-/*
- * Copyright 2001-2010 Internet2
+/**
+ * Licensed to the University Corporation for Advanced Internet
+ * Development, Inc. (UCAID) under one or more contributor license
+ * agreements. See the NOTICE file distributed with this work for
+ * additional information regarding copyright ownership.
*
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
+ * UCAID licenses this file to you under the Apache License,
+ * Version 2.0 (the "License"); you may not use this file except
+ * in compliance with the License. You may obtain a copy of the
+ * License at
*
- * http://www.apache.org/licenses/LICENSE-2.0
+ * http://www.apache.org/licenses/LICENSE-2.0
*
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND,
+ * either express or implied. See the License for the specific
+ * language governing permissions and limitations under the License.
*/
/**
using namespace xercesc;
using namespace std;
-#ifndef XMLTOOLING_LITE
-namespace {
- class XMLTOOL_DLLLOCAL DummyCredentialResolver : public CredentialResolver
- {
- public:
- DummyCredentialResolver() {}
- ~DummyCredentialResolver() {}
-
- Lockable* lock() {return this;}
- void unlock() {}
-
- const Credential* resolve(const CredentialCriteria* criteria=nullptr) const {return nullptr;}
- vector<const Credential*>::size_type resolve(
- vector<const Credential*>& results, const CredentialCriteria* criteria=nullptr
- ) const {return 0;}
- };
-};
-#endif
-
static const XMLCh id[] = UNICODE_LITERAL_2(i,d);
static const XMLCh uri[] = UNICODE_LITERAL_3(u,r,i);
static const XMLCh url[] = UNICODE_LITERAL_3(u,r,l);
static const XMLCh validate[] = UNICODE_LITERAL_8(v,a,l,i,d,a,t,e);
static const XMLCh reloadChanges[] = UNICODE_LITERAL_13(r,e,l,o,a,d,C,h,a,n,g,e,s);
static const XMLCh reloadInterval[] = UNICODE_LITERAL_14(r,e,l,o,a,d,I,n,t,e,r,v,a,l);
+static const XMLCh maxRefreshDelay[] = UNICODE_LITERAL_15(m,a,x,R,e,f,r,e,s,h,D,e,l,a,y);
static const XMLCh backingFilePath[] = UNICODE_LITERAL_15(b,a,c,k,i,n,g,F,i,l,e,P,a,t,h);
static const XMLCh type[] = UNICODE_LITERAL_4(t,y,p,e);
static const XMLCh certificate[] = UNICODE_LITERAL_11(c,e,r,t,i,f,i,c,a,t,e);
static const XMLCh _CredentialResolver[] = UNICODE_LITERAL_18(C,r,e,d,e,n,t,i,a,l,R,e,s,o,l,v,e,r);
-ReloadableXMLFile::ReloadableXMLFile(const DOMElement* e, Category& log)
- : m_root(e), m_local(true), m_validate(false), m_backupIndicator(true), m_filestamp(0), m_reloadInterval(0), m_lock(nullptr), m_log(log),
+ReloadableXMLFile::ReloadableXMLFile(const DOMElement* e, Category& log, bool startReloadThread)
+ : m_root(e), m_local(true), m_validate(false), m_filestamp(0), m_reloadInterval(0),
+ m_lock(nullptr), m_log(log), m_loaded(false),
#ifndef XMLTOOLING_LITE
- m_credResolver(nullptr), m_trust(nullptr),
+ m_credResolver(nullptr), m_trust(nullptr),
#endif
- m_shutdown(false), m_reload_wait(nullptr), m_reload_thread(nullptr)
+ m_shutdown(false), m_reload_wait(nullptr), m_reload_thread(nullptr)
{
#ifdef _DEBUG
NDC ndc("ReloadableXMLFile");
}
if (source && *source) {
- const XMLCh* flag=e->getAttributeNS(nullptr,validate);
- m_validate=(XMLString::equals(flag,xmlconstants::XML_TRUE) || XMLString::equals(flag,xmlconstants::XML_ONE));
+ m_validate = XMLHelper::getAttrBool(e, false, validate);
auto_ptr_char temp(source);
- m_source=temp.get();
+ m_source = temp.get();
if (!m_local && !strstr(m_source.c_str(),"://")) {
log.warn("deprecated usage of uri/url attribute for a local resource, use path instead");
- m_local=true;
+ m_local = true;
}
#ifndef XMLTOOLING_LITE
// Check for signature bits.
- if (e && e->hasAttributeNS(nullptr, certificate)) {
+ if (e->hasAttributeNS(nullptr, certificate)) {
// Use a file-based credential resolver rooted here.
m_credResolver = XMLToolingConfig::getConfig().CredentialResolverManager.newPlugin(FILESYSTEM_CREDENTIAL_RESOLVER, e);
}
else {
- const DOMElement* sub = e ? XMLHelper::getFirstChildElement(e, _CredentialResolver) : nullptr;
- auto_ptr_char t(sub ? sub->getAttributeNS(nullptr, type) : nullptr);
- if (t.get()) {
- m_credResolver = XMLToolingConfig::getConfig().CredentialResolverManager.newPlugin(t.get(), sub);
+ const DOMElement* sub = XMLHelper::getFirstChildElement(e, _CredentialResolver);
+ string t(XMLHelper::getAttrString(sub, nullptr, type));
+ if (!t.empty()) {
+ m_credResolver = XMLToolingConfig::getConfig().CredentialResolverManager.newPlugin(t.c_str(), sub);
}
else {
- sub = e ? XMLHelper::getFirstChildElement(e, _TrustEngine) : nullptr;
- auto_ptr_char t2(sub ? sub->getAttributeNS(nullptr, type) : nullptr);
- if (t2.get()) {
- TrustEngine* trust = XMLToolingConfig::getConfig().TrustEngineManager.newPlugin(t2.get(), sub);
+ sub = XMLHelper::getFirstChildElement(e, _TrustEngine);
+ t = XMLHelper::getAttrString(sub, nullptr, type);
+ if (!t.empty()) {
+ TrustEngine* trust = XMLToolingConfig::getConfig().TrustEngineManager.newPlugin(t.c_str(), sub);
if (!(m_trust = dynamic_cast<SignatureTrustEngine*>(trust))) {
delete trust;
throw XMLToolingException("TrustEngine-based ReloadableXMLFile requires a SignatureTrustEngine plugin.");
}
- flag = e->getAttributeNS(nullptr, signerName);
- if (flag && *flag) {
- auto_ptr_char sn(flag);
- m_signerName = sn.get();
- }
+ m_signerName = XMLHelper::getAttrString(e, nullptr, signerName);
}
}
}
if (m_local) {
XMLToolingConfig::getConfig().getPathResolver()->resolve(m_source, PathResolver::XMLTOOLING_CFG_FILE);
- flag=e->getAttributeNS(nullptr,reloadChanges);
- if (!XMLString::equals(flag,xmlconstants::XML_FALSE) && !XMLString::equals(flag,xmlconstants::XML_ZERO)) {
+ bool flag = XMLHelper::getAttrBool(e, true, reloadChanges);
+ if (flag) {
#ifdef WIN32
struct _stat stat_buf;
if (_stat(m_source.c_str(), &stat_buf) == 0)
struct stat stat_buf;
if (stat(m_source.c_str(), &stat_buf) == 0)
#endif
- m_filestamp=stat_buf.st_mtime;
+ m_filestamp = stat_buf.st_mtime;
else
throw IOException("Unable to access local file ($1)", params(1,m_source.c_str()));
- m_lock=RWLock::create();
+ m_lock = RWLock::create();
}
+ FILE* cfile = fopen(m_source.c_str(), "r");
+ if (cfile)
+ fclose(cfile);
+ else
+ throw IOException("Unable to access local file ($1)", params(1,m_source.c_str()));
log.debug("using local resource (%s), will %smonitor for changes", m_source.c_str(), m_lock ? "" : "not ");
}
else {
log.debug("using remote resource (%s)", m_source.c_str());
- source = e->getAttributeNS(nullptr,backingFilePath);
- if (source && *source) {
- auto_ptr_char temp2(source);
- m_backing=temp2.get();
- XMLToolingConfig::getConfig().getPathResolver()->resolve(m_backing, PathResolver::XMLTOOLING_RUN_FILE);
+ m_backing = XMLHelper::getAttrString(e, nullptr, backingFilePath);
+ if (!m_backing.empty()) {
+ XMLToolingConfig::getConfig().getPathResolver()->resolve(m_backing, PathResolver::XMLTOOLING_CACHE_FILE);
log.debug("backup remote resource to (%s)", m_backing.c_str());
- }
- source = e->getAttributeNS(nullptr,reloadInterval);
- if (source && *source) {
- m_reloadInterval = XMLString::parseInt(source);
- if (m_reloadInterval > 0) {
- m_log.debug("will reload remote resource at most every %d seconds", m_reloadInterval);
- m_lock=RWLock::create();
+ try {
+ string tagname = m_backing + ".tag";
+ ifstream backer(tagname.c_str());
+ if (backer) {
+ char cachebuf[256];
+ if (backer.getline(cachebuf, 255)) {
+ m_cacheTag = cachebuf;
+ log.debug("loaded initial cache tag (%s)", m_cacheTag.c_str());
+ }
+ }
+ }
+ catch (exception&) {
}
}
+ m_reloadInterval = XMLHelper::getAttrInt(e, 0, reloadInterval);
+ if (m_reloadInterval == 0)
+ m_reloadInterval = XMLHelper::getAttrInt(e, 0, maxRefreshDelay);
+ if (m_reloadInterval > 0) {
+ m_log.debug("will reload remote resource at most every %d seconds", m_reloadInterval);
+ m_lock = RWLock::create();
+ }
m_filestamp = time(nullptr); // assume it gets loaded initially
}
- if (m_lock) {
- m_reload_wait = CondWait::create();
- m_reload_thread = Thread::create(&reload_fn, this);
- }
+ if (startReloadThread)
+ startup();
}
else {
log.debug("no resource uri/path/name supplied, will load inline configuration");
}
- source = e->getAttributeNS(nullptr, id);
- if (source && *source) {
- auto_ptr_char tempid(source);
- m_id = tempid.get();
- }
+ m_id = XMLHelper::getAttrString(e, nullptr, id);
}
ReloadableXMLFile::~ReloadableXMLFile()
delete m_lock;
}
+void ReloadableXMLFile::startup()
+{
+ if (m_lock && !m_reload_thread) {
+ m_reload_wait = CondWait::create();
+ m_reload_thread = Thread::create(&reload_fn, this);
+ }
+}
+
void ReloadableXMLFile::shutdown()
{
if (m_reload_thread) {
// Update the timestamp regardless.
m_filestamp = stat_buf.st_mtime;
- m_log.info("change detected, signaling reload thread...");
- m_reload_wait->signal();
+ if (m_reload_wait) {
+ m_log.info("change detected, signaling reload thread...");
+ m_reload_wait->signal();
+ }
+ else {
+ m_log.warn("change detected, but reload thread not started");
+ }
}
return this;
else {
// Data comes from a file we have to parse.
if (backup)
- m_log.warn("using local backup of remote resource");
+ m_log.info("using local backup of remote resource");
else
m_log.debug("loading configuration from external resource...");
if (XMLHelper::isNodeNamed(doc->getDocumentElement(), xmlconstants::XMLTOOLING_NS, URLInputSource::utf16StatusCodeElementName)) {
int responseCode = XMLString::parseInt(doc->getDocumentElement()->getFirstChild()->getNodeValue());
doc->release();
- if (responseCode == HTTPResponse::XMLTOOLING_HTTP_STATUS_NOTMODIFIED) {
+ if (responseCode == HTTPResponse::XMLTOOLING_HTTP_STATUS_NOTMODIFIED)
throw (long)responseCode; // toss out as a "known" case to handle gracefully
- }
else {
m_log.warn("remote resource fetch returned atypical status code (%d)", responseCode);
throw IOException("remote resource fetch failed, check log for status code of response");
}
#endif
-
- if (!backup && !m_backing.empty()) {
- // If the indicator is true, we're responsible for the backup.
- if (m_backupIndicator) {
- m_log.debug("backing up remote resource to (%s)", m_backing.c_str());
- try {
- Locker locker(getBackupLock());
- ofstream backer(m_backing.c_str());
- backer << *doc;
- }
- catch (exception& ex) {
- m_log.crit("exception while backing up resource: %s", ex.what());
- }
- }
- else {
- // If the indicator was false, set true to signal that a backup is needed.
- // The caller will presumably flip it back to false once that's done.
- m_backupIndicator = true;
- }
- }
-
return make_pair(true, doc->getDocumentElement());
}
}
auto_ptr_char msg(e.getMessage());
m_log.errorStream() << "Xerces error while loading resource (" << (backup ? m_backing : m_source) << "): "
<< msg.get() << logging::eol;
- if (!backup && !m_backing.empty())
- return load(true);
throw XMLParserException(msg.get());
}
catch (exception& e) {
m_log.errorStream() << "error while loading resource ("
<< (m_source.empty() ? "inline" : (backup ? m_backing : m_source)) << "): " << e.what() << logging::eol;
- if (!backup && !m_backing.empty())
+ throw;
+ }
+}
+
+pair<bool,DOMElement*> ReloadableXMLFile::load()
+{
+ // If this method is used, we're responsible for managing failover to a
+ // backup of a remote resource (if available), and for backing up remote
+ // resources.
+ try {
+ pair<bool,DOMElement*> ret = load(false);
+ if (!m_backing.empty()) {
+ m_log.debug("backing up remote resource to (%s)", m_backing.c_str());
+ try {
+ Locker locker(getBackupLock());
+ ofstream backer(m_backing.c_str());
+ backer << *(ret.second->getOwnerDocument());
+ preserveCacheTag();
+ }
+ catch (exception& ex) {
+ m_log.crit("exception while backing up resource: %s", ex.what());
+ }
+ }
+ return ret;
+ }
+ catch (long& responseCode) {
+ // If there's an HTTP error or the document hasn't changed,
+ // use the backup iff we have no "valid" resource in place.
+ // That prevents reload of the backup copy any time the document
+ // hasn't changed.
+ if (responseCode == HTTPResponse::XMLTOOLING_HTTP_STATUS_NOTMODIFIED)
+ m_log.info("remote resource (%s) unchanged from cached version", m_source.c_str());
+ if (!m_loaded && !m_backing.empty())
return load(true);
throw;
}
+ catch (exception&) {
+ // Same as above, but for general load/parse errors.
+ if (!m_loaded && !m_backing.empty())
+ return load(true);
+ throw;
+ }
+}
+
+pair<bool,DOMElement*> ReloadableXMLFile::background_load()
+{
+ // If this method isn't overridden, we acquire a write lock
+ // and just call the old override.
+ if (m_lock)
+ m_lock->wrlock();
+ SharedLock locker(m_lock, false);
+ return load();
+}
+
+Lockable* ReloadableXMLFile::getBackupLock()
+{
+ return &XMLToolingConfig::getConfig();
+}
+
+void ReloadableXMLFile::preserveCacheTag()
+{
+ if (!m_cacheTag.empty() && !m_backing.empty()) {
+ try {
+ string tagname = m_backing + ".tag";
+ ofstream backer(tagname.c_str());
+ backer << m_cacheTag;
+ }
+ catch (exception&) {
+ }
+ }
}
#ifndef XMLTOOLING_LITE
if (tlist->item(i)->getTransformType()==TRANSFORM_ENVELOPED_SIGNATURE)
valid=true;
else if (tlist->item(i)->getTransformType()!=TRANSFORM_EXC_C14N &&
- tlist->item(i)->getTransformType()!=TRANSFORM_C14N &&
- tlist->item(i)->getTransformType()!=TRANSFORM_C14N11) {
+ tlist->item(i)->getTransformType()!=TRANSFORM_C14N
+#ifdef XMLTOOLING_XMLSEC_C14N11
+ && tlist->item(i)->getTransformType()!=TRANSFORM_C14N11
+#endif
+ ) {
valid=false;
break;
}
}
}
else if (m_trust) {
- DummyCredentialResolver dummy;
- if (m_trust->validate(sigObj, dummy, &cc))
+ auto_ptr<CredentialResolver> dummy(
+ XMLToolingConfig::getConfig().CredentialResolverManager.newPlugin(DUMMY_CREDENTIAL_RESOLVER, nullptr)
+ );
+ if (m_trust->validate(sigObj, *(dummy.get()), &cc))
return;
throw XMLSecurityException("TrustEngine unable to verify signature.");
}
}
#endif
-
-pair<bool,DOMElement*> ReloadableXMLFile::load()
-{
- return load(false);
-}
-
-pair<bool,DOMElement*> ReloadableXMLFile::background_load()
-{
- // If this method isn't overridden, we acquire a write lock
- // and just call the old override.
- if (m_lock)
- m_lock->wrlock();
- SharedLock locker(m_lock, false);
- return load();
-}
-
-Lockable* ReloadableXMLFile::getBackupLock()
-{
- return &XMLToolingConfig::getConfig();
-}
projects / shibboleth / cpp-xmltooling.git / blobdiff