[opensaml2] 29/38: CPPOST-97 SignatureMetadataFilter skips filtering already filtered files
Ferenc Wágner
wferi at moszumanska.debian.org
Tue Aug 30 20:53:57 UTC 2016
This is an automated email from the git hooks/post-receive script.
wferi pushed a commit to branch master
in repository opensaml2.
commit 83a0c67e400981025b9410f636042477879cee50
Author: Rod Widdowson <rdw at steadingsoftware.com>
Date: Thu Jun 16 16:54:04 2016 +0100
CPPOST-97 SignatureMetadataFilter skips filtering already filtered files
https://issues.shibboleth.net/jira/browse/CPPOST-97
By default (but configurably: skipFromBackup="false") SignatureMetadataFilter
will not run over files which have been downloaded and saved locally.
Particularly during reboot, this saves time on big files.
This involves:
+ Rejigging the filter interface to allow dynamic and static filters
+ Adding a new BatchLoadMetadataFilterContext context
+ Telling SignatureMetadataFilter to look at it and
+ XMLMetadataProvider to populate it
---
saml/saml2/metadata/MetadataFilter.h | 13 ++++++++-
saml/saml2/metadata/MetadataProvider.h | 13 +++++++++
saml/saml2/metadata/impl/MetadataProvider.cpp | 33 ++++++++++++++++++++--
.../metadata/impl/SignatureMetadataFilter.cpp | 16 ++++++++++-
saml/saml2/metadata/impl/XMLMetadataProvider.cpp | 3 +-
5 files changed, 73 insertions(+), 5 deletions(-)
diff --git a/saml/saml2/metadata/MetadataFilter.h b/saml/saml2/metadata/MetadataFilter.h
index 6572c52..edbb047 100644
--- a/saml/saml2/metadata/MetadataFilter.h
+++ b/saml/saml2/metadata/MetadataFilter.h
@@ -44,6 +44,17 @@ namespace opensaml {
virtual ~MetadataFilterContext();
};
+ class SAML_API BatchLoadMetadataFilterContext : public virtual MetadataFilterContext
+ {
+ MAKE_NONCOPYABLE( BatchLoadMetadataFilterContext);
+ public:
+ BatchLoadMetadataFilterContext(bool isBackingFile);
+ bool isBackingFile() const;
+ ~ BatchLoadMetadataFilterContext();
+ private:
+ bool m_isBackingFile;
+ };
+
/**
* A metadata filter is used to process metadata after resolution and unmarshalling.
*
@@ -67,7 +78,7 @@ namespace opensaml {
virtual const char* getId() const=0;
/**
- * @deprecated
+ * @Deprecated
* Filters the given metadata. Exceptions should generally not be thrown to
* signal the removal of information, only for systemic processing failure.
*
diff --git a/saml/saml2/metadata/MetadataProvider.h b/saml/saml2/metadata/MetadataProvider.h
index e8c852f..c3e7b41 100644
--- a/saml/saml2/metadata/MetadataProvider.h
+++ b/saml/saml2/metadata/MetadataProvider.h
@@ -254,13 +254,26 @@ namespace opensaml {
protected:
/**
+ * @Deprecated
* Applies any installed filters to a metadata instance.
+ * This passes the statically provided context to the filter
+ * and so is equivalent to doFilters(m_filterContext, xmlObject)
*
* @param xmlObject the metadata to be filtered
*/
void doFilters(xmltooling::XMLObject& xmlObject) const;
+ /**
+ * Applies any installed filters to a metadata instance.
+ * This must not be called if the static context has been set (via setContext).
+ *
+ * @param ctx The Context for this filtering operation.
+ * @param xmlObject the metadata to be filtered
+ */
+ void doFilters(const MetadataFilterContext* ctx, xmltooling::XMLObject& xmlObject) const;
+
private:
+ void doFiltersInternal(const MetadataFilterContext* ctx, xmltooling::XMLObject& xmlObject) const;
const MetadataFilterContext* m_filterContext;
boost::ptr_vector<MetadataFilter> m_filters;
};
diff --git a/saml/saml2/metadata/impl/MetadataProvider.cpp b/saml/saml2/metadata/impl/MetadataProvider.cpp
index efb923a..3155a38 100644
--- a/saml/saml2/metadata/impl/MetadataProvider.cpp
+++ b/saml/saml2/metadata/impl/MetadataProvider.cpp
@@ -172,15 +172,31 @@ void MetadataProvider::setContext(const MetadataFilterContext* ctx)
m_filterContext = ctx;
}
-void MetadataProvider::doFilters(XMLObject& xmlObject) const
+void MetadataProvider::doFiltersInternal(const MetadataFilterContext* ctx, XMLObject& xmlObject) const
{
Category& log = Category::getInstance(SAML_LOGCAT ".Metadata");
for (ptr_vector<MetadataFilter>::const_iterator i = m_filters.begin(); i != m_filters.end(); i++) {
log.info("applying metadata filter (%s)", i->getId());
- i->doFilter(m_filterContext, xmlObject);
+ i->doFilter(ctx, xmlObject);
+ }
+}
+
+void MetadataProvider::doFilters(const MetadataFilterContext* ctx, XMLObject& xmlObject) const
+{
+ if (m_filterContext) {
+ Category& log = Category::getInstance(SAML_LOGCAT ".Metadata");
+ log.crit("Internal error: calling MetadataProvider::doFilters with a static and dynamic context");
+ throw;
}
+ doFiltersInternal(ctx, xmlObject);
+}
+
+void MetadataProvider::doFilters(XMLObject& xmlObject) const
+{
+ doFiltersInternal(m_filterContext, xmlObject);
}
+
void MetadataProvider::outputStatus(ostream& os) const
{
}
@@ -252,3 +268,16 @@ MetadataFilterContext::MetadataFilterContext()
MetadataFilterContext::~MetadataFilterContext()
{
}
+
+BatchLoadMetadataFilterContext::BatchLoadMetadataFilterContext(bool isBackingFile) : MetadataFilterContext(), m_isBackingFile(isBackingFile)
+{
+}
+
+bool BatchLoadMetadataFilterContext::isBackingFile() const
+{
+ return m_isBackingFile;
+}
+
+BatchLoadMetadataFilterContext::~BatchLoadMetadataFilterContext()
+{
+}
diff --git a/saml/saml2/metadata/impl/SignatureMetadataFilter.cpp b/saml/saml2/metadata/impl/SignatureMetadataFilter.cpp
index e87ba5e..18aad76 100644
--- a/saml/saml2/metadata/impl/SignatureMetadataFilter.cpp
+++ b/saml/saml2/metadata/impl/SignatureMetadataFilter.cpp
@@ -57,13 +57,14 @@ namespace opensaml {
const char* getId() const { return SIGNATURE_METADATA_FILTER; }
void doFilter(XMLObject& xmlObject) const;
+ void doFilter(const MetadataFilterContext* ctx, XMLObject& xmlObject) const;
private:
void doFilter(EntitiesDescriptor& entities, bool rootObject=false) const;
void doFilter(EntityDescriptor& entity, bool rootObject=false) const;
void verifySignature(Signature* sig, const XMLCh* peerName) const;
- bool m_verifyRoles,m_verifyName;
+ bool m_verifyRoles,m_verifyName,m_skipOnBackupLoad;
auto_ptr<CredentialResolver> m_credResolver,m_dummyResolver;
auto_ptr<SignatureTrustEngine> m_trust;
SignatureProfileValidator m_profileValidator;
@@ -84,12 +85,14 @@ static const XMLCh type[] = UNICODE_LITERAL_4(t,y,p,e);
static const XMLCh certificate[] = UNICODE_LITERAL_11(c,e,r,t,i,f,i,c,a,t,e);
static const XMLCh Certificate[] = UNICODE_LITERAL_11(C,e,r,t,i,f,i,c,a,t,e);
static const XMLCh Path[] = UNICODE_LITERAL_4(P,a,t,h);
+static const XMLCh skipFromBackup[] = UNICODE_LITERAL_14(s,k,i,p,F,r,o,m,B,a,c,k,u,p);
static const XMLCh verifyRoles[] = UNICODE_LITERAL_11(v,e,r,i,f,y,R,o,l,e,s);
static const XMLCh verifyName[] = UNICODE_LITERAL_10(v,e,r,i,f,y,N,a,m,e);
SignatureMetadataFilter::SignatureMetadataFilter(const DOMElement* e)
: m_verifyRoles(XMLHelper::getAttrBool(e, false, verifyRoles)),
m_verifyName(XMLHelper::getAttrBool(e, true, verifyName)),
+ m_skipOnBackupLoad(XMLHelper::getAttrBool(e, true, skipFromBackup)),
m_log(Category::getInstance(SAML_LOGCAT ".MetadataFilter.Signature"))
{
if (e && e->hasAttributeNS(nullptr,certificate)) {
@@ -128,6 +131,17 @@ SignatureMetadataFilter::SignatureMetadataFilter(const DOMElement* e)
throw MetadataFilterException("SignatureMetadataFilter configuration requires <CredentialResolver> or <TrustEngine> element.");
}
+void SignatureMetadataFilter::doFilter(const MetadataFilterContext* ctx, XMLObject& xmlObject) const
+{
+ const BatchLoadMetadataFilterContext* bCtx = dynamic_cast<const BatchLoadMetadataFilterContext*>(ctx);
+ if (m_skipOnBackupLoad && bCtx && bCtx->isBackingFile()) {
+ m_log.debug("Skipping SignatureMetadataFilter on load from backup");
+ }
+ else {
+ doFilter(xmlObject);
+ }
+}
+
void SignatureMetadataFilter::doFilter(XMLObject& xmlObject) const
{
#ifdef _DEBUG
diff --git a/saml/saml2/metadata/impl/XMLMetadataProvider.cpp b/saml/saml2/metadata/impl/XMLMetadataProvider.cpp
index 65da041..460dcc8 100644
--- a/saml/saml2/metadata/impl/XMLMetadataProvider.cpp
+++ b/saml/saml2/metadata/impl/XMLMetadataProvider.cpp
@@ -240,7 +240,8 @@ pair<bool,DOMElement*> XMLMetadataProvider::load(bool backup)
}
try {
- doFilters(*xmlObject);
+ BatchLoadMetadataFilterContext ctx(backup);
+ doFilters(&ctx , *xmlObject);
}
catch (std::exception&) {
if (!backupKey.empty())
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-shibboleth/opensaml2.git
More information about the Pkg-shibboleth-devel
mailing list