2 * The Shibboleth License, Version 1.
4 * University Corporation for Advanced Internet Development, Inc.
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions are met:
11 * Redistributions of source code must retain the above copyright notice, this
12 * list of conditions and the following disclaimer.
14 * Redistributions in binary form must reproduce the above copyright notice,
15 * this list of conditions and the following disclaimer in the documentation
16 * and/or other materials provided with the distribution, if any, must include
17 * the following acknowledgment: "This product includes software developed by
18 * the University Corporation for Advanced Internet Development
19 * <http://www.ucaid.edu>Internet2 Project. Alternately, this acknowledegement
20 * may appear in the software itself, if and wherever such third-party
21 * acknowledgments normally appear.
23 * Neither the name of Shibboleth nor the names of its contributors, nor
24 * Internet2, nor the University Corporation for Advanced Internet Development,
25 * Inc., nor UCAID may be used to endorse or promote products derived from this
26 * software without specific prior written permission. For written permission,
27 * please contact shibboleth@shibboleth.org
29 * Products derived from this software may not be called Shibboleth, Internet2,
30 * UCAID, or the University Corporation for Advanced Internet Development, nor
31 * may Shibboleth appear in their name, without prior written permission of the
32 * University Corporation for Advanced Internet Development.
35 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
36 * AND WITH ALL FAULTS. ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
37 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A
38 * PARTICULAR PURPOSE, AND NON-INFRINGEMENT ARE DISCLAIMED AND THE ENTIRE RISK
39 * OF SATISFACTORY QUALITY, PERFORMANCE, ACCURACY, AND EFFORT IS WITH LICENSEE.
40 * IN NO EVENT SHALL THE COPYRIGHT OWNER, CONTRIBUTORS OR THE UNIVERSITY
41 * CORPORATION FOR ADVANCED INTERNET DEVELOPMENT, INC. BE LIABLE FOR ANY DIRECT,
42 * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
43 * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
44 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
45 * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
46 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
47 * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
51 /* shib.h - Shibboleth header file
62 #include <saml/saml.h>
63 #include <shib/shib-threads.h>
64 #include <xsec/xenc/XENCEncryptionMethod.hpp>
68 # define SHIB_EXPORTS __declspec(dllimport)
76 #define DECLARE_SHIB_EXCEPTION(name,base) \
77 class SHIB_EXPORTS name : public saml::base \
80 name(const char* msg) : saml::base(msg) {RTTI(name);} \
81 name(const std::string& msg) : saml::base(msg) {RTTI(name);} \
82 name(const saml::Iterator<saml::QName>& codes, const char* msg) : saml::base(codes,msg) {RTTI(name);} \
83 name(const saml::Iterator<saml::QName>& codes, const std::string& msg) : saml::base(codes, msg) {RTTI(name);} \
84 name(const saml::QName& code, const char* msg) : saml::base(code,msg) {RTTI(name);} \
85 name(const saml::QName& code, const std::string& msg) : saml::base(code, msg) {RTTI(name);} \
86 name(DOMElement* e) : saml::base(e) {RTTI(name);} \
87 name(std::istream& in) : saml::base(in) {RTTI(name);} \
88 virtual ~name() throw () {} \
91 DECLARE_SHIB_EXCEPTION(MetadataException,SAMLException);
92 DECLARE_SHIB_EXCEPTION(CredentialException,SAMLException);
93 DECLARE_SHIB_EXCEPTION(InvalidHandleException,RetryableProfileException);
95 // Manages pluggable implementations of interfaces
96 // Would prefer this to be a template, but the Windows STL isn't DLL-safe.
98 struct SHIB_EXPORTS IPlugIn
100 virtual ~IPlugIn() {}
103 class SHIB_EXPORTS PlugManager
109 typedef IPlugIn* Factory(const DOMElement* source);
110 void regFactory(const char* type, Factory* factory);
111 void unregFactory(const char* type);
112 IPlugIn* newPlugin(const char* type, const DOMElement* source);
115 typedef std::map<std::string, Factory*> FactoryMap;
119 // Various interfaces inherit from this to support locking
120 struct SHIB_EXPORTS ILockable
122 virtual void lock()=0;
123 virtual void unlock()=0;
124 virtual ~ILockable() {}
127 // Metadata abstract interfaces, based on SAML 2.0
129 struct SHIB_EXPORTS IContactPerson
131 enum ContactType { technical, support, administrative, billing, other };
132 virtual ContactType getType() const=0;
133 virtual const char* getCompany() const=0;
134 virtual const char* getGivenName() const=0;
135 virtual const char* getSurName() const=0;
136 virtual saml::Iterator<std::string> getEmailAddresses() const=0;
137 virtual saml::Iterator<std::string> getTelephoneNumbers() const=0;
138 virtual const DOMElement* getElement() const=0;
139 virtual ~IContactPerson() {}
142 struct SHIB_EXPORTS IOrganization
144 virtual const char* getName(const char* lang="en") const=0;
145 virtual const char* getDisplayName(const char* lang="en") const=0;
146 virtual const char* getURL(const char* lang="en") const=0;
147 virtual const DOMElement* getElement() const=0;
148 virtual ~IOrganization() {}
151 struct SHIB_EXPORTS IKeyDescriptor
153 enum KeyUse { encryption, signing };
154 virtual KeyUse getUse() const=0;
155 virtual DSIGKeyInfoList* getKeyInfo() const=0;
156 virtual saml::Iterator<const XENCEncryptionMethod*> getEncryptionMethod() const=0;
157 virtual ~IKeyDescriptor() {}
160 struct SHIB_EXPORTS IEndpoint
162 virtual const XMLCh* getBinding() const=0;
163 virtual const XMLCh* getLocation() const=0;
164 virtual const XMLCh* getResponseLocation() const=0;
165 virtual const DOMElement* getElement() const=0;
166 virtual ~IEndpoint() {}
169 struct SHIB_EXPORTS IIndexedEndpoint : public virtual IEndpoint
171 virtual unsigned short getIndex() const=0;
172 virtual ~IIndexedEndpoint() {}
175 struct SHIB_EXPORTS IEndpointManager
177 virtual saml::Iterator<const IEndpoint*> getEndpoints() const=0;
178 virtual const IEndpoint* getDefaultEndpoint() const=0;
179 virtual const IEndpoint* getEndpointByIndex(unsigned short index) const=0;
180 virtual const IEndpoint* getEndpointByBinding(const XMLCh* binding) const=0;
181 virtual ~IEndpointManager() {}
184 struct SHIB_EXPORTS IEntityDescriptor;
185 struct SHIB_EXPORTS IRoleDescriptor
187 virtual const IEntityDescriptor* getEntityDescriptor() const=0;
188 virtual saml::Iterator<const XMLCh*> getProtocolSupportEnumeration() const=0;
189 virtual bool hasSupport(const XMLCh* protocol) const=0;
190 virtual const char* getErrorURL() const=0;
191 virtual saml::Iterator<const IKeyDescriptor*> getKeyDescriptors() const=0;
192 virtual const IOrganization* getOrganization() const=0;
193 virtual saml::Iterator<const IContactPerson*> getContactPersons() const=0;
194 virtual const DOMElement* getElement() const=0;
195 virtual ~IRoleDescriptor() {}
198 struct SHIB_EXPORTS ISSODescriptor : public virtual IRoleDescriptor
200 virtual const IEndpointManager* getArtifactResolutionServiceManager() const=0;
201 virtual const IEndpointManager* getSingleLogoutServiceManager() const=0;
202 virtual const IEndpointManager* getManageNameIDServiceManager() const=0;
203 virtual saml::Iterator<const XMLCh*> getNameIDFormats() const=0;
204 virtual ~ISSODescriptor() {}
207 struct SHIB_EXPORTS IIDPSSODescriptor : public virtual ISSODescriptor
209 virtual bool getWantAuthnRequestsSigned() const=0;
210 virtual const IEndpointManager* getSingleSignOnServiceManager() const=0;
211 virtual const IEndpointManager* getNameIDMappingServiceManager() const=0;
212 virtual const IEndpointManager* getAssertionIDRequestServiceManager() const=0;
213 virtual saml::Iterator<const XMLCh*> getAttributeProfiles() const=0;
214 virtual saml::Iterator<const saml::SAMLAttribute*> getAttributes() const=0;
215 virtual ~IIDPSSODescriptor() {}
218 struct SHIB_EXPORTS IAttributeConsumingService
220 virtual const XMLCh* getName(const char* lang="en") const=0;
221 virtual const XMLCh* getDescription(const char* lang="en") const=0;
222 virtual saml::Iterator<std::pair<const saml::SAMLAttribute*,bool> > getRequestedAttributes() const=0;
223 virtual ~IAttributeConsumingService() {}
226 struct SHIB_EXPORTS ISPSSODescriptor : public virtual ISSODescriptor
228 virtual bool getAuthnRequestsSigned() const=0;
229 virtual bool getWantAssertionsSigned() const=0;
230 virtual const IEndpointManager* getAssertionConsumerServiceManager() const=0;
231 virtual saml::Iterator<const IAttributeConsumingService*> getAttributeConsumingServices() const=0;
232 virtual const IAttributeConsumingService* getDefaultAttributeConsumingService() const=0;
233 virtual const IAttributeConsumingService* getAttributeConsumingServiceByID(const XMLCh* id) const=0;
234 virtual ~ISPSSODescriptor() {}
237 struct SHIB_EXPORTS IAuthnAuthorityDescriptor : public virtual IRoleDescriptor
239 virtual const IEndpointManager* getAuthnQueryServiceManager() const=0;
240 virtual const IEndpointManager* getAssertionIDRequestServiceManager() const=0;
241 virtual saml::Iterator<const XMLCh*> getNameIDFormats() const=0;
242 virtual ~IAuthnAuthorityDescriptor() {}
245 struct SHIB_EXPORTS IPDPDescriptor : public virtual IRoleDescriptor
247 virtual const IEndpointManager* getAuthzServiceManager() const=0;
248 virtual const IEndpointManager* getAssertionIDRequestServiceManager() const=0;
249 virtual saml::Iterator<const XMLCh*> getNameIDFormats() const=0;
250 virtual ~IPDPDescriptor() {}
253 struct SHIB_EXPORTS IAttributeAuthorityDescriptor : public virtual IRoleDescriptor
255 virtual const IEndpointManager* getAttributeServices() const=0;
256 virtual const IEndpointManager* getAssertionIDRequestServiceManager() const=0;
257 virtual saml::Iterator<const XMLCh*> getNameIDFormats() const=0;
258 virtual saml::Iterator<const XMLCh*> getAttributeProfiles() const=0;
259 virtual saml::Iterator<const saml::SAMLAttribute*> getAttributes() const=0;
260 virtual ~IAttributeAuthorityDescriptor() {}
263 struct SHIB_EXPORTS IAffiliationDescriptor
265 virtual const IEntityDescriptor* getEntityDescriptor() const=0;
266 virtual const XMLCh* getOwnerID() const=0;
267 virtual saml::Iterator<const XMLCh*> getMembers() const=0;
268 virtual bool isMember(const XMLCh* id) const=0;
269 virtual saml::Iterator<const IKeyDescriptor*> getKeyDescriptors() const=0;
270 virtual const DOMElement* getElement() const=0;
271 virtual ~IAffiliationDescriptor() {}
274 struct SHIB_EXPORTS IEntitiesDescriptor;
275 struct SHIB_EXPORTS IEntityDescriptor
277 virtual const XMLCh* getId() const=0;
278 virtual saml::Iterator<const IRoleDescriptor*> getRoleDescriptors() const=0;
279 virtual const IIDPSSODescriptor* getIDPSSODescriptor(const XMLCh* protocol) const=0;
280 virtual const ISPSSODescriptor* getSPSSODescriptor(const XMLCh* protocol) const=0;
281 virtual const IAuthnAuthorityDescriptor* getAuthnAuthorityDescriptor(const XMLCh* protocol) const=0;
282 virtual const IAttributeAuthorityDescriptor* getAttributeAuthorityDescriptor(const XMLCh* protocol) const=0;
283 virtual const IPDPDescriptor* getPDPDescriptor(const XMLCh* protocol) const=0;
284 virtual const IAffiliationDescriptor* getAffiliationDescriptor() const=0;
285 virtual const IOrganization* getOrganization() const=0;
286 virtual saml::Iterator<const IContactPerson*> getContactPersons() const=0;
287 virtual saml::Iterator<std::pair<const XMLCh*,const XMLCh*> > getAdditionalMetadataLocations() const=0;
288 virtual const IEntitiesDescriptor* getEntitiesDescriptor() const=0;
289 virtual const DOMElement* getElement() const=0;
290 virtual ~IEntityDescriptor() {}
293 struct SHIB_EXPORTS IEntitiesDescriptor
295 virtual const XMLCh* getName() const=0;
296 virtual const IEntitiesDescriptor* getEntitiesDescriptor() const=0;
297 virtual saml::Iterator<const IEntitiesDescriptor*> getEntitiesDescriptors() const=0;
298 virtual saml::Iterator<const IEntityDescriptor*> getEntityDescriptors() const=0;
299 virtual const DOMElement* getElement() const=0;
300 virtual ~IEntitiesDescriptor() {}
303 // Supports Shib role extension describing attribute scoping rules
304 struct SHIB_EXPORTS IScopedRoleDescriptor : public virtual IRoleDescriptor
306 virtual saml::Iterator<std::pair<const XMLCh*,bool> > getScopes() const=0;
307 virtual ~IScopedRoleDescriptor() {}
310 struct SHIB_EXPORTS IMetadata : public virtual ILockable, public virtual IPlugIn
312 virtual const IEntityDescriptor* lookup(const XMLCh* id) const=0;
313 virtual ~IMetadata() {}
316 struct SHIB_EXPORTS IRevocation : public virtual ILockable, public virtual IPlugIn
318 virtual saml::Iterator<void*> getRevocationLists(const IEntityDescriptor* provider, const IRoleDescriptor* role=NULL) const=0;
319 virtual ~IRevocation() {}
322 // Trust interface hides *all* details of signature and SSL validation.
323 // Pluggable providers can fully override the Shibboleth trust model here.
325 struct SHIB_EXPORTS ITrust : public virtual IPlugIn
327 virtual bool validate(
328 const saml::Iterator<IRevocation*>& revocations,
329 const IRoleDescriptor* role, const saml::SAMLSignedObject& token,
330 const saml::Iterator<IMetadata*>& metadatas=EMPTY(IMetadata*)
332 virtual bool attach(const saml::Iterator<IRevocation*>& revocations, const IRoleDescriptor* role, void* ctx)=0;
336 // Credentials interface abstracts access to "owned" keys and certificates.
338 struct SHIB_EXPORTS ICredResolver : public virtual IPlugIn
340 virtual void attach(void* ctx) const=0;
341 virtual XSECCryptoKey* getKey() const=0;
342 virtual saml::Iterator<XSECCryptoX509*> getCertificates() const=0;
343 virtual void dump(FILE* f) const=0;
344 virtual void dump() const { dump(stdout); }
345 virtual ~ICredResolver() {}
348 struct SHIB_EXPORTS ICredentials : public virtual ILockable, public virtual IPlugIn
350 virtual const ICredResolver* lookup(const char* id) const=0;
351 virtual ~ICredentials() {}
354 // Attribute acceptance processing interfaces, applied to incoming attributes.
356 struct SHIB_EXPORTS IAttributeRule
358 virtual const XMLCh* getName() const=0;
359 virtual const XMLCh* getNamespace() const=0;
360 virtual const char* getFactory() const=0;
361 virtual const char* getAlias() const=0;
362 virtual const char* getHeader() const=0;
363 virtual bool getCaseSensitive() const=0;
364 virtual void apply(saml::SAMLAttribute& attribute, const IRoleDescriptor* role=NULL) const=0;
365 virtual ~IAttributeRule() {}
368 struct SHIB_EXPORTS IAAP : public virtual ILockable, public virtual IPlugIn
370 virtual bool anyAttribute() const=0;
371 virtual const IAttributeRule* lookup(const XMLCh* attrName, const XMLCh* attrNamespace=NULL) const=0;
372 virtual const IAttributeRule* lookup(const char* alias) const=0;
373 virtual saml::Iterator<const IAttributeRule*> getAttributeRules() const=0;
377 #ifdef SHIB_INSTANTIATE
378 template class SHIB_EXPORTS saml::Iterator<const IContactPerson*>;
379 template class SHIB_EXPORTS saml::Iterator<const XENCEncryptionMethod*>;
380 template class SHIB_EXPORTS saml::Iterator<const IKeyDescriptor*>;
381 template class SHIB_EXPORTS saml::Iterator<const IAttributeConsumingService*>;
382 template class SHIB_EXPORTS saml::Iterator<const IRoleDescriptor*>;
383 template class SHIB_EXPORTS saml::Iterator<const IEntityDescriptor*>;
384 template class SHIB_EXPORTS saml::Iterator<const IEntitiesDescriptor*>;
385 template class SHIB_EXPORTS saml::Iterator<const IEndpoint*>;
386 template class SHIB_EXPORTS saml::Iterator<const IAttributeRule*>;
387 template class SHIB_EXPORTS saml::Iterator<IMetadata*>;
388 template class SHIB_EXPORTS saml::ArrayIterator<IMetadata*>;
389 template class SHIB_EXPORTS saml::Iterator<ITrust*>;
390 template class SHIB_EXPORTS saml::ArrayIterator<ITrust*>;
391 template class SHIB_EXPORTS saml::Iterator<IRevocation*>;
392 template class SHIB_EXPORTS saml::ArrayIterator<IRevocation*>;
393 template class SHIB_EXPORTS saml::Iterator<ICredentials*>;
394 template class SHIB_EXPORTS saml::ArrayIterator<ICredentials*>;
395 template class SHIB_EXPORTS saml::Iterator<IAAP*>;
396 template class SHIB_EXPORTS saml::ArrayIterator<IAAP*>;
399 struct SHIB_EXPORTS Constants
401 static const XMLCh SHIB_ATTRIBUTE_NAMESPACE_URI[];
402 static const XMLCh SHIB_NAMEID_FORMAT_URI[];
403 static const XMLCh SHIB_NS[];
404 static const XMLCh InvalidHandle[];
407 // Glue classes between abstract metadata and concrete providers
409 class SHIB_EXPORTS Locker
412 Locker(ILockable* lockee) : m_lockee(lockee) {m_lockee->lock();}
413 ~Locker() {if (m_lockee) m_lockee->unlock();}
416 Locker(const Locker&);
417 void operator=(const Locker&);
421 class SHIB_EXPORTS Metadata
424 Metadata(const saml::Iterator<IMetadata*>& metadatas) : m_metadatas(metadatas), m_mapper(NULL) {}
427 const IEntityDescriptor* lookup(const XMLCh* providerId);
430 Metadata(const Metadata&);
431 void operator=(const Metadata&);
433 const saml::Iterator<IMetadata*>& m_metadatas;
436 class SHIB_EXPORTS Revocation
439 Revocation(const saml::Iterator<IRevocation*>& revocations) : m_revocations(revocations), m_mapper(NULL) {}
442 saml::Iterator<void*> getRevocationLists(const IEntityDescriptor* provider, const IRoleDescriptor* role=NULL);
445 Revocation(const Revocation&);
446 void operator=(const Revocation&);
447 IRevocation* m_mapper;
448 const saml::Iterator<IRevocation*>& m_revocations;
451 class SHIB_EXPORTS Trust
454 Trust(const saml::Iterator<ITrust*>& trusts) : m_trusts(trusts) {}
458 const saml::Iterator<IRevocation*>& revocations,
459 const IRoleDescriptor* role, const saml::SAMLSignedObject& token,
460 const saml::Iterator<IMetadata*>& metadatas=EMPTY(IMetadata*)
462 bool attach(const saml::Iterator<IRevocation*>& revocations, const IRoleDescriptor* role, void* ctx) const;
466 void operator=(const Trust&);
467 const saml::Iterator<ITrust*>& m_trusts;
470 class SHIB_EXPORTS Credentials
473 Credentials(const saml::Iterator<ICredentials*>& creds) : m_creds(creds), m_mapper(NULL) {}
476 const ICredResolver* lookup(const char* id);
479 Credentials(const Credentials&);
480 void operator=(const Credentials&);
481 ICredentials* m_mapper;
482 const saml::Iterator<ICredentials*>& m_creds;
485 class SHIB_EXPORTS AAP
488 AAP(const saml::Iterator<IAAP*>& aaps, const XMLCh* attrName, const XMLCh* attrNamespace=NULL);
489 AAP(const saml::Iterator<IAAP*>& aaps, const char* alias);
491 bool fail() const {return m_mapper==NULL;}
492 const IAttributeRule* operator->() const {return m_rule;}
493 operator const IAttributeRule*() const {return m_rule;}
495 static void apply(const saml::Iterator<IAAP*>& aaps, saml::SAMLAssertion& assertion, const IRoleDescriptor* role=NULL);
499 void operator=(const AAP&);
501 const IAttributeRule* m_rule;
504 // Wrapper classes around the POST profile and SAML binding
506 class SHIB_EXPORTS ShibPOSTProfile
510 const saml::Iterator<IMetadata*>& metadatas=EMPTY(IMetadata*),
511 const saml::Iterator<IRevocation*>& revocations=EMPTY(IRevocation*),
512 const saml::Iterator<ITrust*>& trusts=EMPTY(ITrust*),
513 const saml::Iterator<ICredentials*>& creds=EMPTY(ICredentials*)
515 virtual ~ShibPOSTProfile() {}
517 virtual const saml::SAMLAssertion* getSSOAssertion(
518 const saml::SAMLResponse& r, const saml::Iterator<const XMLCh*>& audiences=EMPTY(const XMLCh*)
520 virtual const saml::SAMLAuthenticationStatement* getSSOStatement(const saml::SAMLAssertion& a);
521 virtual saml::SAMLResponse* accept(
523 const XMLCh* recipient,
525 const saml::Iterator<const XMLCh*>& audiences=EMPTY(const XMLCh*),
526 XMLCh** pproviderId=NULL
528 virtual saml::SAMLResponse* prepare(
529 const IIDPSSODescriptor* role,
530 const char* credResolverId,
531 const XMLCh* recipient,
532 const XMLCh* authMethod,
535 const XMLCh* format=Constants::SHIB_NAMEID_FORMAT_URI,
536 const XMLCh* nameQualifier=NULL,
537 const XMLCh* subjectIP=NULL,
538 const saml::Iterator<const XMLCh*>& audiences=EMPTY(const XMLCh*),
539 const saml::Iterator<saml::SAMLAuthorityBinding*>& bindings=EMPTY(saml::SAMLAuthorityBinding*)
541 virtual bool checkReplayCache(const saml::SAMLAssertion& a);
542 virtual const XMLCh* getProviderId(const saml::SAMLResponse& r);
545 const saml::Iterator<IMetadata*>& m_metadatas;
546 const saml::Iterator<IRevocation*>& m_revocations;
547 const saml::Iterator<ITrust*>& m_trusts;
548 const saml::Iterator<ICredentials*>& m_creds;
551 class SHIB_EXPORTS ShibBinding
555 const saml::Iterator<IRevocation*>& revocations,
556 const saml::Iterator<ITrust*>& trusts,
557 const saml::Iterator<ICredentials*>& creds
558 ) : m_revocations(revocations), m_trusts(trusts), m_creds(creds),
559 m_credResolverId(NULL), m_AA(NULL), m_binding(NULL) {}
560 virtual ~ShibBinding() {delete m_binding;}
562 saml::SAMLResponse* send(
563 saml::SAMLRequest& req,
564 const IRoleDescriptor* AA,
565 const char* credResolverId=NULL,
566 const saml::Iterator<const XMLCh*>& audiences=EMPTY(const XMLCh*),
567 const saml::Iterator<saml::SAMLAuthorityBinding*>& bindings=EMPTY(saml::SAMLAuthorityBinding*),
568 saml::SAMLConfig::SAMLBindingConfig& conf=saml::SAMLConfig::getConfig().binding_defaults
572 friend bool ssl_ctx_callback(void* ssl_ctx, void* userptr);
573 const saml::Iterator<IRevocation*>& m_revocations;
574 const saml::Iterator<ITrust*>& m_trusts;
575 const saml::Iterator<ICredentials*>& m_creds;
576 const char* m_credResolverId;
577 const IRoleDescriptor* m_AA;
578 saml::SAMLBinding* m_binding;
581 class SHIB_EXPORTS ShibConfig
585 virtual ~ShibConfig() {}
587 // global per-process setup and shutdown of Shibboleth runtime
591 // enables runtime and clients to access configuration
592 static ShibConfig& getConfig();
594 // allows pluggable implementations of metadata and configuration data
595 PlugManager m_plugMgr;
598 /* Helper classes for implementing reloadable XML-based config files
599 The ILockable interface will usually be inherited twice, once as
600 part of the external interface to clients and once as an implementation
601 detail of the reloading class below.
604 class SHIB_EXPORTS ReloadableXMLFileImpl
607 ReloadableXMLFileImpl(const char* pathname);
608 ReloadableXMLFileImpl(const DOMElement* pathname);
609 virtual ~ReloadableXMLFileImpl();
613 const DOMElement* m_root;
616 class SHIB_EXPORTS ReloadableXMLFile : protected virtual ILockable
619 ReloadableXMLFile(const DOMElement* e);
620 ~ReloadableXMLFile() { delete m_lock; delete m_impl; }
623 virtual void unlock() { if (m_lock) m_lock->unlock(); }
625 ReloadableXMLFileImpl* getImplementation() const;
628 virtual ReloadableXMLFileImpl* newImplementation(const char* pathname, bool first=true) const=0;
629 virtual ReloadableXMLFileImpl* newImplementation(const DOMElement* e, bool first=true) const=0;
630 mutable ReloadableXMLFileImpl* m_impl;
633 const DOMElement* m_root;
634 std::string m_source;