#define __saml2_metadata_h__
#include <saml/saml2/core/Assertions.h>
+#include <xmltooling/util/Predicates.h>
#include <ctime>
bool isValid() const {
return time(NULL) <= getValidUntilEpoch();
}
+ /** Returns true iff the object is valid at the supplied time. */
+ bool isValid(time_t t) const {
+ return t <= getValidUntilEpoch();
+ }
};
DECL_XMLOBJECT_SIMPLE(SAML_API,AffiliateMember,ID,SAML 2.0 AffiliateMember element);
DECL_TYPED_FOREIGN_CHILDREN(Attribute,saml2);
/** IDPSSODescriptorType local name */
static const XMLCh TYPE_NAME[];
+ DECL_ELEMENT_QNAME;
END_XMLOBJECT;
BEGIN_XMLOBJECT(SAML_API,ServiceName,localizedNameType,SAML 2.0 ServiceName element);
DECL_TYPED_CHILDREN(AttributeConsumingService);
/** SPSSODescriptorType local name */
static const XMLCh TYPE_NAME[];
+ DECL_ELEMENT_QNAME;
END_XMLOBJECT;
BEGIN_XMLOBJECT(SAML_API,AuthnQueryService,EndpointType,SAML 2.0 AuthnQueryService element);
DECL_TYPED_CHILDREN(NameIDFormat);
/** AuthnAuthorityDescriptorType local name */
static const XMLCh TYPE_NAME[];
+ DECL_ELEMENT_QNAME;
END_XMLOBJECT;
BEGIN_XMLOBJECT(SAML_API,AuthzService,EndpointType,SAML 2.0 AuthzService element);
DECL_TYPED_CHILDREN(NameIDFormat);
/** PDPDescriptorType local name */
static const XMLCh TYPE_NAME[];
+ DECL_ELEMENT_QNAME;
END_XMLOBJECT;
BEGIN_XMLOBJECT(SAML_API,AttributeService,EndpointType,SAML 2.0 AttributeService element);
DECL_TYPED_FOREIGN_CHILDREN(Attribute,saml2);
/** AttributeAuthorityDescriptorType local name */
static const XMLCh TYPE_NAME[];
+ DECL_ELEMENT_QNAME;
END_XMLOBJECT;
BEGIN_XMLOBJECT(SAML_API,QueryDescriptorType,RoleDescriptor,SAML 2.0 QueryDescriptorType abstract type);
BEGIN_XMLOBJECT(SAML_API,AuthnQueryDescriptorType,QueryDescriptorType,SAML 2.0 AuthnQueryDescriptorType extension type);
/** AuthnQueryDescriptorType local name */
static const XMLCh TYPE_NAME[];
+ DECL_TYPE_QNAME;
END_XMLOBJECT;
BEGIN_XMLOBJECT(SAML_API,AttributeQueryDescriptorType,QueryDescriptorType,SAML 2.0 AttributeQueryDescriptorType extension type);
DECL_TYPED_CHILDREN(AttributeConsumingService);
/** AttributeQueryDescriptorType local name */
static const XMLCh TYPE_NAME[];
+ DECL_TYPE_QNAME;
END_XMLOBJECT;
BEGIN_XMLOBJECT(SAML_API,AuthzDecisionQueryDescriptorType,QueryDescriptorType,SAML 2.0 AuthzDecisionQueryDescriptorType extension type);
DECL_TYPED_CHILDREN(ActionNamespace);
/** AuthzDecisionQueryDescriptorType local name */
static const XMLCh TYPE_NAME[];
+ DECL_TYPE_QNAME;
END_XMLOBJECT;
BEGIN_XMLOBJECT4(SAML_API,AffiliationDescriptor,xmltooling::AttributeExtensibleXMLObject,SignableObject,
DECL_TYPED_CHILD(Organization);
DECL_TYPED_CHILDREN(ContactPerson);
DECL_TYPED_CHILDREN(AdditionalMetadataLocation);
- /** Finds an IDP role supporting a given protocol. */
- virtual const IDPSSODescriptor* getIDPSSODescriptor(const XMLCh* protocol) const=0;
- /** Finds an SP role supporting a given protocol. */
- virtual const SPSSODescriptor* getSPSSODescriptor(const XMLCh* protocol) const=0;
- /** Finds an Authn Authority role supporting a given protocol. */
- virtual const AuthnAuthorityDescriptor* getAuthnAuthorityDescriptor(const XMLCh* protocol) const=0;
- /** Finds an Attribute Authority role supporting a given protocol. */
- virtual const AttributeAuthorityDescriptor* getAttributeAuthorityDescriptor(const XMLCh* protocol) const=0;
- /** Finds a PDP role supporting a given protocol. */
- virtual const PDPDescriptor* getPDPDescriptor(const XMLCh* protocol) const=0;
- /** Finds an AuthnQuery role supporting a given protocol. */
- virtual const AuthnQueryDescriptorType* getAuthnQueryDescriptorType(const XMLCh* protocol) const=0;
- /** Finds an AttributeQuery role supporting a given protocol. */
- virtual const AttributeQueryDescriptorType* getAttributeQueryDescriptorType(const XMLCh* protocol) const=0;
- /** Finds an AuthzDecisionQuery role supporting a given protocol. */
- virtual const AuthzDecisionQueryDescriptorType* getAuthzDecisionQueryDescriptorType(const XMLCh* protocol) const=0;
- /** Finds an extension role supporting a given protocol. */
+ /** Finds an arbitrary role type supporting a given protocol. */
virtual const RoleDescriptor* getRoleDescriptor(const xmltooling::QName& qname, const XMLCh* protocol) const=0;
/** EntityDescriptorType local name */
static const XMLCh TYPE_NAME[];
static const XMLCh TYPE_NAME[];
END_XMLOBJECT;
+ /**
+ * Predicate to test a role for validity and protocol support.
+ */
+ class isValidForProtocol
+ {
+ public:
+ /**
+ * Constructor.
+ *
+ * @param protocol support constant to test for
+ */
+ isValidForProtocol(const XMLCh* protocol) : m_time(time(NULL)), m_protocol(protocol) {
+ }
+
+ /**
+ * Returns true iff the supplied role is valid now and supports the right protocol.
+ *
+ * @param role role to test
+ * @return result of predicate
+ */
+ bool operator()(const RoleDescriptor* role) const {
+ return role ? (role->isValid(m_time) && role->hasSupport(m_protocol)) : false;
+ }
+
+ private:
+ time_t m_time;
+ const XMLCh* m_protocol;
+ };
+
+ /**
+ * Predicate to test a role for type equivalence, validity, and protocol support.
+ */
+ class ofTypeValidForProtocol : public isValidForProtocol, public xmltooling::hasSchemaType
+ {
+ public:
+ /**
+ * Constructor.
+ *
+ * @param q schema type to test for
+ * @param protocol support constant to test for
+ */
+ ofTypeValidForProtocol(const xmltooling::QName& q, const XMLCh* protocol)
+ : isValidForProtocol(protocol), xmltooling::hasSchemaType(q) {
+ }
+
+ /**
+ * Returns true iff the supplied role is of the right type, valid now, and supports the right protocol.
+ *
+ * @param role role to test
+ * @return result of predicate
+ */
+ bool operator()(const RoleDescriptor* role) const {
+ return xmltooling::hasSchemaType::operator()(role) && isValidForProtocol::operator()(role);
+ }
+ };
+
DECL_SAML2MDOBJECTBUILDER(AdditionalMetadataLocation);
DECL_SAML2MDOBJECTBUILDER(AffiliateMember);
DECL_SAML2MDOBJECTBUILDER(AffiliationDescriptor);
virtual xmltooling::XMLObject* buildObject() const {
#endif
xmltooling::QName schemaType(
- samlconstants::SAML20_NS,AuthnQueryDescriptorType::TYPE_NAME,samlconstants::SAML20MD_QUERY_EXT_PREFIX
+ samlconstants::SAML20MD_QUERY_EXT_NS,AuthnQueryDescriptorType::TYPE_NAME,samlconstants::SAML20MD_QUERY_EXT_PREFIX
);
return buildObject(
- samlconstants::SAML20_NS,AuthnQueryDescriptorType::LOCAL_NAME,samlconstants::SAML20_PREFIX,&schemaType
+ samlconstants::SAML20MD_NS,AuthnQueryDescriptorType::LOCAL_NAME,samlconstants::SAML20MD_PREFIX,&schemaType
);
}
/** Builder that allows element/type override. */
virtual xmltooling::XMLObject* buildObject() const {
#endif
xmltooling::QName schemaType(
- samlconstants::SAML20_NS,AttributeQueryDescriptorType::TYPE_NAME,samlconstants::SAML20MD_QUERY_EXT_PREFIX
+ samlconstants::SAML20MD_QUERY_EXT_NS,AttributeQueryDescriptorType::TYPE_NAME,samlconstants::SAML20MD_QUERY_EXT_PREFIX
);
return buildObject(
- samlconstants::SAML20_NS,AttributeQueryDescriptorType::LOCAL_NAME,samlconstants::SAML20_PREFIX,&schemaType
+ samlconstants::SAML20MD_NS,AttributeQueryDescriptorType::LOCAL_NAME,samlconstants::SAML20MD_PREFIX,&schemaType
);
}
/** Builder that allows element/type override. */
virtual xmltooling::XMLObject* buildObject() const {
#endif
xmltooling::QName schemaType(
- samlconstants::SAML20_NS,AuthzDecisionQueryDescriptorType::TYPE_NAME,samlconstants::SAML20MD_QUERY_EXT_PREFIX
+ samlconstants::SAML20MD_QUERY_EXT_NS,AuthzDecisionQueryDescriptorType::TYPE_NAME,samlconstants::SAML20MD_QUERY_EXT_PREFIX
);
return buildObject(
- samlconstants::SAML20_NS,AuthzDecisionQueryDescriptorType::LOCAL_NAME,samlconstants::SAML20_PREFIX,&schemaType
+ samlconstants::SAML20MD_NS,AuthzDecisionQueryDescriptorType::LOCAL_NAME,samlconstants::SAML20MD_PREFIX,&schemaType
);
}
/** Builder that allows element/type override. */
#include <ctime>
#include <xercesc/util/XMLUniDefs.hpp>
+using namespace samlconstants;
using namespace opensaml::saml2md;
using namespace opensaml::saml2;
using namespace opensaml;
using namespace std;
using xmlconstants::XMLSIG_NS;
using xmlconstants::XML_BOOL_NULL;
-using samlconstants::SAML20_NS;
-using samlconstants::SAML20MD_NS;
#if defined (_MSC_VER)
#pragma warning( push )
AbstractAttributeExtensibleXMLObject::setAttribute(qualifiedName, value, ID);
}
- const IDPSSODescriptor* getIDPSSODescriptor(const XMLCh* protocol) const {
- for (vector<IDPSSODescriptor*>::const_iterator i=m_IDPSSODescriptors.begin(); i!=m_IDPSSODescriptors.end(); i++) {
- if ((*i)->hasSupport(protocol) && (*i)->isValid())
- return (*i);
- }
- return NULL;
- }
-
- const SPSSODescriptor* getSPSSODescriptor(const XMLCh* protocol) const {
- for (vector<SPSSODescriptor*>::const_iterator i=m_SPSSODescriptors.begin(); i!=m_SPSSODescriptors.end(); i++) {
- if ((*i)->hasSupport(protocol) && (*i)->isValid())
- return (*i);
- }
- return NULL;
- }
-
- const AuthnAuthorityDescriptor* getAuthnAuthorityDescriptor(const XMLCh* protocol) const {
- for (vector<AuthnAuthorityDescriptor*>::const_iterator i=m_AuthnAuthorityDescriptors.begin(); i!=m_AuthnAuthorityDescriptors.end(); i++) {
- if ((*i)->hasSupport(protocol) && (*i)->isValid())
- return (*i);
- }
- return NULL;
- }
-
- const AttributeAuthorityDescriptor* getAttributeAuthorityDescriptor(const XMLCh* protocol) const {
- for (vector<AttributeAuthorityDescriptor*>::const_iterator i=m_AttributeAuthorityDescriptors.begin(); i!=m_AttributeAuthorityDescriptors.end(); i++) {
- if ((*i)->hasSupport(protocol) && (*i)->isValid())
- return (*i);
- }
- return NULL;
- }
-
- const PDPDescriptor* getPDPDescriptor(const XMLCh* protocol) const {
- for (vector<PDPDescriptor*>::const_iterator i=m_PDPDescriptors.begin(); i!=m_PDPDescriptors.end(); i++) {
- if ((*i)->hasSupport(protocol) && (*i)->isValid())
- return (*i);
- }
- return NULL;
- }
-
- const AuthnQueryDescriptorType* getAuthnQueryDescriptorType(const XMLCh* protocol) const {
- for (vector<AuthnQueryDescriptorType*>::const_iterator i=m_AuthnQueryDescriptorTypes.begin(); i!=m_AuthnQueryDescriptorTypes.end(); i++) {
- if ((*i)->hasSupport(protocol) && (*i)->isValid())
- return (*i);
- }
- return NULL;
- }
-
- const AttributeQueryDescriptorType* getAttributeQueryDescriptorType(const XMLCh* protocol) const {
- for (vector<AttributeQueryDescriptorType*>::const_iterator i=m_AttributeQueryDescriptorTypes.begin(); i!=m_AttributeQueryDescriptorTypes.end(); i++) {
- if ((*i)->hasSupport(protocol) && (*i)->isValid())
- return (*i);
- }
- return NULL;
- }
-
- const AuthzDecisionQueryDescriptorType* getAuthzDecisionQueryDescriptorType(const XMLCh* protocol) const {
- for (vector<AuthzDecisionQueryDescriptorType*>::const_iterator i=m_AuthzDecisionQueryDescriptorTypes.begin(); i!=m_AuthzDecisionQueryDescriptorTypes.end(); i++) {
- if ((*i)->hasSupport(protocol) && (*i)->isValid())
- return (*i);
- }
- return NULL;
- }
-
const RoleDescriptor* getRoleDescriptor(const xmltooling::QName& qname, const XMLCh* protocol) const {
// Check for "known" elements/types.
- QName q;
- q.setNamespaceURI(SAML20MD_NS);
- q.setLocalPart(IDPSSODescriptor::LOCAL_NAME);
- if (q == qname)
- return getIDPSSODescriptor(protocol);
- q.setLocalPart(SPSSODescriptor::LOCAL_NAME);
- if (q == qname)
- return getSPSSODescriptor(protocol);
- q.setLocalPart(AuthnAuthorityDescriptor::LOCAL_NAME);
- if (q == qname)
- return getAuthnAuthorityDescriptor(protocol);
- q.setLocalPart(AttributeAuthorityDescriptor::LOCAL_NAME);
- if (q == qname)
- return getAttributeAuthorityDescriptor(protocol);
- q.setLocalPart(PDPDescriptor::LOCAL_NAME);
- if (q == qname)
- return getPDPDescriptor(protocol);
- q.setNamespaceURI(samlconstants::SAML20MD_QUERY_EXT_NS);
- q.setLocalPart(AuthnQueryDescriptorType::TYPE_NAME);
- if (q == qname)
- return getAuthnQueryDescriptorType(protocol);
- q.setLocalPart(AttributeQueryDescriptorType::TYPE_NAME);
- if (q == qname)
- return getAttributeQueryDescriptorType(protocol);
- q.setLocalPart(AuthzDecisionQueryDescriptorType::TYPE_NAME);
- if (q == qname)
- return getAuthzDecisionQueryDescriptorType(protocol);
+ if (qname == IDPSSODescriptor::ELEMENT_QNAME)
+ return find_if(m_IDPSSODescriptors, isValidForProtocol(protocol));
+ if (qname == SPSSODescriptor::ELEMENT_QNAME)
+ return find_if(m_SPSSODescriptors, isValidForProtocol(protocol));
+ if (qname == AuthnAuthorityDescriptor::ELEMENT_QNAME)
+ return find_if(m_AuthnAuthorityDescriptors, isValidForProtocol(protocol));
+ if (qname == AttributeAuthorityDescriptor::ELEMENT_QNAME)
+ return find_if(m_AttributeAuthorityDescriptors, isValidForProtocol(protocol));
+ if (qname == PDPDescriptor::ELEMENT_QNAME)
+ return find_if(m_PDPDescriptors, isValidForProtocol(protocol));
+ if (qname == AuthnQueryDescriptorType::TYPE_QNAME)
+ return find_if(m_AuthnQueryDescriptorTypes, isValidForProtocol(protocol));
+ if (qname == AttributeQueryDescriptorType::TYPE_QNAME)
+ return find_if(m_AttributeQueryDescriptorTypes, isValidForProtocol(protocol));
+ if (qname == AuthzDecisionQueryDescriptorType::TYPE_QNAME)
+ return find_if(m_AuthzDecisionQueryDescriptorTypes, isValidForProtocol(protocol));
- for (vector<RoleDescriptor*>::const_iterator i=m_RoleDescriptors.begin(); i!=m_RoleDescriptors.end(); i++) {
- if ((*i)->getSchemaType() && qname==(*((*i)->getSchemaType())) && (*i)->hasSupport(protocol) && (*i)->isValid())
- return (*i);
- }
- return NULL;
+ vector<RoleDescriptor*>::const_iterator i =
+ find_if(m_RoleDescriptors.begin(), m_RoleDescriptors.end(), ofTypeValidForProtocol(qname,protocol));
+ return (i!=m_RoleDescriptors.end()) ? *i : NULL;
}
protected:
#pragma warning( pop )
#endif
+IMPL_ELEMENT_QNAME(IDPSSODescriptor, SAML20MD_NS, SAML20MD_PREFIX);
+IMPL_ELEMENT_QNAME(SPSSODescriptor, SAML20MD_NS, SAML20MD_PREFIX);
+IMPL_ELEMENT_QNAME(AuthnAuthorityDescriptor, SAML20MD_NS, SAML20MD_PREFIX);
+IMPL_ELEMENT_QNAME(AttributeAuthorityDescriptor, SAML20MD_NS, SAML20MD_PREFIX);
+IMPL_ELEMENT_QNAME(PDPDescriptor, SAML20MD_NS, SAML20MD_PREFIX);
+IMPL_TYPE_QNAME(AuthnQueryDescriptorType, SAML20MD_QUERY_EXT_NS, SAML20MD_QUERY_EXT_PREFIX);
+IMPL_TYPE_QNAME(AttributeQueryDescriptorType, SAML20MD_QUERY_EXT_NS, SAML20MD_QUERY_EXT_PREFIX);
+IMPL_TYPE_QNAME(AuthzDecisionQueryDescriptorType, SAML20MD_QUERY_EXT_NS, SAML20MD_QUERY_EXT_PREFIX);
+
// Builder Implementations
IMPL_XMLOBJECTBUILDER(AdditionalMetadataLocation);