https://issues.shibboleth.net/jira/browse/SSPCPP-115

diff --git a/shibsp/attribute/filtering/impl/AttributeIssuerStringFunctor.cpp b/shibsp/attribute/filtering/impl/AttributeIssuerStringFunctor.cpp
index c2b193f..563e762 100644 (file)
--- a/shibsp/attribute/filtering/impl/AttributeIssuerStringFunctor.cpp
+++ b/shibsp/attribute/filtering/impl/AttributeIssuerStringFunctor.cpp
@@ -28,6 +28,7 @@
 namespace shibsp {
 
     static const XMLCh value[] = UNICODE_LITERAL_5(v,a,l,u,e);
+    static const XMLCh ignoreCase[] = UNICODE_LITERAL_10(i,g,n,o,r,e,C,a,s,e);
 
     /**
      * A match function that matches the attribute issuer's name against the specified value.
@@ -35,19 +36,25 @@ namespace shibsp {
     class SHIBSP_DLLLOCAL AttributeIssuerStringFunctor : public MatchFunctor
     {
         const XMLCh* m_value;
+        bool m_ignoreCase;
     public:
         AttributeIssuerStringFunctor(const DOMElement* e) {
             m_value = e ? e->getAttributeNS(NULL,value) : NULL;
             if (!m_value || !*m_value)
                 throw ConfigurationException("AttributeIssuerString MatchFunctor requires non-empty value attribute.");
+            const XMLCh* flag = e ? e->getAttributeNS(NULL,ignoreCase) : NULL;
+            m_ignoreCase = (flag && (*flag == chLatin_t || *flag == chDigit_1)); 
         }
 
         bool evaluatePolicyRequirement(const FilteringContext& filterContext) const {
-            return XMLString::equals(m_value, filterContext.getAttributeIssuer());
+            if (m_ignoreCase)
+                return (XMLString::compareIString(m_value, filterContext.getAttributeIssuer()) == 0);
+            else
+                return XMLString::equals(m_value, filterContext.getAttributeIssuer());
         }
 
         bool evaluatePermitValue(const FilteringContext& filterContext, const Attribute& attribute, size_t index) const {
-            return XMLString::equals(m_value, filterContext.getAttributeIssuer());
+            return evaluatePolicyRequirement(filterContext);
         }
     };
 

diff --git a/shibsp/attribute/filtering/impl/AttributeRequesterStringFunctor.cpp b/shibsp/attribute/filtering/impl/AttributeRequesterStringFunctor.cpp
index fb8182b..5eecf7d 100644 (file)
--- a/shibsp/attribute/filtering/impl/AttributeRequesterStringFunctor.cpp
+++ b/shibsp/attribute/filtering/impl/AttributeRequesterStringFunctor.cpp
@@ -28,6 +28,7 @@
 namespace shibsp {
 
     static const XMLCh value[] = UNICODE_LITERAL_5(v,a,l,u,e);
+    static const XMLCh ignoreCase[] = UNICODE_LITERAL_10(i,g,n,o,r,e,C,a,s,e);
 
     /**
      * A match function that matches the attribute requester's name against the specified value.
@@ -35,19 +36,25 @@ namespace shibsp {
     class SHIBSP_DLLLOCAL AttributeRequesterStringFunctor : public MatchFunctor
     {
         const XMLCh* m_value;
+        bool m_ignoreCase;
     public:
         AttributeRequesterStringFunctor(const DOMElement* e) {
             m_value = e ? e->getAttributeNS(NULL,value) : NULL;
             if (!m_value || !*m_value)
                 throw ConfigurationException("AttributeRequesterString MatchFunctor requires non-empty value attribute.");
+            const XMLCh* flag = e ? e->getAttributeNS(NULL,ignoreCase) : NULL;
+            m_ignoreCase = (flag && (*flag == chLatin_t || *flag == chDigit_1)); 
         }
 
         bool evaluatePolicyRequirement(const FilteringContext& filterContext) const {
-            return XMLString::equals(m_value, filterContext.getAttributeRequester());
+            if (m_ignoreCase)
+                return (XMLString::compareIString(m_value, filterContext.getAttributeRequester()) == 0);
+            else
+                return XMLString::equals(m_value, filterContext.getAttributeRequester());
         }
 
         bool evaluatePermitValue(const FilteringContext& filterContext, const Attribute& attribute, size_t index) const {
-            return XMLString::equals(m_value, filterContext.getAttributeRequester());
+            return evaluatePolicyRequirement(filterContext);
         }
     };
 

diff --git a/shibsp/attribute/filtering/impl/AttributeScopeStringFunctor.cpp b/shibsp/attribute/filtering/impl/AttributeScopeStringFunctor.cpp
index d9749fc..48b99d0 100644 (file)
--- a/shibsp/attribute/filtering/impl/AttributeScopeStringFunctor.cpp
+++ b/shibsp/attribute/filtering/impl/AttributeScopeStringFunctor.cpp
@@ -32,6 +32,7 @@ using namespace std;
 namespace shibsp {
 
     static const XMLCh attributeID[] =  UNICODE_LITERAL_11(a,t,t,r,i,b,u,t,e,I,D);
+    static const XMLCh ignoreCase[] =   UNICODE_LITERAL_10(i,g,n,o,r,e,C,a,s,e);
     static const XMLCh value[] =        UNICODE_LITERAL_5(v,a,l,u,e);
 
     /**
@@ -41,6 +42,7 @@ namespace shibsp {
     {
         xmltooling::auto_ptr_char m_value;
         xmltooling::auto_ptr_char m_attributeID;
+        bool m_ignoreCase;
 
         bool hasScope(const FilteringContext& filterContext) const;
 
@@ -49,6 +51,8 @@ namespace shibsp {
             : m_value(e ? e->getAttributeNS(NULL,value) : NULL), m_attributeID(e ? e->getAttributeNS(NULL,attributeID) : NULL) {
             if (!m_value.get() || !*m_value.get())
                 throw ConfigurationException("AttributeScopeString MatchFunctor requires non-empty value attribute.");
+            const XMLCh* flag = e ? e->getAttributeNS(NULL,ignoreCase) : NULL;
+            m_ignoreCase = (flag && (*flag == chLatin_t || *flag == chDigit_1)); 
         }
 
         bool evaluatePolicyRequirement(const FilteringContext& filterContext) const {
@@ -58,8 +62,17 @@ namespace shibsp {
         }
 
         bool evaluatePermitValue(const FilteringContext& filterContext, const Attribute& attribute, size_t index) const {
-            if (!m_attributeID.get() || !*m_attributeID.get() || XMLString::equals(m_attributeID.get(), attribute.getId()))
-                return XMLString::equals(attribute.getScope(index), m_value.get());
+            if (!m_attributeID.get() || !*m_attributeID.get() || XMLString::equals(m_attributeID.get(), attribute.getId())) {
+                if (m_ignoreCase) {
+#ifdef HAVE_STRCASECMP
+                    return !strcasecmp(attribute.getScope(index), m_value.get());
+#else
+                    return !stricmp(attribute.getScope(index), m_value.get());
+#endif
+                }
+                else
+                    return !strcmp(attribute.getScope(index), m_value.get());
+            }
             return hasScope(filterContext);
         }
     };
@@ -79,8 +92,19 @@ bool AttributeScopeStringFunctor::hasScope(const FilteringContext& filterContext
     for (; attrs.first != attrs.second; ++attrs.first) {
         count = attrs.first->second->valueCount();
         for (size_t index = 0; index < count; ++index) {
-            if (XMLString::equals(attrs.first->second->getScope(index), m_value.get()))
-                return true;
+            if (m_ignoreCase) {
+#ifdef HAVE_STRCASECMP
+                if (!strcasecmp(attrs.first->second->getScope(index), m_value.get()))
+                    return true;
+#else
+                if (!stricmp(attrs.first->second->getScope(index), m_value.get()))
+                    return true;
+#endif
+            }
+            else {
+                if (!strcmp(attrs.first->second->getScope(index), m_value.get()))
+                    return true;
+            }
         }
     }
     return false;

diff --git a/shibsp/attribute/filtering/impl/AuthenticationMethodStringFunctor.cpp b/shibsp/attribute/filtering/impl/AuthenticationMethodStringFunctor.cpp
index 69df276..3c8393e 100644 (file)
--- a/shibsp/attribute/filtering/impl/AuthenticationMethodStringFunctor.cpp
+++ b/shibsp/attribute/filtering/impl/AuthenticationMethodStringFunctor.cpp
@@ -28,6 +28,7 @@
 namespace shibsp {
 
     static const XMLCh value[] = UNICODE_LITERAL_5(v,a,l,u,e);
+    static const XMLCh ignoreCase[] = UNICODE_LITERAL_10(i,g,n,o,r,e,C,a,s,e);
 
     /**
      * Match functor that compares the user's authentication method against a given string.
@@ -35,20 +36,26 @@ namespace shibsp {
     class SHIBSP_DLLLOCAL AuthenticationMethodStringFunctor : public MatchFunctor
     {
         const XMLCh* m_value;
+        bool m_ignoreCase;
     public:
         AuthenticationMethodStringFunctor(const DOMElement* e) : m_value(e ? e->getAttributeNS(NULL,value) : NULL) {
             if (!m_value || !*m_value)
                 throw ConfigurationException("AuthenticationMethodString MatchFunctor requires non-empty value attribute.");
+            const XMLCh* flag = e ? e->getAttributeNS(NULL,ignoreCase) : NULL;
+            m_ignoreCase = (flag && (*flag == chLatin_t || *flag == chDigit_1)); 
         }
 
         bool evaluatePolicyRequirement(const FilteringContext& filterContext) const {
-            return XMLString::equals(m_value, filterContext.getAuthnContextClassRef()) ||
-                XMLString::equals(m_value, filterContext.getAuthnContextDeclRef());
+            if (m_ignoreCase)
+                return (XMLString::compareIString(m_value, filterContext.getAuthnContextClassRef()) == 0 ||
+                    XMLString::compareIString(m_value, filterContext.getAuthnContextDeclRef()) == 0);
+            else
+                return XMLString::equals(m_value, filterContext.getAuthnContextClassRef()) ||
+                    XMLString::equals(m_value, filterContext.getAuthnContextDeclRef());
         }
 
         bool evaluatePermitValue(const FilteringContext& filterContext, const Attribute& attribute, size_t index) const {
-            return XMLString::equals(m_value, filterContext.getAuthnContextClassRef()) ||
-                XMLString::equals(m_value, filterContext.getAuthnContextDeclRef());
+            return evaluatePolicyRequirement(filterContext);
         }
     };