2 * The Shibboleth License, Version 1.
4 * University Corporation for Advanced Internet Development, Inc.
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions are met:
11 * Redistributions of source code must retain the above copyright notice, this
12 * list of conditions and the following disclaimer.
14 * Redistributions in binary form must reproduce the above copyright notice,
15 * this list of conditions and the following disclaimer in the documentation
16 * and/or other materials provided with the distribution, if any, must include
17 * the following acknowledgment: "This product includes software developed by
18 * the University Corporation for Advanced Internet Development
19 * <http://www.ucaid.edu>Internet2 Project. Alternately, this acknowledegement
20 * may appear in the software itself, if and wherever such third-party
21 * acknowledgments normally appear.
23 * Neither the name of Shibboleth nor the names of its contributors, nor
24 * Internet2, nor the University Corporation for Advanced Internet Development,
25 * Inc., nor UCAID may be used to endorse or promote products derived from this
26 * software without specific prior written permission. For written permission,
27 * please contact shibboleth@shibboleth.org
29 * Products derived from this software may not be called Shibboleth, Internet2,
30 * UCAID, or the University Corporation for Advanced Internet Development, nor
31 * may Shibboleth appear in their name, without prior written permission of the
32 * University Corporation for Advanced Internet Development.
35 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
36 * AND WITH ALL FAULTS. ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
37 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A
38 * PARTICULAR PURPOSE, AND NON-INFRINGEMENT ARE DISCLAIMED AND THE ENTIRE RISK
39 * OF SATISFACTORY QUALITY, PERFORMANCE, ACCURACY, AND EFFORT IS WITH LICENSEE.
40 * IN NO EVENT SHALL THE COPYRIGHT OWNER, CONTRIBUTORS OR THE UNIVERSITY
41 * CORPORATION FOR ADVANCED INTERNET DEVELOPMENT, INC. BE LIABLE FOR ANY DIRECT,
42 * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
43 * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
44 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
45 * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
46 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
47 * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
51 /* shib.h - Shibboleth header file
62 #include <saml/saml.h>
63 #include <shib/shib-threads.h>
64 #include <xsec/xenc/XENCEncryptionMethod.hpp>
68 # define SHIB_EXPORTS __declspec(dllimport)
76 #define DECLARE_SHIB_EXCEPTION(name,base) \
77 class SHIB_EXPORTS name : public saml::base \
80 name(const char* msg) : saml::base(msg) {RTTI(name);} \
81 name(const std::string& msg) : saml::base(msg) {RTTI(name);} \
82 name(const saml::Iterator<saml::QName>& codes, const char* msg) : saml::base(codes,msg) {RTTI(name);} \
83 name(const saml::Iterator<saml::QName>& codes, const std::string& msg) : saml::base(codes, msg) {RTTI(name);} \
84 name(const saml::QName& code, const char* msg) : saml::base(code,msg) {RTTI(name);} \
85 name(const saml::QName& code, const std::string& msg) : saml::base(code, msg) {RTTI(name);} \
86 name(DOMElement* e) : saml::base(e) {RTTI(name);} \
87 name(std::istream& in) : saml::base(in) {RTTI(name);} \
88 virtual ~name() throw () {} \
91 DECLARE_SHIB_EXCEPTION(MetadataException,SAMLException);
92 DECLARE_SHIB_EXCEPTION(CredentialException,SAMLException);
93 DECLARE_SHIB_EXCEPTION(InvalidHandleException,RetryableProfileException);
95 // Metadata abstract interfaces, based on SAML 2.0
97 struct SHIB_EXPORTS IContactPerson
99 enum ContactType { technical, support, administrative, billing, other };
100 virtual ContactType getType() const=0;
101 virtual const char* getCompany() const=0;
102 virtual const char* getGivenName() const=0;
103 virtual const char* getSurName() const=0;
104 virtual saml::Iterator<std::string> getEmailAddresses() const=0;
105 virtual saml::Iterator<std::string> getTelephoneNumbers() const=0;
106 virtual const DOMElement* getElement() const=0;
107 virtual ~IContactPerson() {}
110 struct SHIB_EXPORTS IOrganization
112 virtual const char* getName(const char* lang="en") const=0;
113 virtual const char* getDisplayName(const char* lang="en") const=0;
114 virtual const char* getURL(const char* lang="en") const=0;
115 virtual const DOMElement* getElement() const=0;
116 virtual ~IOrganization() {}
119 struct SHIB_EXPORTS IKeyDescriptor
121 enum KeyUse { unspecified, encryption, signing };
122 virtual KeyUse getUse() const=0;
123 virtual DSIGKeyInfoList* getKeyInfo() const=0;
124 virtual saml::Iterator<const XENCEncryptionMethod*> getEncryptionMethod() const=0;
125 virtual ~IKeyDescriptor() {}
128 struct SHIB_EXPORTS IEndpoint
130 virtual const XMLCh* getBinding() const=0;
131 virtual const XMLCh* getLocation() const=0;
132 virtual const XMLCh* getResponseLocation() const=0;
133 virtual const DOMElement* getElement() const=0;
134 virtual ~IEndpoint() {}
137 struct SHIB_EXPORTS IIndexedEndpoint : public virtual IEndpoint
139 virtual unsigned short getIndex() const=0;
140 virtual ~IIndexedEndpoint() {}
143 struct SHIB_EXPORTS IEndpointManager
145 virtual saml::Iterator<const IEndpoint*> getEndpoints() const=0;
146 virtual const IEndpoint* getDefaultEndpoint() const=0;
147 virtual const IEndpoint* getEndpointByIndex(unsigned short index) const=0;
148 virtual const IEndpoint* getEndpointByBinding(const XMLCh* binding) const=0;
149 virtual ~IEndpointManager() {}
152 struct SHIB_EXPORTS IEntityDescriptor;
153 struct SHIB_EXPORTS IRoleDescriptor
155 virtual const IEntityDescriptor* getEntityDescriptor() const=0;
156 virtual saml::Iterator<const XMLCh*> getProtocolSupportEnumeration() const=0;
157 virtual bool hasSupport(const XMLCh* protocol) const=0;
158 virtual bool isValid() const=0;
159 virtual const char* getErrorURL() const=0;
160 virtual saml::Iterator<const IKeyDescriptor*> getKeyDescriptors() const=0;
161 virtual const IOrganization* getOrganization() const=0;
162 virtual saml::Iterator<const IContactPerson*> getContactPersons() const=0;
163 virtual const DOMElement* getElement() const=0;
164 virtual ~IRoleDescriptor() {}
167 struct SHIB_EXPORTS ISSODescriptor : public virtual IRoleDescriptor
169 virtual const IEndpointManager* getArtifactResolutionServiceManager() const=0;
170 virtual const IEndpointManager* getSingleLogoutServiceManager() const=0;
171 virtual const IEndpointManager* getManageNameIDServiceManager() const=0;
172 virtual saml::Iterator<const XMLCh*> getNameIDFormats() const=0;
173 virtual ~ISSODescriptor() {}
176 struct SHIB_EXPORTS IIDPSSODescriptor : public virtual ISSODescriptor
178 virtual bool getWantAuthnRequestsSigned() const=0;
179 virtual const IEndpointManager* getSingleSignOnServiceManager() const=0;
180 virtual const IEndpointManager* getNameIDMappingServiceManager() const=0;
181 virtual const IEndpointManager* getAssertionIDRequestServiceManager() const=0;
182 virtual saml::Iterator<const XMLCh*> getAttributeProfiles() const=0;
183 virtual saml::Iterator<const saml::SAMLAttribute*> getAttributes() const=0;
184 virtual ~IIDPSSODescriptor() {}
187 struct SHIB_EXPORTS IAttributeConsumingService
189 virtual const XMLCh* getName(const char* lang="en") const=0;
190 virtual const XMLCh* getDescription(const char* lang="en") const=0;
191 virtual saml::Iterator<std::pair<const saml::SAMLAttribute*,bool> > getRequestedAttributes() const=0;
192 virtual ~IAttributeConsumingService() {}
195 struct SHIB_EXPORTS ISPSSODescriptor : public virtual ISSODescriptor
197 virtual bool getAuthnRequestsSigned() const=0;
198 virtual bool getWantAssertionsSigned() const=0;
199 virtual const IEndpointManager* getAssertionConsumerServiceManager() const=0;
200 virtual saml::Iterator<const IAttributeConsumingService*> getAttributeConsumingServices() const=0;
201 virtual const IAttributeConsumingService* getDefaultAttributeConsumingService() const=0;
202 virtual const IAttributeConsumingService* getAttributeConsumingServiceByID(const XMLCh* id) const=0;
203 virtual ~ISPSSODescriptor() {}
206 struct SHIB_EXPORTS IAuthnAuthorityDescriptor : public virtual IRoleDescriptor
208 virtual const IEndpointManager* getAuthnQueryServiceManager() const=0;
209 virtual const IEndpointManager* getAssertionIDRequestServiceManager() const=0;
210 virtual saml::Iterator<const XMLCh*> getNameIDFormats() const=0;
211 virtual ~IAuthnAuthorityDescriptor() {}
214 struct SHIB_EXPORTS IPDPDescriptor : public virtual IRoleDescriptor
216 virtual const IEndpointManager* getAuthzServiceManager() const=0;
217 virtual const IEndpointManager* getAssertionIDRequestServiceManager() const=0;
218 virtual saml::Iterator<const XMLCh*> getNameIDFormats() const=0;
219 virtual ~IPDPDescriptor() {}
222 struct SHIB_EXPORTS IAttributeAuthorityDescriptor : public virtual IRoleDescriptor
224 virtual const IEndpointManager* getAttributeServices() const=0;
225 virtual const IEndpointManager* getAssertionIDRequestServiceManager() const=0;
226 virtual saml::Iterator<const XMLCh*> getNameIDFormats() const=0;
227 virtual saml::Iterator<const XMLCh*> getAttributeProfiles() const=0;
228 virtual saml::Iterator<const saml::SAMLAttribute*> getAttributes() const=0;
229 virtual ~IAttributeAuthorityDescriptor() {}
232 struct SHIB_EXPORTS IAffiliationDescriptor
234 virtual const IEntityDescriptor* getEntityDescriptor() const=0;
235 virtual const XMLCh* getOwnerID() const=0;
236 virtual bool isValid() const=0;
237 virtual saml::Iterator<const XMLCh*> getMembers() const=0;
238 virtual bool isMember(const XMLCh* id) const=0;
239 virtual saml::Iterator<const IKeyDescriptor*> getKeyDescriptors() const=0;
240 virtual const DOMElement* getElement() const=0;
241 virtual ~IAffiliationDescriptor() {}
244 struct SHIB_EXPORTS IEntitiesDescriptor;
245 struct SHIB_EXPORTS IEntityDescriptor
247 virtual const XMLCh* getId() const=0;
248 virtual bool isValid() const=0;
249 virtual saml::Iterator<const IRoleDescriptor*> getRoleDescriptors() const=0;
250 virtual const IIDPSSODescriptor* getIDPSSODescriptor(const XMLCh* protocol) const=0;
251 virtual const ISPSSODescriptor* getSPSSODescriptor(const XMLCh* protocol) const=0;
252 virtual const IAuthnAuthorityDescriptor* getAuthnAuthorityDescriptor(const XMLCh* protocol) const=0;
253 virtual const IAttributeAuthorityDescriptor* getAttributeAuthorityDescriptor(const XMLCh* protocol) const=0;
254 virtual const IPDPDescriptor* getPDPDescriptor(const XMLCh* protocol) const=0;
255 virtual const IAffiliationDescriptor* getAffiliationDescriptor() const=0;
256 virtual const IOrganization* getOrganization() const=0;
257 virtual saml::Iterator<const IContactPerson*> getContactPersons() const=0;
258 virtual saml::Iterator<std::pair<const XMLCh*,const XMLCh*> > getAdditionalMetadataLocations() const=0;
259 virtual const IEntitiesDescriptor* getEntitiesDescriptor() const=0;
260 virtual const DOMElement* getElement() const=0;
261 virtual ~IEntityDescriptor() {}
264 struct SHIB_EXPORTS IEntitiesDescriptor
266 virtual const XMLCh* getName() const=0;
267 virtual bool isValid() const=0;
268 virtual const IEntitiesDescriptor* getEntitiesDescriptor() const=0;
269 virtual saml::Iterator<const IEntitiesDescriptor*> getEntitiesDescriptors() const=0;
270 virtual saml::Iterator<const IEntityDescriptor*> getEntityDescriptors() const=0;
271 virtual const DOMElement* getElement() const=0;
272 virtual ~IEntitiesDescriptor() {}
275 // Supports Shib role extension describing attribute scoping rules
276 struct SHIB_EXPORTS IScopedRoleDescriptor : public virtual IRoleDescriptor
278 virtual saml::Iterator<std::pair<const XMLCh*,bool> > getScopes() const=0;
279 virtual ~IScopedRoleDescriptor() {}
282 struct SHIB_EXPORTS IMetadata : public virtual saml::ILockable, public virtual saml::IPlugIn
284 virtual const IEntityDescriptor* lookup(const XMLCh* id) const=0;
285 virtual ~IMetadata() {}
288 struct SHIB_EXPORTS IRevocation : public virtual saml::ILockable, public virtual saml::IPlugIn
290 virtual saml::Iterator<void*> getRevocationLists(const IEntityDescriptor* provider, const IRoleDescriptor* role=NULL) const=0;
291 virtual ~IRevocation() {}
294 // Trust interface hides *all* details of signature and SSL validation.
295 // Pluggable providers can fully override the Shibboleth trust model here.
297 struct SHIB_EXPORTS ITrust : public virtual saml::IPlugIn
299 virtual bool validate(
300 const saml::Iterator<IRevocation*>& revocations,
301 const IRoleDescriptor* role, const saml::SAMLSignedObject& token,
302 const saml::Iterator<IMetadata*>& metadatas=EMPTY(IMetadata*)
304 virtual bool attach(const saml::Iterator<IRevocation*>& revocations, const IRoleDescriptor* role, void* ctx)=0;
308 // Credentials interface abstracts access to "owned" keys and certificates.
310 struct SHIB_EXPORTS ICredResolver : public virtual saml::IPlugIn
312 virtual void attach(void* ctx) const=0;
313 virtual XSECCryptoKey* getKey() const=0;
314 virtual saml::Iterator<XSECCryptoX509*> getCertificates() const=0;
315 virtual void dump(FILE* f) const=0;
316 virtual void dump() const { dump(stdout); }
317 virtual ~ICredResolver() {}
320 struct SHIB_EXPORTS ICredentials : public virtual saml::ILockable, public virtual saml::IPlugIn
322 virtual const ICredResolver* lookup(const char* id) const=0;
323 virtual ~ICredentials() {}
326 // Attribute acceptance processing interfaces, applied to incoming attributes.
328 struct SHIB_EXPORTS IAttributeRule
330 virtual const XMLCh* getName() const=0;
331 virtual const XMLCh* getNamespace() const=0;
332 virtual const char* getFactory() const=0;
333 virtual const char* getAlias() const=0;
334 virtual const char* getHeader() const=0;
335 virtual bool getCaseSensitive() const=0;
336 virtual void apply(saml::SAMLAttribute& attribute, const IRoleDescriptor* role=NULL) const=0;
337 virtual ~IAttributeRule() {}
340 struct SHIB_EXPORTS IAAP : public virtual saml::ILockable, public virtual saml::IPlugIn
342 virtual bool anyAttribute() const=0;
343 virtual const IAttributeRule* lookup(const XMLCh* attrName, const XMLCh* attrNamespace=NULL) const=0;
344 virtual const IAttributeRule* lookup(const char* alias) const=0;
345 virtual saml::Iterator<const IAttributeRule*> getAttributeRules() const=0;
349 #ifdef SHIB_INSTANTIATE
350 template class SHIB_EXPORTS saml::Iterator<const IContactPerson*>;
351 template class SHIB_EXPORTS saml::Iterator<const XENCEncryptionMethod*>;
352 template class SHIB_EXPORTS saml::Iterator<const IKeyDescriptor*>;
353 template class SHIB_EXPORTS saml::Iterator<const IAttributeConsumingService*>;
354 template class SHIB_EXPORTS saml::Iterator<const IRoleDescriptor*>;
355 template class SHIB_EXPORTS saml::Iterator<const IEntityDescriptor*>;
356 template class SHIB_EXPORTS saml::Iterator<const IEntitiesDescriptor*>;
357 template class SHIB_EXPORTS saml::Iterator<const IEndpoint*>;
358 template class SHIB_EXPORTS saml::Iterator<const IAttributeRule*>;
359 template class SHIB_EXPORTS saml::Iterator<IMetadata*>;
360 template class SHIB_EXPORTS saml::ArrayIterator<IMetadata*>;
361 template class SHIB_EXPORTS saml::Iterator<ITrust*>;
362 template class SHIB_EXPORTS saml::ArrayIterator<ITrust*>;
363 template class SHIB_EXPORTS saml::Iterator<IRevocation*>;
364 template class SHIB_EXPORTS saml::ArrayIterator<IRevocation*>;
365 template class SHIB_EXPORTS saml::Iterator<ICredentials*>;
366 template class SHIB_EXPORTS saml::ArrayIterator<ICredentials*>;
367 template class SHIB_EXPORTS saml::Iterator<IAAP*>;
368 template class SHIB_EXPORTS saml::ArrayIterator<IAAP*>;
371 struct SHIB_EXPORTS Constants
373 static const XMLCh SHIB_ATTRIBUTE_NAMESPACE_URI[];
374 static const XMLCh SHIB_NAMEID_FORMAT_URI[];
375 static const XMLCh SHIB_AUTHNREQUEST_PROFILE_URI[];
376 static const XMLCh SHIB_NS[];
377 static const XMLCh InvalidHandle[];
380 // Glue classes between abstract metadata and concrete providers
382 class SHIB_EXPORTS Metadata
385 Metadata(const saml::Iterator<IMetadata*>& metadatas) : m_metadatas(metadatas), m_mapper(NULL) {}
388 const IEntityDescriptor* lookup(const XMLCh* providerId);
391 Metadata(const Metadata&);
392 void operator=(const Metadata&);
394 const saml::Iterator<IMetadata*>& m_metadatas;
397 class SHIB_EXPORTS Revocation
400 Revocation(const saml::Iterator<IRevocation*>& revocations) : m_revocations(revocations), m_mapper(NULL) {}
403 saml::Iterator<void*> getRevocationLists(const IEntityDescriptor* provider, const IRoleDescriptor* role=NULL);
406 Revocation(const Revocation&);
407 void operator=(const Revocation&);
408 IRevocation* m_mapper;
409 const saml::Iterator<IRevocation*>& m_revocations;
412 class SHIB_EXPORTS Trust
415 Trust(const saml::Iterator<ITrust*>& trusts) : m_trusts(trusts) {}
419 const saml::Iterator<IRevocation*>& revocations,
420 const IRoleDescriptor* role, const saml::SAMLSignedObject& token,
421 const saml::Iterator<IMetadata*>& metadatas=EMPTY(IMetadata*)
423 bool attach(const saml::Iterator<IRevocation*>& revocations, const IRoleDescriptor* role, void* ctx) const;
427 void operator=(const Trust&);
428 const saml::Iterator<ITrust*>& m_trusts;
431 class SHIB_EXPORTS Credentials
434 Credentials(const saml::Iterator<ICredentials*>& creds) : m_creds(creds), m_mapper(NULL) {}
437 const ICredResolver* lookup(const char* id);
440 Credentials(const Credentials&);
441 void operator=(const Credentials&);
442 ICredentials* m_mapper;
443 const saml::Iterator<ICredentials*>& m_creds;
446 class SHIB_EXPORTS AAP
449 AAP(const saml::Iterator<IAAP*>& aaps, const XMLCh* attrName, const XMLCh* attrNamespace=NULL);
450 AAP(const saml::Iterator<IAAP*>& aaps, const char* alias);
452 bool fail() const {return m_mapper==NULL;}
453 const IAttributeRule* operator->() const {return m_rule;}
454 operator const IAttributeRule*() const {return m_rule;}
456 static void apply(const saml::Iterator<IAAP*>& aaps, saml::SAMLAssertion& assertion, const IRoleDescriptor* role=NULL);
460 void operator=(const AAP&);
462 const IAttributeRule* m_rule;
465 // Wrapper classes around the POST profile and SAML binding
467 class SHIB_EXPORTS ShibPOSTProfile
471 const saml::Iterator<IMetadata*>& metadatas=EMPTY(IMetadata*),
472 const saml::Iterator<IRevocation*>& revocations=EMPTY(IRevocation*),
473 const saml::Iterator<ITrust*>& trusts=EMPTY(ITrust*),
474 const saml::Iterator<ICredentials*>& creds=EMPTY(ICredentials*)
476 virtual ~ShibPOSTProfile() {}
478 virtual const saml::SAMLAssertion* getSSOAssertion(
479 const saml::SAMLResponse& r, const saml::Iterator<const XMLCh*>& audiences=EMPTY(const XMLCh*)
481 virtual const saml::SAMLAuthenticationStatement* getSSOStatement(const saml::SAMLAssertion& a);
482 virtual saml::SAMLResponse* accept(
484 const XMLCh* recipient,
486 const saml::Iterator<const XMLCh*>& audiences=EMPTY(const XMLCh*),
487 XMLCh** pproviderId=NULL
489 virtual saml::SAMLResponse* prepare(
490 const IIDPSSODescriptor* role,
491 const char* credResolverId,
492 const XMLCh* recipient,
493 const XMLCh* authMethod,
494 const saml::SAMLDateTime& authInstant,
496 const XMLCh* format=Constants::SHIB_NAMEID_FORMAT_URI,
497 const XMLCh* nameQualifier=NULL,
498 const XMLCh* subjectIP=NULL,
499 const saml::Iterator<const XMLCh*>& audiences=EMPTY(const XMLCh*),
500 const saml::Iterator<saml::SAMLAuthorityBinding*>& bindings=EMPTY(saml::SAMLAuthorityBinding*)
502 virtual bool checkReplayCache(const saml::SAMLAssertion& a);
503 virtual const XMLCh* getProviderId(const saml::SAMLResponse& r);
506 const saml::Iterator<IMetadata*>& m_metadatas;
507 const saml::Iterator<IRevocation*>& m_revocations;
508 const saml::Iterator<ITrust*>& m_trusts;
509 const saml::Iterator<ICredentials*>& m_creds;
512 class SHIB_EXPORTS ShibBinding
516 const saml::Iterator<IRevocation*>& revocations,
517 const saml::Iterator<ITrust*>& trusts,
518 const saml::Iterator<ICredentials*>& creds
519 ) : m_revocations(revocations), m_trusts(trusts), m_creds(creds),
520 m_credResolverId(NULL), m_AA(NULL), m_binding(NULL) {}
521 virtual ~ShibBinding() {delete m_binding;}
523 saml::SAMLResponse* send(
524 saml::SAMLRequest& req,
525 const IRoleDescriptor* AA,
526 const char* credResolverId=NULL,
527 const saml::Iterator<const XMLCh*>& audiences=EMPTY(const XMLCh*),
528 const saml::Iterator<saml::SAMLAuthorityBinding*>& bindings=EMPTY(saml::SAMLAuthorityBinding*),
529 saml::SAMLConfig::SAMLBindingConfig& conf=saml::SAMLConfig::getConfig().binding_defaults
533 friend bool ssl_ctx_callback(void* ssl_ctx, void* userptr);
534 const saml::Iterator<IRevocation*>& m_revocations;
535 const saml::Iterator<ITrust*>& m_trusts;
536 const saml::Iterator<ICredentials*>& m_creds;
537 const char* m_credResolverId;
538 const IRoleDescriptor* m_AA;
539 saml::SAMLBinding* m_binding;
542 class SHIB_EXPORTS ShibConfig
546 virtual ~ShibConfig() {}
548 // global per-process setup and shutdown of Shibboleth runtime
552 // enables runtime and clients to access configuration
553 static ShibConfig& getConfig();
556 /* Helper classes for implementing reloadable XML-based config files
557 The ILockable interface will usually be inherited twice, once as
558 part of the external interface to clients and once as an implementation
559 detail of the reloading class below.
562 class SHIB_EXPORTS ReloadableXMLFileImpl
565 ReloadableXMLFileImpl(const char* pathname);
566 ReloadableXMLFileImpl(const DOMElement* pathname);
567 virtual ~ReloadableXMLFileImpl();
571 const DOMElement* m_root;
574 class SHIB_EXPORTS ReloadableXMLFile : protected virtual saml::ILockable
577 ReloadableXMLFile(const DOMElement* e);
578 ~ReloadableXMLFile() { delete m_lock; delete m_impl; }
581 virtual void unlock() { if (m_lock) m_lock->unlock(); }
583 ReloadableXMLFileImpl* getImplementation() const;
586 virtual ReloadableXMLFileImpl* newImplementation(const char* pathname, bool first=true) const=0;
587 virtual ReloadableXMLFileImpl* newImplementation(const DOMElement* e, bool first=true) const=0;
588 mutable ReloadableXMLFileImpl* m_impl;
591 const DOMElement* m_root;
592 std::string m_source;