3 * Copyright 2001-2007 Internet2
5 * Licensed under the Apache License, Version 2.0 (the "License");
6 * you may not use this file except in compliance with the License.
7 * You may obtain a copy of the License at
9 * http://www.apache.org/licenses/LICENSE-2.0
11 * Unless required by applicable law or agreed to in writing, software
12 * distributed under the License is distributed on an "AS IS" BASIS,
13 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14 * See the License for the specific language governing permissions and
15 * limitations under the License.
21 * Library configuration
25 #include "exceptions.h"
26 #include "SAMLConfig.h"
27 #include "binding/ArtifactMap.h"
28 #include "binding/MessageDecoder.h"
29 #include "binding/MessageEncoder.h"
30 #include "binding/SAMLArtifact.h"
31 #include "binding/SecurityPolicyRule.h"
32 #include "saml1/core/Assertions.h"
33 #include "saml1/core/Protocols.h"
34 #include "saml2/core/Protocols.h"
35 #include "saml2/metadata/Metadata.h"
36 #include "saml2/metadata/MetadataFilter.h"
37 #include "saml2/metadata/MetadataProvider.h"
38 #include "util/SAMLConstants.h"
40 #include <xmltooling/XMLToolingConfig.h>
41 #include <xmltooling/signature/Signature.h>
42 #include <xmltooling/util/NDC.h>
44 #include <log4cpp/Category.hh>
45 #include <xsec/enc/XSECCryptoException.hpp>
46 #include <xsec/enc/XSECCryptoProvider.hpp>
47 #include <xsec/utils/XSECPlatformUtils.hpp>
48 #include <openssl/err.h>
50 using namespace opensaml;
51 using namespace xmlsignature;
52 using namespace xmltooling;
53 using namespace log4cpp;
56 // Expose entry points when used as an extension library
58 extern "C" int SAML_API xmltooling_extension_init(void*)
60 if (SAMLConfig::getConfig().init(false))
65 extern "C" void SAML_API xmltooling_extension_term()
67 SAMLConfig::getConfig().term(false);
70 DECL_XMLTOOLING_EXCEPTION_FACTORY(ArtifactException,opensaml);
71 DECL_XMLTOOLING_EXCEPTION_FACTORY(MetadataException,opensaml::saml2md);
72 DECL_XMLTOOLING_EXCEPTION_FACTORY(MetadataFilterException,opensaml::saml2md);
73 DECL_XMLTOOLING_EXCEPTION_FACTORY(BindingException,opensaml);
74 DECL_XMLTOOLING_EXCEPTION_FACTORY(ProfileException,opensaml);
75 DECL_XMLTOOLING_EXCEPTION_FACTORY(FatalProfileException,opensaml);
76 DECL_XMLTOOLING_EXCEPTION_FACTORY(RetryableProfileException,opensaml);
79 SAMLInternalConfig g_config;
82 SAMLConfig& SAMLConfig::getConfig()
87 SAMLInternalConfig& SAMLInternalConfig::getInternalConfig()
92 void SAMLConfig::setArtifactMap(ArtifactMap* artifactMap)
95 m_artifactMap = artifactMap;
98 bool SAMLInternalConfig::init(bool initXMLTooling)
101 xmltooling::NDC ndc("init");
103 Category& log=Category::getInstance(SAML_LOGCAT".SAMLConfig");
104 log.debug("library initialization started");
106 if (initXMLTooling) {
107 XMLToolingConfig::getConfig().init();
108 log.debug("XMLTooling library initialized");
111 REGISTER_XMLTOOLING_EXCEPTION_FACTORY(ArtifactException,opensaml);
112 REGISTER_XMLTOOLING_EXCEPTION_FACTORY(MetadataException,opensaml::saml2md);
113 REGISTER_XMLTOOLING_EXCEPTION_FACTORY(MetadataFilterException,opensaml::saml2md);
114 REGISTER_XMLTOOLING_EXCEPTION_FACTORY(BindingException,opensaml);
115 REGISTER_XMLTOOLING_EXCEPTION_FACTORY(ProfileException,opensaml);
116 REGISTER_XMLTOOLING_EXCEPTION_FACTORY(FatalProfileException,opensaml);
117 REGISTER_XMLTOOLING_EXCEPTION_FACTORY(RetryableProfileException,opensaml);
119 saml1::registerAssertionClasses();
120 saml1p::registerProtocolClasses();
121 saml2::registerAssertionClasses();
122 saml2p::registerProtocolClasses();
123 saml2md::registerMetadataClasses();
124 saml2md::registerMetadataProviders();
125 saml2md::registerMetadataFilters();
126 registerSAMLArtifacts();
127 registerMessageEncoders();
128 registerMessageDecoders();
129 registerSecurityPolicyRules();
131 log.info("library initialization complete");
135 void SAMLInternalConfig::term(bool termXMLTooling)
138 xmltooling::NDC ndc("term");
140 Category& log=Category::getInstance(SAML_LOGCAT".SAMLConfig");
142 MessageDecoderManager.deregisterFactories();
143 MessageEncoderManager.deregisterFactories();
144 SecurityPolicyRuleManager.deregisterFactories();
145 SAMLArtifactManager.deregisterFactories();
146 MetadataFilterManager.deregisterFactories();
147 MetadataProviderManager.deregisterFactories();
149 delete m_artifactMap;
150 m_artifactMap = NULL;
152 if (termXMLTooling) {
153 XMLToolingConfig::getConfig().term();
154 log.debug("XMLTooling library shut down");
156 log.info("library shutdown complete");
159 void SAMLInternalConfig::generateRandomBytes(void* buf, unsigned int len)
162 if (XSECPlatformUtils::g_cryptoProvider->getRandom(reinterpret_cast<unsigned char*>(buf),len)<len)
163 throw XMLSecurityException("Unable to generate random data; was PRNG seeded?");
165 catch (XSECCryptoException& e) {
166 throw XMLSecurityException("Unable to generate random data: $1",params(1,e.getMsg()));
170 void SAMLInternalConfig::generateRandomBytes(std::string& buf, unsigned int len)
173 auto_ptr<unsigned char> hold(new unsigned char[len]);
174 generateRandomBytes(hold.get(),len);
175 for (unsigned int i=0; i<len; i++)
176 buf+=(hold.get())[i];
179 XMLCh* SAMLInternalConfig::generateIdentifier()
181 unsigned char key[17];
182 generateRandomBytes(key,16);
185 sprintf(hexform,"_%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x",
186 key[0],key[1],key[2],key[3],key[4],key[5],key[6],key[7],
187 key[8],key[9],key[10],key[11],key[12],key[13],key[14],key[15]);
189 return XMLString::transcode(hexform);
192 string SAMLInternalConfig::hashSHA1(const char* s, bool toHex)
194 static char DIGITS[] = {'0', '1', '2', '3', '4', '5', '6', '7', '8', '9', 'a', 'b', 'c', 'd', 'e', 'f'};
196 auto_ptr<XSECCryptoHash> hasher(XSECPlatformUtils::g_cryptoProvider->hashSHA1());
198 unsigned char buf[21];
199 hasher->hash(reinterpret_cast<unsigned char*>(const_cast<char*>(s)),strlen(s));
200 if (hasher->finish(buf,20)==20) {
203 for (unsigned int i=0; i<20; i++) {
204 ret+=(DIGITS[((unsigned char)(0xF0 & buf[i])) >> 4 ]);
205 ret+=(DIGITS[0x0F & buf[i]]);
209 for (unsigned int i=0; i<20; i++) {
216 throw XMLSecurityException("Unable to generate SHA-1 hash.");
219 void opensaml::log_openssl()
225 unsigned long code=ERR_get_error_line_data(&file,&line,&data,&flags);
227 Category& log=Category::getInstance("OpenSSL");
228 log.errorStream() << "error code: " << code << " in " << file << ", line " << line << CategoryStream::ENDLINE;
229 if (data && (flags & ERR_TXT_STRING))
230 log.errorStream() << "error data: " << data << CategoryStream::ENDLINE;
231 code=ERR_get_error_line_data(&file,&line,&data,&flags);
235 using namespace saml2md;
237 void opensaml::annotateException(XMLToolingException* e, const EntityDescriptor* entity, bool rethrow)
240 auto_ptr_char id(entity->getEntityID());
241 e->addProperty("entityID",id.get());
242 const list<XMLObject*>& roles=entity->getOrderedChildren();
243 for (list<XMLObject*>::const_iterator child=roles.begin(); child!=roles.end(); ++child) {
244 const RoleDescriptor* role=dynamic_cast<RoleDescriptor*>(*child);
245 if (role && role->isValid()) {
246 const vector<ContactPerson*>& contacts=role->getContactPersons();
247 for (vector<ContactPerson*>::const_iterator c=contacts.begin(); c!=contacts.end(); ++c) {
248 const XMLCh* ctype=(*c)->getContactType();
249 if (ctype && (XMLString::equals(ctype,ContactPerson::CONTACT_SUPPORT)
250 || XMLString::equals(ctype,ContactPerson::CONTACT_TECHNICAL))) {
251 GivenName* fname=(*c)->getGivenName();
252 SurName* lname=(*c)->getSurName();
253 auto_ptr_char first(fname ? fname->getName() : NULL);
254 auto_ptr_char last(lname ? lname->getName() : NULL);
255 if (first.get() && last.get()) {
256 string contact=string(first.get()) + ' ' + last.get();
257 e->addProperty("contactName",contact.c_str());
259 else if (first.get())
260 e->addProperty("contactName",first.get());
262 e->addProperty("contactName",last.get());
263 const vector<EmailAddress*>& emails=const_cast<const ContactPerson*>(*c)->getEmailAddresss();
264 if (!emails.empty()) {
265 auto_ptr_char email(emails.front()->getAddress());
267 e->addProperty("contactEmail",email.get());
272 if (e->getProperty("contactName") || e->getProperty("contactEmail")) {
273 auto_ptr_char eurl(role->getErrorURL());
275 e->addProperty("errorURL",eurl.get());
287 void opensaml::annotateException(XMLToolingException* e, const RoleDescriptor* role, bool rethrow)
290 auto_ptr_char id(dynamic_cast<EntityDescriptor*>(role->getParent())->getEntityID());
291 e->addProperty("entityID",id.get());
293 const vector<ContactPerson*>& contacts=role->getContactPersons();
294 for (vector<ContactPerson*>::const_iterator c=contacts.begin(); c!=contacts.end(); ++c) {
295 const XMLCh* ctype=(*c)->getContactType();
296 if (ctype && (XMLString::equals(ctype,ContactPerson::CONTACT_SUPPORT)
297 || XMLString::equals(ctype,ContactPerson::CONTACT_TECHNICAL))) {
298 GivenName* fname=(*c)->getGivenName();
299 SurName* lname=(*c)->getSurName();
300 auto_ptr_char first(fname ? fname->getName() : NULL);
301 auto_ptr_char last(lname ? lname->getName() : NULL);
302 if (first.get() && last.get()) {
303 string contact=string(first.get()) + ' ' + last.get();
304 e->addProperty("contactName",contact.c_str());
306 else if (first.get())
307 e->addProperty("contactName",first.get());
309 e->addProperty("contactName",last.get());
310 const vector<EmailAddress*>& emails=const_cast<const ContactPerson*>(*c)->getEmailAddresss();
311 if (!emails.empty()) {
312 auto_ptr_char email(emails.front()->getAddress());
314 e->addProperty("contactEmail",email.get());
320 auto_ptr_char eurl(role->getErrorURL());
322 e->addProperty("errorURL",eurl.get());