-<?xml version="1.0" encoding="UTF-8"?>
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<?eclipse-cdt version="2.0"?>
<cdtproject id="org.eclipse.cdt.make.core.make">
-<extension id="org.eclipse.cdt.core.PE" point="org.eclipse.cdt.core.BinaryParser"/>
<extension id="org.eclipse.cdt.core.domsourceindexer" point="org.eclipse.cdt.core.CIndexer"/>
+<extension id="org.eclipse.cdt.core.PE" point="org.eclipse.cdt.core.BinaryParser"/>
<data>
<item id="org.eclipse.cdt.core.pathentry">
-<pathentry kind="src" path=""/>
+<pathentry kind="src" path="shibsp"/>
<pathentry kind="out" path=""/>
</item>
</data>
pair<bool,const char*> signingCred=credUse ? credUse->getString("Signing") : pair<bool,const char*>(false,NULL);
if (signRequest.first && signRequest.second && signingCred.first) {
if (request->getMinorVersion()==1) {
- shibboleth::Credentials creds(ShibTargetConfig::getConfig().getINI()->getCredentialsProviders());
- CredentialResolver* cr=creds.lookup(signingCred.second);
+ CredentialResolver* cr=ShibTargetConfig::getConfig().getINI()->getCredentialResolver(signingCred.second);
if (cr) {
xmltooling::Locker locker(cr);
request->sign(cr->getKey(),cr->getCertificates(),signatureAlg.second,digestAlg.second);
static bool ssl_ctx_callback(void* ssl_ctx, void* userptr)
{
#ifdef _DEBUG
- saml::NDC("ssl_ctx_callback");
+ xmltooling::NDC("ssl_ctx_callback");
#endif
Category& log=Category::getInstance(SHIBT_LOGCAT".ShibHTTPHook");
const PropertySet* credUse=ctx->getCredentialUse();
pair<bool,const char*> TLS=credUse ? credUse->getString("TLS") : pair<bool,const char*>(false,NULL);
if (TLS.first) {
- Credentials c(ctx->getHook()->getCredentialProviders());
- OpenSSLCredentialResolver* cr=dynamic_cast<OpenSSLCredentialResolver*>(c.lookup(TLS.second));
+ OpenSSLCredentialResolver* cr=dynamic_cast<OpenSSLCredentialResolver*>(ShibTargetConfig::getConfig().getINI()->getCredentialResolver(TLS.second));
if (cr) {
xmltooling::Locker locker(cr);
cr->attach(reinterpret_cast<SSL_CTX*>(ssl_ctx));
// Sign it?
if (signRequest.first && signRequest.second && signingCred.first) {
if (req->getMinorVersion()==1) {
- shibboleth::Credentials creds(ShibTargetConfig::getConfig().getINI()->getCredentialsProviders());
- CredentialResolver* cr=creds.lookup(signingCred.second);
+ CredentialResolver* cr=ShibTargetConfig::getConfig().getINI()->getCredentialResolver(signingCred.second);
if (cr) {
xmltooling::Locker locker(cr);
req->sign(cr->getKey(),cr->getCertificates(),signatureAlg.second,digestAlg.second);
using namespace xmltooling;
using namespace log4cpp;
using namespace std;
+using xmlsignature::CredentialResolver;
-namespace shibtarget {
+namespace {
// Application configuration wrapper
class XMLApplication : public virtual IApplication, public DOMPropertySet, public DOMNodeFilter
{
public:
- XMLApplication(const IConfig*, const Iterator<ICredentials*>& creds, const DOMElement* e, const XMLApplication* base=NULL);
+ XMLApplication(const IConfig*, const DOMElement* e, const XMLApplication* base=NULL);
~XMLApplication() { cleanup(); }
// PropertySet
IRequestMapper* m_requestMapper;
map<string,IApplication*> m_appmap;
- vector<ICredentials*> m_creds;
+ map<string,CredentialResolver*> m_credResolverMap;
vector<IAttributeFactory*> m_attrFactories;
// Provides filter to exclude special config elements.
map<string,IApplication*>::const_iterator i=static_cast<XMLConfigImpl*>(m_impl)->m_appmap.find(applicationId);
return (i!=static_cast<XMLConfigImpl*>(m_impl)->m_appmap.end()) ? i->second : NULL;
}
- Iterator<ICredentials*> getCredentialsProviders() const {return static_cast<XMLConfigImpl*>(m_impl)->m_creds;}
+
+ CredentialResolver* getCredentialResolver(const char* id) const {
+ if (id) {
+ XMLConfigImpl* impl=static_cast<XMLConfigImpl*>(getImplementation());
+ map<string,CredentialResolver*>::const_iterator i=impl->m_credResolverMap.find(id);
+ if (i!=impl->m_credResolverMap.end())
+ return i->second;
+ }
+ return NULL;
+ }
protected:
virtual ReloadableXMLFileImpl* newImplementation(const char* pathname, bool first=true) const;
mutable ISessionCache* m_sessionCache;
mutable IReplayCache* m_replayCache;
};
+
+ static const XMLCh Credentials[] = UNICODE_LITERAL_11(C,r,e,d,e,n,t,i,a,l,s);
+ static const XMLCh FileResolver[] = UNICODE_LITERAL_12(F,i,l,e,R,e,s,o,l,v,e,r);
+ static const XMLCh Id[] = UNICODE_LITERAL_2(I,d);
+ static const XMLCh type[] = UNICODE_LITERAL_4(t,y,p,e);
+
}
IConfig* STConfig::ShibTargetConfigFactory(const DOMElement* e)
XMLApplication::XMLApplication(
const IConfig* ini,
- const Iterator<ICredentials*>& creds,
const DOMElement* e,
const XMLApplication* base
) : m_ini(ini), m_base(base), m_metadata(NULL), m_trust(NULL), m_profile(NULL), m_binding(NULL), m_bindingHook(NULL),
getMetadataProvider(),
getTrustEngine()
);
- m_bindingHook=new ShibHTTPHook(
- getTrustEngine(),
- creds
- );
+ m_bindingHook=new ShibHTTPHook(getTrustEngine());
m_binding=SAMLBinding::getInstance(SAMLBinding::SOAP);
SAMLSOAPHTTPBinding* bptr=dynamic_cast<SAMLSOAPHTTPBinding*>(m_binding);
if (!bptr) {
// Back to the fully dynamic stuff...next up is the Request Mapper.
if (conf.isEnabled(SPConfig::RequestMapper)) {
- const DOMElement* child=saml::XML::getFirstChildElement(SHIRE,shibtarget::XML::SHIBTARGET_NS,SHIBT_L(RequestMapProvider));
+ const DOMElement* child=XMLHelper::getFirstChildElement(SHIRE,shibtarget::XML::SHIBTARGET_NS,SHIBT_L(RequestMapProvider));
if (child) {
xmltooling::auto_ptr_char type(child->getAttributeNS(NULL,SHIBT_L(type)));
log.info("building Request Mapper of type %s...",type.get());
}
}
- // Now we load any credentials providers.
- DOMNodeList* nlist;
+ // Now we load the credentials map.
if (conf.isEnabled(SPConfig::Credentials)) {
- nlist=ReloadableXMLFileImpl::m_root->getElementsByTagNameNS(shibtarget::XML::SHIBTARGET_NS,SHIBT_L(CredentialsProvider));
- for (unsigned int i=0; nlist && i<nlist->getLength(); i++) {
- xmltooling::auto_ptr_char type(static_cast<DOMElement*>(nlist->item(i))->getAttributeNS(NULL,SHIBT_L(type)));
- log.info("building credentials provider of type %s...",type.get());
- try {
- IPlugIn* plugin=shibConf.getPlugMgr().newPlugin(type.get(),static_cast<DOMElement*>(nlist->item(i)));
- if (plugin) {
- ICredentials* creds=dynamic_cast<ICredentials*>(plugin);
- if (creds)
- m_creds.push_back(creds);
- else {
- delete plugin;
- log.crit("plugin was not a credentials provider");
+ // Old format was to wrap it in a CredentialsProvider plugin, we're inlining that...
+ const DOMElement* child = XMLHelper::getFirstChildElement(ReloadableXMLFileImpl::m_root,shibtarget::XML::SHIBTARGET_NS,SHIBT_L(CredentialsProvider));
+ if (!child)
+ child = XMLHelper::getFirstChildElement(ReloadableXMLFileImpl::m_root,Credentials);
+ if (child) {
+ // Step down and process resolvers.
+ child=XMLHelper::getFirstChildElement(child);
+ while (child) {
+ xmltooling::auto_ptr_char id(child->getAttributeNS(NULL,Id));
+ if (!id.get() || !*(id.get())) {
+ log.warn("skipping CredentialsResolver with no Id attribute");
+ child = XMLHelper::getNextSiblingElement(child);
+ continue;
+ }
+
+ string cr_type;
+ if (XMLString::equals(child->getLocalName(),FileResolver))
+ cr_type=FILESYSTEM_CREDENTIAL_RESOLVER;
+ else {
+ xmltooling::auto_ptr_char c(child->getAttributeNS(NULL,type));
+ cr_type=c.get();
+ }
+
+ if (!cr_type.empty()) {
+ try {
+ CredentialResolver* plugin=
+ XMLToolingConfig::getConfig().CredentialResolverManager.newPlugin(cr_type.c_str(),child);
+ m_credResolverMap[id.get()] = plugin;
+ }
+ catch (exception& e) {
+ log.crit("failed to instantiate CredentialResolver (%s): %s", id.get(), e.what());
}
}
- }
- catch (exception& ex) {
- log.crit("error building credentials provider: %s",ex.what());
+ else {
+ log.error("unknown type of CredentialResolver with Id (%s)", id.get());
+ }
+
+ child = XMLHelper::getNextSiblingElement(child);
}
}
}
// Now we load any attribute factories
+ DOMNodeList* nlist;
nlist=ReloadableXMLFileImpl::m_root->getElementsByTagNameNS(shibtarget::XML::SHIBTARGET_NS,SHIBT_L(AttributeFactory));
for (unsigned int i=0; nlist && i<nlist->getLength(); i++) {
xmltooling::auto_ptr_char type(static_cast<DOMElement*>(nlist->item(i))->getAttributeNS(NULL,SHIBT_L(type)));
log.fatal("can't build default Application object, missing conf:Applications element?");
throw ConfigurationException("can't build default Application object, missing conf:Applications element?");
}
- XMLApplication* defapp=new XMLApplication(m_outer, m_creds, app);
+ XMLApplication* defapp=new XMLApplication(m_outer,app);
m_appmap[defapp->getId()]=defapp;
// Load any overrides.
nlist=app->getElementsByTagNameNS(shibtarget::XML::SHIBTARGET_NS,SHIBT_L(Application));
for (unsigned int j=0; nlist && j<nlist->getLength(); j++) {
- auto_ptr<XMLApplication> iapp(new XMLApplication(m_outer,m_creds,static_cast<DOMElement*>(nlist->item(j)),defapp));
+ auto_ptr<XMLApplication> iapp(new XMLApplication(m_outer,static_cast<DOMElement*>(nlist->item(j)),defapp));
if (m_appmap.find(iapp->getId())!=m_appmap.end())
log.crit("found conf:Application element with duplicate Id attribute, ignoring it");
else
log.errorStream() << "Error while loading SP configuration: " << e.what() << CategoryStream::ENDLINE;
throw ConfigurationException(e.what());
}
-#ifndef _DEBUG
- catch (...) {
- log.error("Unexpected error while loading SP configuration");
- throw;
- }
-#endif
}
XMLConfigImpl::~XMLConfigImpl()
{
delete m_requestMapper;
for_each(m_appmap.begin(),m_appmap.end(),xmltooling::cleanup_pair<string,IApplication>());
- for_each(m_creds.begin(),m_creds.end(),xmltooling::cleanup<ICredentials>());
+ for_each(m_credResolverMap.begin(),m_credResolverMap.end(),xmltooling::cleanup_pair<string,CredentialResolver>());
ShibConfig::getConfig().clearAttributeMappings();
for_each(m_attrFactories.begin(),m_attrFactories.end(),xmltooling::cleanup<IAttributeFactory>());
}
#include <shibsp/PropertySet.h>
#include <saml/saml2/metadata/MetadataProvider.h>
#include <xmltooling/security/TrustEngine.h>
+#include <xmltooling/signature/CredentialResolver.h>
// Old headers
#include <saml/saml.h>
class ShibHTTPHook : virtual public saml::SAMLSOAPHTTPBinding::HTTPHook
{
public:
- ShibHTTPHook(const xmltooling::TrustEngine* trust, const saml::Iterator<shibboleth::ICredentials*>& creds)
- : m_trust(trust), m_creds(creds) {}
+ ShibHTTPHook(const xmltooling::TrustEngine* trust) : m_trust(trust) {}
virtual ~ShibHTTPHook() {}
// Only hook we need here is for outgoing connection to server.
};
const xmltooling::TrustEngine* getTrustEngine() const {return m_trust;}
- const saml::Iterator<shibboleth::ICredentials*>& getCredentialProviders() const {return m_creds;}
private:
const xmltooling::TrustEngine* m_trust;
- saml::Iterator<shibboleth::ICredentials*> m_creds;
};
/**
virtual saml::IReplayCache* getReplayCache() const=0;
virtual IRequestMapper* getRequestMapper() const=0;
virtual const IApplication* getApplication(const char* applicationId) const=0;
- virtual saml::Iterator<shibboleth::ICredentials*> getCredentialsProviders() const=0;
+ virtual xmlsignature::CredentialResolver* getCredentialResolver(const char* id) const=0;
virtual ~IConfig() {}
};
using namespace opensaml::saml2md;
using namespace saml;
using namespace std;
-using xmlsignature::CredentialResolver;
-
-CredentialResolver* Credentials::lookup(const char* id)
-{
- if (m_mapper) {
- m_mapper->unlock();
- m_mapper=NULL;
- }
- CredentialResolver* ret=NULL;
- m_creds.reset();
- while (m_creds.hasNext()) {
- m_mapper=m_creds.next();
- m_mapper->lock();
- if (ret=m_mapper->lookup(id)) {
- return ret;
- }
- m_mapper->unlock();
- m_mapper=NULL;
- }
- return NULL;
-}
-
-Credentials::~Credentials()
-{
- if (m_mapper) {
- m_mapper->unlock();
- m_mapper=NULL;
- }
-}
AAP::AAP(const saml::Iterator<IAAP*>& aaps, const XMLCh* attrName, const XMLCh* attrNamespace) : m_mapper(NULL), m_rule(NULL)
{
#include <saml/saml2/metadata/Metadata.h>
#include <saml/saml2/metadata/MetadataProvider.h>
#include <xmltooling/security/TrustEngine.h>
-#include <xmltooling/signature/CredentialResolver.h>
#include <xmltooling/util/Threads.h>
#include <saml/saml.h>
namespace shibboleth
{
- // Credentials interface abstracts access to "owned" keys and certificates.
-
- struct SHIB_EXPORTS ICredentials : public virtual saml::ILockable, public virtual saml::IPlugIn
- {
- virtual xmlsignature::CredentialResolver* lookup(const char* id) const=0;
- virtual ~ICredentials() {}
- };
-
// Attribute acceptance processing interfaces, applied to incoming attributes.
struct SHIB_EXPORTS IAttributeRule
};
#ifdef SHIB_INSTANTIATE
- template class SHIB_EXPORTS saml::Iterator<ICredentials*>;
- template class SHIB_EXPORTS saml::ArrayIterator<ICredentials*>;
template class SHIB_EXPORTS saml::Iterator<IAAP*>;
template class SHIB_EXPORTS saml::ArrayIterator<IAAP*>;
#endif
- class SHIB_EXPORTS Credentials
- {
- public:
- Credentials(const saml::Iterator<ICredentials*>& creds) : m_creds(creds), m_mapper(NULL) {}
- ~Credentials();
-
- xmlsignature::CredentialResolver* lookup(const char* id);
-
- private:
- Credentials(const Credentials&);
- void operator=(const Credentials&);
- ICredentials* m_mapper;
- saml::Iterator<ICredentials*> m_creds;
- };
-
class SHIB_EXPORTS AAP
{
public:
TargetedID.cpp \
XMLAAP.cpp \
XMLAccessControl.cpp \
- XMLCredentials.cpp \
XMLProviders.cpp
+++ /dev/null
-/*
- * Copyright 2001-2005 Internet2
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-/* XMLCredentials.cpp - a credentials implementation that uses an XML file
-
- Scott Cantor
- 9/27/02
-
- $History:$
-*/
-
-#include "internal.h"
-
-#include <algorithm>
-#include <sys/types.h>
-#include <sys/stat.h>
-
-#include <log4cpp/Category.hh>
-#include <shibsp/exceptions.h>
-#include <xmltooling/XMLToolingConfig.h>
-#include <xmltooling/util/XMLHelper.h>
-
-using namespace shibsp;
-using namespace shibboleth;
-using namespace xmltooling;
-using namespace log4cpp;
-using namespace std;
-using xmlsignature::CredentialResolver;
-
-namespace {
-
- class XMLCredentialsImpl : public ReloadableXMLFileImpl
- {
- public:
- XMLCredentialsImpl(const char* pathname) : ReloadableXMLFileImpl(pathname) { init(); }
- XMLCredentialsImpl(const DOMElement* e) : ReloadableXMLFileImpl(e) { init(); }
- void init();
- ~XMLCredentialsImpl();
-
- typedef map<string,CredentialResolver*> resolvermap_t;
- resolvermap_t m_resolverMap;
- };
-
- class XMLCredentials : public ICredentials, public ReloadableXMLFile
- {
- public:
- XMLCredentials(const DOMElement* e) : ReloadableXMLFile(e) {}
- ~XMLCredentials() {}
-
- CredentialResolver* lookup(const char* id) const;
-
- protected:
- virtual ReloadableXMLFileImpl* newImplementation(const char* pathname, bool first=true) const;
- virtual ReloadableXMLFileImpl* newImplementation(const DOMElement* e, bool first=true) const;
- };
-
-}
-
-saml::IPlugIn* XMLCredentialsFactory(const DOMElement* e)
-{
- auto_ptr<XMLCredentials> creds(new XMLCredentials(e));
- creds->getImplementation();
- return creds.release();
-}
-
-ReloadableXMLFileImpl* XMLCredentials::newImplementation(const char* pathname, bool first) const
-{
- return new XMLCredentialsImpl(pathname);
-}
-
-ReloadableXMLFileImpl* XMLCredentials::newImplementation(const DOMElement* e, bool first) const
-{
- return new XMLCredentialsImpl(e);
-}
-
-static const XMLCh Id[] = UNICODE_LITERAL_2(I,d);
-static const XMLCh type[] = UNICODE_LITERAL_4(t,y,p,e);
-static const XMLCh FileResolver[] = UNICODE_LITERAL_12(F,i,l,e,R,e,s,o,l,v,e,r);
-
-void XMLCredentialsImpl::init()
-{
-#ifdef _DEBUG
- NDC ndc("init");
-#endif
- Category& log=Category::getInstance(XMLPROVIDERS_LOGCAT".Credentials");
-
- DOMElement* child=XMLHelper::getFirstChildElement(m_root);
- while (child) {
- string cr_type;
- auto_ptr_char id(child->getAttributeNS(NULL,Id));
- if (!id.get()) {
- child = XMLHelper::getNextSiblingElement(child);
- continue;
- }
-
- if (XMLString::equals(child->getLocalName(),FileResolver))
- cr_type=FILESYSTEM_CREDENTIAL_RESOLVER;
- else {
- xmltooling::auto_ptr_char c(child->getAttributeNS(NULL,type));
- cr_type=c.get();
- }
-
- if (!cr_type.empty()) {
- try {
- CredentialResolver* plugin=
- XMLToolingConfig::getConfig().CredentialResolverManager.newPlugin(cr_type.c_str(),child);
- m_resolverMap[id.get()] = plugin;
- }
- catch (exception& e) {
- log.error("failed to instantiate credential resolver (%s): %s", id.get(), e.what());
- }
- }
- else {
- log.error("unknown type of credential resolver (%s)", id.get());
- }
-
- child = XMLHelper::getNextSiblingElement(child);
- }
-}
-
-XMLCredentialsImpl::~XMLCredentialsImpl()
-{
- for_each(m_resolverMap.begin(),m_resolverMap.end(),xmltooling::cleanup_pair<string,CredentialResolver>());
-}
-
-CredentialResolver* XMLCredentials::lookup(const char* id) const
-{
- if (id) {
- XMLCredentialsImpl* impl=dynamic_cast<XMLCredentialsImpl*>(getImplementation());
- XMLCredentialsImpl::resolvermap_t::const_iterator i=impl->m_resolverMap.find(id);
- if (i!=impl->m_resolverMap.end())
- return i->second;
- }
- return NULL;
-}
// Metadata Factories
PlugManager::Factory TargetedIDFactory;
-PlugManager::Factory XMLCredentialsFactory;
PlugManager::Factory XMLAAPFactory;
PlugManager::Factory XMLAccessControlFactory;
// Register metadata factories (some are legacy aliases)
SAMLConfig& conf=SAMLConfig::getConfig();
conf.getPlugMgr().regFactory("edu.internet2.middleware.shibboleth.common.provider.TargetedIDFactory",&TargetedIDFactory);
- conf.getPlugMgr().regFactory("edu.internet2.middleware.shibboleth.common.Credentials",&XMLCredentialsFactory);
conf.getPlugMgr().regFactory("edu.internet2.middleware.shibboleth.aap.provider.XMLAAP",&XMLAAPFactory);
conf.getPlugMgr().regFactory("edu.internet2.middleware.shibboleth.target.provider.XMLAAP",&XMLAAPFactory);
conf.getPlugMgr().regFactory(shibtarget::XML::XMLAccessControlType,&XMLAccessControlFactory);
// Unregister metadata factories
SAMLConfig& conf=SAMLConfig::getConfig();
conf.getPlugMgr().unregFactory("edu.internet2.middleware.shibboleth.common.provider.TargetedIDFactory");
- conf.getPlugMgr().unregFactory("edu.internet2.middleware.shibboleth.common.Credentials");
conf.getPlugMgr().unregFactory("edu.internet2.middleware.shibboleth.aap.provider.XMLAAP");
conf.getPlugMgr().unregFactory("edu.internet2.middleware.shibboleth.target.provider.XMLAAP");
conf.getPlugMgr().unregFactory(shibtarget::XML::XMLAccessControlType);
>
</File>
<File
- RelativePath="XMLCredentials.cpp"
- >
- </File>
- <File
RelativePath="XMLProviders.cpp"
>
</File>