2 * Licensed to the University Corporation for Advanced Internet
3 * Development, Inc. (UCAID) under one or more contributor license
4 * agreements. See the NOTICE file distributed with this work for
5 * additional information regarding copyright ownership.
7 * UCAID licenses this file to you under the Apache License,
8 * Version 2.0 (the "License"); you may not use this file except
9 * in compliance with the License. You may obtain a copy of the
12 * http://www.apache.org/licenses/LICENSE-2.0
14 * Unless required by applicable law or agreed to in writing,
15 * software distributed under the License is distributed on an
16 * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND,
17 * either express or implied. See the License for the specific
18 * language governing permissions and limitations under the License.
22 * KeyInfoAttributeDecoder.cpp
24 * Decodes KeyInfo information into a SimpleAttribute.
28 #include "attribute/AttributeDecoder.h"
29 #include "attribute/SimpleAttribute.h"
31 #include <boost/scoped_ptr.hpp>
32 #include <saml/saml1/core/Assertions.h>
33 #include <saml/saml2/core/Assertions.h>
34 #include <xmltooling/XMLToolingConfig.h>
35 #include <xmltooling/security/Credential.h>
36 #include <xmltooling/security/KeyInfoResolver.h>
37 #include <xmltooling/security/SecurityHelper.h>
38 #include <xmltooling/signature/KeyInfo.h>
40 using namespace shibsp;
41 using namespace opensaml;
42 using namespace xmlsignature;
43 using namespace xmltooling;
44 using namespace boost;
48 class SHIBSP_DLLLOCAL KeyInfoAttributeDecoder : virtual public AttributeDecoder
51 KeyInfoAttributeDecoder(const DOMElement* e);
52 ~KeyInfoAttributeDecoder() {}
55 const vector<string>& ids, const XMLObject* xmlObject, const char* assertingParty=nullptr, const char* relyingParty=nullptr
59 void extract(const KeyInfo* k, vector<string>& dest) const {
60 scoped_ptr<Credential> cred(getKeyInfoResolver()->resolve(k, Credential::RESOLVE_KEYS));
62 dest.push_back(string());
63 dest.back() = SecurityHelper::getDEREncoding(*cred, m_hash ? m_keyInfoHashAlg.c_str() : nullptr);
64 if (dest.back().empty())
69 const KeyInfoResolver* getKeyInfoResolver() const {
70 return m_keyInfoResolver ? m_keyInfoResolver.get() : XMLToolingConfig::getConfig().getKeyInfoResolver();
74 string m_keyInfoHashAlg;
75 scoped_ptr<KeyInfoResolver> m_keyInfoResolver;
78 AttributeDecoder* SHIBSP_DLLLOCAL KeyInfoAttributeDecoderFactory(const DOMElement* const & e)
80 return new KeyInfoAttributeDecoder(e);
83 static const XMLCh _KeyInfoResolver[] = UNICODE_LITERAL_15(K,e,y,I,n,f,o,R,e,s,o,l,v,e,r);
84 static const XMLCh _hash[] = UNICODE_LITERAL_4(h,a,s,h);
85 static const XMLCh keyInfoHashAlg[] = UNICODE_LITERAL_14(k,e,y,I,n,f,o,H,a,s,h,A,l,g);
86 static const XMLCh _type[] = UNICODE_LITERAL_4(t,y,p,e);
89 KeyInfoAttributeDecoder::KeyInfoAttributeDecoder(const DOMElement* e)
90 : AttributeDecoder(e),
91 m_hash(XMLHelper::getAttrBool(e, false, _hash)),
92 m_keyInfoHashAlg(XMLHelper::getAttrString(e, "SHA1", keyInfoHashAlg)) {
93 e = XMLHelper::getFirstChildElement(e, _KeyInfoResolver);
95 string t(XMLHelper::getAttrString(e, nullptr, _type));
97 throw UnknownExtensionException("<KeyInfoResolver> element found with no type attribute");
98 m_keyInfoResolver.reset(XMLToolingConfig::getConfig().KeyInfoResolverManager.newPlugin(t.c_str(), e));
102 Attribute* KeyInfoAttributeDecoder::decode(
103 const vector<string>& ids, const XMLObject* xmlObject, const char* assertingParty, const char* relyingParty
106 Category& log = Category::getInstance(SHIBSP_LOGCAT".AttributeDecoder.KeyInfo");
108 if (!xmlObject || !XMLString::equals(saml1::Attribute::LOCAL_NAME, xmlObject->getElementQName().getLocalPart())) {
109 log.warn("XMLObject type not recognized by KeyInfoAttributeDecoder, no values returned");
113 auto_ptr<SimpleAttribute> attr(new SimpleAttribute(ids));
114 vector<string>& dest = attr->getValues();
115 vector<XMLObject*>::const_iterator v,stop;
117 const saml2::Attribute* saml2attr = dynamic_cast<const saml2::Attribute*>(xmlObject);
119 const vector<XMLObject*>& values = saml2attr->getAttributeValues();
122 if (log.isDebugEnabled()) {
123 auto_ptr_char n(saml2attr->getName());
125 "decoding KeyInfo information (%s) from SAML 2 Attribute (%s) with %lu value(s)",
126 ids.front().c_str(), n.get() ? n.get() : "unnamed", values.size()
131 const saml1::Attribute* saml1attr = dynamic_cast<const saml1::Attribute*>(xmlObject);
133 const vector<XMLObject*>& values = saml1attr->getAttributeValues();
136 if (log.isDebugEnabled()) {
137 auto_ptr_char n(saml1attr->getAttributeName());
139 "decoding KeyInfo information (%s) from SAML 1 Attribute (%s) with %lu value(s)",
140 ids.front().c_str(), n.get() ? n.get() : "unnamed", values.size()
145 log.warn("XMLObject type not recognized by KeyInfoAttributeDecoder, no values returned");
150 for (; v!=stop; ++v) {
151 const KeyInfo* k = dynamic_cast<const KeyInfo*>(*v);
154 else if ((*v)->hasChildren()) {
155 const list<XMLObject*>& children = (*v)->getOrderedChildren();
156 for (list<XMLObject*>::const_iterator vv = children.begin(); vv != children.end(); ++vv) {
157 if (k=dynamic_cast<const KeyInfo*>(*vv))
160 log.warn("skipping AttributeValue without a recognizable KeyInfo");
165 return dest.empty() ? nullptr : _decode(attr.release());