2 * The Shibboleth License, Version 1.
4 * University Corporation for Advanced Internet Development, Inc.
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions are met:
11 * Redistributions of source code must retain the above copyright notice, this
12 * list of conditions and the following disclaimer.
14 * Redistributions in binary form must reproduce the above copyright notice,
15 * this list of conditions and the following disclaimer in the documentation
16 * and/or other materials provided with the distribution, if any, must include
17 * the following acknowledgment: "This product includes software developed by
18 * the University Corporation for Advanced Internet Development
19 * <http://www.ucaid.edu>Internet2 Project. Alternately, this acknowledegement
20 * may appear in the software itself, if and wherever such third-party
21 * acknowledgments normally appear.
23 * Neither the name of Shibboleth nor the names of its contributors, nor
24 * Internet2, nor the University Corporation for Advanced Internet Development,
25 * Inc., nor UCAID may be used to endorse or promote products derived from this
26 * software without specific prior written permission. For written permission,
27 * please contact shibboleth@shibboleth.org
29 * Products derived from this software may not be called Shibboleth, Internet2,
30 * UCAID, or the University Corporation for Advanced Internet Development, nor
31 * may Shibboleth appear in their name, without prior written permission of the
32 * University Corporation for Advanced Internet Development.
35 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
36 * AND WITH ALL FAULTS. ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
37 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A
38 * PARTICULAR PURPOSE, AND NON-INFRINGEMENT ARE DISCLAIMED AND THE ENTIRE RISK
39 * OF SATISFACTORY QUALITY, PERFORMANCE, ACCURACY, AND EFFORT IS WITH LICENSEE.
40 * IN NO EVENT SHALL THE COPYRIGHT OWNER, CONTRIBUTORS OR THE UNIVERSITY
41 * CORPORATION FOR ADVANCED INTERNET DEVELOPMENT, INC. BE LIABLE FOR ANY DIRECT,
42 * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
43 * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
44 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
45 * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
46 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
47 * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
51 /* ShibConfig.cpp - Shibboleth runtime configuration
62 #define SHIB_INSTANTIATE
65 #include <log4cpp/Category.hh>
68 using namespace shibboleth;
70 SAML_EXCEPTION_FACTORY(UnsupportedProtocolException);
71 SAML_EXCEPTION_FACTORY(OriginSiteMapperException);
74 ShibInternalConfig g_config;
77 ShibConfig::~ShibConfig() {}
79 bool ShibInternalConfig::init()
81 saml::NDC ndc("init");
83 REGISTER_EXCEPTION_FACTORY(edu.internet2.middleware.shibboleth.common,UnsupportedProtocolException);
84 REGISTER_EXCEPTION_FACTORY(edu.internet2.middleware.shibboleth.common,OriginSiteMapperException);
86 // Register extension schema.
87 saml::XML::registerSchema(XML::SHIB_NS,XML::SHIB_SCHEMA_ID);
89 m_lock=RWLock::create();
90 m_shutdown_wait = CondWait::create();
91 if (!m_lock || !m_shutdown_wait)
93 log4cpp::Category::getInstance(SHIB_LOGCAT".ShibConfig").fatal("init: failed to create mapper locks");
95 delete m_shutdown_wait;
101 m_mapper=new XMLOriginSiteMapper(mapperURL.c_str(),SAMLConfig::getConfig().ssl_calist.c_str(),mapperCert);
103 catch(SAMLException& e)
105 log4cpp::Category::getInstance(SHIB_LOGCAT".ShibConfig").fatal("init: failed to initialize origin site mapper: %s", e.what());
107 delete m_shutdown_wait;
111 m_manager=xmlSecSimpleKeysMngrCreate();
112 const char* roots=m_mapper->getTrustedRoots();
113 if (roots && *roots && xmlSecSimpleKeysMngrLoadPemCert(m_manager,roots,true) < 0)
115 log4cpp::Category::getInstance(SHIB_LOGCAT".ShibConfig").fatal("init: failed to load CAs into simple key manager");
116 xmlSecSimpleKeysMngrDestroy(m_manager);
119 delete m_shutdown_wait;
122 SAMLConfig::getConfig().xmlsig_ptr=m_manager;
123 if (mapperRefreshInterval)
124 m_refresh_thread = Thread::create(&refresh_fn, (void*)this);
129 void ShibInternalConfig::term()
131 // Shut down the refresh thread and let it know...
132 if (m_refresh_thread)
135 m_shutdown_wait->signal();
136 m_refresh_thread->join(NULL);
141 xmlSecSimpleKeysMngrDestroy(m_manager);
144 delete m_shutdown_wait;
147 IOriginSiteMapper* ShibInternalConfig::getMapper()
153 void ShibInternalConfig::releaseMapper(IOriginSiteMapper* mapper)
158 ShibConfig& ShibConfig::getConfig()
163 void* ShibInternalConfig::refresh_fn(void* config_p)
165 ShibInternalConfig* config = reinterpret_cast<ShibInternalConfig*>(config_p);
167 // First, let's block all signals
169 sigfillset(&sigmask);
170 Thread::mask_signals(SIG_BLOCK, &sigmask, NULL);
172 // Now run the refresh process.
176 void ShibInternalConfig::refresh()
178 Mutex* mutex = Mutex::create();
179 saml::NDC ndc("refresh");
180 log4cpp::Category& log=log4cpp::Category::getInstance(SHIB_LOGCAT".ShibConfig");
184 log.debug("XMLMapper refresh thread started...");
189 memset (&ts, 0, sizeof(ts));
190 ts.tv_sec = time(NULL) + mapperRefreshInterval;
192 m_shutdown_wait->timedwait(mutex, &ts);
197 log.info("Refresh thread running...");
199 // To refresh the mapper, we basically build a new one in the background and if it works,
200 // we grab the write lock and replace the official pointer with the new one.
203 IOriginSiteMapper* new_mapper=new XMLOriginSiteMapper(mapperURL.c_str(),SAMLConfig::getConfig().ssl_calist.c_str(),mapperCert);
209 catch(SAMLException& e)
211 log.error("failed to build a refreshed origin site mapper, sticking with what we have: %s", e.what());
215 log.error("caught an unknown exception, sticking with what we have");