1 /**
2  * Licensed to the University Corporation for Advanced Internet
3  * Development, Inc. (UCAID) under one or more contributor license
4  * agreements. See the NOTICE file distributed with this work for
5  * additional information regarding copyright ownership.
6  *
7  * UCAID licenses this file to you under the Apache License,
8  * Version 2.0 (the "License"); you may not use this file except
9  * in compliance with the License. You may obtain a copy of the
10  * License at
11  *
12  * http://www.apache.org/licenses/LICENSE-2.0
13  *
14  * Unless required by applicable law or agreed to in writing,
15  * software distributed under the License is distributed on an
17  * either express or implied. See the License for the specific
18  * language governing permissions and limitations under the License.
19  */
21 /**
22  * NameIDAttribute.cpp
23  *
24  * An Attribute whose values are derived from or mappable to a SAML NameID.
25  */
27 #include "internal.h"
28 #include "ServiceProvider.h"
29 #include "attribute/NameIDAttribute.h"
30 #include "remoting/ListenerService.h"
32 #include <boost/algorithm/string/trim.hpp>
33 #include <xmltooling/exceptions.h>
34 #include <xmltooling/security/SecurityHelper.h>
36 using namespace shibsp;
37 using namespace xmltooling::logging;
38 using namespace xmltooling;
39 using namespace std;
41 namespace shibsp {
NameIDAttributeFactory(DDF & in)42     SHIBSP_DLLLOCAL Attribute* NameIDAttributeFactory(DDF& in) {
43         return new NameIDAttribute(in);
44     }
45 };
NameIDAttribute(const vector<string> & ids,const char * formatter,const char * hashAlg)47 NameIDAttribute::NameIDAttribute(const vector<string>& ids, const char* formatter, const char* hashAlg)
48     : Attribute(ids), m_formatter(formatter), m_hashAlg(hashAlg ? hashAlg : "")
49 {
50 }
NameIDAttribute(DDF & in)52 NameIDAttribute::NameIDAttribute(DDF& in) : Attribute(in)
53 {
54     DDF val = in["_formatter"];
55     if (val.isstring() && val.string())
56         m_formatter = val.string();
57     else
58         m_formatter = DEFAULT_NAMEID_FORMATTER;
59     val = in["_hashalg"];
60     if (val.isstring() && val.string())
61         m_hashAlg = val.string();
62     const char* pch;
63     val = in.first().first();
64     while (!val.isnull()) {
65         m_values.push_back(Value());
66         Value& v = m_values.back();
67         // There are two serializations supported. The new one is in 2.5.1 and fixes SPPCPP-504.
68         // The original is the first branch and was vulnerable to non-ASCII characters in the value.
69         // Supporting both means at least minimal support for rolling upgrades if a shibd instance is
70         // shared.
71         if (val.name()) {
72             v.m_Name = val.name();
73         }
74         else {
75             pch = val["Name"].string();
76             if (pch)
77                 v.m_Name = pch;
78         }
79         pch = val["Format"].string();
80         if (pch)
81             v.m_Format = pch;
82         pch = val["NameQualifier"].string();
83         if (pch)
84             v.m_NameQualifier = pch;
85         pch = val["SPNameQualifier"].string();
86         if (pch)
87             v.m_SPNameQualifier = pch;
88         pch = val["SPProvidedID"].string();
89         if (pch)
90             v.m_SPProvidedID = pch;
91         val = in.first().next();
92     }
93 }
~NameIDAttribute()95 NameIDAttribute::~NameIDAttribute()
96 {
97 }
getValues()99 vector<NameIDAttribute::Value>& NameIDAttribute::getValues()
100 {
101     return m_values;
102 }
getValues() const104 const vector<NameIDAttribute::Value>& NameIDAttribute::getValues() const
105 {
106     return m_values;
107 }
valueCount() const109 size_t NameIDAttribute::valueCount() const
110 {
111     return m_values.size();
112 }
clearSerializedValues()114 void NameIDAttribute::clearSerializedValues()
115 {
116     m_serialized.clear();
117 }
getString(size_t index) const119 const char* NameIDAttribute::getString(size_t index) const
120 {
121     return m_values[index].m_Name.c_str();
122 }
getScope(size_t index) const124 const char* NameIDAttribute::getScope(size_t index) const
125 {
126     return m_values[index].m_NameQualifier.c_str();
127 }
removeValue(size_t index)129 void NameIDAttribute::removeValue(size_t index)
130 {
131     Attribute::removeValue(index);
132     if (index < m_values.size())
133         m_values.erase(m_values.begin() + index);
134 }
getSerializedValues() const136 const vector<string>& NameIDAttribute::getSerializedValues() const
137 {
138     if (m_serialized.empty()) {
139         for (vector<Value>::const_iterator i = m_values.begin(); i != m_values.end(); ++i) {
140             // This is kind of a hack, but it's a good way to reuse some code.
141             XMLToolingException e(
142                 m_formatter,
143                 namedparams(
144                     5,
145                     "Name", i->m_Name.c_str(),
146                     "Format", i->m_Format.c_str(),
147                     "NameQualifier", i->m_NameQualifier.c_str(),
148                     "SPNameQualifier", i->m_SPNameQualifier.c_str(),
149                     "SPProvidedID", i->m_SPProvidedID.c_str()
150                     )
151                 );
152             if (m_hashAlg.empty()) {
153                 m_serialized.push_back(e.what());
154                 boost::trim(m_serialized.back());
155             }
156             else {
157                 string trimmed(e.what());
158                 boost::trim(trimmed);
159 #ifndef SHIBSP_LITE
160                 m_serialized.push_back(SecurityHelper::doHash(m_hashAlg.c_str(), trimmed.c_str(), strlen(e.what())));
161 #else
162                 try {
163                     DDF out, in("hash");
164                     DDFJanitor jin(in), jout(out);
165                     in.addmember("alg").string(m_hashAlg.c_str());
166                     in.addmember("data").unsafe_string(trimmed.c_str());
167                     out = SPConfig::getConfig().getServiceProvider()->getListenerService()->send(in);
168                     if (out.isstring() && out.string())
169                         m_serialized.push_back(out.string());
170                 }
171                 catch (exception& ex) {
172                     Category::getInstance(SHIBSP_LOGCAT ".Attribute.NameID").error("exception remoting hash operation: %s", ex.what());
173                 }
174 #endif
175             }
176         }
177     }
178     return Attribute::getSerializedValues();
179 }
marshall() const181 DDF NameIDAttribute::marshall() const
182 {
183     DDF ddf = Attribute::marshall();
184     ddf.name("NameID");
185     ddf.addmember("_formatter").string(m_formatter.c_str());
186     if (!m_hashAlg.empty())
187         ddf.addmember("_hashalg").string(m_hashAlg.c_str());
188     DDF vlist = ddf.first();
189     for (vector<Value>::const_iterator i=m_values.begin(); i!=m_values.end(); ++i) {
190         DDF val = DDF(nullptr).structure();
191         val.addmember("Name").string(i->m_Name.c_str());
192         if (!i->m_Format.empty())
193             val.addmember("Format").string(i->m_Format.c_str());
194         if (!i->m_NameQualifier.empty())
195             val.addmember("NameQualifier").string(i->m_NameQualifier.c_str());
196         if (!i->m_SPNameQualifier.empty())
197             val.addmember("SPNameQualifier").string(i->m_SPNameQualifier.c_str());
198         if (!i->m_SPProvidedID.empty())
199             val.addmember("SPProvidedID").string(i->m_SPProvidedID.c_str());
200         vlist.add(val);
201     }
202     return ddf;
203 }