https://bugs.internet2.edu/jira/browse/SSPCPP-288

[shibboleth/sp.git] / shibsp / handler / impl / MetadataGenerator.cpp

diff --git a/shibsp/handler/impl/MetadataGenerator.cpp b/shibsp/handler/impl/MetadataGenerator.cpp
index 94f8485..322b7e3 100644 (file)
--- a/shibsp/handler/impl/MetadataGenerator.cpp
+++ b/shibsp/handler/impl/MetadataGenerator.cpp
@@ -1,5 +1,5 @@
 /*
- *  Copyright 2001-2007 Internet2
+ *  Copyright 2001-2010 Internet2
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -24,16 +24,28 @@
 #include "Application.h"
 #include "exceptions.h"
 #include "ServiceProvider.h"
+#include "SPRequest.h"
 #include "handler/AbstractHandler.h"
 #include "handler/RemotedHandler.h"
 
 #ifndef SHIBSP_LITE
 # include "metadata/MetadataProviderCriteria.h"
+# include <saml/exceptions.h>
+# include <saml/SAMLConfig.h>
+# include <saml/signature/ContentReference.h>
+# include <saml/saml2/metadata/Metadata.h>
+# include <saml/saml2/metadata/MetadataProvider.h>
+# include <xmltooling/XMLToolingConfig.h>
+# include <xmltooling/security/Credential.h>
+# include <xmltooling/security/CredentialCriteria.h>
+# include <xmltooling/security/SecurityHelper.h>
+# include <xmltooling/signature/Signature.h>
+# include <xmltooling/util/ParserPool.h>
 # include <xmltooling/util/PathResolver.h>
+# include <xercesc/framework/LocalFileInputSource.hpp>
+# include <xercesc/framework/Wrapper4InputSource.hpp>
 #endif
 
-#include <xercesc/framework/LocalFileInputSource.hpp>
-#include <xercesc/framework/Wrapper4InputSource.hpp>
 
 using namespace shibsp;
 #ifndef SHIBSP_LITE
@@ -54,7 +66,12 @@ namespace shibsp {
     class SHIBSP_DLLLOCAL Blocker : public DOMNodeFilter
     {
     public:
-        short acceptNode(const DOMNode* node) const {
+#ifdef SHIBSP_XERCESC_SHORT_ACCEPTNODE
+        short
+#else
+        FilterAction
+#endif
+        acceptNode(const DOMNode* node) const {
             return FILTER_REJECT;
         }
     };
@@ -80,6 +97,7 @@ namespace shibsp {
 
         set<string> m_acl;
 #ifndef SHIBSP_LITE
+        string m_salt;
         short m_http,m_https;
         vector<string> m_bases;
 #endif
@@ -123,6 +141,10 @@ MetadataGenerator::MetadataGenerator(const DOMElement* e, const char* appId)
 #ifndef SHIBSP_LITE
     static XMLCh EndpointBase[] = UNICODE_LITERAL_12(E,n,d,p,o,i,n,t,B,a,s,e);
 
+    pair<bool,const char*> salt = getString("salt");
+    if (salt.first)
+        m_salt = salt.second;
+
     pair<bool,bool> flag = getBool("http");
     if (flag.first)
         m_http = flag.second ? 1 : -1;
@@ -245,16 +267,21 @@ pair<bool,long> MetadataGenerator::processMessage(
         entity = EntityDescriptorBuilder::buildEntityDescriptor();
     }
 
+    if (!entity->getID()) {
+        string hashinput = m_salt + relyingParty->getString("entityID").second;
+        string hashed = '_' + SecurityHelper::doHash("SHA1", hashinput.c_str(), hashinput.length());
+        auto_ptr_XMLCh widenit(hashed.c_str());
+        entity->setID(widenit.get());
+    }
+
     auto_ptr<EntityDescriptor> wrapper(entity);
     pair<bool,unsigned int> cache = getUnsignedInt("cacheDuration");
     if (cache.first) {
         entity->setCacheDuration(cache.second);
     }
-    else {
-        cache = getUnsignedInt("validUntil");
-        if (cache.first)
-            entity->setValidUntil(time(NULL) + cache.second);
-    }
+    cache = getUnsignedInt("validUntil");
+    if (cache.first)
+        entity->setValidUntil(time(NULL) + cache.second);
     entity->setEntityID(relyingParty->getXMLString("entityID").second);
 
     SPSSODescriptor* role;