/ipch
/build-aux
/build
+/config.cache
+/opensaml-uninstalled.pc
+/opensaml-uninstalled.sh
+/opensaml.pc
+/opensaml.pc.in
# /doc/
/doc/api
log.info("building SecurityPolicyRule of type %s", t.c_str());
m_rules.push_back(SAMLConfig::getConfig().SecurityPolicyRuleManager.newPlugin(t.c_str(), e));
}
- catch (exception& ex) {
+ catch (std::exception& ex) {
log.crit("error building SecurityPolicyRule: %s", ex.what());
}
}
namespace saml2md {
/**
+ * Marker interface for supplying environmental context to filters.
+ */
+ class SAML_API MetadataFilterContext
+ {
+ MAKE_NONCOPYABLE(MetadataFilterContext);
+ protected:
+ MetadataFilterContext();
+ public:
+ virtual ~MetadataFilterContext();
+ };
+
+ /**
* A metadata filter is used to process metadata after resolution and unmarshalling.
*
* Some filters might remove everything but identity provider roles, decreasing the data a service provider
virtual const char* getId() const=0;
/**
+ * @deprecated
+ * Filters the given metadata. Exceptions should generally not be thrown to
+ * signal the removal of information, only for systemic processing failure.
+ *
+ * @param xmlObject the metadata to be filtered
+ */
+ virtual void doFilter(xmltooling::XMLObject& xmlObject) const;
+
+ /**
* Filters the given metadata. Exceptions should generally not be thrown to
* signal the removal of information, only for systemic processing failure.
*
- * @param xmlObject the metadata to be filtered.
+ * @param ctx context interface, or nullptr
+ * @param xmlObject the metadata to be filtered
*/
- virtual void doFilter(xmltooling::XMLObject& xmlObject) const=0;
+ virtual void doFilter(MetadataFilterContext* ctx, xmltooling::XMLObject& xmlObject) const;
};
/**
void SAML_API registerMetadataFilters();
/** MetadataFilter that deletes blacklisted entities. */
- #define BLACKLIST_METADATA_FILTER "Blacklist"
+ #define BLACKLIST_METADATA_FILTER "Blacklist"
/** MetadataFilter that deletes all but whitelisted entities. */
- #define WHITELIST_METADATA_FILTER "Whitelist"
+ #define WHITELIST_METADATA_FILTER "Whitelist"
/** MetadataFilter that verifies signatures and filters out any that don't pass. */
- #define SIGNATURE_METADATA_FILTER "Signature"
+ #define SIGNATURE_METADATA_FILTER "Signature"
/** MetadataFilter that enforces expiration requirements. */
- #define REQUIREVALIDUNTIL_METADATA_FILTER "RequireValidUntil"
+ #define REQUIREVALIDUNTIL_METADATA_FILTER "RequireValidUntil"
/** MetadataFilter that removes non-retained roles. */
- #define ENTITYROLE_METADATA_FILTER "EntityRoleWhiteList"
+ #define ENTITYROLE_METADATA_FILTER "EntityRoleWhiteList"
/** MetadataFilter that adds EntityAttributes extension. */
- #define ENTITYATTR_METADATA_FILTER "EntityAttributes"
+ #define ENTITYATTR_METADATA_FILTER "EntityAttributes"
DECL_XMLTOOLING_EXCEPTION(MetadataFilterException,SAML_EXCEPTIONAPI(SAML_API),opensaml::saml2md,MetadataException,Exceptions related to metadata filtering);
};
#include <vector>
#include <iostream>
+#include <boost/shared_ptr.hpp>
#include <boost/ptr_container/ptr_vector.hpp>
#include <xmltooling/exceptions.h>
#include <xmltooling/security/CredentialResolver.h>
class SAML_API RoleDescriptor;
class SAML_API MetadataCredentialResolver;
class SAML_API MetadataFilter;
+ class SAML_API MetadataFilterContext;
#if defined (_MSC_VER)
#pragma warning( push )
virtual MetadataFilter* removeMetadataFilter(MetadataFilter* oldFilter);
/**
+ * Sets a filtering context object for use by the filtering process.
+ * <p>The MetadataProvider takes ownership of the object. Any existing
+ * object is cleared.
+ *
+ * @param ctx a context object
+ */
+ void setContext(MetadataFilterContext* ctx);
+
+ /**
* Should be called after instantiating provider and adding filters, but before
* performing any lookup operations. Allows the provider to defer initialization
* processes that are likely to result in exceptions until after the provider is
void doFilters(xmltooling::XMLObject& xmlObject) const;
private:
+ boost::shared_ptr<MetadataFilterContext> m_filterContext;
boost::ptr_vector<MetadataFilter> m_filters;
};
string t = XMLHelper::getAttrString(child, nullptr, _type);
if (!t.empty()) {
log.info("building MetadataFilter of type %s", t.c_str());
- m_filters.push_back(conf.MetadataFilterManager.newPlugin(t.c_str(), child));
+ auto_ptr<MetadataFilter> np(conf.MetadataFilterManager.newPlugin(t.c_str(), child));
+ m_filters.push_back(np.get());
+ np.release();
+ }
+ else {
+ log.error("MetadataFilter element missing type attribute.");
}
}
else if (XMLString::equals(child->getLocalName(), SigFilter)) {
return nullptr;
}
+void MetadataProvider::setContext(MetadataFilterContext* ctx)
+{
+ m_filterContext.reset(ctx);
+}
+
void MetadataProvider::doFilters(XMLObject& xmlObject) const
{
-#ifdef _DEBUG
- NDC ndc("doFilters");
-#endif
- Category& log=Category::getInstance(SAML_LOGCAT".Metadata");
+ Category& log = Category::getInstance(SAML_LOGCAT".Metadata");
for (ptr_vector<MetadataFilter>::const_iterator i = m_filters.begin(); i != m_filters.end(); i++) {
log.info("applying metadata filter (%s)", i->getId());
- i->doFilter(xmlObject);
+ i->doFilter(m_filterContext.get(), xmlObject);
}
}
MetadataFilter::~MetadataFilter()
{
}
+
+void MetadataFilter::doFilter(MetadataFilterContext* ctx, xmltooling::XMLObject& xmlObject) const
+{
+ // Default call into deprecated method.
+ doFilter(xmlObject);
+}
+
+void MetadataFilter::doFilter(xmltooling::XMLObject& xmlObject) const
+{
+ // Empty default for deprecated method.
+}
+
+MetadataFilterContext::MetadataFilterContext()
+{
+}
+
+MetadataFilterContext::~MetadataFilterContext()
+{
+}