#ifndef SHIB_TARGET_H
#define SHIB_TARGET_H
+// New headers
+#include <shibsp/base.h>
+#include <shibsp/ListenerService.h>
+#include <shibsp/PropertySet.h>
+#include <saml/saml2/metadata/MetadataProvider.h>
+#include <xmltooling/security/TrustEngine.h>
+
+// Old headers
#include <saml/saml.h>
#include <shib/shib.h>
-#include <shib/shib-threads.h>
#ifdef WIN32
# ifndef SHIBTARGET_EXPORTS
# define SHIBTARGET_EXPORTS
#endif
-#include <shib-target/ddf.h>
-
namespace shibtarget {
- DECLARE_SAML_EXCEPTION(SHIBTARGET_EXPORTS,ListenerException,SAMLException);
- DECLARE_SAML_EXCEPTION(SHIBTARGET_EXPORTS,ConfigurationException,SAMLException);
-
// Abstract APIs for access to configuration information
- /**
- * Interface to a generic set of typed properties or a DOM container of additional
- * data.
- */
- struct SHIBTARGET_EXPORTS IPropertySet
- {
- virtual std::pair<bool,bool> getBool(const char* name, const char* ns=NULL) const=0;
- virtual std::pair<bool,const char*> getString(const char* name, const char* ns=NULL) const=0;
- virtual std::pair<bool,const XMLCh*> getXMLString(const char* name, const char* ns=NULL) const=0;
- virtual std::pair<bool,unsigned int> getUnsignedInt(const char* name, const char* ns=NULL) const=0;
- virtual std::pair<bool,int> getInt(const char* name, const char* ns=NULL) const=0;
- virtual const IPropertySet* getPropertySet(const char* name, const char* ns="urn:mace:shibboleth:target:config:1.0") const=0;
- virtual const DOMElement* getElement() const=0;
- virtual ~IPropertySet() {}
- };
-
// Forward declaration
class SHIBTARGET_EXPORTS ShibTarget;
{
IHandler() : m_props(NULL) {}
virtual ~IHandler() {}
- virtual const IPropertySet* getProperties() const { return m_props; }
- virtual void setProperties(const IPropertySet* properties) { m_props=properties; }
+ virtual const shibsp::PropertySet* getProperties() const { return m_props; }
+ virtual void setProperties(const shibsp::PropertySet* properties) { m_props=properties; }
virtual std::pair<bool,void*> run(ShibTarget* st, bool isHandler=true) const=0;
private:
- const IPropertySet* m_props;
+ const shibsp::PropertySet* m_props;
};
/**
* Application. Implementations should always expose an application named "default"
* as a last resort.
*/
- struct SHIBTARGET_EXPORTS IApplication : public virtual IPropertySet,
+ struct SHIBTARGET_EXPORTS IApplication : public virtual shibsp::PropertySet,
public virtual shibboleth::ShibBrowserProfile::ITokenValidator
{
virtual const char* getId() const=0;
virtual saml::Iterator<saml::SAMLAttributeDesignator*> getAttributeDesignators() const=0;
virtual saml::Iterator<shibboleth::IAAP*> getAAPProviders() const=0;
- virtual saml::Iterator<shibboleth::IMetadata*> getMetadataProviders() const=0;
- virtual saml::Iterator<shibboleth::ITrust*> getTrustProviders() const=0;
+ virtual opensaml::saml2md::MetadataProvider* getMetadataProvider() const=0;
+ virtual xmltooling::TrustEngine* getTrustEngine() const=0;
virtual saml::Iterator<const XMLCh*> getAudiences() const=0;
- virtual const IPropertySet* getCredentialUse(const shibboleth::IEntityDescriptor* provider) const=0;
+ virtual const shibsp::PropertySet* getCredentialUse(const opensaml::saml2md::EntityDescriptor* provider) const=0;
// caller is borrowing object, must use within scope of config lock
virtual const saml::SAMLBrowserProfile* getBrowserProfile() const=0;
virtual void validateToken(
saml::SAMLAssertion* token,
time_t t=0,
- const shibboleth::IRoleDescriptor* role=NULL,
- const saml::Iterator<shibboleth::ITrust*>& trusts=EMPTY(shibboleth::ITrust*)
+ const opensaml::saml2md::RoleDescriptor* role=NULL,
+ const xmltooling::TrustEngine* trust=NULL
) const=0;
// Used to locate a default or designated session initiator for automatic sessions
class ShibHTTPHook : virtual public saml::SAMLSOAPHTTPBinding::HTTPHook
{
public:
- ShibHTTPHook(const saml::Iterator<shibboleth::ITrust*>& trusts, const saml::Iterator<shibboleth::ICredentials*>& creds)
- : m_trusts(trusts), m_creds(creds) {}
+ ShibHTTPHook(const xmltooling::TrustEngine* trust, const saml::Iterator<shibboleth::ICredentials*>& creds)
+ : m_trust(trust), m_creds(creds) {}
virtual ~ShibHTTPHook() {}
// Only hook we need here is for outgoing connection to server.
// Client declares a context object and pass as callCtx to send() method.
class ShibHTTPHookCallContext {
public:
- ShibHTTPHookCallContext(const IPropertySet* credUse, const shibboleth::IRoleDescriptor* role)
+ ShibHTTPHookCallContext(const shibsp::PropertySet* credUse, const opensaml::saml2md::RoleDescriptor* role)
: m_credUse(credUse), m_role(role), m_hook(NULL), m_authenticated(false) {}
const ShibHTTPHook* getHook() {return m_hook;}
- const IPropertySet* getCredentialUse() {return m_credUse;}
- const shibboleth::IRoleDescriptor* getRoleDescriptor() {return m_role;}
+ const shibsp::PropertySet* getCredentialUse() {return m_credUse;}
+ const opensaml::saml2md::RoleDescriptor* getRoleDescriptor() {return m_role;}
bool isAuthenticated() const {return m_authenticated;}
void setAuthenticated() {m_authenticated=true;}
private:
- const IPropertySet* m_credUse;
- const shibboleth::IRoleDescriptor* m_role;
+ const shibsp::PropertySet* m_credUse;
+ const opensaml::saml2md::RoleDescriptor* m_role;
ShibHTTPHook* m_hook;
bool m_authenticated;
friend class ShibHTTPHook;
};
- const saml::Iterator<shibboleth::ITrust*>& getTrustProviders() const {return m_trusts;}
+ const xmltooling::TrustEngine* getTrustEngine() const {return m_trust;}
const saml::Iterator<shibboleth::ICredentials*>& getCredentialProviders() const {return m_creds;}
private:
- saml::Iterator<shibboleth::ITrust*> m_trusts;
+ const xmltooling::TrustEngine* m_trust;
saml::Iterator<shibboleth::ICredentials*> m_creds;
};
{
virtual std::string insert(
const IApplication* application,
- const shibboleth::IEntityDescriptor* source,
+ const opensaml::saml2md::RoleDescriptor* source,
const char* client_addr,
const saml::SAMLSubject* subject,
const char* authnContext,
};
/**
- * Interface to a remoted service
- *
- * Plugins that support remoted messages delivered by the IListener runtime
- * support this interface and register themselves with the runtime to receive
- * particular messages.
- */
- struct SHIBTARGET_EXPORTS IRemoted : public virtual saml::IPlugIn
- {
- virtual DDF receive(const DDF& in)=0;
- virtual ~IRemoted() {}
- };
-
- /**
- * Interface to the remoting engine
- *
- * A listener supports the remoting of DDF objects, which are dynamic data trees
- * that interface implementations can use to remote themselves by calling an
- * out-of-process peer implementation with arbitrary data to carry out tasks
- * on the implementation's behalf that require isolation from the dynamic process
- * fluctuations that web servers are prone to. The ability to pass arbitrary data
- * trees across the boundary allows arbitrary separation of duty between the
- * in-process and out-of-process "halves". The implementation is responsible
- * for marshalling and transmitting messages, as well as managing connections
- * and communication errors.
- */
- class SHIBTARGET_EXPORTS IListener : public virtual IRemoted
- {
- public:
- virtual DDF send(const DDF& in)=0;
- virtual DDF receive(const DDF& in);
- virtual ~IListener() {}
-
- // Remoted classes register and unregister for messages using these methods.
- // Registration returns any existing listeners, allowing message hooking.
- virtual IRemoted* regListener(const char* address, IRemoted* listener);
- virtual bool unregListener(const char* address, IRemoted* current, IRemoted* restore=NULL);
- virtual IRemoted* lookup(const char* address) const;
-
- // OutOfProcess servers can implement server-side transport handling by
- // calling the run method and supplying a flag to monitor for shutdown.
- virtual bool run(bool* shutdown)=0;
-
- private:
- std::map<std::string,IRemoted*> m_listenerMap;
- };
-
- /**
* Interface to an access control plugin
*
* Access control plugins return authorization decisions based on the intersection
*/
struct SHIBTARGET_EXPORTS IRequestMapper : public virtual saml::ILockable, public virtual saml::IPlugIn
{
- typedef std::pair<const IPropertySet*,IAccessControl*> Settings;
+ typedef std::pair<const shibsp::PropertySet*,IAccessControl*> Settings;
virtual Settings getSettings(ShibTarget* st) const=0;
virtual ~IRequestMapper() {}
};
- struct SHIBTARGET_EXPORTS IConfig : public virtual saml::ILockable, public virtual IPropertySet, public virtual saml::IPlugIn
+ struct SHIBTARGET_EXPORTS IConfig : public virtual saml::ILockable, public virtual shibsp::PropertySet, public virtual saml::IPlugIn
{
// loads initial configuration
virtual void init()=0;
- virtual IListener* getListener() const=0;
+ virtual shibsp::ListenerService* getListener() const=0;
virtual ISessionCache* getSessionCache() const=0;
virtual saml::IReplayCache* getReplayCache() const=0;
virtual IRequestMapper* getRequestMapper() const=0;
class SHIBTARGET_EXPORTS ShibTargetConfig
{
public:
- ShibTargetConfig() : m_ini(NULL), m_features(0) {}
+ ShibTargetConfig() : m_ini(NULL) {}
virtual ~ShibTargetConfig() {}
virtual bool init(const char* schemadir) = 0;
virtual bool load(const char* config) = 0;
virtual void shutdown() = 0;
- enum components_t {
- Listener = 1,
- Caching = 2,
- Metadata = 4,
- Trust = 8,
- Credentials = 16,
- AAP = 32,
- RequestMapper = 64,
- OutOfProcess = 128,
- InProcess = 256,
- Logging = 512
- };
- void setFeatures(long enabled) {m_features = enabled;}
- bool isEnabled(components_t feature) {return (m_features & feature)>0;}
virtual IConfig* getINI() const {return m_ini;}
static ShibTargetConfig& getConfig();
protected:
IConfig* m_ini;
-
- private:
- unsigned long m_features;
};
class ShibTargetPriv;
// Determine the effective handler URL based on the resource URL
virtual std::string getHandlerURL(const char* resource) const;
- static void url_decode(char* s);
- static std::string url_encode(const char* s);
-
protected:
ShibTarget();
static const char htAccessControlType[]; // Apache-specific .htaccess authz module
static const char XMLAccessControlType[]; // Proprietary but portable XML authz syntax
- // Listener implementations
- static const char TCPListenerType[]; // ONC RPC via TCP socket
- static const char UnixListenerType[]; // ONC RPC via domain socker
- static const char MemoryListenerType[]; // "faked" in-process marshalling
-
struct SHIBTARGET_EXPORTS Literals
{
static const XMLCh AAPProvider[];
static const XMLCh UnixListener[];
};
};
-
-
- // Template cleanup functors for use with for_each algorithm
- template<class T> struct cleanup
- {
- void operator()(T* ptr) {delete ptr;}
- void operator()(const T* ptr) {delete const_cast<T*>(ptr);}
- };
-
- template<class A,class B> struct cleanup_pair
- {
- void operator()(std::pair<A,B*> p) {delete p.second;}
- };
}
#endif /* SHIB_TARGET_H */