2 * The Shibboleth License, Version 1.
4 * University Corporation for Advanced Internet Development, Inc.
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions are met:
11 * Redistributions of source code must retain the above copyright notice, this
12 * list of conditions and the following disclaimer.
14 * Redistributions in binary form must reproduce the above copyright notice,
15 * this list of conditions and the following disclaimer in the documentation
16 * and/or other materials provided with the distribution, if any, must include
17 * the following acknowledgment: "This product includes software developed by
18 * the University Corporation for Advanced Internet Development
19 * <http://www.ucaid.edu>Internet2 Project. Alternately, this acknowledegement
20 * may appear in the software itself, if and wherever such third-party
21 * acknowledgments normally appear.
23 * Neither the name of Shibboleth nor the names of its contributors, nor
24 * Internet2, nor the University Corporation for Advanced Internet Development,
25 * Inc., nor UCAID may be used to endorse or promote products derived from this
26 * software without specific prior written permission. For written permission,
27 * please contact shibboleth@shibboleth.org
29 * Products derived from this software may not be called Shibboleth, Internet2,
30 * UCAID, or the University Corporation for Advanced Internet Development, nor
31 * may Shibboleth appear in their name, without prior written permission of the
32 * University Corporation for Advanced Internet Development.
35 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
36 * AND WITH ALL FAULTS. ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
37 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A
38 * PARTICULAR PURPOSE, AND NON-INFRINGEMENT ARE DISCLAIMED AND THE ENTIRE RISK
39 * OF SATISFACTORY QUALITY, PERFORMANCE, ACCURACY, AND EFFORT IS WITH LICENSEE.
40 * IN NO EVENT SHALL THE COPYRIGHT OWNER, CONTRIBUTORS OR THE UNIVERSITY
41 * CORPORATION FOR ADVANCED INTERNET DEVELOPMENT, INC. BE LIABLE FOR ANY DIRECT,
42 * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
43 * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
44 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
45 * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
46 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
47 * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
59 #ifndef __internal_h__
60 #define __internal_h__
62 #include <saml/saml.h>
63 #include <shib/shib.h>
64 #include <shib/shib-threads.h>
65 #include <openssl/ssl.h>
67 #define XMLPROVIDERS_LOGCAT "XMLProviders"
69 #define SHIB_L(s) ::XML::Literals::s
70 #define SHIB_L_QNAME(p,s) ::XML::Literals::p##_##s
72 // direct OpenSSL error content to log4cpp
75 // build an OpenSSL object out of a base-64 encoded DER buffer (XML style)
76 X509_CRL* B64_to_CRL(const char* buf);
77 X509* B64_to_X509(const char* buf);
79 class ScopedAttribute : public saml::SAMLAttribute
82 ScopedAttribute(const XMLCh* name, const XMLCh* ns, const saml::QName* type=NULL, long lifetime=0,
83 const saml::Iterator<const XMLCh*>& scopes=EMPTY(const XMLCh*),
84 const saml::Iterator<const XMLCh*>& values=EMPTY(const XMLCh*));
85 ScopedAttribute(DOMElement* e);
86 virtual ~ScopedAttribute();
88 virtual saml::SAMLObject* clone() const;
90 virtual saml::Iterator<const XMLCh*> getValues() const;
91 virtual saml::Iterator<std::string> getSingleByteValues() const;
92 virtual void setValues(const saml::Iterator<const XMLCh*>& values=EMPTY(const XMLCh*));
93 virtual void addValue(const XMLCh* value);
94 virtual void removeValue(unsigned int index);
97 virtual void valueToDOM(unsigned int index, DOMElement* e) const;
99 const XMLCh* m_originSite;
100 std::vector<const XMLCh*> m_scopes;
101 mutable std::vector<const XMLCh*> m_scopedValues;
108 static const XMLCh SHIB_NS[];
109 static const XMLCh SHIB_SCHEMA_ID[];
110 static const XMLCh SHIBMETA_NS[];
111 static const XMLCh SHIBMETA_SCHEMA_ID[];
112 static const XMLCh CREDS_NS[];
113 static const XMLCh CREDS_SCHEMA_ID[];
114 static const XMLCh TRUST_NS[];
115 static const XMLCh TRUST_SCHEMA_ID[];
116 static const XMLCh SAML2ASSERT_NS[];
117 static const XMLCh SAML2ASSERT_SCHEMA_ID[];
118 static const XMLCh SAML2META_NS[];
119 static const XMLCh SAML2META_SCHEMA_ID[];
120 static const XMLCh XMLENC_NS[];
121 static const XMLCh XMLENC_SCHEMA_ID[];
123 // ds:KeyInfo RetrievalMethods
124 static const XMLCh XMLSIG_RETMETHOD_RAWX509[]; // http://www.w3.org/2000/09/xmldsig#rawX509Certificate
125 static const XMLCh XMLSIG_RETMETHOD_RAWX509CRL[]; // http://www.w3.org/2000/09/xmldsig-more#rawX509CRL
126 static const XMLCh SHIB_RETMETHOD_PEMX509[]; // urn:mace:shibboleth:RetrievalMethod:pemX509Certificate
127 static const XMLCh SHIB_RETMETHOD_PEMX509CRL[]; // urn:mace:shibboleth:RetrievalMethod:pemX509CRL
131 // old metadata constants
132 static const XMLCh AttributeAuthority[];
133 static const XMLCh Contact[];
134 static const XMLCh Domain[];
135 static const XMLCh Email[];
136 static const XMLCh ErrorURL[];
137 static const XMLCh HandleService[];
138 static const XMLCh InvalidHandle[];
139 static const XMLCh Name[];
140 static const XMLCh OriginSite[];
141 static const XMLCh SiteGroup[];
143 static const XMLCh administrative[];
144 static const XMLCh billing[];
145 static const XMLCh other[];
146 static const XMLCh support[];
147 static const XMLCh technical[];
149 // credentials constants
150 static const XMLCh CAPath[];
151 static const XMLCh Class[];
152 static const XMLCh Credentials[];
153 static const XMLCh CustomResolver[];
154 static const XMLCh FileResolver[];
155 static const XMLCh format[];
156 static const XMLCh Id[];
157 static const XMLCh password[];
158 static const XMLCh Path[];
161 static const XMLCh Exponent[];
162 static const XMLCh KeyAuthority[];
163 static const XMLCh KeyName[];
164 static const XMLCh Modulus[];
165 static const XMLCh RetrievalMethod[];
166 static const XMLCh RSAKeyValue[];
167 static const XMLCh Trust[];
168 static const XMLCh URI[];
169 static const XMLCh VerifyDepth[];
170 static const XMLCh X509CRL[];
172 // SAML attribute constants
173 static const XMLCh Accept[];
174 static const XMLCh Alias[];
175 static const XMLCh AnyAttribute[];
176 static const XMLCh AnySite[];
177 static const XMLCh AnyValue[];
178 static const XMLCh AttributeAcceptancePolicy[];
179 static const XMLCh AttributeRule[];
180 static const XMLCh CaseSensitive[];
181 static const XMLCh Factory[];
182 static const XMLCh Header[];
183 static const XMLCh Namespace[];
184 static const XMLCh Scope[];
185 static const XMLCh Scoped[];
186 static const XMLCh SiteRule[];
187 static const XMLCh Type[];
188 static const XMLCh Value[];
190 static const XMLCh literal[];
191 static const XMLCh regexp[];
192 static const XMLCh xpath[];
194 static const XMLCh Include[];
195 static const XMLCh Exclude[];
196 static const XMLCh url[];
198 // new metadata constants
199 static const XMLCh AdditionalMetadataLocation[];
200 static const XMLCh AffiliateMember[];
201 static const XMLCh AffiliationDescriptor[];
202 static const XMLCh affiliationOwnerID[];
203 static const XMLCh Algorithm[];
204 static const XMLCh ArtifactResolutionService[];
205 static const XMLCh AssertionConsumerService[];
206 static const XMLCh AssertionIDRequestService[];
207 static const XMLCh AttributeAuthorityDescriptor[];
208 static const XMLCh AttributeConsumingService[];
209 static const XMLCh AttributeProfile[];
210 static const XMLCh AttributeService[];
211 static const XMLCh AuthnAuthorityDescriptor[];
212 static const XMLCh AuthnQueryService[];
213 static const XMLCh AuthnRequestsSigned[];
214 static const XMLCh AuthzService[];
215 static const XMLCh cacheDuration[];
216 static const XMLCh Company[];
217 static const XMLCh ContactPerson[];
218 static const XMLCh contactType[];
219 static const XMLCh DigestMethod[];
220 static const XMLCh EmailAddress[];
221 static const XMLCh encryption[];
222 static const XMLCh EncryptionMethod[];
223 static const XMLCh EntitiesDescriptor[];
224 static const XMLCh EntityDescriptor[];
225 static const XMLCh entityID[];
226 static const XMLCh errorURL[];
227 static const XMLCh Extensions[];
228 static const XMLCh GivenName[];
229 static const XMLCh IDPSSODescriptor[];
230 static const XMLCh index[];
231 static const XMLCh isDefault[];
232 static const XMLCh isRequired[];
233 static const XMLCh KeyDescriptor[];
234 static const XMLCh KeySize[];
235 static const XMLCh ManageNameIDService[];
236 static const XMLCh _namespace[];
237 static const XMLCh NameFormat[];
238 static const XMLCh NameIDFormat[];
239 static const XMLCh NameIDMappingService[];
240 static const XMLCh OAEParams[];
241 static const XMLCh Organization[];
242 static const XMLCh OrganizationName[];
243 static const XMLCh OrganizationDisplayName[];
244 static const XMLCh OrganizationURL[];
245 static const XMLCh PDPDescriptor[];
246 static const XMLCh protocolSupportEnumeration[];
247 static const XMLCh RequestedAttribute[];
248 static const XMLCh ResponseLocation[];
249 static const XMLCh RoleDescriptor[];
250 static const XMLCh ServiceDescription[];
251 static const XMLCh ServiceName[];
252 static const XMLCh signing[];
253 static const XMLCh SingleLogoutService[];
254 static const XMLCh SingleSignOnService[];
255 static const XMLCh SourceID[];
256 static const XMLCh SPSSODescriptor[];
257 static const XMLCh SurName[];
258 static const XMLCh TelephoneNumber[];
259 static const XMLCh use[];
260 static const XMLCh validUntil[];
261 static const XMLCh WantAuthnRequestsSigned[];
262 static const XMLCh WantAssertionsSigned[];