2 * Copyright 2010-2011 JANET(UK)
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
8 * http://www.apache.org/licenses/LICENSE-2.0
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
18 * @file shibresolver/resolver.h
20 * An embeddable component interface to Shibboleth SP attribute processing.
23 #ifndef __shibresolver_h__
24 #define __shibresolver_h__
26 #include <shibresolver/base.h>
28 #include <shibsp/RequestMapper.h>
29 #include <shibsp/SPConfig.h>
34 #ifdef SHIBRESOLVER_HAVE_GSSGNU
36 #elif defined SHIBRESOLVER_HAVE_GSSMIT
37 # include <gssapi/gssapi.h>
38 # include <gssapi/gssapi_generic.h>
43 namespace xmltooling {
44 class XMLTOOL_API XMLObject;
48 class SHIBSP_API Attribute;
49 class SHIBSP_API SPRequest;
52 namespace shibresolver {
54 #if defined (_MSC_VER)
55 #pragma warning( push )
56 #pragma warning( disable : 4250 4251 )
60 * An embeddable component interface to Shibboleth SP attribute processing.
62 class SHIBRESOLVER_API ShibbolethResolver
64 MAKE_NONCOPYABLE(ShibbolethResolver);
68 virtual ~ShibbolethResolver();
71 * Sets the calling service request, making the Shibboleth SP responsible for
72 * mapping the service to an Application instance.
74 * @param request identifies the service request performing attribute resolution
76 void setRequest(const shibsp::SPRequest* request);
79 * Sets the application ID to use for resolution, bypassing the mapping
80 * function of the Shibboleth SP.
82 * @param appID identifies an application in the SP configuration
84 void setApplicationID(const char* appID);
87 * Sets the identity issuer to use for resolution.
89 * @param issuer entityID of the identity "source", if known
91 void setIssuer(const char* issuer);
94 * Adds an XML token as input to the resolver, generally a SAML assertion.
95 * <p>The caller retains ownership of the object.
97 * @param token an input token to evaluate
99 void addToken(const xmltooling::XMLObject* token);
101 #ifdef SHIBRESOLVER_HAVE_GSSAPI
103 * Adds a GSS-API security context as input to the resolver.
104 * <p>The caller loses ownership of the context.
106 * @param ctx an input context to evaluate
108 void addToken(gss_ctx_id_t* ctx);
111 * Adds a GSS-API exported security context as input to
113 * <p>The caller retains ownership of the buffer.
115 * @param ctx an input exported security context to evaluate
117 void addToken(gss_buffer_t token);
121 * Adds an Attribute as input to the resolver.
122 * <p>The caller retains ownership of the object.
124 * @param attr an input Attribute
126 void addAttribute(shibsp::Attribute* attr);
129 * Resolves Attributes and attaches them to the resolver object.
130 * <p>The caller is responsible for transferring any Attributes it wishes to
131 * retain out of the resolver.
133 virtual void resolve();
136 * Returns a modifiable array of resolved Attribute objects.
137 * <p>The caller may take ownership of any or all by removing them
140 * @return array of resolved Attributes
142 std::vector<shibsp::Attribute*>& getResolvedAttributes();
145 * Returns mapped PropertySet and AccessControl objects, if any.
147 * @return mapped PropertySet/AccesssControl pair
149 shibsp::RequestMapper::Settings getSettings() const;
152 * Initializes SP runtime objects based on an XML configuration string or a configuration pathname.
153 * <p>Each process using the library MUST call this function exactly once before using any library classes.
155 * @param features bitmask of SP components to enable
156 * @param config a snippet of XML to parse (it <strong>MUST</strong> contain a type attribute) or a pathname
157 * @param rethrow true iff caught exceptions should be rethrown instead of just returning a true/false result
158 * @return true iff initialization was successful
162 unsigned long features = (shibsp::SPConfig::Listener|shibsp::SPConfig::InProcess),
164 unsigned long features = shibsp::SPConfig::OutOfProcess,
166 const char* config = NULL,
171 * Shuts down runtime.
173 * Each process using the library SHOULD call this function exactly once before terminating itself.
178 * Returns a ShibbolethResolver instance.
180 * @return a ShibbolethResolver instance, must be freed by the caller.
182 static ShibbolethResolver* create();
185 /** Service request. */
186 const shibsp::SPRequest* m_request;
188 /** Application ID. */
191 /** Source of identity, if known. */
192 std::string m_issuer;
195 std::vector<const xmltooling::XMLObject*> m_tokens;
197 /** Input attributes. */
198 std::vector<shibsp::Attribute*> m_inputAttributes;
201 shibsp::ServiceProvider* m_sp;
202 #ifdef SHIBRESOLVER_HAVE_GSSAPI
203 xmltooling::XMLObject* m_gsswrapper;
205 std::vector<shibsp::Attribute*> m_resolvedAttributes;
208 #if defined (_MSC_VER)
209 #pragma warning( pop )
214 #endif /* __shibresolver_h__ */