shibsp/attribute/resolver/impl/ChainingAttributeResolver.cpp

   1 /**
   2  * Licensed to the University Corporation for Advanced Internet
   3  * Development, Inc. (UCAID) under one or more contributor license
   4  * agreements. See the NOTICE file distributed with this work for
   5  * additional information regarding copyright ownership.
   6  *
   7  * UCAID licenses this file to you under the Apache License,
   8  * Version 2.0 (the "License"); you may not use this file except
   9  * in compliance with the License. You may obtain a copy of the
  10  * License at
  11  *
  12  * http://www.apache.org/licenses/LICENSE-2.0
  13  *
  14  * Unless required by applicable law or agreed to in writing,
  15  * software distributed under the License is distributed on an
  16  * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND,
  17  * either express or implied. See the License for the specific
  18  * language governing permissions and limitations under the License.
  19  */
  20
  21 /**
  22  * ChainingAttributeResolver.cpp
  23  *
  24  * Chains together multiple AttributeResolver plugins.
  25  */
  26
  27 #include "internal.h"
  28 #include "Application.h"
  29 #include "ServiceProvider.h"
  30 #include "attribute/Attribute.h"
  31 #include "attribute/resolver/AttributeResolver.h"
  32 #include "attribute/resolver/ResolutionContext.h"
  33
  34 #include <boost/scoped_ptr.hpp>
  35 #include <boost/ptr_container/ptr_vector.hpp>
  36 #include <xercesc/util/XMLUniDefs.hpp>
  37 #include <saml/Assertion.h>
  38 #include <xmltooling/util/XMLHelper.h>
  39
  40 using namespace shibsp;
  41 using namespace opensaml::saml2;
  42 using namespace opensaml::saml2md;
  43 using namespace xmltooling;
  44 using namespace boost;
  45 using namespace std;
  46
  47 namespace shibsp {
  48
  49     struct SHIBSP_DLLLOCAL ChainingContext : public ResolutionContext
  50     {
  51         ChainingContext(
  52             const Application& application,
  53             const EntityDescriptor* issuer,
  54             const XMLCh* protocol,
  55             const NameID* nameid,
  56             const XMLCh* authncontext_class,
  57             const XMLCh* authncontext_decl,
  58             const vector<const opensaml::Assertion*>* tokens,
  59             const vector<shibsp::Attribute*>* attributes
  60             ) : m_app(application), m_issuer(issuer), m_protocol(protocol), m_nameid(nameid), m_authclass(authncontext_class), m_authdecl(authncontext_decl), m_session(nullptr) {
  61             if (tokens)
  62                 m_tokens.assign(tokens->begin(), tokens->end());
  63             if (attributes)
  64                 m_attributes.assign(attributes->begin(), attributes->end());
  65         }
  66
  67         ChainingContext(const Application& application, const Session& session) : m_app(application), m_session(&session) {
  68         }
  69
  70         ~ChainingContext() {
  71             for_each(m_ownedAttributes.begin(), m_ownedAttributes.end(), xmltooling::cleanup<shibsp::Attribute>());
  72             for_each(m_ownedAssertions.begin(), m_ownedAssertions.end(), xmltooling::cleanup<opensaml::Assertion>());
  73         }
  74
  75         vector<shibsp::Attribute*>& getResolvedAttributes() {
  76             return m_ownedAttributes;
  77         }
  78         vector<opensaml::Assertion*>& getResolvedAssertions() {
  79             return m_ownedAssertions;
  80         }
  81
  82         vector<shibsp::Attribute*> m_ownedAttributes;
  83         vector<opensaml::Assertion*> m_ownedAssertions;
  84
  85         const Application& m_app;
  86         const EntityDescriptor* m_issuer;
  87         const XMLCh* m_protocol;
  88         const NameID* m_nameid;
  89         const XMLCh* m_authclass;
  90         const XMLCh* m_authdecl;
  91         vector<const opensaml::Assertion*> m_tokens;
  92         vector<shibsp::Attribute*> m_attributes;
  93
  94         const Session* m_session;
  95     };
  96
  97     class SHIBSP_DLLLOCAL ChainingAttributeResolver : public AttributeResolver
  98     {
  99     public:
 100         ChainingAttributeResolver(const DOMElement* e);
 101         virtual ~ChainingAttributeResolver() {}
 102
 103         Lockable* lock() {
 104             return this;
 105         }
 106         void unlock() {
 107         }
 108
 109         ResolutionContext* createResolutionContext(
 110             const Application& application,
 111             const EntityDescriptor* issuer,
 112             const XMLCh* protocol,
 113             const NameID* nameid=nullptr,
 114             const XMLCh* authncontext_class=nullptr,
 115             const XMLCh* authncontext_decl=nullptr,
 116             const vector<const opensaml::Assertion*>* tokens=nullptr,
 117             const vector<shibsp::Attribute*>* attributes=nullptr
 118             ) const {
 119             return new ChainingContext(application, issuer, protocol, nameid, authncontext_class, authncontext_decl, tokens, attributes);
 120         }
 121
 122         ResolutionContext* createResolutionContext(const Application& application, const Session& session) const {
 123             return new ChainingContext(application, session);
 124         }
 125
 126         void resolveAttributes(ResolutionContext& ctx) const;
 127
 128         void getAttributeIds(vector<string>& attributes) const {
 129             for (ptr_vector<AttributeResolver>::iterator i = m_resolvers.begin(); i != m_resolvers.end(); ++i) {
 130                 Locker locker(&(*i));
 131                 i->getAttributeIds(attributes);
 132             }
 133         }
 134
 135     private:
 136         mutable ptr_vector<AttributeResolver> m_resolvers;
 137     };
 138
 139     static const XMLCh _AttributeResolver[] =   UNICODE_LITERAL_17(A,t,t,r,i,b,u,t,e,R,e,s,o,l,v,e,r);
 140     static const XMLCh _type[] =                UNICODE_LITERAL_4(t,y,p,e);
 141
 142     SHIBSP_DLLLOCAL PluginManager<AttributeResolver,string,const DOMElement*>::Factory QueryResolverFactory;
 143     SHIBSP_DLLLOCAL PluginManager<AttributeResolver,string,const DOMElement*>::Factory SimpleAggregationResolverFactory;
 144
 145     AttributeResolver* SHIBSP_DLLLOCAL ChainingResolverFactory(const DOMElement* const & e)
 146     {
 147         return new ChainingAttributeResolver(e);
 148     }
 149 };
 150
 151 void SHIBSP_API shibsp::registerAttributeResolvers()
 152 {
 153     SPConfig::getConfig().AttributeResolverManager.registerFactory(QUERY_ATTRIBUTE_RESOLVER, QueryResolverFactory);
 154     SPConfig::getConfig().AttributeResolverManager.registerFactory(SIMPLEAGGREGATION_ATTRIBUTE_RESOLVER, SimpleAggregationResolverFactory);
 155     SPConfig::getConfig().AttributeResolverManager.registerFactory(CHAINING_ATTRIBUTE_RESOLVER, ChainingResolverFactory);
 156 }
 157
 158 ResolutionContext::ResolutionContext()
 159 {
 160 }
 161
 162 ResolutionContext::~ResolutionContext()
 163 {
 164 }
 165
 166 AttributeResolver::AttributeResolver()
 167 {
 168 }
 169
 170 AttributeResolver::~AttributeResolver()
 171 {
 172 }
 173
 174 ChainingAttributeResolver::ChainingAttributeResolver(const DOMElement* e)
 175 {
 176     SPConfig& conf = SPConfig::getConfig();
 177
 178     // Load up the chain of handlers.
 179     e = XMLHelper::getFirstChildElement(e, _AttributeResolver);
 180     while (e) {
 181         string t(XMLHelper::getAttrString(e, nullptr, _type));
 182         if (!t.empty()) {
 183             try {
 184                 Category::getInstance(SHIBSP_LOGCAT".AttributeResolver.Chaining").info(
 185                     "building AttributeResolver of type (%s)...", t.c_str()
 186                     );
 187                 auto_ptr<AttributeResolver> np(conf.AttributeResolverManager.newPlugin(t.c_str(), e));
 188                 m_resolvers.push_back(np);
 189             }
 190             catch (exception& ex) {
 191                 Category::getInstance(SHIBSP_LOGCAT".AttributeResolver.Chaining").error(
 192                     "caught exception processing embedded AttributeResolver element: %s", ex.what()
 193                     );
 194             }
 195         }
 196         e = XMLHelper::getNextSiblingElement(e, _AttributeResolver);
 197     }
 198 }
 199
 200 void ChainingAttributeResolver::resolveAttributes(ResolutionContext& ctx) const
 201 {
 202     ChainingContext& chain = dynamic_cast<ChainingContext&>(ctx);
 203     for (ptr_vector<AttributeResolver>::iterator i = m_resolvers.begin(); i != m_resolvers.end(); ++i) {
 204         Locker locker(&(*i));
 205         scoped_ptr<ResolutionContext> context(
 206             chain.m_session ?
 207                 i->createResolutionContext(chain.m_app, *chain.m_session) :
 208                 i->createResolutionContext(
 209                     chain.m_app, chain.m_issuer, chain.m_protocol, chain.m_nameid, chain.m_authclass, chain.m_authdecl, &chain.m_tokens, &chain.m_attributes
 210                     )
 211             );
 212
 213         i->resolveAttributes(*context);
 214
 215         chain.m_attributes.insert(chain.m_attributes.end(), context->getResolvedAttributes().begin(), context->getResolvedAttributes().end());
 216         chain.m_ownedAttributes.insert(chain.m_ownedAttributes.end(), context->getResolvedAttributes().begin(), context->getResolvedAttributes().end());
 217         context->getResolvedAttributes().clear();
 218
 219         chain.m_tokens.insert(chain.m_tokens.end(), context->getResolvedAssertions().begin(), context->getResolvedAssertions().end());
 220         chain.m_ownedAssertions.insert(chain.m_ownedAssertions.end(), context->getResolvedAssertions().begin(), context->getResolvedAssertions().end());
 221         context->getResolvedAssertions().clear();
 222     }
 223 }