/*
- * Copyright 2001-2005 Internet2
+ * Copyright 2001-2007 Internet2
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
# define _CRT_SECURE_NO_DEPRECATE 1
#endif
-#include "../shib-target/shib-target.h"
+#include <shib-target/shib-target.h>
+#include <shibsp/SPConfig.h>
+#include <shibsp/util/SPConstants.h>
-using namespace std;
-using namespace saml;
-using namespace shibboleth;
+using namespace shibsp;
using namespace shibtarget;
+using namespace opensaml::saml2md;
+using namespace saml;
+using namespace std;
int main(int argc,char* argv[])
{
a_param="default";
ShibTargetConfig& conf=ShibTargetConfig::getConfig();
- conf.setFeatures(
- ShibTargetConfig::Metadata |
- ShibTargetConfig::Trust |
- ShibTargetConfig::Credentials |
- ShibTargetConfig::AAP |
- ShibTargetConfig::OutOfProcess |
- ShibTargetConfig::Caching
+ SPConfig::getConfig().setFeatures(
+ SPConfig::Metadata |
+ SPConfig::Trust |
+ SPConfig::Credentials |
+ SPConfig::AttributeResolver |
+ SPConfig::OutOfProcess |
+ SPConfig::Caching
);
if (!conf.init(path) || !conf.load(config))
return -10;
+ ServiceProvider* sp=SPConfig::getConfig().getServiceProvider();
+ xmltooling::Locker locker(sp);
+
try {
- const IApplication* app=conf.getINI()->getApplication(a_param);
+ const IApplication* app=dynamic_cast<const IApplication*>(sp->getApplication(a_param));
if (!app)
throw SAMLException("specified <Application> section not found in configuration");
new SAMLNameIdentifier(
handle.get(),
domain.get(),
- format.get() ? format.get() : Constants::SHIB_NAMEID_FORMAT_URI
+ format.get() ? format.get() : shibspconstants::SHIB1_NAMEID_FORMAT_URI
)
),
- resource.get(),
- app->getAttributeDesignators().clone()
+ resource.get()
)
)
);
- Metadata m(app->getMetadataProviders());
- const IEntityDescriptor* site=m.lookup(domain.get());
+ MetadataProvider* m=app->getMetadataProvider();
+ xmltooling::Locker locker(m);
+ const EntityDescriptor* site=m->getEntityDescriptor(domain.get());
if (!site)
- throw SAMLException("Unable to locate specified origin site's metadata.");
+ throw MetadataException("Unable to locate specified origin site's metadata.");
// Try to locate an AA role.
- const IAttributeAuthorityDescriptor* AA=site->getAttributeAuthorityDescriptor(saml::XML::SAML11_PROTOCOL_ENUM);
+ const AttributeAuthorityDescriptor* AA=site->getAttributeAuthorityDescriptor(saml::XML::SAML11_PROTOCOL_ENUM);
if (!AA)
- throw SAMLException("Unable to locate metadata for origin site's Attribute Authority.");
+ throw MetadataException("Unable to locate metadata for origin site's Attribute Authority.");
ShibHTTPHook::ShibHTTPHookCallContext ctx(app->getCredentialUse(site),AA);
- Trust t(app->getTrustProviders());
SAMLResponse* response=NULL;
- Iterator<const IEndpoint*> endpoints=AA->getAttributeServiceManager()->getEndpoints();
- while (!response && endpoints.hasNext()) {
- const IEndpoint* ep=endpoints.next();
+ const vector<AttributeService*>& endpoints=AA->getAttributeServices();
+ for (vector<AttributeService*>::const_iterator ep=endpoints.begin(); !response && ep!=endpoints.end(); ++ep) {
try {
// Get a binding object for this protocol.
- const SAMLBinding* binding = app->getBinding(ep->getBinding());
+ const SAMLBinding* binding = app->getBinding((*ep)->getBinding());
if (!binding) {
continue;
}
- auto_ptr<SAMLResponse> r(binding->send(ep->getLocation(), *(req.get()), &ctx));
- if (r->isSigned() && !t.validate(*r,AA))
- throw TrustException("unable to verify signed response");
- response = r.release();
+ response=binding->send((*ep)->getLocation(), *(req.get()), &ctx);
}
- catch (SAMLException& e) {
- // Check for shib:InvalidHandle error and propagate it out.
- Iterator<saml::QName> codes=e.getCodes();
- if (codes.size()>1) {
- const saml::QName& code=codes[1];
- if (!XMLString::compareString(code.getNamespaceURI(),shibboleth::Constants::SHIB_NS) &&
- !XMLString::compareString(code.getLocalName(), shibboleth::Constants::InvalidHandle)) {
- codes.reset();
- throw InvalidHandleException(e.what(),params(),codes);
- }
- }
+ catch (exception&) {
}
}
if (!response)
- throw SAMLException("unable to successfully query for attributes");
-
- // Run it through the AAP. Note that we could end up with an empty response!
- Iterator<SAMLAssertion*> a=response->getAssertions();
- for (unsigned long c=0; c < a.size();) {
- try {
- AAP::apply(app->getAAPProviders(),*(a[c]),site);
- c++;
- }
- catch (SAMLException&) {
- response->removeAssertion(c);
- }
- }
+ throw opensaml::BindingException("unable to successfully query for attributes");
Iterator<SAMLAssertion*> i=response->getAssertions();
if (i.hasNext())
}
}
}
- catch(SAMLException& e)
- {
- cerr << "caught a SAML exception: " << e.what() << endl;
- }
- catch(XMLException& e)
+ catch(exception& e)
{
- cerr << "caught an XML exception: "; xmlout(cerr,e.getMessage()); cerr << endl;
+ cerr << "caught an exception: " << e.what() << endl;
}
conf.shutdown();