2 * The Shibboleth License, Version 1.
4 * University Corporation for Advanced Internet Development, Inc.
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions are met:
11 * Redistributions of source code must retain the above copyright notice, this
12 * list of conditions and the following disclaimer.
14 * Redistributions in binary form must reproduce the above copyright notice,
15 * this list of conditions and the following disclaimer in the documentation
16 * and/or other materials provided with the distribution, if any, must include
17 * the following acknowledgment: "This product includes software developed by
18 * the University Corporation for Advanced Internet Development
19 * <http://www.ucaid.edu>Internet2 Project. Alternately, this acknowledegement
20 * may appear in the software itself, if and wherever such third-party
21 * acknowledgments normally appear.
23 * Neither the name of Shibboleth nor the names of its contributors, nor
24 * Internet2, nor the University Corporation for Advanced Internet Development,
25 * Inc., nor UCAID may be used to endorse or promote products derived from this
26 * software without specific prior written permission. For written permission,
27 * please contact shibboleth@shibboleth.org
29 * Products derived from this software may not be called Shibboleth, Internet2,
30 * UCAID, or the University Corporation for Advanced Internet Development, nor
31 * may Shibboleth appear in their name, without prior written permission of the
32 * University Corporation for Advanced Internet Development.
35 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
36 * AND WITH ALL FAULTS. ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
37 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A
38 * PARTICULAR PURPOSE, AND NON-INFRINGEMENT ARE DISCLAIMED AND THE ENTIRE RISK
39 * OF SATISFACTORY QUALITY, PERFORMANCE, ACCURACY, AND EFFORT IS WITH LICENSEE.
40 * IN NO EVENT SHALL THE COPYRIGHT OWNER, CONTRIBUTORS OR THE UNIVERSITY
41 * CORPORATION FOR ADVANCED INTERNET DEVELOPMENT, INC. BE LIABLE FOR ANY DIRECT,
42 * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
43 * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
44 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
45 * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
46 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
47 * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
51 /* internal.h - internally visible declarations
59 #ifndef __shibtarget_internal_h__
60 #define __shibtarget_internal_h__
63 # define SHIBTARGET_EXPORTS __declspec(dllexport)
66 // eventually we might be able to support autoconf via cygwin...
67 #if defined (_MSC_VER) || defined(__BORLANDC__)
68 # include "config_win32.h"
73 #include "shib-target.h"
76 #include <log4cpp/Category.hh>
77 #include <log4cpp/FixedContextCategory.hh>
79 #define SHIBT_L(s) shibtarget::XML::Literals::s
80 #define SHIBT_L_QNAME(p,s) shibtarget::XML::Literals::p##_##s
81 #define SHIBTRAN_LOGCAT "Shibboleth-TRANSACTION"
83 // Controls default logging level of console tools and other situations
84 // where full shibboleth.xml-based logging isn't used.
85 #define SHIB_LOGGING "WARN"
87 namespace shibtarget {
89 // Wraps the actual RPC connection
96 CLIENT* connect(void); // connects and returns the CLIENT handle
97 void disconnect(); // disconnects, should not return disconnected handles to pool!
100 log4cpp::Category* log;
102 IListener::ShibSocket m_sock;
105 // Manages the pool of connections
109 RPCHandlePool() : m_lock(shibboleth::Mutex::create()) {}
112 void put(RPCHandle*);
115 std::auto_ptr<shibboleth::Mutex> m_lock;
116 std::stack<RPCHandle*> m_pool;
119 // Cleans up after use
124 ~RPC() {delete m_handle;}
125 RPCHandle* operator->() {return m_handle;}
126 void pool() {if (m_handle) m_pool.put(m_handle); m_handle=NULL;}
129 RPCHandlePool& m_pool;
133 // Helper class for SAML 2.0 Common Domain Cookie operations
134 class CommonDomainCookie
137 CommonDomainCookie(const char* cookie);
138 ~CommonDomainCookie();
139 saml::Iterator<const char*> get() {return m_list;}
140 const char* set(const char* providerId);
141 static const char CDCName[];
144 std::string m_encoded;
145 std::vector<const char*> m_list;
146 std::vector<std::string> m_additions;
149 // Generic class, which handles the IPropertySet configuration interface.
150 // Most of the basic configuration details are exposed via this interface.
151 // This implementation extracts the XML tree structure and caches it in a map
152 // with the attributes stored in the various possible formats they might be fetched.
153 // Elements are treated as nested IPropertySets.
154 // The "trick" to this is to pass in an "exclude list" using a DOMNodeFilter. Nested
155 // property sets are extracted by running a TreeWalker againt the filter for the
156 // immediate children. The filter should skip any excluded elements that will be
157 // processed separately.
158 class XMLPropertySet : public virtual IPropertySet
164 std::pair<bool,bool> getBool(const char* name, const char* ns=NULL) const;
165 std::pair<bool,const char*> getString(const char* name, const char* ns=NULL) const;
166 std::pair<bool,const XMLCh*> getXMLString(const char* name, const char* ns=NULL) const;
167 std::pair<bool,unsigned int> getUnsignedInt(const char* name, const char* ns=NULL) const;
168 std::pair<bool,int> getInt(const char* name, const char* ns=NULL) const;
169 const IPropertySet* getPropertySet(const char* name, const char* ns="urn:mace:shibboleth:target:config:1.0") const;
170 const DOMElement* getElement() const {return m_root;}
173 const DOMElement* e, // root element of property set
174 log4cpp::Category& log, // log object for tracing
175 DOMNodeFilter* filter, // control what subelements to include
176 const std::map<std::string,std::string>* remapper=NULL // on the fly property renaming for legacy support
180 const DOMElement* m_root;
181 std::map<std::string,std::pair<char*,const XMLCh*> > m_map;
182 std::map<std::string,IPropertySet*> m_nested;
185 // ST-aware class that maps SAML artifacts to appropriate binding information
186 class STArtifactMapper : public virtual saml::SAMLBrowserProfile::ArtifactMapper
189 STArtifactMapper(const IApplication* application)
190 : m_app(application), m_localcopy(application->getMetadataProviders()), m_metadata(m_localcopy), m_ctx(NULL) {}
191 virtual ~STArtifactMapper() {delete m_ctx;}
193 saml::SAMLBrowserProfile::ArtifactMapper::ArtifactMapperResponse map(const saml::SAMLArtifact* artifact);
196 const IApplication* m_app;
197 saml::Iterator<shibboleth::IMetadata*> m_localcopy;
198 shibboleth::Metadata m_metadata; // scopes lock around use of role descriptor by hook context
199 shibboleth::ShibHTTPHook::ShibHTTPHookCallContext* m_ctx;
202 class STConfig : public ShibTargetConfig
205 STConfig() : m_tranLog(NULL), m_tranLogLock(NULL), m_rpcpool(NULL) {}
208 bool init(const char* schemadir, const char* config);
211 RPCHandlePool& getRPCHandlePool() {return *m_rpcpool;}
212 log4cpp::Category& getTransactionLog() { m_tranLogLock->lock(); return *m_tranLog; }
213 void releaseTransactionLog() { m_tranLogLock->unlock();}
215 RPCHandlePool* m_rpcpool;
216 log4cpp::FixedContextCategory* m_tranLog;
217 shibboleth::Mutex* m_tranLogLock;
218 static IConfig* ShibTargetConfigFactory(const DOMElement* e);
224 static const XMLCh SHIBTARGET_SCHEMA_ID[];
225 static const XMLCh SAML2ASSERT_NS[];
226 static const XMLCh SAML2ASSERT_SCHEMA_ID[];
227 static const XMLCh SAML2META_NS[];
228 static const XMLCh SAML2META_SCHEMA_ID[];
229 static const XMLCh XMLENC_NS[];
230 static const XMLCh XMLENC_SCHEMA_ID[];
232 static const char htaccessType[];
233 static const char MemorySessionCacheType[];
234 static const char MySQLSessionCacheType[];
235 static const char MemoryReplayCacheType[];
236 static const char MySQLReplayCacheType[];
237 static const char LegacyRequestMapType[];
238 static const char RequestMapType[];
239 static const char TCPListenerType[];
240 static const char UnixListenerType[];
244 static const XMLCh AAPProvider[];
245 static const XMLCh AccessControlProvider[];
246 static const XMLCh AND[];
247 static const XMLCh applicationId[];
248 static const XMLCh Application[];
249 static const XMLCh Applications[];
250 static const XMLCh AssertionConsumerService[];
251 static const XMLCh CredentialsProvider[];
252 static const XMLCh CredentialUse[];
253 static const XMLCh Extensions[];
254 static const XMLCh fatal[];
255 static const XMLCh FederationProvider[];
256 static const XMLCh Global[];
257 static const XMLCh Host[];
258 static const XMLCh htaccess[];
259 static const XMLCh Implementation[];
260 static const XMLCh index[];
261 static const XMLCh isDefault[];
262 static const XMLCh Library[];
263 static const XMLCh Listener[];
264 static const XMLCh Local[];
265 static const XMLCh logger[];
266 static const XMLCh MemorySessionCache[];
267 static const XMLCh MySQLReplayCache[];
268 static const XMLCh MySQLSessionCache[];
269 static const XMLCh name[];
270 static const XMLCh Name[];
271 static const XMLCh NOT[];
272 static const XMLCh OR[];
273 static const XMLCh Path[];
274 static const XMLCh path[];
275 static const XMLCh RelyingParty[];
276 static const XMLCh ReplayCache[];
277 static const XMLCh RequestMap[];
278 static const XMLCh RequestMapProvider[];
279 static const XMLCh require[];
280 static const XMLCh RevocationProvider[];
281 static const XMLCh Rule[];
282 static const XMLCh SessionCache[];
283 static const XMLCh SessionInitiator[];
284 static const XMLCh SHAR[];
285 static const XMLCh ShibbolethTargetConfig[];
286 static const XMLCh SHIRE[];
287 static const XMLCh Signing[];
288 static const XMLCh SingleLogoutService[];
289 static const XMLCh SPConfig[];
290 static const XMLCh TCPListener[];
291 static const XMLCh TLS[];
292 static const XMLCh TrustProvider[];
293 static const XMLCh type[];
294 static const XMLCh UnixListener[];