/*
- * The Shibboleth License, Version 1.
- * Copyright (c) 2002
- * University Corporation for Advanced Internet Development, Inc.
- * All rights reserved
+ * Copyright 2001-2007 Internet2
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
*
+ * http://www.apache.org/licenses/LICENSE-2.0
*
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions are met:
- *
- * Redistributions of source code must retain the above copyright notice, this
- * list of conditions and the following disclaimer.
- *
- * Redistributions in binary form must reproduce the above copyright notice,
- * this list of conditions and the following disclaimer in the documentation
- * and/or other materials provided with the distribution, if any, must include
- * the following acknowledgment: "This product includes software developed by
- * the University Corporation for Advanced Internet Development
- * <http://www.ucaid.edu>Internet2 Project. Alternately, this acknowledegement
- * may appear in the software itself, if and wherever such third-party
- * acknowledgments normally appear.
- *
- * Neither the name of Shibboleth nor the names of its contributors, nor
- * Internet2, nor the University Corporation for Advanced Internet Development,
- * Inc., nor UCAID may be used to endorse or promote products derived from this
- * software without specific prior written permission. For written permission,
- * please contact shibboleth@shibboleth.org
- *
- * Products derived from this software may not be called Shibboleth, Internet2,
- * UCAID, or the University Corporation for Advanced Internet Development, nor
- * may Shibboleth appear in their name, without prior written permission of the
- * University Corporation for Advanced Internet Development.
- *
- *
- * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
- * AND WITH ALL FAULTS. ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
- * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A
- * PARTICULAR PURPOSE, AND NON-INFRINGEMENT ARE DISCLAIMED AND THE ENTIRE RISK
- * OF SATISFACTORY QUALITY, PERFORMANCE, ACCURACY, AND EFFORT IS WITH LICENSEE.
- * IN NO EVENT SHALL THE COPYRIGHT OWNER, CONTRIBUTORS OR THE UNIVERSITY
- * CORPORATION FOR ADVANCED INTERNET DEVELOPMENT, INC. BE LIABLE FOR ANY DIRECT,
- * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
- * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
- * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
- * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
- * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
*/
+#ifdef WIN32
+# define _CRT_NONSTDC_NO_DEPRECATE 1
+# define _CRT_SECURE_NO_DEPRECATE 1
+#endif
-#include "../shib-target/shib-target.h"
+#include <shib-target/shib-target.h>
+#include <shibsp/SPConfig.h>
+#include <shibsp/util/SPConstants.h>
-using namespace std;
-using namespace saml;
-using namespace shibboleth;
+using namespace shibsp;
using namespace shibtarget;
+using namespace opensaml::saml2md;
+using namespace saml;
+using namespace std;
int main(int argc,char* argv[])
{
a_param="default";
ShibTargetConfig& conf=ShibTargetConfig::getConfig();
- conf.setFeatures(
- ShibTargetConfig::Metadata |
- ShibTargetConfig::Trust |
- ShibTargetConfig::Credentials |
- ShibTargetConfig::AAP |
- ShibTargetConfig::GlobalExtensions |
- ShibTargetConfig::Caching
+ SPConfig::getConfig().setFeatures(
+ SPConfig::Metadata |
+ SPConfig::Trust |
+ SPConfig::Credentials |
+ SPConfig::AttributeResolver |
+ SPConfig::OutOfProcess |
+ SPConfig::Caching
);
- if (!conf.init(path,config))
+ if (!conf.init(path) || !conf.load(config))
return -10;
+ ServiceProvider* sp=SPConfig::getConfig().getServiceProvider();
+ xmltooling::Locker locker(sp);
+
try {
- const IApplication* app=conf.getINI()->getApplication(a_param);
+ const IApplication* app=dynamic_cast<const IApplication*>(sp->getApplication(a_param));
if (!app)
throw SAMLException("specified <Application> section not found in configuration");
new SAMLNameIdentifier(
handle.get(),
domain.get(),
- format.get() ? format.get() : Constants::SHIB_NAMEID_FORMAT_URI
+ format.get() ? format.get() : shibspconstants::SHIB1_NAMEID_FORMAT_URI
)
),
- resource.get(),
- app->getAttributeDesignators().clone()
+ resource.get()
)
)
);
- Metadata m(app->getMetadataProviders());
- const IEntityDescriptor* site=m.lookup(domain.get());
+ MetadataProvider* m=app->getMetadataProvider();
+ xmltooling::Locker locker(m);
+ const EntityDescriptor* site=m->getEntityDescriptor(domain.get());
if (!site)
- throw SAMLException("Unable to locate specified origin site's metadata.");
+ throw MetadataException("Unable to locate specified origin site's metadata.");
// Try to locate an AA role.
- const IAttributeAuthorityDescriptor* AA=site->getAttributeAuthorityDescriptor(saml::XML::SAML11_PROTOCOL_ENUM);
+ const AttributeAuthorityDescriptor* AA=site->getAttributeAuthorityDescriptor(saml::XML::SAML11_PROTOCOL_ENUM);
if (!AA)
- throw SAMLException("Unable to locate metadata for origin site's Attribute Authority.");
+ throw MetadataException("Unable to locate metadata for origin site's Attribute Authority.");
- ShibHTTPHook::ShibHTTPHookCallContext ctx(app->getCredentialUse(site)->getString("TLS").second,AA);
- Trust t(app->getTrustProviders());
+ ShibHTTPHook::ShibHTTPHookCallContext ctx(app->getCredentialUse(site),AA);
SAMLResponse* response=NULL;
- Iterator<const IEndpoint*> endpoints=AA->getAttributeServiceManager()->getEndpoints();
- while (!response && endpoints.hasNext()) {
- const IEndpoint* ep=endpoints.next();
+ const vector<AttributeService*>& endpoints=AA->getAttributeServices();
+ for (vector<AttributeService*>::const_iterator ep=endpoints.begin(); !response && ep!=endpoints.end(); ++ep) {
try {
// Get a binding object for this protocol.
- const SAMLBinding* binding = app->getBinding(ep->getBinding());
+ const SAMLBinding* binding = app->getBinding((*ep)->getBinding());
if (!binding) {
continue;
}
- auto_ptr<SAMLResponse> r(binding->send(ep->getLocation(), *(req.get()), &ctx));
- if (r->isSigned() && !t.validate(app->getRevocationProviders(),AA,*r))
- throw TrustException("unable to verify signed response");
- response = r.release();
+ response=binding->send((*ep)->getLocation(), *(req.get()), &ctx);
}
- catch (SAMLException& e) {
- // Check for shib:InvalidHandle error and propagate it out.
- Iterator<saml::QName> codes=e.getCodes();
- if (codes.size()>1) {
- const saml::QName& code=codes[1];
- if (!XMLString::compareString(code.getNamespaceURI(),shibboleth::Constants::SHIB_NS) &&
- !XMLString::compareString(code.getLocalName(), shibboleth::Constants::InvalidHandle)) {
- codes.reset();
- throw InvalidHandleException(codes,e.what());
- }
- }
+ catch (exception&) {
}
}
if (!response)
- throw SAMLException("unable to successfully query for attributes");
-
- // Run it through the AAP. Note that we could end up with an empty response!
- Iterator<SAMLAssertion*> a=response->getAssertions();
- for (unsigned long c=0; c < a.size();) {
- try {
- AAP::apply(app->getAAPProviders(),*(a[c]),AA);
- c++;
- }
- catch (SAMLException&) {
- response->removeAssertion(c);
- }
- }
+ throw opensaml::BindingException("unable to successfully query for attributes");
Iterator<SAMLAssertion*> i=response->getAssertions();
if (i.hasNext())
}
}
}
- catch(SAMLException& e)
- {
- cerr << "caught a SAML exception: " << e.what() << endl;
- }
- catch(XMLException& e)
- {
- cerr << "caught an XML exception: "; xmlout(cerr,e.getMessage()); cerr << endl;
- }
- catch(...)
+ catch(exception& e)
{
- cerr << "caught an unknown exception" << endl;
+ cerr << "caught an exception: " << e.what() << endl;
}
conf.shutdown();