#include "binding/SOAPClient.h"\r
#include "util/SPConstants.h"\r
\r
-\r
-#include <log4cpp/Category.hh>\r
#include <saml/binding/SecurityPolicy.h>\r
#include <saml/saml1/binding/SAML1SOAPClient.h>\r
#include <saml/saml1/core/Assertions.h>\r
class SimpleResolverImpl\r
{\r
public:\r
- SimpleResolverImpl(const DOMElement* e);\r
+ SimpleResolverImpl(const DOMElement* e, Category& log);\r
~SimpleResolverImpl() {\r
for_each(m_decoderMap.begin(), m_decoderMap.end(), cleanup_pair<string,AttributeDecoder>());\r
if (m_document)\r
void populateQuery(saml1p::AttributeQuery& query, const string& id) const;\r
void populateQuery(saml2p::AttributeQuery& query, const string& id) const;\r
\r
+ Category& m_log;\r
DOMDocument* m_document;\r
map<string,AttributeDecoder*> m_decoderMap;\r
#ifdef HAVE_GOOD_STL\r
class SimpleResolver : public AttributeResolver, public ReloadableXMLFile\r
{\r
public:\r
- SimpleResolver(const DOMElement* e) : ReloadableXMLFile(e), m_impl(NULL) {\r
+ SimpleResolver(const DOMElement* e) : ReloadableXMLFile(e, Category::getInstance(SHIBSP_LOGCAT".AttributeResolver")), m_impl(NULL) {\r
load();\r
}\r
~SimpleResolver() {\r
static const XMLCh _type[] = UNICODE_LITERAL_4(t,y,p,e);\r
};\r
\r
-SimpleResolverImpl::SimpleResolverImpl(const DOMElement* e) : m_document(NULL), m_allowQuery(true)\r
+SimpleResolverImpl::SimpleResolverImpl(const DOMElement* e, Category& log) : m_log(log), m_document(NULL), m_allowQuery(true)\r
{\r
#ifdef _DEBUG\r
xmltooling::NDC ndc("SimpleResolverImpl");\r
#endif\r
- Category& log=Category::getInstance(SHIBSP_LOGCAT".AttributeResolver");\r
\r
if (!XMLHelper::isNodeNamed(e, SIMPLE_NS, _AttributeResolver))\r
throw ConfigurationException("Simple resolver requires resolver:AttributeResolver at root of configuration.");\r
\r
const XMLCh* flag = e->getAttributeNS(NULL,allowQuery);\r
if (flag && (*flag==chLatin_f || *flag==chDigit_0)) {\r
- log.info("SAML attribute queries disabled");\r
+ m_log.info("SAML attribute queries disabled");\r
m_allowQuery = false;\r
}\r
\r
auto_ptr_char id(child->getAttributeNS(NULL, _id));\r
auto_ptr_char type(child->getAttributeNS(NULL, _type));\r
try {\r
- log.info("building AttributeDecoder (%s) of type %s", id.get(), type.get());\r
+ m_log.info("building AttributeDecoder (%s) of type %s", id.get(), type.get());\r
m_decoderMap[id.get()] = SPConfig::getConfig().AttributeDecoderManager.newPlugin(type.get(), child);\r
}\r
catch (exception& ex) {\r
- log.error("error building AttributeDecoder (%s): %s", id.get(), ex.what());\r
+ m_log.error("error building AttributeDecoder (%s): %s", id.get(), ex.what());\r
}\r
child = XMLHelper::getNextSiblingElement(child, SIMPLE_NS, _AttributeDecoder);\r
}\r
// Check for missing Name.\r
const XMLCh* name = child->getAttributeNS(NULL, saml2::Attribute::NAME_ATTRIB_NAME);\r
if (!name || !*name) {\r
- log.warn("skipping saml:Attribute declared with no Name");\r
+ m_log.warn("skipping saml:Attribute declared with no Name");\r
child = XMLHelper::getNextSiblingElement(child, samlconstants::SAML20_NS, saml2::Attribute::LOCAL_NAME);\r
continue;\r
}\r
auto_ptr_char id(child->getAttributeNS(NULL, saml2::Attribute::FRIENDLYNAME_ATTRIB_NAME));\r
auto_ptr_char d(child->getAttributeNS(SIMPLE_NS, decoderId));\r
if (!id.get() || !*id.get() || !d.get() || !*d.get() || !(decoder=m_decoderMap[d.get()])) {\r
- log.warn("skipping saml:Attribute declared with no FriendlyName or resolvable AttributeDecoder");\r
+ m_log.warn("skipping saml:Attribute declared with no FriendlyName or resolvable AttributeDecoder");\r
child = XMLHelper::getNextSiblingElement(child, samlconstants::SAML20_NS, saml2::Attribute::LOCAL_NAME);\r
continue;\r
}\r
pair<const AttributeDecoder*,string>& decl = m_attrMap[make_pair(n.get(),f.get())];\r
#endif\r
if (decl.first) {\r
- log.warn("skipping duplicate saml:Attribute declaration (same Name and NameFormat)");\r
+ m_log.warn("skipping duplicate saml:Attribute declaration (same Name and NameFormat)");\r
child = XMLHelper::getNextSiblingElement(child, samlconstants::SAML20_NS, saml2::Attribute::LOCAL_NAME);\r
continue;\r
}\r
\r
- if (log.isInfoEnabled()) {\r
+ if (m_log.isInfoEnabled()) {\r
#ifdef HAVE_GOOD_STL\r
auto_ptr_char n(name);\r
auto_ptr_char f(format);\r
#endif\r
- log.info("creating declaration for Attribute %s%s%s", n.get(), *f.get() ? ", Format/Namespace:" : "", f.get());\r
+ m_log.info("creating declaration for Attribute %s%s%s", n.get(), *f.get() ? ", Format/Namespace:" : "", f.get());\r
}\r
\r
decl.first = decoder;\r
#ifdef _DEBUG\r
xmltooling::NDC ndc("query");\r
#endif\r
- Category& log=Category::getInstance(SHIBSP_LOGCAT".AttributeResolver");\r
\r
const EntityDescriptor* entity = ctx.getEntityDescriptor();\r
if (!entity) {\r
- log.debug("no issuer information available, skipping query");\r
+ m_log.debug("no issuer information available, skipping query");\r
return;\r
}\r
\r
version = 0;\r
}\r
if (!AA) {\r
- log.info("no SAML 1.x AttributeAuthority role found in metadata");\r
+ m_log.info("no SAML 1.x AttributeAuthority role found in metadata");\r
return;\r
}\r
\r
response = client.receiveSAML();\r
}\r
catch (exception& ex) {\r
- log.error("exception making SAML query: %s", ex.what());\r
+ m_log.error("exception making SAML query: %s", ex.what());\r
soaper.reset();\r
}\r
}\r
\r
if (!response) {\r
- log.error("unable to successfully query for attributes");\r
+ m_log.error("unable to successfully query for attributes");\r
return;\r
}\r
\r
const vector<saml1::Assertion*>& assertions = const_cast<const saml1p::Response*>(response)->getAssertions();\r
if (assertions.size()>1)\r
- log.warn("simple resolver only supports one assertion in the query response");\r
+ m_log.warn("simple resolver only supports one assertion in the query response");\r
\r
auto_ptr<saml1p::Response> wrapper(response);\r
saml1::Assertion* newtoken = assertions.front();\r
\r
if (!newtoken->getSignature() && signedAssertions.first && signedAssertions.second) {\r
- log.error("assertion unsigned, rejecting it based on signedAssertions policy");\r
+ m_log.error("assertion unsigned, rejecting it based on signedAssertions policy");\r
return;\r
}\r
\r
tokval.validateAssertion(*newtoken);\r
}\r
catch (exception& ex) {\r
- log.error("assertion failed policy/validation: %s", ex.what());\r
+ m_log.error("assertion failed policy/validation: %s", ex.what());\r
}\r
newtoken->detach();\r
wrapper.release();\r
#ifdef _DEBUG\r
xmltooling::NDC ndc("query");\r
#endif\r
- Category& log=Category::getInstance(SHIBSP_LOGCAT".AttributeResolver");\r
\r
const EntityDescriptor* entity = ctx.getEntityDescriptor();\r
if (!entity) {\r
- log.debug("no issuer information available, skipping query");\r
+ m_log.debug("no issuer information available, skipping query");\r
return;\r
}\r
const AttributeAuthorityDescriptor* AA = entity->getAttributeAuthorityDescriptor(samlconstants::SAML20P_NS);\r
if (!AA) {\r
- log.info("no SAML 2 AttributeAuthority role found in metadata");\r
+ m_log.info("no SAML 2 AttributeAuthority role found in metadata");\r
return;\r
}\r
\r
srt = client.receiveSAML();\r
}\r
catch (exception& ex) {\r
- log.error("exception making SAML query: %s", ex.what());\r
+ m_log.error("exception making SAML query: %s", ex.what());\r
soaper.reset();\r
}\r
}\r
\r
if (!srt) {\r
- log.error("unable to successfully query for attributes");\r
+ m_log.error("unable to successfully query for attributes");\r
return;\r
}\r
saml2p::Response* response = dynamic_cast<saml2p::Response*>(srt);\r
if (!response) {\r
delete srt;\r
- log.error("message was not a samlp:Response");\r
+ m_log.error("message was not a samlp:Response");\r
return;\r
}\r
\r
const vector<saml2::Assertion*>& assertions = const_cast<const saml2p::Response*>(response)->getAssertions();\r
if (assertions.size()>1)\r
- log.warn("simple resolver only supports one assertion in the query response");\r
+ m_log.warn("simple resolver only supports one assertion in the query response");\r
\r
auto_ptr<saml2p::Response> wrapper(response);\r
saml2::Assertion* newtoken = assertions.front();\r
\r
if (!newtoken->getSignature() && signedAssertions.first && signedAssertions.second) {\r
- log.error("assertion unsigned, rejecting it based on signedAssertions policy");\r
+ m_log.error("assertion unsigned, rejecting it based on signedAssertions policy");\r
return;\r
}\r
\r
tokval.validateAssertion(*newtoken);\r
}\r
catch (exception& ex) {\r
- log.error("assertion failed policy/validation: %s", ex.what());\r
+ m_log.error("assertion failed policy/validation: %s", ex.what());\r
}\r
newtoken->detach();\r
wrapper.release();\r
#ifdef _DEBUG\r
xmltooling::NDC ndc("resolveAttributes");\r
#endif\r
- Category& log=Category::getInstance(SHIBSP_LOGCAT".AttributeResolver");\r
\r
- log.debug("examining tokens to resolve");\r
+ m_log.debug("examining tokens to resolve");\r
\r
bool query = m_impl->m_allowQuery;\r
const saml1::Assertion* token1;\r
for (vector<const opensaml::Assertion*>::const_iterator t = ctx.getTokens()->begin(); t!=ctx.getTokens()->end(); ++t) {\r
token2 = dynamic_cast<const saml2::Assertion*>(*t);\r
if (token2 && !token2->getAttributeStatements().empty()) {\r
- log.debug("resolving SAML 2 token with an AttributeStatement");\r
+ m_log.debug("resolving SAML 2 token with an AttributeStatement");\r
m_impl->resolve(ctx, token2, attributes);\r
query = false;\r
}\r
else {\r
token1 = dynamic_cast<const saml1::Assertion*>(*t);\r
if (token1 && !token1->getAttributeStatements().empty()) {\r
- log.debug("resolving SAML 1 token with an AttributeStatement");\r
+ m_log.debug("resolving SAML 1 token with an AttributeStatement");\r
m_impl->resolve(ctx, token1, attributes);\r
query = false;\r
}\r
if (token1 && !token1->getAuthenticationStatements().empty()) {\r
const AuthenticationStatement* statement = token1->getAuthenticationStatements().front();\r
if (statement && statement->getSubject() && statement->getSubject()->getNameIdentifier()) {\r
- log.debug("attempting SAML 1.x attribute query");\r
+ m_log.debug("attempting SAML 1.x attribute query");\r
return m_impl->query(ctx, *(statement->getSubject()->getNameIdentifier()), attributes);\r
}\r
}\r
else if (token2 && ctx.getNameID()) {\r
- log.debug("attempting SAML 2.0 attribute query");\r
+ m_log.debug("attempting SAML 2.0 attribute query");\r
return m_impl->query(ctx, *ctx.getNameID(), attributes);\r
}\r
- log.warn("can't attempt attribute query, no identifier in assertion subject");\r
+ m_log.warn("can't attempt attribute query, no identifier in assertion subject");\r
}\r
}\r
\r
// If we own it, wrap it.\r
XercesJanitor<DOMDocument> docjanitor(raw.first ? raw.second->getOwnerDocument() : NULL);\r
\r
- SimpleResolverImpl* impl = new SimpleResolverImpl(raw.second);\r
+ SimpleResolverImpl* impl = new SimpleResolverImpl(raw.second, m_log);\r
\r
// If we held the document, transfer it to the impl. If we didn't, it's a no-op.\r
impl->setDocument(docjanitor.release());\r