2 * The Shibboleth License, Version 1.
4 * University Corporation for Advanced Internet Development, Inc.
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions are met:
11 * Redistributions of source code must retain the above copyright notice, this
12 * list of conditions and the following disclaimer.
14 * Redistributions in binary form must reproduce the above copyright notice,
15 * this list of conditions and the following disclaimer in the documentation
16 * and/or other materials provided with the distribution, if any, must include
17 * the following acknowledgment: "This product includes software developed by
18 * the University Corporation for Advanced Internet Development
19 * <http://www.ucaid.edu>Internet2 Project. Alternately, this acknowledegement
20 * may appear in the software itself, if and wherever such third-party
21 * acknowledgments normally appear.
23 * Neither the name of Shibboleth nor the names of its contributors, nor
24 * Internet2, nor the University Corporation for Advanced Internet Development,
25 * Inc., nor UCAID may be used to endorse or promote products derived from this
26 * software without specific prior written permission. For written permission,
27 * please contact shibboleth@shibboleth.org
29 * Products derived from this software may not be called Shibboleth, Internet2,
30 * UCAID, or the University Corporation for Advanced Internet Development, nor
31 * may Shibboleth appear in their name, without prior written permission of the
32 * University Corporation for Advanced Internet Development.
35 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
36 * AND WITH ALL FAULTS. ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
37 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A
38 * PARTICULAR PURPOSE, AND NON-INFRINGEMENT ARE DISCLAIMED AND THE ENTIRE RISK
39 * OF SATISFACTORY QUALITY, PERFORMANCE, ACCURACY, AND EFFORT IS WITH LICENSEE.
40 * IN NO EVENT SHALL THE COPYRIGHT OWNER, CONTRIBUTORS OR THE UNIVERSITY
41 * CORPORATION FOR ADVANCED INTERNET DEVELOPMENT, INC. BE LIABLE FOR ANY DIRECT,
42 * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
43 * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
44 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
45 * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
46 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
47 * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
51 /* shib.h - Shibboleth header file
62 #include <saml/saml.h>
63 #include <shib/shib-threads.h>
64 #include <xsec/xenc/XENCEncryptionMethod.hpp>
68 # define SHIB_EXPORTS __declspec(dllimport)
76 DECLARE_SAML_EXCEPTION(SHIB_EXPORTS,ResourceAccessException,SAMLException);
77 DECLARE_SAML_EXCEPTION(SHIB_EXPORTS,MetadataException,SAMLException);
78 DECLARE_SAML_EXCEPTION(SHIB_EXPORTS,CredentialException,SAMLException);
79 DECLARE_SAML_EXCEPTION(SHIB_EXPORTS,InvalidHandleException,RetryableProfileException);
80 DECLARE_SAML_EXCEPTION(SHIB_EXPORTS,InvalidSessionException,RetryableProfileException);
82 // Metadata abstract interfaces, based on SAML 2.0
84 struct SHIB_EXPORTS IContactPerson
86 enum ContactType { technical, support, administrative, billing, other };
87 virtual ContactType getType() const=0;
88 virtual const char* getCompany() const=0;
89 virtual const char* getGivenName() const=0;
90 virtual const char* getSurName() const=0;
91 virtual saml::Iterator<std::string> getEmailAddresses() const=0;
92 virtual saml::Iterator<std::string> getTelephoneNumbers() const=0;
93 virtual const DOMElement* getElement() const=0;
94 virtual ~IContactPerson() {}
97 struct SHIB_EXPORTS IOrganization
99 virtual const char* getName(const char* lang="en") const=0;
100 virtual const char* getDisplayName(const char* lang="en") const=0;
101 virtual const char* getURL(const char* lang="en") const=0;
102 virtual const DOMElement* getElement() const=0;
103 virtual ~IOrganization() {}
106 struct SHIB_EXPORTS IKeyDescriptor
108 enum KeyUse { unspecified, encryption, signing };
109 virtual KeyUse getUse() const=0;
110 virtual DSIGKeyInfoList* getKeyInfo() const=0;
111 virtual saml::Iterator<const XENCEncryptionMethod*> getEncryptionMethods() const=0;
112 virtual ~IKeyDescriptor() {}
115 struct SHIB_EXPORTS IEndpoint
117 virtual const XMLCh* getBinding() const=0;
118 virtual const XMLCh* getLocation() const=0;
119 virtual const XMLCh* getResponseLocation() const=0;
120 virtual const DOMElement* getElement() const=0;
121 virtual ~IEndpoint() {}
124 struct SHIB_EXPORTS IIndexedEndpoint : public virtual IEndpoint
126 virtual unsigned short getIndex() const=0;
127 virtual ~IIndexedEndpoint() {}
130 struct SHIB_EXPORTS IEndpointManager
132 virtual saml::Iterator<const IEndpoint*> getEndpoints() const=0;
133 virtual const IEndpoint* getDefaultEndpoint() const=0;
134 virtual const IEndpoint* getEndpointByIndex(unsigned short index) const=0;
135 virtual const IEndpoint* getEndpointByBinding(const XMLCh* binding) const=0;
136 virtual ~IEndpointManager() {}
139 struct SHIB_EXPORTS IEntityDescriptor;
140 struct SHIB_EXPORTS IRoleDescriptor
142 virtual const IEntityDescriptor* getEntityDescriptor() const=0;
143 virtual saml::Iterator<const XMLCh*> getProtocolSupportEnumeration() const=0;
144 virtual bool hasSupport(const XMLCh* protocol) const=0;
145 virtual bool isValid() const=0;
146 virtual const char* getErrorURL() const=0;
147 virtual saml::Iterator<const IKeyDescriptor*> getKeyDescriptors() const=0;
148 virtual const IOrganization* getOrganization() const=0;
149 virtual saml::Iterator<const IContactPerson*> getContactPersons() const=0;
150 virtual const DOMElement* getElement() const=0;
151 virtual ~IRoleDescriptor() {}
154 struct SHIB_EXPORTS ISSODescriptor : public virtual IRoleDescriptor
156 virtual const IEndpointManager* getArtifactResolutionServiceManager() const=0;
157 virtual const IEndpointManager* getSingleLogoutServiceManager() const=0;
158 virtual const IEndpointManager* getManageNameIDServiceManager() const=0;
159 virtual saml::Iterator<const XMLCh*> getNameIDFormats() const=0;
160 virtual ~ISSODescriptor() {}
163 struct SHIB_EXPORTS IIDPSSODescriptor : public virtual ISSODescriptor
165 virtual bool getWantAuthnRequestsSigned() const=0;
166 virtual const IEndpointManager* getSingleSignOnServiceManager() const=0;
167 virtual const IEndpointManager* getNameIDMappingServiceManager() const=0;
168 virtual const IEndpointManager* getAssertionIDRequestServiceManager() const=0;
169 virtual saml::Iterator<const XMLCh*> getAttributeProfiles() const=0;
170 virtual saml::Iterator<const saml::SAMLAttribute*> getAttributes() const=0;
171 virtual ~IIDPSSODescriptor() {}
174 struct SHIB_EXPORTS IAttributeConsumingService
176 virtual const XMLCh* getName(const char* lang="en") const=0;
177 virtual const XMLCh* getDescription(const char* lang="en") const=0;
178 virtual saml::Iterator<std::pair<const saml::SAMLAttribute*,bool> > getRequestedAttributes() const=0;
179 virtual ~IAttributeConsumingService() {}
182 struct SHIB_EXPORTS ISPSSODescriptor : public virtual ISSODescriptor
184 virtual bool getAuthnRequestsSigned() const=0;
185 virtual bool getWantAssertionsSigned() const=0;
186 virtual const IEndpointManager* getAssertionConsumerServiceManager() const=0;
187 virtual saml::Iterator<const IAttributeConsumingService*> getAttributeConsumingServices() const=0;
188 virtual const IAttributeConsumingService* getDefaultAttributeConsumingService() const=0;
189 virtual const IAttributeConsumingService* getAttributeConsumingServiceByID(const XMLCh* id) const=0;
190 virtual ~ISPSSODescriptor() {}
193 struct SHIB_EXPORTS IAuthnAuthorityDescriptor : public virtual IRoleDescriptor
195 virtual const IEndpointManager* getAuthnQueryServiceManager() const=0;
196 virtual const IEndpointManager* getAssertionIDRequestServiceManager() const=0;
197 virtual saml::Iterator<const XMLCh*> getNameIDFormats() const=0;
198 virtual ~IAuthnAuthorityDescriptor() {}
201 struct SHIB_EXPORTS IPDPDescriptor : public virtual IRoleDescriptor
203 virtual const IEndpointManager* getAuthzServiceManager() const=0;
204 virtual const IEndpointManager* getAssertionIDRequestServiceManager() const=0;
205 virtual saml::Iterator<const XMLCh*> getNameIDFormats() const=0;
206 virtual ~IPDPDescriptor() {}
209 struct SHIB_EXPORTS IAttributeAuthorityDescriptor : public virtual IRoleDescriptor
211 virtual const IEndpointManager* getAttributeServiceManager() const=0;
212 virtual const IEndpointManager* getAssertionIDRequestServiceManager() const=0;
213 virtual saml::Iterator<const XMLCh*> getNameIDFormats() const=0;
214 virtual saml::Iterator<const XMLCh*> getAttributeProfiles() const=0;
215 virtual saml::Iterator<const saml::SAMLAttribute*> getAttributes() const=0;
216 virtual ~IAttributeAuthorityDescriptor() {}
219 struct SHIB_EXPORTS IAffiliationDescriptor
221 virtual const IEntityDescriptor* getEntityDescriptor() const=0;
222 virtual const XMLCh* getOwnerID() const=0;
223 virtual bool isValid() const=0;
224 virtual saml::Iterator<const XMLCh*> getMembers() const=0;
225 virtual bool isMember(const XMLCh* id) const=0;
226 virtual saml::Iterator<const IKeyDescriptor*> getKeyDescriptors() const=0;
227 virtual const DOMElement* getElement() const=0;
228 virtual ~IAffiliationDescriptor() {}
231 struct SHIB_EXPORTS IEntitiesDescriptor;
232 struct SHIB_EXPORTS IEntityDescriptor
234 virtual const XMLCh* getId() const=0;
235 virtual bool isValid() const=0;
236 virtual saml::Iterator<const IRoleDescriptor*> getRoleDescriptors() const=0;
237 virtual const IIDPSSODescriptor* getIDPSSODescriptor(const XMLCh* protocol) const=0;
238 virtual const ISPSSODescriptor* getSPSSODescriptor(const XMLCh* protocol) const=0;
239 virtual const IAuthnAuthorityDescriptor* getAuthnAuthorityDescriptor(const XMLCh* protocol) const=0;
240 virtual const IAttributeAuthorityDescriptor* getAttributeAuthorityDescriptor(const XMLCh* protocol) const=0;
241 virtual const IPDPDescriptor* getPDPDescriptor(const XMLCh* protocol) const=0;
242 virtual const IAffiliationDescriptor* getAffiliationDescriptor() const=0;
243 virtual const IOrganization* getOrganization() const=0;
244 virtual saml::Iterator<const IContactPerson*> getContactPersons() const=0;
245 virtual saml::Iterator<std::pair<const XMLCh*,const XMLCh*> > getAdditionalMetadataLocations() const=0;
246 virtual const IEntitiesDescriptor* getEntitiesDescriptor() const=0;
247 virtual const DOMElement* getElement() const=0;
248 virtual ~IEntityDescriptor() {}
251 struct SHIB_EXPORTS IEntitiesDescriptor
253 virtual const XMLCh* getName() const=0;
254 virtual bool isValid() const=0;
255 virtual const IEntitiesDescriptor* getEntitiesDescriptor() const=0;
256 virtual saml::Iterator<const IEntitiesDescriptor*> getEntitiesDescriptors() const=0;
257 virtual saml::Iterator<const IEntityDescriptor*> getEntityDescriptors() const=0;
258 virtual const DOMElement* getElement() const=0;
259 virtual ~IEntitiesDescriptor() {}
262 // Supports Shib role extension describing attribute scoping rules
263 struct SHIB_EXPORTS IScopedRoleDescriptor : public virtual IRoleDescriptor
265 virtual saml::Iterator<std::pair<const XMLCh*,bool> > getScopes() const=0;
266 virtual ~IScopedRoleDescriptor() {}
269 // Shib extension interfaces to key authority data
270 struct SHIB_EXPORTS IKeyAuthority
272 virtual int getVerifyDepth() const=0;
273 virtual saml::Iterator<DSIGKeyInfoList*> getKeyInfos() const=0;
274 virtual ~IKeyAuthority() {}
277 struct SHIB_EXPORTS IExtendedEntityDescriptor : public virtual IEntityDescriptor
279 virtual saml::Iterator<const IKeyAuthority*> getKeyAuthorities() const=0;
280 virtual ~IExtendedEntityDescriptor() {}
283 struct SHIB_EXPORTS IExtendedEntitiesDescriptor : public virtual IEntitiesDescriptor
285 virtual saml::Iterator<const IKeyAuthority*> getKeyAuthorities() const=0;
286 virtual ~IExtendedEntitiesDescriptor() {}
289 struct SHIB_EXPORTS IMetadata : public virtual saml::ILockable, public virtual saml::IPlugIn
291 virtual const IEntityDescriptor* lookup(const char* id, bool strict=true) const=0;
292 virtual const IEntityDescriptor* lookup(const XMLCh* id, bool strict=true) const=0;
293 virtual const IEntityDescriptor* lookup(const saml::SAMLArtifact* artifact) const=0;
294 virtual ~IMetadata() {}
297 struct SHIB_EXPORTS IRevocation : public virtual saml::ILockable, public virtual saml::IPlugIn
299 virtual saml::Iterator<void*> getRevocationLists(const IEntityDescriptor* provider, const IRoleDescriptor* role=NULL) const=0;
300 virtual ~IRevocation() {}
303 // Trust interface hides *all* details of signature and SSL validation.
304 // Pluggable providers can fully override the Shibboleth trust model here.
306 struct SHIB_EXPORTS ITrust : public virtual saml::IPlugIn
308 virtual bool validate(
309 const saml::Iterator<IRevocation*>& revocations,
310 const IRoleDescriptor* role, const saml::SAMLSignedObject& token,
311 const saml::Iterator<IMetadata*>& metadatas=EMPTY(IMetadata*)
313 virtual bool attach(const saml::Iterator<IRevocation*>& revocations, const IRoleDescriptor* role, void* ctx)=0;
317 // Credentials interface abstracts access to "owned" keys and certificates.
319 struct SHIB_EXPORTS ICredResolver : public virtual saml::IPlugIn
321 virtual void attach(void* ctx) const=0;
322 virtual XSECCryptoKey* getKey() const=0;
323 virtual saml::Iterator<XSECCryptoX509*> getCertificates() const=0;
324 virtual void dump(FILE* f) const=0;
325 virtual void dump() const { dump(stdout); }
326 virtual ~ICredResolver() {}
329 struct SHIB_EXPORTS ICredentials : public virtual saml::ILockable, public virtual saml::IPlugIn
331 virtual const ICredResolver* lookup(const char* id) const=0;
332 virtual ~ICredentials() {}
335 // Attribute acceptance processing interfaces, applied to incoming attributes.
337 struct SHIB_EXPORTS IAttributeRule
339 virtual const XMLCh* getName() const=0;
340 virtual const XMLCh* getNamespace() const=0;
341 virtual const char* getFactory() const=0;
342 virtual const char* getAlias() const=0;
343 virtual const char* getHeader() const=0;
344 virtual bool getCaseSensitive() const=0;
345 virtual void apply(saml::SAMLAttribute& attribute, const IRoleDescriptor* role=NULL) const=0;
346 virtual ~IAttributeRule() {}
349 struct SHIB_EXPORTS IAAP : public virtual saml::ILockable, public virtual saml::IPlugIn
351 virtual bool anyAttribute() const=0;
352 virtual const IAttributeRule* lookup(const XMLCh* attrName, const XMLCh* attrNamespace=NULL) const=0;
353 virtual const IAttributeRule* lookup(const char* alias) const=0;
354 virtual saml::Iterator<const IAttributeRule*> getAttributeRules() const=0;
358 #ifdef SHIB_INSTANTIATE
359 template class SHIB_EXPORTS saml::Iterator<const IContactPerson*>;
360 template class SHIB_EXPORTS saml::Iterator<const XENCEncryptionMethod*>;
361 template class SHIB_EXPORTS saml::Iterator<const IKeyDescriptor*>;
362 template class SHIB_EXPORTS saml::Iterator<const IAttributeConsumingService*>;
363 template class SHIB_EXPORTS saml::Iterator<const IRoleDescriptor*>;
364 template class SHIB_EXPORTS saml::Iterator<const IEntityDescriptor*>;
365 template class SHIB_EXPORTS saml::Iterator<const IEntitiesDescriptor*>;
366 template class SHIB_EXPORTS saml::Iterator<const IEndpoint*>;
367 template class SHIB_EXPORTS saml::Iterator<const IAttributeRule*>;
368 template class SHIB_EXPORTS saml::Iterator<const IKeyAuthority*>;
369 template class SHIB_EXPORTS saml::Iterator<DSIGKeyInfoList*>;
370 template class SHIB_EXPORTS saml::Iterator<IMetadata*>;
371 template class SHIB_EXPORTS saml::ArrayIterator<IMetadata*>;
372 template class SHIB_EXPORTS saml::Iterator<ITrust*>;
373 template class SHIB_EXPORTS saml::ArrayIterator<ITrust*>;
374 template class SHIB_EXPORTS saml::Iterator<IRevocation*>;
375 template class SHIB_EXPORTS saml::ArrayIterator<IRevocation*>;
376 template class SHIB_EXPORTS saml::Iterator<ICredentials*>;
377 template class SHIB_EXPORTS saml::ArrayIterator<ICredentials*>;
378 template class SHIB_EXPORTS saml::Iterator<IAAP*>;
379 template class SHIB_EXPORTS saml::ArrayIterator<IAAP*>;
382 struct SHIB_EXPORTS Constants
384 static const XMLCh SHIB_ATTRIBUTE_NAMESPACE_URI[];
385 static const XMLCh SHIB_NAMEID_FORMAT_URI[];
386 static const XMLCh SHIB_AUTHNREQUEST_PROFILE_URI[];
387 static const XMLCh SHIB_NS[];
388 static const XMLCh InvalidHandle[];
391 // Glue classes between abstract metadata and concrete providers
393 class SHIB_EXPORTS Metadata
396 Metadata(const saml::Iterator<IMetadata*>& metadatas) : m_metadatas(metadatas), m_mapper(NULL) {}
399 const IEntityDescriptor* lookup(const char* id, bool strict=true);
400 const IEntityDescriptor* lookup(const XMLCh* id, bool strict=true);
401 const IEntityDescriptor* lookup(const saml::SAMLArtifact* artifact);
404 Metadata(const Metadata&);
405 void operator=(const Metadata&);
407 const saml::Iterator<IMetadata*>& m_metadatas;
410 class SHIB_EXPORTS Revocation
413 Revocation(const saml::Iterator<IRevocation*>& revocations) : m_revocations(revocations), m_mapper(NULL) {}
416 saml::Iterator<void*> getRevocationLists(const IEntityDescriptor* provider, const IRoleDescriptor* role=NULL);
419 Revocation(const Revocation&);
420 void operator=(const Revocation&);
421 IRevocation* m_mapper;
422 const saml::Iterator<IRevocation*>& m_revocations;
425 class SHIB_EXPORTS Trust
428 Trust(const saml::Iterator<ITrust*>& trusts) : m_trusts(trusts) {}
432 const saml::Iterator<IRevocation*>& revocations,
433 const IRoleDescriptor* role, const saml::SAMLSignedObject& token,
434 const saml::Iterator<IMetadata*>& metadatas=EMPTY(IMetadata*)
436 bool attach(const saml::Iterator<IRevocation*>& revocations, const IRoleDescriptor* role, void* ctx) const;
440 void operator=(const Trust&);
441 const saml::Iterator<ITrust*>& m_trusts;
444 class SHIB_EXPORTS Credentials
447 Credentials(const saml::Iterator<ICredentials*>& creds) : m_creds(creds), m_mapper(NULL) {}
450 const ICredResolver* lookup(const char* id);
453 Credentials(const Credentials&);
454 void operator=(const Credentials&);
455 ICredentials* m_mapper;
456 const saml::Iterator<ICredentials*>& m_creds;
459 class SHIB_EXPORTS AAP
462 AAP(const saml::Iterator<IAAP*>& aaps, const XMLCh* attrName, const XMLCh* attrNamespace=NULL);
463 AAP(const saml::Iterator<IAAP*>& aaps, const char* alias);
465 bool fail() const {return m_mapper==NULL;}
466 const IAttributeRule* operator->() const {return m_rule;}
467 operator const IAttributeRule*() const {return m_rule;}
469 static void apply(const saml::Iterator<IAAP*>& aaps, saml::SAMLAssertion& assertion, const IRoleDescriptor* role=NULL);
473 void operator=(const AAP&);
475 const IAttributeRule* m_rule;
478 // Subclass around the OpenSAML browser profile interface,
479 // incoporates additional functionality using Shib-defined APIs.
480 class SHIB_EXPORTS ShibBrowserProfile : virtual public saml::SAMLBrowserProfile
484 const saml::Iterator<IMetadata*>& metadatas=EMPTY(IMetadata*),
485 const saml::Iterator<IRevocation*>& revocations=EMPTY(IRevocation*),
486 const saml::Iterator<ITrust*>& trusts=EMPTY(ITrust*)
488 virtual ~ShibBrowserProfile();
490 virtual void setVersion(int major, int minor);
491 virtual saml::SAMLBrowserProfile::BrowserProfileResponse receive(
493 const XMLCh* recipient,
494 int supportedProfiles,
495 saml::IReplayCache* replayCache=NULL,
496 saml::SAMLBrowserProfile::ArtifactMapper* callback=NULL
500 saml::SAMLBrowserProfile* m_profile;
501 saml::Iterator<IMetadata*> m_metadatas;
502 saml::Iterator<IRevocation*> m_revocations;
503 saml::Iterator<ITrust*> m_trusts;
506 // Instead of wrapping the binding to deal with mutual authentication, we
507 // just use the HTTP hook functionality offered by OpenSAML. The hook will
508 // register "itself" as a globalCtx pointer with the SAML binding and the caller
509 // will declare and pass the embedded struct as callCtx for use by the hook.
510 class SHIB_EXPORTS ShibHTTPHook : virtual public saml::SAMLSOAPHTTPBinding::HTTPHook
514 const saml::Iterator<IRevocation*>& revocations,
515 const saml::Iterator<ITrust*>& trusts,
516 const saml::Iterator<ICredentials*>& creds
517 ) : m_revocations(revocations), m_trusts(trusts), m_creds(creds) {}
518 virtual ~ShibHTTPHook() {}
520 // Only hook we need here is for outgoing connection to server.
521 virtual bool outgoing(saml::HTTPClient* conn, void* globalCtx=NULL, void* callCtx=NULL);
523 // Client declares a context object and pass as callCtx to send() method.
524 class SHIB_EXPORTS ShibHTTPHookCallContext {
526 ShibHTTPHookCallContext(const char* credResolverId, const IRoleDescriptor* role)
527 : m_credResolverId(credResolverId), m_role(role), m_hook(NULL) {}
529 const char* m_credResolverId;
530 const IRoleDescriptor* m_role;
531 ShibHTTPHook* m_hook;
532 friend class ShibHTTPHook;
533 friend bool ssl_ctx_callback(void* ssl_ctx, void* userptr);
536 friend bool ssl_ctx_callback(void* ssl_ctx, void* userptr);
537 saml::Iterator<IRevocation*> m_revocations;
538 saml::Iterator<ITrust*> m_trusts;
539 saml::Iterator<ICredentials*> m_creds;
542 class SHIB_EXPORTS ShibConfig
546 virtual ~ShibConfig() {}
548 // global per-process setup and shutdown of Shibboleth runtime
552 // enables runtime and clients to access configuration
553 static ShibConfig& getConfig();
556 /* Helper classes for implementing reloadable XML-based config files
557 The ILockable interface will usually be inherited twice, once as
558 part of the external interface to clients and once as an implementation
559 detail of the reloading class below.
562 class SHIB_EXPORTS ReloadableXMLFileImpl
565 ReloadableXMLFileImpl(const char* pathname);
566 ReloadableXMLFileImpl(const DOMElement* pathname);
567 virtual ~ReloadableXMLFileImpl();
571 const DOMElement* m_root;
574 class SHIB_EXPORTS ReloadableXMLFile : protected virtual saml::ILockable
577 ReloadableXMLFile(const DOMElement* e);
578 ~ReloadableXMLFile() { delete m_lock; delete m_impl; }
581 virtual void unlock() { if (m_lock) m_lock->unlock(); }
583 ReloadableXMLFileImpl* getImplementation() const;
586 virtual ReloadableXMLFileImpl* newImplementation(const char* pathname, bool first=true) const=0;
587 virtual ReloadableXMLFileImpl* newImplementation(const DOMElement* e, bool first=true) const=0;
588 mutable ReloadableXMLFileImpl* m_impl;
591 const DOMElement* m_root;
592 std::string m_source;
597 /* These helpers attach metadata-derived information as exception properties and then
598 * rethrow the object. The following properties are attached, when possible:
600 * providerId The unique ID of the entity
601 * errorURL The error support URL of the entity or role
602 * contactName A formatted support or technical contact name
603 * contactEmail A contact email address
605 SHIB_EXPORTS void annotateException(saml::SAMLException& e, const IEntityDescriptor* entity, bool rethrow=true);
606 SHIB_EXPORTS void annotateException(saml::SAMLException& e, const IRoleDescriptor* role, bool rethrow=true);