2 * Copyright 2009 Internet2
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
8 * http://www.apache.org/licenses/LICENSE-2.0
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
18 * KeyDescriptorAttributeExtractor.cpp
20 * AttributeExtractor for KeyDescriptor information.
24 #include "Application.h"
25 #include "attribute/AttributeDecoder.h"
26 #include "attribute/SimpleAttribute.h"
27 #include "attribute/resolver/AttributeExtractor.h"
29 #include <saml/saml2/metadata/Metadata.h>
30 #include <saml/saml2/metadata/MetadataCredentialCriteria.h>
31 #include <xmltooling/security/SecurityHelper.h>
32 #include <xmltooling/util/XMLHelper.h>
33 #include <xercesc/util/XMLUniDefs.hpp>
35 using namespace shibsp;
36 using namespace opensaml::saml2md;
37 using namespace opensaml;
38 using namespace xmltooling;
43 #if defined (_MSC_VER)
44 #pragma warning( push )
45 #pragma warning( disable : 4250 )
48 class KeyDescriptorExtractor : public AttributeExtractor
51 KeyDescriptorExtractor(const DOMElement* e);
52 ~KeyDescriptorExtractor() {}
61 void extractAttributes(
62 const Application& application, const RoleDescriptor* issuer, const XMLObject& xmlObject, vector<Attribute*>& attributes
65 void getAttributeIds(std::vector<std::string>& attributes) const {
66 if (!m_hashId.empty())
67 attributes.push_back(m_hashId.front());
68 if (!m_signingId.empty())
69 attributes.push_back(m_signingId.front());
70 if (!m_encryptionId.empty())
71 attributes.push_back(m_encryptionId.front());
75 vector<string> m_hashId;
76 vector<string> m_signingId;
77 vector<string> m_encryptionId;
80 #if defined (_MSC_VER)
81 #pragma warning( pop )
84 AttributeExtractor* SHIBSP_DLLLOCAL KeyDescriptorAttributeExtractorFactory(const DOMElement* const & e)
86 return new KeyDescriptorExtractor(e);
89 static const XMLCh encryptionId[] = UNICODE_LITERAL_12(e,n,c,r,y,p,t,i,o,n,I,d);
90 static const XMLCh hashId[] = UNICODE_LITERAL_6(h,a,s,h,I,d);
91 static const XMLCh signingId[] = UNICODE_LITERAL_9(s,i,g,n,i,n,g,I,d);
94 KeyDescriptorExtractor::KeyDescriptorExtractor(const DOMElement* e)
97 const XMLCh* a = e->getAttributeNS(NULL, hashId);
99 auto_ptr_char temp(a);
100 m_hashId.push_back(temp.get());
102 a = e->getAttributeNS(NULL, signingId);
104 auto_ptr_char temp(a);
105 m_signingId.push_back(temp.get());
107 a = e->getAttributeNS(NULL, encryptionId);
109 auto_ptr_char temp(a);
110 m_encryptionId.push_back(temp.get());
113 if (m_hashId.empty() && m_signingId.empty() && m_encryptionId.empty())
114 throw ConfigurationException("KeyDescriptor AttributeExtractor requires hashId, signingId, or encryptionId property.");
117 void KeyDescriptorExtractor::extractAttributes(
118 const Application& application, const RoleDescriptor* issuer, const XMLObject& xmlObject, vector<Attribute*>& attributes
121 const RoleDescriptor* role = dynamic_cast<const RoleDescriptor*>(&xmlObject);
125 vector<const Credential*> creds;
126 MetadataCredentialCriteria mcc(*role);
128 if (!m_signingId.empty() || !m_hashId.empty()) {
129 mcc.setUsage(Credential::SIGNING_CREDENTIAL);
130 if (application.getMetadataProvider()->resolve(creds, &mcc)) {
131 if (!m_hashId.empty()) {
132 auto_ptr<SimpleAttribute> attr(new SimpleAttribute(m_hashId));
133 vector<string>& vals = attr->getValues();
134 for (vector<const Credential*>::const_iterator c = creds.begin(); c != creds.end(); ++c) {
135 if (vals.empty() || !vals.back().empty())
136 vals.push_back(string());
137 vals.back() = SecurityHelper::getDEREncoding(*(*c), true);
139 if (vals.back().empty())
142 attributes.push_back(attr.release());
144 if (!m_signingId.empty()) {
145 auto_ptr<SimpleAttribute> attr(new SimpleAttribute(m_signingId));
146 vector<string>& vals = attr->getValues();
147 for (vector<const Credential*>::const_iterator c = creds.begin(); c != creds.end(); ++c) {
148 if (vals.empty() || !vals.back().empty())
149 vals.push_back(string());
150 vals.back() = SecurityHelper::getDEREncoding(*(*c));
152 if (vals.back().empty())
155 attributes.push_back(attr.release());
161 if (!m_encryptionId.empty()) {
162 mcc.setUsage(Credential::ENCRYPTION_CREDENTIAL);
163 if (application.getMetadataProvider()->resolve(creds, &mcc)) {
164 auto_ptr<SimpleAttribute> attr(new SimpleAttribute(m_encryptionId));
165 vector<string>& vals = attr->getValues();
166 for (vector<const Credential*>::const_iterator c = creds.begin(); c != creds.end(); ++c) {
167 if (vals.empty() || !vals.back().empty())
168 vals.push_back(string());
169 vals.back() = SecurityHelper::getDEREncoding(*(*c));
171 if (vals.back().empty())
174 attributes.push_back(attr.release());