https://issues.shibboleth.net/jira/browse/CPPXT-66

[shibboleth/cpp-xmltooling.git] / xmltooling / util / ReloadableXMLFile.cpp

diff --git a/xmltooling/util/ReloadableXMLFile.cpp b/xmltooling/util/ReloadableXMLFile.cpp
index 5aacc9a..ae5f5be 100644 (file)
--- a/xmltooling/util/ReloadableXMLFile.cpp
+++ b/xmltooling/util/ReloadableXMLFile.cpp
@@ -103,7 +103,7 @@ static const XMLCh _CredentialResolver[] = UNICODE_LITERAL_18(C,r,e,d,e,n,t,i,a,
 
 ReloadableXMLFile::ReloadableXMLFile(const DOMElement* e, Category& log, bool startReloadThread)
     : m_root(e), m_local(true), m_validate(false), m_filestamp(0), m_reloadInterval(0),
-      m_lock(nullptr), m_loaded(false), m_log(log),
+      m_lock(nullptr), m_log(log), m_loaded(false),
 #ifndef XMLTOOLING_LITE
       m_credResolver(nullptr), m_trust(nullptr),
 #endif
@@ -138,44 +138,39 @@ ReloadableXMLFile::ReloadableXMLFile(const DOMElement* e, Category& log, bool st
     }
 
     if (source && *source) {
-        const XMLCh* flag=e->getAttributeNS(nullptr,validate);
-        m_validate=(XMLString::equals(flag,xmlconstants::XML_TRUE) || XMLString::equals(flag,xmlconstants::XML_ONE));
+        m_validate = XMLHelper::getAttrBool(e, false, validate);
 
         auto_ptr_char temp(source);
-        m_source=temp.get();
+        m_source = temp.get();
 
         if (!m_local && !strstr(m_source.c_str(),"://")) {
             log.warn("deprecated usage of uri/url attribute for a local resource, use path instead");
-            m_local=true;
+            m_local = true;
         }
 
 #ifndef XMLTOOLING_LITE
         // Check for signature bits.
-        if (e && e->hasAttributeNS(nullptr, certificate)) {
+        if (e->hasAttributeNS(nullptr, certificate)) {
             // Use a file-based credential resolver rooted here.
             m_credResolver = XMLToolingConfig::getConfig().CredentialResolverManager.newPlugin(FILESYSTEM_CREDENTIAL_RESOLVER, e);
         }
         else {
-            const DOMElement* sub = e ? XMLHelper::getFirstChildElement(e, _CredentialResolver) : nullptr;
-            auto_ptr_char t(sub ? sub->getAttributeNS(nullptr, type) : nullptr);
-            if (t.get()) {
-                m_credResolver = XMLToolingConfig::getConfig().CredentialResolverManager.newPlugin(t.get(), sub);
+            const DOMElement* sub = XMLHelper::getFirstChildElement(e, _CredentialResolver);
+            string t(XMLHelper::getAttrString(sub, nullptr, type));
+            if (!t.empty()) {
+                m_credResolver = XMLToolingConfig::getConfig().CredentialResolverManager.newPlugin(t.c_str(), sub);
             }
             else {
-                sub = e ? XMLHelper::getFirstChildElement(e, _TrustEngine) : nullptr;
-                auto_ptr_char t2(sub ? sub->getAttributeNS(nullptr, type) : nullptr);
-                if (t2.get()) {
-                    TrustEngine* trust = XMLToolingConfig::getConfig().TrustEngineManager.newPlugin(t2.get(), sub);
+                sub = XMLHelper::getFirstChildElement(e, _TrustEngine);
+                t = XMLHelper::getAttrString(sub, nullptr, type);
+                if (!t.empty()) {
+                    TrustEngine* trust = XMLToolingConfig::getConfig().TrustEngineManager.newPlugin(t.c_str(), sub);
                     if (!(m_trust = dynamic_cast<SignatureTrustEngine*>(trust))) {
                         delete trust;
                         throw XMLToolingException("TrustEngine-based ReloadableXMLFile requires a SignatureTrustEngine plugin.");
                     }
 
-                    flag = e->getAttributeNS(nullptr, signerName);
-                    if (flag && *flag) {
-                        auto_ptr_char sn(flag);
-                        m_signerName = sn.get();
-                    }
+                    m_signerName = XMLHelper::getAttrString(e, nullptr, signerName);
                 }
             }
         }
@@ -184,8 +179,8 @@ ReloadableXMLFile::ReloadableXMLFile(const DOMElement* e, Category& log, bool st
         if (m_local) {
             XMLToolingConfig::getConfig().getPathResolver()->resolve(m_source, PathResolver::XMLTOOLING_CFG_FILE);
 
-            flag=e->getAttributeNS(nullptr,reloadChanges);
-            if (!XMLString::equals(flag,xmlconstants::XML_FALSE) && !XMLString::equals(flag,xmlconstants::XML_ZERO)) {
+            bool flag = XMLHelper::getAttrBool(e, true, reloadChanges);
+            if (flag) {
 #ifdef WIN32
                 struct _stat stat_buf;
                 if (_stat(m_source.c_str(), &stat_buf) == 0)
@@ -193,32 +188,40 @@ ReloadableXMLFile::ReloadableXMLFile(const DOMElement* e, Category& log, bool st
                 struct stat stat_buf;
                 if (stat(m_source.c_str(), &stat_buf) == 0)
 #endif
-                    m_filestamp=stat_buf.st_mtime;
+                    m_filestamp = stat_buf.st_mtime;
                 else
                     throw IOException("Unable to access local file ($1)", params(1,m_source.c_str()));
-                m_lock=RWLock::create();
+                m_lock = RWLock::create();
             }
             log.debug("using local resource (%s), will %smonitor for changes", m_source.c_str(), m_lock ? "" : "not ");
         }
         else {
             log.debug("using remote resource (%s)", m_source.c_str());
-            source = e->getAttributeNS(nullptr,backingFilePath);
-            if (source && *source) {
-                auto_ptr_char temp2(source);
-                m_backing=temp2.get();
+            m_backing = XMLHelper::getAttrString(e, nullptr, backingFilePath);
+            if (!m_backing.empty()) {
                 XMLToolingConfig::getConfig().getPathResolver()->resolve(m_backing, PathResolver::XMLTOOLING_RUN_FILE);
                 log.debug("backup remote resource to (%s)", m_backing.c_str());
-            }
-            source = e->getAttributeNS(nullptr,reloadInterval);
-            if (!source || !*source)
-                source = e->getAttributeNS(nullptr,maxRefreshDelay);
-            if (source && *source) {
-                m_reloadInterval = XMLString::parseInt(source);
-                if (m_reloadInterval > 0) {
-                    m_log.debug("will reload remote resource at most every %d seconds", m_reloadInterval);
-                    m_lock=RWLock::create();
+                try {
+                    string tagname = m_backing + ".tag";
+                    ifstream backer(tagname.c_str());
+                    if (backer) {
+                        char cachebuf[256];
+                        if (backer.getline(cachebuf, 255)) {
+                            m_cacheTag = cachebuf;
+                            log.debug("loaded initial cache tag (%s)", m_cacheTag.c_str());
+                        }
+                    }
+                }
+                catch (exception&) {
                 }
             }
+            m_reloadInterval = XMLHelper::getAttrInt(e, 0, reloadInterval);
+            if (m_reloadInterval == 0)
+                m_reloadInterval = XMLHelper::getAttrInt(e, 0, maxRefreshDelay);
+            if (m_reloadInterval > 0) {
+                m_log.debug("will reload remote resource at most every %d seconds", m_reloadInterval);
+                m_lock = RWLock::create();
+            }
             m_filestamp = time(nullptr);   // assume it gets loaded initially
         }
 
@@ -229,11 +232,7 @@ ReloadableXMLFile::ReloadableXMLFile(const DOMElement* e, Category& log, bool st
         log.debug("no resource uri/path/name supplied, will load inline configuration");
     }
 
-    source = e->getAttributeNS(nullptr, id);
-    if (source && *source) {
-        auto_ptr_char tempid(source);
-        m_id = tempid.get();
-    }
+    m_id = XMLHelper::getAttrString(e, nullptr, id);
 }
 
 ReloadableXMLFile::~ReloadableXMLFile()
@@ -365,8 +364,13 @@ Lockable* ReloadableXMLFile::lock()
 
         // Update the timestamp regardless.
         m_filestamp = stat_buf.st_mtime;
-        m_log.info("change detected, signaling reload thread...");
-        m_reload_wait->signal();
+        if (m_reload_wait) {
+            m_log.info("change detected, signaling reload thread...");
+            m_reload_wait->signal();
+        }
+        else {
+            m_log.warn("change detected, but reload thread not started");
+        }
     }
 
     return this;
@@ -393,7 +397,7 @@ pair<bool,DOMElement*> ReloadableXMLFile::load(bool backup)
         else {
             // Data comes from a file we have to parse.
             if (backup)
-                m_log.warn("using local backup of remote resource");
+                m_log.info("using local backup of remote resource");
             else
                 m_log.debug("loading configuration from external resource...");
 
@@ -421,9 +425,8 @@ pair<bool,DOMElement*> ReloadableXMLFile::load(bool backup)
                 if (XMLHelper::isNodeNamed(doc->getDocumentElement(), xmlconstants::XMLTOOLING_NS, URLInputSource::utf16StatusCodeElementName)) {
                     int responseCode = XMLString::parseInt(doc->getDocumentElement()->getFirstChild()->getNodeValue());
                     doc->release();
-                    if (responseCode == HTTPResponse::XMLTOOLING_HTTP_STATUS_NOTMODIFIED) {
+                    if (responseCode == HTTPResponse::XMLTOOLING_HTTP_STATUS_NOTMODIFIED)
                         throw (long)responseCode; // toss out as a "known" case to handle gracefully
-                    }
                     else {
                         m_log.warn("remote resource fetch returned atypical status code (%d)", responseCode);
                         throw IOException("remote resource fetch failed, check log for status code of response");
@@ -480,6 +483,7 @@ pair<bool,DOMElement*> ReloadableXMLFile::load()
                 Locker locker(getBackupLock());
                 ofstream backer(m_backing.c_str());
                 backer << *(ret.second->getOwnerDocument());
+                preserveCacheTag();
             }
             catch (exception& ex) {
                 m_log.crit("exception while backing up resource: %s", ex.what());
@@ -487,11 +491,13 @@ pair<bool,DOMElement*> ReloadableXMLFile::load()
         }
         return ret;
     }
-    catch (long&) {
+    catch (long& responseCode) {
         // If there's an HTTP error or the document hasn't changed,
         // use the backup iff we have no "valid" resource in place.
         // That prevents reload of the backup copy any time the document
         // hasn't changed.
+        if (responseCode == HTTPResponse::XMLTOOLING_HTTP_STATUS_NOTMODIFIED)
+            m_log.info("remote resource (%s) unchanged from cached version", m_source.c_str());
         if (!m_loaded && !m_backing.empty())
             return load(true);
         throw;
@@ -519,6 +525,19 @@ Lockable* ReloadableXMLFile::getBackupLock()
     return &XMLToolingConfig::getConfig();
 }
 
+void ReloadableXMLFile::preserveCacheTag()
+{
+    if (!m_cacheTag.empty() && !m_backing.empty()) {
+        try {
+            string tagname = m_backing + ".tag";
+            ofstream backer(tagname.c_str());
+            backer << m_cacheTag;
+        }
+        catch (exception&) {
+        }
+    }
+}
+
 #ifndef XMLTOOLING_LITE
 
 void ReloadableXMLFile::validateSignature(Signature& sigObj) const
@@ -541,8 +560,11 @@ void ReloadableXMLFile::validateSignature(Signature& sigObj) const
                         if (tlist->item(i)->getTransformType()==TRANSFORM_ENVELOPED_SIGNATURE)
                             valid=true;
                         else if (tlist->item(i)->getTransformType()!=TRANSFORM_EXC_C14N &&
-                                 tlist->item(i)->getTransformType()!=TRANSFORM_C14N &&
-                                 tlist->item(i)->getTransformType()!=TRANSFORM_C14N11) {
+                                 tlist->item(i)->getTransformType()!=TRANSFORM_C14N
+#ifdef XMLTOOLING_XMLSEC_C14N11
+                                 && tlist->item(i)->getTransformType()!=TRANSFORM_C14N11
+#endif
+                                 ) {
                             valid=false;
                             break;
                         }