From: Luke Howard <lukeh@padl.com>
Date: Mon, 20 Sep 2010 12:47:22 +0000 (+0200)
Subject: use shibresolver API properly
X-Git-Tag: vm/20110310~260
X-Git-Url: http://www.project-moonshot.org/gitweb/?p=mech_eap.orig;a=commitdiff_plain;h=d3586fddc2afb973dcc83daf1f3247e28b27abb4

use shibresolver API properly
---

diff --git a/Makefile.am b/Makefile.am
index 38face2..336354a 100644
--- a/Makefile.am
+++ b/Makefile.am
@@ -9,11 +9,11 @@ libmech_eap_la_CFLAGS   = -g -Wall -fno-strict-aliasing \
 			  @EAP_CFLAGS@ @KRB5_CFLAGS@ @TARGET_CFLAGS@
 libmech_eap_la_CXXFLAGS = -g -Wall \
 			  @EAP_CFLAGS@ @KRB5_CFLAGS@ @SHIBSP_CXXFLAGS@ \
-			  @TARGET_CFLAGS@
+			  @SHIBRESOLVER_CXXFLAGS@ @TARGET_CFLAGS@
 libmech_eap_la_LDFLAGS  = -export-symbols mech_eap.exports -version-info 0:0:0 \
 			  -no-undefined \
 			  @EAP_LDFLAGS@ @KRB5_LDFLAGS@ @TARGET_LDFLAGS@
-libmech_eap_la_LIBADD   = @EAP_LIBS@ @KRB5_LIBS@ @SHIBSP_LIBS@
+libmech_eap_la_LIBADD   = @EAP_LIBS@ @KRB5_LIBS@ @SHIBSP_LIBS@ @SHIBRESOLVER_LIBS@
 
 libmech_eap_la_SOURCES =    			\
 	accept_sec_context.c			\
diff --git a/acinclude.m4 b/acinclude.m4
index 31f19df..4e15e0e 100644
--- a/acinclude.m4
+++ b/acinclude.m4
@@ -141,3 +141,41 @@ else
 	AC_SUBST(SHIBSP_LIBS)
 fi
 ])dnl
+
+AC_DEFUN([AX_CHECK_SHIBRESOLVER],
+[AC_MSG_CHECKING(for Shibboleth resolver implementation)
+SHIBRESOLVER_DIR=
+found_shibresolver="no"
+AC_ARG_WITH(shibresolver,
+    AC_HELP_STRING([--with-shibresolver],
+       [Use Shibboleth resolver (in specified installation directory)]),
+    [check_shibresolver_dir="$withval"],
+    [check_shibresolver_dir=])
+for dir in $check_shibresolver_dir /usr /usr/local ; do
+   shibresolverdir="$dir"
+   if test -f "$dir/include/shibresolver/resolver.h"; then
+     found_shibresolver="yes";
+     SHIBRESOLVER_DIR="${shibresolverdir}"
+     SHIBRESOLVER_CXXFLAGS="-I$shibresolverdir/include";
+     break;
+   fi
+done
+AC_MSG_RESULT($found_shibresolver)
+if test x_$found_shibresolver != x_yes; then
+   AC_MSG_ERROR([
+----------------------------------------------------------------------
+  Cannot find Shibboleth resolver libraries.
+
+  Please install Shibboleth or specify installation directory with
+  --with-shibresolver=(dir).
+----------------------------------------------------------------------
+])
+else
+	printf "Shibboleth resolver found in $shibresolverdir\n";
+	SHIBRESOLVER_LIBS="-lshibresolver";
+	SHIBRESOLVER_LDFLAGS="-L$shibresolverdir/lib";
+	AC_SUBST(SHIBRESOLVER_CXXFLAGS)
+	AC_SUBST(SHIBRESOLVER_LDFLAGS)
+	AC_SUBST(SHIBRESOLVER_LIBS)
+fi
+])dnl
diff --git a/configure.ac b/configure.ac
index bdea2fb..9f95e44 100644
--- a/configure.ac
+++ b/configure.ac
@@ -31,5 +31,6 @@ AC_SUBST(TARGET_LDFLAGS)
 AX_CHECK_KRB5
 AX_CHECK_EAP
 AX_CHECK_SHIBSP
+AX_CHECK_SHIBRESOLVER
 AC_CONFIG_FILES([Makefile])
 AC_OUTPUT
diff --git a/resolver.h b/resolver.h
deleted file mode 100644
index 6f8ff46..0000000
--- a/resolver.h
+++ /dev/null
@@ -1,160 +0,0 @@
-/*
- *  Copyright 2010 Project Moonshot
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- *     http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-/**
- * @file shibresolver/resolver.h
- *
- * An embeddable component interface to Shibboleth SP attribute processing.
- */
-
-#ifndef __shibresolver_h__
-#define __shibresolver_h__
-
-#if 0
-#include <shibresolver/base.h>
-#else
-#define SHIBRESOLVER_API SHIBSP_API
-#endif
-
-#include <string>
-#include <vector>
-
-namespace xmltooling {
-    class XMLTOOL_API XMLObject;
-};
-
-namespace opensaml {
-    namespace saml2 {
-        class SAML_API Assertion;
-        class SAML_API NameID;
-    };
-};
-
-namespace shibsp {
-    class SHIBSP_API Attribute;
-};
-
-namespace shibresolver {
-
-#if defined (_MSC_VER)
-    #pragma warning( push )
-    #pragma warning( disable : 4250 4251 )
-#endif
-
-    /**
-     * An embeddable component interface to Shibboleth SP attribute processing.
-     */
-    class SHIBRESOLVER_API ShibbolethResolver
-    {
-        MAKE_NONCOPYABLE(ShibbolethResolver);
-    protected:
-        ShibbolethResolver() {}
-    public:
-        ~ShibbolethResolver() {}
-
-        /**
-         * Sets the application ID to use for resolution.
-         *
-         * @param appID identifies an application in the SP configuration
-         */
-        void setApplicationID(const char* appID) {}
-
-        /**
-         * Sets the identity issuer to use for resolution.
-         *
-         * @param issuer    entityID of the identity "source", if known
-         */
-        void setIssuer(const char* issuer) {}
-
-        /**
-         * Adds a SAML token as input to the resolver.
-         * <p>The caller retains ownership of the object.
-         *
-         * @param token an input token to evaluate
-         */
-        void addToken(
-#ifdef SHIBSP_LITE
-            const xmltooling::XMLObject* token
-#else
-            const opensaml::saml2::Assertion* token
-#endif
-            ) {}
-
-        /**
-         * Adds an Attribute as input to the resolver.
-         * <p>The caller retains ownership of the object, but it MAY be modified
-         * during the resolution process.
-         *
-         * @param attr  an input attribute
-         */
-        void addAttribute(shibsp::Attribute* attr) {}
-
-        /**
-         * Resolves attributes and returns them in the supplied array.
-         * <p>The caller is responsible for freeing them.
-         *
-         * @param attrs array to populate
-         */
-        void resolveAttributes(std::vector<shibsp::Attribute*>& attrs) {}
-
-        /**
-         * Initializes SP runtime objects based on an XML configuration string or a configuration pathname.
-         * <p>Each process using the library MUST call this function exactly once before using any library classes.
-         *
-         * @param config    a snippet of XML to parse (it <strong>MUST</strong> contain a type attribute) or a pathname
-         * @param rethrow   true iff caught exceptions should be rethrown instead of just returning the status
-         * @return true iff initialization was successful
-         */
-        static bool init(const char* config=NULL, bool rethrow=false) { return true; }
-
-        /**
-         * Shuts down runtime.
-         *
-         * Each process using the library SHOULD call this function exactly once before terminating itself.
-         */
-        static void term() {}
-
-        /**
-         * Returns a ShibbolethResolver instance.
-         *
-         * @return  a ShibbolethResolver instance, must be freed by the caller.
-         */
-        static ShibbolethResolver* create() { return new ShibbolethResolver(); }
-
-    protected:
-        /** Application ID. */
-        std::string m_appID;
-
-        /** Source of identity, if known. */
-        std::string m_issuer;
-
-        /** Input tokens. */
-#ifdef SHIBSP_LITE
-        std::vector<const xmltooling::XMLObject*> m_tokens;
-#else
-        std::vector<const opensaml::saml2::Assertion*> m_tokens;
-#endif
-        /** Input attributes. */
-        std::vector<shibsp::Attribute*> m_attributes;
-    };
-
-#if defined (_MSC_VER)
-    #pragma warning( pop )
-#endif
-
-};
-
-#endif /* __shibresolver_h__ */
diff --git a/util_shib.cpp b/util_shib.cpp
index 6b5bd74..94441c8 100644
--- a/util_shib.cpp
+++ b/util_shib.cpp
@@ -58,14 +58,7 @@
 #include <shibsp/metadata/MetadataProviderCriteria.h>
 #include <shibsp/util/SPConstants.h>
 
-#include <saml/saml1/core/Assertions.h>
-#include <saml/saml2/core/Assertions.h>
-#include <saml/saml2/metadata/Metadata.h>
-#include <xercesc/util/XMLUniDefs.hpp>
-#include <xmltooling/XMLToolingConfig.h>
-#include <xmltooling/util/XMLHelper.h>
-
-#include "resolver.h"
+#include <shibresolver/resolver.h>
 
 using namespace shibsp;
 using namespace shibresolver;
@@ -165,7 +158,7 @@ gss_eap_shib_attr_provider::initFromGssContext(const gss_eap_attr_ctx *manager,
     const gss_eap_saml_assertion_provider *saml;
     const gss_eap_radius_attr_provider *radius;
     gss_buffer_desc nameBuf = GSS_C_EMPTY_BUFFER;
-    ShibbolethResolver *resolver = NULL;
+    ShibbolethResolver *resolver;
     OM_uint32 minor;
 
     if (!gss_eap_attr_provider::initFromGssContext(manager, gssCred, gssCtx))
@@ -176,6 +169,8 @@ gss_eap_shib_attr_provider::initFromGssContext(const gss_eap_attr_ctx *manager,
     radius = static_cast<const gss_eap_radius_attr_provider *>
         (manager->getProvider(ATTR_TYPE_RADIUS));
 
+    resolver = ShibbolethResolver::create();
+
     if (gssCred != GSS_C_NO_CREDENTIAL &&
         gss_display_name(&minor, gssCred->name, &nameBuf, NULL) == GSS_S_COMPLETE)
         resolver->setApplicationID((const char *)nameBuf.value);
@@ -193,7 +188,10 @@ gss_eap_shib_attr_provider::initFromGssContext(const gss_eap_attr_ctx *manager,
             m_authenticated = saml->authenticated();
     }
 
-    resolver->resolveAttributes(m_attributes);
+    resolver->resolve();
+
+    m_attributes = resolver->getResolvedAttributes();
+    resolver->getResolvedAttributes().clear();
 
     gss_release_buffer(&minor, &nameBuf);
 
@@ -475,7 +473,7 @@ void
 gss_eap_shib_attr_provider::finalize(void)
 {
     gss_eap_attr_ctx::unregisterProvider(ATTR_TYPE_LOCAL);
-    ShibbolethResolver::term();
+//    ShibbolethResolver::term();
 }
 
 gss_eap_attr_provider *