2 * The Shibboleth License, Version 1.
4 * University Corporation for Advanced Internet Development, Inc.
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions are met:
11 * Redistributions of source code must retain the above copyright notice, this
12 * list of conditions and the following disclaimer.
14 * Redistributions in binary form must reproduce the above copyright notice,
15 * this list of conditions and the following disclaimer in the documentation
16 * and/or other materials provided with the distribution, if any, must include
17 * the following acknowledgment: "This product includes software developed by
18 * the University Corporation for Advanced Internet Development
19 * <http://www.ucaid.edu>Internet2 Project. Alternately, this acknowledegement
20 * may appear in the software itself, if and wherever such third-party
21 * acknowledgments normally appear.
23 * Neither the name of Shibboleth nor the names of its contributors, nor
24 * Internet2, nor the University Corporation for Advanced Internet Development,
25 * Inc., nor UCAID may be used to endorse or promote products derived from this
26 * software without specific prior written permission. For written permission,
27 * please contact shibboleth@shibboleth.org
29 * Products derived from this software may not be called Shibboleth, Internet2,
30 * UCAID, or the University Corporation for Advanced Internet Development, nor
31 * may Shibboleth appear in their name, without prior written permission of the
32 * University Corporation for Advanced Internet Development.
35 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
36 * AND WITH ALL FAULTS. ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
37 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A
38 * PARTICULAR PURPOSE, AND NON-INFRINGEMENT ARE DISCLAIMED AND THE ENTIRE RISK
39 * OF SATISFACTORY QUALITY, PERFORMANCE, ACCURACY, AND EFFORT IS WITH LICENSEE.
40 * IN NO EVENT SHALL THE COPYRIGHT OWNER, CONTRIBUTORS OR THE UNIVERSITY
41 * CORPORATION FOR ADVANCED INTERNET DEVELOPMENT, INC. BE LIABLE FOR ANY DIRECT,
42 * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
43 * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
44 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
45 * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
46 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
47 * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
51 /* shib.h - Shibboleth header file
62 #include <saml/saml.h>
63 #include <shib/shib-threads.h>
64 #include <xsec/xenc/XENCEncryptionMethod.hpp>
68 # define SHIB_EXPORTS __declspec(dllimport)
76 DECLARE_SAML_EXCEPTION(SHIB_EXPORTS,ResourceAccessException,SAMLException);
77 DECLARE_SAML_EXCEPTION(SHIB_EXPORTS,MetadataException,SAMLException);
78 DECLARE_SAML_EXCEPTION(SHIB_EXPORTS,CredentialException,SAMLException);
79 DECLARE_SAML_EXCEPTION(SHIB_EXPORTS,InvalidHandleException,RetryableProfileException);
80 DECLARE_SAML_EXCEPTION(SHIB_EXPORTS,InvalidSessionException,RetryableProfileException);
82 // Metadata abstract interfaces, based on SAML 2.0
84 struct SHIB_EXPORTS IContactPerson
86 enum ContactType { technical, support, administrative, billing, other };
87 virtual ContactType getType() const=0;
88 virtual const char* getCompany() const=0;
89 virtual const char* getGivenName() const=0;
90 virtual const char* getSurName() const=0;
91 virtual saml::Iterator<std::string> getEmailAddresses() const=0;
92 virtual saml::Iterator<std::string> getTelephoneNumbers() const=0;
93 virtual const DOMElement* getElement() const=0;
94 virtual ~IContactPerson() {}
97 struct SHIB_EXPORTS IOrganization
99 virtual const char* getName(const char* lang="en") const=0;
100 virtual const char* getDisplayName(const char* lang="en") const=0;
101 virtual const char* getURL(const char* lang="en") const=0;
102 virtual const DOMElement* getElement() const=0;
103 virtual ~IOrganization() {}
106 struct SHIB_EXPORTS IKeyDescriptor
108 enum KeyUse { unspecified, encryption, signing };
109 virtual KeyUse getUse() const=0;
110 virtual DSIGKeyInfoList* getKeyInfo() const=0;
111 virtual saml::Iterator<const XENCEncryptionMethod*> getEncryptionMethods() const=0;
112 virtual ~IKeyDescriptor() {}
115 struct SHIB_EXPORTS IEndpoint
117 virtual const XMLCh* getBinding() const=0;
118 virtual const XMLCh* getLocation() const=0;
119 virtual const XMLCh* getResponseLocation() const=0;
120 virtual const DOMElement* getElement() const=0;
121 virtual ~IEndpoint() {}
124 struct SHIB_EXPORTS IIndexedEndpoint : public virtual IEndpoint
126 virtual unsigned short getIndex() const=0;
127 virtual ~IIndexedEndpoint() {}
130 struct SHIB_EXPORTS IEndpointManager
132 virtual saml::Iterator<const IEndpoint*> getEndpoints() const=0;
133 virtual const IEndpoint* getDefaultEndpoint() const=0;
134 virtual const IEndpoint* getEndpointByIndex(unsigned short index) const=0;
135 virtual const IEndpoint* getEndpointByBinding(const XMLCh* binding) const=0;
136 virtual ~IEndpointManager() {}
139 struct SHIB_EXPORTS IEntityDescriptor;
140 struct SHIB_EXPORTS IRoleDescriptor
142 virtual const IEntityDescriptor* getEntityDescriptor() const=0;
143 virtual saml::Iterator<const XMLCh*> getProtocolSupportEnumeration() const=0;
144 virtual bool hasSupport(const XMLCh* protocol) const=0;
145 virtual bool isValid() const=0;
146 virtual const char* getErrorURL() const=0;
147 virtual saml::Iterator<const IKeyDescriptor*> getKeyDescriptors() const=0;
148 virtual const IOrganization* getOrganization() const=0;
149 virtual saml::Iterator<const IContactPerson*> getContactPersons() const=0;
150 virtual const DOMElement* getElement() const=0;
151 virtual ~IRoleDescriptor() {}
154 struct SHIB_EXPORTS ISSODescriptor : public virtual IRoleDescriptor
156 virtual const IEndpointManager* getArtifactResolutionServiceManager() const=0;
157 virtual const IEndpointManager* getSingleLogoutServiceManager() const=0;
158 virtual const IEndpointManager* getManageNameIDServiceManager() const=0;
159 virtual saml::Iterator<const XMLCh*> getNameIDFormats() const=0;
160 virtual ~ISSODescriptor() {}
163 struct SHIB_EXPORTS IIDPSSODescriptor : public virtual ISSODescriptor
165 virtual bool getWantAuthnRequestsSigned() const=0;
166 virtual const IEndpointManager* getSingleSignOnServiceManager() const=0;
167 virtual const IEndpointManager* getNameIDMappingServiceManager() const=0;
168 virtual const IEndpointManager* getAssertionIDRequestServiceManager() const=0;
169 virtual saml::Iterator<const XMLCh*> getAttributeProfiles() const=0;
170 virtual saml::Iterator<const saml::SAMLAttribute*> getAttributes() const=0;
171 virtual ~IIDPSSODescriptor() {}
174 struct SHIB_EXPORTS IAttributeConsumingService
176 virtual const XMLCh* getName(const char* lang="en") const=0;
177 virtual const XMLCh* getDescription(const char* lang="en") const=0;
178 virtual saml::Iterator<std::pair<const saml::SAMLAttribute*,bool> > getRequestedAttributes() const=0;
179 virtual ~IAttributeConsumingService() {}
182 struct SHIB_EXPORTS ISPSSODescriptor : public virtual ISSODescriptor
184 virtual bool getAuthnRequestsSigned() const=0;
185 virtual bool getWantAssertionsSigned() const=0;
186 virtual const IEndpointManager* getAssertionConsumerServiceManager() const=0;
187 virtual saml::Iterator<const IAttributeConsumingService*> getAttributeConsumingServices() const=0;
188 virtual const IAttributeConsumingService* getDefaultAttributeConsumingService() const=0;
189 virtual const IAttributeConsumingService* getAttributeConsumingServiceByID(const XMLCh* id) const=0;
190 virtual ~ISPSSODescriptor() {}
193 struct SHIB_EXPORTS IAuthnAuthorityDescriptor : public virtual IRoleDescriptor
195 virtual const IEndpointManager* getAuthnQueryServiceManager() const=0;
196 virtual const IEndpointManager* getAssertionIDRequestServiceManager() const=0;
197 virtual saml::Iterator<const XMLCh*> getNameIDFormats() const=0;
198 virtual ~IAuthnAuthorityDescriptor() {}
201 struct SHIB_EXPORTS IPDPDescriptor : public virtual IRoleDescriptor
203 virtual const IEndpointManager* getAuthzServiceManager() const=0;
204 virtual const IEndpointManager* getAssertionIDRequestServiceManager() const=0;
205 virtual saml::Iterator<const XMLCh*> getNameIDFormats() const=0;
206 virtual ~IPDPDescriptor() {}
209 struct SHIB_EXPORTS IAttributeAuthorityDescriptor : public virtual IRoleDescriptor
211 virtual const IEndpointManager* getAttributeServiceManager() const=0;
212 virtual const IEndpointManager* getAssertionIDRequestServiceManager() const=0;
213 virtual saml::Iterator<const XMLCh*> getNameIDFormats() const=0;
214 virtual saml::Iterator<const XMLCh*> getAttributeProfiles() const=0;
215 virtual saml::Iterator<const saml::SAMLAttribute*> getAttributes() const=0;
216 virtual ~IAttributeAuthorityDescriptor() {}
219 struct SHIB_EXPORTS IAffiliationDescriptor
221 virtual const IEntityDescriptor* getEntityDescriptor() const=0;
222 virtual const XMLCh* getOwnerID() const=0;
223 virtual bool isValid() const=0;
224 virtual saml::Iterator<const XMLCh*> getMembers() const=0;
225 virtual bool isMember(const XMLCh* id) const=0;
226 virtual saml::Iterator<const IKeyDescriptor*> getKeyDescriptors() const=0;
227 virtual const DOMElement* getElement() const=0;
228 virtual ~IAffiliationDescriptor() {}
231 struct SHIB_EXPORTS IEntitiesDescriptor;
232 struct SHIB_EXPORTS IEntityDescriptor
234 virtual const XMLCh* getId() const=0;
235 virtual bool isValid() const=0;
236 virtual saml::Iterator<const IRoleDescriptor*> getRoleDescriptors() const=0;
237 virtual const IIDPSSODescriptor* getIDPSSODescriptor(const XMLCh* protocol) const=0;
238 virtual const ISPSSODescriptor* getSPSSODescriptor(const XMLCh* protocol) const=0;
239 virtual const IAuthnAuthorityDescriptor* getAuthnAuthorityDescriptor(const XMLCh* protocol) const=0;
240 virtual const IAttributeAuthorityDescriptor* getAttributeAuthorityDescriptor(const XMLCh* protocol) const=0;
241 virtual const IPDPDescriptor* getPDPDescriptor(const XMLCh* protocol) const=0;
242 virtual const IAffiliationDescriptor* getAffiliationDescriptor() const=0;
243 virtual const IOrganization* getOrganization() const=0;
244 virtual saml::Iterator<const IContactPerson*> getContactPersons() const=0;
245 virtual saml::Iterator<std::pair<const XMLCh*,const XMLCh*> > getAdditionalMetadataLocations() const=0;
246 virtual const IEntitiesDescriptor* getEntitiesDescriptor() const=0;
247 virtual const DOMElement* getElement() const=0;
248 virtual ~IEntityDescriptor() {}
251 struct SHIB_EXPORTS IEntitiesDescriptor
253 virtual const XMLCh* getName() const=0;
254 virtual bool isValid() const=0;
255 virtual const IEntitiesDescriptor* getEntitiesDescriptor() const=0;
256 virtual saml::Iterator<const IEntitiesDescriptor*> getEntitiesDescriptors() const=0;
257 virtual saml::Iterator<const IEntityDescriptor*> getEntityDescriptors() const=0;
258 virtual const DOMElement* getElement() const=0;
259 virtual ~IEntitiesDescriptor() {}
262 // Supports Shib role extension describing attribute scoping rules
263 struct SHIB_EXPORTS IScopedRoleDescriptor : public virtual IRoleDescriptor
265 virtual saml::Iterator<std::pair<const XMLCh*,bool> > getScopes() const=0;
266 virtual ~IScopedRoleDescriptor() {}
269 // Shib extension interfaces to key authority data
270 struct SHIB_EXPORTS IKeyAuthority
272 virtual int getVerifyDepth() const=0;
273 virtual saml::Iterator<DSIGKeyInfoList*> getKeyInfos() const=0;
274 virtual ~IKeyAuthority() {}
277 struct SHIB_EXPORTS IExtendedEntityDescriptor : public virtual IEntityDescriptor
279 virtual saml::Iterator<const IKeyAuthority*> getKeyAuthorities() const=0;
280 virtual ~IExtendedEntityDescriptor() {}
283 struct SHIB_EXPORTS IExtendedEntitiesDescriptor : public virtual IEntitiesDescriptor
285 virtual saml::Iterator<const IKeyAuthority*> getKeyAuthorities() const=0;
286 virtual ~IExtendedEntitiesDescriptor() {}
289 struct SHIB_EXPORTS IMetadata : public virtual saml::ILockable, public virtual saml::IPlugIn
291 virtual const IEntityDescriptor* lookup(const char* id, bool strict=true) const=0;
292 virtual const IEntityDescriptor* lookup(const XMLCh* id, bool strict=true) const=0;
293 virtual const IEntityDescriptor* lookup(const saml::SAMLArtifact* artifact) const=0;
294 virtual std::pair<const IEntitiesDescriptor*,const IEntityDescriptor*> getRoot() const=0;
295 virtual ~IMetadata() {}
298 struct SHIB_EXPORTS IRevocation : public virtual saml::ILockable, public virtual saml::IPlugIn
300 virtual saml::Iterator<void*> getRevocationLists(const IEntityDescriptor* provider, const IRoleDescriptor* role=NULL) const=0;
301 virtual ~IRevocation() {}
304 // Trust interface hides *all* details of signature and SSL validation.
305 // Pluggable providers can fully override the Shibboleth trust model here.
307 struct SHIB_EXPORTS ITrust : public virtual saml::IPlugIn
309 virtual bool validate(
310 const saml::Iterator<IRevocation*>& revocations,
311 const IRoleDescriptor* role, const saml::SAMLSignedObject& token,
312 const saml::Iterator<IMetadata*>& metadatas=EMPTY(IMetadata*)
314 virtual bool attach(const saml::Iterator<IRevocation*>& revocations, const IRoleDescriptor* role, void* ctx)=0;
318 // Credentials interface abstracts access to "owned" keys and certificates.
320 struct SHIB_EXPORTS ICredResolver : public virtual saml::IPlugIn
322 virtual void attach(void* ctx) const=0;
323 virtual XSECCryptoKey* getKey() const=0;
324 virtual saml::Iterator<XSECCryptoX509*> getCertificates() const=0;
325 virtual void dump(FILE* f) const=0;
326 virtual void dump() const { dump(stdout); }
327 virtual ~ICredResolver() {}
330 struct SHIB_EXPORTS ICredentials : public virtual saml::ILockable, public virtual saml::IPlugIn
332 virtual const ICredResolver* lookup(const char* id) const=0;
333 virtual ~ICredentials() {}
336 // Attribute acceptance processing interfaces, applied to incoming attributes.
338 struct SHIB_EXPORTS IAttributeRule
340 virtual const XMLCh* getName() const=0;
341 virtual const XMLCh* getNamespace() const=0;
342 virtual const char* getFactory() const=0;
343 virtual const char* getAlias() const=0;
344 virtual const char* getHeader() const=0;
345 virtual bool getCaseSensitive() const=0;
346 virtual void apply(saml::SAMLAttribute& attribute, const IRoleDescriptor* role=NULL) const=0;
347 virtual ~IAttributeRule() {}
350 struct SHIB_EXPORTS IAAP : public virtual saml::ILockable, public virtual saml::IPlugIn
352 virtual bool anyAttribute() const=0;
353 virtual const IAttributeRule* lookup(const XMLCh* attrName, const XMLCh* attrNamespace=NULL) const=0;
354 virtual const IAttributeRule* lookup(const char* alias) const=0;
355 virtual saml::Iterator<const IAttributeRule*> getAttributeRules() const=0;
359 #ifdef SHIB_INSTANTIATE
360 template class SHIB_EXPORTS saml::Iterator<const IContactPerson*>;
361 template class SHIB_EXPORTS saml::Iterator<const XENCEncryptionMethod*>;
362 template class SHIB_EXPORTS saml::Iterator<const IKeyDescriptor*>;
363 template class SHIB_EXPORTS saml::Iterator<const IAttributeConsumingService*>;
364 template class SHIB_EXPORTS saml::Iterator<const IRoleDescriptor*>;
365 template class SHIB_EXPORTS saml::Iterator<const IEntityDescriptor*>;
366 template class SHIB_EXPORTS saml::Iterator<const IEntitiesDescriptor*>;
367 template class SHIB_EXPORTS saml::Iterator<const IEndpoint*>;
368 template class SHIB_EXPORTS saml::Iterator<const IAttributeRule*>;
369 template class SHIB_EXPORTS saml::Iterator<const IKeyAuthority*>;
370 template class SHIB_EXPORTS saml::Iterator<DSIGKeyInfoList*>;
371 template class SHIB_EXPORTS saml::Iterator<IMetadata*>;
372 template class SHIB_EXPORTS saml::ArrayIterator<IMetadata*>;
373 template class SHIB_EXPORTS saml::Iterator<ITrust*>;
374 template class SHIB_EXPORTS saml::ArrayIterator<ITrust*>;
375 template class SHIB_EXPORTS saml::Iterator<IRevocation*>;
376 template class SHIB_EXPORTS saml::ArrayIterator<IRevocation*>;
377 template class SHIB_EXPORTS saml::Iterator<ICredentials*>;
378 template class SHIB_EXPORTS saml::ArrayIterator<ICredentials*>;
379 template class SHIB_EXPORTS saml::Iterator<IAAP*>;
380 template class SHIB_EXPORTS saml::ArrayIterator<IAAP*>;
383 struct SHIB_EXPORTS Constants
385 static const XMLCh SHIB_ATTRIBUTE_NAMESPACE_URI[];
386 static const XMLCh SHIB_NAMEID_FORMAT_URI[];
387 static const XMLCh SHIB_AUTHNREQUEST_PROFILE_URI[];
388 static const XMLCh SHIB_LEGACY_AUTHNREQUEST_PROFILE_URI[];
389 static const XMLCh SHIB_SESSIONINIT_PROFILE_URI[];
390 static const XMLCh SHIB_LOGOUT_PROFILE_URI[];
391 static const XMLCh SHIB_NS[];
392 static const XMLCh InvalidHandle[];
395 // Glue classes between abstract metadata and concrete providers
397 class SHIB_EXPORTS Metadata
400 Metadata(const saml::Iterator<IMetadata*>& metadatas) : m_metadatas(metadatas), m_mapper(NULL) {}
403 const IEntityDescriptor* lookup(const char* id, bool strict=true);
404 const IEntityDescriptor* lookup(const XMLCh* id, bool strict=true);
405 const IEntityDescriptor* lookup(const saml::SAMLArtifact* artifact);
408 Metadata(const Metadata&);
409 void operator=(const Metadata&);
411 const saml::Iterator<IMetadata*>& m_metadatas;
414 class SHIB_EXPORTS Revocation
417 Revocation(const saml::Iterator<IRevocation*>& revocations) : m_revocations(revocations), m_mapper(NULL) {}
420 saml::Iterator<void*> getRevocationLists(const IEntityDescriptor* provider, const IRoleDescriptor* role=NULL);
423 Revocation(const Revocation&);
424 void operator=(const Revocation&);
425 IRevocation* m_mapper;
426 const saml::Iterator<IRevocation*>& m_revocations;
429 class SHIB_EXPORTS Trust
432 Trust(const saml::Iterator<ITrust*>& trusts) : m_trusts(trusts) {}
436 const saml::Iterator<IRevocation*>& revocations,
437 const IRoleDescriptor* role, const saml::SAMLSignedObject& token,
438 const saml::Iterator<IMetadata*>& metadatas=EMPTY(IMetadata*)
440 bool attach(const saml::Iterator<IRevocation*>& revocations, const IRoleDescriptor* role, void* ctx) const;
444 void operator=(const Trust&);
445 const saml::Iterator<ITrust*>& m_trusts;
448 class SHIB_EXPORTS Credentials
451 Credentials(const saml::Iterator<ICredentials*>& creds) : m_creds(creds), m_mapper(NULL) {}
454 const ICredResolver* lookup(const char* id);
457 Credentials(const Credentials&);
458 void operator=(const Credentials&);
459 ICredentials* m_mapper;
460 const saml::Iterator<ICredentials*>& m_creds;
463 class SHIB_EXPORTS AAP
466 AAP(const saml::Iterator<IAAP*>& aaps, const XMLCh* attrName, const XMLCh* attrNamespace=NULL);
467 AAP(const saml::Iterator<IAAP*>& aaps, const char* alias);
469 bool fail() const {return m_mapper==NULL;}
470 const IAttributeRule* operator->() const {return m_rule;}
471 operator const IAttributeRule*() const {return m_rule;}
473 static void apply(const saml::Iterator<IAAP*>& aaps, saml::SAMLAssertion& assertion, const IRoleDescriptor* role=NULL);
477 void operator=(const AAP&);
479 const IAttributeRule* m_rule;
482 // Subclass around the OpenSAML browser profile interface,
483 // incoporates additional functionality using Shib-defined APIs.
484 class SHIB_EXPORTS ShibBrowserProfile : virtual public saml::SAMLBrowserProfile
488 const saml::Iterator<IMetadata*>& metadatas=EMPTY(IMetadata*),
489 const saml::Iterator<IRevocation*>& revocations=EMPTY(IRevocation*),
490 const saml::Iterator<ITrust*>& trusts=EMPTY(ITrust*)
492 virtual ~ShibBrowserProfile();
494 virtual void setVersion(int major, int minor);
495 virtual saml::SAMLBrowserProfile::BrowserProfileResponse receive(
497 const XMLCh* recipient,
498 int supportedProfiles,
499 saml::IReplayCache* replayCache=NULL,
500 saml::SAMLBrowserProfile::ArtifactMapper* callback=NULL
504 saml::SAMLBrowserProfile* m_profile;
505 saml::Iterator<IMetadata*> m_metadatas;
506 saml::Iterator<IRevocation*> m_revocations;
507 saml::Iterator<ITrust*> m_trusts;
510 // Instead of wrapping the binding to deal with mutual authentication, we
511 // just use the HTTP hook functionality offered by OpenSAML. The hook will
512 // register "itself" as a globalCtx pointer with the SAML binding and the caller
513 // will declare and pass the embedded struct as callCtx for use by the hook.
514 class SHIB_EXPORTS ShibHTTPHook : virtual public saml::SAMLSOAPHTTPBinding::HTTPHook
518 const saml::Iterator<IRevocation*>& revocations,
519 const saml::Iterator<ITrust*>& trusts,
520 const saml::Iterator<ICredentials*>& creds
521 ) : m_revocations(revocations), m_trusts(trusts), m_creds(creds) {}
522 virtual ~ShibHTTPHook() {}
524 // Only hook we need here is for outgoing connection to server.
525 virtual bool outgoing(saml::HTTPClient* conn, void* globalCtx=NULL, void* callCtx=NULL);
527 // Client declares a context object and pass as callCtx to send() method.
528 class SHIB_EXPORTS ShibHTTPHookCallContext {
530 ShibHTTPHookCallContext(const char* credResolverId, const IRoleDescriptor* role)
531 : m_credResolverId(credResolverId), m_role(role), m_hook(NULL) {}
533 const char* m_credResolverId;
534 const IRoleDescriptor* m_role;
535 ShibHTTPHook* m_hook;
536 friend class ShibHTTPHook;
537 friend bool ssl_ctx_callback(void* ssl_ctx, void* userptr);
540 friend bool ssl_ctx_callback(void* ssl_ctx, void* userptr);
541 saml::Iterator<IRevocation*> m_revocations;
542 saml::Iterator<ITrust*> m_trusts;
543 saml::Iterator<ICredentials*> m_creds;
546 class SHIB_EXPORTS ShibConfig
550 virtual ~ShibConfig() {}
552 // global per-process setup and shutdown of Shibboleth runtime
556 // enables runtime and clients to access configuration
557 static ShibConfig& getConfig();
560 /* Helper classes for implementing reloadable XML-based config files
561 The ILockable interface will usually be inherited twice, once as
562 part of the external interface to clients and once as an implementation
563 detail of the reloading class below.
566 class SHIB_EXPORTS ReloadableXMLFileImpl
569 ReloadableXMLFileImpl(const char* pathname);
570 ReloadableXMLFileImpl(const DOMElement* pathname);
571 virtual ~ReloadableXMLFileImpl();
575 const DOMElement* m_root;
578 class SHIB_EXPORTS ReloadableXMLFile : protected virtual saml::ILockable
581 ReloadableXMLFile(const DOMElement* e);
582 ~ReloadableXMLFile() { delete m_lock; delete m_impl; }
585 virtual void unlock() { if (m_lock) m_lock->unlock(); }
587 ReloadableXMLFileImpl* getImplementation() const;
590 virtual ReloadableXMLFileImpl* newImplementation(const char* pathname, bool first=true) const=0;
591 virtual ReloadableXMLFileImpl* newImplementation(const DOMElement* e, bool first=true) const=0;
592 mutable ReloadableXMLFileImpl* m_impl;
595 const DOMElement* m_root;
596 std::string m_source;
601 /* These helpers attach metadata-derived information as exception properties and then
602 * rethrow the object. The following properties are attached, when possible:
604 * providerId The unique ID of the entity
605 * errorURL The error support URL of the entity or role
606 * contactName A formatted support or technical contact name
607 * contactEmail A contact email address
609 SHIB_EXPORTS void annotateException(saml::SAMLException& e, const IEntityDescriptor* entity, bool rethrow=true);
610 SHIB_EXPORTS void annotateException(saml::SAMLException& e, const IRoleDescriptor* role, bool rethrow=true);