shibsp/attribute/resolver/impl/KeyDescriptorAttributeExtractor.cpp

   1 /*
   2  *  Copyright 2009-2010 Internet2
   3  *
   4  * Licensed under the Apache License, Version 2.0 (the "License");
   5  * you may not use this file except in compliance with the License.
   6  * You may obtain a copy of the License at
   7  *
   8  *     http://www.apache.org/licenses/LICENSE-2.0
   9  *
  10  * Unless required by applicable law or agreed to in writing, software
  11  * distributed under the License is distributed on an "AS IS" BASIS,
  12  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  13  * See the License for the specific language governing permissions and
  14  * limitations under the License.
  15  */
  16
  17 /**
  18  * KeyDescriptorAttributeExtractor.cpp
  19  *
  20  * AttributeExtractor for KeyDescriptor information.
  21  */
  22
  23 #include "internal.h"
  24 #include "exceptions.h"
  25 #include "Application.h"
  26 #include "attribute/AttributeDecoder.h"
  27 #include "attribute/SimpleAttribute.h"
  28 #include "attribute/resolver/AttributeExtractor.h"
  29
  30 #include <saml/saml2/metadata/Metadata.h>
  31 #include <saml/saml2/metadata/MetadataCredentialCriteria.h>
  32 #include <saml/saml2/metadata/MetadataProvider.h>
  33 #include <xmltooling/security/Credential.h>
  34 #include <xmltooling/security/SecurityHelper.h>
  35 #include <xmltooling/util/XMLHelper.h>
  36 #include <xercesc/util/XMLUniDefs.hpp>
  37
  38 using namespace shibsp;
  39 using namespace opensaml::saml2md;
  40 using namespace opensaml;
  41 using namespace xmltooling;
  42 using namespace std;
  43
  44 namespace shibsp {
  45
  46 #if defined (_MSC_VER)
  47     #pragma warning( push )
  48     #pragma warning( disable : 4250 )
  49 #endif
  50
  51     class KeyDescriptorExtractor : public AttributeExtractor
  52     {
  53     public:
  54         KeyDescriptorExtractor(const DOMElement* e);
  55         ~KeyDescriptorExtractor() {}
  56
  57         Lockable* lock() {
  58             return this;
  59         }
  60
  61         void unlock() {
  62         }
  63
  64         void extractAttributes(
  65             const Application& application, const RoleDescriptor* issuer, const XMLObject& xmlObject, vector<Attribute*>& attributes
  66             ) const;
  67
  68         void getAttributeIds(std::vector<std::string>& attributes) const {
  69             if (!m_hashId.empty())
  70                 attributes.push_back(m_hashId.front());
  71             if (!m_signingId.empty())
  72                 attributes.push_back(m_signingId.front());
  73             if (!m_encryptionId.empty())
  74                 attributes.push_back(m_encryptionId.front());
  75         }
  76
  77     private:
  78         string m_hashAlg;
  79         vector<string> m_hashId;
  80         vector<string> m_signingId;
  81         vector<string> m_encryptionId;
  82     };
  83
  84 #if defined (_MSC_VER)
  85     #pragma warning( pop )
  86 #endif
  87
  88     AttributeExtractor* SHIBSP_DLLLOCAL KeyDescriptorAttributeExtractorFactory(const DOMElement* const & e)
  89     {
  90         return new KeyDescriptorExtractor(e);
  91     }
  92
  93     static const XMLCh encryptionId[] = UNICODE_LITERAL_12(e,n,c,r,y,p,t,i,o,n,I,d);
  94     static const XMLCh hashId[] =       UNICODE_LITERAL_6(h,a,s,h,I,d);
  95     static const XMLCh hashAlg[] =      UNICODE_LITERAL_7(h,a,s,h,A,l,g);
  96     static const XMLCh signingId[] =    UNICODE_LITERAL_9(s,i,g,n,i,n,g,I,d);
  97 };
  98
  99 KeyDescriptorExtractor::KeyDescriptorExtractor(const DOMElement* e) : m_hashAlg(XMLHelper::getAttrString(e, "SHA1", hashAlg))
 100 {
 101     if (e) {
 102         string a(XMLHelper::getAttrString(e, nullptr, hashId));
 103         if (!a.empty())
 104             m_hashId.push_back(a);
 105         a = XMLHelper::getAttrString(e, nullptr, signingId);
 106         if (!a.empty())
 107             m_signingId.push_back(a);
 108         a = XMLHelper::getAttrString(e, nullptr, encryptionId);
 109         if (!a.empty())
 110             m_encryptionId.push_back(a);
 111     }
 112     if (m_hashId.empty() && m_signingId.empty() && m_encryptionId.empty())
 113         throw ConfigurationException("KeyDescriptor AttributeExtractor requires hashId, signingId, or encryptionId property.");
 114 }
 115
 116 void KeyDescriptorExtractor::extractAttributes(
 117     const Application& application, const RoleDescriptor* issuer, const XMLObject& xmlObject, vector<Attribute*>& attributes
 118     ) const
 119 {
 120     const RoleDescriptor* role = dynamic_cast<const RoleDescriptor*>(&xmlObject);
 121     if (!role)
 122         return;
 123
 124     vector<const Credential*> creds;
 125     MetadataCredentialCriteria mcc(*role);
 126
 127     if (!m_signingId.empty() || !m_hashId.empty()) {
 128         mcc.setUsage(Credential::SIGNING_CREDENTIAL);
 129         if (application.getMetadataProvider()->resolve(creds, &mcc)) {
 130             if (!m_hashId.empty()) {
 131                 auto_ptr<SimpleAttribute> attr(new SimpleAttribute(m_hashId));
 132                 vector<string>& vals = attr->getValues();
 133                 for (vector<const Credential*>::const_iterator c = creds.begin(); c != creds.end(); ++c) {
 134                     if (vals.empty() || !vals.back().empty())
 135                         vals.push_back(string());
 136                     vals.back() = SecurityHelper::getDEREncoding(*(*c), m_hashAlg.c_str());
 137                 }
 138                 if (vals.back().empty())
 139                     vals.pop_back();
 140                 if (!vals.empty())
 141                     attributes.push_back(attr.release());
 142             }
 143             if (!m_signingId.empty()) {
 144                 auto_ptr<SimpleAttribute> attr(new SimpleAttribute(m_signingId));
 145                 vector<string>& vals = attr->getValues();
 146                 for (vector<const Credential*>::const_iterator c = creds.begin(); c != creds.end(); ++c) {
 147                     if (vals.empty() || !vals.back().empty())
 148                         vals.push_back(string());
 149                     vals.back() = SecurityHelper::getDEREncoding(*(*c));
 150                 }
 151                 if (vals.back().empty())
 152                     vals.pop_back();
 153                 if (!vals.empty())
 154                     attributes.push_back(attr.release());
 155             }
 156             creds.clear();
 157         }
 158     }
 159
 160     if (!m_encryptionId.empty()) {
 161         mcc.setUsage(Credential::ENCRYPTION_CREDENTIAL);
 162         if (application.getMetadataProvider()->resolve(creds, &mcc)) {
 163             auto_ptr<SimpleAttribute> attr(new SimpleAttribute(m_encryptionId));
 164             vector<string>& vals = attr->getValues();
 165             for (vector<const Credential*>::const_iterator c = creds.begin(); c != creds.end(); ++c) {
 166                 if (vals.empty() || !vals.back().empty())
 167                     vals.push_back(string());
 168                 vals.back() = SecurityHelper::getDEREncoding(*(*c));
 169             }
 170             if (vals.back().empty())
 171                 vals.pop_back();
 172             if (!vals.empty())
 173                 attributes.push_back(attr.release());
 174         }
 175     }
 176 }