--- /dev/null
+/*\r
+ * Copyright 2001-2007 Internet2\r
+ * \r
+ * Licensed under the Apache License, Version 2.0 (the "License");\r
+ * you may not use this file except in compliance with the License.\r
+ * You may obtain a copy of the License at\r
+ *\r
+ * http://www.apache.org/licenses/LICENSE-2.0\r
+ *\r
+ * Unless required by applicable law or agreed to in writing, software\r
+ * distributed under the License is distributed on an "AS IS" BASIS,\r
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
+ * See the License for the specific language governing permissions and\r
+ * limitations under the License.\r
+ */\r
+\r
+/**\r
+ * XMLServiceProvider.cpp\r
+ *\r
+ * XML-based SP configuration and mgmt\r
+ */\r
+\r
+#include "internal.h"\r
+#include "exceptions.h"\r
+#include "AccessControl.h"\r
+#include "Application.h"\r
+#include "Handler.h"\r
+#include "RequestMapper.h"\r
+#include "ServiceProvider.h"\r
+#include "SessionCache.h"\r
+#include "SPConfig.h"\r
+#include "SPRequest.h"\r
+#include "TransactionLog.h"\r
+#include "attribute/Attribute.h"\r
+#include "remoting/ListenerService.h"\r
+#include "security/PKIXTrustEngine.h"\r
+#include "util/DOMPropertySet.h"\r
+#include "util/SPConstants.h"\r
+\r
+#include <sys/types.h>\r
+#include <sys/stat.h>\r
+#include <log4cpp/Category.hh>\r
+#include <log4cpp/PropertyConfigurator.hh>\r
+#include <saml/SAMLConfig.h>\r
+#include <saml/saml1/core/Assertions.h>\r
+#include <saml/saml2/metadata/ChainingMetadataProvider.h>\r
+#include <xmltooling/XMLToolingConfig.h>\r
+#include <xmltooling/security/ChainingTrustEngine.h>\r
+#include <xmltooling/util/NDC.h>\r
+#include <xmltooling/util/ReloadableXMLFile.h>\r
+#include <xmltooling/util/ReplayCache.h>\r
+\r
+using namespace shibsp;\r
+using namespace opensaml::saml1;\r
+using namespace opensaml::saml2md;\r
+using namespace opensaml;\r
+using namespace xmltooling;\r
+using namespace log4cpp;\r
+using namespace std;\r
+using xmlsignature::CredentialResolver;\r
+\r
+namespace shibsp {\r
+\r
+#if defined (_MSC_VER)\r
+ #pragma warning( push )\r
+ #pragma warning( disable : 4250 )\r
+#endif\r
+\r
+ static vector<const Handler*> g_noHandlers;\r
+\r
+ // Application configuration wrapper\r
+ class SHIBSP_DLLLOCAL XMLApplication : public virtual Application, public DOMPropertySet, public DOMNodeFilter\r
+ {\r
+ public:\r
+ XMLApplication(const ServiceProvider*, const DOMElement* e, const XMLApplication* base=NULL);\r
+ ~XMLApplication() { cleanup(); }\r
+ \r
+ // PropertySet\r
+ pair<bool,bool> getBool(const char* name, const char* ns=NULL) const;\r
+ pair<bool,const char*> getString(const char* name, const char* ns=NULL) const;\r
+ pair<bool,const XMLCh*> getXMLString(const char* name, const char* ns=NULL) const;\r
+ pair<bool,unsigned int> getUnsignedInt(const char* name, const char* ns=NULL) const;\r
+ pair<bool,int> getInt(const char* name, const char* ns=NULL) const;\r
+ const PropertySet* getPropertySet(const char* name, const char* ns="urn:mace:shibboleth:target:config:1.0") const;\r
+\r
+ // Application\r
+ const char* getId() const {return getString("id").second;}\r
+ const char* getHash() const {return m_hash.c_str();}\r
+ MetadataProvider* getMetadataProvider() const;\r
+ TrustEngine* getTrustEngine() const;\r
+ const vector<const XMLCh*>& getAudiences() const;\r
+ const PropertySet* getCredentialUse(const EntityDescriptor* provider) const;\r
+\r
+ const Handler* getDefaultSessionInitiator() const;\r
+ const Handler* getSessionInitiatorById(const char* id) const;\r
+ const Handler* getDefaultAssertionConsumerService() const;\r
+ const Handler* getAssertionConsumerServiceByIndex(unsigned short index) const;\r
+ const vector<const Handler*>& getAssertionConsumerServicesByBinding(const XMLCh* binding) const;\r
+ const Handler* getHandler(const char* path) const;\r
+ \r
+ // Provides filter to exclude special config elements.\r
+ short acceptNode(const DOMNode* node) const;\r
+ \r
+ private:\r
+ void cleanup();\r
+ const ServiceProvider* m_sp; // this is ok because its locking scope includes us\r
+ const XMLApplication* m_base;\r
+ string m_hash;\r
+ MetadataProvider* m_metadata;\r
+ TrustEngine* m_trust;\r
+ vector<const XMLCh*> m_audiences;\r
+\r
+ // manage handler objects\r
+ vector<Handler*> m_handlers;\r
+\r
+ // maps location (path info) to applicable handlers\r
+ map<string,const Handler*> m_handlerMap;\r
+\r
+ // maps unique indexes to consumer services\r
+ map<unsigned int,const Handler*> m_acsIndexMap;\r
+ \r
+ // pointer to default consumer service\r
+ const Handler* m_acsDefault;\r
+\r
+ // maps binding strings to supporting consumer service(s)\r
+#ifdef HAVE_GOOD_STL\r
+ typedef map<xmltooling::xstring,vector<const Handler*> > ACSBindingMap;\r
+#else\r
+ typedef map<string,vector<const Handler*> > ACSBindingMap;\r
+#endif\r
+ ACSBindingMap m_acsBindingMap;\r
+\r
+ // maps unique ID strings to session initiators\r
+ map<string,const Handler*> m_sessionInitMap;\r
+\r
+ // pointer to default session initiator\r
+ const Handler* m_sessionInitDefault;\r
+\r
+ DOMPropertySet* m_credDefault;\r
+#ifdef HAVE_GOOD_STL\r
+ map<xmltooling::xstring,PropertySet*> m_credMap;\r
+#else\r
+ map<const XMLCh*,PropertySet*> m_credMap;\r
+#endif\r
+ };\r
+\r
+ // Top-level configuration implementation\r
+ class SHIBSP_DLLLOCAL XMLConfig;\r
+ class SHIBSP_DLLLOCAL XMLConfigImpl : public DOMPropertySet, public DOMNodeFilter\r
+ {\r
+ public:\r
+ XMLConfigImpl(const DOMElement* e, bool first, const XMLConfig* outer);\r
+ ~XMLConfigImpl();\r
+ \r
+ RequestMapper* m_requestMapper;\r
+ map<string,Application*> m_appmap;\r
+ map<string,CredentialResolver*> m_credResolverMap;\r
+ \r
+ // Provides filter to exclude special config elements.\r
+ short acceptNode(const DOMNode* node) const;\r
+\r
+ void setDocument(DOMDocument* doc) {\r
+ m_document = doc;\r
+ }\r
+\r
+ private:\r
+ void doExtensions(const DOMElement* e, const char* label, Category& log);\r
+\r
+ const XMLConfig* m_outer;\r
+ DOMDocument* m_document;\r
+ };\r
+\r
+ class SHIBSP_DLLLOCAL XMLConfig : public ServiceProvider, public ReloadableXMLFile\r
+ {\r
+ public:\r
+ XMLConfig(const DOMElement* e)\r
+ : ReloadableXMLFile(e), m_impl(NULL), m_listener(NULL), m_sessionCache(NULL) {\r
+ }\r
+ \r
+ void init() {\r
+ load();\r
+ }\r
+\r
+ ~XMLConfig() {\r
+ delete m_impl;\r
+ delete m_sessionCache;\r
+ delete m_listener;\r
+ delete m_tranLog;\r
+ XMLToolingConfig::getConfig().setReplayCache(NULL);\r
+ for_each(m_storage.begin(), m_storage.end(), cleanup_pair<string,StorageService>());\r
+ }\r
+\r
+ // PropertySet\r
+ pair<bool,bool> getBool(const char* name, const char* ns=NULL) const {return m_impl->getBool(name,ns);}\r
+ pair<bool,const char*> getString(const char* name, const char* ns=NULL) const {return m_impl->getString(name,ns);}\r
+ pair<bool,const XMLCh*> getXMLString(const char* name, const char* ns=NULL) const {return m_impl->getXMLString(name,ns);}\r
+ pair<bool,unsigned int> getUnsignedInt(const char* name, const char* ns=NULL) const {return m_impl->getUnsignedInt(name,ns);}\r
+ pair<bool,int> getInt(const char* name, const char* ns=NULL) const {return m_impl->getInt(name,ns);}\r
+ const PropertySet* getPropertySet(const char* name, const char* ns="urn:mace:shibboleth:target:config:1.0") const {return m_impl->getPropertySet(name,ns);}\r
+ const DOMElement* getElement() const {return m_impl->getElement();}\r
+\r
+ // ServiceProvider\r
+ TransactionLog* getTransactionLog() const {\r
+ if (m_tranLog)\r
+ return m_tranLog;\r
+ throw ConfigurationException("No TransactionLog available.");\r
+ }\r
+\r
+ StorageService* getStorageService(const char* id) const {\r
+ if (id) {\r
+ map<string,StorageService*>::const_iterator i=m_storage.find(id);\r
+ if (i!=m_storage.end())\r
+ return i->second;\r
+ }\r
+ return NULL;\r
+ }\r
+\r
+ ListenerService* getListenerService(bool required=true) const {\r
+ if (required && !m_listener)\r
+ throw ConfigurationException("No ListenerService available.");\r
+ return m_listener;\r
+ }\r
+\r
+ SessionCache* getSessionCache(bool required=true) const {\r
+ if (required && !m_sessionCache)\r
+ throw ConfigurationException("No SessionCache available.");\r
+ return m_sessionCache;\r
+ }\r
+\r
+ RequestMapper* getRequestMapper(bool required=true) const {\r
+ if (required && !m_impl->m_requestMapper)\r
+ throw ConfigurationException("No RequestMapper available.");\r
+ return m_impl->m_requestMapper;\r
+ }\r
+\r
+ const Application* getApplication(const char* applicationId) const {\r
+ map<string,Application*>::const_iterator i=m_impl->m_appmap.find(applicationId);\r
+ return (i!=m_impl->m_appmap.end()) ? i->second : NULL;\r
+ }\r
+\r
+ CredentialResolver* getCredentialResolver(const char* id) const {\r
+ if (id) {\r
+ map<string,CredentialResolver*>::const_iterator i=m_impl->m_credResolverMap.find(id);\r
+ if (i!=m_impl->m_credResolverMap.end())\r
+ return i->second;\r
+ }\r
+ return NULL;\r
+ }\r
+\r
+ protected:\r
+ pair<bool,DOMElement*> load();\r
+\r
+ private:\r
+ friend class XMLConfigImpl;\r
+ XMLConfigImpl* m_impl;\r
+ mutable ListenerService* m_listener;\r
+ mutable SessionCache* m_sessionCache;\r
+ mutable TransactionLog* m_tranLog;\r
+ mutable map<string,StorageService*> m_storage;\r
+ };\r
+\r
+#if defined (_MSC_VER)\r
+ #pragma warning( pop )\r
+#endif\r
+\r
+ ServiceProvider* XMLServiceProviderFactory(const DOMElement* const & e)\r
+ {\r
+ return new XMLConfig(e);\r
+ }\r
+\r
+ static const XMLCh AAPProvider[] = UNICODE_LITERAL_11(A,A,P,P,r,o,v,i,d,e,r);\r
+ static const XMLCh _Application[] = UNICODE_LITERAL_11(A,p,p,l,i,c,a,t,i,o,n);\r
+ static const XMLCh Applications[] = UNICODE_LITERAL_12(A,p,p,l,i,c,a,t,i,o,n,s);\r
+ static const XMLCh AttributeFactory[] = UNICODE_LITERAL_16(A,t,t,r,i,b,u,t,e,F,a,c,t,o,r,y);\r
+ static const XMLCh Credentials[] = UNICODE_LITERAL_11(C,r,e,d,e,n,t,i,a,l,s);\r
+ static const XMLCh CredentialsProvider[] = UNICODE_LITERAL_19(C,r,e,d,e,n,t,i,a,l,s,P,r,o,v,i,d,e,r);\r
+ static const XMLCh CredentialUse[] = UNICODE_LITERAL_13(C,r,e,d,e,n,t,i,a,l,U,s,e);\r
+ static const XMLCh DiagnosticService[] = UNICODE_LITERAL_17(D,i,a,g,n,o,s,t,i,c,S,e,r,v,i,c,e);\r
+ static const XMLCh fatal[] = UNICODE_LITERAL_5(f,a,t,a,l);\r
+ static const XMLCh FileResolver[] = UNICODE_LITERAL_12(F,i,l,e,R,e,s,o,l,v,e,r);\r
+ static const XMLCh Global[] = UNICODE_LITERAL_6(G,l,o,b,a,l);\r
+ static const XMLCh Id[] = UNICODE_LITERAL_2(I,d);\r
+ static const XMLCh Implementation[] = UNICODE_LITERAL_14(I,m,p,l,e,m,e,n,t,a,t,i,o,n);\r
+ static const XMLCh InProcess[] = UNICODE_LITERAL_9(I,n,P,r,o,c,e,s,s);\r
+ static const XMLCh Library[] = UNICODE_LITERAL_7(L,i,b,r,a,r,y);\r
+ static const XMLCh Listener[] = UNICODE_LITERAL_8(L,i,s,t,e,n,e,r);\r
+ static const XMLCh Local[] = UNICODE_LITERAL_5(L,o,c,a,l);\r
+ static const XMLCh logger[] = UNICODE_LITERAL_6(l,o,g,g,e,r);\r
+ static const XMLCh MemoryListener[] = UNICODE_LITERAL_14(M,e,m,o,r,y,L,i,s,t,e,n,e,r);\r
+ static const XMLCh MemorySessionCache[] = UNICODE_LITERAL_18(M,e,m,o,r,y,S,e,s,s,i,o,n,C,a,c,h,e);\r
+ static const XMLCh RelyingParty[] = UNICODE_LITERAL_12(R,e,l,y,i,n,g,P,a,r,t,y);\r
+ static const XMLCh _ReplayCache[] = UNICODE_LITERAL_11(R,e,p,l,a,y,C,a,c,h,e);\r
+ static const XMLCh RequestMapProvider[] = UNICODE_LITERAL_18(R,e,q,u,e,s,t,M,a,p,P,r,o,v,i,d,e,r);\r
+ static const XMLCh _SessionCache[] = UNICODE_LITERAL_12(S,e,s,s,i,o,n,C,a,c,h,e);\r
+ static const XMLCh SessionInitiator[] = UNICODE_LITERAL_16(S,e,s,s,i,o,n,I,n,i,t,i,a,t,o,r);\r
+ static const XMLCh _StorageService[] = UNICODE_LITERAL_14(S,t,o,r,a,g,e,S,e,r,v,i,c,e);\r
+ static const XMLCh OutOfProcess[] = UNICODE_LITERAL_12(O,u,t,O,f,P,r,o,c,e,s,s);\r
+ static const XMLCh TCPListener[] = UNICODE_LITERAL_11(T,C,P,L,i,s,t,e,n,e,r);\r
+ static const XMLCh TrustProvider[] = UNICODE_LITERAL_13(T,r,u,s,t,P,r,o,v,i,d,e,r);\r
+ static const XMLCh UnixListener[] = UNICODE_LITERAL_12(U,n,i,x,L,i,s,t,e,n,e,r);\r
+ static const XMLCh _MetadataProvider[] = UNICODE_LITERAL_16(M,e,t,a,d,a,t,a,P,r,o,v,i,d,e,r);\r
+ static const XMLCh _path[] = UNICODE_LITERAL_4(p,a,t,h);\r
+ static const XMLCh _type[] = UNICODE_LITERAL_4(t,y,p,e);\r
+};\r
+\r
+XMLApplication::XMLApplication(\r
+ const ServiceProvider* sp,\r
+ const DOMElement* e,\r
+ const XMLApplication* base\r
+ ) : m_sp(sp), m_base(base), m_metadata(NULL), m_trust(NULL),\r
+ m_credDefault(NULL), m_sessionInitDefault(NULL), m_acsDefault(NULL)\r
+{\r
+#ifdef _DEBUG\r
+ xmltooling::NDC ndc("XMLApplication");\r
+#endif\r
+ Category& log=Category::getInstance(SHIBSP_LOGCAT".Application");\r
+\r
+ try {\r
+ // First load any property sets.\r
+ map<string,string> root_remap;\r
+ root_remap["shire"]="session";\r
+ root_remap["shireURL"]="handlerURL";\r
+ root_remap["shireSSL"]="handlerSSL";\r
+ load(e,log,this,&root_remap);\r
+\r
+ const PropertySet* propcheck=getPropertySet("Errors");\r
+ if (propcheck && !propcheck->getString("session").first)\r
+ throw ConfigurationException("<Errors> element requires 'session' (or deprecated 'shire') attribute");\r
+ propcheck=getPropertySet("Sessions");\r
+ if (propcheck && !propcheck->getString("handlerURL").first)\r
+ throw ConfigurationException("<Sessions> element requires 'handlerURL' (or deprecated 'shireURL') attribute");\r
+\r
+ SPConfig& conf=SPConfig::getConfig();\r
+ SAMLConfig& samlConf=SAMLConfig::getConfig();\r
+ XMLToolingConfig& xmlConf=XMLToolingConfig::getConfig();\r
+\r
+ m_hash=getId();\r
+ m_hash+=getString("providerId").second;\r
+ m_hash=samlConf.hashSHA1(m_hash.c_str(), true);\r
+\r
+ // Process handlers.\r
+ Handler* handler=NULL;\r
+ bool hardACS=false, hardSessionInit=false;\r
+ const DOMElement* child = XMLHelper::getFirstChildElement(propcheck->getElement());\r
+ while (child) {\r
+ xmltooling::auto_ptr_char bindprop(child->getAttributeNS(NULL,EndpointType::BINDING_ATTRIB_NAME));\r
+ if (!bindprop.get() || !*(bindprop.get())) {\r
+ log.warn("md:AssertionConsumerService element has no Binding attribute, skipping it...");\r
+ child = XMLHelper::getNextSiblingElement(child);\r
+ continue;\r
+ }\r
+ \r
+ try {\r
+ // A handler is based on the Binding property in conjunction with the element name.\r
+ // If it's an ACS or SI, also handle index/id mappings and defaulting.\r
+ if (XMLHelper::isNodeNamed(child,samlconstants::SAML20MD_NS,AssertionConsumerService::LOCAL_NAME)) {\r
+ handler=conf.AssertionConsumerServiceManager.newPlugin(bindprop.get(),child);\r
+ // Map by binding (may be > 1 per binding, e.g. SAML 1.0 vs 1.1)\r
+#ifdef HAVE_GOOD_STL\r
+ m_acsBindingMap[handler->getXMLString("Binding").second].push_back(handler);\r
+#else\r
+ m_acsBindingMap[handler->getString("Binding").second].push_back(handler);\r
+#endif\r
+ m_acsIndexMap[handler->getUnsignedInt("index").second]=handler;\r
+ \r
+ if (!hardACS) {\r
+ pair<bool,bool> defprop=handler->getBool("isDefault");\r
+ if (defprop.first) {\r
+ if (defprop.second) {\r
+ hardACS=true;\r
+ m_acsDefault=handler;\r
+ }\r
+ }\r
+ else if (!m_acsDefault)\r
+ m_acsDefault=handler;\r
+ }\r
+ }\r
+ else if (XMLString::equals(child->getLocalName(),SessionInitiator)) {\r
+ handler=conf.SessionInitiatorManager.newPlugin(bindprop.get(),child);\r
+ pair<bool,const char*> si_id=handler->getString("id");\r
+ if (si_id.first && si_id.second)\r
+ m_sessionInitMap[si_id.second]=handler;\r
+ if (!hardSessionInit) {\r
+ pair<bool,bool> defprop=handler->getBool("isDefault");\r
+ if (defprop.first) {\r
+ if (defprop.second) {\r
+ hardSessionInit=true;\r
+ m_sessionInitDefault=handler;\r
+ }\r
+ }\r
+ else if (!m_sessionInitDefault)\r
+ m_sessionInitDefault=handler;\r
+ }\r
+ }\r
+ else if (XMLHelper::isNodeNamed(child,samlconstants::SAML20MD_NS,SingleLogoutService::LOCAL_NAME)) {\r
+ handler=conf.SingleLogoutServiceManager.newPlugin(bindprop.get(),child);\r
+ }\r
+ else if (XMLHelper::isNodeNamed(child,samlconstants::SAML20MD_NS,ManageNameIDService::LOCAL_NAME)) {\r
+ handler=conf.ManageNameIDServiceManager.newPlugin(bindprop.get(),child);\r
+ }\r
+ else {\r
+ handler=conf.HandlerManager.newPlugin(bindprop.get(),child);\r
+ }\r
+\r
+ // Save off the objects after giving the property set to the handler for its use.\r
+ m_handlers.push_back(handler);\r
+\r
+ // Insert into location map.\r
+ pair<bool,const char*> location=handler->getString("Location");\r
+ if (location.first && *location.second == '/')\r
+ m_handlerMap[location.second]=handler;\r
+ else if (location.first)\r
+ m_handlerMap[string("/") + location.second]=handler;\r
+\r
+ }\r
+ catch (exception& ex) {\r
+ log.error("caught exception processing handler element: %s", ex.what());\r
+ }\r
+ \r
+ child = XMLHelper::getNextSiblingElement(child);\r
+ }\r
+\r
+ // If no handlers defined at the root, assume a legacy configuration.\r
+ if (!m_base && m_handlers.empty()) {\r
+ try {\r
+ // A legacy config installs a SAML POST handler at the root handler location.\r
+ // We use the Sessions element itself as the PropertySet.\r
+ Handler* h1=conf.SessionInitiatorManager.newPlugin(\r
+ shibspconstants::SHIB1_SESSIONINIT_PROFILE_URI,propcheck->getElement()\r
+ );\r
+ m_handlers.push_back(h1);\r
+ m_sessionInitDefault=h1;\r
+\r
+ Handler* h2=conf.AssertionConsumerServiceManager.newPlugin(\r
+ samlconstants::SAML1_PROFILE_BROWSER_POST,propcheck->getElement()\r
+ );\r
+ m_handlers.push_back(h2);\r
+ m_handlerMap[""] = h2;\r
+ m_acsDefault=h2;\r
+ }\r
+ catch (exception& ex) {\r
+ log.crit("error installing legacy handler configuration: %s", ex.what());\r
+ }\r
+ }\r
+ \r
+ DOMNodeList* nlist=e->getElementsByTagNameNS(samlconstants::SAML1_NS,Audience::LOCAL_NAME);\r
+ for (XMLSize_t i=0; nlist && i<nlist->getLength(); i++)\r
+ if (nlist->item(i)->getParentNode()->isSameNode(e) && nlist->item(i)->hasChildNodes())\r
+ m_audiences.push_back(nlist->item(i)->getFirstChild()->getNodeValue());\r
+\r
+ // Always include our own providerId as an audience.\r
+ m_audiences.push_back(getXMLString("providerId").second);\r
+\r
+ if (conf.isEnabled(SPConfig::AttributeResolver)) {\r
+ child = XMLHelper::getFirstChildElement(e,AAPProvider);\r
+ while (child) {\r
+ // TODO: some kind of compatibility\r
+ child = XMLHelper::getNextSiblingElement(child,AAPProvider);\r
+ }\r
+ }\r
+\r
+ if (conf.isEnabled(SPConfig::Metadata)) {\r
+ vector<MetadataProvider*> os2providers;\r
+ child = XMLHelper::getFirstChildElement(e,_MetadataProvider);\r
+ while (child) {\r
+ xmltooling::auto_ptr_char type(child->getAttributeNS(NULL,_type));\r
+ log.info("building metadata provider of type %s...",type.get());\r
+ try {\r
+ auto_ptr<MetadataProvider> mp(samlConf.MetadataProviderManager.newPlugin(type.get(),child));\r
+ mp->init();\r
+ os2providers.push_back(mp.release());\r
+ }\r
+ catch (exception& ex) {\r
+ log.crit("error building/initializing metadata provider: %s", ex.what());\r
+ }\r
+\r
+ child = XMLHelper::getNextSiblingElement(child,_MetadataProvider);\r
+ }\r
+ \r
+ if (os2providers.size()==1)\r
+ m_metadata=os2providers.front();\r
+ else if (os2providers.size()>1) {\r
+ try {\r
+ m_metadata = samlConf.MetadataProviderManager.newPlugin(CHAINING_METADATA_PROVIDER,NULL);\r
+ ChainingMetadataProvider* chainMeta = dynamic_cast<ChainingMetadataProvider*>(m_metadata);\r
+ while (!os2providers.empty()) {\r
+ chainMeta->addMetadataProvider(os2providers.back());\r
+ os2providers.pop_back();\r
+ }\r
+ }\r
+ catch (exception& ex) {\r
+ log.crit("error building chaining metadata provider wrapper: %s",ex.what());\r
+ for_each(os2providers.begin(), os2providers.end(), xmltooling::cleanup<MetadataProvider>());\r
+ }\r
+ }\r
+ }\r
+\r
+ if (conf.isEnabled(SPConfig::Trust)) {\r
+ ChainingTrustEngine* chainTrust = NULL;\r
+ child = XMLHelper::getFirstChildElement(e,TrustProvider);\r
+ while (child) {\r
+ xmltooling::auto_ptr_char type(child->getAttributeNS(NULL,_type));\r
+ log.info("building trust provider of type %s...",type.get());\r
+ try {\r
+ if (!m_trust) {\r
+ // For compatibility with old engine types, we're assuming a Shib engine is likely,\r
+ // which requires chaining, so we'll build that regardless.\r
+ m_trust = xmlConf.TrustEngineManager.newPlugin(CHAINING_TRUSTENGINE,NULL);\r
+ chainTrust = dynamic_cast<ChainingTrustEngine*>(m_trust);\r
+ }\r
+ if (!strcmp(type.get(),"edu.internet2.middleware.shibboleth.common.provider.ShibbolethTrust")) {\r
+ chainTrust->addTrustEngine(xmlConf.TrustEngineManager.newPlugin(EXPLICIT_KEY_TRUSTENGINE,child));\r
+ chainTrust->addTrustEngine(xmlConf.TrustEngineManager.newPlugin(SHIBBOLETH_PKIX_TRUSTENGINE,child));\r
+ }\r
+ else if (!strcmp(type.get(),"edu.internet2.middleware.shibboleth.common.provider.BasicTrust")) {\r
+ chainTrust->addTrustEngine(xmlConf.TrustEngineManager.newPlugin(EXPLICIT_KEY_TRUSTENGINE,child));\r
+ }\r
+ else {\r
+ chainTrust->addTrustEngine(xmlConf.TrustEngineManager.newPlugin(type.get(),child));\r
+ }\r
+ }\r
+ catch (exception& ex) {\r
+ log.crit("error building trust provider: %s",ex.what());\r
+ }\r
+ \r
+ child = XMLHelper::getNextSiblingElement(child,TrustProvider);\r
+ }\r
+ }\r
+ \r
+ // Finally, load credential mappings.\r
+ child = XMLHelper::getFirstChildElement(e,CredentialUse);\r
+ if (child) {\r
+ m_credDefault=new DOMPropertySet();\r
+ m_credDefault->load(child,log,this);\r
+ child = XMLHelper::getFirstChildElement(child,RelyingParty);\r
+ while (child) {\r
+ DOMPropertySet* rp=new DOMPropertySet();\r
+ rp->load(child,log,this);\r
+ m_credMap[child->getAttributeNS(NULL,opensaml::saml2::Attribute::NAME_ATTRIB_NAME)]=rp;\r
+ child = XMLHelper::getNextSiblingElement(child,RelyingParty);\r
+ }\r
+ }\r
+ \r
+ if (conf.isEnabled(SPConfig::OutOfProcess)) {\r
+ // Really finally, build local browser profile and binding objects.\r
+ // TODO: may need some bits here...\r
+ }\r
+ }\r
+ catch (exception&) {\r
+ cleanup();\r
+ throw;\r
+ }\r
+#ifndef _DEBUG\r
+ catch (...) {\r
+ cleanup();\r
+ throw;\r
+ }\r
+#endif\r
+}\r
+\r
+void XMLApplication::cleanup()\r
+{\r
+ for_each(m_handlers.begin(),m_handlers.end(),xmltooling::cleanup<Handler>());\r
+ \r
+ delete m_credDefault;\r
+#ifdef HAVE_GOOD_STL\r
+ for_each(m_credMap.begin(),m_credMap.end(),cleanup_pair<xmltooling::xstring,PropertySet>());\r
+#else\r
+ for_each(m_credMap.begin(),m_credMap.end(),cleanup_pair<const XMLCh*,PropertySet>());\r
+#endif\r
+\r
+ delete m_trust;\r
+ delete m_metadata;\r
+}\r
+\r
+short XMLApplication::acceptNode(const DOMNode* node) const\r
+{\r
+ if (XMLHelper::isNodeNamed(node,samlconstants::SAML1_NS,AttributeDesignator::LOCAL_NAME))\r
+ return FILTER_REJECT;\r
+ else if (XMLHelper::isNodeNamed(node,samlconstants::SAML20_NS,opensaml::saml1::Attribute::LOCAL_NAME))\r
+ return FILTER_REJECT;\r
+ else if (XMLHelper::isNodeNamed(node,samlconstants::SAML1_NS,Audience::LOCAL_NAME))\r
+ return FILTER_REJECT;\r
+ const XMLCh* name=node->getLocalName();\r
+ if (XMLString::equals(name,_Application) ||\r
+ XMLString::equals(name,AssertionConsumerService::LOCAL_NAME) ||\r
+ XMLString::equals(name,SingleLogoutService::LOCAL_NAME) ||\r
+ XMLString::equals(name,DiagnosticService) ||\r
+ XMLString::equals(name,SessionInitiator) ||\r
+ XMLString::equals(name,AAPProvider) ||\r
+ XMLString::equals(name,CredentialUse) ||\r
+ XMLString::equals(name,RelyingParty) ||\r
+ XMLString::equals(name,_MetadataProvider) ||\r
+ XMLString::equals(name,TrustProvider))\r
+ return FILTER_REJECT;\r
+\r
+ return FILTER_ACCEPT;\r
+}\r
+\r
+pair<bool,bool> XMLApplication::getBool(const char* name, const char* ns) const\r
+{\r
+ pair<bool,bool> ret=DOMPropertySet::getBool(name,ns);\r
+ if (ret.first)\r
+ return ret;\r
+ return m_base ? m_base->getBool(name,ns) : ret;\r
+}\r
+\r
+pair<bool,const char*> XMLApplication::getString(const char* name, const char* ns) const\r
+{\r
+ pair<bool,const char*> ret=DOMPropertySet::getString(name,ns);\r
+ if (ret.first)\r
+ return ret;\r
+ return m_base ? m_base->getString(name,ns) : ret;\r
+}\r
+\r
+pair<bool,const XMLCh*> XMLApplication::getXMLString(const char* name, const char* ns) const\r
+{\r
+ pair<bool,const XMLCh*> ret=DOMPropertySet::getXMLString(name,ns);\r
+ if (ret.first)\r
+ return ret;\r
+ return m_base ? m_base->getXMLString(name,ns) : ret;\r
+}\r
+\r
+pair<bool,unsigned int> XMLApplication::getUnsignedInt(const char* name, const char* ns) const\r
+{\r
+ pair<bool,unsigned int> ret=DOMPropertySet::getUnsignedInt(name,ns);\r
+ if (ret.first)\r
+ return ret;\r
+ return m_base ? m_base->getUnsignedInt(name,ns) : ret;\r
+}\r
+\r
+pair<bool,int> XMLApplication::getInt(const char* name, const char* ns) const\r
+{\r
+ pair<bool,int> ret=DOMPropertySet::getInt(name,ns);\r
+ if (ret.first)\r
+ return ret;\r
+ return m_base ? m_base->getInt(name,ns) : ret;\r
+}\r
+\r
+const PropertySet* XMLApplication::getPropertySet(const char* name, const char* ns) const\r
+{\r
+ const PropertySet* ret=DOMPropertySet::getPropertySet(name,ns);\r
+ if (ret || !m_base)\r
+ return ret;\r
+ return m_base->getPropertySet(name,ns);\r
+}\r
+\r
+MetadataProvider* XMLApplication::getMetadataProvider() const\r
+{\r
+ return (!m_metadata && m_base) ? m_base->getMetadataProvider() : m_metadata;\r
+}\r
+\r
+TrustEngine* XMLApplication::getTrustEngine() const\r
+{\r
+ return (!m_trust && m_base) ? m_base->getTrustEngine() : m_trust;\r
+}\r
+\r
+const vector<const XMLCh*>& XMLApplication::getAudiences() const\r
+{\r
+ return (m_audiences.empty() && m_base) ? m_base->getAudiences() : m_audiences;\r
+}\r
+\r
+const PropertySet* XMLApplication::getCredentialUse(const EntityDescriptor* provider) const\r
+{\r
+ if (!m_credDefault && m_base)\r
+ return m_base->getCredentialUse(provider);\r
+ \r
+#ifdef HAVE_GOOD_STL\r
+ map<xmltooling::xstring,PropertySet*>::const_iterator i=m_credMap.find(provider->getEntityID());\r
+ if (i!=m_credMap.end())\r
+ return i->second;\r
+ const EntitiesDescriptor* group=dynamic_cast<const EntitiesDescriptor*>(provider->getParent());\r
+ while (group) {\r
+ if (group->getName()) {\r
+ i=m_credMap.find(group->getName());\r
+ if (i!=m_credMap.end())\r
+ return i->second;\r
+ }\r
+ group=dynamic_cast<const EntitiesDescriptor*>(group->getParent());\r
+ }\r
+#else\r
+ map<const XMLCh*,PropertySet*>::const_iterator i=m_credMap.begin();\r
+ for (; i!=m_credMap.end(); i++) {\r
+ if (XMLString::equals(i->first,provider->getId()))\r
+ return i->second;\r
+ const EntitiesDescriptor* group=dynamic_cast<const EntitiesDescriptor*>(provider->getParent());\r
+ while (group) {\r
+ if (XMLString::equals(i->first,group->getName()))\r
+ return i->second;\r
+ group=dynamic_cast<const EntitiesDescriptor*>(group->getParent());\r
+ }\r
+ }\r
+#endif\r
+ return m_credDefault;\r
+}\r
+\r
+const Handler* XMLApplication::getDefaultSessionInitiator() const\r
+{\r
+ if (m_sessionInitDefault) return m_sessionInitDefault;\r
+ return m_base ? m_base->getDefaultSessionInitiator() : NULL;\r
+}\r
+\r
+const Handler* XMLApplication::getSessionInitiatorById(const char* id) const\r
+{\r
+ map<string,const Handler*>::const_iterator i=m_sessionInitMap.find(id);\r
+ if (i!=m_sessionInitMap.end()) return i->second;\r
+ return m_base ? m_base->getSessionInitiatorById(id) : NULL;\r
+}\r
+\r
+const Handler* XMLApplication::getDefaultAssertionConsumerService() const\r
+{\r
+ if (m_acsDefault) return m_acsDefault;\r
+ return m_base ? m_base->getDefaultAssertionConsumerService() : NULL;\r
+}\r
+\r
+const Handler* XMLApplication::getAssertionConsumerServiceByIndex(unsigned short index) const\r
+{\r
+ map<unsigned int,const Handler*>::const_iterator i=m_acsIndexMap.find(index);\r
+ if (i!=m_acsIndexMap.end()) return i->second;\r
+ return m_base ? m_base->getAssertionConsumerServiceByIndex(index) : NULL;\r
+}\r
+\r
+const vector<const Handler*>& XMLApplication::getAssertionConsumerServicesByBinding(const XMLCh* binding) const\r
+{\r
+#ifdef HAVE_GOOD_STL\r
+ ACSBindingMap::const_iterator i=m_acsBindingMap.find(binding);\r
+#else\r
+ xmltooling::auto_ptr_char temp(binding);\r
+ ACSBindingMap::const_iterator i=m_acsBindingMap.find(temp.get());\r
+#endif\r
+ if (i!=m_acsBindingMap.end())\r
+ return i->second;\r
+ return m_base ? m_base->getAssertionConsumerServicesByBinding(binding) : g_noHandlers;\r
+}\r
+\r
+const Handler* XMLApplication::getHandler(const char* path) const\r
+{\r
+ string wrap(path);\r
+ map<string,const Handler*>::const_iterator i=m_handlerMap.find(wrap.substr(0,wrap.find('?')));\r
+ if (i!=m_handlerMap.end())\r
+ return i->second;\r
+ return m_base ? m_base->getHandler(path) : NULL;\r
+}\r
+\r
+short XMLConfigImpl::acceptNode(const DOMNode* node) const\r
+{\r
+ if (!XMLString::equals(node->getNamespaceURI(),shibspconstants::SHIB1SPCONFIG_NS) &&\r
+ !XMLString::equals(node->getNamespaceURI(),shibspconstants::SHIB2SPCONFIG_NS))\r
+ return FILTER_ACCEPT;\r
+ const XMLCh* name=node->getLocalName();\r
+ if (XMLString::equals(name,Applications) ||\r
+ XMLString::equals(name,AttributeFactory) ||\r
+ XMLString::equals(name,Credentials) ||\r
+ XMLString::equals(name,CredentialsProvider) ||\r
+ XMLString::equals(name,Extensions::LOCAL_NAME) ||\r
+ XMLString::equals(name,Implementation) ||\r
+ XMLString::equals(name,Listener) ||\r
+ XMLString::equals(name,MemoryListener) ||\r
+ XMLString::equals(name,MemorySessionCache) ||\r
+ XMLString::equals(name,RequestMapProvider) ||\r
+ XMLString::equals(name,_ReplayCache) ||\r
+ XMLString::equals(name,_SessionCache) ||\r
+ XMLString::equals(name,_StorageService) ||\r
+ XMLString::equals(name,TCPListener) ||\r
+ XMLString::equals(name,UnixListener))\r
+ return FILTER_REJECT;\r
+\r
+ return FILTER_ACCEPT;\r
+}\r
+\r
+void XMLConfigImpl::doExtensions(const DOMElement* e, const char* label, Category& log)\r
+{\r
+ const DOMElement* exts=XMLHelper::getFirstChildElement(e,Extensions::LOCAL_NAME);\r
+ if (exts) {\r
+ exts=XMLHelper::getFirstChildElement(exts,Library);\r
+ while (exts) {\r
+ xmltooling::auto_ptr_char path(exts->getAttributeNS(NULL,_path));\r
+ try {\r
+ if (path.get()) {\r
+ XMLToolingConfig::getConfig().load_library(path.get(),(void*)exts);\r
+ log.debug("loaded %s extension library (%s)", label, path.get());\r
+ }\r
+ }\r
+ catch (exception& e) {\r
+ const XMLCh* fatal=exts->getAttributeNS(NULL,fatal);\r
+ if (fatal && (*fatal==chLatin_t || *fatal==chDigit_1)) {\r
+ log.fatal("unable to load mandatory %s extension library %s: %s", label, path.get(), e.what());\r
+ throw;\r
+ }\r
+ else {\r
+ log.crit("unable to load optional %s extension library %s: %s", label, path.get(), e.what());\r
+ }\r
+ }\r
+ exts=XMLHelper::getNextSiblingElement(exts,Library);\r
+ }\r
+ }\r
+}\r
+\r
+XMLConfigImpl::XMLConfigImpl(const DOMElement* e, bool first, const XMLConfig* outer) : m_outer(outer), m_document(NULL), m_requestMapper(NULL)\r
+{\r
+#ifdef _DEBUG\r
+ xmltooling::NDC ndc("XMLConfigImpl");\r
+#endif\r
+ Category& log=Category::getInstance(SHIBSP_LOGCAT".Config");\r
+\r
+ try {\r
+ SPConfig& conf=SPConfig::getConfig();\r
+ XMLToolingConfig& xmlConf=XMLToolingConfig::getConfig();\r
+ const DOMElement* SHAR=XMLHelper::getFirstChildElement(e,OutOfProcess);\r
+ if (!SHAR)\r
+ SHAR=XMLHelper::getFirstChildElement(e,Global);\r
+ const DOMElement* SHIRE=XMLHelper::getFirstChildElement(e,InProcess);\r
+ if (!SHIRE)\r
+ SHIRE=XMLHelper::getFirstChildElement(e,Local);\r
+\r
+ // Initialize log4cpp manually in order to redirect log messages as soon as possible.\r
+ if (conf.isEnabled(SPConfig::Logging)) {\r
+ const XMLCh* logconf=NULL;\r
+ if (conf.isEnabled(SPConfig::OutOfProcess))\r
+ logconf=SHAR->getAttributeNS(NULL,logger);\r
+ else if (conf.isEnabled(SPConfig::InProcess))\r
+ logconf=SHIRE->getAttributeNS(NULL,logger);\r
+ if (!logconf || !*logconf)\r
+ logconf=e->getAttributeNS(NULL,logger);\r
+ if (logconf && *logconf) {\r
+ xmltooling::auto_ptr_char logpath(logconf);\r
+ log.debug("loading new logging configuration from (%s), check log destination for status of configuration",logpath.get());\r
+ XMLToolingConfig::getConfig().log_config(logpath.get());\r
+ }\r
+ \r
+ if (first)\r
+ m_outer->m_tranLog = new TransactionLog();\r
+ }\r
+ \r
+ // First load any property sets.\r
+ map<string,string> root_remap;\r
+ root_remap["Global"]="OutOfProcess";\r
+ root_remap["Local"]="InProcess";\r
+ load(e,log,this,&root_remap);\r
+\r
+ const DOMElement* child;\r
+ string plugtype;\r
+\r
+ // Much of the processing can only occur on the first instantiation.\r
+ if (first) {\r
+ // Set clock skew.\r
+ pair<bool,unsigned int> skew=getUnsignedInt("clockSkew");\r
+ if (skew.first)\r
+ xmlConf.clock_skew_secs=skew.second;\r
+\r
+ // Extensions\r
+ doExtensions(e, "global", log);\r
+ if (conf.isEnabled(SPConfig::OutOfProcess))\r
+ doExtensions(SHAR, "out of process", log);\r
+\r
+ if (conf.isEnabled(SPConfig::InProcess))\r
+ doExtensions(SHIRE, "in process", log);\r
+ \r
+ // Instantiate the ListenerService and SessionCache objects.\r
+ if (conf.isEnabled(SPConfig::Listener)) {\r
+ child=XMLHelper::getFirstChildElement(SHAR,UnixListener);\r
+ if (child)\r
+ plugtype=UNIX_LISTENER_SERVICE;\r
+ else {\r
+ child=XMLHelper::getFirstChildElement(SHAR,TCPListener);\r
+ if (child)\r
+ plugtype=TCP_LISTENER_SERVICE;\r
+ else {\r
+ child=XMLHelper::getFirstChildElement(SHAR,MemoryListener);\r
+ if (child)\r
+ plugtype=MEMORY_LISTENER_SERVICE;\r
+ else {\r
+ child=XMLHelper::getFirstChildElement(SHAR,Listener);\r
+ if (child) {\r
+ xmltooling::auto_ptr_char type(child->getAttributeNS(NULL,_type));\r
+ if (type.get())\r
+ plugtype=type.get();\r
+ }\r
+ }\r
+ }\r
+ }\r
+ if (child) {\r
+ log.info("building ListenerService of type %s...", plugtype.c_str());\r
+ m_outer->m_listener = conf.ListenerServiceManager.newPlugin(plugtype.c_str(),child);\r
+ }\r
+ else {\r
+ log.fatal("can't build ListenerService, missing conf:Listener element?");\r
+ throw ConfigurationException("Can't build ListenerService, missing conf:Listener element?");\r
+ }\r
+ }\r
+\r
+ if (conf.isEnabled(SPConfig::Caching)) {\r
+ // TODO: This code's a mess, due to a very bad config layout for the caches...\r
+ // Needs rework with the new config file.\r
+ const DOMElement* container=conf.isEnabled(SPConfig::OutOfProcess) ? SHAR : SHIRE;\r
+\r
+ // First build any StorageServices.\r
+ string inmemID;\r
+ child=XMLHelper::getFirstChildElement(container,_StorageService);\r
+ while (child) {\r
+ xmltooling::auto_ptr_char id(child->getAttributeNS(NULL,Id));\r
+ xmltooling::auto_ptr_char type(child->getAttributeNS(NULL,_type));\r
+ if (id.get() && type.get()) {\r
+ try {\r
+ log.info("building StorageService (%s) of type %s...", id.get(), type.get());\r
+ m_outer->m_storage[id.get()] = xmlConf.StorageServiceManager.newPlugin(type.get(),child);\r
+ if (!strcmp(type.get(),MEMORY_STORAGE_SERVICE))\r
+ inmemID = id.get();\r
+ }\r
+ catch (exception& ex) {\r
+ log.crit("failed to instantiate StorageService (%s): %s", id.get(), ex.what());\r
+ }\r
+ }\r
+ child=XMLHelper::getNextSiblingElement(container,_StorageService);\r
+ }\r
+ \r
+ child=XMLHelper::getFirstChildElement(container,_SessionCache);\r
+ if (child) {\r
+ xmltooling::auto_ptr_char type(child->getAttributeNS(NULL,_type));\r
+ log.info("building Session Cache of type %s...",type.get());\r
+ m_outer->m_sessionCache=conf.SessionCacheManager.newPlugin(type.get(),child);\r
+ }\r
+ else if (conf.isEnabled(SPConfig::OutOfProcess)) {\r
+ log.warn("custom SessionCache unspecified or no longer supported, building SessionCache of type %s...",STORAGESERVICE_SESSION_CACHE);\r
+ if (inmemID.empty()) {\r
+ inmemID = "memory";\r
+ log.info("no StorageServices configured, providing in-memory version for legacy config");\r
+ m_outer->m_storage[inmemID] = xmlConf.StorageServiceManager.newPlugin(MEMORY_STORAGE_SERVICE,NULL);\r
+ }\r
+ child = container->getOwnerDocument()->createElementNS(NULL,_SessionCache);\r
+ xmltooling::auto_ptr_XMLCh ssid(inmemID.c_str());\r
+ const_cast<DOMElement*>(child)->setAttributeNS(NULL,_StorageService,ssid.get());\r
+ m_outer->m_sessionCache=conf.SessionCacheManager.newPlugin(STORAGESERVICE_SESSION_CACHE,child);\r
+ }\r
+ else {\r
+ log.warn("custom SessionCache unspecified or no longer supported, building SessionCache of type %s...",REMOTED_SESSION_CACHE);\r
+ m_outer->m_sessionCache=conf.SessionCacheManager.newPlugin(REMOTED_SESSION_CACHE,NULL);\r
+ }\r
+ \r
+ // Replay cache.\r
+ StorageService* replaySS=NULL;\r
+ child=XMLHelper::getFirstChildElement(container,_ReplayCache);\r
+ if (child) {\r
+ xmltooling::auto_ptr_char ssid(child->getAttributeNS(NULL,_StorageService));\r
+ if (ssid.get() && *ssid.get()) {\r
+ replaySS = m_outer->m_storage[ssid.get()];\r
+ if (replaySS)\r
+ log.info("building ReplayCache on top of StorageService (%s)...", ssid.get());\r
+ else\r
+ log.crit("unable to locate StorageService (%s) in configuration", ssid.get());\r
+ }\r
+ }\r
+ if (!replaySS) {\r
+ log.info("building ReplayCache using in-memory StorageService...");\r
+ if (inmemID.empty()) {\r
+ inmemID = "memory";\r
+ log.info("no StorageServices configured, providing in-memory version for legacy config");\r
+ m_outer->m_storage[inmemID] = xmlConf.StorageServiceManager.newPlugin(MEMORY_STORAGE_SERVICE,NULL);\r
+ }\r
+ replaySS = m_outer->m_storage[inmemID];\r
+ }\r
+ xmlConf.setReplayCache(new ReplayCache(replaySS));\r
+ }\r
+ } // end of first-time-only stuff\r
+ \r
+ // Back to the fully dynamic stuff...next up is the RequestMapper.\r
+ if (conf.isEnabled(SPConfig::RequestMapping)) {\r
+ child=XMLHelper::getFirstChildElement(SHIRE,RequestMapProvider);\r
+ if (child) {\r
+ xmltooling::auto_ptr_char type(child->getAttributeNS(NULL,_type));\r
+ log.info("building RequestMapper of type %s...",type.get());\r
+ m_requestMapper=conf.RequestMapperManager.newPlugin(type.get(),child);\r
+ }\r
+ else {\r
+ log.fatal("can't build RequestMapper, missing conf:RequestMapProvider element?");\r
+ throw ConfigurationException("can't build RequestMapper, missing conf:RequestMapProvider element?");\r
+ }\r
+ }\r
+ \r
+ // Now we load the credentials map.\r
+ if (conf.isEnabled(SPConfig::Credentials)) {\r
+ // Old format was to wrap it in a CredentialsProvider plugin, we're inlining that...\r
+ child = XMLHelper::getFirstChildElement(e,CredentialsProvider);\r
+ child = XMLHelper::getFirstChildElement(child ? child : e,Credentials);\r
+ if (child) {\r
+ // Step down and process resolvers.\r
+ child=XMLHelper::getFirstChildElement(child);\r
+ while (child) {\r
+ xmltooling::auto_ptr_char id(child->getAttributeNS(NULL,Id));\r
+ if (!id.get() || !*(id.get())) {\r
+ log.warn("skipping CredentialsResolver with no Id attribute");\r
+ child = XMLHelper::getNextSiblingElement(child);\r
+ continue;\r
+ }\r
+ \r
+ if (XMLString::equals(child->getLocalName(),FileResolver))\r
+ plugtype=FILESYSTEM_CREDENTIAL_RESOLVER;\r
+ else {\r
+ xmltooling::auto_ptr_char c(child->getAttributeNS(NULL,_type));\r
+ plugtype=c.get();\r
+ }\r
+ \r
+ if (!plugtype.empty()) {\r
+ try {\r
+ CredentialResolver* cr=\r
+ XMLToolingConfig::getConfig().CredentialResolverManager.newPlugin(plugtype.c_str(),child);\r
+ m_credResolverMap[id.get()] = cr;\r
+ }\r
+ catch (exception& ex) {\r
+ log.crit("failed to instantiate CredentialResolver (%s): %s", id.get(), ex.what());\r
+ }\r
+ }\r
+ else {\r
+ log.error("unknown type of CredentialResolver with Id (%s)", id.get());\r
+ }\r
+ \r
+ child = XMLHelper::getNextSiblingElement(child);\r
+ }\r
+ }\r
+ }\r
+\r
+ // Load the default application. This actually has a fixed ID of "default". ;-)\r
+ child=XMLHelper::getFirstChildElement(e,Applications);\r
+ if (!child) {\r
+ log.fatal("can't build default Application object, missing conf:Applications element?");\r
+ throw ConfigurationException("can't build default Application object, missing conf:Applications element?");\r
+ }\r
+ XMLApplication* defapp=new XMLApplication(m_outer,child);\r
+ m_appmap[defapp->getId()]=defapp;\r
+ \r
+ // Load any overrides.\r
+ child = XMLHelper::getFirstChildElement(child,_Application);\r
+ while (child) {\r
+ auto_ptr<XMLApplication> iapp(new XMLApplication(m_outer,child,defapp));\r
+ if (m_appmap.find(iapp->getId())!=m_appmap.end())\r
+ log.crit("found conf:Application element with duplicate Id attribute (%s), skipping it", iapp->getId());\r
+ else\r
+ m_appmap[iapp->getId()]=iapp.release();\r
+\r
+ child = XMLHelper::getNextSiblingElement(child,_Application);\r
+ }\r
+ }\r
+ catch (exception&) {\r
+ this->~XMLConfigImpl();\r
+ throw;\r
+ }\r
+#ifndef _DEBUG\r
+ catch (...) {\r
+ this->~XMLConfigImpl();\r
+ throw;\r
+ }\r
+#endif\r
+}\r
+\r
+XMLConfigImpl::~XMLConfigImpl()\r
+{\r
+ for_each(m_appmap.begin(),m_appmap.end(),cleanup_pair<string,Application>());\r
+ for_each(m_credResolverMap.begin(),m_credResolverMap.end(),cleanup_pair<string,CredentialResolver>());\r
+ delete m_requestMapper;\r
+ if (m_document)\r
+ m_document->release();\r
+}\r
+\r
+pair<bool,DOMElement*> XMLConfig::load()\r
+{\r
+ // Load from source using base class.\r
+ pair<bool,DOMElement*> raw = ReloadableXMLFile::load();\r
+ \r
+ // If we own it, wrap it.\r
+ XercesJanitor<DOMDocument> docjanitor(raw.first ? raw.second->getOwnerDocument() : NULL);\r
+\r
+ XMLConfigImpl* impl = new XMLConfigImpl(raw.second,(m_impl==NULL),this);\r
+ \r
+ // If we held the document, transfer it to the impl. If we didn't, it's a no-op.\r
+ impl->setDocument(docjanitor.release());\r
+\r
+ delete m_impl;\r
+ m_impl = impl;\r
+\r
+ return make_pair(false,(DOMElement*)NULL);\r
+}\r