#include "exceptions.h"\r
#include "ServiceProvider.h"\r
#include "SessionCache.h"\r
-#include "TransactionLog.h"\r
#include "attribute/Attribute.h"\r
#include "remoting/ListenerService.h"\r
#include "util/SPConstants.h"\r
\r
+#include <ctime>\r
#include <sstream>\r
#include <log4cpp/Category.hh>\r
#include <xmltooling/XMLToolingConfig.h>\r
+#include <xmltooling/util/DateTime.h>\r
#include <xmltooling/util/NDC.h>\r
#include <xmltooling/util/XMLHelper.h>\r
\r
using namespace shibsp;\r
-using namespace opensaml::saml2md;\r
-using namespace opensaml;\r
using namespace xmltooling;\r
using namespace log4cpp;\r
using namespace std;\r
{\r
public:\r
RemotedSession(RemotedCache* cache, DDF& obj) : m_version(obj["version"].integer()), m_obj(obj),\r
- m_nameid(NULL), m_expires(0), m_lastAccess(time(NULL)), m_cache(cache), m_lock(NULL) {\r
- const char* nameid = obj["nameid"].string();\r
- if (nameid) {\r
- // Parse and bind the NameID into an XMLObject.\r
- istringstream instr(nameid);\r
- DOMDocument* doc = XMLToolingConfig::getConfig().getParser().parse(instr); \r
- XercesJanitor<DOMDocument> janitor(doc);\r
- auto_ptr<saml2::NameID> n(saml2::NameIDBuilder::buildNameID());\r
- n->unmarshall(doc->getDocumentElement(), true);\r
- janitor.release();\r
- m_nameid = n.release();\r
- }\r
- \r
+ m_expires(0), m_lastAccess(time(NULL)), m_cache(cache), m_lock(NULL) {\r
auto_ptr_XMLCh exp(m_obj["expires"].string());\r
if (exp.get()) {\r
DateTime iso(exp.get());\r
~RemotedSession() {\r
delete m_lock;\r
m_obj.destroy();\r
- delete m_nameid;\r
for_each(m_attributes.begin(), m_attributes.end(), cleanup_pair<string,Attribute>());\r
- for_each(m_tokens.begin(), m_tokens.end(), cleanup_pair<string,Assertion>());\r
}\r
\r
Lockable* lock() {\r
const char* getAuthnInstant() const {\r
return m_obj["authn_instant"].string();\r
}\r
- const opensaml::saml2::NameID* getNameID() const {\r
- return m_nameid;\r
- }\r
const char* getSessionIndex() const {\r
return m_obj["session_index"].string();\r
}\r
return m_ids;\r
}\r
\r
- const Assertion* getAssertion(const char* id) const;\r
-\r
- void addAttributes(const vector<Attribute*>& attributes) {\r
- throw ConfigurationException("addAttributes method not implemented by this session cache plugin.");\r
- }\r
- void addAssertion(Assertion* assertion) {\r
- throw ConfigurationException("addAssertion method not implemented by this session cache plugin.");\r
- }\r
-\r
time_t expires() const { return m_expires; }\r
time_t lastAccess() const { return m_lastAccess; }\r
void validate(const Application& application, const char* client_addr, time_t timeout, bool local=true);\r
\r
int m_version;\r
mutable DDF m_obj;\r
- saml2::NameID* m_nameid;\r
mutable multimap<string,Attribute*> m_attributes;\r
mutable vector<const char*> m_ids;\r
- mutable map<string,Assertion*> m_tokens;\r
time_t m_expires,m_lastAccess;\r
RemotedCache* m_cache;\r
Mutex* m_lock;\r
RemotedCache(const DOMElement* e);\r
~RemotedCache();\r
\r
- string insert(\r
- time_t expires,\r
- const Application& application,\r
- const char* client_addr=NULL,\r
- const saml2md::EntityDescriptor* issuer=NULL,\r
- const saml2::NameID* nameid=NULL,\r
- const char* authn_instant=NULL,\r
- const char* session_index=NULL,\r
- const char* authncontext_class=NULL,\r
- const char* authncontext_decl=NULL,\r
- const vector<const Assertion*>* tokens=NULL,\r
- const multimap<string,Attribute*>* attributes=NULL\r
- );\r
Session* find(const char* key, const Application& application, const char* client_addr=NULL, time_t timeout=0);\r
void remove(const char* key, const Application& application, const char* client_addr);\r
\r
}\r
}\r
\r
-const Assertion* RemotedSession::getAssertion(const char* id) const\r
-{\r
- map<string,Assertion*>::const_iterator i = m_tokens.find(id);\r
- if (i!=m_tokens.end())\r
- return i->second;\r
-\r
- // Fetch from remoted cache.\r
- DDF in("getAssertion::"REMOTED_SESSION_CACHE"::SessionCache");\r
- DDFJanitor jin(in);\r
- in.structure();\r
- in.addmember("key").string(m_obj.name());\r
- in.addmember("id").string(id);\r
-\r
- DDF out=SPConfig::getConfig().getServiceProvider()->getListenerService()->send(in);\r
- DDFJanitor jout(out);\r
- \r
- // Parse and bind the document into an XMLObject.\r
- istringstream instr(out.string());\r
- DOMDocument* doc = XMLToolingConfig::getConfig().getParser().parse(instr); \r
- XercesJanitor<DOMDocument> janitor(doc);\r
- auto_ptr<XMLObject> xmlObject(XMLObjectBuilder::buildOneFromElement(doc->getDocumentElement(), true));\r
- janitor.release();\r
- \r
- Assertion* token = dynamic_cast<Assertion*>(xmlObject.get());\r
- if (!token)\r
- throw FatalProfileException("Cached assertion was of an unknown object type.");\r
-\r
- // Transfer ownership to us.\r
- xmlObject.release();\r
- m_tokens[id]=token;\r
- return token;\r
-}\r
-\r
void RemotedSession::validate(const Application& application, const char* client_addr, time_t timeout, bool local)\r
{\r
// Basic expiration?\r
time_t now = time(NULL);\r
if (now > m_expires) {\r
m_cache->m_log.info("session expired (ID: %s)", m_obj.name());\r
- throw RetryableProfileException("Your session has expired, and you must re-authenticate.");\r
+ throw opensaml::RetryableProfileException("Your session has expired, and you must re-authenticate.");\r
}\r
\r
// Address check?\r
m_cache->m_log.debug("comparing client address %s against %s", client_addr, getClientAddress());\r
if (strcmp(getClientAddress(),client_addr)) {\r
m_cache->m_log.warn("client address mismatch");\r
- throw RetryableProfileException(\r
+ throw opensaml::RetryableProfileException(\r
"Your IP address ($1) does not match the address recorded at the time the session was established.",\r
params(1,client_addr)\r
);\r
delete shutdown_wait;\r
}\r
\r
-string RemotedCache::insert(\r
- time_t expires,\r
- const Application& application,\r
- const char* client_addr,\r
- const saml2md::EntityDescriptor* issuer,\r
- const saml2::NameID* nameid,\r
- const char* authn_instant,\r
- const char* session_index,\r
- const char* authncontext_class,\r
- const char* authncontext_decl,\r
- const vector<const Assertion*>* tokens,\r
- const multimap<string,Attribute*>* attributes\r
- )\r
-{\r
- DDF in("insert::"REMOTED_SESSION_CACHE"::SessionCache");\r
- DDFJanitor jin(in);\r
- in.structure();\r
- if (expires) {\r
-#ifndef HAVE_GMTIME_R\r
- struct tm* ptime=gmtime(&expires);\r
-#else\r
- struct tm res;\r
- struct tm* ptime=gmtime_r(&expires,&res);\r
-#endif\r
- char timebuf[32];\r
- strftime(timebuf,32,"%Y-%m-%dT%H:%M:%SZ",ptime);\r
- in.addmember("expires").string(timebuf);\r
- }\r
- in.addmember("application_id").string(application.getId());\r
- if (client_addr)\r
- in.addmember("client_addr").string(client_addr);\r
- if (issuer) {\r
- auto_ptr_char provid(issuer->getEntityID());\r
- in.addmember("entity_id").string(provid.get());\r
- }\r
- if (authn_instant)\r
- in.addmember("authn_instant").string(authn_instant);\r
- if (session_index)\r
- in.addmember("session_index").string(session_index);\r
- if (authncontext_class)\r
- in.addmember("authncontext_class").string(authncontext_class);\r
- if (authncontext_decl)\r
- in.addmember("authncontext_decl").string(authncontext_decl);\r
- \r
- if (nameid) {\r
- ostringstream namestr;\r
- namestr << *nameid;\r
- in.addmember("nameid").string(namestr.str().c_str());\r
- }\r
-\r
- if (tokens) {\r
- in.addmember("assertions").list();\r
- in.addmember("tokens").list();\r
- for (vector<const Assertion*>::const_iterator t = tokens->begin(); t!=tokens->end(); ++t) {\r
- ostringstream tokenstr;\r
- tokenstr << *(*t);\r
- auto_ptr_char tokenid((*t)->getID());\r
- DDF tokid = DDF(NULL).string(tokenid.get());\r
- in["assertions"].add(tokid);\r
- DDF tok = DDF(tokenid.get()).string(tokenstr.str().c_str());\r
- in["tokens"].add(tok);\r
- }\r
- }\r
- \r
- if (attributes) {\r
- DDF attr;\r
- DDF attrs = in.addmember("attributes").list();\r
- for (multimap<string,Attribute*>::const_iterator a=attributes->begin(); a!=attributes->end(); ++a) {\r
- attr = a->second->marshall();\r
- attrs.add(attr);\r
- }\r
- }\r
-\r
- DDF out=application.getServiceProvider().getListenerService()->send(in);\r
- DDFJanitor jout(out);\r
- if (out["key"].isstring()) {\r
- // Transaction Logging\r
- auto_ptr_char name(nameid ? nameid->getName() : NULL);\r
- const char* pid = in["entity_id"].string();\r
- TransactionLog* xlog = application.getServiceProvider().getTransactionLog();\r
- Locker locker(xlog);\r
- xlog->log.infoStream() <<\r
- "New session (ID: " <<\r
- out["key"].string() <<\r
- ") with (applicationId: " <<\r
- application.getId() <<\r
- ") for principal from (IdP: " <<\r
- (pid ? pid : "none") <<\r
- ") at (ClientAddress: " <<\r
- (client_addr ? client_addr : "none") <<\r
- ") with (NameIdentifier: " <<\r
- (name.get() ? name.get() : "none") <<\r
- ")";\r
-\r
- if (attributes) {\r
- xlog->log.infoStream() <<\r
- "Cached the following attributes with session (ID: " <<\r
- out["key"].string() <<\r
- ") for (applicationId: " <<\r
- application.getId() <<\r
- ") {";\r
- for (multimap<string,Attribute*>::const_iterator a=attributes->begin(); a!=attributes->end(); ++a)\r
- xlog->log.infoStream() << "\t" << a->second->getId() << " (" << a->second->valueCount() << " values)";\r
- xlog->log.info("}");\r
- for_each(attributes->begin(), attributes->end(), cleanup_pair<string,Attribute>());\r
- }\r
-\r
- return out["key"].string();\r
- }\r
- throw RetryableProfileException("A remoted cache insertion operation did not return a usable session key.");\r
-}\r
-\r
Session* RemotedCache::find(const char* key, const Application& application, const char* client_addr, time_t timeout)\r
{\r
#ifdef _DEBUG\r
cache->cleanup();\r
return NULL;\r
}\r
-\r
-/* These are currently unimplemented.\r
-\r
-void RemotedSession::addAttributes(const vector<Attribute*>& attributes)\r
-{\r
- DDF in("addAttributes::"REMOTED_SESSION_CACHE);\r
- DDFJanitor jin(in);\r
- in.structure();\r
- in.addmember("key").string(m_key.c_str());\r
- in.addmember("application_id").string(m_appId.c_str());\r
-\r
- DDF attr;\r
- DDF attrs = in.addmember("attributes").list();\r
- for (vector<Attribute*>::const_iterator a=attributes.begin(); a!=attributes.end(); ++a) {\r
- attr = (*a)->marshall();\r
- attrs.add(attr);\r
- }\r
-\r
- attr=SPConfig::getConfig().getServiceProvider()->getListenerService()->send(in);\r
- DDFJanitor jout(attr);\r
- \r
- // Transfer ownership to us.\r
- m_attributes.insert(m_attributes.end(), attributes.begin(), attributes.end());\r
-}\r
-\r
-void RemotedSession::addAssertion(Assertion* assertion)\r
-{\r
- if (!assertion)\r
- throw FatalProfileException("Unknown object type passed to session cache for storage.");\r
-\r
- DDF in("addAssertion::"REMOTED_SESSION_CACHE);\r
- DDFJanitor jin(in);\r
- in.structure();\r
- in.addmember("key").string(m_key.c_str());\r
- in.addmember("application_id").string(m_appId.c_str());\r
- \r
- ostringstream os;\r
- os << *assertion;\r
- string token(os.str());\r
- auto_ptr_char tokenid(assertion->getID());\r
- in.addmember("assertion_id").string(tokenid.get());\r
- in.addmember("assertion").string(token.c_str());\r
-\r
- DDF out = SPConfig::getConfig().getServiceProvider()->getListenerService()->send(in);\r
- out.destroy();\r
- \r
- // Add to local record and token map.\r
- // Next attempt to find and lock session will refresh from remote store anyway.\r
- m_obj["assertions"].addmember(tokenid.get()).string(token.c_str());\r
- m_ids.clear();\r
- m_tokens[tokenid.get()] = assertion;\r
-}\r
-\r
-*/
\ No newline at end of file