* Shibboleth NSAPI filter
*/
+#define SHIBSP_LITE
+
#if defined (_MSC_VER) || defined(__BORLANDC__)
# include "config_win32.h"
#else
#include <shibsp/AbstractSPRequest.h>
#include <shibsp/RequestMapper.h>
#include <shibsp/SPConfig.h>
+#include <shibsp/ServiceProvider.h>
+#include <xmltooling/XMLToolingConfig.h>
#include <xmltooling/util/NDC.h>
#include <xmltooling/util/Threads.h>
-
-#include <shib-target/shib-target.h>
+#include <xmltooling/util/XMLConstants.h>
+#include <xmltooling/util/XMLHelper.h>
+#include <xercesc/util/XMLUniDefs.hpp>
#include <fstream>
#include <sstream>
if (IO_ERROR==net_write(sn->csd,str,strlen(str))) return REQ_EXIT
namespace {
- shibtarget::ShibTargetConfig* g_Config=NULL;
+ SPConfig* g_Config=NULL;
string g_ServerName;
string g_ServerScheme;
string g_unsetHeaderValue;
+
+ static const XMLCh path[] = UNICODE_LITERAL_4(p,a,t,h);
+ static const XMLCh validate[] = UNICODE_LITERAL_8(v,a,l,i,d,a,t,e);
}
-PluginManager<RequestMapper,const DOMElement*>::Factory SunRequestMapFactory;
+PluginManager<RequestMapper,string,const xercesc::DOMElement*>::Factory SunRequestMapFactory;
extern "C" NSAPI_PUBLIC void nsapi_shib_exit(void*)
{
if (g_Config)
- g_Config->shutdown();
+ g_Config->term();
g_Config = NULL;
}
log_error(LOG_INFORM,"nsapi_shib_init",sn,rq,"nsapi_shib loaded for host (%s)",g_ServerName.c_str());
-#ifndef _DEBUG
- try {
-#endif
- const char* schemadir=pblock_findval("shib-schemas",pb);
- if (!schemadir)
- schemadir=getenv("SHIBSCHEMAS");
- if (!schemadir)
- schemadir=SHIB_SCHEMAS;
- const char* config=pblock_findval("shib-config",pb);
- if (!config)
- config=getenv("SHIBCONFIG");
- if (!config)
- config=SHIB_CONFIG;
- g_Config=&shibtarget::ShibTargetConfig::getConfig();
- SPConfig::getConfig().setFeatures(
- SPConfig::Listener |
- SPConfig::Caching |
- SPConfig::Metadata |
- SPConfig::AAP |
- SPConfig::RequestMapping |
- SPConfig::InProcess |
- SPConfig::Logging
- );
- if (!g_Config->init(schemadir)) {
- g_Config=NULL;
- pblock_nvinsert("error","unable to initialize Shibboleth libraries",pb);
- return REQ_ABORTED;
- }
-
- SPConfig::getConfig().RequestMapperManager.registerFactory(XML_REQUEST_MAPPER,&SunRequestMapFactory);
-
- if (!g_Config->load(config)) {
- g_Config=NULL;
- pblock_nvinsert("error","unable to initialize load Shibboleth configuration",pb);
- return REQ_ABORTED;
- }
+ const char* schemadir=pblock_findval("shib-schemas",pb);
+ if (!schemadir)
+ schemadir=getenv("SHIBSP_SCHEMAS");
+ if (!schemadir)
+ schemadir=SHIBSP_SCHEMAS;
+ const char* config=pblock_findval("shib-config",pb);
+ if (!config)
+ config=getenv("SHIBSP_CONFIG");
+ if (!config)
+ config=SHIBSP_CONFIG;
+ g_Config=&SPConfig::getConfig();
+ g_Config->setFeatures(
+ SPConfig::Listener |
+ SPConfig::Caching |
+ SPConfig::RequestMapping |
+ SPConfig::InProcess |
+ SPConfig::Logging
+ );
+ if (!g_Config->init(schemadir)) {
+ g_Config=NULL;
+ pblock_nvinsert("error","unable to initialize Shibboleth libraries",pb);
+ return REQ_ABORTED;
+ }
- daemon_atrestart(nsapi_shib_exit,NULL);
+ g_Config->RequestMapperManager.registerFactory(XML_REQUEST_MAPPER,&SunRequestMapFactory);
- ServiceProvider* conf=SPConfig::getConfig().getServiceProvider();
- Locker locker(conf);
- const PropertySet* props=conf->getPropertySet("Local");
- if (props) {
- pair<bool,const char*> unsetValue=props->getString("unsetHeaderValue");
- if (unsetValue.first)
- g_unsetHeaderValue = unsetValue.second;
- }
-#ifndef _DEBUG
+ try {
+ xercesc::DOMDocument* dummydoc=XMLToolingConfig::getConfig().getParser().newDocument();
+ XercesJanitor<xercesc::DOMDocument> docjanitor(dummydoc);
+ xercesc::DOMElement* dummy = dummydoc->createElementNS(NULL,path);
+ auto_ptr_XMLCh src(config);
+ dummy->setAttributeNS(NULL,path,src.get());
+ dummy->setAttributeNS(NULL,validate,xmlconstants::XML_ONE);
+
+ g_Config->setServiceProvider(g_Config->ServiceProviderManager.newPlugin(XML_SERVICE_PROVIDER,dummy));
+ g_Config->getServiceProvider()->init();
}
- catch (...) {
+ catch (exception& ex) {
+ pblock_nvinsert("error",ex.what(),pb);
+ g_Config->term();
g_Config=NULL;
- pblock_nvinsert("error","caught exception, unable to initialize Shibboleth libraries",pb);
return REQ_ABORTED;
}
-#endif
+
+ daemon_atrestart(nsapi_shib_exit,NULL);
+
+ ServiceProvider* sp=g_Config->getServiceProvider();
+ Locker locker(sp);
+ const PropertySet* props=sp->getPropertySet("Local");
+ if (props) {
+ pair<bool,const char*> unsetValue=props->getString("unsetHeaderValue");
+ if (unsetValue.first)
+ g_unsetHeaderValue = unsetValue.second;
+ }
return REQ_PROCEED;
}
string m_uri;
mutable string m_body;
mutable bool m_gotBody;
- vector<XSECCryptoX509*> m_certs;
+ vector<string> m_certs;
public:
ShibTargetNSAPI(pblock* pb, ::Session* sn, Request* rq) : m_gotBody(false) {
if (m_gotBody)
return m_body.c_str();
char* content_length=NULL;
- if (request_header("content-length", &content_length, m_sn, m_rq)!=REQ_PROCEED ||
- atoi(content_length) > 1024*1024) // 1MB?
- throw opensaml::BindingException("Blocked POST request body exceeding size limit.");
+ if (request_header("content-length", &content_length, m_sn, m_rq)!=REQ_PROCEED || atoi(content_length) > 1024*1024) // 1MB?
+ throw opensaml::SecurityPolicyException("Blocked request body exceeding 1M size limit.");
else {
char ch=IO_EOF+1;
int cl=atoi(content_length);
cl--;
}
if (cl)
- throw opensaml::BindingException("Error reading POST request body from browser.");
+ throw IOException("Error reading request body from browser.");
return m_body.c_str();
}
}
}
long returnDecline() { return REQ_NOACTION; }
long returnOK() { return REQ_PROCEED; }
- const vector<XSECCryptoX509*>& getClientCertificates() const {
+ const vector<string>& getClientCertificates() const {
return m_certs;
}
class SunRequestMapper : public virtual RequestMapper, public virtual PropertySet
{
public:
- SunRequestMapper(const DOMElement* e);
+ SunRequestMapper(const xercesc::DOMElement* e);
~SunRequestMapper() { delete m_mapper; delete m_stKey; delete m_propsKey; }
Lockable* lock() { return m_mapper->lock(); }
void unlock() { m_stKey->setData(NULL); m_propsKey->setData(NULL); m_mapper->unlock(); }
Settings getSettings(const SPRequest& request) const;
+ void setParent(const PropertySet*) {}
pair<bool,bool> getBool(const char* name, const char* ns=NULL) const;
pair<bool,const char*> getString(const char* name, const char* ns=NULL) const;
pair<bool,const XMLCh*> getXMLString(const char* name, const char* ns=NULL) const;
pair<bool,unsigned int> getUnsignedInt(const char* name, const char* ns=NULL) const;
pair<bool,int> getInt(const char* name, const char* ns=NULL) const;
- const PropertySet* getPropertySet(const char* name, const char* ns="urn:mace:shibboleth:target:config:1.0") const;
- const DOMElement* getElement() const;
+ const PropertySet* getPropertySet(const char* name, const char* ns="urn:mace:shibboleth:2.0:native:sp:config") const;
+ const xercesc::DOMElement* getElement() const;
private:
RequestMapper* m_mapper;
ThreadKey* m_propsKey;
};
-RequestMapper* SunRequestMapFactory(const DOMElement* const & e)
+RequestMapper* SunRequestMapFactory(const xercesc::DOMElement* const & e)
{
return new SunRequestMapper(e);
}
-SunRequestMapper::SunRequestMapper(const DOMElement* e) : m_mapper(NULL), m_stKey(NULL), m_propsKey(NULL)
+SunRequestMapper::SunRequestMapper(const xercesc::DOMElement* e) : m_mapper(NULL), m_stKey(NULL), m_propsKey(NULL)
{
m_mapper = SPConfig::getConfig().RequestMapperManager.newPlugin(XML_REQUEST_MAPPER,e);
m_stKey=ThreadKey::create(NULL);
return s ? s->getPropertySet(name,ns) : NULL;
}
-const DOMElement* SunRequestMapper::getElement() const
+const xercesc::DOMElement* SunRequestMapper::getElement() const
{
const PropertySet* s=reinterpret_cast<const PropertySet*>(m_propsKey->getData());
return s ? s->getElement() : NULL;