2 * Copyright 2001-2005 Internet2
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
8 * http://www.apache.org/licenses/LICENSE-2.0
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
17 /* Metadata.h - glue classes that interface to metadata providers
27 using namespace shibboleth;
31 const IEntityDescriptor* Metadata::lookup(const XMLCh* id, bool strict)
37 const IEntityDescriptor* ret=NULL;
39 while (m_metadatas.hasNext()) {
40 m_mapper=m_metadatas.next();
42 if (ret=m_mapper->lookup(id,strict)) {
51 const IEntityDescriptor* Metadata::lookup(const char* id, bool strict)
57 const IEntityDescriptor* ret=NULL;
59 while (m_metadatas.hasNext()) {
60 m_mapper=m_metadatas.next();
62 if (ret=m_mapper->lookup(id,strict)) {
71 const IEntityDescriptor* Metadata::lookup(const SAMLArtifact* artifact)
77 const IEntityDescriptor* ret=NULL;
79 while (m_metadatas.hasNext()) {
80 m_mapper=m_metadatas.next();
82 if (ret=m_mapper->lookup(artifact)) {
99 bool Trust::validate(const SAMLSignedObject& token, const IRoleDescriptor* role) const
102 while (m_trusts.hasNext()) {
103 if (m_trusts.next()->validate(token,role))
109 bool Trust::validate(void* certEE, const Iterator<void*>& certChain, const IRoleDescriptor* role, bool checkName) const
112 while (m_trusts.hasNext()) {
113 if (m_trusts.next()->validate(certEE,certChain,role,checkName))
119 const ICredResolver* Credentials::lookup(const char* id)
125 const ICredResolver* ret=NULL;
127 while (m_creds.hasNext()) {
128 m_mapper=m_creds.next();
130 if (ret=m_mapper->lookup(id)) {
139 Credentials::~Credentials()
147 AAP::AAP(const saml::Iterator<IAAP*>& aaps, const XMLCh* attrName, const XMLCh* attrNamespace) : m_mapper(NULL), m_rule(NULL)
150 while (aaps.hasNext()) {
151 m_mapper=aaps.next();
153 if (m_rule=m_mapper->lookup(attrName,attrNamespace)) {
161 AAP::AAP(const saml::Iterator<IAAP*>& aaps, const char* alias) : m_mapper(NULL), m_rule(NULL)
164 while (aaps.hasNext()) {
165 m_mapper=aaps.next();
167 if (m_rule=m_mapper->lookup(alias)) {
183 void AAP::apply(const saml::Iterator<IAAP*>& aaps, saml::SAMLAssertion& assertion, const IEntityDescriptor* source)
188 log4cpp::Category& log=log4cpp::Category::getInstance(SHIB_LOGCAT".AAP");
190 // First check for no providers or AnyAttribute.
191 if (aaps.size()==0) {
192 log.info("no filters specified, accepting entire assertion");
196 while (aaps.hasNext()) {
199 if (p->anyAttribute()) {
200 log.info("any attribute enabled, accepting entire assertion");
205 // Check each statement.
206 const IAttributeRule* rule=NULL;
207 Iterator<SAMLStatement*> statements=assertion.getStatements();
208 for (unsigned int scount=0; scount < statements.size();) {
209 SAMLAttributeStatement* s=dynamic_cast<SAMLAttributeStatement*>(statements[scount]);
215 // Check each attribute, applying any matching rules.
216 Iterator<SAMLAttribute*> attrs=s->getAttributes();
217 for (unsigned long acount=0; acount < attrs.size();) {
218 SAMLAttribute* a=attrs[acount];
219 bool ruleFound=false;
221 while (aaps.hasNext()) {
224 if (rule=i->lookup(a->getName(),a->getNamespace())) {
227 rule->apply(*a,source);
229 catch (SAMLException&) {
230 // The attribute is now defunct.
231 log.info("no values remain, removing attribute");
232 s->removeAttribute(acount--);
238 if (log.isWarnEnabled()) {
239 auto_ptr_char temp(a->getName());
240 log.warn("no rule found for attribute (%s), filtering it out",temp.get());
242 s->removeAttribute(acount--);
251 catch (SAMLException&) {
252 // The statement is now defunct.
253 log.info("no attributes remain, removing statement");
254 assertion.removeStatement(scount);
258 // Now see if we trashed it irrevocably.
259 assertion.checkValidity();