/*
- * Copyright 2001-2009 Internet2
+ * Copyright 2001-2010 Internet2
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
/**
* XMLToolingConfig.cpp
*
- * Library configuration
+ * Library configuration.
*/
#include "internal.h"
#include "XMLToolingConfig.h"
#include "encryption/Encryption.h"
#include "encryption/Encrypter.h"
-#include "io/HTTPRequest.h"
-#include "io/HTTPResponse.h"
#include "impl/UnknownElement.h"
+#include "io/HTTPResponse.h"
#include "security/TrustEngine.h"
#include "security/OpenSSLCryptoX509CRL.h"
#include "security/CredentialResolver.h"
#include "security/KeyInfoResolver.h"
+#include "signature/KeyInfo.h"
#include "signature/Signature.h"
#include "soap/SOAP.h"
-#include "soap/SOAPTransport.h"
#include "util/NDC.h"
#include "util/PathResolver.h"
#include "util/ReplayCache.h"
#include "util/StorageService.h"
#include "util/TemplateEngine.h"
+#include "util/Threads.h"
#include "util/URLEncoder.h"
-#include "util/XMLConstants.h"
#include "validation/ValidatorSuite.h"
#ifdef HAVE_DLFCN_H
# include <log4cpp/OstreamAppender.hh>
#endif
#include <xercesc/util/PlatformUtils.hpp>
+#include <xercesc/util/XMLUniDefs.hpp>
#ifndef XMLTOOLING_NO_XMLSEC
# include <curl/curl.h>
# include <openssl/err.h>
+# include <xsec/framework/XSECAlgorithmMapper.hpp>
+# include <xsec/framework/XSECException.hpp>
# include <xsec/framework/XSECProvider.hpp>
+# include <xsec/transformers/TXFMBase.hpp>
#endif
using namespace soap11;
using namespace xmltooling::logging;
using namespace xmltooling;
+using namespace xercesc;
using namespace std;
-using xercesc::XMLPlatformUtils;
DECL_XMLTOOLING_EXCEPTION_FACTORY(XMLParserException,xmltooling);
DECL_XMLTOOLING_EXCEPTION_FACTORY(XMLObjectException,xmltooling);
DECL_XMLTOOLING_EXCEPTION_FACTORY(EncryptionException,xmlencryption);
#endif
-namespace xmltooling {
+namespace {
static XMLToolingInternalConfig g_config;
#ifndef XMLTOOLING_NO_XMLSEC
static vector<Mutex*> g_openssl_locks;
return (unsigned long)(pthread_self());
}
# endif
+
+# ifdef XMLTOOLING_XMLSEC_DEBUGLOGGING
+ class TXFMOutputLog : public TXFMBase {
+ TXFMOutputLog();
+ public:
+ TXFMOutputLog(DOMDocument* doc) : TXFMBase(doc), m_log(Category::getInstance(XMLTOOLING_LOGCAT".Signature.Debugger")) {
+ input = nullptr;
+ }
+ ~TXFMOutputLog() {
+ m_log.debug("\n----- END SIGNATURE DEBUG -----\n");
+ }
+
+ void setInput(TXFMBase *newInput) {
+ input = newInput;
+ if (newInput->getOutputType() != TXFMBase::BYTE_STREAM)
+ throw XSECException(XSECException::TransformInputOutputFail, "OutputLog transform requires BYTE_STREAM input");
+ keepComments = input->getCommentsStatus();
+ m_log.debug("\n----- BEGIN SIGNATURE DEBUG -----\n");
+ }
+
+ TXFMBase::ioType getInputType() {
+ return TXFMBase::BYTE_STREAM;
+ }
+ TXFMBase::ioType getOutputType() {
+ return TXFMBase::BYTE_STREAM;
+ }
+ TXFMBase::nodeType getNodeType() {
+ return TXFMBase::DOM_NODE_NONE;
+ }
+
+ unsigned int readBytes(XMLByte * const toFill, const unsigned int maxToFill) {
+ unsigned int sz = input->readBytes(toFill, maxToFill);
+ m_log.debug(string(reinterpret_cast<char* const>(toFill), sz));
+ return sz;
+ }
+
+ DOMDocument* getDocument() {
+ return nullptr;
+ }
+ DOMNode* getFragmentNode() {
+ return nullptr;
+ }
+ const XMLCh* getFragmentId() {
+ return nullptr;
+ }
+
+ private:
+ Category& m_log;
+ };
+
+ TXFMBase* TXFMOutputLogFactory(DOMDocument* doc) {
+ if (Category::getInstance(XMLTOOLING_LOGCAT".Signature.Debugger").isDebugEnabled())
+ return new TXFMOutputLog(doc);
+ return nullptr;
+ }
+# endif
+
+#endif
+
+#ifdef WIN32
+ BOOL LogEvent(
+ LPCSTR lpUNCServerName,
+ WORD wType,
+ DWORD dwEventID,
+ PSID lpUserSid,
+ LPCSTR message)
+ {
+ LPCSTR messages[] = {message, nullptr};
+
+ HANDLE hElog = RegisterEventSource(lpUNCServerName, "OpenSAML XMLTooling Library");
+ BOOL res = ReportEvent(hElog, wType, 0, dwEventID, lpUserSid, 1, 0, messages, nullptr);
+ return (DeregisterEventSource(hElog) && res);
+ }
#endif
}
return g_config;
}
+#ifndef XMLTOOLING_NO_XMLSEC
+XMLToolingConfig::XMLToolingConfig()
+ : m_keyInfoResolver(nullptr), m_replayCache(nullptr), m_pathResolver(nullptr), m_templateEngine(nullptr), m_urlEncoder(nullptr), clock_skew_secs(180)
+#else
+XMLToolingConfig::XMLToolingConfig()
+ : m_pathResolver(nullptr), m_templateEngine(nullptr), m_urlEncoder(nullptr), clock_skew_secs(180)
+#endif
+{
+}
+
+XMLToolingConfig::~XMLToolingConfig()
+{
+}
+
bool XMLToolingInternalConfig::log_config(const char* config)
{
try {
}
}
catch (const ConfigureFailure& e) {
- Category::getInstance(XMLTOOLING_LOGCAT".Logging").crit("failed to initialize log4cpp: %s", e.what());
+ string msg = string("failed to configure logging: ") + e.what();
+ Category::getInstance(XMLTOOLING_LOGCAT".Logging").crit(msg);
+#ifdef WIN32
+ LogEvent(nullptr, EVENTLOG_ERROR_TYPE, 2100, nullptr, msg.c_str());
+#endif
return false;
}
}
#ifndef XMLTOOLING_LITE
+const KeyInfoResolver* XMLToolingConfig::getKeyInfoResolver() const
+{
+ return m_keyInfoResolver;
+}
+
+ReplayCache* XMLToolingConfig::getReplayCache() const
+{
+ return m_replayCache;
+}
+
+void XMLToolingConfig::setKeyInfoResolver(xmltooling::KeyInfoResolver *keyInfoResolver)
+{
+ delete m_keyInfoResolver;
+ m_keyInfoResolver = keyInfoResolver;
+}
+
void XMLToolingConfig::setReplayCache(ReplayCache* replayCache)
{
delete m_replayCache;
}
#endif
+PathResolver* XMLToolingConfig::getPathResolver() const
+{
+ return m_pathResolver;
+}
+
+TemplateEngine* XMLToolingConfig::getTemplateEngine() const
+{
+ return m_templateEngine;
+}
+
+const URLEncoder* XMLToolingConfig::getURLEncoder() const
+{
+ return m_urlEncoder;
+}
+
void XMLToolingConfig::setPathResolver(PathResolver* pathResolver)
{
delete m_pathResolver;
#ifndef XMLTOOLING_NO_XMLSEC
XSECPlatformUtils::Initialise();
+# ifdef XMLTOOLING_XMLSEC_DEBUGLOGGING
+ XSECPlatformUtils::SetReferenceLoggingSink(TXFMOutputLogFactory);
+# endif
m_xsecProvider=new XSECProvider();
log.debug("XML-Security %s initialization complete", XSEC_FULLVERSIONDOT);
#endif
// Load catalogs from path.
if (!catalog_path.empty()) {
char* catpath=strdup(catalog_path.c_str());
- char* sep=NULL;
+ char* sep=nullptr;
char* start=catpath;
while (start && *start) {
sep=strchr(start,PATH_SEPARATOR_CHAR);
*sep=0;
auto_ptr_XMLCh temp(start);
m_validatingPool->loadCatalog(temp.get());
- start = sep ? sep + 1 : NULL;
+ start = sep ? sep + 1 : nullptr;
}
free(catpath);
}
registerSOAPTransports();
initSOAPTransports();
registerStorageServices();
- m_keyInfoResolver = KeyInfoResolverManager.newPlugin(INLINE_KEYINFO_RESOLVER,NULL);
+ m_keyInfoResolver = KeyInfoResolverManager.newPlugin(INLINE_KEYINFO_RESOLVER,nullptr);
#endif
m_pathResolver = new PathResolver();
m_urlEncoder = new URLEncoder();
+ HTTPResponse::getAllowedSchemes().push_back("https");
+ HTTPResponse::getAllowedSchemes().push_back("http");
+
// Register xml:id as an ID attribute.
static const XMLCh xmlid[] = UNICODE_LITERAL_2(i,d);
AttributeExtensibleXMLObject::registerIDAttribute(QName(xmlconstants::XML_NS, xmlid));
void XMLToolingInternalConfig::term()
{
#ifndef XMLTOOLING_NO_XMLSEC
- CRYPTO_set_locking_callback(NULL);
+ CRYPTO_set_locking_callback(nullptr);
for_each(g_openssl_locks.begin(), g_openssl_locks.end(), xmltooling::cleanup<Mutex>());
g_openssl_locks.clear();
#endif
m_algorithmMap.clear();
delete m_keyInfoResolver;
- m_keyInfoResolver = NULL;
+ m_keyInfoResolver = nullptr;
delete m_replayCache;
- m_replayCache = NULL;
+ m_replayCache = nullptr;
#endif
delete m_pathResolver;
- m_pathResolver = NULL;
+ m_pathResolver = nullptr;
delete m_templateEngine;
- m_templateEngine = NULL;
+ m_templateEngine = nullptr;
delete m_urlEncoder;
- m_urlEncoder = NULL;
+ m_urlEncoder = nullptr;
for (vector<void*>::reverse_iterator i=m_libhandles.rbegin(); i!=m_libhandles.rend(); i++) {
#if defined(WIN32)
m_libhandles.clear();
delete m_parserPool;
- m_parserPool=NULL;
+ m_parserPool=nullptr;
delete m_validatingPool;
- m_validatingPool=NULL;
+ m_validatingPool=nullptr;
#ifndef XMLTOOLING_NO_XMLSEC
delete m_xsecProvider;
- m_xsecProvider=NULL;
+ m_xsecProvider=nullptr;
XSECPlatformUtils::Terminate();
#endif
XMLPlatformUtils::closeMutex(m_lock);
- m_lock=NULL;
+ m_lock=nullptr;
XMLPlatformUtils::Terminate();
#ifndef XMLTOOLING_NO_XMLSEC
m_pathResolver->resolve(resolved, PathResolver::XMLTOOLING_LIB_FILE);
#if defined(WIN32)
- HMODULE handle=NULL;
+ HMODULE handle=nullptr;
for (string::iterator i = resolved.begin(); i != resolved.end(); ++i)
if (*i == '/')
*i = '\\';
UINT em=SetErrorMode(SEM_FAILCRITICALERRORS);
try {
- handle=LoadLibraryEx(resolved.c_str(),NULL,LOAD_WITH_ALTERED_SEARCH_PATH);
+ handle=LoadLibraryEx(resolved.c_str(),nullptr,LOAD_WITH_ALTERED_SEARCH_PATH);
if (!handle)
- handle=LoadLibraryEx(resolved.c_str(),NULL,0);
+ handle=LoadLibraryEx(resolved.c_str(),nullptr,0);
if (!handle)
throw runtime_error(string("unable to load extension library: ") + resolved);
FARPROC fn=GetProcAddress(handle,"xmltooling_extension_init");
}
#ifndef XMLTOOLING_NO_XMLSEC
+
void xmltooling::log_openssl()
{
const char* file;
return new OpenSSLCryptoX509CRL();
}
+pair<const char*,unsigned int> XMLToolingInternalConfig::mapXMLAlgorithmToKeyAlgorithm(const XMLCh* xmlAlgorithm) const
+{
+ algmap_t::const_iterator i = m_algorithmMap.find(xmlAlgorithm);
+ if (i == m_algorithmMap.end())
+ return pair<const char*,unsigned int>(nullptr, 0);
+ return make_pair(i->second.first.c_str(), i->second.second);
+}
+
+void XMLToolingInternalConfig::registerXMLAlgorithm(const XMLCh* xmlAlgorithm, const char* keyAlgorithm, unsigned int size)
+{
+ m_algorithmMap[xmlAlgorithm] = pair<string,unsigned int>(keyAlgorithm, size);
+}
+
+bool XMLToolingInternalConfig::isXMLAlgorithmSupported(const XMLCh* xmlAlgorithm)
+{
+ try {
+ if (XSECPlatformUtils::g_algorithmMapper->mapURIToHandler(xmlAlgorithm))
+ return true;
+ }
+ catch (XSECException&) {
+ }
+ return false;
+}
+
void XMLToolingInternalConfig::registerXMLAlgorithms()
{
registerXMLAlgorithm(DSIGConstants::s_unicodeStrURIRSA_MD5, "RSA", 0);
registerXMLAlgorithm(DSIGConstants::s_unicodeStrURIDSA_SHA1, "DSA", 0);
+ registerXMLAlgorithm(DSIGConstants::s_unicodeStrURIECDSA_SHA1, "EC", 0);
+ registerXMLAlgorithm(DSIGConstants::s_unicodeStrURIECDSA_SHA256, "EC", 0);
+ registerXMLAlgorithm(DSIGConstants::s_unicodeStrURIECDSA_SHA384, "EC", 0);
+ registerXMLAlgorithm(DSIGConstants::s_unicodeStrURIECDSA_SHA512, "EC", 0);
+
registerXMLAlgorithm(DSIGConstants::s_unicodeStrURIHMAC_SHA1, "HMAC", 0);
registerXMLAlgorithm(DSIGConstants::s_unicodeStrURIHMAC_SHA224, "HMAC", 0);
registerXMLAlgorithm(DSIGConstants::s_unicodeStrURIHMAC_SHA256, "HMAC", 0);
registerXMLAlgorithm(DSIGConstants::s_unicodeStrURIAES256_CBC, "AES", 256);
registerXMLAlgorithm(DSIGConstants::s_unicodeStrURIKW_AES256, "AES", 256);
}
+
#endif
#ifdef WIN32