Dynamic metadata provider implementation.
[shibboleth/opensaml2.git] / saml / saml2 / metadata / impl / AbstractMetadataProvider.cpp
index 7036070..6508e58 100644 (file)
@@ -56,27 +56,40 @@ AbstractMetadataProvider::AbstractMetadataProvider(const DOMElement* e)
 AbstractMetadataProvider::~AbstractMetadataProvider()
 {
     for (credmap_t::iterator c = m_credentialMap.begin(); c!=m_credentialMap.end(); ++c)
-        for_each(c->second.begin(), c->second.end(), cleanup_pair<const XMLCh*,Credential>());
+        for_each(c->second.begin(), c->second.end(), xmltooling::cleanup<Credential>());
     delete m_credentialLock;
     delete m_resolver;
 }
 
-void AbstractMetadataProvider::emitChangeEvent()
+void AbstractMetadataProvider::emitChangeEvent() const
 {
     for (credmap_t::iterator c = m_credentialMap.begin(); c!=m_credentialMap.end(); ++c)
-        for_each(c->second.begin(), c->second.end(), cleanup_pair<const XMLCh*,Credential>());
+        for_each(c->second.begin(), c->second.end(), xmltooling::cleanup<Credential>());
     m_credentialMap.clear();
     ObservableMetadataProvider::emitChangeEvent();
 }
 
-void AbstractMetadataProvider::index(EntityDescriptor* site, time_t validUntil)
+void AbstractMetadataProvider::index(EntityDescriptor* site, time_t validUntil, bool replace) const
 {
     if (validUntil < site->getValidUntilEpoch())
         site->setValidUntil(validUntil);
 
     auto_ptr_char id(site->getEntityID());
     if (id.get()) {
-        m_sites.insert(make_pair(id.get(),site));
+        if (replace) {
+            m_sites.erase(id.get());
+            for (sitemap_t::iterator s = m_sources.begin(); s != m_sources.end();) {
+                if (s->second == site) {
+                    sitemap_t::iterator temp = s;
+                    ++s;
+                    m_sources.erase(temp);
+                }
+                else {
+                    ++s;
+                }
+            }
+        }
+        m_sites.insert(sitemap_t::value_type(id.get(),site));
     }
     
     // Process each IdP role.
@@ -93,7 +106,7 @@ void AbstractMetadataProvider::index(EntityDescriptor* site, time_t validUntil)
                     if (sid) {
                         auto_ptr_char sourceid(sid->getID());
                         if (sourceid.get()) {
-                            m_sources.insert(pair<string,const EntityDescriptor*>(sourceid.get(),site));
+                            m_sources.insert(sitemap_t::value_type(sourceid.get(),site));
                             break;
                         }
                     }
@@ -101,37 +114,33 @@ void AbstractMetadataProvider::index(EntityDescriptor* site, time_t validUntil)
             }
             
             // Hash the ID.
-            m_sources.insert(
-                pair<string,const EntityDescriptor*>(SAMLConfig::getConfig().hashSHA1(id.get(), true),site)
-                );
+            m_sources.insert(sitemap_t::value_type(SAMLConfig::getConfig().hashSHA1(id.get(), true),site));
                 
             // Load endpoints for type 0x0002 artifacts.
             const vector<ArtifactResolutionService*>& locs=const_cast<const IDPSSODescriptor*>(*i)->getArtifactResolutionServices();
             for (vector<ArtifactResolutionService*>::const_iterator loc=locs.begin(); loc!=locs.end(); loc++) {
                 auto_ptr_char location((*loc)->getLocation());
                 if (location.get())
-                    m_sources.insert(pair<string,const EntityDescriptor*>(location.get(),site));
+                    m_sources.insert(sitemap_t::value_type(location.get(),site));
             }
         }
         
         // SAML 2.0?
         if ((*i)->hasSupport(samlconstants::SAML20P_NS)) {
             // Hash the ID.
-            m_sources.insert(
-                pair<string,const EntityDescriptor*>(SAMLConfig::getConfig().hashSHA1(id.get(), true),site)
-                );
+            m_sources.insert(sitemap_t::value_type(SAMLConfig::getConfig().hashSHA1(id.get(), true),site));
         }
     }
 }
 
-void AbstractMetadataProvider::index(EntitiesDescriptor* group, time_t validUntil)
+void AbstractMetadataProvider::index(EntitiesDescriptor* group, time_t validUntil) const
 {
     if (validUntil < group->getValidUntilEpoch())
         group->setValidUntil(validUntil);
 
     auto_ptr_char name(group->getName());
     if (name.get()) {
-        m_groups.insert(make_pair(name.get(),group));
+        m_groups.insert(groupmap_t::value_type(name.get(),group));
     }
     
     const vector<EntitiesDescriptor*>& groups=const_cast<const EntitiesDescriptor*>(group)->getEntitiesDescriptors();
@@ -143,11 +152,13 @@ void AbstractMetadataProvider::index(EntitiesDescriptor* group, time_t validUnti
         index(*j,group->getValidUntilEpoch());
 }
 
-void AbstractMetadataProvider::clearDescriptorIndex()
+void AbstractMetadataProvider::clearDescriptorIndex(bool freeSites)
 {
-    m_sources.clear();
+    if (freeSites)
+        for_each(m_sites.begin(), m_sites.end(), cleanup_const_pair<string,EntityDescriptor>());
     m_sites.clear();
     m_groups.clear();
+    m_sources.clear();
 }
 
 const EntitiesDescriptor* AbstractMetadataProvider::getEntitiesDescriptor(const char* name, bool strict) const
@@ -202,8 +213,8 @@ const Credential* AbstractMetadataProvider::resolve(const CredentialCriteria* cr
     const credmap_t::mapped_type& creds = resolveCredentials(metacrit->getRole());
 
     for (credmap_t::mapped_type::const_iterator c = creds.begin(); c!=creds.end(); ++c)
-        if (matches(*c,criteria))
-            return c->second;
+        if (metacrit->matches(*(*c)))
+            return *c;
     return NULL;
 }
 
@@ -219,8 +230,8 @@ vector<const Credential*>::size_type AbstractMetadataProvider::resolve(
     const credmap_t::mapped_type& creds = resolveCredentials(metacrit->getRole());
 
     for (credmap_t::mapped_type::const_iterator c = creds.begin(); c!=creds.end(); ++c)
-        if (matches(*c,criteria))
-            results.push_back(c->second);
+        if (metacrit->matches(*(*c)))
+            results.push_back(*c);
     return results.size();
 }
 
@@ -238,22 +249,8 @@ const AbstractMetadataProvider::credmap_t::mapped_type& AbstractMetadataProvider
             auto_ptr<MetadataCredentialContext> mcc(new MetadataCredentialContext(*(*k)));
             Credential* c = resolver->resolve(mcc.get());
             mcc.release();
-            resolved.push_back(make_pair((*k)->getUse(), c));
+            resolved.push_back(c);
         }
     }
     return resolved;
 }
-
-bool AbstractMetadataProvider::matches(const pair<const XMLCh*,Credential*>& cred, const CredentialCriteria* criteria) const
-{
-    if (criteria) {
-        // Check for a usage mismatch.
-        if ((criteria->getUsage()==CredentialCriteria::SIGNING_CREDENTIAL || criteria->getUsage()==CredentialCriteria::TLS_CREDENTIAL) &&
-                XMLString::equals(cred.first,KeyDescriptor::KEYTYPE_ENCRYPTION))
-            return false;
-        else if (criteria->getUsage()==CredentialCriteria::ENCRYPTION_CREDENTIAL && XMLString::equals(cred.first,KeyDescriptor::KEYTYPE_SIGNING))
-            return false;
-        return cred.second->matches(*criteria);
-    }
-    return true;
-}