2 * See the NOTICE file distributed with this work for information
3 * regarding copyright ownership. Licensed under the Apache License,
4 * Version 2.0 (the "License"); you may not use this file except in
5 * compliance with the License. You may obtain a copy of the License at
7 * http://www.apache.org/licenses/LICENSE-2.0
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
17 * @file shibresolver/resolver.h
19 * An embeddable component interface to Shibboleth SP attribute processing.
22 #ifndef __shibresolver_h__
23 #define __shibresolver_h__
25 #include <shibresolver/base.h>
27 #include <shibsp/RequestMapper.h>
28 #include <shibsp/SPConfig.h>
33 #ifdef SHIBRESOLVER_HAVE_GSSGNU
35 #elif defined SHIBRESOLVER_HAVE_GSSMIT
36 # include <gssapi/gssapi.h>
37 # include <gssapi/gssapi_generic.h>
42 namespace xmltooling {
43 class XMLTOOL_API XMLObject;
47 class SHIBSP_API Attribute;
48 class SHIBSP_API SPRequest;
51 namespace shibresolver {
53 #if defined (_MSC_VER)
54 #pragma warning( push )
55 #pragma warning( disable : 4250 4251 )
59 * An embeddable component interface to Shibboleth SP attribute processing.
61 class SHIBRESOLVER_API ShibbolethResolver
63 MAKE_NONCOPYABLE(ShibbolethResolver);
67 virtual ~ShibbolethResolver();
70 * Sets the calling service request, making the Shibboleth SP responsible for
71 * mapping the service to an Application instance.
73 * @param request identifies the service request performing attribute resolution
75 void setRequest(const shibsp::SPRequest* request);
78 * Sets the application ID to use for resolution, bypassing the mapping
79 * function of the Shibboleth SP.
81 * @param appID identifies an application in the SP configuration
83 void setApplicationID(const char* appID);
86 * Sets the identity issuer to use for resolution.
88 * @param issuer entityID of the identity "source", if known
90 void setIssuer(const char* issuer);
93 * Adds an XML token as input to the resolver, generally a SAML assertion.
94 * <p>The caller retains ownership of the object.
96 * @param token an input token to evaluate
98 void addToken(const xmltooling::XMLObject* token);
100 #ifdef SHIBRESOLVER_HAVE_GSSAPI
102 * Adds a GSS-API exported mechanism name as input to
104 * <p>The caller retains ownership of the buffer.
106 * @param ctx an input exported mechanism name to evaluate
108 void addToken(const gss_buffer_t name);
110 # ifdef SHIBRESOLVER_HAVE_GSSAPI_NAMINGEXTS
112 * Adds a GSS-API mechanism name as input to the resolver.
113 * <p>The caller retains ownership of the name.
115 * @param name an input mechanism name to evaluate
117 void addToken(gss_name_t name);
121 * Adds a GSS-API security context as input to the resolver.
122 * <p>The caller loses ownership of the context.
124 * @param ctx an input context to evaluate
126 void addToken(gss_ctx_id_t* ctx);
130 * Adds an Attribute as input to the resolver.
131 * <p>The caller retains ownership of the object.
133 * @param attr an input Attribute
135 void addAttribute(shibsp::Attribute* attr);
138 * Resolves Attributes and attaches them to the resolver object.
139 * <p>The caller is responsible for transferring any Attributes it wishes to
140 * retain out of the resolver.
142 virtual void resolve();
145 * Returns a modifiable array of resolved Attribute objects.
146 * <p>The caller may take ownership of any or all by removing them
149 * @return array of resolved Attributes
151 std::vector<shibsp::Attribute*>& getResolvedAttributes();
154 * Returns mapped PropertySet and AccessControl objects, if any.
156 * @return mapped PropertySet/AccesssControl pair
158 shibsp::RequestMapper::Settings getSettings() const;
161 * Initializes SP runtime objects based on an XML configuration string or a configuration pathname.
162 * <p>Each process using the library MUST call this function exactly once before using any library classes.
164 * @param features bitmask of SP components to enable
165 * @param config a snippet of XML to parse (it <strong>MUST</strong> contain a type attribute) or a pathname
166 * @param rethrow true iff caught exceptions should be rethrown instead of just returning a true/false result
167 * @return true iff initialization was successful
171 unsigned long features = (shibsp::SPConfig::Listener|shibsp::SPConfig::InProcess),
173 unsigned long features = shibsp::SPConfig::OutOfProcess,
175 const char* config = NULL,
180 * Shuts down runtime.
182 * Each process using the library SHOULD call this function exactly once before terminating itself.
187 * Returns a ShibbolethResolver instance.
189 * @return a ShibbolethResolver instance, must be freed by the caller.
191 static ShibbolethResolver* create();
194 /** Service request. */
195 const shibsp::SPRequest* m_request;
197 /** Application ID. */
200 /** Source of identity, if known. */
201 std::string m_issuer;
204 std::vector<const xmltooling::XMLObject*> m_tokens;
206 /** Input attributes. */
207 std::vector<shibsp::Attribute*> m_inputAttributes;
210 shibsp::ServiceProvider* m_sp;
211 #ifdef SHIBRESOLVER_HAVE_GSSAPI
212 xmltooling::XMLObject* m_gsswrapper;
214 std::vector<shibsp::Attribute*> m_resolvedAttributes;
217 #if defined (_MSC_VER)
218 #pragma warning( pop )
223 #endif /* __shibresolver_h__ */