[shibboleth-sp2] 09/23: SSPCPP-756 Add 'MDQ' type to dynamic metadata provider

Ferenc Wágner wferi at moszumanska.debian.org
Wed Feb 21 10:57:07 UTC 2018 

This is an automated email from the git hooks/post-receive script.

wferi pushed a commit to branch master
in repository shibboleth-sp2.

commit ecc5f26f788df664a47c6f03739fd88c766469b8
Author: Rod Widdowson <rdw at steadingsoftware.com>
Date:   Tue Nov 28 17:29:17 2017 +0000

    SSPCPP-756 Add 'MDQ' type to dynamic metadata provider
    
    https://issues.shibboleth.net/jira/browse/SSPCPP-756
---
 shibsp/metadata/DynamicMetadataProvider.cpp     | 24 +++++++++++++++++++++++-
 shibsp/metadata/MetadataExtSchemaValidators.cpp |  1 +
 2 files changed, 24 insertions(+), 1 deletion(-)

diff --git a/shibsp/metadata/DynamicMetadataProvider.cpp b/shibsp/metadata/DynamicMetadataProvider.cpp
index d21a4cb..ba2ef56 100644
--- a/shibsp/metadata/DynamicMetadataProvider.cpp
+++ b/shibsp/metadata/DynamicMetadataProvider.cpp
@@ -84,6 +84,8 @@ namespace shibsp {
 
     private:
         bool m_verifyHost, m_ignoreTransport, m_encoded, m_backgroundInit;
+        const bool m_isMDQ;
+        static bool s_artifactWarned;
         string m_subst, m_match, m_regex, m_hashed, m_cacheDir;
         boost::scoped_ptr<X509TrustEngine> m_trust;
         boost::scoped_ptr<CredentialResolver> m_dummyCR;
@@ -110,15 +112,18 @@ namespace shibsp {
     static const XMLCh verifyHost[] =       UNICODE_LITERAL_10(v,e,r,i,f,y,H,o,s,t);
     static const XMLCh cacheDirectory[] =   UNICODE_LITERAL_14(c,a,c,h,e,D,i,r,e,c,t,o,r,y);
     static const XMLCh backgroundInit[] =   UNICODE_LITERAL_20(b,a,c,k,g,r,o,u,n,d,I,n,i,t,i,a,l,i,z,e);
+    static const XMLCh baseUrl[] =          UNICODE_LITERAL_7(b,a,s,e,U,r,l);
 };
 
+bool DynamicMetadataProvider::s_artifactWarned(false);
+
 DynamicMetadataProvider::DynamicMetadataProvider(const DOMElement* e)
     : MetadataProvider(e), AbstractDynamicMetadataProvider(true, e),
         m_verifyHost(XMLHelper::getAttrBool(e, true, verifyHost)),
         m_log( Category::getInstance(SHIBSP_LOGCAT ".MetadataProvider.Dynamic")),
         m_cacheDir(XMLHelper::getAttrString(e, "", cacheDirectory)),
         m_ignoreTransport(XMLHelper::getAttrBool(e, false, ignoreTransport)),
-        m_encoded(true), m_trust(nullptr), m_init_thread(nullptr)
+        m_encoded(true), m_trust(nullptr), m_init_thread(nullptr), m_isMDQ(XMLHelper::getAttrString(e, "Dyanamic", _type) == "MDQ")
 {
     const DOMElement* child = XMLHelper::getFirstChildElement(e, Subst);
     if (child && child->hasChildNodes()) {
@@ -131,6 +136,8 @@ DynamicMetadataProvider::DynamicMetadataProvider(const DOMElement* e)
                 XMLString::startsWithI(m_subst.c_str(), "file://")) {
                 throw ConfigurationException("DynamicMetadataProvider: <Subst> cannot be a file:// URL");
             }
+            if (m_isMDQ)
+                throw ConfigurationException("DynamicMetadataProvider: <Subst> is incompatible with type=\"MDQ\"");
         }
     }
 
@@ -145,10 +152,20 @@ DynamicMetadataProvider::DynamicMetadataProvider(const DOMElement* e)
                     XMLString::startsWithI(m_regex.c_str(), "file://")) {
                     throw ConfigurationException("DynamicMetadataProvider: <Regex> cannot be a file:// URL");
                 }
+                if (m_isMDQ)
+                    throw ConfigurationException("DynamicMetadataProvider: <Regex> is incompatible with type=\"MDQ\"");
             }
         }
     }
 
+    if (m_isMDQ) {
+        string theBaseUrl(XMLHelper::getAttrString(e, nullptr, baseUrl));
+        if (theBaseUrl.empty())
+            throw ConfigurationException("DynamicMetadataProvider: type=\"MDQ\" must also contain baseUrl=\"whatever\"");
+        m_subst = theBaseUrl + (boost::algorithm::ends_with(theBaseUrl, "/") ? "entities/$entityID" : "/entities/$entityID");
+        m_hashed = "";
+    }
+
     if (!m_ignoreTransport) {
         child = XMLHelper::getFirstChildElement(e, _TrustEngine);
         string t = XMLHelper::getAttrString(child, nullptr, _type);
@@ -357,6 +374,11 @@ EntityDescriptor* DynamicMetadataProvider::resolve(const MetadataProvider::Crite
 
         EntityDescriptor* entity = entityFromStream(msg);
 
+        if (nullptr != entity && !m_isMDQ && criteria.artifact && !s_artifactWarned) {
+            m_log.warn("Successful resolution of an artifact by a non-MDQ dynamic server is not guaranteed to work");
+            s_artifactWarned = true;
+        }
+
         return entity;
     }
     catch (XMLException& e) {
diff --git a/shibsp/metadata/MetadataExtSchemaValidators.cpp b/shibsp/metadata/MetadataExtSchemaValidators.cpp
index e7d2100..0879705 100644
--- a/shibsp/metadata/MetadataExtSchemaValidators.cpp
+++ b/shibsp/metadata/MetadataExtSchemaValidators.cpp
@@ -61,4 +61,5 @@ void shibsp::registerMetadataExtClasses() {
     REGISTER_ELEMENT(KeyAuthority);
 
     opensaml::SAMLConfig::getConfig().MetadataProviderManager.registerFactory(DYNAMIC_METADATA_PROVIDER, DynamicMetadataProviderFactory);
+    opensaml::SAMLConfig::getConfig().MetadataProviderManager.registerFactory(MDQ_METADATA_PROVIDER, DynamicMetadataProviderFactory);
 }

-- 
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-shibboleth/shibboleth-sp2.git

More information about the Pkg-shibboleth-devel mailing list