2 * See the NOTICE file distributed with this work for information
3 * regarding copyright ownership. Licensed under the Apache License,
4 * Version 2.0 (the "License"); you may not use this file except in
5 * compliance with the License. You may obtain a copy of the License at
7 * http://www.apache.org/licenses/LICENSE-2.0
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
17 * @file shibresolver/resolver.h
19 * An embeddable component interface to Shibboleth SP attribute processing.
22 #ifndef __shibresolver_h__
23 #define __shibresolver_h__
25 #include <shibresolver/base.h>
27 #include <shibsp/RequestMapper.h>
28 #include <shibsp/SPConfig.h>
29 #include <xmltooling/unicode.h>
33 #ifdef SHIBRESOLVER_HAVE_GSSGNU
35 #elif defined SHIBRESOLVER_HAVE_GSSMIT
36 # include <gssapi/gssapi.h>
37 # include <gssapi/gssapi_generic.h>
42 namespace xmltooling {
43 class XMLTOOL_API XMLObject;
47 class SHIBSP_API Attribute;
48 class SHIBSP_API SPRequest;
51 namespace shibresolver {
53 #if defined (_MSC_VER)
54 #pragma warning( push )
55 #pragma warning( disable : 4250 4251 )
59 * An embeddable component interface to Shibboleth SP attribute processing.
61 class SHIBRESOLVER_API ShibbolethResolver
63 MAKE_NONCOPYABLE(ShibbolethResolver);
67 virtual ~ShibbolethResolver();
70 * Sets the calling service request, making the Shibboleth SP responsible for
71 * mapping the service to an Application instance.
73 * @param request identifies the service request performing attribute resolution
75 void setRequest(const shibsp::SPRequest* request);
78 * Sets the application ID to use for resolution, bypassing the mapping
79 * function of the Shibboleth SP.
81 * @param appID identifies an application in the SP configuration
83 void setApplicationID(const char* appID);
86 * Sets the identity issuer to use for resolution.
88 * @param issuer entityID of the identity "source", if known
90 void setIssuer(const char* issuer);
93 * Sets the metadata protocol constant to use for resolution.
95 * @param protocol metadata protocol constant
97 void setProtocol(const XMLCh* protocol);
100 * Adds an XML token as input to the resolver, generally a SAML assertion.
101 * <p>The caller retains ownership of the object.
103 * @param token an input token to evaluate
105 void addToken(const xmltooling::XMLObject* token);
107 #ifdef SHIBRESOLVER_HAVE_GSSAPI
109 * Adds a GSS-API exported mechanism name as input to
111 * <p>The caller retains ownership of the buffer.
113 * @param ctx an input exported mechanism name to evaluate
115 void addToken(const gss_buffer_t name);
117 # ifdef SHIBRESOLVER_HAVE_GSSAPI_NAMINGEXTS
119 * Adds a GSS-API mechanism name as input to the resolver.
120 * <p>The caller retains ownership of the name.
122 * @param name an input mechanism name to evaluate
124 void addToken(gss_name_t name);
128 * Adds a GSS-API security context as input to the resolver.
129 * <p>The caller loses ownership of the context.
131 * @param ctx an input context to evaluate
133 void addToken(gss_ctx_id_t* ctx);
137 * Adds an Attribute as input to the resolver.
138 * <p>The caller retains ownership of the object.
140 * @param attr an input Attribute
142 void addAttribute(shibsp::Attribute* attr);
145 * Resolves Attributes and attaches them to the resolver object.
146 * <p>The caller is responsible for transferring any Attributes it wishes to
147 * retain out of the resolver.
149 virtual void resolve();
152 * Returns a modifiable array of resolved Attribute objects.
153 * <p>The caller may take ownership of any or all by removing them
156 * @return array of resolved Attributes
158 std::vector<shibsp::Attribute*>& getResolvedAttributes();
161 * Returns mapped PropertySet and AccessControl objects, if any.
163 * @return mapped PropertySet/AccesssControl pair
165 shibsp::RequestMapper::Settings getSettings() const;
168 * Initializes SP runtime objects based on an XML configuration string or a configuration pathname.
169 * <p>Each process using the library MUST call this function exactly once before using any library classes.
171 * @param features bitmask of SP components to enable
172 * @param config a snippet of XML to parse (it <strong>MUST</strong> contain a type attribute) or a pathname
173 * @param rethrow true iff caught exceptions should be rethrown instead of just returning a true/false result
174 * @return true iff initialization was successful
178 unsigned long features = (shibsp::SPConfig::Listener|shibsp::SPConfig::InProcess),
180 unsigned long features = shibsp::SPConfig::OutOfProcess,
182 const char* config = NULL,
187 * Shuts down runtime.
189 * Each process using the library SHOULD call this function exactly once before terminating itself.
194 * Returns a ShibbolethResolver instance.
196 * @return a ShibbolethResolver instance, must be freed by the caller.
198 static ShibbolethResolver* create();
201 /** Service request. */
202 const shibsp::SPRequest* m_request;
204 /** Application ID. */
207 /** Source of identity, if known. */
208 std::string m_issuer;
210 /** Metadata protocol constant to use. */
211 xmltooling::xstring m_protocol;
214 std::vector<const xmltooling::XMLObject*> m_tokens;
216 /** Input attributes. */
217 std::vector<shibsp::Attribute*> m_inputAttributes;
220 shibsp::ServiceProvider* m_sp;
221 #ifdef SHIBRESOLVER_HAVE_GSSAPI
222 xmltooling::XMLObject* m_gsswrapper;
224 std::vector<shibsp::Attribute*> m_resolvedAttributes;
227 #if defined (_MSC_VER)
228 #pragma warning( pop )
233 #endif /* __shibresolver_h__ */