2 * The Shibboleth License, Version 1.
4 * University Corporation for Advanced Internet Development, Inc.
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions are met:
11 * Redistributions of source code must retain the above copyright notice, this
12 * list of conditions and the following disclaimer.
14 * Redistributions in binary form must reproduce the above copyright notice,
15 * this list of conditions and the following disclaimer in the documentation
16 * and/or other materials provided with the distribution, if any, must include
17 * the following acknowledgment: "This product includes software developed by
18 * the University Corporation for Advanced Internet Development
19 * <http://www.ucaid.edu>Internet2 Project. Alternately, this acknowledegement
20 * may appear in the software itself, if and wherever such third-party
21 * acknowledgments normally appear.
23 * Neither the name of Shibboleth nor the names of its contributors, nor
24 * Internet2, nor the University Corporation for Advanced Internet Development,
25 * Inc., nor UCAID may be used to endorse or promote products derived from this
26 * software without specific prior written permission. For written permission,
27 * please contact shibboleth@shibboleth.org
29 * Products derived from this software may not be called Shibboleth, Internet2,
30 * UCAID, or the University Corporation for Advanced Internet Development, nor
31 * may Shibboleth appear in their name, without prior written permission of the
32 * University Corporation for Advanced Internet Development.
35 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
36 * AND WITH ALL FAULTS. ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
37 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A
38 * PARTICULAR PURPOSE, AND NON-INFRINGEMENT ARE DISCLAIMED AND THE ENTIRE RISK
39 * OF SATISFACTORY QUALITY, PERFORMANCE, ACCURACY, AND EFFORT IS WITH LICENSEE.
40 * IN NO EVENT SHALL THE COPYRIGHT OWNER, CONTRIBUTORS OR THE UNIVERSITY
41 * CORPORATION FOR ADVANCED INTERNET DEVELOPMENT, INC. BE LIABLE FOR ANY DIRECT,
42 * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
43 * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
44 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
45 * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
46 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
47 * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
51 /* shib.h - Shibboleth header file
62 #include <saml/saml.h>
63 #include <shib/shib-threads.h>
64 #include <xsec/xenc/XENCEncryptionMethod.hpp>
68 # define SHIB_EXPORTS __declspec(dllimport)
76 #define DECLARE_SHIB_EXCEPTION(name,base) \
77 class SHIB_EXPORTS name : public saml::base \
80 name(const char* msg) : saml::base(msg) {RTTI(name);} \
81 name(const std::string& msg) : saml::base(msg) {RTTI(name);} \
82 name(const saml::Iterator<saml::QName>& codes, const char* msg) : saml::base(codes,msg) {RTTI(name);} \
83 name(const saml::Iterator<saml::QName>& codes, const std::string& msg) : saml::base(codes, msg) {RTTI(name);} \
84 name(const saml::QName& code, const char* msg) : saml::base(code,msg) {RTTI(name);} \
85 name(const saml::QName& code, const std::string& msg) : saml::base(code, msg) {RTTI(name);} \
86 name(DOMElement* e) : saml::base(e) {RTTI(name);} \
87 name(std::istream& in) : saml::base(in) {RTTI(name);} \
88 virtual ~name() throw () {} \
91 DECLARE_SHIB_EXCEPTION(MetadataException,SAMLException);
92 DECLARE_SHIB_EXCEPTION(CredentialException,SAMLException);
93 DECLARE_SHIB_EXCEPTION(InvalidHandleException,RetryableProfileException);
95 // Manages pluggable implementations of interfaces
96 // Would prefer this to be a template, but the Windows STL isn't DLL-safe.
98 struct SHIB_EXPORTS IPlugIn
100 virtual ~IPlugIn() {}
103 class SHIB_EXPORTS PlugManager
109 typedef IPlugIn* Factory(const DOMElement* source);
110 void regFactory(const char* type, Factory* factory);
111 void unregFactory(const char* type);
112 IPlugIn* newPlugin(const char* type, const DOMElement* source);
115 typedef std::map<std::string, Factory*> FactoryMap;
119 // Various interfaces inherit from this to support locking
120 struct SHIB_EXPORTS ILockable
122 virtual void lock()=0;
123 virtual void unlock()=0;
124 virtual ~ILockable() {}
127 // Metadata abstract interfaces, based on SAML 2.0
129 struct SHIB_EXPORTS IContactPerson
131 enum ContactType { technical, support, administrative, billing, other };
132 virtual ContactType getType() const=0;
133 virtual const char* getCompany() const=0;
134 virtual const char* getGivenName() const=0;
135 virtual const char* getSurName() const=0;
136 virtual saml::Iterator<std::string> getEmailAddresses() const=0;
137 virtual saml::Iterator<std::string> getTelephoneNumbers() const=0;
138 virtual const DOMElement* getElement() const=0;
139 virtual ~IContactPerson() {}
142 struct SHIB_EXPORTS IOrganization
144 virtual const char* getName(const char* lang="en") const=0;
145 virtual const char* getDisplayName(const char* lang="en") const=0;
146 virtual const char* getURL(const char* lang="en") const=0;
147 virtual const DOMElement* getElement() const=0;
148 virtual ~IOrganization() {}
151 struct SHIB_EXPORTS IKeyDescriptor
153 enum KeyUse { unspecified, encryption, signing };
154 virtual KeyUse getUse() const=0;
155 virtual DSIGKeyInfoList* getKeyInfo() const=0;
156 virtual saml::Iterator<const XENCEncryptionMethod*> getEncryptionMethod() const=0;
157 virtual ~IKeyDescriptor() {}
160 struct SHIB_EXPORTS IEndpoint
162 virtual const XMLCh* getBinding() const=0;
163 virtual const XMLCh* getLocation() const=0;
164 virtual const XMLCh* getResponseLocation() const=0;
165 virtual const DOMElement* getElement() const=0;
166 virtual ~IEndpoint() {}
169 struct SHIB_EXPORTS IIndexedEndpoint : public virtual IEndpoint
171 virtual unsigned short getIndex() const=0;
172 virtual ~IIndexedEndpoint() {}
175 struct SHIB_EXPORTS IEndpointManager
177 virtual saml::Iterator<const IEndpoint*> getEndpoints() const=0;
178 virtual const IEndpoint* getDefaultEndpoint() const=0;
179 virtual const IEndpoint* getEndpointByIndex(unsigned short index) const=0;
180 virtual const IEndpoint* getEndpointByBinding(const XMLCh* binding) const=0;
181 virtual ~IEndpointManager() {}
184 struct SHIB_EXPORTS IEntityDescriptor;
185 struct SHIB_EXPORTS IRoleDescriptor
187 virtual const IEntityDescriptor* getEntityDescriptor() const=0;
188 virtual saml::Iterator<const XMLCh*> getProtocolSupportEnumeration() const=0;
189 virtual bool hasSupport(const XMLCh* protocol) const=0;
190 virtual const char* getErrorURL() const=0;
191 virtual saml::Iterator<const IKeyDescriptor*> getKeyDescriptors() const=0;
192 virtual const IOrganization* getOrganization() const=0;
193 virtual saml::Iterator<const IContactPerson*> getContactPersons() const=0;
194 virtual const DOMElement* getElement() const=0;
195 virtual ~IRoleDescriptor() {}
198 struct SHIB_EXPORTS ISSODescriptor : public virtual IRoleDescriptor
200 virtual const IEndpointManager* getArtifactResolutionServiceManager() const=0;
201 virtual const IEndpointManager* getSingleLogoutServiceManager() const=0;
202 virtual const IEndpointManager* getManageNameIDServiceManager() const=0;
203 virtual saml::Iterator<const XMLCh*> getNameIDFormats() const=0;
204 virtual ~ISSODescriptor() {}
207 struct SHIB_EXPORTS IIDPSSODescriptor : public virtual ISSODescriptor
209 virtual bool getWantAuthnRequestsSigned() const=0;
210 virtual const IEndpointManager* getSingleSignOnServiceManager() const=0;
211 virtual const IEndpointManager* getNameIDMappingServiceManager() const=0;
212 virtual const IEndpointManager* getAssertionIDRequestServiceManager() const=0;
213 virtual saml::Iterator<const XMLCh*> getAttributeProfiles() const=0;
214 virtual saml::Iterator<const saml::SAMLAttribute*> getAttributes() const=0;
215 virtual ~IIDPSSODescriptor() {}
218 struct SHIB_EXPORTS IAttributeConsumingService
220 virtual const XMLCh* getName(const char* lang="en") const=0;
221 virtual const XMLCh* getDescription(const char* lang="en") const=0;
222 virtual saml::Iterator<std::pair<const saml::SAMLAttribute*,bool> > getRequestedAttributes() const=0;
223 virtual ~IAttributeConsumingService() {}
226 struct SHIB_EXPORTS ISPSSODescriptor : public virtual ISSODescriptor
228 virtual bool getAuthnRequestsSigned() const=0;
229 virtual bool getWantAssertionsSigned() const=0;
230 virtual const IEndpointManager* getAssertionConsumerServiceManager() const=0;
231 virtual saml::Iterator<const IAttributeConsumingService*> getAttributeConsumingServices() const=0;
232 virtual const IAttributeConsumingService* getDefaultAttributeConsumingService() const=0;
233 virtual const IAttributeConsumingService* getAttributeConsumingServiceByID(const XMLCh* id) const=0;
234 virtual ~ISPSSODescriptor() {}
237 struct SHIB_EXPORTS IAuthnAuthorityDescriptor : public virtual IRoleDescriptor
239 virtual const IEndpointManager* getAuthnQueryServiceManager() const=0;
240 virtual const IEndpointManager* getAssertionIDRequestServiceManager() const=0;
241 virtual saml::Iterator<const XMLCh*> getNameIDFormats() const=0;
242 virtual ~IAuthnAuthorityDescriptor() {}
245 struct SHIB_EXPORTS IPDPDescriptor : public virtual IRoleDescriptor
247 virtual const IEndpointManager* getAuthzServiceManager() const=0;
248 virtual const IEndpointManager* getAssertionIDRequestServiceManager() const=0;
249 virtual saml::Iterator<const XMLCh*> getNameIDFormats() const=0;
250 virtual ~IPDPDescriptor() {}
253 struct SHIB_EXPORTS IAttributeAuthorityDescriptor : public virtual IRoleDescriptor
255 virtual const IEndpointManager* getAttributeServices() const=0;
256 virtual const IEndpointManager* getAssertionIDRequestServiceManager() const=0;
257 virtual saml::Iterator<const XMLCh*> getNameIDFormats() const=0;
258 virtual saml::Iterator<const XMLCh*> getAttributeProfiles() const=0;
259 virtual saml::Iterator<const saml::SAMLAttribute*> getAttributes() const=0;
260 virtual ~IAttributeAuthorityDescriptor() {}
263 struct SHIB_EXPORTS IAffiliationDescriptor
265 virtual const IEntityDescriptor* getEntityDescriptor() const=0;
266 virtual const XMLCh* getOwnerID() const=0;
267 virtual saml::Iterator<const XMLCh*> getMembers() const=0;
268 virtual bool isMember(const XMLCh* id) const=0;
269 virtual saml::Iterator<const IKeyDescriptor*> getKeyDescriptors() const=0;
270 virtual const DOMElement* getElement() const=0;
271 virtual ~IAffiliationDescriptor() {}
274 struct SHIB_EXPORTS IEntitiesDescriptor;
275 struct SHIB_EXPORTS IEntityDescriptor
277 virtual const XMLCh* getId() const=0;
278 virtual saml::Iterator<const IRoleDescriptor*> getRoleDescriptors() const=0;
279 virtual const IIDPSSODescriptor* getIDPSSODescriptor(const XMLCh* protocol) const=0;
280 virtual const ISPSSODescriptor* getSPSSODescriptor(const XMLCh* protocol) const=0;
281 virtual const IAuthnAuthorityDescriptor* getAuthnAuthorityDescriptor(const XMLCh* protocol) const=0;
282 virtual const IAttributeAuthorityDescriptor* getAttributeAuthorityDescriptor(const XMLCh* protocol) const=0;
283 virtual const IPDPDescriptor* getPDPDescriptor(const XMLCh* protocol) const=0;
284 virtual const IAffiliationDescriptor* getAffiliationDescriptor() const=0;
285 virtual const IOrganization* getOrganization() const=0;
286 virtual saml::Iterator<const IContactPerson*> getContactPersons() const=0;
287 virtual saml::Iterator<std::pair<const XMLCh*,const XMLCh*> > getAdditionalMetadataLocations() const=0;
288 virtual const IEntitiesDescriptor* getEntitiesDescriptor() const=0;
289 virtual const DOMElement* getElement() const=0;
290 virtual ~IEntityDescriptor() {}
293 struct SHIB_EXPORTS IEntitiesDescriptor
295 virtual const XMLCh* getName() const=0;
296 virtual const IEntitiesDescriptor* getEntitiesDescriptor() const=0;
297 virtual saml::Iterator<const IEntitiesDescriptor*> getEntitiesDescriptors() const=0;
298 virtual saml::Iterator<const IEntityDescriptor*> getEntityDescriptors() const=0;
299 virtual const DOMElement* getElement() const=0;
300 virtual ~IEntitiesDescriptor() {}
303 // Supports Shib role extension describing attribute scoping rules
304 struct SHIB_EXPORTS IScopedRoleDescriptor : public virtual IRoleDescriptor
306 virtual saml::Iterator<std::pair<const XMLCh*,bool> > getScopes() const=0;
307 virtual ~IScopedRoleDescriptor() {}
310 struct SHIB_EXPORTS IMetadata : public virtual ILockable, public virtual IPlugIn
312 virtual const IEntityDescriptor* lookup(const XMLCh* id) const=0;
313 virtual ~IMetadata() {}
316 struct SHIB_EXPORTS IRevocation : public virtual ILockable, public virtual IPlugIn
318 virtual saml::Iterator<void*> getRevocationLists(const IEntityDescriptor* provider, const IRoleDescriptor* role=NULL) const=0;
319 virtual ~IRevocation() {}
322 // Trust interface hides *all* details of signature and SSL validation.
323 // Pluggable providers can fully override the Shibboleth trust model here.
325 struct SHIB_EXPORTS ITrust : public virtual IPlugIn
327 virtual bool validate(
328 const saml::Iterator<IRevocation*>& revocations,
329 const IRoleDescriptor* role, const saml::SAMLSignedObject& token,
330 const saml::Iterator<IMetadata*>& metadatas=EMPTY(IMetadata*)
332 virtual bool attach(const saml::Iterator<IRevocation*>& revocations, const IRoleDescriptor* role, void* ctx)=0;
336 // Credentials interface abstracts access to "owned" keys and certificates.
338 struct SHIB_EXPORTS ICredResolver : public virtual IPlugIn
340 virtual void attach(void* ctx) const=0;
341 virtual XSECCryptoKey* getKey() const=0;
342 virtual saml::Iterator<XSECCryptoX509*> getCertificates() const=0;
343 virtual void dump(FILE* f) const=0;
344 virtual void dump() const { dump(stdout); }
345 virtual ~ICredResolver() {}
348 struct SHIB_EXPORTS ICredentials : public virtual ILockable, public virtual IPlugIn
350 virtual const ICredResolver* lookup(const char* id) const=0;
351 virtual ~ICredentials() {}
354 // Attribute acceptance processing interfaces, applied to incoming attributes.
356 struct SHIB_EXPORTS IAttributeRule
358 virtual const XMLCh* getName() const=0;
359 virtual const XMLCh* getNamespace() const=0;
360 virtual const char* getFactory() const=0;
361 virtual const char* getAlias() const=0;
362 virtual const char* getHeader() const=0;
363 virtual bool getCaseSensitive() const=0;
364 virtual void apply(saml::SAMLAttribute& attribute, const IRoleDescriptor* role=NULL) const=0;
365 virtual ~IAttributeRule() {}
368 struct SHIB_EXPORTS IAAP : public virtual ILockable, public virtual IPlugIn
370 virtual bool anyAttribute() const=0;
371 virtual const IAttributeRule* lookup(const XMLCh* attrName, const XMLCh* attrNamespace=NULL) const=0;
372 virtual const IAttributeRule* lookup(const char* alias) const=0;
373 virtual saml::Iterator<const IAttributeRule*> getAttributeRules() const=0;
377 #ifdef SHIB_INSTANTIATE
378 template class SHIB_EXPORTS saml::Iterator<const IContactPerson*>;
379 template class SHIB_EXPORTS saml::Iterator<const XENCEncryptionMethod*>;
380 template class SHIB_EXPORTS saml::Iterator<const IKeyDescriptor*>;
381 template class SHIB_EXPORTS saml::Iterator<const IAttributeConsumingService*>;
382 template class SHIB_EXPORTS saml::Iterator<const IRoleDescriptor*>;
383 template class SHIB_EXPORTS saml::Iterator<const IEntityDescriptor*>;
384 template class SHIB_EXPORTS saml::Iterator<const IEntitiesDescriptor*>;
385 template class SHIB_EXPORTS saml::Iterator<const IEndpoint*>;
386 template class SHIB_EXPORTS saml::Iterator<const IAttributeRule*>;
387 template class SHIB_EXPORTS saml::Iterator<IMetadata*>;
388 template class SHIB_EXPORTS saml::ArrayIterator<IMetadata*>;
389 template class SHIB_EXPORTS saml::Iterator<ITrust*>;
390 template class SHIB_EXPORTS saml::ArrayIterator<ITrust*>;
391 template class SHIB_EXPORTS saml::Iterator<IRevocation*>;
392 template class SHIB_EXPORTS saml::ArrayIterator<IRevocation*>;
393 template class SHIB_EXPORTS saml::Iterator<ICredentials*>;
394 template class SHIB_EXPORTS saml::ArrayIterator<ICredentials*>;
395 template class SHIB_EXPORTS saml::Iterator<IAAP*>;
396 template class SHIB_EXPORTS saml::ArrayIterator<IAAP*>;
399 struct SHIB_EXPORTS Constants
401 static const XMLCh SHIB_ATTRIBUTE_NAMESPACE_URI[];
402 static const XMLCh SHIB_NAMEID_FORMAT_URI[];
403 static const XMLCh SHIB_AUTHNREQUEST_PROFILE_URI[];
404 static const XMLCh SHIB_NS[];
405 static const XMLCh InvalidHandle[];
408 // Glue classes between abstract metadata and concrete providers
410 class SHIB_EXPORTS Locker
413 Locker(ILockable* lockee) : m_lockee(lockee) {m_lockee->lock();}
414 ~Locker() {if (m_lockee) m_lockee->unlock();}
417 Locker(const Locker&);
418 void operator=(const Locker&);
422 class SHIB_EXPORTS Metadata
425 Metadata(const saml::Iterator<IMetadata*>& metadatas) : m_metadatas(metadatas), m_mapper(NULL) {}
428 const IEntityDescriptor* lookup(const XMLCh* providerId);
431 Metadata(const Metadata&);
432 void operator=(const Metadata&);
434 const saml::Iterator<IMetadata*>& m_metadatas;
437 class SHIB_EXPORTS Revocation
440 Revocation(const saml::Iterator<IRevocation*>& revocations) : m_revocations(revocations), m_mapper(NULL) {}
443 saml::Iterator<void*> getRevocationLists(const IEntityDescriptor* provider, const IRoleDescriptor* role=NULL);
446 Revocation(const Revocation&);
447 void operator=(const Revocation&);
448 IRevocation* m_mapper;
449 const saml::Iterator<IRevocation*>& m_revocations;
452 class SHIB_EXPORTS Trust
455 Trust(const saml::Iterator<ITrust*>& trusts) : m_trusts(trusts) {}
459 const saml::Iterator<IRevocation*>& revocations,
460 const IRoleDescriptor* role, const saml::SAMLSignedObject& token,
461 const saml::Iterator<IMetadata*>& metadatas=EMPTY(IMetadata*)
463 bool attach(const saml::Iterator<IRevocation*>& revocations, const IRoleDescriptor* role, void* ctx) const;
467 void operator=(const Trust&);
468 const saml::Iterator<ITrust*>& m_trusts;
471 class SHIB_EXPORTS Credentials
474 Credentials(const saml::Iterator<ICredentials*>& creds) : m_creds(creds), m_mapper(NULL) {}
477 const ICredResolver* lookup(const char* id);
480 Credentials(const Credentials&);
481 void operator=(const Credentials&);
482 ICredentials* m_mapper;
483 const saml::Iterator<ICredentials*>& m_creds;
486 class SHIB_EXPORTS AAP
489 AAP(const saml::Iterator<IAAP*>& aaps, const XMLCh* attrName, const XMLCh* attrNamespace=NULL);
490 AAP(const saml::Iterator<IAAP*>& aaps, const char* alias);
492 bool fail() const {return m_mapper==NULL;}
493 const IAttributeRule* operator->() const {return m_rule;}
494 operator const IAttributeRule*() const {return m_rule;}
496 static void apply(const saml::Iterator<IAAP*>& aaps, saml::SAMLAssertion& assertion, const IRoleDescriptor* role=NULL);
500 void operator=(const AAP&);
502 const IAttributeRule* m_rule;
505 // Wrapper classes around the POST profile and SAML binding
507 class SHIB_EXPORTS ShibPOSTProfile
511 const saml::Iterator<IMetadata*>& metadatas=EMPTY(IMetadata*),
512 const saml::Iterator<IRevocation*>& revocations=EMPTY(IRevocation*),
513 const saml::Iterator<ITrust*>& trusts=EMPTY(ITrust*),
514 const saml::Iterator<ICredentials*>& creds=EMPTY(ICredentials*)
516 virtual ~ShibPOSTProfile() {}
518 virtual const saml::SAMLAssertion* getSSOAssertion(
519 const saml::SAMLResponse& r, const saml::Iterator<const XMLCh*>& audiences=EMPTY(const XMLCh*)
521 virtual const saml::SAMLAuthenticationStatement* getSSOStatement(const saml::SAMLAssertion& a);
522 virtual saml::SAMLResponse* accept(
524 const XMLCh* recipient,
526 const saml::Iterator<const XMLCh*>& audiences=EMPTY(const XMLCh*),
527 XMLCh** pproviderId=NULL
529 virtual saml::SAMLResponse* prepare(
530 const IIDPSSODescriptor* role,
531 const char* credResolverId,
532 const XMLCh* recipient,
533 const XMLCh* authMethod,
536 const XMLCh* format=Constants::SHIB_NAMEID_FORMAT_URI,
537 const XMLCh* nameQualifier=NULL,
538 const XMLCh* subjectIP=NULL,
539 const saml::Iterator<const XMLCh*>& audiences=EMPTY(const XMLCh*),
540 const saml::Iterator<saml::SAMLAuthorityBinding*>& bindings=EMPTY(saml::SAMLAuthorityBinding*)
542 virtual bool checkReplayCache(const saml::SAMLAssertion& a);
543 virtual const XMLCh* getProviderId(const saml::SAMLResponse& r);
546 const saml::Iterator<IMetadata*>& m_metadatas;
547 const saml::Iterator<IRevocation*>& m_revocations;
548 const saml::Iterator<ITrust*>& m_trusts;
549 const saml::Iterator<ICredentials*>& m_creds;
552 class SHIB_EXPORTS ShibBinding
556 const saml::Iterator<IRevocation*>& revocations,
557 const saml::Iterator<ITrust*>& trusts,
558 const saml::Iterator<ICredentials*>& creds
559 ) : m_revocations(revocations), m_trusts(trusts), m_creds(creds),
560 m_credResolverId(NULL), m_AA(NULL), m_binding(NULL) {}
561 virtual ~ShibBinding() {delete m_binding;}
563 saml::SAMLResponse* send(
564 saml::SAMLRequest& req,
565 const IRoleDescriptor* AA,
566 const char* credResolverId=NULL,
567 const saml::Iterator<const XMLCh*>& audiences=EMPTY(const XMLCh*),
568 const saml::Iterator<saml::SAMLAuthorityBinding*>& bindings=EMPTY(saml::SAMLAuthorityBinding*),
569 saml::SAMLConfig::SAMLBindingConfig& conf=saml::SAMLConfig::getConfig().binding_defaults
573 friend bool ssl_ctx_callback(void* ssl_ctx, void* userptr);
574 const saml::Iterator<IRevocation*>& m_revocations;
575 const saml::Iterator<ITrust*>& m_trusts;
576 const saml::Iterator<ICredentials*>& m_creds;
577 const char* m_credResolverId;
578 const IRoleDescriptor* m_AA;
579 saml::SAMLBinding* m_binding;
582 class SHIB_EXPORTS ShibConfig
586 virtual ~ShibConfig() {}
588 // global per-process setup and shutdown of Shibboleth runtime
592 // enables runtime and clients to access configuration
593 static ShibConfig& getConfig();
595 // allows pluggable implementations of metadata and configuration data
596 PlugManager m_plugMgr;
599 /* Helper classes for implementing reloadable XML-based config files
600 The ILockable interface will usually be inherited twice, once as
601 part of the external interface to clients and once as an implementation
602 detail of the reloading class below.
605 class SHIB_EXPORTS ReloadableXMLFileImpl
608 ReloadableXMLFileImpl(const char* pathname);
609 ReloadableXMLFileImpl(const DOMElement* pathname);
610 virtual ~ReloadableXMLFileImpl();
614 const DOMElement* m_root;
617 class SHIB_EXPORTS ReloadableXMLFile : protected virtual ILockable
620 ReloadableXMLFile(const DOMElement* e);
621 ~ReloadableXMLFile() { delete m_lock; delete m_impl; }
624 virtual void unlock() { if (m_lock) m_lock->unlock(); }
626 ReloadableXMLFileImpl* getImplementation() const;
629 virtual ReloadableXMLFileImpl* newImplementation(const char* pathname, bool first=true) const=0;
630 virtual ReloadableXMLFileImpl* newImplementation(const DOMElement* e, bool first=true) const=0;
631 mutable ReloadableXMLFileImpl* m_impl;
634 const DOMElement* m_root;
635 std::string m_source;