2 * Copyright 2001-2005 Internet2
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
8 * http://www.apache.org/licenses/LICENSE-2.0
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
17 /* Metadata.h - glue classes that interface to metadata providers
26 #include <xmltooling/util/NDC.h>
28 using namespace shibboleth;
29 using namespace opensaml::saml2md;
33 const ICredResolver* Credentials::lookup(const char* id)
39 const ICredResolver* ret=NULL;
41 while (m_creds.hasNext()) {
42 m_mapper=m_creds.next();
44 if (ret=m_mapper->lookup(id)) {
53 Credentials::~Credentials()
61 AAP::AAP(const saml::Iterator<IAAP*>& aaps, const XMLCh* attrName, const XMLCh* attrNamespace) : m_mapper(NULL), m_rule(NULL)
64 while (aaps.hasNext()) {
67 if (m_rule=m_mapper->lookup(attrName,attrNamespace)) {
75 AAP::AAP(const saml::Iterator<IAAP*>& aaps, const char* alias) : m_mapper(NULL), m_rule(NULL)
78 while (aaps.hasNext()) {
81 if (m_rule=m_mapper->lookup(alias)) {
97 void AAP::apply(const saml::Iterator<IAAP*>& aaps, saml::SAMLAssertion& assertion, const RoleDescriptor* role)
100 xmltooling::NDC("apply");
102 log4cpp::Category& log=log4cpp::Category::getInstance(SHIB_LOGCAT".AAP");
104 // First check for no providers or AnyAttribute.
105 if (aaps.size()==0) {
106 log.info("no filters specified, accepting entire assertion");
110 while (aaps.hasNext()) {
113 if (p->anyAttribute()) {
114 log.info("any attribute enabled, accepting entire assertion");
119 // Check each statement.
120 const IAttributeRule* rule=NULL;
121 Iterator<SAMLStatement*> statements=assertion.getStatements();
122 for (unsigned int scount=0; scount < statements.size();) {
123 SAMLAttributeStatement* s=dynamic_cast<SAMLAttributeStatement*>(statements[scount]);
129 // Check each attribute, applying any matching rules.
130 Iterator<SAMLAttribute*> attrs=s->getAttributes();
131 for (unsigned long acount=0; acount < attrs.size();) {
132 SAMLAttribute* a=attrs[acount];
133 bool ruleFound=false;
135 while (aaps.hasNext()) {
138 if (rule=i->lookup(a->getName(),a->getNamespace())) {
141 rule->apply(*a,role);
143 catch (SAMLException&) {
144 // The attribute is now defunct.
145 log.info("no values remain, removing attribute");
146 s->removeAttribute(acount--);
152 if (log.isWarnEnabled()) {
153 auto_ptr_char temp(a->getName());
154 log.warn("no rule found for attribute (%s), filtering it out",temp.get());
156 s->removeAttribute(acount--);
165 catch (SAMLException&) {
166 // The statement is now defunct.
167 log.info("no attributes remain, removing statement");
168 assertion.removeStatement(scount);
172 // Now see if we trashed it irrevocably.
173 assertion.checkValidity();