add sitesCertFile INI-file parameter

git-svn-id: https://svn.middleware.georgetown.edu/cpp-sp/trunk@200 cb58f699-b61c-0410-a6fe-9272a202ed29

diff --git a/configs/shibboleth.ini b/configs/shibboleth.ini
index 2b9bc9a..8c7a2a6 100644 (file)
--- a/configs/shibboleth.ini
+++ b/configs/shibboleth.ini
@@ -4,6 +4,7 @@ schemadir=/opt/shibboleth/etc/shibboleth/
 
 sitesFile=http://wayf.internet2.edu/shibboleth/sites.xml
 #sitesFile=file:///mit/shibboleth/src/shibboleth/java/webApplication/sites.xml
+#sitesCertFile=/opt/shibboleth/etc/shibboleth/sitesCert.pem
 
 # SERVER CONFIGURATION
 

diff --git a/shib-target/shib-config.cpp b/shib-target/shib-config.cpp
index a559064..cd39d8e 100644 (file)
--- a/shib-target/shib-config.cpp
+++ b/shib-target/shib-config.cpp
@@ -63,53 +63,6 @@ ShibTargetConfig& ShibTargetConfig::init(const char* app_name, const char* inifi
 
 
 /****************************************************************************/
-// Mapper
-
-class DummyMapper : public IOriginSiteMapper
-{
-public:
-    DummyMapper();
-    ~DummyMapper();
-    virtual Iterator<xstring> getHandleServiceNames(const XMLCh* originSite) { return Iterator<xstring>(m_hsnames); }
-    virtual Key* getHandleServiceKey(const XMLCh* handleService) { return NULL; }
-    virtual Iterator<xstring> getSecurityDomains(const XMLCh* originSite);
-    virtual const char* getTrustedRoots() { return SAMLConfig::getConfig().ssl_calist.c_str(); }
-
-private:
-    typedef map<xstring,vector<xstring>*> domains_t;
-    domains_t m_domains;
-    vector<xstring> m_hsnames;
-};
-
-DummyMapper::DummyMapper()
-{
-    auto_ptr<XMLCh> buf(XMLString::transcode("wayf.internet2.edu"));
-    m_hsnames.push_back(buf.get());
-}
-
-Iterator<xstring> DummyMapper::getSecurityDomains(const XMLCh* originSite)
-{
-    domains_t::iterator i=m_domains.find(originSite);
-    if (i==m_domains.end())
-    {
-        vector<xstring>* pv=new vector<xstring>();
-        pv->push_back(originSite);
-        pair<domains_t::iterator,bool> p=m_domains.insert(domains_t::value_type(originSite,pv));
-       i=p.first;
-    }
-    return Iterator<xstring>(*(i->second));
-}
-
-DummyMapper::~DummyMapper()
-{
-    for (domains_t::iterator i=m_domains.begin(); i!=m_domains.end(); i++)
-        delete i->second;
-}
-
-
-
-
-/****************************************************************************/
 // STConfig
 
 STConfig::STConfig(const char* app_name, const char* inifile)
@@ -160,7 +113,19 @@ STConfig::STConfig(const char* app_name, const char* inifile)
     throw runtime_error ("No Sites File found in configuration");
   }
 
-  shibConf.origin_mapper = new XMLOriginSiteMapper(tag.c_str(),samlConf.ssl_calist.c_str());
+  string sitesFile = tag;
+  X509Certificate* verifyKey = NULL;
+
+  if (ini->get_tag (app, SHIBTARGET_TAG_SITESCERT, true, &tag)) {
+    verifyKey = new X509Certificate (X509Certificate::PEM, tag.c_str());
+  }
+
+  shibConf.origin_mapper = new XMLOriginSiteMapper(sitesFile.c_str(),
+                                                  samlConf.ssl_calist.c_str(),
+                                                  verifyKey);
+
+  if (verifyKey)
+    delete verifyKey;
   
   if (!shibConf.init()) {
     log.error ("Failed to initialize Shib library");

diff --git a/shib-target/shib-target.h b/shib-target/shib-target.h
index f53476b..ff93941 100644 (file)
--- a/shib-target/shib-target.h
+++ b/shib-target/shib-target.h
@@ -91,6 +91,7 @@ void shib_sock_close (ShibSocket s, ShibSockName name);
 #define SHIBTARGET_TAG_CALIST  "calist"
 
 #define SHIBTARGET_TAG_SITES   "sitesFile"
+#define SHIBTARGET_TAG_SITESCERT "sitesCertFile"
 
 /* initialize and finalize the target library (return 0 on success, 1 on failure) */
 int shib_target_initialize (const char* application, const char* ini_file);