From a27571521857b4cc9d61a5d823bda9fe29bb0d7d Mon Sep 17 00:00:00 2001 From: cantor Date: Thu, 8 Nov 2007 02:55:05 +0000 Subject: [PATCH] Convert role lookups to find_if algorithm. git-svn-id: https://svn.middleware.georgetown.edu/cpp-opensaml2/trunk@337 fb386ef7-a10c-0410-8ebf-fd3f8e989ab0 --- saml/saml2/metadata/Metadata.h | 99 +++++++++++++++++------ saml/saml2/metadata/impl/MetadataImpl.cpp | 127 +++++++----------------------- 2 files changed, 105 insertions(+), 121 deletions(-) diff --git a/saml/saml2/metadata/Metadata.h b/saml/saml2/metadata/Metadata.h index ae28ce6..9691329 100644 --- a/saml/saml2/metadata/Metadata.h +++ b/saml/saml2/metadata/Metadata.h @@ -24,6 +24,7 @@ #define __saml2_metadata_h__ #include +#include #include @@ -64,6 +65,10 @@ namespace opensaml { bool isValid() const { return time(NULL) <= getValidUntilEpoch(); } + /** Returns true iff the object is valid at the supplied time. */ + bool isValid(time_t t) const { + return t <= getValidUntilEpoch(); + } }; DECL_XMLOBJECT_SIMPLE(SAML_API,AffiliateMember,ID,SAML 2.0 AffiliateMember element); @@ -223,6 +228,7 @@ namespace opensaml { DECL_TYPED_FOREIGN_CHILDREN(Attribute,saml2); /** IDPSSODescriptorType local name */ static const XMLCh TYPE_NAME[]; + DECL_ELEMENT_QNAME; END_XMLOBJECT; BEGIN_XMLOBJECT(SAML_API,ServiceName,localizedNameType,SAML 2.0 ServiceName element); @@ -259,6 +265,7 @@ namespace opensaml { DECL_TYPED_CHILDREN(AttributeConsumingService); /** SPSSODescriptorType local name */ static const XMLCh TYPE_NAME[]; + DECL_ELEMENT_QNAME; END_XMLOBJECT; BEGIN_XMLOBJECT(SAML_API,AuthnQueryService,EndpointType,SAML 2.0 AuthnQueryService element); @@ -270,6 +277,7 @@ namespace opensaml { DECL_TYPED_CHILDREN(NameIDFormat); /** AuthnAuthorityDescriptorType local name */ static const XMLCh TYPE_NAME[]; + DECL_ELEMENT_QNAME; END_XMLOBJECT; BEGIN_XMLOBJECT(SAML_API,AuthzService,EndpointType,SAML 2.0 AuthzService element); @@ -281,6 +289,7 @@ namespace opensaml { DECL_TYPED_CHILDREN(NameIDFormat); /** PDPDescriptorType local name */ static const XMLCh TYPE_NAME[]; + DECL_ELEMENT_QNAME; END_XMLOBJECT; BEGIN_XMLOBJECT(SAML_API,AttributeService,EndpointType,SAML 2.0 AttributeService element); @@ -294,6 +303,7 @@ namespace opensaml { DECL_TYPED_FOREIGN_CHILDREN(Attribute,saml2); /** AttributeAuthorityDescriptorType local name */ static const XMLCh TYPE_NAME[]; + DECL_ELEMENT_QNAME; END_XMLOBJECT; BEGIN_XMLOBJECT(SAML_API,QueryDescriptorType,RoleDescriptor,SAML 2.0 QueryDescriptorType abstract type); @@ -306,18 +316,21 @@ namespace opensaml { BEGIN_XMLOBJECT(SAML_API,AuthnQueryDescriptorType,QueryDescriptorType,SAML 2.0 AuthnQueryDescriptorType extension type); /** AuthnQueryDescriptorType local name */ static const XMLCh TYPE_NAME[]; + DECL_TYPE_QNAME; END_XMLOBJECT; BEGIN_XMLOBJECT(SAML_API,AttributeQueryDescriptorType,QueryDescriptorType,SAML 2.0 AttributeQueryDescriptorType extension type); DECL_TYPED_CHILDREN(AttributeConsumingService); /** AttributeQueryDescriptorType local name */ static const XMLCh TYPE_NAME[]; + DECL_TYPE_QNAME; END_XMLOBJECT; BEGIN_XMLOBJECT(SAML_API,AuthzDecisionQueryDescriptorType,QueryDescriptorType,SAML 2.0 AuthzDecisionQueryDescriptorType extension type); DECL_TYPED_CHILDREN(ActionNamespace); /** AuthzDecisionQueryDescriptorType local name */ static const XMLCh TYPE_NAME[]; + DECL_TYPE_QNAME; END_XMLOBJECT; BEGIN_XMLOBJECT4(SAML_API,AffiliationDescriptor,xmltooling::AttributeExtensibleXMLObject,SignableObject, @@ -349,23 +362,7 @@ namespace opensaml { DECL_TYPED_CHILD(Organization); DECL_TYPED_CHILDREN(ContactPerson); DECL_TYPED_CHILDREN(AdditionalMetadataLocation); - /** Finds an IDP role supporting a given protocol. */ - virtual const IDPSSODescriptor* getIDPSSODescriptor(const XMLCh* protocol) const=0; - /** Finds an SP role supporting a given protocol. */ - virtual const SPSSODescriptor* getSPSSODescriptor(const XMLCh* protocol) const=0; - /** Finds an Authn Authority role supporting a given protocol. */ - virtual const AuthnAuthorityDescriptor* getAuthnAuthorityDescriptor(const XMLCh* protocol) const=0; - /** Finds an Attribute Authority role supporting a given protocol. */ - virtual const AttributeAuthorityDescriptor* getAttributeAuthorityDescriptor(const XMLCh* protocol) const=0; - /** Finds a PDP role supporting a given protocol. */ - virtual const PDPDescriptor* getPDPDescriptor(const XMLCh* protocol) const=0; - /** Finds an AuthnQuery role supporting a given protocol. */ - virtual const AuthnQueryDescriptorType* getAuthnQueryDescriptorType(const XMLCh* protocol) const=0; - /** Finds an AttributeQuery role supporting a given protocol. */ - virtual const AttributeQueryDescriptorType* getAttributeQueryDescriptorType(const XMLCh* protocol) const=0; - /** Finds an AuthzDecisionQuery role supporting a given protocol. */ - virtual const AuthzDecisionQueryDescriptorType* getAuthzDecisionQueryDescriptorType(const XMLCh* protocol) const=0; - /** Finds an extension role supporting a given protocol. */ + /** Finds an arbitrary role type supporting a given protocol. */ virtual const RoleDescriptor* getRoleDescriptor(const xmltooling::QName& qname, const XMLCh* protocol) const=0; /** EntityDescriptorType local name */ static const XMLCh TYPE_NAME[]; @@ -382,6 +379,62 @@ namespace opensaml { static const XMLCh TYPE_NAME[]; END_XMLOBJECT; + /** + * Predicate to test a role for validity and protocol support. + */ + class isValidForProtocol + { + public: + /** + * Constructor. + * + * @param protocol support constant to test for + */ + isValidForProtocol(const XMLCh* protocol) : m_time(time(NULL)), m_protocol(protocol) { + } + + /** + * Returns true iff the supplied role is valid now and supports the right protocol. + * + * @param role role to test + * @return result of predicate + */ + bool operator()(const RoleDescriptor* role) const { + return role ? (role->isValid(m_time) && role->hasSupport(m_protocol)) : false; + } + + private: + time_t m_time; + const XMLCh* m_protocol; + }; + + /** + * Predicate to test a role for type equivalence, validity, and protocol support. + */ + class ofTypeValidForProtocol : public isValidForProtocol, public xmltooling::hasSchemaType + { + public: + /** + * Constructor. + * + * @param q schema type to test for + * @param protocol support constant to test for + */ + ofTypeValidForProtocol(const xmltooling::QName& q, const XMLCh* protocol) + : isValidForProtocol(protocol), xmltooling::hasSchemaType(q) { + } + + /** + * Returns true iff the supplied role is of the right type, valid now, and supports the right protocol. + * + * @param role role to test + * @return result of predicate + */ + bool operator()(const RoleDescriptor* role) const { + return xmltooling::hasSchemaType::operator()(role) && isValidForProtocol::operator()(role); + } + }; + DECL_SAML2MDOBJECTBUILDER(AdditionalMetadataLocation); DECL_SAML2MDOBJECTBUILDER(AffiliateMember); DECL_SAML2MDOBJECTBUILDER(AffiliationDescriptor); @@ -576,10 +629,10 @@ namespace opensaml { virtual xmltooling::XMLObject* buildObject() const { #endif xmltooling::QName schemaType( - samlconstants::SAML20_NS,AuthnQueryDescriptorType::TYPE_NAME,samlconstants::SAML20MD_QUERY_EXT_PREFIX + samlconstants::SAML20MD_QUERY_EXT_NS,AuthnQueryDescriptorType::TYPE_NAME,samlconstants::SAML20MD_QUERY_EXT_PREFIX ); return buildObject( - samlconstants::SAML20_NS,AuthnQueryDescriptorType::LOCAL_NAME,samlconstants::SAML20_PREFIX,&schemaType + samlconstants::SAML20MD_NS,AuthnQueryDescriptorType::LOCAL_NAME,samlconstants::SAML20MD_PREFIX,&schemaType ); } /** Builder that allows element/type override. */ @@ -623,10 +676,10 @@ namespace opensaml { virtual xmltooling::XMLObject* buildObject() const { #endif xmltooling::QName schemaType( - samlconstants::SAML20_NS,AttributeQueryDescriptorType::TYPE_NAME,samlconstants::SAML20MD_QUERY_EXT_PREFIX + samlconstants::SAML20MD_QUERY_EXT_NS,AttributeQueryDescriptorType::TYPE_NAME,samlconstants::SAML20MD_QUERY_EXT_PREFIX ); return buildObject( - samlconstants::SAML20_NS,AttributeQueryDescriptorType::LOCAL_NAME,samlconstants::SAML20_PREFIX,&schemaType + samlconstants::SAML20MD_NS,AttributeQueryDescriptorType::LOCAL_NAME,samlconstants::SAML20MD_PREFIX,&schemaType ); } /** Builder that allows element/type override. */ @@ -670,10 +723,10 @@ namespace opensaml { virtual xmltooling::XMLObject* buildObject() const { #endif xmltooling::QName schemaType( - samlconstants::SAML20_NS,AuthzDecisionQueryDescriptorType::TYPE_NAME,samlconstants::SAML20MD_QUERY_EXT_PREFIX + samlconstants::SAML20MD_QUERY_EXT_NS,AuthzDecisionQueryDescriptorType::TYPE_NAME,samlconstants::SAML20MD_QUERY_EXT_PREFIX ); return buildObject( - samlconstants::SAML20_NS,AuthzDecisionQueryDescriptorType::LOCAL_NAME,samlconstants::SAML20_PREFIX,&schemaType + samlconstants::SAML20MD_NS,AuthzDecisionQueryDescriptorType::LOCAL_NAME,samlconstants::SAML20MD_PREFIX,&schemaType ); } /** Builder that allows element/type override. */ diff --git a/saml/saml2/metadata/impl/MetadataImpl.cpp b/saml/saml2/metadata/impl/MetadataImpl.cpp index d6f4ce9..51facf4 100644 --- a/saml/saml2/metadata/impl/MetadataImpl.cpp +++ b/saml/saml2/metadata/impl/MetadataImpl.cpp @@ -34,6 +34,7 @@ #include #include +using namespace samlconstants; using namespace opensaml::saml2md; using namespace opensaml::saml2; using namespace opensaml; @@ -43,8 +44,6 @@ using namespace xmltooling; using namespace std; using xmlconstants::XMLSIG_NS; using xmlconstants::XML_BOOL_NULL; -using samlconstants::SAML20_NS; -using samlconstants::SAML20MD_NS; #if defined (_MSC_VER) #pragma warning( push ) @@ -2197,105 +2196,28 @@ namespace opensaml { AbstractAttributeExtensibleXMLObject::setAttribute(qualifiedName, value, ID); } - const IDPSSODescriptor* getIDPSSODescriptor(const XMLCh* protocol) const { - for (vector::const_iterator i=m_IDPSSODescriptors.begin(); i!=m_IDPSSODescriptors.end(); i++) { - if ((*i)->hasSupport(protocol) && (*i)->isValid()) - return (*i); - } - return NULL; - } - - const SPSSODescriptor* getSPSSODescriptor(const XMLCh* protocol) const { - for (vector::const_iterator i=m_SPSSODescriptors.begin(); i!=m_SPSSODescriptors.end(); i++) { - if ((*i)->hasSupport(protocol) && (*i)->isValid()) - return (*i); - } - return NULL; - } - - const AuthnAuthorityDescriptor* getAuthnAuthorityDescriptor(const XMLCh* protocol) const { - for (vector::const_iterator i=m_AuthnAuthorityDescriptors.begin(); i!=m_AuthnAuthorityDescriptors.end(); i++) { - if ((*i)->hasSupport(protocol) && (*i)->isValid()) - return (*i); - } - return NULL; - } - - const AttributeAuthorityDescriptor* getAttributeAuthorityDescriptor(const XMLCh* protocol) const { - for (vector::const_iterator i=m_AttributeAuthorityDescriptors.begin(); i!=m_AttributeAuthorityDescriptors.end(); i++) { - if ((*i)->hasSupport(protocol) && (*i)->isValid()) - return (*i); - } - return NULL; - } - - const PDPDescriptor* getPDPDescriptor(const XMLCh* protocol) const { - for (vector::const_iterator i=m_PDPDescriptors.begin(); i!=m_PDPDescriptors.end(); i++) { - if ((*i)->hasSupport(protocol) && (*i)->isValid()) - return (*i); - } - return NULL; - } - - const AuthnQueryDescriptorType* getAuthnQueryDescriptorType(const XMLCh* protocol) const { - for (vector::const_iterator i=m_AuthnQueryDescriptorTypes.begin(); i!=m_AuthnQueryDescriptorTypes.end(); i++) { - if ((*i)->hasSupport(protocol) && (*i)->isValid()) - return (*i); - } - return NULL; - } - - const AttributeQueryDescriptorType* getAttributeQueryDescriptorType(const XMLCh* protocol) const { - for (vector::const_iterator i=m_AttributeQueryDescriptorTypes.begin(); i!=m_AttributeQueryDescriptorTypes.end(); i++) { - if ((*i)->hasSupport(protocol) && (*i)->isValid()) - return (*i); - } - return NULL; - } - - const AuthzDecisionQueryDescriptorType* getAuthzDecisionQueryDescriptorType(const XMLCh* protocol) const { - for (vector::const_iterator i=m_AuthzDecisionQueryDescriptorTypes.begin(); i!=m_AuthzDecisionQueryDescriptorTypes.end(); i++) { - if ((*i)->hasSupport(protocol) && (*i)->isValid()) - return (*i); - } - return NULL; - } - const RoleDescriptor* getRoleDescriptor(const xmltooling::QName& qname, const XMLCh* protocol) const { // Check for "known" elements/types. - QName q; - q.setNamespaceURI(SAML20MD_NS); - q.setLocalPart(IDPSSODescriptor::LOCAL_NAME); - if (q == qname) - return getIDPSSODescriptor(protocol); - q.setLocalPart(SPSSODescriptor::LOCAL_NAME); - if (q == qname) - return getSPSSODescriptor(protocol); - q.setLocalPart(AuthnAuthorityDescriptor::LOCAL_NAME); - if (q == qname) - return getAuthnAuthorityDescriptor(protocol); - q.setLocalPart(AttributeAuthorityDescriptor::LOCAL_NAME); - if (q == qname) - return getAttributeAuthorityDescriptor(protocol); - q.setLocalPart(PDPDescriptor::LOCAL_NAME); - if (q == qname) - return getPDPDescriptor(protocol); - q.setNamespaceURI(samlconstants::SAML20MD_QUERY_EXT_NS); - q.setLocalPart(AuthnQueryDescriptorType::TYPE_NAME); - if (q == qname) - return getAuthnQueryDescriptorType(protocol); - q.setLocalPart(AttributeQueryDescriptorType::TYPE_NAME); - if (q == qname) - return getAttributeQueryDescriptorType(protocol); - q.setLocalPart(AuthzDecisionQueryDescriptorType::TYPE_NAME); - if (q == qname) - return getAuthzDecisionQueryDescriptorType(protocol); + if (qname == IDPSSODescriptor::ELEMENT_QNAME) + return find_if(m_IDPSSODescriptors, isValidForProtocol(protocol)); + if (qname == SPSSODescriptor::ELEMENT_QNAME) + return find_if(m_SPSSODescriptors, isValidForProtocol(protocol)); + if (qname == AuthnAuthorityDescriptor::ELEMENT_QNAME) + return find_if(m_AuthnAuthorityDescriptors, isValidForProtocol(protocol)); + if (qname == AttributeAuthorityDescriptor::ELEMENT_QNAME) + return find_if(m_AttributeAuthorityDescriptors, isValidForProtocol(protocol)); + if (qname == PDPDescriptor::ELEMENT_QNAME) + return find_if(m_PDPDescriptors, isValidForProtocol(protocol)); + if (qname == AuthnQueryDescriptorType::TYPE_QNAME) + return find_if(m_AuthnQueryDescriptorTypes, isValidForProtocol(protocol)); + if (qname == AttributeQueryDescriptorType::TYPE_QNAME) + return find_if(m_AttributeQueryDescriptorTypes, isValidForProtocol(protocol)); + if (qname == AuthzDecisionQueryDescriptorType::TYPE_QNAME) + return find_if(m_AuthzDecisionQueryDescriptorTypes, isValidForProtocol(protocol)); - for (vector::const_iterator i=m_RoleDescriptors.begin(); i!=m_RoleDescriptors.end(); i++) { - if ((*i)->getSchemaType() && qname==(*((*i)->getSchemaType())) && (*i)->hasSupport(protocol) && (*i)->isValid()) - return (*i); - } - return NULL; + vector::const_iterator i = + find_if(m_RoleDescriptors.begin(), m_RoleDescriptors.end(), ofTypeValidForProtocol(qname,protocol)); + return (i!=m_RoleDescriptors.end()) ? *i : NULL; } protected: @@ -2452,6 +2374,15 @@ namespace opensaml { #pragma warning( pop ) #endif +IMPL_ELEMENT_QNAME(IDPSSODescriptor, SAML20MD_NS, SAML20MD_PREFIX); +IMPL_ELEMENT_QNAME(SPSSODescriptor, SAML20MD_NS, SAML20MD_PREFIX); +IMPL_ELEMENT_QNAME(AuthnAuthorityDescriptor, SAML20MD_NS, SAML20MD_PREFIX); +IMPL_ELEMENT_QNAME(AttributeAuthorityDescriptor, SAML20MD_NS, SAML20MD_PREFIX); +IMPL_ELEMENT_QNAME(PDPDescriptor, SAML20MD_NS, SAML20MD_PREFIX); +IMPL_TYPE_QNAME(AuthnQueryDescriptorType, SAML20MD_QUERY_EXT_NS, SAML20MD_QUERY_EXT_PREFIX); +IMPL_TYPE_QNAME(AttributeQueryDescriptorType, SAML20MD_QUERY_EXT_NS, SAML20MD_QUERY_EXT_PREFIX); +IMPL_TYPE_QNAME(AuthzDecisionQueryDescriptorType, SAML20MD_QUERY_EXT_NS, SAML20MD_QUERY_EXT_PREFIX); + // Builder Implementations IMPL_XMLOBJECTBUILDER(AdditionalMetadataLocation); -- 2.1.4