2 * Licensed to the University Corporation for Advanced Internet
3 * Development, Inc. (UCAID) under one or more contributor license
4 * agreements. See the NOTICE file distributed with this work for
5 * additional information regarding copyright ownership.
7 * UCAID licenses this file to you under the Apache License,
8 * Version 2.0 (the "License"); you may not use this file except
9 * in compliance with the License. You may obtain a copy of the
12 * http://www.apache.org/licenses/LICENSE-2.0
14 * Unless required by applicable law or agreed to in writing,
15 * software distributed under the License is distributed on an
16 * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND,
17 * either express or implied. See the License for the specific
18 * language governing permissions and limitations under the License.
22 * AttributeScopeMatchesShibMDScopeFunctor.cpp
24 * A match function that ensures that an attributes value's scope matches
25 * a scope given in metadata for the entity or role.
29 #include "exceptions.h"
30 #include "attribute/Attribute.h"
31 #include "attribute/filtering/FilteringContext.h"
32 #include "attribute/filtering/FilterPolicyContext.h"
33 #include "attribute/filtering/MatchFunctor.h"
34 #include "metadata/MetadataExt.h"
36 #include <saml/saml2/metadata/Metadata.h>
37 #include <xercesc/util/regx/RegularExpression.hpp>
39 using namespace opensaml::saml2md;
40 using namespace xmltooling;
46 * A match function that ensures that a string matches a scope given in metadata for the entity or role.
48 class SHIBSP_DLLLOCAL AbstractAttributeMatchesShibMDScopeFunctor : public MatchFunctor
51 bool evaluatePolicyRequirement(const FilteringContext& filterContext) const {
52 throw AttributeFilteringException("Metadata scope matching not usable as a PolicyRequirement.");
55 bool evaluatePermitValue(const FilteringContext& filterContext, const Attribute& attribute, size_t index) const {
56 const RoleDescriptor* issuer = filterContext.getAttributeIssuerMetadata();
60 const char* s = getStringToMatch(attribute, index);
63 auto_arrayptr<XMLCh> widestr(fromUTF8(s));
66 const Extensions* ext = issuer->getExtensions();
68 const vector<XMLObject*>& exts = ext->getUnknownXMLObjects();
69 for (vector<XMLObject*>::const_iterator e = exts.begin(); e != exts.end(); ++e) {
70 rule = dynamic_cast<const Scope*>(*e);
71 if (rule && matches(*rule, widestr)) {
77 ext = dynamic_cast<const EntityDescriptor*>(issuer->getParent())->getExtensions();
79 const vector<XMLObject*>& exts = ext->getUnknownXMLObjects();
80 for (vector<XMLObject*>::const_iterator e = exts.begin(); e != exts.end(); ++e) {
81 rule = dynamic_cast<const Scope*>(*e);
82 if (rule && matches(*rule, widestr)) {
92 virtual const char* getStringToMatch(const Attribute& attribute, size_t index) const = 0;
95 bool matches(const Scope& rule, auto_arrayptr<XMLCh>& scope) const {
96 const XMLCh* val = rule.getValue();
99 RegularExpression re(val);
100 return re.matches(scope.get());
103 return XMLString::equals(val, scope.get());
110 class AttributeScopeMatchesShibMDScopeFunctor : public AbstractAttributeMatchesShibMDScopeFunctor
113 const char* getStringToMatch(const Attribute& attribute, size_t index) const {
114 return attribute.getScope(index);
118 class AttributeValueMatchesShibMDScopeFunctor : public AbstractAttributeMatchesShibMDScopeFunctor
121 const char* getStringToMatch(const Attribute& attribute, size_t index) const {
122 return attribute.getString(index);
126 MatchFunctor* SHIBSP_DLLLOCAL AttributeScopeMatchesShibMDScopeFactory(const pair<const FilterPolicyContext*,const DOMElement*>& p)
128 return new AttributeScopeMatchesShibMDScopeFunctor();
131 MatchFunctor* SHIBSP_DLLLOCAL AttributeValueMatchesShibMDScopeFactory(const pair<const FilterPolicyContext*,const DOMElement*>& p)
133 return new AttributeValueMatchesShibMDScopeFunctor();