# include <saml/saml2/metadata/Metadata.h>
# include <saml/saml2/metadata/MetadataProvider.h>
# include <saml/util/SAMLConstants.h>
+# include <xmltooling/security/ChainingTrustEngine.h>
# include <xmltooling/security/CredentialResolver.h>
# include <xmltooling/security/SecurityHelper.h>
-# include <xmltooling/security/TrustEngine.h>
# include <xmltooling/util/ReplayCache.h>
# include <xmltooling/util/StorageService.h>
# include <xsec/utils/XSECPlatformUtils.hpp>
const SessionInitiator* getSessionInitiatorById(const char* id) const;
const Handler* getDefaultAssertionConsumerService() const;
const Handler* getAssertionConsumerServiceByIndex(unsigned short index) const;
+ const Handler* getAssertionConsumerServiceByBinding(const char* binding) const;
const vector<const Handler*>& getAssertionConsumerServicesByBinding(const XMLCh* binding) const;
const Handler* getHandler(const char* path) const;
void getHandlers(vector<const Handler*>& handlers) const;
const Handler* m_acsDefault;
// maps binding strings to supporting consumer service(s)
- typedef map<xstring,vector<const Handler*> > ACSBindingMap;
+ typedef map< string,vector<const Handler*> > ACSBindingMap;
ACSBindingMap m_acsBindingMap;
// pointer to default session initiator
if (i!=m_storage.end())
return i->second;
}
+ else if (!m_storage.empty())
+ return m_storage.begin()->second;
return nullptr;
}
#endif
}
const Application* getApplication(const char* applicationId) const {
- map<string,Application*>::const_iterator i=m_impl->m_appmap.find(applicationId);
+ map<string,Application*>::const_iterator i=m_impl->m_appmap.find(applicationId ? applicationId : "default");
return (i!=m_impl->m_appmap.end()) ? i->second : nullptr;
}
#pragma warning( pop )
#endif
+ static const XMLCh applicationId[] = UNICODE_LITERAL_13(a,p,p,l,i,c,a,t,i,o,n,I,d);
static const XMLCh ApplicationOverride[] = UNICODE_LITERAL_19(A,p,p,l,i,c,a,t,i,o,n,O,v,e,r,r,i,d,e);
static const XMLCh ApplicationDefaults[] = UNICODE_LITERAL_19(A,p,p,l,i,c,a,t,i,o,n,D,e,f,a,u,l,t,s);
static const XMLCh _ArtifactMap[] = UNICODE_LITERAL_11(A,r,t,i,f,a,c,t,M,a,p);
static const XMLCh Binding[] = UNICODE_LITERAL_7(B,i,n,d,i,n,g);
static const XMLCh Channel[]= UNICODE_LITERAL_7(C,h,a,n,n,e,l);
static const XMLCh _CredentialResolver[] = UNICODE_LITERAL_18(C,r,e,d,e,n,t,i,a,l,R,e,s,o,l,v,e,r);
+ static const XMLCh _default[] = UNICODE_LITERAL_7(d,e,f,a,u,l,t);
static const XMLCh _Extensions[] = UNICODE_LITERAL_10(E,x,t,e,n,s,i,o,n,s);
static const XMLCh _fatal[] = UNICODE_LITERAL_5(f,a,t,a,l);
static const XMLCh _Handler[] = UNICODE_LITERAL_7(H,a,n,d,l,e,r);
static const XMLCh RelyingParty[] = UNICODE_LITERAL_12(R,e,l,y,i,n,g,P,a,r,t,y);
static const XMLCh _ReplayCache[] = UNICODE_LITERAL_11(R,e,p,l,a,y,C,a,c,h,e);
static const XMLCh _RequestMapper[] = UNICODE_LITERAL_13(R,e,q,u,e,s,t,M,a,p,p,e,r);
+ static const XMLCh RequestMap[] = UNICODE_LITERAL_10(R,e,q,u,e,s,t,M,a,p);
static const XMLCh SecurityPolicies[] = UNICODE_LITERAL_16(S,e,c,u,r,i,t,y,P,o,l,i,c,i,e,s);
static const XMLCh SecurityPolicyProvider[] = UNICODE_LITERAL_22(S,e,c,u,r,i,t,y,P,o,l,i,c,y,P,r,o,v,i,d,e,r);
static const XMLCh _SessionCache[] = UNICODE_LITERAL_12(S,e,s,s,i,o,n,C,a,c,h,e);
XMLToolingConfig& xmlConf=XMLToolingConfig::getConfig();
#endif
- // This used to be an actual hash, but now it's just a hex-encode to avoid xmlsec.
+ // This used to be an actual hash, but now it's just a hex-encode to avoid xmlsec dependency.
static char DIGITS[] = {'0', '1', '2', '3', '4', '5', '6', '7', '8', '9', 'a', 'b', 'c', 'd', 'e', 'f'};
string tohash=getId();
tohash+=getString("entityID").second;
continue;
}
try {
- if (XMLString::equals(child->getLocalName(),_AssertionConsumerService)) {
- auto_ptr_char bindprop(child->getAttributeNS(nullptr,Binding));
- if (!bindprop.get() || !*(bindprop.get())) {
- log.warn("md:AssertionConsumerService element has no Binding attribute, skipping it...");
+ if (XMLString::equals(child->getLocalName(), _AssertionConsumerService)) {
+ string bindprop(XMLHelper::getAttrString(child, nullptr, Binding));
+ if (bindprop.empty()) {
+ log.error("AssertionConsumerService element has no Binding attribute, skipping it...");
child = XMLHelper::getNextSiblingElement(child);
continue;
}
- handler=conf.AssertionConsumerServiceManager.newPlugin(bindprop.get(),make_pair(child, getId()));
- // Map by binding (may be > 1 per binding, e.g. SAML 1.0 vs 1.1)
- m_acsBindingMap[handler->getXMLString("Binding").second].push_back(handler);
- m_acsIndexMap[handler->getUnsignedInt("index").second]=handler;
+ handler = conf.AssertionConsumerServiceManager.newPlugin(bindprop.c_str(), make_pair(child, getId()));
+ // Map by binding (may be > 1 per binding)
+ m_acsBindingMap[bindprop].push_back(handler);
+ m_acsIndexMap[handler->getUnsignedInt("index").second] = handler;
if (!hardACS) {
- pair<bool,bool> defprop=handler->getBool("isDefault");
+ pair<bool,bool> defprop = handler->getBool("isDefault");
if (defprop.first) {
if (defprop.second) {
- hardACS=true;
- m_acsDefault=handler;
+ hardACS = true;
+ m_acsDefault = handler;
}
}
else if (!m_acsDefault)
- m_acsDefault=handler;
+ m_acsDefault = handler;
}
}
- else if (XMLString::equals(child->getLocalName(),_SessionInitiator)) {
- auto_ptr_char type(child->getAttributeNS(nullptr,_type));
- if (!type.get() || !*(type.get())) {
- log.warn("SessionInitiator element has no type attribute, skipping it...");
+ else if (XMLString::equals(child->getLocalName(), _SessionInitiator)) {
+ string t(XMLHelper::getAttrString(child, nullptr, _type));
+ if (t.empty()) {
+ log.error("SessionInitiator element has no type attribute, skipping it...");
child = XMLHelper::getNextSiblingElement(child);
continue;
}
- SessionInitiator* sihandler=conf.SessionInitiatorManager.newPlugin(type.get(),make_pair(child, getId()));
- handler=sihandler;
- pair<bool,const char*> si_id=handler->getString("id");
+ SessionInitiator* sihandler = conf.SessionInitiatorManager.newPlugin(t.c_str(), make_pair(child, getId()));
+ handler = sihandler;
+ pair<bool,const char*> si_id = handler->getString("id");
if (si_id.first && si_id.second)
- m_sessionInitMap[si_id.second]=sihandler;
+ m_sessionInitMap[si_id.second] = sihandler;
if (!hardSessionInit) {
- pair<bool,bool> defprop=handler->getBool("isDefault");
+ pair<bool,bool> defprop = handler->getBool("isDefault");
if (defprop.first) {
if (defprop.second) {
- hardSessionInit=true;
- m_sessionInitDefault=sihandler;
+ hardSessionInit = true;
+ m_sessionInitDefault = sihandler;
}
}
- else if (!m_sessionInitDefault)
- m_sessionInitDefault=sihandler;
+ else if (!m_sessionInitDefault) {
+ m_sessionInitDefault = sihandler;
+ }
}
}
- else if (XMLString::equals(child->getLocalName(),_LogoutInitiator)) {
- auto_ptr_char type(child->getAttributeNS(nullptr,_type));
- if (!type.get() || !*(type.get())) {
- log.warn("LogoutInitiator element has no type attribute, skipping it...");
+ else if (XMLString::equals(child->getLocalName(), _LogoutInitiator)) {
+ string t(XMLHelper::getAttrString(child, nullptr, _type));
+ if (t.empty()) {
+ log.error("LogoutInitiator element has no type attribute, skipping it...");
child = XMLHelper::getNextSiblingElement(child);
continue;
}
- handler=conf.LogoutInitiatorManager.newPlugin(type.get(),make_pair(child, getId()));
+ handler = conf.LogoutInitiatorManager.newPlugin(t.c_str(), make_pair(child, getId()));
}
- else if (XMLString::equals(child->getLocalName(),_ArtifactResolutionService)) {
- auto_ptr_char bindprop(child->getAttributeNS(nullptr,Binding));
- if (!bindprop.get() || !*(bindprop.get())) {
- log.warn("md:ArtifactResolutionService element has no Binding attribute, skipping it...");
+ else if (XMLString::equals(child->getLocalName(), _ArtifactResolutionService)) {
+ string bindprop(XMLHelper::getAttrString(child, nullptr, Binding));
+ if (bindprop.empty()) {
+ log.error("ArtifactResolutionService element has no Binding attribute, skipping it...");
child = XMLHelper::getNextSiblingElement(child);
continue;
}
- handler=conf.ArtifactResolutionServiceManager.newPlugin(bindprop.get(),make_pair(child, getId()));
+ handler = conf.ArtifactResolutionServiceManager.newPlugin(bindprop.c_str(), make_pair(child, getId()));
if (!hardArt) {
- pair<bool,bool> defprop=handler->getBool("isDefault");
+ pair<bool,bool> defprop = handler->getBool("isDefault");
if (defprop.first) {
if (defprop.second) {
- hardArt=true;
- m_artifactResolutionDefault=handler;
+ hardArt = true;
+ m_artifactResolutionDefault = handler;
}
}
else if (!m_artifactResolutionDefault)
- m_artifactResolutionDefault=handler;
+ m_artifactResolutionDefault = handler;
}
}
- else if (XMLString::equals(child->getLocalName(),_SingleLogoutService)) {
- auto_ptr_char bindprop(child->getAttributeNS(nullptr,Binding));
- if (!bindprop.get() || !*(bindprop.get())) {
- log.warn("md:SingleLogoutService element has no Binding attribute, skipping it...");
+ else if (XMLString::equals(child->getLocalName(), _SingleLogoutService)) {
+ string bindprop(XMLHelper::getAttrString(child, nullptr, Binding));
+ if (bindprop.empty()) {
+ log.error("SingleLogoutService element has no Binding attribute, skipping it...");
child = XMLHelper::getNextSiblingElement(child);
continue;
}
- handler=conf.SingleLogoutServiceManager.newPlugin(bindprop.get(),make_pair(child, getId()));
+ handler = conf.SingleLogoutServiceManager.newPlugin(bindprop.c_str(), make_pair(child, getId()));
}
- else if (XMLString::equals(child->getLocalName(),_ManageNameIDService)) {
- auto_ptr_char bindprop(child->getAttributeNS(nullptr,Binding));
- if (!bindprop.get() || !*(bindprop.get())) {
- log.warn("md:ManageNameIDService element has no Binding attribute, skipping it...");
+ else if (XMLString::equals(child->getLocalName(), _ManageNameIDService)) {
+ string bindprop(XMLHelper::getAttrString(child, nullptr, Binding));
+ if (bindprop.empty()) {
+ log.error("ManageNameIDService element has no Binding attribute, skipping it...");
child = XMLHelper::getNextSiblingElement(child);
continue;
}
- handler=conf.ManageNameIDServiceManager.newPlugin(bindprop.get(),make_pair(child, getId()));
+ handler = conf.ManageNameIDServiceManager.newPlugin(bindprop.c_str(), make_pair(child, getId()));
}
else {
- auto_ptr_char type(child->getAttributeNS(nullptr,_type));
- if (!type.get() || !*(type.get())) {
- log.warn("Handler element has no type attribute, skipping it...");
+ string t(XMLHelper::getAttrString(child, nullptr, _type));
+ if (t.empty()) {
+ log.error("Handler element has no type attribute, skipping it...");
child = XMLHelper::getNextSiblingElement(child);
continue;
}
- handler=conf.HandlerManager.newPlugin(type.get(),make_pair(child, getId()));
+ handler = conf.HandlerManager.newPlugin(t.c_str(), make_pair(child, getId()));
}
m_handlers.push_back(handler);
// Insert into location map.
- location=handler->getString("Location");
+ location = handler->getString("Location");
if (location.first && *location.second == '/')
- m_handlerMap[location.second]=handler;
+ m_handlerMap[location.second] = handler;
else if (location.first)
- m_handlerMap[string("/") + location.second]=handler;
-
+ m_handlerMap[string("/") + location.second] = handler;
}
catch (exception& ex) {
log.error("caught exception processing handler element: %s", ex.what());
}
// Notification.
- DOMNodeList* nlist=e->getElementsByTagNameNS(shibspconstants::SHIB2SPCONFIG_NS,Notify);
- for (XMLSize_t i=0; nlist && i<nlist->getLength(); i++) {
+ DOMNodeList* nlist = e->getElementsByTagNameNS(shibspconstants::SHIB2SPCONFIG_NS, Notify);
+ for (XMLSize_t i = 0; nlist && i < nlist->getLength(); ++i) {
if (nlist->item(i)->getParentNode()->isSameNode(e)) {
- const XMLCh* channel = static_cast<DOMElement*>(nlist->item(i))->getAttributeNS(nullptr,Channel);
- auto_ptr_char loc(static_cast<DOMElement*>(nlist->item(i))->getAttributeNS(nullptr,Location));
- if (loc.get() && *loc.get()) {
+ const XMLCh* channel = static_cast<DOMElement*>(nlist->item(i))->getAttributeNS(nullptr, Channel);
+ string loc(XMLHelper::getAttrString(static_cast<DOMElement*>(nlist->item(i)), nullptr, Location));
+ if (!loc.empty()) {
if (channel && *channel == chLatin_f)
- m_frontLogout.push_back(loc.get());
+ m_frontLogout.push_back(loc);
else
- m_backLogout.push_back(loc.get());
+ m_backLogout.push_back(loc);
}
}
}
#ifndef SHIBSP_LITE
- nlist=e->getElementsByTagNameNS(samlconstants::SAML20_NS,Audience::LOCAL_NAME);
+ nlist = e->getElementsByTagNameNS(samlconstants::SAML20_NS, Audience::LOCAL_NAME);
if (nlist && nlist->getLength()) {
log.warn("use of <saml:Audience> elements outside of a Security Policy Rule is deprecated");
- for (XMLSize_t i=0; i<nlist->getLength(); i++)
+ for (XMLSize_t i = 0; i < nlist->getLength(); ++i)
if (nlist->item(i)->getParentNode()->isSameNode(e) && nlist->item(i)->hasChildNodes())
m_audiences.push_back(nlist->item(i)->getFirstChild()->getNodeValue());
}
if (conf.isEnabled(SPConfig::Metadata)) {
- child = XMLHelper::getFirstChildElement(e,_MetadataProvider);
+ child = XMLHelper::getFirstChildElement(e, _MetadataProvider);
if (child) {
- auto_ptr_char type(child->getAttributeNS(nullptr,_type));
- log.info("building MetadataProvider of type %s...",type.get());
+ string t(XMLHelper::getAttrString(child, nullptr, _type));
try {
- auto_ptr<MetadataProvider> mp(samlConf.MetadataProviderManager.newPlugin(type.get(),child));
- mp->init();
- m_metadata = mp.release();
+ if (!t.empty()) {
+ log.info("building MetadataProvider of type %s...", t.c_str());
+ auto_ptr<MetadataProvider> mp(samlConf.MetadataProviderManager.newPlugin(t.c_str(), child));
+ mp->init();
+ m_metadata = mp.release();
+ }
+ else {
+ throw ConfigurationException("MetadataProvider element had no type attribute.");
+ }
}
catch (exception& ex) {
log.crit("error building/initializing MetadataProvider: %s", ex.what());
}
if (conf.isEnabled(SPConfig::Trust)) {
- child = XMLHelper::getFirstChildElement(e,_TrustEngine);
+ child = XMLHelper::getFirstChildElement(e, _TrustEngine);
if (child) {
- auto_ptr_char type(child->getAttributeNS(nullptr,_type));
- log.info("building TrustEngine of type %s...",type.get());
+ string t(XMLHelper::getAttrString(child, nullptr, _type));
try {
- m_trust = xmlConf.TrustEngineManager.newPlugin(type.get(),child);
+ if (!t.empty()) {
+ log.info("building TrustEngine of type %s...", t.c_str());
+ m_trust = xmlConf.TrustEngineManager.newPlugin(t.c_str(), child);
+ }
+ else {
+ throw ConfigurationException("TrustEngine element had no type attribute.");
+ }
}
catch (exception& ex) {
log.crit("error building TrustEngine: %s", ex.what());
}
}
+ else if (!m_base) {
+ log.info(
+ "no TrustEngine specified, using default chain {%s, %s}",
+ EXPLICIT_KEY_TRUSTENGINE, SHIBBOLETH_PKIX_TRUSTENGINE
+ );
+ m_trust = xmlConf.TrustEngineManager.newPlugin(CHAINING_TRUSTENGINE, nullptr);
+ ChainingTrustEngine* trustchain = dynamic_cast<ChainingTrustEngine*>(m_trust);
+ if (trustchain) {
+ trustchain->addTrustEngine(xmlConf.TrustEngineManager.newPlugin(EXPLICIT_KEY_TRUSTENGINE, nullptr));
+ trustchain->addTrustEngine(xmlConf.TrustEngineManager.newPlugin(SHIBBOLETH_PKIX_TRUSTENGINE, nullptr));
+ }
+ }
}
if (conf.isEnabled(SPConfig::AttributeResolution)) {
- child = XMLHelper::getFirstChildElement(e,_AttributeExtractor);
+ child = XMLHelper::getFirstChildElement(e, _AttributeExtractor);
if (child) {
- auto_ptr_char type(child->getAttributeNS(nullptr,_type));
- log.info("building AttributeExtractor of type %s...",type.get());
+ string t(XMLHelper::getAttrString(child, nullptr, _type));
try {
- m_attrExtractor = conf.AttributeExtractorManager.newPlugin(type.get(),child);
+ if (!t.empty()) {
+ log.info("building AttributeExtractor of type %s...", t.c_str());
+ m_attrExtractor = conf.AttributeExtractorManager.newPlugin(t.c_str(), child);
+ }
+ else {
+ throw ConfigurationException("AttributeExtractor element had no type attribute.");
+ }
}
catch (exception& ex) {
log.crit("error building AttributeExtractor: %s", ex.what());
}
}
- child = XMLHelper::getFirstChildElement(e,_AttributeFilter);
+ child = XMLHelper::getFirstChildElement(e, _AttributeFilter);
if (child) {
- auto_ptr_char type(child->getAttributeNS(nullptr,_type));
- log.info("building AttributeFilter of type %s...",type.get());
+ string t(XMLHelper::getAttrString(child, nullptr, _type));
try {
- m_attrFilter = conf.AttributeFilterManager.newPlugin(type.get(),child);
+ if (!t.empty()) {
+ log.info("building AttributeFilter of type %s...", t.c_str());
+ m_attrFilter = conf.AttributeFilterManager.newPlugin(t.c_str(), child);
+ }
+ else {
+ throw ConfigurationException("AttributeFilter element had no type attribute.");
+ }
}
catch (exception& ex) {
log.crit("error building AttributeFilter: %s", ex.what());
}
}
- child = XMLHelper::getFirstChildElement(e,_AttributeResolver);
+ child = XMLHelper::getFirstChildElement(e, _AttributeResolver);
if (child) {
- auto_ptr_char type(child->getAttributeNS(nullptr,_type));
- log.info("building AttributeResolver of type %s...",type.get());
+ string t(XMLHelper::getAttrString(child, nullptr, _type));
try {
- m_attrResolver = conf.AttributeResolverManager.newPlugin(type.get(),child);
+ if (!t.empty()) {
+ log.info("building AttributeResolver of type %s...", t.c_str());
+ m_attrResolver = conf.AttributeResolverManager.newPlugin(t.c_str(), child);
+ }
+ else {
+ throw ConfigurationException("AttributeResolver element had no type attribute.");
+ }
}
catch (exception& ex) {
log.crit("error building AttributeResolver: %s", ex.what());
string addr=string(getId()) + "::getHeaders::Application";
listener->regListener(addr.c_str(),this);
}
- else
+ else {
log.info("no ListenerService available, Application remoting disabled");
+ }
}
}
catch (exception&) {
const Handler* XMLApplication::getAssertionConsumerServiceByIndex(unsigned short index) const
{
map<unsigned int,const Handler*>::const_iterator i=m_acsIndexMap.find(index);
- if (i!=m_acsIndexMap.end()) return i->second;
+ if (i != m_acsIndexMap.end()) return i->second;
return m_base ? m_base->getAssertionConsumerServiceByIndex(index) : nullptr;
}
-const vector<const Handler*>& XMLApplication::getAssertionConsumerServicesByBinding(const XMLCh* binding) const
+const Handler* XMLApplication::getAssertionConsumerServiceByBinding(const char* binding) const
{
ACSBindingMap::const_iterator i=m_acsBindingMap.find(binding);
- if (i!=m_acsBindingMap.end())
+ if (i != m_acsBindingMap.end()) return i->second.front();
+ return m_base ? m_base->getAssertionConsumerServiceByBinding(binding) : nullptr;
+}
+
+const vector<const Handler*>& XMLApplication::getAssertionConsumerServicesByBinding(const XMLCh* binding) const
+{
+ auto_ptr_char b(binding);
+ ACSBindingMap::const_iterator i=m_acsBindingMap.find(b.get());
+ if (i != m_acsBindingMap.end())
return i->second;
return m_base ? m_base->getAssertionConsumerServicesByBinding(binding) : g_noHandlers;
}
void XMLConfigImpl::doExtensions(const DOMElement* e, const char* label, Category& log)
{
- const DOMElement* exts=XMLHelper::getFirstChildElement(e,_Extensions);
+ const DOMElement* exts = XMLHelper::getFirstChildElement(e, _Extensions);
if (exts) {
- exts=XMLHelper::getFirstChildElement(exts,Library);
+ exts = XMLHelper::getFirstChildElement(exts, Library);
while (exts) {
- auto_ptr_char path(exts->getAttributeNS(nullptr,_path));
+ string path(XMLHelper::getAttrString(exts, nullptr, _path));
try {
- if (path.get()) {
- if (!XMLToolingConfig::getConfig().load_library(path.get(),(void*)exts))
+ if (!path.empty()) {
+ if (!XMLToolingConfig::getConfig().load_library(path.c_str(), (void*)exts))
throw ConfigurationException("XMLToolingConfig::load_library failed.");
- log.debug("loaded %s extension library (%s)", label, path.get());
+ log.debug("loaded %s extension library (%s)", label, path.c_str());
}
}
catch (exception& e) {
- const XMLCh* fatal=exts->getAttributeNS(nullptr,_fatal);
- if (fatal && (*fatal==chLatin_t || *fatal==chDigit_1)) {
- log.fatal("unable to load mandatory %s extension library %s: %s", label, path.get(), e.what());
+ if (XMLHelper::getAttrBool(exts, false, _fatal)) {
+ log.fatal("unable to load mandatory %s extension library %s: %s", label, path.c_str(), e.what());
throw;
}
else {
- log.crit("unable to load optional %s extension library %s: %s", label, path.get(), e.what());
+ log.crit("unable to load optional %s extension library %s: %s", label, path.c_str(), e.what());
}
}
- exts=XMLHelper::getNextSiblingElement(exts,Library);
+ exts = XMLHelper::getNextSiblingElement(exts, Library);
}
}
}
SAMLConfig& samlConf=SAMLConfig::getConfig();
#endif
XMLToolingConfig& xmlConf=XMLToolingConfig::getConfig();
- const DOMElement* SHAR=XMLHelper::getFirstChildElement(e,OutOfProcess);
- const DOMElement* SHIRE=XMLHelper::getFirstChildElement(e,InProcess);
+ const DOMElement* SHAR=XMLHelper::getFirstChildElement(e, OutOfProcess);
+ const DOMElement* SHIRE=XMLHelper::getFirstChildElement(e, InProcess);
- // Initialize log4cpp manually in order to redirect log messages as soon as possible.
+ // Initialize logging manually in order to redirect log messages as soon as possible.
if (conf.isEnabled(SPConfig::Logging)) {
- const XMLCh* logconf=nullptr;
+ string logconf;
if (conf.isEnabled(SPConfig::OutOfProcess))
- logconf=SHAR->getAttributeNS(nullptr,logger);
+ logconf = XMLHelper::getAttrString(SHAR, nullptr, logger);
else if (conf.isEnabled(SPConfig::InProcess))
- logconf=SHIRE->getAttributeNS(nullptr,logger);
- if (!logconf || !*logconf)
- logconf=e->getAttributeNS(nullptr,logger);
- if (logconf && *logconf) {
- auto_ptr_char logpath(logconf);
- log.debug("loading new logging configuration from (%s), check log destination for status of configuration",logpath.get());
- if (!XMLToolingConfig::getConfig().log_config(logpath.get()))
- log.crit("failed to load new logging configuration from (%s)", logpath.get());
+ logconf = XMLHelper::getAttrString(SHIRE, nullptr, logger);
+ if (logconf.empty())
+ logconf = XMLHelper::getAttrString(e, nullptr, logger);
+ if (logconf.empty() && !getenv("SHIBSP_LOGGING")) {
+ // No properties found, so default them.
+ if (conf.isEnabled(SPConfig::OutOfProcess) && !conf.isEnabled(SPConfig::InProcess))
+ logconf = "shibd.logger";
+ else if (!conf.isEnabled(SPConfig::OutOfProcess) && conf.isEnabled(SPConfig::InProcess))
+ logconf = "native.logger";
+ else
+ logconf = "shibboleth.logger";
+ }
+ if (!logconf.empty()) {
+ log.debug("loading new logging configuration from (%s), check log destination for status of configuration", logconf.c_str());
+ if (!XMLToolingConfig::getConfig().log_config(logconf.c_str()))
+ log.crit("failed to load new logging configuration from (%s)", logconf.c_str());
}
#ifndef SHIBSP_LITE
#endif
if (conf.isEnabled(SPConfig::Caching)) {
- if (conf.isEnabled(SPConfig::OutOfProcess)) {
#ifndef SHIBSP_LITE
+ if (conf.isEnabled(SPConfig::OutOfProcess)) {
// First build any StorageServices.
- child=XMLHelper::getFirstChildElement(e,_StorageService);
+ child = XMLHelper::getFirstChildElement(e, _StorageService);
while (child) {
- auto_ptr_char id(child->getAttributeNS(nullptr,_id));
- auto_ptr_char type(child->getAttributeNS(nullptr,_type));
- try {
- log.info("building StorageService (%s) of type %s...", id.get(), type.get());
- m_outer->m_storage[id.get()] = xmlConf.StorageServiceManager.newPlugin(type.get(),child);
- }
- catch (exception& ex) {
- log.crit("failed to instantiate StorageService (%s): %s", id.get(), ex.what());
+ string id(XMLHelper::getAttrString(child, nullptr, _id));
+ string t(XMLHelper::getAttrString(child, nullptr, _type));
+ if (!t.empty()) {
+ try {
+ log.info("building StorageService (%s) of type %s...", id.c_str(), t.c_str());
+ m_outer->m_storage[id] = xmlConf.StorageServiceManager.newPlugin(t.c_str(), child);
+ }
+ catch (exception& ex) {
+ log.crit("failed to instantiate StorageService (%s): %s", id.c_str(), ex.what());
+ }
}
- child=XMLHelper::getNextSiblingElement(child,_StorageService);
+ child = XMLHelper::getNextSiblingElement(child, _StorageService);
+ }
+
+ if (m_outer->m_storage.empty()) {
+ log.info("no StorageService plugin(s) installed, using (mem) in-memory instance");
+ m_outer->m_storage["id"] = xmlConf.StorageServiceManager.newPlugin(MEMORY_STORAGE_SERVICE, nullptr);
}
// Replay cache.
- StorageService* replaySS=nullptr;
- child=XMLHelper::getFirstChildElement(e,_ReplayCache);
+ StorageService* replaySS = nullptr;
+ child = XMLHelper::getFirstChildElement(e, _ReplayCache);
if (child) {
- auto_ptr_char ssid(child->getAttributeNS(nullptr,_StorageService));
- if (ssid.get() && *ssid.get()) {
- if (m_outer->m_storage.count(ssid.get()))
- replaySS = m_outer->m_storage[ssid.get()];
- if (replaySS)
- log.info("building ReplayCache on top of StorageService (%s)...", ssid.get());
- else
- log.warn("unable to locate StorageService (%s) for ReplayCache, using dedicated in-memory instance", ssid.get());
+ string ssid(XMLHelper::getAttrString(child, nullptr, _StorageService));
+ if (!ssid.empty()) {
+ if (m_outer->m_storage.count(ssid)) {
+ log.info("building ReplayCache on top of StorageService (%s)...", ssid.c_str());
+ replaySS = m_outer->m_storage[ssid];
+ }
+ else {
+ log.error("unable to locate StorageService (%s), using arbitrary instance for ReplayCache", ssid.c_str());
+ replaySS = m_outer->m_storage.begin()->second;
+ }
+ }
+ else {
+ log.info("no StorageService specified for ReplayCache, using arbitrary instance");
+ replaySS = m_outer->m_storage.begin()->second;
}
- xmlConf.setReplayCache(new ReplayCache(replaySS));
}
else {
- log.warn("no ReplayCache built, missing conf:ReplayCache element?");
+ log.info("no ReplayCache specified, using arbitrary StorageService instance");
+ replaySS = m_outer->m_storage.begin()->second;
}
+ xmlConf.setReplayCache(new ReplayCache(replaySS));
// ArtifactMap
- child=XMLHelper::getFirstChildElement(e,_ArtifactMap);
+ child = XMLHelper::getFirstChildElement(e, _ArtifactMap);
if (child) {
- auto_ptr_char ssid(child->getAttributeNS(nullptr,_StorageService));
- if (ssid.get() && *ssid.get() && m_outer->m_storage.count(ssid.get())) {
- log.info("building ArtifactMap on top of StorageService (%s)...", ssid.get());
- samlConf.setArtifactMap(new ArtifactMap(child, m_outer->m_storage[ssid.get()]));
+ string ssid(XMLHelper::getAttrString(child, nullptr, _StorageService));
+ if (!ssid.empty()) {
+ if (m_outer->m_storage.count(ssid)) {
+ log.info("building ArtifactMap on top of StorageService (%s)...", ssid.c_str());
+ samlConf.setArtifactMap(new ArtifactMap(child, m_outer->m_storage[ssid]));
+ }
+ else {
+ log.error("unable to locate StorageService (%s), using in-memory ArtifactMap", ssid.c_str());
+ samlConf.setArtifactMap(new ArtifactMap(child));
+ }
+ }
+ else {
+ log.info("no StorageService specified, using in-memory ArtifactMap");
+ samlConf.setArtifactMap(new ArtifactMap(child));
}
}
- if (samlConf.getArtifactMap()==nullptr) {
- log.info("building in-memory ArtifactMap...");
+ else {
+ log.info("no ArtifactMap specified, building in-memory ArtifactMap...");
samlConf.setArtifactMap(new ArtifactMap(child));
}
+ } // end of out of process caching components
#endif
- }
- child=XMLHelper::getFirstChildElement(e,_SessionCache);
+
+ child = XMLHelper::getFirstChildElement(e, _SessionCache);
if (child) {
- auto_ptr_char type(child->getAttributeNS(nullptr,_type));
- log.info("building SessionCache of type %s...",type.get());
- m_outer->m_sessionCache=conf.SessionCacheManager.newPlugin(type.get(), child);
+ string t(XMLHelper::getAttrString(child, nullptr, _type));
+ if (!t.empty()) {
+ log.info("building SessionCache of type %s...", t.c_str());
+ m_outer->m_sessionCache = conf.SessionCacheManager.newPlugin(t.c_str(), child);
+ }
}
- else {
- log.fatal("can't build SessionCache, missing conf:SessionCache element?");
- throw ConfigurationException("Can't build SessionCache, missing conf:SessionCache element?");
+ if (!m_outer->m_sessionCache) {
+ log.info("no SessionCache specified, using StorageService-backed instance");
+ m_outer->m_sessionCache = conf.SessionCacheManager.newPlugin(STORAGESERVICE_SESSION_CACHE, nullptr);
}
}
} // end of first-time-only stuff
// Back to the fully dynamic stuff...next up is the RequestMapper.
if (conf.isEnabled(SPConfig::RequestMapping)) {
- if (child = XMLHelper::getFirstChildElement(e,_RequestMapper)) {
- auto_ptr_char type(child->getAttributeNS(nullptr,_type));
- log.info("building RequestMapper of type %s...",type.get());
- m_requestMapper=conf.RequestMapperManager.newPlugin(type.get(),child);
+ if (child = XMLHelper::getFirstChildElement(e, _RequestMapper)) {
+ string t(XMLHelper::getAttrString(child, nullptr, _type));
+ if (!t.empty()) {
+ log.info("building RequestMapper of type %s...", t.c_str());
+ m_requestMapper = conf.RequestMapperManager.newPlugin(t.c_str(), child);
+ }
}
- else {
- log.fatal("can't build RequestMapper, missing conf:RequestMapper element?");
- throw ConfigurationException("Can't build RequestMapper, missing conf:RequestMapper element?");
+ if (!m_requestMapper) {
+ log.info("no RequestMapper specified, using 'Native' plugin with empty/default map");
+ child = e->getOwnerDocument()->createElementNS(nullptr, _RequestMapper);
+ DOMElement* mapperDummy = e->getOwnerDocument()->createElementNS(shibspconstants::SHIB2SPCONFIG_NS, RequestMap);
+ mapperDummy->setAttributeNS(nullptr, applicationId, _default);
+ child->appendChild(mapperDummy);
+ m_requestMapper = conf.RequestMapperManager.newPlugin(NATIVE_REQUEST_MAPPER, child);
}
}
#ifndef SHIBSP_LITE
// Load security policies.
if (child = XMLHelper::getLastChildElement(e, SecurityPolicyProvider)) {
- auto_ptr_char type(child->getAttributeNS(nullptr, _type));
- log.info("building SecurityPolicyProvider of type %s...", type.get());
- m_policy = conf.SecurityPolicyProviderManager.newPlugin(type.get(), child);
+ string t(XMLHelper::getAttrString(child, nullptr, _type));
+ if (!t.empty()) {
+ log.info("building SecurityPolicyProvider of type %s...", t.c_str());
+ m_policy = conf.SecurityPolicyProviderManager.newPlugin(t.c_str(), child);
+ }
+ else {
+ throw ConfigurationException("can't build SecurityPolicyProvider, no type specified");
+ }
}
else if (child = XMLHelper::getLastChildElement(e, SecurityPolicies)) {
// For backward compatibility, wrap in a plugin element.
}
// Process TransportOption elements.
- child = XMLHelper::getLastChildElement(e,TransportOption);
+ child = XMLHelper::getLastChildElement(e, TransportOption);
while (child) {
if (child->hasChildNodes()) {
- auto_ptr_char provider(child->getAttributeNS(nullptr,_provider));
- auto_ptr_char option(child->getAttributeNS(nullptr,_option));
+ string provider(XMLHelper::getAttrString(child, nullptr, _provider));
+ string option(XMLHelper::getAttrString(child, nullptr, _option));
auto_ptr_char value(child->getFirstChild()->getNodeValue());
- if (provider.get() && *provider.get() && option.get() && *option.get() && value.get() && *value.get()) {
- m_transportOptions.push_back(make_pair(string(provider.get()), make_pair(string(option.get()), string(value.get()))));
+ if (!provider.empty() && !option.empty() && value.get() && *value.get()) {
+ m_transportOptions.push_back(make_pair(provider, make_pair(option, string(value.get()))));
}
}
- child = XMLHelper::getPreviousSiblingElement(child,TransportOption);
+ child = XMLHelper::getPreviousSiblingElement(child, TransportOption);
}
#endif
- // Load the default application. This actually has a fixed ID of "default". ;-)
- child=XMLHelper::getLastChildElement(e,ApplicationDefaults);
+ // Load the default application.
+ child = XMLHelper::getLastChildElement(e, ApplicationDefaults);
if (!child) {
log.fatal("can't build default Application object, missing conf:ApplicationDefaults element?");
throw ConfigurationException("can't build default Application object, missing conf:ApplicationDefaults element?");
}
- XMLApplication* defapp=new XMLApplication(m_outer,child);
- m_appmap[defapp->getId()]=defapp;
+ XMLApplication* defapp = new XMLApplication(m_outer, child);
+ m_appmap[defapp->getId()] = defapp;
// Load any overrides.
- child = XMLHelper::getFirstChildElement(child,ApplicationOverride);
+ child = XMLHelper::getFirstChildElement(child, ApplicationOverride);
while (child) {
- auto_ptr<XMLApplication> iapp(new XMLApplication(m_outer,child,defapp));
+ auto_ptr<XMLApplication> iapp(new XMLApplication(m_outer, child, defapp));
if (m_appmap.count(iapp->getId()))
log.crit("found conf:ApplicationOverride element with duplicate id attribute (%s), skipping it", iapp->getId());
else {
const char* iappid=iapp->getId();
- m_appmap[iappid]=iapp.release();
+ m_appmap[iappid] = iapp.release();
}
- child = XMLHelper::getNextSiblingElement(child,ApplicationOverride);
+ child = XMLHelper::getNextSiblingElement(child, ApplicationOverride);
}
}
catch (exception&) {