}\r
}\r
}\r
+\r
+ CredentialResolver* cr=NULL;\r
+ const vector<saml2::EncryptedAttribute*>& encattrs = const_cast<const saml2::AttributeStatement*>(*s)->getEncryptedAttributes();\r
+ if (!encattrs.empty()) {\r
+ const PropertySet* credUse = ctx.getApplication().getCredentialUse(ctx.getEntityDescriptor());\r
+ if (credUse)\r
+ cr = ctx.getApplication().getServiceProvider().getCredentialResolver(credUse->getString("Encryption").second);\r
+ if (!cr) {\r
+ Category::getInstance(SHIBSP_LOGCAT".AttributeResolver").warn(\r
+ "found encrypted attributes, but no decryption credential was available"\r
+ );\r
+ return;\r
+ }\r
+ Locker credlocker(cr);\r
+ const XMLCh* recipient = ctx.getApplication().getXMLString("providerId").second;\r
+ for (vector<saml2::EncryptedAttribute*>::const_iterator ea = encattrs.begin(); ea!=encattrs.end(); ++ea) {\r
+ auto_ptr<XMLObject> decrypted((*ea)->decrypt(cr, recipient));\r
+ const saml2::Attribute* decattr = dynamic_cast<const saml2::Attribute*>(decrypted.get());\r
+ name = decattr->getName();\r
+ format = decattr->getNameFormat();\r
+ if (!name || !*name)\r
+ continue;\r
+ if (!format || !*format)\r
+ format = saml2::Attribute::UNSPECIFIED;\r
+ else if (XMLString::equals(format, saml2::Attribute::URI_REFERENCE))\r
+ format = &chNull;\r
+#ifdef HAVE_GOOD_STL\r
+ if ((rule=m_attrMap.find(make_pair(name,format))) != m_attrMap.end()) {\r
+#else\r
+ auto_ptr_char temp1(name);\r
+ auto_ptr_char temp2(format);\r
+ if ((rule=m_attrMap.find(make_pair(temp1.get(),temp2.get()))) != m_attrMap.end()) {\r
+#endif\r
+ if (aset.empty() || aset.count(rule->second.second)) {\r
+ resolved.push_back(\r
+ rule->second.first->decode(rule->second.second.c_str(), decattr, assertingParty.get(), relyingParty)\r
+ );\r
+ }\r
+ }\r
+ }\r
+ }\r
}\r
}\r
\r