-/*
- * Copyright 2001-2007 Internet2
+/**
+ * Licensed to the University Corporation for Advanced Internet
+ * Development, Inc. (UCAID) under one or more contributor license
+ * agreements. See the NOTICE file distributed with this work for
+ * additional information regarding copyright ownership.
*
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
+ * UCAID licenses this file to you under the Apache License,
+ * Version 2.0 (the "License"); you may not use this file except
+ * in compliance with the License. You may obtain a copy of the
+ * License at
*
- * http://www.apache.org/licenses/LICENSE-2.0
+ * http://www.apache.org/licenses/LICENSE-2.0
*
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND,
+ * either express or implied. See the License for the specific
+ * language governing permissions and limitations under the License.
*/
/**
* AssertionLookup.cpp
*
- * Handler for looking assertions in SessionCache
+ * Handler for looking up assertions in the SessionCache.
*/
#include "internal.h"
-#include "Application.h"
#include "exceptions.h"
+#include "Application.h"
#include "ServiceProvider.h"
#include "SessionCacheEx.h"
-#include "handler/AbstractHandler.h"
+#include "SPRequest.h"
#include "handler/RemotedHandler.h"
-#include "util/SPConstants.h"
+#include "handler/SecuredHandler.h"
+
+#include <boost/scoped_ptr.hpp>
+
+#ifndef SHIBSP_LITE
+# include <saml/exceptions.h>
+# include <saml/Assertion.h>
+# include <xmltooling/util/XMLHelper.h>
+using namespace opensaml;
+#endif
using namespace shibspconstants;
using namespace shibsp;
-using namespace opensaml;
using namespace xmltooling;
+using namespace boost;
using namespace std;
namespace shibsp {
#pragma warning( disable : 4250 )
#endif
- class SHIBSP_DLLLOCAL Blocker : public DOMNodeFilter
- {
- public:
- short acceptNode(const DOMNode* node) const {
- return FILTER_REJECT;
- }
- };
-
- static SHIBSP_DLLLOCAL Blocker g_Blocker;
-
- class SHIBSP_API AssertionLookup : public AbstractHandler, public RemotedHandler
+ class SHIBSP_API AssertionLookup : public SecuredHandler, public RemotedHandler
{
public:
AssertionLookup(const DOMElement* e, const char* appId);
private:
pair<bool,long> processMessage(const Application& application, HTTPRequest& httpRequest, HTTPResponse& httpResponse) const;
-
- set<string> m_acl;
};
#if defined (_MSC_VER)
};
AssertionLookup::AssertionLookup(const DOMElement* e, const char* appId)
- : AbstractHandler(e, Category::getInstance(SHIBSP_LOGCAT".AssertionLookup"), &g_Blocker)
+ : SecuredHandler(e, Category::getInstance(SHIBSP_LOGCAT ".AssertionLookup"), "exportACL", "127.0.0.1 ::1")
{
setAddress("run::AssertionLookup");
- if (SPConfig::getConfig().isEnabled(SPConfig::InProcess)) {
- pair<bool,const char*> acl = getString("exportACL");
- if (!acl.first) {
- m_acl.insert("127.0.0.1");
- return;
- }
- string aclbuf=acl.second;
- int j = 0;
- for (unsigned int i=0; i < aclbuf.length(); i++) {
- if (aclbuf.at(i)==' ') {
- m_acl.insert(aclbuf.substr(j, i-j));
- j = i+1;
- }
- }
- m_acl.insert(aclbuf.substr(j, aclbuf.length()-j));
- }
}
pair<bool,long> AssertionLookup::run(SPRequest& request, bool isHandler) const
{
- string relayState;
- SPConfig& conf = SPConfig::getConfig();
- if (conf.isEnabled(SPConfig::InProcess)) {
- if (m_acl.count(request.getRemoteAddr()) == 0) {
- m_log.error("request for assertion lookup blocked from invalid address (%s)", request.getRemoteAddr().c_str());
- istringstream msg("Assertion Lookup Blocked");
- return make_pair(true,request.sendResponse(msg, HTTPResponse::XMLTOOLING_HTTP_STATUS_FORBIDDEN));
- }
- }
+ // Check ACL in base class.
+ pair<bool,long> ret = SecuredHandler::run(request, isHandler);
+ if (ret.first)
+ return ret;
try {
- if (conf.isEnabled(SPConfig::OutOfProcess)) {
+ if (SPConfig::getConfig().isEnabled(SPConfig::OutOfProcess)) {
// When out of process, we run natively and directly process the message.
return processMessage(request.getApplication(), request, request);
}
return unwrap(request, out);
}
}
- catch (exception& ex) {
+ catch (std::exception& ex) {
m_log.error("error while processing request: %s", ex.what());
istringstream msg("Assertion Lookup Failed");
- return make_pair(true,request.sendResponse(msg, HTTPResponse::XMLTOOLING_HTTP_STATUS_ERROR));
+ return make_pair(true, request.sendResponse(msg, HTTPResponse::XMLTOOLING_HTTP_STATUS_ERROR));
}
}
void AssertionLookup::receive(DDF& in, ostream& out)
{
// Find application.
- const char* aid=in["application_id"].string();
- const Application* app=aid ? SPConfig::getConfig().getServiceProvider()->getApplication(aid) : NULL;
+ const char* aid = in["application_id"].string();
+ const Application* app = aid ? SPConfig::getConfig().getServiceProvider()->getApplication(aid) : nullptr;
if (!app) {
// Something's horribly wrong.
m_log.error("couldn't find application (%s) for assertion lookup", aid ? aid : "(missing)");
}
// Unpack the request.
- auto_ptr<HTTPRequest> req(getRequest(in));
+ scoped_ptr<HTTPRequest> req(getRequest(in));
//m_log.debug("found %d client certificates", req->getClientCertificates().size());
// Wrap a response shim.
- DDF ret(NULL);
+ DDF ret(nullptr);
DDFJanitor jout(ret);
- auto_ptr<HTTPResponse> resp(getResponse(ret));
+ scoped_ptr<HTTPResponse> resp(getResponse(ret));
// Since we're remoted, the result should either be a throw, a false/0 return,
// which we just return as an empty structure, or a response/redirect,
// which we capture in the facade and send back.
- processMessage(*app, *req.get(), *resp.get());
+ processMessage(*app, *req, *resp);
out << ret;
}
throw FatalProfileException("Session cache does not support assertion lookup.");
}
- // The cache will either silently pass a session or NULL back, or throw an exception out.
+ // The cache will either silently pass a session or nullptr back, or throw an exception out.
Session* session = cache->find(application, key);
if (!session) {
m_log.error("valid session (%s) not found for assertion lookup", key);
httpResponse.setContentType("application/samlassertion+xml");
return make_pair(true, httpResponse.sendResponse(s));
#else
- return make_pair(false,0L);
+ return make_pair(false, 0L);
#endif
}