From 905660ba619afcf7e02266ffafad37e7dfef404e Mon Sep 17 00:00:00 2001
From: Scott Cantor <cantor.2@osu.edu>
Date: Mon, 19 Jan 2015 22:24:37 +0000
Subject: [PATCH] https://issues.shibboleth.net/jira/browse/SSPCPP-624

---
 Shibboleth.sln                                                    | 8 --------
 .../resolver/impl/SimpleAggregationAttributeResolver.cpp          | 1 +
 shibsp/attribute/resolver/impl/XMLAttributeExtractor.cpp          | 1 +
 shibsp/handler/impl/AttributeCheckerHandler.cpp                   | 1 +
 shibsp/handler/impl/SAML2Logout.cpp                               | 1 +
 shibsp/handler/impl/SAML2LogoutInitiator.cpp                      | 1 +
 shibsp/handler/impl/SAML2NameIDMgmt.cpp                           | 1 +
 shibsp/handler/impl/SAML2SessionInitiator.cpp                     | 2 ++
 shibsp/handler/impl/SAMLDSSessionInitiator.cpp                    | 1 +
 shibsp/handler/impl/SecuredHandler.cpp                            | 1 +
 shibsp/impl/XMLAccessControl.cpp                                  | 1 +
 shibsp/impl/XMLServiceProvider.cpp                                | 5 +++++
 shibsp/remoting/impl/TCPListener.cpp                              | 1 +
 13 files changed, 17 insertions(+), 8 deletions(-)

diff --git a/Shibboleth.sln b/Shibboleth.sln
index 93a9db4..ce39a8e 100644
--- a/Shibboleth.sln
+++ b/Shibboleth.sln
@@ -324,21 +324,13 @@ Global
 		{A2140D6E-C2C6-4329-84E3-2F530CEBE442}.Release|x64.ActiveCfg = Release|x64
 		{A2140D6E-C2C6-4329-84E3-2F530CEBE442}.Release|x64.Build.0 = Release|x64
 		{EFF65B5B-85AB-4FD5-A217-7E6CA4219951}.Debug|Win32.ActiveCfg = Debug|Win32
-		{EFF65B5B-85AB-4FD5-A217-7E6CA4219951}.Debug|Win32.Build.0 = Debug|Win32
 		{EFF65B5B-85AB-4FD5-A217-7E6CA4219951}.Debug|x64.ActiveCfg = Debug|x64
-		{EFF65B5B-85AB-4FD5-A217-7E6CA4219951}.Debug|x64.Build.0 = Debug|x64
 		{EFF65B5B-85AB-4FD5-A217-7E6CA4219951}.Release|Win32.ActiveCfg = Release|Win32
-		{EFF65B5B-85AB-4FD5-A217-7E6CA4219951}.Release|Win32.Build.0 = Release|Win32
 		{EFF65B5B-85AB-4FD5-A217-7E6CA4219951}.Release|x64.ActiveCfg = Release|x64
-		{EFF65B5B-85AB-4FD5-A217-7E6CA4219951}.Release|x64.Build.0 = Release|x64
 		{C2B1BB79-C88B-42B4-9AEC-170F91910F70}.Debug|Win32.ActiveCfg = Debug|Win32
-		{C2B1BB79-C88B-42B4-9AEC-170F91910F70}.Debug|Win32.Build.0 = Debug|Win32
 		{C2B1BB79-C88B-42B4-9AEC-170F91910F70}.Debug|x64.ActiveCfg = Debug|x64
-		{C2B1BB79-C88B-42B4-9AEC-170F91910F70}.Debug|x64.Build.0 = Debug|x64
 		{C2B1BB79-C88B-42B4-9AEC-170F91910F70}.Release|Win32.ActiveCfg = Release|Win32
-		{C2B1BB79-C88B-42B4-9AEC-170F91910F70}.Release|Win32.Build.0 = Release|Win32
 		{C2B1BB79-C88B-42B4-9AEC-170F91910F70}.Release|x64.ActiveCfg = Release|x64
-		{C2B1BB79-C88B-42B4-9AEC-170F91910F70}.Release|x64.Build.0 = Release|x64
 	EndGlobalSection
 	GlobalSection(SolutionProperties) = preSolution
 		HideSolutionNode = FALSE
diff --git a/shibsp/attribute/resolver/impl/SimpleAggregationAttributeResolver.cpp b/shibsp/attribute/resolver/impl/SimpleAggregationAttributeResolver.cpp
index fb52752..3db18e8 100644
--- a/shibsp/attribute/resolver/impl/SimpleAggregationAttributeResolver.cpp
+++ b/shibsp/attribute/resolver/impl/SimpleAggregationAttributeResolver.cpp
@@ -256,6 +256,7 @@ SimpleAggregationResolver::SimpleAggregationResolver(const DOMElement* e)
     if (aid && *aid) {
         auto_ptr_char dup(aid);
         string sdup(dup.get());
+        trim(sdup);
         split(m_attributeIds, sdup, is_space(), algorithm::token_compress_on);
 
         aid = e->getAttributeNS(nullptr, format);
diff --git a/shibsp/attribute/resolver/impl/XMLAttributeExtractor.cpp b/shibsp/attribute/resolver/impl/XMLAttributeExtractor.cpp
index 807e798..3f12eb8 100644
--- a/shibsp/attribute/resolver/impl/XMLAttributeExtractor.cpp
+++ b/shibsp/attribute/resolver/impl/XMLAttributeExtractor.cpp
@@ -348,6 +348,7 @@ XMLExtractorImpl::XMLExtractorImpl(const DOMElement* e, Category& log)
             m_log.warn("attribute mapping rule (%s) uses deprecated aliases feature, consider revising", id.get());
             auto_ptr_char aliases(name);
             string dup(aliases.get());
+            trim(dup);
             set<string> new_aliases;
             split(new_aliases, dup, is_space(), algorithm::token_compress_on);
             set<string>::iterator ru = new_aliases.find("REMOTE_USER");
diff --git a/shibsp/handler/impl/AttributeCheckerHandler.cpp b/shibsp/handler/impl/AttributeCheckerHandler.cpp
index 3694ae4..5ca63fd 100644
--- a/shibsp/handler/impl/AttributeCheckerHandler.cpp
+++ b/shibsp/handler/impl/AttributeCheckerHandler.cpp
@@ -123,6 +123,7 @@ AttributeCheckerHandler::AttributeCheckerHandler(const DOMElement* e, const char
 
     string attrs(XMLHelper::getAttrString(e, nullptr, attributes));
     if (!attrs.empty()) {
+        trim(attrs);
         split(m_attributes, attrs, is_space(), algorithm::token_compress_on);
         if (m_attributes.empty())
             throw ConfigurationException("AttributeChecker unable to parse attributes setting.");
diff --git a/shibsp/handler/impl/SAML2Logout.cpp b/shibsp/handler/impl/SAML2Logout.cpp
index 56645a2..cd43dda 100644
--- a/shibsp/handler/impl/SAML2Logout.cpp
+++ b/shibsp/handler/impl/SAML2Logout.cpp
@@ -174,6 +174,7 @@ SAML2Logout::SAML2Logout(const DOMElement* e, const char* appId)
             pair<bool,const char*> outgoing = getString("outgoingBindings", m_configNS.get());
             if (outgoing.first) {
                 dupBindings = outgoing.second;
+                trim(dupBindings);
             }
             else {
                 // No override, so we'll install a default binding precedence.
diff --git a/shibsp/handler/impl/SAML2LogoutInitiator.cpp b/shibsp/handler/impl/SAML2LogoutInitiator.cpp
index bb5efd1..a1056ca 100644
--- a/shibsp/handler/impl/SAML2LogoutInitiator.cpp
+++ b/shibsp/handler/impl/SAML2LogoutInitiator.cpp
@@ -157,6 +157,7 @@ void SAML2LogoutInitiator::init(const char* location)
         pair<bool,const char*> outgoing = getString("outgoingBindings");
         if (outgoing.first) {
             dupBindings = outgoing.second;
+            trim(dupBindings);
         }
         else {
             // No override, so we'll install a default binding precedence.
diff --git a/shibsp/handler/impl/SAML2NameIDMgmt.cpp b/shibsp/handler/impl/SAML2NameIDMgmt.cpp
index 6bdfecf..47994f8 100644
--- a/shibsp/handler/impl/SAML2NameIDMgmt.cpp
+++ b/shibsp/handler/impl/SAML2NameIDMgmt.cpp
@@ -156,6 +156,7 @@ SAML2NameIDMgmt::SAML2NameIDMgmt(const DOMElement* e, const char* appId)
             pair<bool,const char*> outgoing = getString("outgoingBindings", m_configNS.get());
             if (outgoing.first) {
                 dupBindings = outgoing.second;
+                trim(dupBindings);
             }
             else {
                 // No override, so we'll install a default binding precedence.
diff --git a/shibsp/handler/impl/SAML2SessionInitiator.cpp b/shibsp/handler/impl/SAML2SessionInitiator.cpp
index be705d0..3cfe0b0 100644
--- a/shibsp/handler/impl/SAML2SessionInitiator.cpp
+++ b/shibsp/handler/impl/SAML2SessionInitiator.cpp
@@ -214,6 +214,7 @@ void SAML2SessionInitiator::init(const char* location)
         pair<bool,const char*> outgoing = getString("outgoingBindings");
         if (outgoing.first) {
             dupBindings = outgoing.second;
+            trim(dupBindings);
         }
         else {
             // No override, so we'll install a default binding precedence.
@@ -664,6 +665,7 @@ pair<bool,long> SAML2SessionInitiator::doRequest(
         if (authnContextClassRef) {
             reqContext->getAuthnContextDeclRefs().clear();
             string dup(authnContextClassRef);
+            trim(dup);
             vector<string> contexts;
             split(contexts, dup, is_space(), algorithm::token_compress_on);
             for (vector<string>::const_iterator ac = contexts.begin(); ac != contexts.end(); ++ac) {
diff --git a/shibsp/handler/impl/SAMLDSSessionInitiator.cpp b/shibsp/handler/impl/SAMLDSSessionInitiator.cpp
index e3977a6..b9e1b82 100644
--- a/shibsp/handler/impl/SAMLDSSessionInitiator.cpp
+++ b/shibsp/handler/impl/SAMLDSSessionInitiator.cpp
@@ -135,6 +135,7 @@ SAMLDSSessionInitiator::SAMLDSSessionInitiator(const DOMElement* e, const char*
     pair<bool,const char*> options = getString("preservedOptions");
     if (options.first) {
         string opt = options.second;
+        trim(opt);
         split(m_preservedOptions, opt, is_space(), algorithm::token_compress_on);
     }
     else {
diff --git a/shibsp/handler/impl/SecuredHandler.cpp b/shibsp/handler/impl/SecuredHandler.cpp
index c5669e2..7523dcd 100644
--- a/shibsp/handler/impl/SecuredHandler.cpp
+++ b/shibsp/handler/impl/SecuredHandler.cpp
@@ -71,6 +71,7 @@ SecuredHandler::SecuredHandler(
         }
         if (acl.first) {
             string aclbuf(acl.second);
+            trim(aclbuf);
             vector<string> aclarray;
             split(aclarray, aclbuf, is_space(), algorithm::token_compress_on);
             for_each(aclarray.begin(), aclarray.end(), boost::bind(&SecuredHandler::parseACL, this, _1));
diff --git a/shibsp/impl/XMLAccessControl.cpp b/shibsp/impl/XMLAccessControl.cpp
index dc96225..e14a664 100644
--- a/shibsp/impl/XMLAccessControl.cpp
+++ b/shibsp/impl/XMLAccessControl.cpp
@@ -168,6 +168,7 @@ Rule::Rule(const DOMElement* e) : m_alias(XMLHelper::getAttrString(e, nullptr, r
     }
 
     string temp(vals.get());
+    trim(temp);
     split(m_vals, temp, boost::is_space(), algorithm::token_compress_on);
     if (m_vals.empty())
         throw ConfigurationException("Rule did not contain any usable values.");
diff --git a/shibsp/impl/XMLServiceProvider.cpp b/shibsp/impl/XMLServiceProvider.cpp
index d719d42..73ef00a 100644
--- a/shibsp/impl/XMLServiceProvider.cpp
+++ b/shibsp/impl/XMLServiceProvider.cpp
@@ -576,6 +576,7 @@ XMLApplication::XMLApplication(
                 prop = sessionProps->getString("redirectWhitelist");
                 if (prop.first) {
                     string dup(prop.second);
+                    trim(dup);
                     split(m_redirectWhitelist, dup, is_space(), algorithm::token_compress_on);
                 }
             }
@@ -832,6 +833,7 @@ void XMLApplication::doAttributeInfo()
     pair<bool,const char*> attributes = getString("REMOTE_USER");
     if (attributes.first) {
         string dup(attributes.second);
+        trim(dup);
         split(m_remoteUsers, dup, is_space(), algorithm::token_compress_on);
     }
 
@@ -851,6 +853,7 @@ void XMLApplication::doAttributeInfo()
             }
 
             string dup(attributes.second);
+            trim(dup);
             vector<string> headerNames;
             split(headerNames, dup, is_space(), algorithm::token_compress_on);
             for (vector<string>::const_iterator h = headerNames.begin(); h != headerNames.end(); ++h) {
@@ -2068,6 +2071,7 @@ XMLConfigImpl::XMLConfigImpl(const DOMElement* e, bool first, XMLConfig* outer,
         if (unsafe.first) {
             HTTPResponse::getAllowedSchemes().clear();
             string schemes(unsafe.second);
+            trim(schemes);
             split(HTTPResponse::getAllowedSchemes(), schemes, is_space(), algorithm::token_compress_on);
         }
 
@@ -2237,6 +2241,7 @@ XMLConfigImpl::XMLConfigImpl(const DOMElement* e, bool first, XMLConfig* outer,
             pair<bool,const char*> extraAuthTypes = inprocs->getString("extraAuthTypes");
             if (extraAuthTypes.first) {
                 string types(extraAuthTypes.second);
+                trim(types);
                 split(outer->m_authTypes, types, is_space(), algorithm::token_compress_on);
                 outer->m_authTypes.insert("shibboleth");
             }
diff --git a/shibsp/remoting/impl/TCPListener.cpp b/shibsp/remoting/impl/TCPListener.cpp
index 4d1452a..5127cd7 100644
--- a/shibsp/remoting/impl/TCPListener.cpp
+++ b/shibsp/remoting/impl/TCPListener.cpp
@@ -125,6 +125,7 @@ TCPListener::TCPListener(const DOMElement* e)
 
     vector<string> rawacls;
     string aclbuf = XMLHelper::getAttrString(e, "127.0.0.1", acl);
+    boost::trim(aclbuf);
     boost::split(rawacls, aclbuf, boost::is_space(), algorithm::token_compress_on);
     for (vector<string>::const_iterator i = rawacls.begin();  i < rawacls.end();  ++i) {
         try {
-- 
2.1.4