BindingException("Requested artifact not in map or may have expired."); return i->second.m_relying; } ArtifactMap::ArtifactMap(xmltooling::StorageService* storage, const char* context, unsigned int artifactTTL) - : m_storage(storage), m_context((context && *context) ? context : "opensaml::ArtifactMap"), m_mappings(nullptr), m_artifactTTL(artifactTTL) + : m_storage(storage), m_context((context && *context) ? context : "opensaml::ArtifactMap"), m_artifactTTL(artifactTTL) { if (!m_storage) - m_mappings = new ArtifactMappings(); + m_mappings.reset(new ArtifactMappings()); } ArtifactMap::ArtifactMap(const DOMElement* e, xmltooling::StorageService* storage) - : m_storage(storage), m_mappings(nullptr), m_artifactTTL(180) + : m_storage(storage), m_artifactTTL(180) { if (e) { auto_ptr_char c(e->getAttributeNS(nullptr, context)); @@ -190,12 +192,11 @@ ArtifactMap::ArtifactMap(const DOMElement* e, xmltooling::StorageService* storag } if (!m_storage) - m_mappings = new ArtifactMappings(); + m_mappings.reset(new ArtifactMappings()); } ArtifactMap::~ArtifactMap() { - delete m_mappings; } void ArtifactMap::storeContent(XMLObject* content, const SAMLArtifact* artifact, const char* relyingParty) diff --git a/saml/binding/impl/SecurityPolicy.cpp b/saml/binding/impl/SecurityPolicy.cpp index 078194c..e772a62 100644 --- a/saml/binding/impl/SecurityPolicy.cpp +++ b/saml/binding/impl/SecurityPolicy.cpp @@ -30,12 +30,14 @@ #include "binding/SecurityPolicyRule.h" #include "saml2/core/Assertions.h" +#include #include using namespace opensaml::saml2md; using namespace opensaml::saml2; using namespace opensaml; using namespace xmltooling; +using namespace boost; using namespace std; namespace opensaml { @@ -89,26 +91,20 @@ SecurityPolicy::SecurityPolicy( bool validate ) : m_metadataCriteria(nullptr), m_issueInstant(0), - m_issuer(nullptr), m_issuerRole(nullptr), m_authenticated(false), - m_matchingPolicy(nullptr), m_metadata(metadataProvider), - m_role(nullptr), + m_role(role ? new xmltooling::QName(*role) : nullptr), m_trust(trustEngine), m_validate(validate), m_entityOnly(true), m_ts(0) { - if (role) - m_role = new xmltooling::QName(*role); } SecurityPolicy::~SecurityPolicy() { - delete m_role; delete m_metadataCriteria; - delete m_issuer; } const MetadataProvider* SecurityPolicy::getMetadataProvider() const @@ -127,7 +123,7 @@ MetadataProvider::Criteria& SecurityPolicy::getMetadataProviderCriteria() const const xmltooling::QName* SecurityPolicy::getRole() const { - return m_role; + return m_role.get(); } const TrustEngine* SecurityPolicy::getTrustEngine() const @@ -186,8 +182,7 @@ void SecurityPolicy::setMetadataProviderCriteria(MetadataProvider::Criteria* cri void SecurityPolicy::setRole(const xmltooling::QName* role) { - delete m_role; - m_role = role ? new xmltooling::QName(*role) : nullptr; + m_role.reset(role ? new xmltooling::QName(*role) : nullptr); } void SecurityPolicy::setTrustEngine(const TrustEngine* trust) @@ -219,8 +214,10 @@ void SecurityPolicy::setCorrelationID(const XMLCh* correlationID) void SecurityPolicy::evaluate(const XMLObject& message, const GenericRequest* request) { - for (vector::const_iterator i=m_rules.begin(); i!=m_rules.end(); ++i) - (*i)->evaluate(message,request,*this); + for_each( + m_rules.begin(), m_rules.end(), + boost::bind(&SecurityPolicyRule::evaluate, _1, boost::ref(message), request, boost::ref(*this)) + ); } void SecurityPolicy::reset(bool messageOnly) @@ -233,8 +230,7 @@ void SecurityPolicy::_reset(bool messageOnly) m_messageID.erase(); m_issueInstant=0; if (!messageOnly) { - delete m_issuer; - m_issuer=nullptr; + m_issuer.reset(); m_issuerRole=nullptr; m_authenticated=false; } @@ -252,7 +248,7 @@ time_t SecurityPolicy::getIssueInstant() const const Issuer* SecurityPolicy::getIssuer() const { - return m_issuer; + return m_issuer.get(); } const RoleDescriptor* SecurityPolicy::getIssuerMetadata() const @@ -279,25 +275,25 @@ void SecurityPolicy::setIssueInstant(time_t issueInstant) void SecurityPolicy::setIssuer(const Issuer* issuer) { - if (!getIssuerMatchingPolicy().issuerMatches(m_issuer, issuer)) + if (!getIssuerMatchingPolicy().issuerMatches(m_issuer.get(), issuer)) throw SecurityPolicyException("An Issuer was supplied that conflicts with previous results."); - if (!m_issuer) { + if (!m_issuer.get()) { if (m_entityOnly && issuer->getFormat() && !XMLString::equals(issuer->getFormat(), NameIDType::ENTITY)) throw SecurityPolicyException("A non-entity Issuer was supplied, violating policy."); m_issuerRole = nullptr; - m_issuer=issuer->cloneIssuer(); + m_issuer.reset(issuer->cloneIssuer()); } } void SecurityPolicy::setIssuer(const XMLCh* issuer) { - if (!getIssuerMatchingPolicy().issuerMatches(m_issuer, issuer)) + if (!getIssuerMatchingPolicy().issuerMatches(m_issuer.get(), issuer)) throw SecurityPolicyException("An Issuer was supplied that conflicts with previous results."); - if (!m_issuer && issuer && *issuer) { + if (!m_issuer.get() && issuer && *issuer) { m_issuerRole = nullptr; - m_issuer = IssuerBuilder::buildIssuer(); + m_issuer.reset(IssuerBuilder::buildIssuer()); m_issuer->setName(issuer); } } @@ -306,7 +302,7 @@ void SecurityPolicy::setIssuerMetadata(const RoleDescriptor* issuerRole) { if (issuerRole && m_issuerRole && issuerRole!=m_issuerRole) throw SecurityPolicyException("A rule supplied a RoleDescriptor that conflicts with previous results."); - m_issuerRole=issuerRole; + m_issuerRole = issuerRole; } void SecurityPolicy::setAuthenticated(bool auth) @@ -380,11 +376,10 @@ SecurityPolicy::IssuerMatchingPolicy SecurityPolicy::m_defaultMatching; const SecurityPolicy::IssuerMatchingPolicy& SecurityPolicy::getIssuerMatchingPolicy() const { - return m_matchingPolicy ? *m_matchingPolicy : m_defaultMatching; + return m_matchingPolicy.get() ? *m_matchingPolicy.get() : m_defaultMatching; } void SecurityPolicy::setIssuerMatchingPolicy(IssuerMatchingPolicy* matchingPolicy) { - delete m_matchingPolicy; - m_matchingPolicy = matchingPolicy; + m_matchingPolicy.reset(matchingPolicy); } diff --git a/saml/encryption/EncryptedKeyResolver.cpp b/saml/encryption/EncryptedKeyResolver.cpp index fb690ef..32345c5 100644 --- a/saml/encryption/EncryptedKeyResolver.cpp +++ b/saml/encryption/EncryptedKeyResolver.cpp @@ -28,8 +28,13 @@ #include "encryption/EncryptedKeyResolver.h" #include "saml2/core/Assertions.h" +#include +#include + using namespace xmlencryption; using opensaml::saml2::EncryptedElementType; +using namespace boost::lambda; +using namespace boost; using namespace std; opensaml::EncryptedKeyResolver::EncryptedKeyResolver(const EncryptedElementType& ref) : m_ref(ref) @@ -46,13 +51,14 @@ const EncryptedKey* opensaml::EncryptedKeyResolver::resolveKey(const EncryptedDa if (base) return base; - const vector& keys=m_ref.getEncryptedKeys(); - for (vector::const_iterator i=keys.begin(); i!=keys.end(); i++) { - if ((*i)->getRecipient() == nullptr) - return (*i); - else if (XMLString::equals(recipient,(*i)->getRecipient())) - return (*i); - } + static bool (*equal_fn)(const XMLCh*, const XMLCh*) = &XMLString::equals; - return nullptr; + // Look for first match that has no Recipient attribute, or matches the input recipient. + // Using XMLString::equals allows for both to be NULL and still match. + vector::const_iterator k = find_if( + m_ref.getEncryptedKeys().begin(), m_ref.getEncryptedKeys().end(), + (lambda::bind(&EncryptedKey::getRecipient, _1) == nullptr || + lambda::bind(equal_fn, recipient, lambda::bind(&EncryptedKey::getRecipient, _1))) + ); + return (k != m_ref.getEncryptedKeys().end()) ? (*k) : nullptr; } diff --git a/saml/internal.h b/saml/internal.h index 3c2d4c2..5d66226 100644 --- a/saml/internal.h +++ b/saml/internal.h @@ -28,6 +28,7 @@ #ifdef WIN32 # define _CRT_SECURE_NO_DEPRECATE 1 # define _CRT_NONSTDC_NO_DEPRECATE 1 +# define _SCL_SECURE_NO_WARNINGS 1 #endif // Export public APIs diff --git a/saml/profile/impl/AudienceRestrictionRule.cpp b/saml/profile/impl/AudienceRestrictionRule.cpp index 5201a38..0c55eda 100644 --- a/saml/profile/impl/AudienceRestrictionRule.cpp +++ b/saml/profile/impl/AudienceRestrictionRule.cpp @@ -31,11 +31,13 @@ #include "saml1/core/Assertions.h" #include "saml2/core/Assertions.h" +#include #include using namespace opensaml; using namespace xmltooling::logging; using namespace xmltooling; +using namespace boost; using namespace std; namespace opensaml { @@ -73,18 +75,27 @@ AudienceRestrictionRule::AudienceRestrictionRule(const DOMElement* e) bool AudienceRestrictionRule::evaluate(const XMLObject& message, const GenericRequest* request, SecurityPolicy& policy) const { + static bool (*equals_fn)(const XMLCh*, const XMLCh*) = &XMLString::equals; + const saml2::AudienceRestriction* ac2=dynamic_cast(&message); if (ac2) { const vector& auds2 = ac2->getAudiences(); - for (vector::const_iterator a1 = auds2.begin(); a1!=auds2.end(); ++a1) { - for (vector::const_iterator a2 = policy.getAudiences().begin(); a2!=policy.getAudiences().end(); ++a2) { - if (XMLString::equals((*a1)->getAudienceURI(), a2->c_str())) - return true; - } - for (vector::const_iterator a2 = m_audiences.begin(); a2!=m_audiences.end(); ++a2) { - if (XMLString::equals((*a1)->getAudienceURI(), *a2)) - return true; - } + for (vector::const_iterator a1 = auds2.begin(); a1 != auds2.end(); ++a1) { + const XMLCh* a1val = (*a1)->getAudienceURI(); + + vector::const_iterator policyMatch = find_if( + policy.getAudiences().begin(), policy.getAudiences().end(), + boost::bind(equals_fn, a1val, boost::bind(&xstring::c_str, _1)) + ); + if (policyMatch != policy.getAudiences().end()) + return true; + + vector::const_iterator ruleMatch = find_if( + m_audiences.begin(), m_audiences.end(), + boost::bind(equals_fn, a1val, _1) + ); + if (ruleMatch != m_audiences.end()) + return true; } ostringstream os; @@ -98,15 +109,22 @@ bool AudienceRestrictionRule::evaluate(const XMLObject& message, const GenericRe const saml1::AudienceRestrictionCondition* ac1=dynamic_cast(&message); if (ac1) { const vector& auds1 = ac1->getAudiences(); - for (vector::const_iterator a1 = auds1.begin(); a1!=auds1.end(); ++a1) { - for (vector::const_iterator a2 = policy.getAudiences().begin(); a2!=policy.getAudiences().end(); ++a2) { - if (XMLString::equals((*a1)->getAudienceURI(), a2->c_str())) - return true; - } - for (vector::const_iterator a2 = m_audiences.begin(); a2!=m_audiences.end(); ++a2) { - if (XMLString::equals((*a1)->getAudienceURI(), *a2)) - return true; - } + for (vector::const_iterator a1 = auds1.begin(); a1 != auds1.end(); ++a1) { + const XMLCh* a1val = (*a1)->getAudienceURI(); + + vector::const_iterator policyMatch = find_if( + policy.getAudiences().begin(), policy.getAudiences().end(), + boost::bind(equals_fn, a1val, boost::bind(&xstring::c_str, _1)) + ); + if (policyMatch != policy.getAudiences().end()) + return true; + + vector::const_iterator ruleMatch = find_if( + m_audiences.begin(), m_audiences.end(), + boost::bind(equals_fn, a1val, _1) + ); + if (ruleMatch != m_audiences.end()) + return true; } ostringstream os; diff --git a/saml/profile/impl/ConditionsRule.cpp b/saml/profile/impl/ConditionsRule.cpp index 1c3bbe1..3c36517 100644 --- a/saml/profile/impl/ConditionsRule.cpp +++ b/saml/profile/impl/ConditionsRule.cpp @@ -31,6 +31,7 @@ #include "saml1/core/Assertions.h" #include "saml2/core/Assertions.h" +#include #include #include #include @@ -39,6 +40,7 @@ using namespace opensaml; using namespace xmltooling::logging; using namespace xmltooling; +using namespace boost; using namespace std; namespace opensaml { @@ -48,7 +50,6 @@ namespace opensaml { ConditionsRule(const DOMElement* e); virtual ~ConditionsRule() { - for_each(m_rules.begin(), m_rules.end(), xmltooling::cleanup()); if (m_doc) m_doc->release(); } @@ -59,7 +60,7 @@ namespace opensaml { private: DOMDocument* m_doc; - vector m_rules; + ptr_vector m_rules; }; SecurityPolicyRule* SAML_DLLLOCAL ConditionsRuleFactory(const DOMElement* const & e) @@ -131,8 +132,8 @@ bool ConditionsRule::evaluate(const XMLObject& message, const GenericRequest* re const vector& acvec = conds->getAudienceRestrictions(); for (vector::const_iterator ac = acvec.begin(); ac != acvec.end(); ++ac) { valid = false; - for (vector::const_iterator r = m_rules.begin(); !valid && r != m_rules.end(); ++r) - valid = (*r)->evaluate(*(*ac), request, policy); + for (ptr_vector::const_iterator r = m_rules.begin(); !valid && r != m_rules.end(); ++r) + valid = r->evaluate(*(*ac), request, policy); if (!valid) throw SecurityPolicyException("AudienceRestriction condition not successfully validated by policy."); } @@ -140,8 +141,8 @@ bool ConditionsRule::evaluate(const XMLObject& message, const GenericRequest* re const vector& otvec = conds->getOneTimeUses(); for (vector::const_iterator ot = otvec.begin(); ot!=otvec.end(); ++ot) { valid = false; - for (vector::const_iterator r = m_rules.begin(); !valid && r != m_rules.end(); ++r) - valid = (*r)->evaluate(*(*ot), request, policy); + for (ptr_vector::const_iterator r = m_rules.begin(); !valid && r != m_rules.end(); ++r) + valid = r->evaluate(*(*ot), request, policy); if (!valid) throw SecurityPolicyException("OneTimeUse condition not successfully validated by policy."); } @@ -149,8 +150,8 @@ bool ConditionsRule::evaluate(const XMLObject& message, const GenericRequest* re const vector pvec = conds->getProxyRestrictions(); for (vector::const_iterator p = pvec.begin(); p != pvec.end(); ++p) { valid = false; - for (vector::const_iterator r = m_rules.begin(); !valid && r != m_rules.end(); ++r) - valid = (*r)->evaluate(*(*p), request, policy); + for (ptr_vector::const_iterator r = m_rules.begin(); !valid && r != m_rules.end(); ++r) + valid = r->evaluate(*(*p), request, policy); if (!valid) throw SecurityPolicyException("ProxyRestriction condition not successfully validated by policy."); } @@ -158,8 +159,8 @@ bool ConditionsRule::evaluate(const XMLObject& message, const GenericRequest* re const vector& convec = conds->getConditions(); for (vector::const_iterator c = convec.begin(); c != convec.end(); ++c) { valid = false; - for (vector::const_iterator r = m_rules.begin(); !valid && r != m_rules.end(); ++r) - valid = (*r)->evaluate(*(*c), request, policy); + for (ptr_vector::const_iterator r = m_rules.begin(); !valid && r != m_rules.end(); ++r) + valid = r->evaluate(*(*c), request, policy); if (!valid) { throw SecurityPolicyException( "Extension condition ($1) not successfully validated by policy.", @@ -194,8 +195,8 @@ bool ConditionsRule::evaluate(const XMLObject& message, const GenericRequest* re const vector& acvec = conds->getAudienceRestrictionConditions(); for (vector::const_iterator ac = acvec.begin(); ac != acvec.end(); ++ac) { valid = false; - for (vector::const_iterator r = m_rules.begin(); !valid && r != m_rules.end(); ++r) - valid = (*r)->evaluate(*(*ac), request, policy); + for (ptr_vector::const_iterator r = m_rules.begin(); !valid && r != m_rules.end(); ++r) + valid = r->evaluate(*(*ac), request, policy); if (!valid) throw SecurityPolicyException("AudienceRestrictionCondition not successfully validated by policy."); } @@ -203,8 +204,8 @@ bool ConditionsRule::evaluate(const XMLObject& message, const GenericRequest* re const vector& dncvec = conds->getDoNotCacheConditions(); for (vector::const_iterator dnc = dncvec.begin(); dnc != dncvec.end(); ++dnc) { valid = false; - for (vector::const_iterator r = m_rules.begin(); !valid && r != m_rules.end(); ++r) - valid = (*r)->evaluate(*(*dnc), request, policy); + for (ptr_vector::const_iterator r = m_rules.begin(); !valid && r != m_rules.end(); ++r) + valid = r->evaluate(*(*dnc), request, policy); if (!valid) throw SecurityPolicyException("DoNotCacheCondition not successfully validated by policy."); } @@ -212,8 +213,8 @@ bool ConditionsRule::evaluate(const XMLObject& message, const GenericRequest* re const vector& convec = conds->getConditions(); for (vector::const_iterator c = convec.begin(); c != convec.end(); ++c) { valid = false; - for (vector::const_iterator r = m_rules.begin(); !valid && r != m_rules.end(); ++r) - valid = (*r)->evaluate(*(*c), request, policy); + for (ptr_vector::const_iterator r = m_rules.begin(); !valid && r != m_rules.end(); ++r) + valid = r->evaluate(*(*c), request, policy); if (!valid) { throw SecurityPolicyException( "Extension condition ($1) not successfully validated by policy.", diff --git a/saml/profile/impl/IgnoreRule.cpp b/saml/profile/impl/IgnoreRule.cpp index 295d387..a9673db 100644 --- a/saml/profile/impl/IgnoreRule.cpp +++ b/saml/profile/impl/IgnoreRule.cpp @@ -45,24 +45,22 @@ namespace opensaml { public: IgnoreRule(const DOMElement* e) : m_log(Category::getInstance(SAML_LOGCAT".SecurityPolicyRule.Ignore")), m_qname(XMLHelper::getNodeValueAsQName(e)) { - if (!m_qname) + if (!m_qname.get()) throw SecurityPolicyException("No schema type or element name supplied to Ignore rule."); } - virtual ~IgnoreRule() { - delete m_qname; - } + virtual ~IgnoreRule() {} const char* getType() const { return IGNORE_POLICY_RULE; } bool evaluate(const XMLObject& message, const GenericRequest* request, SecurityPolicy& policy) const { if (message.getSchemaType()) { - if (*m_qname != *(message.getSchemaType())) + if (*m_qname.get() != *(message.getSchemaType())) return false; m_log.info("ignoring condition with type (%s)", message.getSchemaType()->toString().c_str()); } else { - if (*m_qname != message.getElementQName()) + if (*m_qname.get() != message.getElementQName()) return false; m_log.info("ignoring condition (%s)", message.getElementQName().toString().c_str()); } @@ -71,7 +69,7 @@ namespace opensaml { private: Category& m_log; - xmltooling::QName* m_qname; + auto_ptr m_qname; }; SecurityPolicyRule* SAML_DLLLOCAL IgnoreRuleFactory(const DOMElement* const & e) diff --git a/saml/signature/ContentReference.cpp b/saml/signature/ContentReference.cpp index e430fb4..41f88eb 100644 --- a/saml/signature/ContentReference.cpp +++ b/saml/signature/ContentReference.cpp @@ -75,17 +75,11 @@ void ContentReference::createReferences(DSIGSignature* sig) ref=sig->createReference(&chNull, m_digest ? m_digest : DSIGConstants::s_unicodeStrURISHA1); // whole doc reference else { XMLCh* buf=new XMLCh[XMLString::stringLen(id) + 2]; + auto_arrayptr bufjanitor(buf); buf[0]=chPound; buf[1]=chNull; XMLString::catString(buf,id); - try { - ref=sig->createReference(buf, m_digest ? m_digest : DSIGConstants::s_unicodeStrURISHA1); - delete[] buf; - } - catch(...) { - delete[] buf; - throw; - } + ref=sig->createReference(buf, m_digest ? m_digest : DSIGConstants::s_unicodeStrURISHA1); } ref->appendEnvelopedSignatureTransform(); @@ -101,7 +95,7 @@ void ContentReference::createReferences(DSIGSignature* sig) } if (!prefixes.empty()) { prefixes.erase(prefixes.begin() + prefixes.size() - 1); - c14n->setInclusiveNamespaces(const_cast(prefixes.c_str())); + c14n->setInclusiveNamespaces(const_cast(prefixes.c_str())); // the cast is for compatibility with old xmlsec } } } diff --git a/saml/util/CommonDomainCookie.cpp b/saml/util/CommonDomainCookie.cpp index 772fd18..5fa1391 100644 --- a/saml/util/CommonDomainCookie.cpp +++ b/saml/util/CommonDomainCookie.cpp @@ -27,6 +27,7 @@ #include "internal.h" #include "util/CommonDomainCookie.h" +#include #include #include #include @@ -34,6 +35,7 @@ using namespace opensaml; using namespace xmltooling; +using namespace boost; using namespace std; const char CommonDomainCookie::CDCName[] = "_saml_idp"; @@ -48,23 +50,16 @@ CommonDomainCookie::CommonDomainCookie(const char* cookie) XMLToolingConfig::getConfig().getURLEncoder()->decode(b64); // Chop it up and save off elements. - vector templist; - char* ptr=b64; - while (*ptr) { - while (*ptr && isspace(*ptr)) ptr++; - char* end=ptr; - while (*end && !isspace(*end)) end++; - templist.push_back(string(ptr,end-ptr)); - ptr=end; - } + split(m_list, b64, is_space(), algorithm::token_compress_on); free(b64); - // Now Base64 decode the list. + // Now Base64 decode the list elements, overwriting them. xsecsize_t len; - for (vector::iterator i=templist.begin(); i!=templist.end(); ++i) { + for (vector::iterator i = m_list.begin(); i != m_list.end(); ++i) { + trim(*i); XMLByte* decoded=Base64::decode(reinterpret_cast(i->c_str()),&len); if (decoded && *decoded) { - m_list.push_back(reinterpret_cast(decoded)); + i->assign(reinterpret_cast(decoded)); #ifdef OPENSAML_XERCESC_HAS_XMLBYTE_RELEASE XMLString::release(&decoded); #else @@ -85,13 +80,8 @@ const vector& CommonDomainCookie::get() const const char* CommonDomainCookie::set(const char* entityID) { - // First scan the list for this IdP. - for (vector::iterator i=m_list.begin(); i!=m_list.end(); i++) { - if (*i == entityID) { - m_list.erase(i); - break; - } - } + // First remove the IdP from the list. + m_list.erase(remove(m_list.begin(), m_list.end(), entityID), m_list.end()); // Append it to the end. m_list.push_back(entityID); @@ -99,15 +89,16 @@ const char* CommonDomainCookie::set(const char* entityID) // Now rebuild the delimited list. xsecsize_t len; string delimited; - for (vector::const_iterator j=m_list.begin(); j!=m_list.end(); j++) { - if (!delimited.empty()) delimited += ' '; + for (vector::const_iterator j = m_list.begin(); j != m_list.end(); ++j) { + if (!delimited.empty()) + delimited += ' '; - XMLByte* b64=Base64::encode(reinterpret_cast(j->c_str()),j->length(),&len); + XMLByte* b64 = Base64::encode(reinterpret_cast(j->c_str()), j->length(), &len); XMLByte *pos, *pos2; - for (pos=b64, pos2=b64; *pos2; pos2++) + for (pos = b64, pos2 = b64; *pos2; ++pos2) if (isgraph(*pos2)) - *pos++=*pos2; - *pos=0; + *pos++ = *pos2; + *pos = 0; delimited += reinterpret_cast(b64); #ifdef OPENSAML_XERCESC_HAS_XMLBYTE_RELEASE @@ -117,6 +108,6 @@ const char* CommonDomainCookie::set(const char* entityID) #endif } - m_encoded=XMLToolingConfig::getConfig().getURLEncoder()->encode(delimited.c_str()); + m_encoded = XMLToolingConfig::getConfig().getURLEncoder()->encode(delimited.c_str()); return m_encoded.c_str(); } diff --git a/samltest/Makefile.am b/samltest/Makefile.am index 0209c14..124f4ce 100644 --- a/samltest/Makefile.am +++ b/samltest/Makefile.am @@ -14,6 +14,7 @@ samltest_h = \ SAMLArtifactType0002Test.h \ SAMLArtifactType0004Test.h \ ArtifactMapTest.h \ + CookieTest.h \ encryption/EncryptedAssertionTest.h \ signature/SAML1AssertionTest.h \ signature/SAML1RequestTest.h \ diff --git a/samltest/samltest.vcxproj b/samltest/samltest.vcxproj index fa35452..8784bdb 100644 --- a/samltest/samltest.vcxproj +++ b/samltest/samltest.vcxproj @@ -1,4 +1,4 @@ - + @@ -162,6 +162,7 @@ + @@ -573,6 +574,16 @@ %(RootDir)%(Directory)%(Filename).cpp;%(Outputs) + + perl.exe -w $(CxxTestRoot)\cxxtestgen.pl --part --have-eh --have-std --abort-on-fail -o "%(RootDir)%(Directory)%(Filename)".cpp "%(FullPath)" + perl.exe -w $(CxxTestRoot)\cxxtestgen.pl --part --have-eh --have-std --abort-on-fail -o "%(RootDir)%(Directory)%(Filename)".cpp "%(FullPath)" + perl.exe -w $(CxxTestRoot)\cxxtestgen.pl --part --have-eh --have-std --abort-on-fail -o "%(RootDir)%(Directory)%(Filename)".cpp "%(FullPath)" + perl.exe -w $(CxxTestRoot)\cxxtestgen.pl --part --have-eh --have-std --abort-on-fail -o "%(RootDir)%(Directory)%(Filename)".cpp "%(FullPath)" + %(RootDir)%(Directory)%(Filename).cpp;%(Outputs) + %(RootDir)%(Directory)%(Filename).cpp;%(Outputs) + %(RootDir)%(Directory)%(Filename).cpp;%(Outputs) + %(RootDir)%(Directory)%(Filename).cpp;%(Outputs) + perl.exe -w $(CxxTestRoot)\cxxtestgen.pl --part --have-eh --have-std --abort-on-fail -o "%(RootDir)%(Directory)%(Filename)".cpp "%(FullPath)" @@ -1499,4 +1510,4 @@ - + \ No newline at end of file diff --git a/samltest/samltest.vcxproj.filters b/samltest/samltest.vcxproj.filters index ac3dada..b666a91 100644 --- a/samltest/samltest.vcxproj.filters +++ b/samltest/samltest.vcxproj.filters @@ -359,6 +359,9 @@ Generated Files\encryption + + Generated Files + @@ -639,5 +642,8 @@ Unit Tests\encryption + + Unit Tests + \ No newline at end of file -- 2.1.4