2 * Copyright 2001-2009 Internet2
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
8 * http://www.apache.org/licenses/LICENSE-2.0
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
18 * AttributeScopeMatchesShibMDScopeFunctor.cpp
20 * A match function that ensures that an attributes value's scope matches a scope given in metadata for the entity or role.
24 #include "exceptions.h"
25 #include "attribute/Attribute.h"
26 #include "attribute/filtering/FilteringContext.h"
27 #include "attribute/filtering/FilterPolicyContext.h"
28 #include "attribute/filtering/MatchFunctor.h"
29 #include "metadata/MetadataExt.h"
31 #include <saml/saml2/metadata/Metadata.h>
32 #include <xercesc/util/regx/RegularExpression.hpp>
34 using namespace opensaml::saml2md;
35 using namespace xmltooling;
40 static const XMLCh groupID[] = UNICODE_LITERAL_7(g,r,o,u,p,I,D);
43 * A match function that ensures that an attributes value's scope matches a scope given in metadata for the entity or role.
45 class SHIBSP_DLLLOCAL AttributeScopeMatchesShibMDScopeFunctor : public MatchFunctor
48 bool evaluatePolicyRequirement(const FilteringContext& filterContext) const {
49 throw AttributeFilteringException("Metadata scope matching not usable as a PolicyRequirement.");
52 bool evaluatePermitValue(const FilteringContext& filterContext, const Attribute& attribute, size_t index) const {
53 const RoleDescriptor* issuer = filterContext.getAttributeIssuerMetadata();
57 const char* scope = attribute.getScope(index);
58 if (!scope || !*scope)
62 const XMLCh* widescope=NULL;
63 const Extensions* ext = issuer->getExtensions();
65 const vector<XMLObject*>& exts = ext->getUnknownXMLObjects();
66 for (vector<XMLObject*>::const_iterator e = exts.begin(); e!=exts.end(); ++e) {
67 rule = dynamic_cast<const Scope*>(*e);
70 widescope = fromUTF8(scope);
71 if (matches(*rule, widescope)) {
79 ext = dynamic_cast<const EntityDescriptor*>(issuer->getParent())->getExtensions();
81 const vector<XMLObject*>& exts = ext->getUnknownXMLObjects();
82 for (vector<XMLObject*>::const_iterator e = exts.begin(); e!=exts.end(); ++e) {
83 rule = dynamic_cast<const Scope*>(*e);
86 widescope = fromUTF8(scope);
87 if (matches(*rule, widescope)) {
100 bool matches(const Scope& rule, const XMLCh* scope) const {
101 const XMLCh* val = rule.getValue();
104 RegularExpression re(val);
105 return re.matches(scope);
108 return XMLString::equals(val, scope);
115 MatchFunctor* SHIBSP_DLLLOCAL AttributeScopeMatchesShibMDScopeFactory(const std::pair<const FilterPolicyContext*,const DOMElement*>& p)
117 return new AttributeScopeMatchesShibMDScopeFunctor();