2 * The Shibboleth License, Version 1.
4 * University Corporation for Advanced Internet Development, Inc.
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions are met:
11 * Redistributions of source code must retain the above copyright notice, this
12 * list of conditions and the following disclaimer.
14 * Redistributions in binary form must reproduce the above copyright notice,
15 * this list of conditions and the following disclaimer in the documentation
16 * and/or other materials provided with the distribution, if any, must include
17 * the following acknowledgment: "This product includes software developed by
18 * the University Corporation for Advanced Internet Development
19 * <http://www.ucaid.edu>Internet2 Project. Alternately, this acknowledegement
20 * may appear in the software itself, if and wherever such third-party
21 * acknowledgments normally appear.
23 * Neither the name of Shibboleth nor the names of its contributors, nor
24 * Internet2, nor the University Corporation for Advanced Internet Development,
25 * Inc., nor UCAID may be used to endorse or promote products derived from this
26 * software without specific prior written permission. For written permission,
27 * please contact shibboleth@shibboleth.org
29 * Products derived from this software may not be called Shibboleth, Internet2,
30 * UCAID, or the University Corporation for Advanced Internet Development, nor
31 * may Shibboleth appear in their name, without prior written permission of the
32 * University Corporation for Advanced Internet Development.
35 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
36 * AND WITH ALL FAULTS. ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
37 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A
38 * PARTICULAR PURPOSE, AND NON-INFRINGEMENT ARE DISCLAIMED AND THE ENTIRE RISK
39 * OF SATISFACTORY QUALITY, PERFORMANCE, ACCURACY, AND EFFORT IS WITH LICENSEE.
40 * IN NO EVENT SHALL THE COPYRIGHT OWNER, CONTRIBUTORS OR THE UNIVERSITY
41 * CORPORATION FOR ADVANCED INTERNET DEVELOPMENT, INC. BE LIABLE FOR ANY DIRECT,
42 * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
43 * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
44 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
45 * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
46 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
47 * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
51 /* internal.h - internally visible declarations
59 #ifndef __shibtarget_internal_h__
60 #define __shibtarget_internal_h__
63 # define SHIBTARGET_EXPORTS __declspec(dllexport)
66 // eventually we might be able to support autoconf via cygwin...
67 #if defined (_MSC_VER) || defined(__BORLANDC__)
68 # include "config_win32.h"
73 #include "shib-target.h"
76 #include <log4cpp/Category.hh>
77 #include <log4cpp/FixedContextCategory.hh>
79 #define SHIBT_L(s) shibtarget::XML::Literals::s
80 #define SHIBT_L_QNAME(p,s) shibtarget::XML::Literals::p##_##s
81 #define SHIBTRAN_LOGCAT "Shibboleth-TRANSACTION"
83 // Controls default logging level of console tools and other situations
84 // where full shibboleth.xml-based logging isn't used.
85 #define SHIB_LOGGING "WARN"
87 namespace shibtarget {
89 // Wraps the actual RPC connection
96 CLIENT* connect(void); // connects and returns the CLIENT handle
97 void disconnect(); // disconnects, should not return disconnected handles to pool!
100 log4cpp::Category* log;
102 IListener::ShibSocket m_sock;
105 // Manages the pool of connections
109 RPCHandlePool() : m_lock(shibboleth::Mutex::create()) {}
112 void put(RPCHandle*);
115 std::auto_ptr<shibboleth::Mutex> m_lock;
116 std::stack<RPCHandle*> m_pool;
119 // Cleans up after use
124 ~RPC() {delete m_handle;}
125 RPCHandle* operator->() {return m_handle;}
126 void pool() {if (m_handle) m_pool.put(m_handle); m_handle=NULL;}
129 RPCHandlePool& m_pool;
133 // Generic class, which handles the IPropertySet configuration interface.
134 // Most of the basic configuration details are exposed via this interface.
135 // This implementation extracts the XML tree structure and caches it in a map
136 // with the attributes stored in the various possible formats they might be fetched.
137 // Elements are treated as nested IPropertySets.
138 // The "trick" to this is to pass in an "exclude list" using a DOMNodeFilter. Nested
139 // property sets are extracted by running a TreeWalker againt the filter for the
140 // immediate children. The filter should skip any excluded elements that will be
141 // processed separately.
142 class XMLPropertySet : public virtual IPropertySet
148 std::pair<bool,bool> getBool(const char* name, const char* ns=NULL) const;
149 std::pair<bool,const char*> getString(const char* name, const char* ns=NULL) const;
150 std::pair<bool,const XMLCh*> getXMLString(const char* name, const char* ns=NULL) const;
151 std::pair<bool,unsigned int> getUnsignedInt(const char* name, const char* ns=NULL) const;
152 std::pair<bool,int> getInt(const char* name, const char* ns=NULL) const;
153 const IPropertySet* getPropertySet(const char* name, const char* ns="urn:mace:shibboleth:target:config:1.0") const;
154 const DOMElement* getElement() const {return m_root;}
157 const DOMElement* e, // root element of property set
158 log4cpp::Category& log, // log object for tracing
159 DOMNodeFilter* filter, // control what subelements to include
160 const std::map<std::string,std::string>* remapper=NULL // on the fly property renaming for legacy support
164 const DOMElement* m_root;
165 std::map<std::string,std::pair<char*,const XMLCh*> > m_map;
166 std::map<std::string,IPropertySet*> m_nested;
169 // ST-aware class that maps SAML artifacts to appropriate binding information
170 class STArtifactMapper : public virtual saml::SAMLBrowserProfile::ArtifactMapper
173 STArtifactMapper(const IApplication* application)
174 : m_app(application), m_localcopy(application->getMetadataProviders()), m_metadata(m_localcopy), m_ctx(NULL) {}
175 virtual ~STArtifactMapper() {delete m_ctx;}
177 saml::SAMLBrowserProfile::ArtifactMapper::ArtifactMapperResponse map(const saml::SAMLArtifact* artifact);
180 const IApplication* m_app;
181 saml::Iterator<shibboleth::IMetadata*> m_localcopy;
182 shibboleth::Metadata m_metadata; // scopes lock around use of role descriptor by hook context
183 shibboleth::ShibHTTPHook::ShibHTTPHookCallContext* m_ctx;
186 class STConfig : public ShibTargetConfig
189 STConfig() : m_tranLog(NULL), m_tranLogLock(NULL), m_rpcpool(NULL) {}
192 bool init(const char* schemadir, const char* config);
195 RPCHandlePool& getRPCHandlePool() {return *m_rpcpool;}
196 log4cpp::Category& getTransactionLog() { m_tranLogLock->lock(); return *m_tranLog; }
197 void releaseTransactionLog() { m_tranLogLock->unlock();}
199 RPCHandlePool* m_rpcpool;
200 log4cpp::FixedContextCategory* m_tranLog;
201 shibboleth::Mutex* m_tranLogLock;
202 static IConfig* ShibTargetConfigFactory(const DOMElement* e);
208 static const XMLCh SHIBTARGET_SCHEMA_ID[];
210 static const char htaccessType[];
211 static const char MemorySessionCacheType[];
212 static const char MySQLSessionCacheType[];
213 static const char MemoryReplayCacheType[];
214 static const char MySQLReplayCacheType[];
215 static const char LegacyRequestMapType[];
216 static const char RequestMapType[];
217 static const char TCPListenerType[];
218 static const char UnixListenerType[];
222 static const XMLCh AAPProvider[];
223 static const XMLCh AccessControlProvider[];
224 static const XMLCh AND[];
225 static const XMLCh applicationId[];
226 static const XMLCh Application[];
227 static const XMLCh Applications[];
228 static const XMLCh CredentialsProvider[];
229 static const XMLCh CredentialUse[];
230 static const XMLCh Extensions[];
231 static const XMLCh fatal[];
232 static const XMLCh FederationProvider[];
233 static const XMLCh Global[];
234 static const XMLCh Host[];
235 static const XMLCh htaccess[];
236 static const XMLCh Implementation[];
237 static const XMLCh Library[];
238 static const XMLCh Listener[];
239 static const XMLCh Local[];
240 static const XMLCh logger[];
241 static const XMLCh MemorySessionCache[];
242 static const XMLCh MySQLReplayCache[];
243 static const XMLCh MySQLSessionCache[];
244 static const XMLCh name[];
245 static const XMLCh Name[];
246 static const XMLCh NOT[];
247 static const XMLCh OR[];
248 static const XMLCh Path[];
249 static const XMLCh path[];
250 static const XMLCh RelyingParty[];
251 static const XMLCh ReplayCache[];
252 static const XMLCh RequestMap[];
253 static const XMLCh RequestMapProvider[];
254 static const XMLCh require[];
255 static const XMLCh RevocationProvider[];
256 static const XMLCh Rule[];
257 static const XMLCh SessionCache[];
258 static const XMLCh SHAR[];
259 static const XMLCh ShibbolethTargetConfig[];
260 static const XMLCh SHIRE[];
261 static const XMLCh Signing[];
262 static const XMLCh SPConfig[];
263 static const XMLCh TCPListener[];
264 static const XMLCh TLS[];
265 static const XMLCh TrustProvider[];
266 static const XMLCh type[];
267 static const XMLCh UnixListener[];