2 * The Shibboleth License, Version 1.
4 * University Corporation for Advanced Internet Development, Inc.
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions are met:
11 * Redistributions of source code must retain the above copyright notice, this
12 * list of conditions and the following disclaimer.
14 * Redistributions in binary form must reproduce the above copyright notice,
15 * this list of conditions and the following disclaimer in the documentation
16 * and/or other materials provided with the distribution, if any, must include
17 * the following acknowledgment: "This product includes software developed by
18 * the University Corporation for Advanced Internet Development
19 * <http://www.ucaid.edu>Internet2 Project. Alternately, this acknowledegement
20 * may appear in the software itself, if and wherever such third-party
21 * acknowledgments normally appear.
23 * Neither the name of Shibboleth nor the names of its contributors, nor
24 * Internet2, nor the University Corporation for Advanced Internet Development,
25 * Inc., nor UCAID may be used to endorse or promote products derived from this
26 * software without specific prior written permission. For written permission,
27 * please contact shibboleth@shibboleth.org
29 * Products derived from this software may not be called Shibboleth, Internet2,
30 * UCAID, or the University Corporation for Advanced Internet Development, nor
31 * may Shibboleth appear in their name, without prior written permission of the
32 * University Corporation for Advanced Internet Development.
35 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
36 * AND WITH ALL FAULTS. ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
37 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A
38 * PARTICULAR PURPOSE, AND NON-INFRINGEMENT ARE DISCLAIMED AND THE ENTIRE RISK
39 * OF SATISFACTORY QUALITY, PERFORMANCE, ACCURACY, AND EFFORT IS WITH LICENSEE.
40 * IN NO EVENT SHALL THE COPYRIGHT OWNER, CONTRIBUTORS OR THE UNIVERSITY
41 * CORPORATION FOR ADVANCED INTERNET DEVELOPMENT, INC. BE LIABLE FOR ANY DIRECT,
42 * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
43 * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
44 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
45 * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
46 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
47 * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
51 /* ShibConfig.cpp - Shibboleth runtime configuration
62 #define SHIB_INSTANTIATE
65 #include <log4cpp/Category.hh>
68 using namespace shibboleth;
70 SAML_EXCEPTION_FACTORY(UnsupportedProtocolException);
71 SAML_EXCEPTION_FACTORY(OriginSiteMapperException);
73 extern "C" SAMLAttribute* ScopedFactory(DOMElement* e)
75 return new ScopedAttribute(e);
78 extern "C" SAMLAttribute* SimpleFactory(DOMElement* e)
80 return new SimpleAttribute(e);
84 ShibInternalConfig g_config;
87 ShibConfig::~ShibConfig() {}
89 bool ShibInternalConfig::init()
91 saml::NDC ndc("init");
93 REGISTER_EXCEPTION_FACTORY(edu.internet2.middleware.shibboleth.common,UnsupportedProtocolException);
94 REGISTER_EXCEPTION_FACTORY(edu.internet2.middleware.shibboleth.common,OriginSiteMapperException);
96 // Register extension schema.
97 saml::XML::registerSchema(XML::SHIB_NS,XML::SHIB_SCHEMA_ID);
103 m_AAP=new AAP(aapURL.c_str());
105 catch(SAMLException& e)
107 log4cpp::Category::getInstance(SHIB_LOGCAT".ShibConfig").fatal("init: failed to initialize AAP: %s", e.what());
112 m_lock=RWLock::create();
113 m_shutdown_wait = CondWait::create();
114 if (!m_lock || !m_shutdown_wait)
116 log4cpp::Category::getInstance(SHIB_LOGCAT".ShibConfig").fatal("init: failed to create mapper locks");
118 delete m_shutdown_wait;
125 m_mapper=new XMLOriginSiteMapper(mapperURL.c_str(),SAMLConfig::getConfig().ssl_calist.c_str(),mapperCert);
127 catch(SAMLException& e)
129 log4cpp::Category::getInstance(SHIB_LOGCAT".ShibConfig").fatal("init: failed to initialize origin site mapper: %s", e.what());
131 delete m_shutdown_wait;
136 m_manager=xmlSecSimpleKeysMngrCreate();
137 const char* roots=m_mapper->getTrustedRoots();
138 if (roots && *roots && xmlSecSimpleKeysMngrLoadPemCert(m_manager,roots,true) < 0)
140 log4cpp::Category::getInstance(SHIB_LOGCAT".ShibConfig").fatal("init: failed to load CAs into simple key manager");
141 xmlSecSimpleKeysMngrDestroy(m_manager);
144 delete m_shutdown_wait;
148 SAMLConfig::getConfig().xmlsig_ptr=m_manager;
149 if (mapperRefreshInterval)
150 m_refresh_thread = Thread::create(&refresh_fn, (void*)this);
155 void ShibInternalConfig::term()
157 // Shut down the refresh thread and let it know...
158 if (m_refresh_thread)
161 m_shutdown_wait->signal();
162 m_refresh_thread->join(NULL);
167 xmlSecSimpleKeysMngrDestroy(m_manager);
170 delete m_shutdown_wait;
174 IOriginSiteMapper* ShibInternalConfig::getMapper()
180 void ShibInternalConfig::releaseMapper(IOriginSiteMapper* mapper)
185 ShibConfig& ShibConfig::getConfig()
190 void* ShibInternalConfig::refresh_fn(void* config_p)
192 ShibInternalConfig* config = reinterpret_cast<ShibInternalConfig*>(config_p);
194 // First, let's block all signals
196 sigfillset(&sigmask);
197 Thread::mask_signals(SIG_BLOCK, &sigmask, NULL);
199 // Now run the refresh process.
203 void ShibInternalConfig::refresh()
205 Mutex* mutex = Mutex::create();
206 saml::NDC ndc("refresh");
207 log4cpp::Category& log=log4cpp::Category::getInstance(SHIB_LOGCAT".ShibConfig");
211 log.debug("XMLMapper refresh thread started...");
216 memset (&ts, 0, sizeof(ts));
217 ts.tv_sec = time(NULL) + mapperRefreshInterval;
219 m_shutdown_wait->timedwait(mutex, &ts);
224 log.info("Refresh thread running...");
226 // To refresh the mapper, we basically build a new one in the background and if it works,
227 // we grab the write lock and replace the official pointer with the new one.
230 IOriginSiteMapper* new_mapper=new XMLOriginSiteMapper(mapperURL.c_str(),SAMLConfig::getConfig().ssl_calist.c_str(),mapperCert);
236 catch(SAMLException& e)
238 log.error("failed to build a refreshed origin site mapper, sticking with what we have: %s", e.what());
242 log.error("caught an unknown exception, sticking with what we have");