#include "util/SPConstants.h"
#include <xercesc/util/XMLUniDefs.hpp>
+#include <xmltooling/security/SecurityHelper.h>
using namespace shibsp;
using namespace xmltooling;
static const XMLCh _XMLAttributeDecoder[] = UNICODE_LITERAL_19(X,M,L,A,t,t,r,i,b,u,t,e,D,e,c,o,d,e,r);
static const XMLCh caseSensitive[] = UNICODE_LITERAL_13(c,a,s,e,S,e,n,s,i,t,i,v,e);
+ static const XMLCh hashAlg[] = UNICODE_LITERAL_7(h,a,s,h,A,l,g);
static const XMLCh internal[] = UNICODE_LITERAL_8(i,n,t,e,r,n,a,l);
#endif
};
conf.AttributeDecoderManager.registerFactory(XMLAttributeDecoderType, XMLAttributeDecoderFactory);
}
-AttributeDecoder::AttributeDecoder(const DOMElement *e) : m_caseSensitive(true), m_internal(false)
+AttributeDecoder::AttributeDecoder(const DOMElement *e)
+ : m_caseSensitive(true), m_internal(false), m_hashAlg(e ? e->getAttributeNS(NULL, hashAlg) : NULL)
{
if (e) {
const XMLCh* flag = e->getAttributeNS(NULL, caseSensitive);
Attribute* AttributeDecoder::_decode(Attribute* attr) const
{
- attr->setCaseSensitive(m_caseSensitive);
- attr->setInternal(m_internal);
+ if (attr) {
+ attr->setCaseSensitive(m_caseSensitive);
+ attr->setInternal(m_internal);
+
+ if (m_hashAlg.get() && *m_hashAlg.get()) {
+ // We turn the values into strings using the supplied hash algorithm and return a SimpleAttribute instead.
+ auto_ptr<SimpleAttribute> simple(new SimpleAttribute(attr->getAliases()));
+ simple->setCaseSensitive(false);
+ simple->setInternal(m_internal);
+ vector<string>& newdest = simple->getValues();
+ const vector<string>& serialized = attr->getSerializedValues();
+ for (vector<string>::const_iterator ser = serialized.begin(); ser != serialized.end(); ++ser) {
+ newdest.push_back(SecurityHelper::doHash(m_hashAlg.get(), ser->data(), ser->length()));
+ if (newdest.back().empty())
+ newdest.pop_back();
+ }
+ delete attr;
+ return newdest.empty() ? NULL : simple.release();
+ }
+
+ }
return attr;
}
#endif
void extract(const KeyInfo* k, vector<string>& dest) const {
auto_ptr<Credential> cred (getKeyInfoResolver()->resolve(k, Credential::RESOLVE_KEYS));
if (cred.get()) {
- const char* alg = m_hashAlg.get();
+ const char* alg = m_keyInfoHashAlg.get();
if (!alg || !*alg)
alg = "SHA1";
dest.push_back(string());
}
bool m_hash;
- auto_ptr_char m_hashAlg;
+ auto_ptr_char m_keyInfoHashAlg;
KeyInfoResolver* m_keyInfoResolver;
};
static const XMLCh _KeyInfoResolver[] = UNICODE_LITERAL_15(K,e,y,I,n,f,o,R,e,s,o,l,v,e,r);
static const XMLCh _hash[] = UNICODE_LITERAL_4(h,a,s,h);
- static const XMLCh _hashAlg[] = UNICODE_LITERAL_7(h,a,s,h,A,l,g);
+ static const XMLCh keyInfoHashAlg[] = UNICODE_LITERAL_14(k,e,y,I,n,f,o,H,a,s,h,A,l,g);
static const XMLCh _type[] = UNICODE_LITERAL_4(t,y,p,e);
};
KeyInfoAttributeDecoder::KeyInfoAttributeDecoder(const DOMElement* e)
- : AttributeDecoder(e), m_hash(false), m_hashAlg(e ? e->getAttributeNS(NULL, _hashAlg) : NULL), m_keyInfoResolver(NULL) {
+ : AttributeDecoder(e),
+ m_hash(false),
+ m_keyInfoHashAlg(e ? e->getAttributeNS(NULL, keyInfoHashAlg) : NULL),
+ m_keyInfoResolver(NULL) {
const XMLCh* flag = e ? e->getAttributeNS(NULL, _hash) : NULL;
m_hash = (flag && (*flag == chLatin_t || *flag == chDigit_1));
e = e ? XMLHelper::getFirstChildElement(e,_KeyInfoResolver) : NULL;