2 * Copyright 2001-2010 Internet2
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
8 * http://www.apache.org/licenses/LICENSE-2.0
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
18 * AttributeScopeMatchesShibMDScopeFunctor.cpp
20 * A match function that ensures that an attributes value's scope matches
21 * a scope given in metadata for the entity or role.
25 #include "exceptions.h"
26 #include "attribute/Attribute.h"
27 #include "attribute/filtering/FilteringContext.h"
28 #include "attribute/filtering/FilterPolicyContext.h"
29 #include "attribute/filtering/MatchFunctor.h"
30 #include "metadata/MetadataExt.h"
32 #include <saml/saml2/metadata/Metadata.h>
33 #include <xercesc/util/regx/RegularExpression.hpp>
35 using namespace opensaml::saml2md;
36 using namespace xmltooling;
41 static const XMLCh groupID[] = UNICODE_LITERAL_7(g,r,o,u,p,I,D);
44 * A match function that ensures that an attributes value's scope matches a scope given in metadata for the entity or role.
46 class SHIBSP_DLLLOCAL AttributeScopeMatchesShibMDScopeFunctor : public MatchFunctor
49 bool evaluatePolicyRequirement(const FilteringContext& filterContext) const {
50 throw AttributeFilteringException("Metadata scope matching not usable as a PolicyRequirement.");
53 bool evaluatePermitValue(const FilteringContext& filterContext, const Attribute& attribute, size_t index) const {
54 const RoleDescriptor* issuer = filterContext.getAttributeIssuerMetadata();
58 const char* scope = attribute.getScope(index);
59 if (!scope || !*scope)
63 const XMLCh* widescope=nullptr;
64 const Extensions* ext = issuer->getExtensions();
66 const vector<XMLObject*>& exts = ext->getUnknownXMLObjects();
67 for (vector<XMLObject*>::const_iterator e = exts.begin(); e!=exts.end(); ++e) {
68 rule = dynamic_cast<const Scope*>(*e);
71 widescope = fromUTF8(scope);
72 if (matches(*rule, widescope)) {
80 ext = dynamic_cast<const EntityDescriptor*>(issuer->getParent())->getExtensions();
82 const vector<XMLObject*>& exts = ext->getUnknownXMLObjects();
83 for (vector<XMLObject*>::const_iterator e = exts.begin(); e!=exts.end(); ++e) {
84 rule = dynamic_cast<const Scope*>(*e);
87 widescope = fromUTF8(scope);
88 if (matches(*rule, widescope)) {
101 bool matches(const Scope& rule, const XMLCh* scope) const {
102 const XMLCh* val = rule.getValue();
105 RegularExpression re(val);
106 return re.matches(scope);
109 return XMLString::equals(val, scope);
116 MatchFunctor* SHIBSP_DLLLOCAL AttributeScopeMatchesShibMDScopeFactory(const std::pair<const FilterPolicyContext*,const DOMElement*>& p)
118 return new AttributeScopeMatchesShibMDScopeFunctor();