2 * Licensed to the University Corporation for Advanced Internet
3 * Development, Inc. (UCAID) under one or more contributor license
4 * agreements. See the NOTICE file distributed with this work for
5 * additional information regarding copyright ownership.
7 * UCAID licenses this file to you under the Apache License,
8 * Version 2.0 (the "License"); you may not use this file except
9 * in compliance with the License. You may obtain a copy of the
12 * http://www.apache.org/licenses/LICENSE-2.0
14 * Unless required by applicable law or agreed to in writing,
15 * software distributed under the License is distributed on an
16 * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND,
17 * either express or implied. See the License for the specific
18 * language governing permissions and limitations under the License.
24 * A function that evaluates whether an expressed criteria is met by the current filter context.
28 #include "attribute/filtering/FilterPolicyContext.h"
29 #include "attribute/filtering/MatchFunctor.h"
30 #include "util/SPConstants.h"
32 #include <xercesc/util/XMLUniDefs.hpp>
34 using namespace shibsp;
35 using namespace xmltooling;
38 #define DECL_FACTORY(name) \
39 SHIBSP_DLLLOCAL PluginManager< MatchFunctor,xmltooling::QName,pair<const FilterPolicyContext*,const DOMElement*> >::Factory name##Factory
41 #define DECL_BASIC_QNAME(name,lit) \
42 xmltooling::QName shibsp::name##Type(shibspconstants::SHIB2ATTRIBUTEFILTER_MF_BASIC_NS, lit)
44 #define DECL_SAML_QNAME(name,lit) \
45 xmltooling::QName shibsp::name##Type(shibspconstants::SHIB2ATTRIBUTEFILTER_MF_SAML_NS, lit)
47 #define REGISTER_FACTORY(name) \
48 mgr.registerFactory(name##Type, name##Factory)
51 DECL_FACTORY(AnyMatchFunctor);
52 DECL_FACTORY(AndMatchFunctor);
53 DECL_FACTORY(OrMatchFunctor);
54 DECL_FACTORY(NotMatchFunctor);
55 DECL_FACTORY(AttributeIssuerString);
56 DECL_FACTORY(AttributeRequesterString);
57 DECL_FACTORY(AuthenticationMethodString);
58 DECL_FACTORY(AttributeValueString);
59 DECL_FACTORY(AttributeScopeString);
60 DECL_FACTORY(AttributeIssuerRegex);
61 DECL_FACTORY(AttributeRequesterRegex);
62 DECL_FACTORY(AuthenticationMethodRegex);
63 DECL_FACTORY(AttributeValueRegex);
64 DECL_FACTORY(AttributeScopeRegex);
65 DECL_FACTORY(NumberOfAttributeValues);
66 DECL_FACTORY(AttributeIssuerInEntityGroup);
67 DECL_FACTORY(AttributeRequesterInEntityGroup);
68 DECL_FACTORY(AttributeIssuerEntityAttributeExactMatch);
69 DECL_FACTORY(AttributeRequesterEntityAttributeExactMatch);
70 DECL_FACTORY(AttributeIssuerEntityAttributeRegexMatch);
71 DECL_FACTORY(AttributeRequesterEntityAttributeRegexMatch);
72 DECL_FACTORY(AttributeIssuerEntityMatcher);
73 DECL_FACTORY(AttributeRequesterEntityMatcher);
74 DECL_FACTORY(AttributeScopeMatchesShibMDScope);
75 DECL_FACTORY(NameIDQualifierString);
76 DECL_FACTORY(AttributeIssuerRegistrationAuthority);
77 DECL_FACTORY(RegistrationAuthority);
80 static const XMLCh ANY[] = UNICODE_LITERAL_3(A,N,Y);
81 static const XMLCh AND[] = UNICODE_LITERAL_3(A,N,D);
82 static const XMLCh OR[] = UNICODE_LITERAL_2(O,R);
83 static const XMLCh NOT[] = UNICODE_LITERAL_3(N,O,T);
84 static const XMLCh AttributeIssuerString[] = UNICODE_LITERAL_21(A,t,t,r,i,b,u,t,e,I,s,s,u,e,r,S,t,r,i,n,g);
85 static const XMLCh AttributeRequesterString[] = UNICODE_LITERAL_24(A,t,t,r,i,b,u,t,e,R,e,q,u,e,s,t,e,r,S,t,r,i,n,g);
86 static const XMLCh AuthenticationMethodString[] = UNICODE_LITERAL_26(A,u,t,h,e,n,t,i,c,a,t,i,o,n,M,e,t,h,o,d,S,t,r,i,n,g);
87 static const XMLCh AttributeValueString[] = UNICODE_LITERAL_20(A,t,t,r,i,b,u,t,e,V,a,l,u,e,S,t,r,i,n,g);
88 static const XMLCh AttributeScopeString[] = UNICODE_LITERAL_20(A,t,t,r,i,b,u,t,e,S,c,o,p,e,S,t,r,i,n,g);
89 static const XMLCh AttributeIssuerRegex[] = UNICODE_LITERAL_20(A,t,t,r,i,b,u,t,e,I,s,s,u,e,r,R,e,g,e,x);
90 static const XMLCh AttributeRequesterRegex[] = UNICODE_LITERAL_23(A,t,t,r,i,b,u,t,e,R,e,q,u,e,s,t,e,r,R,e,g,e,x);
91 static const XMLCh AuthenticationMethodRegex[] = UNICODE_LITERAL_25(A,u,t,h,e,n,t,i,c,a,t,i,o,n,M,e,t,h,o,d,R,e,g,e,x);
92 static const XMLCh AttributeValueRegex[] = UNICODE_LITERAL_19(A,t,t,r,i,b,u,t,e,V,a,l,u,e,R,e,g,e,x);
93 static const XMLCh AttributeScopeRegex[] = UNICODE_LITERAL_19(A,t,t,r,i,b,u,t,e,S,c,o,p,e,R,e,g,e,x);
94 static const XMLCh NumberOfAttributeValues[] = UNICODE_LITERAL_23(N,u,m,b,e,r,O,f,A,t,t,r,i,b,u,t,e,V,a,l,u,e,s);
95 static const XMLCh AttributeIssuerInEntityGroup[] = UNICODE_LITERAL_28(A,t,t,r,i,b,u,t,e,I,s,s,u,e,r,I,n,E,n,t,i,t,y,G,r,o,u,p);
96 static const XMLCh AttributeRequesterInEntityGroup[] = UNICODE_LITERAL_31(A,t,t,r,i,b,u,t,e,R,e,q,u,e,s,t,e,r,I,n,E,n,t,i,t,y,G,r,o,u,p);
97 static const XMLCh InEntityGroup[] = UNICODE_LITERAL_13(I,n,E,n,t,i,t,y,G,r,o,u,p);
98 static const XMLCh AttributeIssuerEntityAttributeExactMatch[] = UNICODE_LITERAL_40(A,t,t,r,i,b,u,t,e,I,s,s,u,e,r,E,n,t,i,t,y,A,t,t,r,i,b,u,t,e,E,x,a,c,t,M,a,t,c,h);
99 static const XMLCh AttributeRequesterEntityAttributeExactMatch[] = UNICODE_LITERAL_43(A,t,t,r,i,b,u,t,e,R,e,q,u,e,s,t,e,r,E,n,t,i,t,y,A,t,t,r,i,b,u,t,e,E,x,a,c,t,M,a,t,c,h);
100 static const XMLCh EntityAttributeExactMatch[] = UNICODE_LITERAL_25(E,n,t,i,t,y,A,t,t,r,i,b,u,t,e,E,x,a,c,t,M,a,t,c,h);
101 static const XMLCh AttributeIssuerEntityAttributeRegexMatch[] = UNICODE_LITERAL_40(A,t,t,r,i,b,u,t,e,I,s,s,u,e,r,E,n,t,i,t,y,A,t,t,r,i,b,u,t,e,R,e,g,e,x,M,a,t,c,h);
102 static const XMLCh AttributeRequesterEntityAttributeRegexMatch[] = UNICODE_LITERAL_43(A,t,t,r,i,b,u,t,e,R,e,q,u,e,s,t,e,r,E,n,t,i,t,y,A,t,t,r,i,b,u,t,e,R,e,g,e,x,M,a,t,c,h);
103 static const XMLCh EntityAttributeRegexMatch[] = UNICODE_LITERAL_25(E,n,t,i,t,y,A,t,t,r,i,b,u,t,e,R,e,g,e,x,M,a,t,c,h);
104 static const XMLCh AttributeIssuerEntityMatcher[] = UNICODE_LITERAL_28(A,t,t,r,i,b,u,t,e,I,s,s,u,e,r,E,n,t,i,t,y,M,a,t,c,h,e,r);
105 static const XMLCh AttributeRequesterEntityMatcher[] = UNICODE_LITERAL_31(A,t,t,r,i,b,u,t,e,R,e,q,u,e,s,t,e,r,E,n,t,i,t,y,M,a,t,c,h,e,r);
106 static const XMLCh AttributeScopeMatchesShibMDScope[] = UNICODE_LITERAL_32(A,t,t,r,i,b,u,t,e,S,c,o,p,e,M,a,t,c,h,e,s,S,h,i,b,M,D,S,c,o,p,e);
107 static const XMLCh NameIDQualifierString[] = UNICODE_LITERAL_21(N,a,m,e,I,D,Q,u,a,l,i,f,i,e,r,S,t,r,i,n,g);
108 static const XMLCh AttributeIssuerRegistrationAuthority[] = UNICODE_LITERAL_36(A,t,t,r,i,b,u,t,e,I,s,s,u,e,r,R,e,g,i,s,t,r,a,t,i,o,n,A,u,t,h,o,r,i,t,y);
109 static const XMLCh RegistrationAuthority[] = UNICODE_LITERAL_21(R,e,g,i,s,t,r,a,t,i,o,n,A,u,t,h,o,r,i,t,y);
112 DECL_BASIC_QNAME(AnyMatchFunctor, ANY);
113 DECL_BASIC_QNAME(AndMatchFunctor, AND);
114 DECL_BASIC_QNAME(OrMatchFunctor, OR);
115 DECL_BASIC_QNAME(NotMatchFunctor, NOT);
116 DECL_BASIC_QNAME(AttributeIssuerString, AttributeIssuerString);
117 DECL_BASIC_QNAME(AttributeRequesterString, AttributeRequesterString);
118 DECL_BASIC_QNAME(AuthenticationMethodString, AuthenticationMethodString);
119 DECL_BASIC_QNAME(AttributeValueString, AttributeValueString);
120 DECL_BASIC_QNAME(AttributeScopeString, AttributeScopeString);
121 DECL_BASIC_QNAME(AttributeIssuerRegex, AttributeIssuerRegex);
122 DECL_BASIC_QNAME(AttributeRequesterRegex, AttributeRequesterRegex);
123 DECL_BASIC_QNAME(AuthenticationMethodRegex, AuthenticationMethodRegex);
124 DECL_BASIC_QNAME(AttributeValueRegex, AttributeValueRegex);
125 DECL_BASIC_QNAME(AttributeScopeRegex, AttributeScopeRegex);
126 DECL_BASIC_QNAME(NumberOfAttributeValues, NumberOfAttributeValues);
127 DECL_SAML_QNAME(AttributeIssuerInEntityGroup, AttributeIssuerInEntityGroup);
128 DECL_SAML_QNAME(AttributeRequesterInEntityGroup, AttributeRequesterInEntityGroup);
129 DECL_SAML_QNAME(InEntityGroup, InEntityGroup);
130 DECL_SAML_QNAME(AttributeIssuerEntityAttributeExactMatch, AttributeIssuerEntityAttributeExactMatch);
131 DECL_SAML_QNAME(AttributeRequesterEntityAttributeExactMatch, AttributeRequesterEntityAttributeExactMatch);
132 DECL_SAML_QNAME(EntityAttributeExactMatch, EntityAttributeExactMatch);
133 DECL_SAML_QNAME(AttributeIssuerEntityAttributeRegexMatch, AttributeIssuerEntityAttributeRegexMatch);
134 DECL_SAML_QNAME(AttributeRequesterEntityAttributeRegexMatch, AttributeRequesterEntityAttributeRegexMatch);
135 DECL_SAML_QNAME(EntityAttributeRegexMatch, EntityAttributeRegexMatch);
136 DECL_SAML_QNAME(AttributeIssuerEntityMatcher, AttributeIssuerEntityMatcher);
137 DECL_SAML_QNAME(AttributeRequesterEntityMatcher, AttributeRequesterEntityMatcher);
138 DECL_SAML_QNAME(AttributeScopeMatchesShibMDScope, AttributeScopeMatchesShibMDScope);
139 DECL_SAML_QNAME(NameIDQualifierString, NameIDQualifierString);
140 DECL_SAML_QNAME(AttributeIssuerRegistrationAuthority, AttributeIssuerRegistrationAuthority);
141 DECL_SAML_QNAME(RegistrationAuthority, RegistrationAuthority);
143 void SHIBSP_API shibsp::registerMatchFunctors()
145 PluginManager< MatchFunctor,xmltooling::QName,pair<const FilterPolicyContext*,const DOMElement*> >& mgr =
146 SPConfig::getConfig().MatchFunctorManager;
147 REGISTER_FACTORY(AnyMatchFunctor);
148 REGISTER_FACTORY(AndMatchFunctor);
149 REGISTER_FACTORY(OrMatchFunctor);
150 REGISTER_FACTORY(NotMatchFunctor);
151 REGISTER_FACTORY(AttributeIssuerString);
152 REGISTER_FACTORY(AttributeRequesterString);
153 REGISTER_FACTORY(AuthenticationMethodString);
154 REGISTER_FACTORY(AttributeValueString);
155 REGISTER_FACTORY(AttributeScopeString);
156 REGISTER_FACTORY(AttributeIssuerRegex);
157 REGISTER_FACTORY(AttributeRequesterRegex);
158 REGISTER_FACTORY(AuthenticationMethodRegex);
159 REGISTER_FACTORY(AttributeValueRegex);
160 REGISTER_FACTORY(AttributeScopeRegex);
161 REGISTER_FACTORY(NumberOfAttributeValues);
162 REGISTER_FACTORY(AttributeIssuerInEntityGroup);
163 REGISTER_FACTORY(AttributeRequesterInEntityGroup);
164 REGISTER_FACTORY(AttributeIssuerEntityAttributeExactMatch);
165 REGISTER_FACTORY(AttributeRequesterEntityAttributeExactMatch);
166 REGISTER_FACTORY(AttributeIssuerEntityAttributeRegexMatch);
167 REGISTER_FACTORY(AttributeRequesterEntityAttributeRegexMatch);
168 REGISTER_FACTORY(AttributeIssuerEntityMatcher);
169 REGISTER_FACTORY(AttributeRequesterEntityMatcher);
170 REGISTER_FACTORY(AttributeScopeMatchesShibMDScope);
171 REGISTER_FACTORY(NameIDQualifierString);
172 REGISTER_FACTORY(AttributeIssuerRegistrationAuthority);
173 REGISTER_FACTORY(RegistrationAuthority);
175 mgr.registerFactory(EntityAttributeExactMatchType, AttributeRequesterEntityAttributeExactMatchFactory);
176 mgr.registerFactory(EntityAttributeRegexMatchType, AttributeRequesterEntityAttributeRegexMatchFactory);
177 mgr.registerFactory(InEntityGroup, AttributeRequesterInEntityGroupFactory);
180 MatchFunctor::MatchFunctor()
184 MatchFunctor::~MatchFunctor()
188 FilterPolicyContext::FilterPolicyContext(multimap<string,MatchFunctor*>& functors) : m_functors(functors)
192 FilterPolicyContext::~FilterPolicyContext()
196 multimap<string,MatchFunctor*>& FilterPolicyContext::getMatchFunctors() const