2 * Licensed to the University Corporation for Advanced Internet
3 * Development, Inc. (UCAID) under one or more contributor license
4 * agreements. See the NOTICE file distributed with this work for
5 * additional information regarding copyright ownership.
7 * UCAID licenses this file to you under the Apache License,
8 * Version 2.0 (the "License"); you may not use this file except
9 * in compliance with the License. You may obtain a copy of the
12 * http://www.apache.org/licenses/LICENSE-2.0
14 * Unless required by applicable law or agreed to in writing,
15 * software distributed under the License is distributed on an
16 * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND,
17 * either express or implied. See the License for the specific
18 * language governing permissions and limitations under the License.
24 * Library configuration.
29 #if defined(XMLTOOLING_LOG4SHIB)
30 # ifndef OPENSAML_LOG4SHIB
31 # error "Logging library mismatch (XMLTooling is using log4shib)."
33 #elif defined(XMLTOOLING_LOG4CPP)
34 # ifndef OPENSAML_LOG4CPP
35 # error "Logging library mismatch (XMLTooling is using log4cpp)."
38 # error "No supported logging library."
41 #include "exceptions.h"
42 #include "SAMLConfig.h"
43 #include "binding/ArtifactMap.h"
44 #include "binding/MessageDecoder.h"
45 #include "binding/MessageEncoder.h"
46 #include "binding/SAMLArtifact.h"
47 #include "binding/SecurityPolicyRule.h"
48 #include "saml1/core/Assertions.h"
49 #include "saml1/core/Protocols.h"
50 #include "saml2/core/Protocols.h"
51 #include "saml2/metadata/EntityMatcher.h"
52 #include "saml2/metadata/Metadata.h"
53 #include "saml2/metadata/MetadataFilter.h"
54 #include "saml2/metadata/MetadataProvider.h"
55 #include "util/SAMLConstants.h"
57 #include <xmltooling/logging.h>
58 #include <xmltooling/XMLToolingConfig.h>
59 #include <xmltooling/security/SecurityHelper.h>
60 #include <xmltooling/signature/Signature.h>
61 #include <xmltooling/util/NDC.h>
62 #include <xmltooling/util/PathResolver.h>
63 #include <xmltooling/util/Threads.h>
65 #include <boost/lambda/bind.hpp>
66 #include <boost/lambda/casts.hpp>
67 #include <boost/lambda/lambda.hpp>
69 #include <xsec/enc/XSECCryptoException.hpp>
70 #include <xsec/enc/XSECCryptoProvider.hpp>
71 #include <xsec/utils/XSECPlatformUtils.hpp>
72 #include <xercesc/util/XMLStringTokenizer.hpp>
74 using namespace opensaml;
75 using namespace xmlsignature;
76 using namespace xmltooling::logging;
77 using namespace xmltooling;
78 using namespace boost::lambda;
79 using namespace boost;
82 // Expose entry points when used as an extension library
84 extern "C" int SAML_API xmltooling_extension_init(void*)
86 if (SAMLConfig::getConfig().init(false))
91 extern "C" void SAML_API xmltooling_extension_term()
93 SAMLConfig::getConfig().term(false);
96 DECL_XMLTOOLING_EXCEPTION_FACTORY(ArtifactException,opensaml);
97 DECL_XMLTOOLING_EXCEPTION_FACTORY(SecurityPolicyException,opensaml);
98 DECL_XMLTOOLING_EXCEPTION_FACTORY(MetadataException,opensaml::saml2md);
99 DECL_XMLTOOLING_EXCEPTION_FACTORY(MetadataFilterException,opensaml::saml2md);
100 DECL_XMLTOOLING_EXCEPTION_FACTORY(BindingException,opensaml);
101 DECL_XMLTOOLING_EXCEPTION_FACTORY(ProfileException,opensaml);
102 DECL_XMLTOOLING_EXCEPTION_FACTORY(FatalProfileException,opensaml);
103 DECL_XMLTOOLING_EXCEPTION_FACTORY(RetryableProfileException,opensaml);
106 SAMLInternalConfig g_config;
109 SAMLConfig& SAMLConfig::getConfig()
114 SAMLInternalConfig& SAMLInternalConfig::getInternalConfig()
119 SAMLConfig::SAMLConfig() : m_artifactMap(nullptr)
123 SAMLConfig::~SAMLConfig()
125 delete m_artifactMap;
128 ArtifactMap* SAMLConfig::getArtifactMap() const
130 return m_artifactMap;
133 void SAMLConfig::setArtifactMap(ArtifactMap* artifactMap)
135 delete m_artifactMap;
136 m_artifactMap = artifactMap;
139 SAMLInternalConfig::SAMLInternalConfig() : m_initCount(0), m_lock(Mutex::create())
143 SAMLInternalConfig::~SAMLInternalConfig()
147 bool SAMLInternalConfig::init(bool initXMLTooling)
150 xmltooling::NDC ndc("init");
152 Category& log=Category::getInstance(SAML_LOGCAT ".Config");
154 Lock initLock(m_lock);
156 if (m_initCount == INT_MAX) {
157 log.crit("library initialized too many times");
161 if (m_initCount >= 1) {
166 log.debug("library initialization started");
168 if (initXMLTooling && !XMLToolingConfig::getConfig().init()) {
172 XMLToolingConfig::getConfig().getPathResolver()->setDefaultPackageName("opensaml");
174 REGISTER_XMLTOOLING_EXCEPTION_FACTORY(ArtifactException,opensaml);
175 REGISTER_XMLTOOLING_EXCEPTION_FACTORY(SecurityPolicyException,opensaml);
176 REGISTER_XMLTOOLING_EXCEPTION_FACTORY(MetadataException,opensaml::saml2md);
177 REGISTER_XMLTOOLING_EXCEPTION_FACTORY(MetadataFilterException,opensaml::saml2md);
178 REGISTER_XMLTOOLING_EXCEPTION_FACTORY(BindingException,opensaml);
179 REGISTER_XMLTOOLING_EXCEPTION_FACTORY(ProfileException,opensaml);
180 REGISTER_XMLTOOLING_EXCEPTION_FACTORY(FatalProfileException,opensaml);
181 REGISTER_XMLTOOLING_EXCEPTION_FACTORY(RetryableProfileException,opensaml);
183 saml1::registerAssertionClasses();
184 saml1p::registerProtocolClasses();
185 saml2::registerAssertionClasses();
186 saml2p::registerProtocolClasses();
187 saml2md::registerMetadataClasses();
188 saml2md::registerMetadataProviders();
189 saml2md::registerMetadataFilters();
190 saml2md::registerEntityMatchers();
191 registerSAMLArtifacts();
192 registerMessageEncoders();
193 registerMessageDecoders();
194 registerSecurityPolicyRules();
196 m_contactPriority.push_back(saml2md::ContactPerson::CONTACT_SUPPORT);
197 m_contactPriority.push_back(saml2md::ContactPerson::CONTACT_TECHNICAL);
199 log.info("%s library initialization complete", PACKAGE_STRING);
204 void SAMLInternalConfig::term(bool termXMLTooling)
207 xmltooling::NDC ndc("term");
210 Lock initLock(m_lock);
211 if (m_initCount == 0) {
212 Category::getInstance(SAML_LOGCAT ".Config").crit("term without corresponding init");
215 else if (--m_initCount > 0) {
219 MessageDecoderManager.deregisterFactories();
220 MessageEncoderManager.deregisterFactories();
221 SecurityPolicyRuleManager.deregisterFactories();
222 SAMLArtifactManager.deregisterFactories();
223 EntityMatcherManager.deregisterFactories();
224 MetadataFilterManager.deregisterFactories();
225 MetadataProviderManager.deregisterFactories();
227 delete m_artifactMap;
228 m_artifactMap = nullptr;
231 XMLToolingConfig::getConfig().term();
233 Category::getInstance(SAML_LOGCAT ".Config").info("%s library shutdown complete", PACKAGE_STRING);
236 void SAMLInternalConfig::generateRandomBytes(void* buf, unsigned int len)
239 if (XSECPlatformUtils::g_cryptoProvider->getRandom(reinterpret_cast<unsigned char*>(buf),len)<len)
240 throw XMLSecurityException("Unable to generate random data; was PRNG seeded?");
242 catch (XSECCryptoException& e) {
243 throw XMLSecurityException("Unable to generate random data: $1",params(1,e.getMsg()));
247 void SAMLInternalConfig::generateRandomBytes(std::string& buf, unsigned int len)
250 auto_arrayptr<unsigned char> hold(new unsigned char[len]);
251 generateRandomBytes(const_cast<unsigned char*>(hold.get()), len);
252 for (unsigned int i=0; i<len; i++)
253 buf+=(hold.get())[i];
256 XMLCh* SAMLInternalConfig::generateIdentifier()
258 unsigned char key[17];
259 generateRandomBytes(key,16);
262 sprintf(hexform,"_%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x",
263 key[0],key[1],key[2],key[3],key[4],key[5],key[6],key[7],
264 key[8],key[9],key[10],key[11],key[12],key[13],key[14],key[15]);
266 return XMLString::transcode(hexform);
269 string SAMLInternalConfig::hashSHA1(const char* s, bool toHex)
271 return SecurityHelper::doHash("SHA1", s, strlen(s), toHex);
274 void SAMLInternalConfig::setContactPriority(const XMLCh* contactTypes)
277 m_contactPriority.clear();
278 XMLStringTokenizer tokens(contactTypes);
279 while (tokens.hasMoreTokens()) {
280 ctype = tokens.nextToken();
282 m_contactPriority.push_back(ctype);
286 using namespace saml2md;
288 const ContactPerson* SAMLInternalConfig::getContactPerson(const EntityDescriptor& entity) const
290 for (vector<xstring>::const_iterator ctype = m_contactPriority.begin(); ctype != m_contactPriority.end(); ++ctype) {
291 const ContactPerson* cp = find_if(entity.getContactPersons(), *ctype == lambda::bind(&ContactPerson::getContactType, _1));
298 const ContactPerson* SAMLInternalConfig::getContactPerson(const RoleDescriptor& role) const
300 for (vector<xstring>::const_iterator ctype = m_contactPriority.begin(); ctype != m_contactPriority.end(); ++ctype) {
301 const ContactPerson* cp = find_if(role.getContactPersons(), *ctype == lambda::bind(&ContactPerson::getContactType, _1));
305 return getContactPerson(*(dynamic_cast<const EntityDescriptor*>(role.getParent())));
308 SignableObject::SignableObject()
312 SignableObject::~SignableObject()
316 RootObject::RootObject()
320 RootObject::~RootObject()
324 Assertion::Assertion()
328 Assertion::~Assertion()
340 void opensaml::annotateException(XMLToolingException* e, const EntityDescriptor* entity, const Status* status, bool rethrow)
342 time_t now = time(nullptr);
343 const RoleDescriptor* role = nullptr;
344 static bool (TimeBoundSAMLObject::* isValid)(time_t) const = &TimeBoundSAMLObject::isValid;
347 const XMLObject* r = find_if(
348 entity->getOrderedChildren(),
349 (ll_dynamic_cast<const RoleDescriptor*>(_1) != ((const RoleDescriptor*)nullptr) &&
350 lambda::bind(isValid, ll_dynamic_cast<const TimeBoundSAMLObject*>(_1), now))
353 role = dynamic_cast<const RoleDescriptor*>(r);
356 annotateException(e, role, status, rethrow);
359 void opensaml::annotateException(XMLToolingException* e, const RoleDescriptor* role, const Status* status, bool rethrow)
362 auto_ptr_char id(dynamic_cast<EntityDescriptor*>(role->getParent())->getEntityID());
363 e->addProperty("entityID",id.get());
365 const ContactPerson* cp = SAMLConfig::getConfig().getContactPerson(*role);
367 GivenName* fname = cp->getGivenName();
368 SurName* lname = cp->getSurName();
369 auto_ptr_char first(fname ? fname->getName() : nullptr);
370 auto_ptr_char last(lname ? lname->getName() : nullptr);
371 if (first.get() && last.get()) {
372 string contact=string(first.get()) + ' ' + last.get();
373 e->addProperty("contactName", contact.c_str());
375 else if (first.get())
376 e->addProperty("contactName", first.get());
378 e->addProperty("contactName", last.get());
379 const vector<EmailAddress*>& emails=cp->getEmailAddresss();
380 if (!emails.empty()) {
381 auto_ptr_char email(emails.front()->getAddress());
383 if (strstr(email.get(), "mailto:") == email.get()) {
384 e->addProperty("contactEmail", email.get());
387 string addr = string("mailto:") + email.get();
388 e->addProperty("contactEmail", addr.c_str());
394 auto_ptr_char eurl(role->getErrorURL());
396 e->addProperty("errorURL",eurl.get());
401 auto_ptr_char sc(status->getTopStatus());
402 if (sc.get() && *sc.get())
403 e->addProperty("statusCode", sc.get());
404 if (status->getSubStatus()) {
405 auto_ptr_char sc2(status->getSubStatus());
406 if (sc2.get() && *sc.get())
407 e->addProperty("statusCode2", sc2.get());
409 if (status->getMessage()) {
410 auto_ptr_char msg(status->getMessage());
411 if (msg.get() && *msg.get())
412 e->addProperty("statusMessage", msg.get());