Imported Upstream version 2.2.1+dfsg

[shibboleth/sp.git] / shibsp / handler / impl / MetadataGenerator.cpp

diff --git a/shibsp/handler/impl/MetadataGenerator.cpp b/shibsp/handler/impl/MetadataGenerator.cpp
index 08e73e0..2a847cb 100644 (file)
--- a/shibsp/handler/impl/MetadataGenerator.cpp
+++ b/shibsp/handler/impl/MetadataGenerator.cpp
@@ -1,6 +1,6 @@
 /*
  *  Copyright 2001-2007 Internet2
- * 
+ *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
  * You may obtain a copy of the License at
@@ -16,7 +16,7 @@
 
 /**
  * MetadataGenerator.cpp
- * 
+ *
  * Handler for generating "approximate" metadata based on SP configuration.
  */
 
@@ -29,6 +29,7 @@
 
 #ifndef SHIBSP_LITE
 # include "metadata/MetadataProviderCriteria.h"
+# include <xmltooling/util/PathResolver.h>
 #endif
 
 #include <xercesc/framework/LocalFileInputSource.hpp>
@@ -53,7 +54,12 @@ namespace shibsp {
     class SHIBSP_DLLLOCAL Blocker : public DOMNodeFilter
     {
     public:
-        short acceptNode(const DOMNode* node) const {
+#ifdef SHIBSP_XERCESC_SHORT_ACCEPTNODE
+        short
+#else
+        FilterAction
+#endif
+        acceptNode(const DOMNode* node) const {
             return FILTER_REJECT;
         }
     };
@@ -121,14 +127,14 @@ MetadataGenerator::MetadataGenerator(const DOMElement* e, const char* appId)
 
 #ifndef SHIBSP_LITE
     static XMLCh EndpointBase[] = UNICODE_LITERAL_12(E,n,d,p,o,i,n,t,B,a,s,e);
-    
+
     pair<bool,bool> flag = getBool("http");
     if (flag.first)
         m_http = flag.second ? 1 : -1;
     flag = getBool("https");
     if (flag.first)
         m_https = flag.second ? 1 : -1;
-    
+
     e = XMLHelper::getFirstChildElement(e, EndpointBase);
     while (e) {
         if (e->hasChildNodes()) {
@@ -148,10 +154,10 @@ pair<bool,long> MetadataGenerator::run(SPRequest& request, bool isHandler) const
         if (!m_acl.empty() && m_acl.count(request.getRemoteAddr()) == 0) {
             m_log.error("request for metadata blocked from invalid address (%s)", request.getRemoteAddr().c_str());
             istringstream msg("Metadata Request Blocked");
-            return make_pair(true,request.sendResponse(msg, HTTPResponse::XMLTOOLING_HTTP_STATUS_UNAUTHORIZED));
+            return make_pair(true,request.sendResponse(msg, HTTPResponse::XMLTOOLING_HTTP_STATUS_FORBIDDEN));
         }
     }
-    
+
     try {
         if (conf.isEnabled(SPConfig::OutOfProcess)) {
             // When out of process, we run natively and directly process the message.
@@ -165,7 +171,7 @@ pair<bool,long> MetadataGenerator::run(SPRequest& request, bool isHandler) const
             if (request.getParameter("entityID"))
                 in.addmember("entity_id").string(request.getParameter("entityID"));
             DDFJanitor jin(in), jout(out);
-            
+
             out=request.getServiceProvider().getListenerService()->send(in);
             return unwrap(request, out);
         }
@@ -191,12 +197,12 @@ void MetadataGenerator::receive(DDF& in, ostream& out)
     else if (!hurl) {
         throw ConfigurationException("Missing handler_url parameter in remoted method call.");
     }
-    
+
     // Wrap a response shim.
     DDF ret(NULL);
     DDFJanitor jout(ret);
     auto_ptr<HTTPResponse> resp(getResponse(ret));
-        
+
     // Since we're remoted, the result should either be a throw, a false/0 return,
     // which we just return as an empty structure, or a response/redirect,
     // which we capture in the facade and send back.
@@ -226,7 +232,10 @@ pair<bool,long> MetadataGenerator::processMessage(
     pair<bool,const char*> prop = getString("template");
     if (prop.first) {
         // Load a template to use for our metadata.
-        LocalFileInputSource src(getXMLString("template").second);
+        string templ(prop.second);
+        XMLToolingConfig::getConfig().getPathResolver()->resolve(templ, PathResolver::XMLTOOLING_CFG_FILE);
+        auto_ptr_XMLCh widenit(templ.c_str());
+        LocalFileInputSource src(widenit.get());
         Wrapper4InputSource dsrc(&src,false);
         DOMDocument* doc=XMLToolingConfig::getConfig().getParser().parse(dsrc);
         XercesJanitor<DOMDocument> docjan(doc);
@@ -234,7 +243,7 @@ pair<bool,long> MetadataGenerator::processMessage(
         docjan.release();
         entity = dynamic_cast<EntityDescriptor*>(xmlobj.get());
         if (!entity)
-            throw ConfigurationException("Template file ($1) did not contain an EntityDescriptor", params(1, prop.second));
+            throw ConfigurationException("Template file ($1) did not contain an EntityDescriptor", params(1, templ.c_str()));
         xmlobj.release();
     }
     else {
@@ -243,8 +252,14 @@ pair<bool,long> MetadataGenerator::processMessage(
 
     auto_ptr<EntityDescriptor> wrapper(entity);
     pair<bool,unsigned int> cache = getUnsignedInt("cacheDuration");
-    if (cache.first)
-        entity->setValidUntil(time(NULL) + cache.second);
+    if (cache.first) {
+        entity->setCacheDuration(cache.second);
+    }
+    else {
+        cache = getUnsignedInt("validUntil");
+        if (cache.first)
+            entity->setValidUntil(time(NULL) + cache.second);
+    }
     entity->setEntityID(relyingParty->getXMLString("entityID").second);
 
     SPSSODescriptor* role;
@@ -355,7 +370,7 @@ pair<bool,long> MetadataGenerator::processMessage(
             XMLHelper::serialize(entity->marshall(), pretty, true);
             DOMDocument* prettydoc = XMLToolingConfig::getConfig().getParser().parse(pretty);
             auto_ptr<XMLObject> prettyentity(XMLObjectBuilder::buildOneFromElement(prettydoc->getDocumentElement(), true));
-    
+
             Signature* sig = SignatureBuilder::buildSignature();
             dynamic_cast<EntityDescriptor*>(prettyentity.get())->setSignature(sig);
             if (sigalg.first)