shibsp/attribute/resolver/impl/ChainingAttributeResolver.cpp

   1 /**
   2  * Licensed to the University Corporation for Advanced Internet
   3  * Development, Inc. (UCAID) under one or more contributor license
   4  * agreements. See the NOTICE file distributed with this work for
   5  * additional information regarding copyright ownership.
   6  *
   7  * UCAID licenses this file to you under the Apache License,
   8  * Version 2.0 (the "License"); you may not use this file except
   9  * in compliance with the License. You may obtain a copy of the
  10  * License at
  11  *
  12  * http://www.apache.org/licenses/LICENSE-2.0
  13  *
  14  * Unless required by applicable law or agreed to in writing,
  15  * software distributed under the License is distributed on an
  16  * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND,
  17  * either express or implied. See the License for the specific
  18  * language governing permissions and limitations under the License.
  19  */
  20
  21 /**
  22  * ChainingAttributeResolver.cpp
  23  *
  24  * Chains together multiple AttributeResolver plugins.
  25  */
  26
  27 #include "internal.h"
  28 #include "exceptions.h"
  29 #include "Application.h"
  30 #include "ServiceProvider.h"
  31 #include "attribute/Attribute.h"
  32 #include "attribute/resolver/AttributeResolver.h"
  33 #include "attribute/resolver/ResolutionContext.h"
  34
  35 #include <boost/ptr_container/ptr_vector.hpp>
  36 #include <xercesc/util/XMLUniDefs.hpp>
  37 #include <saml/Assertion.h>
  38 #include <xmltooling/util/XMLHelper.h>
  39
  40 using namespace shibsp;
  41 using namespace opensaml::saml2;
  42 using namespace opensaml::saml2md;
  43 using namespace xmltooling;
  44 using namespace boost;
  45 using namespace std;
  46
  47 namespace shibsp {
  48
  49     struct SHIBSP_DLLLOCAL ChainingContext : public ResolutionContext
  50     {
  51         ChainingContext(
  52             const Application& application,
  53             const GenericRequest* request,
  54             const EntityDescriptor* issuer,
  55             const XMLCh* protocol,
  56             const NameID* nameid,
  57             const XMLCh* authncontext_class,
  58             const XMLCh* authncontext_decl,
  59             const vector<const opensaml::Assertion*>* tokens,
  60             const vector<shibsp::Attribute*>* attributes
  61             ) : m_app(application), m_request(request), m_issuer(issuer), m_protocol(protocol), m_nameid(nameid),
  62                 m_authclass(authncontext_class), m_authdecl(authncontext_decl), m_session(nullptr) {
  63             if (tokens)
  64                 m_tokens.assign(tokens->begin(), tokens->end());
  65             if (attributes)
  66                 m_attributes.assign(attributes->begin(), attributes->end());
  67         }
  68
  69         ChainingContext(const Application& application, const Session& session)
  70             : m_app(application), m_request(nullptr), m_issuer(nullptr), m_protocol(nullptr), m_nameid(nullptr),
  71                 m_authclass(nullptr), m_authdecl(nullptr), m_session(&session) {
  72         }
  73
  74         ~ChainingContext() {
  75             for_each(m_ownedAttributes.begin(), m_ownedAttributes.end(), xmltooling::cleanup<shibsp::Attribute>());
  76             for_each(m_ownedAssertions.begin(), m_ownedAssertions.end(), xmltooling::cleanup<opensaml::Assertion>());
  77         }
  78
  79         vector<shibsp::Attribute*>& getResolvedAttributes() {
  80             return m_ownedAttributes;
  81         }
  82         vector<opensaml::Assertion*>& getResolvedAssertions() {
  83             return m_ownedAssertions;
  84         }
  85
  86         vector<shibsp::Attribute*> m_ownedAttributes;
  87         vector<opensaml::Assertion*> m_ownedAssertions;
  88
  89         const Application& m_app;
  90         const GenericRequest* m_request;
  91         const EntityDescriptor* m_issuer;
  92         const XMLCh* m_protocol;
  93         const NameID* m_nameid;
  94         const XMLCh* m_authclass;
  95         const XMLCh* m_authdecl;
  96         vector<const opensaml::Assertion*> m_tokens;
  97         vector<shibsp::Attribute*> m_attributes;
  98
  99         const Session* m_session;
 100     };
 101
 102     class SHIBSP_DLLLOCAL ChainingAttributeResolver : public AttributeResolver
 103     {
 104     public:
 105         ChainingAttributeResolver(const DOMElement* e);
 106         virtual ~ChainingAttributeResolver() {}
 107
 108         Lockable* lock() {
 109             return this;
 110         }
 111         void unlock() {
 112         }
 113
 114         ResolutionContext* createResolutionContext(
 115             const Application& application,
 116             const EntityDescriptor* issuer,
 117             const XMLCh* protocol,
 118             const NameID* nameid=nullptr,
 119             const XMLCh* authncontext_class=nullptr,
 120             const XMLCh* authncontext_decl=nullptr,
 121             const vector<const opensaml::Assertion*>* tokens=nullptr,
 122             const vector<shibsp::Attribute*>* attributes=nullptr
 123             ) const {
 124             // Make sure new method gets run.
 125             return createResolutionContext(application, nullptr, issuer, protocol, nameid, authncontext_class, authncontext_decl, tokens, attributes);
 126         }
 127
 128         ResolutionContext* createResolutionContext(
 129             const Application& application,
 130             const GenericRequest* request,
 131             const EntityDescriptor* issuer,
 132             const XMLCh* protocol,
 133             const NameID* nameid=nullptr,
 134             const XMLCh* authncontext_class=nullptr,
 135             const XMLCh* authncontext_decl=nullptr,
 136             const vector<const opensaml::Assertion*>* tokens=nullptr,
 137             const vector<shibsp::Attribute*>* attributes=nullptr
 138             ) const {
 139             return new ChainingContext(application, request, issuer, protocol, nameid, authncontext_class, authncontext_decl, tokens, attributes);
 140         }
 141
 142         ResolutionContext* createResolutionContext(const Application& application, const Session& session) const {
 143             return new ChainingContext(application, session);
 144         }
 145
 146         void resolveAttributes(ResolutionContext& ctx) const;
 147
 148         void getAttributeIds(vector<string>& attributes) const {
 149             for (ptr_vector<AttributeResolver>::iterator i = m_resolvers.begin(); i != m_resolvers.end(); ++i) {
 150                 Locker locker(&(*i));
 151                 i->getAttributeIds(attributes);
 152             }
 153         }
 154
 155     private:
 156         mutable ptr_vector<AttributeResolver> m_resolvers;
 157     };
 158
 159     static const XMLCh _AttributeResolver[] =   UNICODE_LITERAL_17(A,t,t,r,i,b,u,t,e,R,e,s,o,l,v,e,r);
 160     static const XMLCh _type[] =                UNICODE_LITERAL_4(t,y,p,e);
 161
 162     SHIBSP_DLLLOCAL PluginManager<AttributeResolver,string,const DOMElement*>::Factory QueryResolverFactory;
 163     SHIBSP_DLLLOCAL PluginManager<AttributeResolver,string,const DOMElement*>::Factory SimpleAggregationResolverFactory;
 164
 165     AttributeResolver* SHIBSP_DLLLOCAL ChainingResolverFactory(const DOMElement* const & e)
 166     {
 167         return new ChainingAttributeResolver(e);
 168     }
 169 };
 170
 171 void SHIBSP_API shibsp::registerAttributeResolvers()
 172 {
 173     SPConfig::getConfig().AttributeResolverManager.registerFactory(QUERY_ATTRIBUTE_RESOLVER, QueryResolverFactory);
 174     SPConfig::getConfig().AttributeResolverManager.registerFactory(SIMPLEAGGREGATION_ATTRIBUTE_RESOLVER, SimpleAggregationResolverFactory);
 175     SPConfig::getConfig().AttributeResolverManager.registerFactory(CHAINING_ATTRIBUTE_RESOLVER, ChainingResolverFactory);
 176 }
 177
 178 ResolutionContext::ResolutionContext()
 179 {
 180 }
 181
 182 ResolutionContext::~ResolutionContext()
 183 {
 184 }
 185
 186 AttributeResolver::AttributeResolver()
 187 {
 188 }
 189
 190 AttributeResolver::~AttributeResolver()
 191 {
 192 }
 193
 194 ResolutionContext* AttributeResolver::createResolutionContext(
 195     const Application& application,
 196     const GenericRequest* request,
 197     const EntityDescriptor* issuer,
 198     const XMLCh* protocol,
 199     const NameID* nameid,
 200     const XMLCh* authncontext_class,
 201     const XMLCh* authncontext_decl,
 202     const vector<const opensaml::Assertion*>* tokens,
 203     const vector<shibsp::Attribute*>* attributes
 204     ) const
 205 {
 206     // Default call into deprecated method.
 207     return createResolutionContext(application, issuer, protocol, nameid, authncontext_class, authncontext_decl, tokens, attributes);
 208 }
 209
 210 ResolutionContext* AttributeResolver::createResolutionContext(
 211     const Application& application,
 212     const EntityDescriptor* issuer,
 213     const XMLCh* protocol,
 214     const NameID* nameid,
 215     const XMLCh* authncontext_class,
 216     const XMLCh* authncontext_decl,
 217     const vector<const opensaml::Assertion*>* tokens,
 218     const vector<shibsp::Attribute*>* attributes
 219     ) const
 220 {
 221     // Default for deprecated method.
 222     throw ConfigurationException("Deprecated method implementation should always be overridden.");
 223 }
 224
 225
 226 ChainingAttributeResolver::ChainingAttributeResolver(const DOMElement* e)
 227 {
 228     SPConfig& conf = SPConfig::getConfig();
 229
 230     // Load up the chain of handlers.
 231     e = XMLHelper::getFirstChildElement(e, _AttributeResolver);
 232     while (e) {
 233         string t(XMLHelper::getAttrString(e, nullptr, _type));
 234         if (!t.empty()) {
 235             try {
 236                 Category::getInstance(SHIBSP_LOGCAT ".AttributeResolver." CHAINING_ATTRIBUTE_RESOLVER).info(
 237                     "building AttributeResolver of type (%s)...", t.c_str()
 238                     );
 239                 auto_ptr<AttributeResolver> np(conf.AttributeResolverManager.newPlugin(t.c_str(), e));
 240                 m_resolvers.push_back(np.get());
 241                 np.release();
 242             }
 243             catch (exception& ex) {
 244                 Category::getInstance(SHIBSP_LOGCAT ".AttributeResolver." CHAINING_ATTRIBUTE_RESOLVER).error(
 245                     "caught exception processing embedded AttributeResolver element: %s", ex.what()
 246                     );
 247             }
 248         }
 249         e = XMLHelper::getNextSiblingElement(e, _AttributeResolver);
 250     }
 251 }
 252
 253 void ChainingAttributeResolver::resolveAttributes(ResolutionContext& ctx) const
 254 {
 255     ChainingContext& chain = dynamic_cast<ChainingContext&>(ctx);
 256     for (ptr_vector<AttributeResolver>::iterator i = m_resolvers.begin(); i != m_resolvers.end(); ++i) {
 257         try {
 258             Locker locker(&(*i));
 259             scoped_ptr<ResolutionContext> context(
 260                 chain.m_session ?
 261                     i->createResolutionContext(chain.m_app, *chain.m_session) :
 262                     i->createResolutionContext(
 263                         chain.m_app, chain.m_request, chain.m_issuer, chain.m_protocol, chain.m_nameid, chain.m_authclass, chain.m_authdecl, &chain.m_tokens, &chain.m_attributes
 264                         )
 265                 );
 266
 267             i->resolveAttributes(*context);
 268
 269             chain.m_attributes.insert(chain.m_attributes.end(), context->getResolvedAttributes().begin(), context->getResolvedAttributes().end());
 270             chain.m_ownedAttributes.insert(chain.m_ownedAttributes.end(), context->getResolvedAttributes().begin(), context->getResolvedAttributes().end());
 271             context->getResolvedAttributes().clear();
 272
 273             chain.m_tokens.insert(chain.m_tokens.end(), context->getResolvedAssertions().begin(), context->getResolvedAssertions().end());
 274             chain.m_ownedAssertions.insert(chain.m_ownedAssertions.end(), context->getResolvedAssertions().begin(), context->getResolvedAssertions().end());
 275             context->getResolvedAssertions().clear();
 276         }
 277         catch (exception& ex) {
 278             Category::getInstance(SHIBSP_LOGCAT ".AttributeResolver." CHAINING_ATTRIBUTE_RESOLVER).error(
 279                 "caught exception applying AttributeResolver in chain: %s", ex.what()
 280                 );
 281         }
 282     }
 283 }