#include "SessionCache.h"\r
#include "SPConfig.h"\r
#include "SPRequest.h"\r
-#include "TransactionLog.h"\r
-#include "attribute/resolver/AttributeResolver.h"\r
-#include "handler/Handler.h"\r
+#include "handler/SessionInitiator.h"\r
#include "remoting/ListenerService.h"\r
-#include "security/PKIXTrustEngine.h"\r
#include "util/DOMPropertySet.h"\r
#include "util/SPConstants.h"\r
\r
-#include <sys/types.h>\r
-#include <sys/stat.h>\r
#include <log4cpp/Category.hh>\r
#include <log4cpp/PropertyConfigurator.hh>\r
-#include <saml/SAMLConfig.h>\r
-#include <saml/binding/ArtifactMap.h>\r
-#include <saml/saml1/core/Assertions.h>\r
-#include <saml/saml2/metadata/ChainingMetadataProvider.h>\r
+#include <xercesc/util/XMLUniDefs.hpp>\r
#include <xmltooling/XMLToolingConfig.h>\r
-#include <xmltooling/security/ChainingTrustEngine.h>\r
#include <xmltooling/util/NDC.h>\r
#include <xmltooling/util/ReloadableXMLFile.h>\r
+#include <xmltooling/util/XMLHelper.h>\r
+\r
+#ifndef SHIBSP_LITE\r
+# include "TransactionLog.h"\r
+# include "attribute/filtering/AttributeFilter.h"\r
+# include "attribute/resolver/AttributeExtractor.h"\r
+# include "attribute/resolver/AttributeResolver.h"\r
+# include "security/PKIXTrustEngine.h"\r
+# include <saml/SAMLConfig.h>\r
+# include <saml/binding/ArtifactMap.h>\r
+# include <saml/saml1/core/Assertions.h>\r
+# include <saml/saml2/metadata/ChainingMetadataProvider.h>\r
+# include <xmltooling/security/ChainingTrustEngine.h>\r
#include <xmltooling/util/ReplayCache.h>\r
-\r
-using namespace shibsp;\r
using namespace opensaml::saml2;\r
using namespace opensaml::saml2md;\r
using namespace opensaml;\r
+#endif\r
+\r
+using namespace shibsp;\r
using namespace xmltooling;\r
using namespace log4cpp;\r
using namespace std;\r
#pragma warning( disable : 4250 )\r
#endif\r
\r
- class SHIBSP_DLLLOCAL TokenValidator : public Validator\r
- {\r
- public:\r
- TokenValidator(const Application& app, time_t ts=0, const RoleDescriptor* role=NULL) : m_app(app), m_ts(ts), m_role(role) {}\r
- void validate(const XMLObject*) const;\r
-\r
- private:\r
- const Application& m_app;\r
- time_t m_ts;\r
- const RoleDescriptor* m_role;\r
- };\r
-\r
static vector<const Handler*> g_noHandlers;\r
\r
// Application configuration wrapper\r
XMLApplication(const ServiceProvider*, const DOMElement* e, const XMLApplication* base=NULL);\r
~XMLApplication() { cleanup(); }\r
\r
- // PropertySet\r
- pair<bool,bool> getBool(const char* name, const char* ns=NULL) const;\r
- pair<bool,const char*> getString(const char* name, const char* ns=NULL) const;\r
- pair<bool,const XMLCh*> getXMLString(const char* name, const char* ns=NULL) const;\r
- pair<bool,unsigned int> getUnsignedInt(const char* name, const char* ns=NULL) const;\r
- pair<bool,int> getInt(const char* name, const char* ns=NULL) const;\r
- const PropertySet* getPropertySet(const char* name, const char* ns="urn:mace:shibboleth:sp:config:2.0") const;\r
-\r
// Application\r
const ServiceProvider& getServiceProvider() const {return *m_sp;}\r
const char* getId() const {return getString("id").second;}\r
const char* getHash() const {return m_hash.c_str();}\r
\r
- MetadataProvider* getMetadataProvider() const {\r
+#ifndef SHIBSP_LITE\r
+ MetadataProvider* getMetadataProvider(bool required=true) const {\r
+ if (required && !m_base && !m_metadata)\r
+ throw ConfigurationException("No MetadataProvider available.");\r
return (!m_metadata && m_base) ? m_base->getMetadataProvider() : m_metadata;\r
}\r
- TrustEngine* getTrustEngine() const {\r
+ TrustEngine* getTrustEngine(bool required=true) const {\r
+ if (required && !m_base && !m_trust)\r
+ throw ConfigurationException("No TrustEngine available.");\r
return (!m_trust && m_base) ? m_base->getTrustEngine() : m_trust;\r
}\r
+ AttributeExtractor* getAttributeExtractor() const {\r
+ return (!m_attrExtractor && m_base) ? m_base->getAttributeExtractor() : m_attrExtractor;\r
+ }\r
+ AttributeFilter* getAttributeFilter() const {\r
+ return (!m_attrFilter && m_base) ? m_base->getAttributeFilter() : m_attrFilter;\r
+ }\r
AttributeResolver* getAttributeResolver() const {\r
return (!m_attrResolver && m_base) ? m_base->getAttributeResolver() : m_attrResolver;\r
}\r
+ CredentialResolver* getCredentialResolver() const {\r
+ return (!m_credResolver && m_base) ? m_base->getCredentialResolver() : m_credResolver;\r
+ }\r
+ const PropertySet* getRelyingParty(const EntityDescriptor* provider) const;\r
+ const vector<const XMLCh*>& getAudiences() const {\r
+ return (m_audiences.empty() && m_base) ? m_base->getAudiences() : m_audiences;\r
+ }\r
+#endif\r
+ const set<string>& getRemoteUserAttributeIds() const {\r
+ return (m_attributeIds.empty() && m_base) ? m_base->getRemoteUserAttributeIds() : m_attributeIds;\r
+ }\r
\r
- const PropertySet* getCredentialUse(const EntityDescriptor* provider) const;\r
-\r
- const Handler* getDefaultSessionInitiator() const;\r
- const Handler* getSessionInitiatorById(const char* id) const;\r
+ const SessionInitiator* getDefaultSessionInitiator() const;\r
+ const SessionInitiator* getSessionInitiatorById(const char* id) const;\r
const Handler* getDefaultAssertionConsumerService() const;\r
const Handler* getAssertionConsumerServiceByIndex(unsigned short index) const;\r
const vector<const Handler*>& getAssertionConsumerServicesByBinding(const XMLCh* binding) const;\r
const Handler* getHandler(const char* path) const;\r
\r
- const vector<const XMLCh*>& getAudiences() const {\r
- return (m_audiences.empty() && m_base) ? m_base->getAudiences() : m_audiences;\r
- }\r
- Validator* getTokenValidator(time_t ts=0, const opensaml::saml2md::RoleDescriptor* role=NULL) const {\r
- return new TokenValidator(*this, ts, role);\r
- }\r
-\r
// Provides filter to exclude special config elements.\r
short acceptNode(const DOMNode* node) const;\r
\r
const ServiceProvider* m_sp; // this is ok because its locking scope includes us\r
const XMLApplication* m_base;\r
string m_hash;\r
+#ifndef SHIBSP_LITE\r
MetadataProvider* m_metadata;\r
TrustEngine* m_trust;\r
+ AttributeExtractor* m_attrExtractor;\r
+ AttributeFilter* m_attrFilter;\r
AttributeResolver* m_attrResolver;\r
+ CredentialResolver* m_credResolver;\r
vector<const XMLCh*> m_audiences;\r
+#endif\r
+ set<string> m_attributeIds;\r
\r
// manage handler objects\r
vector<Handler*> m_handlers;\r
#endif\r
ACSBindingMap m_acsBindingMap;\r
\r
- // maps unique ID strings to session initiators\r
- map<string,const Handler*> m_sessionInitMap;\r
-\r
// pointer to default session initiator\r
- const Handler* m_sessionInitDefault;\r
+ const SessionInitiator* m_sessionInitDefault;\r
+\r
+ // maps unique ID strings to session initiators\r
+ map<string,const SessionInitiator*> m_sessionInitMap;\r
\r
- DOMPropertySet* m_credDefault;\r
+#ifndef SHIBSP_LITE\r
+ // RelyingParty properties\r
+ DOMPropertySet* m_partyDefault;\r
#ifdef HAVE_GOOD_STL\r
- map<xstring,PropertySet*> m_credMap;\r
+ map<xstring,PropertySet*> m_partyMap;\r
#else\r
- map<const XMLCh*,PropertySet*> m_credMap;\r
+ map<const XMLCh*,PropertySet*> m_partyMap;\r
+#endif\r
#endif\r
};\r
\r
class SHIBSP_DLLLOCAL XMLConfigImpl : public DOMPropertySet, public DOMNodeFilter\r
{\r
public:\r
- XMLConfigImpl(const DOMElement* e, bool first, const XMLConfig* outer);\r
+ XMLConfigImpl(const DOMElement* e, bool first, const XMLConfig* outer, Category& log);\r
~XMLConfigImpl();\r
\r
RequestMapper* m_requestMapper;\r
map<string,Application*> m_appmap;\r
- map<string,CredentialResolver*> m_credResolverMap;\r
+#ifndef SHIBSP_LITE\r
map< string,pair< PropertySet*,vector<const SecurityPolicyRule*> > > m_policyMap;\r
+#endif\r
\r
// Provides filter to exclude special config elements.\r
short acceptNode(const DOMNode* node) const;\r
class SHIBSP_DLLLOCAL XMLConfig : public ServiceProvider, public ReloadableXMLFile\r
{\r
public:\r
- XMLConfig(const DOMElement* e)\r
- : ReloadableXMLFile(e), m_impl(NULL), m_listener(NULL), m_sessionCache(NULL), m_tranLog(NULL) {\r
+ XMLConfig(const DOMElement* e) : ReloadableXMLFile(e, Category::getInstance(SHIBSP_LOGCAT".Config")),\r
+ m_impl(NULL), m_listener(NULL), m_sessionCache(NULL)\r
+#ifndef SHIBSP_LITE\r
+ , m_tranLog(NULL)\r
+#endif\r
+ {\r
}\r
\r
void init() {\r
delete m_impl;\r
delete m_sessionCache;\r
delete m_listener;\r
+#ifndef SHIBSP_LITE\r
delete m_tranLog;\r
- XMLToolingConfig::getConfig().setReplayCache(NULL);\r
SAMLConfig::getConfig().setArtifactMap(NULL);\r
for_each(m_storage.begin(), m_storage.end(), cleanup_pair<string,StorageService>());\r
+#endif\r
+ XMLToolingConfig::getConfig().setReplayCache(NULL);\r
}\r
\r
// PropertySet\r
+ void setParent(const PropertySet* parent) {return m_impl->setParent(parent);}\r
pair<bool,bool> getBool(const char* name, const char* ns=NULL) const {return m_impl->getBool(name,ns);}\r
pair<bool,const char*> getString(const char* name, const char* ns=NULL) const {return m_impl->getString(name,ns);}\r
pair<bool,const XMLCh*> getXMLString(const char* name, const char* ns=NULL) const {return m_impl->getXMLString(name,ns);}\r
pair<bool,unsigned int> getUnsignedInt(const char* name, const char* ns=NULL) const {return m_impl->getUnsignedInt(name,ns);}\r
pair<bool,int> getInt(const char* name, const char* ns=NULL) const {return m_impl->getInt(name,ns);}\r
- const PropertySet* getPropertySet(const char* name, const char* ns="urn:mace:shibboleth:sp:config:2.0") const {return m_impl->getPropertySet(name,ns);}\r
+ const PropertySet* getPropertySet(const char* name, const char* ns="urn:mace:shibboleth:2.0:native:sp:config") const {return m_impl->getPropertySet(name,ns);}\r
const DOMElement* getElement() const {return m_impl->getElement();}\r
\r
// ServiceProvider\r
+#ifndef SHIBSP_LITE\r
TransactionLog* getTransactionLog() const {\r
if (m_tranLog)\r
return m_tranLog;\r
}\r
return NULL;\r
}\r
+#endif\r
\r
ListenerService* getListenerService(bool required=true) const {\r
if (required && !m_listener)\r
return (i!=m_impl->m_appmap.end()) ? i->second : NULL;\r
}\r
\r
- CredentialResolver* getCredentialResolver(const char* id) const {\r
- if (id) {\r
- map<string,CredentialResolver*>::const_iterator i=m_impl->m_credResolverMap.find(id);\r
- if (i!=m_impl->m_credResolverMap.end())\r
- return i->second;\r
- }\r
- return NULL;\r
- }\r
-\r
+#ifndef SHIBSP_LITE\r
const PropertySet* getPolicySettings(const char* id) const {\r
map<string,pair<PropertySet*,vector<const SecurityPolicyRule*> > >::const_iterator i = m_impl->m_policyMap.find(id);\r
if (i!=m_impl->m_policyMap.end())\r
return i->second.second;\r
throw ConfigurationException("Security Policy ($1) not found, check <SecurityPolicies> element.", params(1,id));\r
}\r
+#endif\r
\r
protected:\r
pair<bool,DOMElement*> load();\r
XMLConfigImpl* m_impl;\r
mutable ListenerService* m_listener;\r
mutable SessionCache* m_sessionCache;\r
+#ifndef SHIBSP_LITE\r
mutable TransactionLog* m_tranLog;\r
mutable map<string,StorageService*> m_storage;\r
+#endif\r
};\r
\r
#if defined (_MSC_VER)\r
static const XMLCh _Application[] = UNICODE_LITERAL_11(A,p,p,l,i,c,a,t,i,o,n);\r
static const XMLCh Applications[] = UNICODE_LITERAL_12(A,p,p,l,i,c,a,t,i,o,n,s);\r
static const XMLCh _ArtifactMap[] = UNICODE_LITERAL_11(A,r,t,i,f,a,c,t,M,a,p);\r
+ static const XMLCh _AttributeExtractor[] = UNICODE_LITERAL_18(A,t,t,r,i,b,u,t,e,E,x,t,r,a,c,t,o,r);\r
+ static const XMLCh _AttributeFilter[] = UNICODE_LITERAL_15(A,t,t,r,i,b,u,t,e,F,i,l,t,e,r);\r
static const XMLCh _AttributeResolver[] = UNICODE_LITERAL_17(A,t,t,r,i,b,u,t,e,R,e,s,o,l,v,e,r);\r
- static const XMLCh Credentials[] = UNICODE_LITERAL_11(C,r,e,d,e,n,t,i,a,l,s);\r
- static const XMLCh CredentialUse[] = UNICODE_LITERAL_13(C,r,e,d,e,n,t,i,a,l,U,s,e);\r
+ static const XMLCh _AssertionConsumerService[] = UNICODE_LITERAL_24(A,s,s,e,r,t,i,o,n,C,o,n,s,u,m,e,r,S,e,r,v,i,c,e);\r
+ static const XMLCh _Audience[] = UNICODE_LITERAL_8(A,u,d,i,e,n,c,e);\r
+ static const XMLCh Binding[] = UNICODE_LITERAL_7(B,i,n,d,i,n,g);\r
+ static const XMLCh _CredentialResolver[] = UNICODE_LITERAL_18(C,r,e,d,e,n,t,i,a,l,R,e,s,o,l,v,e,r);\r
+ static const XMLCh DefaultRelyingParty[] = UNICODE_LITERAL_19(D,e,f,a,u,l,t,R,e,l,y,i,n,g,P,a,r,t,y);\r
+ static const XMLCh _Extensions[] = UNICODE_LITERAL_10(E,x,t,e,n,s,i,o,n,s);\r
static const XMLCh fatal[] = UNICODE_LITERAL_5(f,a,t,a,l);\r
static const XMLCh _Handler[] = UNICODE_LITERAL_7(H,a,n,d,l,e,r);\r
static const XMLCh _id[] = UNICODE_LITERAL_2(i,d);\r
static const XMLCh Library[] = UNICODE_LITERAL_7(L,i,b,r,a,r,y);\r
static const XMLCh Listener[] = UNICODE_LITERAL_8(L,i,s,t,e,n,e,r);\r
static const XMLCh logger[] = UNICODE_LITERAL_6(l,o,g,g,e,r);\r
+ static const XMLCh _ManageNameIDService[] = UNICODE_LITERAL_19(M,a,n,a,g,e,N,a,m,e,I,D,S,e,r,v,i,c,e);\r
static const XMLCh MemoryListener[] = UNICODE_LITERAL_14(M,e,m,o,r,y,L,i,s,t,e,n,e,r);\r
static const XMLCh _MetadataProvider[] = UNICODE_LITERAL_16(M,e,t,a,d,a,t,a,P,r,o,v,i,d,e,r);\r
static const XMLCh OutOfProcess[] = UNICODE_LITERAL_12(O,u,t,O,f,P,r,o,c,e,s,s);\r
static const XMLCh Rule[] = UNICODE_LITERAL_4(R,u,l,e);\r
static const XMLCh SecurityPolicies[] = UNICODE_LITERAL_16(S,e,c,u,r,i,t,y,P,o,l,i,c,i,e,s);\r
static const XMLCh _SessionCache[] = UNICODE_LITERAL_12(S,e,s,s,i,o,n,C,a,c,h,e);\r
- static const XMLCh SessionInitiator[] = UNICODE_LITERAL_16(S,e,s,s,i,o,n,I,n,i,t,i,a,t,o,r);\r
+ static const XMLCh _SessionInitiator[] = UNICODE_LITERAL_16(S,e,s,s,i,o,n,I,n,i,t,i,a,t,o,r);\r
+ static const XMLCh _SingleLogoutService[] = UNICODE_LITERAL_19(S,i,n,g,l,e,L,o,g,o,u,t,S,e,r,v,i,c,e);\r
static const XMLCh _StorageService[] = UNICODE_LITERAL_14(S,t,o,r,a,g,e,S,e,r,v,i,c,e);\r
static const XMLCh TCPListener[] = UNICODE_LITERAL_11(T,C,P,L,i,s,t,e,n,e,r);\r
static const XMLCh _TrustEngine[] = UNICODE_LITERAL_11(T,r,u,s,t,E,n,g,i,n,e);\r
}\r
};\r
\r
-void TokenValidator::validate(const XMLObject* xmlObject) const\r
-{\r
-#ifdef _DEBUG\r
- xmltooling::NDC ndc("validate");\r
-#endif\r
- Category& log=Category::getInstance(SHIBSP_LOGCAT".Application");\r
-\r
- const opensaml::RootObject* root = NULL;\r
- const opensaml::saml2::Assertion* token2 = dynamic_cast<const opensaml::saml2::Assertion*>(xmlObject);\r
- if (token2) {\r
- const opensaml::saml2::Conditions* conds = token2->getConditions();\r
- // First verify the time conditions, using the specified timestamp, if non-zero.\r
- if (m_ts>0 && conds) {\r
- unsigned int skew = XMLToolingConfig::getConfig().clock_skew_secs;\r
- time_t t=conds->getNotBeforeEpoch();\r
- if (m_ts+skew < t)\r
- throw ValidationException("Assertion is not yet valid.");\r
- t=conds->getNotOnOrAfterEpoch();\r
- if (t <= m_ts-skew)\r
- throw ValidationException("Assertion is no longer valid.");\r
- }\r
-\r
- // Now we process conditions. Only audience restrictions at the moment.\r
- const vector<opensaml::saml2::Condition*>& convec = conds->getConditions();\r
- for (vector<opensaml::saml2::Condition*>::const_iterator c = convec.begin(); c!=convec.end(); ++c) {\r
- const opensaml::saml2::AudienceRestriction* ac=dynamic_cast<const opensaml::saml2::AudienceRestriction*>(*c);\r
- if (!ac) {\r
- log.error("unrecognized Condition in assertion (%s)",\r
- (*c)->getSchemaType() ? (*c)->getSchemaType()->toString().c_str() : (*c)->getElementQName().toString().c_str());\r
- throw ValidationException("Assertion contains an unrecognized condition.");\r
- }\r
-\r
- bool found = false;\r
- const vector<opensaml::saml2::Audience*>& auds1 = ac->getAudiences();\r
- const vector<const XMLCh*>& auds2 = m_app.getAudiences();\r
- for (vector<opensaml::saml2::Audience*>::const_iterator a = auds1.begin(); !found && a!=auds1.end(); ++a) {\r
- for (vector<const XMLCh*>::const_iterator a2 = auds2.begin(); !found && a2!=auds2.end(); ++a2) {\r
- found = XMLString::equals((*a)->getAudienceURI(), *a2);\r
- }\r
- }\r
-\r
- if (!found) {\r
- ostringstream os;\r
- os << *ac;\r
- log.error("unacceptable AudienceRestriction in assertion (%s)", os.str().c_str());\r
- throw ValidationException("Assertion contains an unacceptable AudienceRestriction.");\r
- }\r
- }\r
-\r
- root = token2;\r
- }\r
- else {\r
- const opensaml::saml1::Assertion* token1 = dynamic_cast<const opensaml::saml1::Assertion*>(xmlObject);\r
- if (token1) {\r
- const opensaml::saml1::Conditions* conds = token1->getConditions();\r
- // First verify the time conditions, using the specified timestamp, if non-zero.\r
- if (m_ts>0 && conds) {\r
- unsigned int skew = XMLToolingConfig::getConfig().clock_skew_secs;\r
- time_t t=conds->getNotBeforeEpoch();\r
- if (m_ts+skew < t)\r
- throw ValidationException("Assertion is not yet valid.");\r
- t=conds->getNotOnOrAfterEpoch();\r
- if (t <= m_ts-skew)\r
- throw ValidationException("Assertion is no longer valid.");\r
- }\r
-\r
- // Now we process conditions. Only audience restrictions at the moment.\r
- const vector<opensaml::saml1::Condition*>& convec = conds->getConditions();\r
- for (vector<opensaml::saml1::Condition*>::const_iterator c = convec.begin(); c!=convec.end(); ++c) {\r
- const opensaml::saml1::AudienceRestrictionCondition* ac=dynamic_cast<const opensaml::saml1::AudienceRestrictionCondition*>(*c);\r
- if (!ac) {\r
- log.error("unrecognized Condition in assertion (%s)",\r
- (*c)->getSchemaType() ? (*c)->getSchemaType()->toString().c_str() : (*c)->getElementQName().toString().c_str());\r
- throw ValidationException("Assertion contains an unrecognized condition.");\r
- }\r
-\r
- bool found = false;\r
- const vector<opensaml::saml1::Audience*>& auds1 = ac->getAudiences();\r
- const vector<const XMLCh*>& auds2 = m_app.getAudiences();\r
- for (vector<opensaml::saml1::Audience*>::const_iterator a = auds1.begin(); !found && a!=auds1.end(); ++a) {\r
- for (vector<const XMLCh*>::const_iterator a2 = auds2.begin(); !found && a2!=auds2.end(); ++a2) {\r
- found = XMLString::equals((*a)->getAudienceURI(), *a2);\r
- }\r
- }\r
-\r
- if (!found) {\r
- ostringstream os;\r
- os << *ac;\r
- log.error("unacceptable AudienceRestrictionCondition in assertion (%s)", os.str().c_str());\r
- throw ValidationException("Assertion contains an unacceptable AudienceRestrictionCondition.");\r
- }\r
- }\r
-\r
- root = token1;\r
- }\r
- else {\r
- throw ValidationException("Unknown object type passed to token validator.");\r
- }\r
- }\r
-\r
- if (!m_role || !m_app.getTrustEngine()) {\r
- log.warn("no issuer role or TrustEngine provided, so no signature validation performed");\r
- return;\r
- }\r
-\r
- const PropertySet* policy=m_app.getServiceProvider().getPolicySettings(m_app.getString("policyId").second);\r
- pair<bool,bool> signedAssertions=policy ? policy->getBool("signedAssertions") : make_pair(false,false);\r
-\r
- if (root->getSignature()) {\r
- if (!m_app.getTrustEngine()->validate(*(root->getSignature()),*m_role))\r
- throw ValidationException("Assertion signature did not validate.");\r
- }\r
- else if (signedAssertions.first && signedAssertions.second)\r
- throw ValidationException("Assertion was unsigned, violating policy.");\r
-}\r
-\r
XMLApplication::XMLApplication(\r
const ServiceProvider* sp,\r
const DOMElement* e,\r
const XMLApplication* base\r
- ) : m_sp(sp), m_base(base), m_metadata(NULL), m_trust(NULL), m_attrResolver(NULL),\r
- m_credDefault(NULL), m_sessionInitDefault(NULL), m_acsDefault(NULL)\r
+ ) : m_sp(sp), m_base(base),\r
+#ifndef SHIBSP_LITE\r
+ m_metadata(NULL), m_trust(NULL), m_attrExtractor(NULL), m_attrFilter(NULL), m_attrResolver(NULL), m_credResolver(NULL), m_partyDefault(NULL),\r
+#endif\r
+ m_sessionInitDefault(NULL), m_acsDefault(NULL)\r
{\r
#ifdef _DEBUG\r
xmltooling::NDC ndc("XMLApplication");\r
try {\r
// First load any property sets.\r
load(e,log,this);\r
+ if (base)\r
+ setParent(base);\r
\r
SPConfig& conf=SPConfig::getConfig();\r
+#ifndef SHIBSP_LITE\r
SAMLConfig& samlConf=SAMLConfig::getConfig();\r
+#endif\r
XMLToolingConfig& xmlConf=XMLToolingConfig::getConfig();\r
\r
m_hash=getId();\r
- m_hash+=getString("providerId").second;\r
- m_hash=samlConf.hashSHA1(m_hash.c_str(), true);\r
+ m_hash+=getString("entityID").second;\r
+ // TODO: some kind of non-hash method\r
+ //m_hash=samlConf.hashSHA1(m_hash.c_str(), true);\r
+\r
+ pair<bool,const char*> attributes = getString("REMOTE_USER");\r
+ if (attributes.first) {\r
+ char* dup = strdup(attributes.second);\r
+ char* pos;\r
+ char* start = dup;\r
+ while (start && *start) {\r
+ while (*start && isspace(*start))\r
+ start++;\r
+ if (!*start)\r
+ break;\r
+ pos = strchr(start,' ');\r
+ if (pos)\r
+ *pos=0;\r
+ m_attributeIds.insert(start);\r
+ start = pos ? pos+1 : NULL;\r
+ }\r
+ free(dup);\r
+ }\r
\r
const PropertySet* sessions = getPropertySet("Sessions");\r
\r
try {\r
// A handler is based on the Binding property in conjunction with the element name.\r
// If it's an ACS or SI, also handle index/id mappings and defaulting.\r
- if (XMLHelper::isNodeNamed(child,samlconstants::SAML20MD_NS,AssertionConsumerService::LOCAL_NAME)) {\r
- auto_ptr_char bindprop(child->getAttributeNS(NULL,EndpointType::BINDING_ATTRIB_NAME));\r
+ if (XMLString::equals(child->getLocalName(),_AssertionConsumerService)) {\r
+ auto_ptr_char bindprop(child->getAttributeNS(NULL,Binding));\r
if (!bindprop.get() || !*(bindprop.get())) {\r
log.warn("md:AssertionConsumerService element has no Binding attribute, skipping it...");\r
child = XMLHelper::getNextSiblingElement(child);\r
continue;\r
}\r
- handler=conf.AssertionConsumerServiceManager.newPlugin(bindprop.get(),child);\r
+ handler=conf.AssertionConsumerServiceManager.newPlugin(bindprop.get(),make_pair(child, getId()));\r
// Map by binding (may be > 1 per binding, e.g. SAML 1.0 vs 1.1)\r
#ifdef HAVE_GOOD_STL\r
m_acsBindingMap[handler->getXMLString("Binding").second].push_back(handler);\r
m_acsDefault=handler;\r
}\r
}\r
- else if (XMLString::equals(child->getLocalName(),SessionInitiator)) {\r
- auto_ptr_char bindprop(child->getAttributeNS(NULL,EndpointType::BINDING_ATTRIB_NAME));\r
- if (!bindprop.get() || !*(bindprop.get())) {\r
- log.warn("SessionInitiator element has no Binding attribute, skipping it...");\r
+ else if (XMLString::equals(child->getLocalName(),_SessionInitiator)) {\r
+ auto_ptr_char type(child->getAttributeNS(NULL,_type));\r
+ if (!type.get() || !*(type.get())) {\r
+ log.warn("SessionInitiator element has no type attribute, skipping it...");\r
child = XMLHelper::getNextSiblingElement(child);\r
continue;\r
}\r
- handler=conf.SessionInitiatorManager.newPlugin(bindprop.get(),child);\r
+ SessionInitiator* sihandler=conf.SessionInitiatorManager.newPlugin(type.get(),make_pair(child, getId()));\r
+ handler=sihandler;\r
pair<bool,const char*> si_id=handler->getString("id");\r
if (si_id.first && si_id.second)\r
- m_sessionInitMap[si_id.second]=handler;\r
+ m_sessionInitMap[si_id.second]=sihandler;\r
if (!hardSessionInit) {\r
pair<bool,bool> defprop=handler->getBool("isDefault");\r
if (defprop.first) {\r
if (defprop.second) {\r
hardSessionInit=true;\r
- m_sessionInitDefault=handler;\r
+ m_sessionInitDefault=sihandler;\r
}\r
}\r
else if (!m_sessionInitDefault)\r
- m_sessionInitDefault=handler;\r
+ m_sessionInitDefault=sihandler;\r
}\r
}\r
- else if (XMLHelper::isNodeNamed(child,samlconstants::SAML20MD_NS,SingleLogoutService::LOCAL_NAME)) {\r
- auto_ptr_char bindprop(child->getAttributeNS(NULL,EndpointType::BINDING_ATTRIB_NAME));\r
+ else if (XMLString::equals(child->getLocalName(),_SingleLogoutService)) {\r
+ auto_ptr_char bindprop(child->getAttributeNS(NULL,Binding));\r
if (!bindprop.get() || !*(bindprop.get())) {\r
log.warn("md:SingleLogoutService element has no Binding attribute, skipping it...");\r
child = XMLHelper::getNextSiblingElement(child);\r
continue;\r
}\r
- handler=conf.SingleLogoutServiceManager.newPlugin(bindprop.get(),child);\r
+ handler=conf.SingleLogoutServiceManager.newPlugin(bindprop.get(),make_pair(child, getId()));\r
}\r
- else if (XMLHelper::isNodeNamed(child,samlconstants::SAML20MD_NS,ManageNameIDService::LOCAL_NAME)) {\r
- auto_ptr_char bindprop(child->getAttributeNS(NULL,EndpointType::BINDING_ATTRIB_NAME));\r
+ else if (XMLString::equals(child->getLocalName(),_ManageNameIDService)) {\r
+ auto_ptr_char bindprop(child->getAttributeNS(NULL,Binding));\r
if (!bindprop.get() || !*(bindprop.get())) {\r
log.warn("md:ManageNameIDService element has no Binding attribute, skipping it...");\r
child = XMLHelper::getNextSiblingElement(child);\r
continue;\r
}\r
- handler=conf.ManageNameIDServiceManager.newPlugin(bindprop.get(),child);\r
+ handler=conf.ManageNameIDServiceManager.newPlugin(bindprop.get(),make_pair(child, getId()));\r
}\r
else {\r
auto_ptr_char type(child->getAttributeNS(NULL,_type));\r
child = XMLHelper::getNextSiblingElement(child);\r
continue;\r
}\r
- handler=conf.HandlerManager.newPlugin(type.get(),child);\r
+ handler=conf.HandlerManager.newPlugin(type.get(),make_pair(child, getId()));\r
}\r
\r
// Save off the objects after giving the property set to the handler for its use.\r
child = XMLHelper::getNextSiblingElement(child);\r
}\r
\r
+#ifndef SHIBSP_LITE\r
DOMNodeList* nlist=e->getElementsByTagNameNS(samlconstants::SAML20_NS,Audience::LOCAL_NAME);\r
for (XMLSize_t i=0; nlist && i<nlist->getLength(); i++)\r
if (nlist->item(i)->getParentNode()->isSameNode(e) && nlist->item(i)->hasChildNodes())\r
m_audiences.push_back(nlist->item(i)->getFirstChild()->getNodeValue());\r
\r
- // Always include our own providerId as an audience.\r
- m_audiences.push_back(getXMLString("providerId").second);\r
+ // Always include our own entityID as an audience.\r
+ m_audiences.push_back(getXMLString("entityID").second);\r
\r
if (conf.isEnabled(SPConfig::Metadata)) {\r
child = XMLHelper::getFirstChildElement(e,_MetadataProvider);\r
}\r
\r
if (conf.isEnabled(SPConfig::AttributeResolution)) {\r
+ child = XMLHelper::getFirstChildElement(e,_AttributeExtractor);\r
+ if (child) {\r
+ auto_ptr_char type(child->getAttributeNS(NULL,_type));\r
+ log.info("building AttributeExtractor of type %s...",type.get());\r
+ try {\r
+ m_attrExtractor = conf.AttributeExtractorManager.newPlugin(type.get(),child);\r
+ }\r
+ catch (exception& ex) {\r
+ log.crit("error building AttributeExtractor: %s", ex.what());\r
+ }\r
+ }\r
+\r
+ child = XMLHelper::getFirstChildElement(e,_AttributeFilter);\r
+ if (child) {\r
+ auto_ptr_char type(child->getAttributeNS(NULL,_type));\r
+ log.info("building AttributeFilter of type %s...",type.get());\r
+ try {\r
+ m_attrFilter = conf.AttributeFilterManager.newPlugin(type.get(),child);\r
+ }\r
+ catch (exception& ex) {\r
+ log.crit("error building AttributeFilter: %s", ex.what());\r
+ }\r
+ }\r
+\r
child = XMLHelper::getFirstChildElement(e,_AttributeResolver);\r
if (child) {\r
auto_ptr_char type(child->getAttributeNS(NULL,_type));\r
}\r
}\r
\r
- // Finally, load credential mappings.\r
- child = XMLHelper::getFirstChildElement(e,CredentialUse);\r
+ if (conf.isEnabled(SPConfig::Credentials)) {\r
+ child = XMLHelper::getFirstChildElement(e,_CredentialResolver);\r
+ if (child) {\r
+ auto_ptr_char type(child->getAttributeNS(NULL,_type));\r
+ log.info("building CredentialResolver of type %s...",type.get());\r
+ try {\r
+ m_credResolver = xmlConf.CredentialResolverManager.newPlugin(type.get(),child);\r
+ }\r
+ catch (exception& ex) {\r
+ log.crit("error building CredentialResolver: %s", ex.what());\r
+ }\r
+ }\r
+ }\r
+\r
+ // Finally, load relying parties.\r
+ child = XMLHelper::getFirstChildElement(e,DefaultRelyingParty);\r
if (child) {\r
- m_credDefault=new DOMPropertySet();\r
- m_credDefault->load(child,log,this);\r
+ m_partyDefault=new DOMPropertySet();\r
+ m_partyDefault->load(child,log,this);\r
child = XMLHelper::getFirstChildElement(child,RelyingParty);\r
while (child) {\r
- DOMPropertySet* rp=new DOMPropertySet();\r
+ auto_ptr<DOMPropertySet> rp(new DOMPropertySet());\r
rp->load(child,log,this);\r
- m_credMap[child->getAttributeNS(NULL,opensaml::saml2::Attribute::NAME_ATTRIB_NAME)]=rp;\r
+ m_partyMap[child->getAttributeNS(NULL,saml2::Attribute::NAME_ATTRIB_NAME)]=rp.release();\r
child = XMLHelper::getNextSiblingElement(child,RelyingParty);\r
}\r
}\r
- \r
- if (conf.isEnabled(SPConfig::OutOfProcess)) {\r
- // Really finally, build local browser profile and binding objects.\r
- // TODO: may need some bits here...\r
- }\r
+#endif \r
}\r
catch (exception&) {\r
cleanup();\r
void XMLApplication::cleanup()\r
{\r
for_each(m_handlers.begin(),m_handlers.end(),xmltooling::cleanup<Handler>());\r
- \r
- delete m_credDefault;\r
+#ifndef SHIBSP_LITE\r
+ delete m_partyDefault;\r
#ifdef HAVE_GOOD_STL\r
- for_each(m_credMap.begin(),m_credMap.end(),cleanup_pair<xstring,PropertySet>());\r
+ for_each(m_partyMap.begin(),m_partyMap.end(),cleanup_pair<xstring,PropertySet>());\r
#else\r
- for_each(m_credMap.begin(),m_credMap.end(),cleanup_pair<const XMLCh*,PropertySet>());\r
+ for_each(m_partyMap.begin(),m_partyMap.end(),cleanup_pair<const XMLCh*,PropertySet>());\r
#endif\r
-\r
+ delete m_credResolver;\r
delete m_attrResolver;\r
+ delete m_attrFilter;\r
+ delete m_attrExtractor;\r
delete m_trust;\r
delete m_metadata;\r
+#endif\r
}\r
\r
short XMLApplication::acceptNode(const DOMNode* node) const\r
{\r
- if (XMLHelper::isNodeNamed(node,samlconstants::SAML20_NS,opensaml::saml2::Attribute::LOCAL_NAME))\r
- return FILTER_REJECT;\r
- else if (XMLHelper::isNodeNamed(node,samlconstants::SAML20_NS,Audience::LOCAL_NAME))\r
- return FILTER_REJECT;\r
const XMLCh* name=node->getLocalName();\r
if (XMLString::equals(name,_Application) ||\r
- XMLString::equals(name,AssertionConsumerService::LOCAL_NAME) ||\r
- XMLString::equals(name,SingleLogoutService::LOCAL_NAME) ||\r
- XMLString::equals(name,ManageNameIDService::LOCAL_NAME) ||\r
- XMLString::equals(name,SessionInitiator) ||\r
- XMLString::equals(name,CredentialUse) ||\r
+ XMLString::equals(name,_Audience) ||\r
+ XMLString::equals(name,_AssertionConsumerService) ||\r
+ XMLString::equals(name,_SingleLogoutService) ||\r
+ XMLString::equals(name,_ManageNameIDService) ||\r
+ XMLString::equals(name,_SessionInitiator) ||\r
+ XMLString::equals(name,DefaultRelyingParty) ||\r
XMLString::equals(name,RelyingParty) ||\r
XMLString::equals(name,_MetadataProvider) ||\r
XMLString::equals(name,_TrustEngine) ||\r
+ XMLString::equals(name,_CredentialResolver) ||\r
+ XMLString::equals(name,_AttributeFilter) ||\r
+ XMLString::equals(name,_AttributeExtractor) ||\r
XMLString::equals(name,_AttributeResolver))\r
return FILTER_REJECT;\r
\r
return FILTER_ACCEPT;\r
}\r
\r
-pair<bool,bool> XMLApplication::getBool(const char* name, const char* ns) const\r
-{\r
- pair<bool,bool> ret=DOMPropertySet::getBool(name,ns);\r
- if (ret.first)\r
- return ret;\r
- return m_base ? m_base->getBool(name,ns) : ret;\r
-}\r
-\r
-pair<bool,const char*> XMLApplication::getString(const char* name, const char* ns) const\r
-{\r
- pair<bool,const char*> ret=DOMPropertySet::getString(name,ns);\r
- if (ret.first)\r
- return ret;\r
- return m_base ? m_base->getString(name,ns) : ret;\r
-}\r
+#ifndef SHIBSP_LITE\r
\r
-pair<bool,const XMLCh*> XMLApplication::getXMLString(const char* name, const char* ns) const\r
+const PropertySet* XMLApplication::getRelyingParty(const EntityDescriptor* provider) const\r
{\r
- pair<bool,const XMLCh*> ret=DOMPropertySet::getXMLString(name,ns);\r
- if (ret.first)\r
- return ret;\r
- return m_base ? m_base->getXMLString(name,ns) : ret;\r
-}\r
-\r
-pair<bool,unsigned int> XMLApplication::getUnsignedInt(const char* name, const char* ns) const\r
-{\r
- pair<bool,unsigned int> ret=DOMPropertySet::getUnsignedInt(name,ns);\r
- if (ret.first)\r
- return ret;\r
- return m_base ? m_base->getUnsignedInt(name,ns) : ret;\r
-}\r
-\r
-pair<bool,int> XMLApplication::getInt(const char* name, const char* ns) const\r
-{\r
- pair<bool,int> ret=DOMPropertySet::getInt(name,ns);\r
- if (ret.first)\r
- return ret;\r
- return m_base ? m_base->getInt(name,ns) : ret;\r
-}\r
-\r
-const PropertySet* XMLApplication::getPropertySet(const char* name, const char* ns) const\r
-{\r
- const PropertySet* ret=DOMPropertySet::getPropertySet(name,ns);\r
- if (ret || !m_base)\r
- return ret;\r
- return m_base->getPropertySet(name,ns);\r
-}\r
-\r
-const PropertySet* XMLApplication::getCredentialUse(const EntityDescriptor* provider) const\r
-{\r
- if (!m_credDefault && m_base)\r
- return m_base->getCredentialUse(provider);\r
+ if (!m_partyDefault && m_base)\r
+ return m_base->getRelyingParty(provider);\r
+ else if (!provider)\r
+ return m_partyDefault;\r
\r
#ifdef HAVE_GOOD_STL\r
- map<xstring,PropertySet*>::const_iterator i=m_credMap.find(provider->getEntityID());\r
- if (i!=m_credMap.end())\r
+ map<xstring,PropertySet*>::const_iterator i=m_partyMap.find(provider->getEntityID());\r
+ if (i!=m_partyMap.end())\r
return i->second;\r
const EntitiesDescriptor* group=dynamic_cast<const EntitiesDescriptor*>(provider->getParent());\r
while (group) {\r
if (group->getName()) {\r
- i=m_credMap.find(group->getName());\r
- if (i!=m_credMap.end())\r
+ i=m_partyMap.find(group->getName());\r
+ if (i!=m_partyMap.end())\r
return i->second;\r
}\r
group=dynamic_cast<const EntitiesDescriptor*>(group->getParent());\r
}\r
#else\r
- map<const XMLCh*,PropertySet*>::const_iterator i=m_credMap.begin();\r
- for (; i!=m_credMap.end(); i++) {\r
+ map<const XMLCh*,PropertySet*>::const_iterator i=m_partyMap.begin();\r
+ for (; i!=m_partyMap.end(); i++) {\r
if (XMLString::equals(i->first,provider->getId()))\r
return i->second;\r
const EntitiesDescriptor* group=dynamic_cast<const EntitiesDescriptor*>(provider->getParent());\r
}\r
}\r
#endif\r
- return m_credDefault;\r
+ return m_partyDefault;\r
}\r
\r
-const Handler* XMLApplication::getDefaultSessionInitiator() const\r
+#endif\r
+\r
+const SessionInitiator* XMLApplication::getDefaultSessionInitiator() const\r
{\r
if (m_sessionInitDefault) return m_sessionInitDefault;\r
return m_base ? m_base->getDefaultSessionInitiator() : NULL;\r
}\r
\r
-const Handler* XMLApplication::getSessionInitiatorById(const char* id) const\r
+const SessionInitiator* XMLApplication::getSessionInitiatorById(const char* id) const\r
{\r
- map<string,const Handler*>::const_iterator i=m_sessionInitMap.find(id);\r
+ map<string,const SessionInitiator*>::const_iterator i=m_sessionInitMap.find(id);\r
if (i!=m_sessionInitMap.end()) return i->second;\r
return m_base ? m_base->getSessionInitiatorById(id) : NULL;\r
}\r
const XMLCh* name=node->getLocalName();\r
if (XMLString::equals(name,Applications) ||\r
XMLString::equals(name,_ArtifactMap) ||\r
- XMLString::equals(name,Credentials) ||\r
- XMLString::equals(name,Extensions::LOCAL_NAME) ||\r
+ XMLString::equals(name,_Extensions) ||\r
XMLString::equals(name,Implementation) ||\r
XMLString::equals(name,Listener) ||\r
XMLString::equals(name,MemoryListener) ||\r
\r
void XMLConfigImpl::doExtensions(const DOMElement* e, const char* label, Category& log)\r
{\r
- const DOMElement* exts=XMLHelper::getFirstChildElement(e,Extensions::LOCAL_NAME);\r
+ const DOMElement* exts=XMLHelper::getFirstChildElement(e,_Extensions);\r
if (exts) {\r
exts=XMLHelper::getFirstChildElement(exts,Library);\r
while (exts) {\r
}\r
}\r
\r
-XMLConfigImpl::XMLConfigImpl(const DOMElement* e, bool first, const XMLConfig* outer) : m_requestMapper(NULL), m_outer(outer), m_document(NULL)\r
+XMLConfigImpl::XMLConfigImpl(const DOMElement* e, bool first, const XMLConfig* outer, Category& log)\r
+ : m_requestMapper(NULL), m_outer(outer), m_document(NULL)\r
{\r
#ifdef _DEBUG\r
xmltooling::NDC ndc("XMLConfigImpl");\r
#endif\r
- Category& log=Category::getInstance(SHIBSP_LOGCAT".Config");\r
\r
try {\r
SPConfig& conf=SPConfig::getConfig();\r
+#ifndef SHIBSP_LITE\r
SAMLConfig& samlConf=SAMLConfig::getConfig();\r
+#endif\r
XMLToolingConfig& xmlConf=XMLToolingConfig::getConfig();\r
const DOMElement* SHAR=XMLHelper::getFirstChildElement(e,OutOfProcess);\r
const DOMElement* SHIRE=XMLHelper::getFirstChildElement(e,InProcess);\r
XMLToolingConfig::getConfig().log_config(logpath.get());\r
}\r
\r
+#ifndef SHIBSP_LITE\r
if (first)\r
m_outer->m_tranLog = new TransactionLog();\r
+#endif\r
}\r
\r
// First load any property sets.\r
\r
if (conf.isEnabled(SPConfig::Caching)) {\r
if (conf.isEnabled(SPConfig::OutOfProcess)) {\r
+#ifndef SHIBSP_LITE\r
// First build any StorageServices.\r
string inmemID;\r
child=XMLHelper::getFirstChildElement(SHAR,_StorageService);\r
log.info("building in-memory ArtifactMap...");\r
samlConf.setArtifactMap(new ArtifactMap(child));\r
}\r
+#endif\r
}\r
else {\r
- log.info("building in-process SessionCache of type %s...",REMOTED_SESSION_CACHE);\r
- m_outer->m_sessionCache=conf.SessionCacheManager.newPlugin(REMOTED_SESSION_CACHE,NULL);\r
+ child=XMLHelper::getFirstChildElement(SHIRE,_SessionCache);\r
+ if (child) {\r
+ auto_ptr_char type(child->getAttributeNS(NULL,_type));\r
+ log.info("building SessionCache of type %s...",type.get());\r
+ m_outer->m_sessionCache=conf.SessionCacheManager.newPlugin(type.get(),child);\r
+ }\r
+ else {\r
+ log.warn("SessionCache unspecified, building SessionCache of type %s...",REMOTED_SESSION_CACHE);\r
+ m_outer->m_sessionCache=conf.SessionCacheManager.newPlugin(REMOTED_SESSION_CACHE,child);\r
+ }\r
}\r
}\r
} // end of first-time-only stuff\r
}\r
}\r
\r
- // Now we load the credentials map.\r
- if (conf.isEnabled(SPConfig::Credentials)) {\r
- child = XMLHelper::getLastChildElement(e,Credentials);\r
- if (child) {\r
- // Step down and process resolvers.\r
- child=XMLHelper::getFirstChildElement(child);\r
- while (child) {\r
- auto_ptr_char id(child->getAttributeNS(NULL,_id));\r
- auto_ptr_char type(child->getAttributeNS(NULL,_type));\r
- try {\r
- CredentialResolver* cr=xmlConf.CredentialResolverManager.newPlugin(type.get(),child);\r
- m_credResolverMap[id.get()] = cr;\r
- }\r
- catch (exception& ex) {\r
- log.crit("failed to instantiate CredentialResolver (%s): %s", id.get(), ex.what());\r
- }\r
- child = XMLHelper::getNextSiblingElement(child);\r
- }\r
- }\r
- }\r
-\r
+#ifndef SHIBSP_LITE\r
// Load security policies.\r
child = XMLHelper::getLastChildElement(e,SecurityPolicies);\r
if (child) {\r
child = XMLHelper::getNextSiblingElement(child,Policy);\r
}\r
}\r
+#endif\r
\r
// Load the default application. This actually has a fixed ID of "default". ;-)\r
child=XMLHelper::getLastChildElement(e,Applications);\r
XMLConfigImpl::~XMLConfigImpl()\r
{\r
for_each(m_appmap.begin(),m_appmap.end(),cleanup_pair<string,Application>());\r
- for_each(m_credResolverMap.begin(),m_credResolverMap.end(),cleanup_pair<string,CredentialResolver>());\r
+#ifndef SHIBSP_LITE\r
for (map< string,pair<PropertySet*,vector<const SecurityPolicyRule*> > >::iterator i=m_policyMap.begin(); i!=m_policyMap.end(); ++i) {\r
delete i->second.first;\r
for_each(i->second.second.begin(), i->second.second.end(), xmltooling::cleanup<SecurityPolicyRule>());\r
}\r
+#endif\r
delete m_requestMapper;\r
if (m_document)\r
m_document->release();\r
// If we own it, wrap it.\r
XercesJanitor<DOMDocument> docjanitor(raw.first ? raw.second->getOwnerDocument() : NULL);\r
\r
- XMLConfigImpl* impl = new XMLConfigImpl(raw.second,(m_impl==NULL),this);\r
+ XMLConfigImpl* impl = new XMLConfigImpl(raw.second,(m_impl==NULL),this,m_log);\r
\r
// If we held the document, transfer it to the impl. If we didn't, it's a no-op.\r
impl->setDocument(docjanitor.release());\r
projects / shibboleth / sp.git / blobdiff