From f5d5edeafe98f6322238730ff34ef86dc5220e04 Mon Sep 17 00:00:00 2001 From: Scott Cantor Date: Sat, 19 May 2007 18:11:17 +0000 Subject: [PATCH] New -lite library and elimination of SAML libraries from modules. --- .cdtproject | 3 +- Shibboleth.sln | 20 +- apache/mod_apache.cpp | 7 +- apache/mod_shib13.vcproj | 16 +- apache/mod_shib20.vcproj | 16 +- apache/mod_shib22.vcproj | 16 +- config_win32.h | 6 - isapi_shib/isapi_shib.cpp | 21 +- isapi_shib/isapi_shib.vcproj | 16 +- nsapi_shib/nsapi_shib.cpp | 4 +- nsapi_shib/nsapi_shib.vcproj | 16 +- shibsp/.gitignore | 1 + shibsp/AbstractSPRequest.cpp | 1 - shibsp/AbstractSPRequest.h | 16 +- shibsp/Application.h | 46 +- shibsp/SPConfig.cpp | 71 ++- shibsp/SPConfig.h | 43 +- shibsp/SPRequest.h | 6 +- shibsp/ServiceProvider.cpp | 20 +- shibsp/ServiceProvider.h | 12 +- shibsp/SessionCache.cpp | 15 +- shibsp/SessionCache.h | 35 +- shibsp/attribute/Attribute.cpp | 26 +- shibsp/attribute/resolver/AttributeExtractor.h | 12 +- shibsp/attribute/resolver/AttributeResolver.h | 11 +- .../resolver/impl/ChainingAttributeResolver.cpp | 5 - .../resolver/impl/QueryAttributeResolver.cpp | 4 - .../resolver/impl/XMLAttributeExtractor.cpp | 9 +- shibsp/base.h | 7 +- shibsp/exceptions.h | 19 +- shibsp/handler/AbstractHandler.h | 13 +- shibsp/handler/AssertionConsumerService.h | 42 +- shibsp/handler/Handler.h | 6 - shibsp/handler/RemotedHandler.h | 8 +- shibsp/handler/impl/AbstractHandler.cpp | 23 +- shibsp/handler/impl/AssertionConsumerService.cpp | 37 +- shibsp/handler/impl/RemotedHandler.cpp | 42 +- shibsp/handler/impl/SAML1Consumer.cpp | 49 +- shibsp/handler/impl/SAML2Consumer.cpp | 40 +- shibsp/handler/impl/SAML2SessionInitiator.cpp | 32 +- shibsp/handler/impl/Shib1SessionInitiator.cpp | 21 +- shibsp/handler/impl/WAYFSessionInitiator.cpp | 1 + shibsp/impl/RemotedSessionCache.cpp | 251 +--------- shibsp/impl/XMLServiceProvider.cpp | 139 ++++-- shibsp/lite/CGIParser.cpp | 124 +++++ shibsp/lite/CGIParser.h | 77 +++ shibsp/lite/CommonDomainCookie.cpp | 100 ++++ shibsp/lite/CommonDomainCookie.h | 82 ++++ shibsp/lite/SAMLConstants.cpp | 203 ++++++++ shibsp/lite/SAMLConstants.h | 154 ++++++ shibsp/shibsp-lite.vcproj | 526 +++++++++++++++++++++ shibsp/shibsp.vcproj | 9 +- shibsp/util/SPConstants.h | 6 +- 53 files changed, 1883 insertions(+), 602 deletions(-) create mode 100644 shibsp/lite/CGIParser.cpp create mode 100644 shibsp/lite/CGIParser.h create mode 100644 shibsp/lite/CommonDomainCookie.cpp create mode 100644 shibsp/lite/CommonDomainCookie.h create mode 100644 shibsp/lite/SAMLConstants.cpp create mode 100644 shibsp/lite/SAMLConstants.h create mode 100644 shibsp/shibsp-lite.vcproj diff --git a/.cdtproject b/.cdtproject index 78aae40..0a68048 100644 --- a/.cdtproject +++ b/.cdtproject @@ -8,7 +8,7 @@ - + @@ -19,6 +19,7 @@ + diff --git a/Shibboleth.sln b/Shibboleth.sln index 29142ba..ce1151c 100644 --- a/Shibboleth.sln +++ b/Shibboleth.sln @@ -6,7 +6,7 @@ Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "isapi_shib", "isapi_shib\is Release.AspNetCompiler.Debug = "False" EndProjectSection ProjectSection(ProjectDependencies) = postProject - {81F0F7A6-DC36-46EF-957F-F9E81D4403F6} = {81F0F7A6-DC36-46EF-957F-F9E81D4403F6} + {81F0F7A6-DC36-46EF-957F-F9E81D4403F7} = {81F0F7A6-DC36-46EF-957F-F9E81D4403F7} EndProjectSection EndProject Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "isapi_shib_gui", "isapi_shib_gui\isapi_shib_gui.vcproj", "{D341DCD8-7DCD-43A2-8559-C07DAB838711}" @@ -21,7 +21,7 @@ Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "mod_shib13", "apache\mod_sh Release.AspNetCompiler.Debug = "False" EndProjectSection ProjectSection(ProjectDependencies) = postProject - {81F0F7A6-DC36-46EF-957F-F9E81D4403F6} = {81F0F7A6-DC36-46EF-957F-F9E81D4403F6} + {81F0F7A6-DC36-46EF-957F-F9E81D4403F7} = {81F0F7A6-DC36-46EF-957F-F9E81D4403F7} EndProjectSection EndProject Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "mod_shib20", "apache\mod_shib20.vcproj", "{68E9568B-476C-4289-B93C-893432378ADC}" @@ -30,7 +30,7 @@ Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "mod_shib20", "apache\mod_sh Release.AspNetCompiler.Debug = "False" EndProjectSection ProjectSection(ProjectDependencies) = postProject - {81F0F7A6-DC36-46EF-957F-F9E81D4403F6} = {81F0F7A6-DC36-46EF-957F-F9E81D4403F6} + {81F0F7A6-DC36-46EF-957F-F9E81D4403F7} = {81F0F7A6-DC36-46EF-957F-F9E81D4403F7} EndProjectSection EndProject Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "nsapi_shib", "nsapi_shib\nsapi_shib.vcproj", "{1396D80A-8672-4224-9B02-95F3F4207CDB}" @@ -39,7 +39,7 @@ Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "nsapi_shib", "nsapi_shib\ns Release.AspNetCompiler.Debug = "False" EndProjectSection ProjectSection(ProjectDependencies) = postProject - {81F0F7A6-DC36-46EF-957F-F9E81D4403F6} = {81F0F7A6-DC36-46EF-957F-F9E81D4403F6} + {81F0F7A6-DC36-46EF-957F-F9E81D4403F7} = {81F0F7A6-DC36-46EF-957F-F9E81D4403F7} EndProjectSection EndProject Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "siterefresh", "siterefresh\siterefresh.vcproj", "{4D02F36E-D2CD-4FD1-AC50-2941E27BB3FB}" @@ -54,7 +54,7 @@ Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "mod_shib22", "apache\mod_sh Release.AspNetCompiler.Debug = "False" EndProjectSection ProjectSection(ProjectDependencies) = postProject - {81F0F7A6-DC36-46EF-957F-F9E81D4403F6} = {81F0F7A6-DC36-46EF-957F-F9E81D4403F6} + {81F0F7A6-DC36-46EF-957F-F9E81D4403F7} = {81F0F7A6-DC36-46EF-957F-F9E81D4403F7} EndProjectSection EndProject Project("{2150E333-8FDC-42A3-9474-1A3956D46DE8}") = "Server Modules", "Server Modules", "{26BA8F84-6E42-41FA-9B13-5D3F4B5B2050}" @@ -105,6 +105,12 @@ Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "samlquery", "util\samlquery {81F0F7A6-DC36-46EF-957F-F9E81D4403F6} = {81F0F7A6-DC36-46EF-957F-F9E81D4403F6} EndProjectSection EndProject +Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "shibsp-lite", "shibsp\shibsp-lite.vcproj", "{81F0F7A6-DC36-46EF-957F-F9E81D4403F7}" + ProjectSection(WebsiteProperties) = preProject + Debug.AspNetCompiler.Debug = "True" + Release.AspNetCompiler.Debug = "False" + EndProjectSection +EndProject Global GlobalSection(SolutionConfigurationPlatforms) = preSolution Debug|Win32 = Debug|Win32 @@ -155,6 +161,10 @@ Global {F13141B6-6C87-40BB-8D4E-5CC56EBB4C59}.Debug|Win32.Build.0 = Debug|Win32 {F13141B6-6C87-40BB-8D4E-5CC56EBB4C59}.Release|Win32.ActiveCfg = Release|Win32 {F13141B6-6C87-40BB-8D4E-5CC56EBB4C59}.Release|Win32.Build.0 = Release|Win32 + {81F0F7A6-DC36-46EF-957F-F9E81D4403F7}.Debug|Win32.ActiveCfg = Debug|Win32 + {81F0F7A6-DC36-46EF-957F-F9E81D4403F7}.Debug|Win32.Build.0 = Debug|Win32 + {81F0F7A6-DC36-46EF-957F-F9E81D4403F7}.Release|Win32.ActiveCfg = Release|Win32 + {81F0F7A6-DC36-46EF-957F-F9E81D4403F7}.Release|Win32.Build.0 = Release|Win32 EndGlobalSection GlobalSection(SolutionProperties) = preSolution HideSolutionNode = FALSE diff --git a/apache/mod_apache.cpp b/apache/mod_apache.cpp index f8e214c..aac8ac4 100644 --- a/apache/mod_apache.cpp +++ b/apache/mod_apache.cpp @@ -44,6 +44,7 @@ #include #include #include +#include #include #ifdef WIN32 @@ -268,7 +269,7 @@ class ShibTargetApache : public AbstractSPRequest { mutable string m_body; mutable bool m_gotBody; - vector m_certs; + vector m_certs; public: request_rec* m_req; @@ -417,13 +418,13 @@ public: in.read(buf,1024); ap_rwrite(buf,in.gcount(),m_req); } - return ((status==SAML_HTTP_STATUS_OK) ? DONE : status); + return ((status==XMLTOOLING_HTTP_STATUS_OK) ? DONE : status); } long sendRedirect(const char* url) { ap_table_set(m_req->headers_out, "Location", url); return REDIRECT; } - const vector& getClientCertificates() const { + const vector& getClientCertificates() const { return m_certs; } long returnDecline(void) { return DECLINED; } diff --git a/apache/mod_shib13.vcproj b/apache/mod_shib13.vcproj index 98aa049..9eb86d2 100644 --- a/apache/mod_shib13.vcproj +++ b/apache/mod_shib13.vcproj @@ -48,8 +48,8 @@ Name="VCCLCompilerTool" Optimization="2" InlineFunctionExpansion="1" - AdditionalIncludeDirectories="..;"..\..\cpp-opensaml1";\Apache\include;"..\..\cpp-opensaml2";"..\..\cpp-xmltooling"" - PreprocessorDefinitions="WIN32;NDEBUG;_WINDOWS;EAPI" + AdditionalIncludeDirectories="..;\Apache\include;"..\..\cpp-xmltooling"" + PreprocessorDefinitions="WIN32;NDEBUG;_WINDOWS;EAPI;SHIBSP_LITE" StringPooling="true" RuntimeLibrary="2" EnableFunctionLevelLinking="true" @@ -76,11 +76,11 @@ /> header file. */ /* #undef HAVE_UNISTD_H */ -/* Define if RPC SVC macros work on this platform */ -#define HAVE_WORKING_SVC_DESTROY 1 - /* Name of package */ #define PACKAGE "shibboleth" @@ -125,9 +122,6 @@ /* Define to 1 if your declares `struct tm'. */ /* #undef TM_IN_SYS_TIME */ -/* Define if using embedded version of ONC RPC. */ -#define USE_OUR_ONCRPC 1 - /* Version number of package */ #define VERSION "2.0" diff --git a/isapi_shib/isapi_shib.cpp b/isapi_shib/isapi_shib.cpp index 49f62b4..55ab971 100644 --- a/isapi_shib/isapi_shib.cpp +++ b/isapi_shib/isapi_shib.cpp @@ -40,6 +40,7 @@ #include #include +#include #include #include @@ -338,7 +339,7 @@ class ShibTargetIsapiF : public AbstractSPRequest PHTTP_FILTER_CONTEXT m_pfc; PHTTP_FILTER_PREPROC_HEADERS m_pn; map m_headers; - vector m_certs; + vector m_certs; int m_port; string m_scheme,m_hostname,m_uri; mutable string m_remote_addr,m_content_type,m_method; @@ -464,9 +465,9 @@ public: hdr += "\r\n"; const char* codestr="200 OK"; switch (status) { - case SAML_HTTP_STATUS_FORBIDDEN:codestr="403 Forbidden"; break; - case SAML_HTTP_STATUS_NOTFOUND: codestr="404 Not Found"; break; - case SAML_HTTP_STATUS_ERROR: codestr="500 Server Error"; break; + case XMLTOOLING_HTTP_STATUS_FORBIDDEN:codestr="403 Forbidden"; break; + case XMLTOOLING_HTTP_STATUS_NOTFOUND: codestr="404 Not Found"; break; + case XMLTOOLING_HTTP_STATUS_ERROR: codestr="500 Server Error"; break; } m_pfc->ServerSupportFunction(m_pfc, SF_REQ_SEND_RESPONSE_HEADER, (void*)codestr, (DWORD)hdr.c_str(), 0); char buf[1024]; @@ -500,7 +501,7 @@ public: return SF_STATUS_REQ_NEXT_NOTIFICATION; } - const vector& getClientCertificates() const { + const vector& getClientCertificates() const { return m_certs; } @@ -614,7 +615,7 @@ class ShibTargetIsapiE : public AbstractSPRequest { LPEXTENSION_CONTROL_BLOCK m_lpECB; map m_headers; - vector m_certs; + vector m_certs; mutable string m_body; mutable bool m_gotBody; int m_port; @@ -782,9 +783,9 @@ public: hdr += "\r\n"; const char* codestr="200 OK"; switch (status) { - case SAML_HTTP_STATUS_FORBIDDEN:codestr="403 Forbidden"; break; - case SAML_HTTP_STATUS_NOTFOUND: codestr="404 Not Found"; break; - case SAML_HTTP_STATUS_ERROR: codestr="500 Server Error"; break; + case XMLTOOLING_HTTP_STATUS_FORBIDDEN:codestr="403 Forbidden"; break; + case XMLTOOLING_HTTP_STATUS_NOTFOUND: codestr="404 Not Found"; break; + case XMLTOOLING_HTTP_STATUS_ERROR: codestr="500 Server Error"; break; } m_lpECB->ServerSupportFunction(m_lpECB->ConnID, HSE_REQ_SEND_RESPONSE_HEADER, (void*)codestr, 0, (LPDWORD)hdr.c_str()); char buf[1024]; @@ -823,7 +824,7 @@ public: return HSE_STATUS_SUCCESS; } - const vector& getClientCertificates() const { + const vector& getClientCertificates() const { return m_certs; } diff --git a/isapi_shib/isapi_shib.vcproj b/isapi_shib/isapi_shib.vcproj index 93fad1b..c482b38 100644 --- a/isapi_shib/isapi_shib.vcproj +++ b/isapi_shib/isapi_shib.vcproj @@ -48,8 +48,8 @@ Name="VCCLCompilerTool" Optimization="2" InlineFunctionExpansion="1" - AdditionalIncludeDirectories=".,..,..\..\cpp-opensaml1;"..\..\cpp-opensaml2";"..\..\cpp-xmltooling"" - PreprocessorDefinitions="NDEBUG;WIN32;_WINDOWS" + AdditionalIncludeDirectories=".;..;"..\..\cpp-xmltooling"" + PreprocessorDefinitions="NDEBUG;WIN32;_WINDOWS;SHIBSP_LITE;WIN32_LEAN_AND_MEAN" StringPooling="true" RuntimeLibrary="2" EnableFunctionLevelLinking="true" @@ -78,11 +78,11 @@ m_certs; + vector m_certs; public: ShibTargetNSAPI(pblock* pb, ::Session* sn, Request* rq) : m_gotBody(false) { @@ -341,7 +341,7 @@ public: } long returnDecline() { return REQ_NOACTION; } long returnOK() { return REQ_PROCEED; } - const vector& getClientCertificates() const { + const vector& getClientCertificates() const { return m_certs; } diff --git a/nsapi_shib/nsapi_shib.vcproj b/nsapi_shib/nsapi_shib.vcproj index fadcaeb..c51d4ef 100644 --- a/nsapi_shib/nsapi_shib.vcproj +++ b/nsapi_shib/nsapi_shib.vcproj @@ -48,8 +48,8 @@ Name="VCCLCompilerTool" Optimization="2" InlineFunctionExpansion="1" - AdditionalIncludeDirectories=".;..;"..\..\cpp-opensaml1";"..\..\cpp-opensaml2";"..\..\cpp-xmltooling"" - PreprocessorDefinitions="NDEBUG;_WINDOWS;WIN32" + AdditionalIncludeDirectories=".;..;"..\..\cpp-xmltooling"" + PreprocessorDefinitions="NDEBUG;_WINDOWS;WIN32;SHIBSP_LITE" StringPooling="true" RuntimeLibrary="2" EnableFunctionLevelLinking="true" @@ -76,11 +76,11 @@ /> -#include using namespace shibsp; using namespace opensaml; diff --git a/shibsp/AbstractSPRequest.h b/shibsp/AbstractSPRequest.h index ad3c269..c05ccbd 100644 --- a/shibsp/AbstractSPRequest.h +++ b/shibsp/AbstractSPRequest.h @@ -25,10 +25,19 @@ #include #include -#include +#ifndef SHIBSP_LITE +# include +#else +# include +#endif namespace shibsp { +#if defined (_MSC_VER) + #pragma warning( push ) + #pragma warning( disable : 4251 ) +#endif + /** * Abstract base for SPRequest implementations */ @@ -77,6 +86,11 @@ namespace shibsp { mutable std::map m_cookieMap; mutable opensaml::CGIParser* m_parser; }; + +#if defined (_MSC_VER) + #pragma warning( pop ) +#endif + }; #endif /* __shibsp_abstreq_h__ */ diff --git a/shibsp/Application.h b/shibsp/Application.h index 28e970c..2b38de0 100644 --- a/shibsp/Application.h +++ b/shibsp/Application.h @@ -24,15 +24,21 @@ #define __shibsp_app_h__ #include -#include -#include -#include + +#include +#ifndef SHIBSP_LITE +# include +# include +# include +#endif namespace shibsp { +#ifndef SHIBSP_LITE class SHIBSP_API AttributeExtractor; class SHIBSP_API AttributeFilter; class SHIBSP_API AttributeResolver; +#endif class SHIBSP_API Handler; class SHIBSP_API ServiceProvider; class SHIBSP_API SessionInitiator; @@ -68,7 +74,7 @@ namespace shibsp { /** * Returns a unique hash for the Application. * - * @return a value resulting from a hash of the Application's ID + * @return a value resulting from a computation over the Application's configuration */ virtual const char* getHash() const=0; @@ -80,6 +86,7 @@ namespace shibsp { */ virtual std::pair getCookieNameProps(const char* prefix) const; +#ifndef SHIBSP_LITE /** * Returns a MetadataProvider for use with this Application. * @@ -117,14 +124,6 @@ namespace shibsp { */ virtual AttributeResolver* getAttributeResolver() const=0; - /** - * Returns a set of attribute IDs to use as a REMOTE_USER value. - *

The first attribute with a value (and only a single value) will be used. - * - * @return a set of attribute IDs, or an empty set - */ - virtual const std::set& getRemoteUserAttributeIds() const=0; - /** * Returns the CredentialResolver instance associated with this Application. * @@ -141,6 +140,22 @@ namespace shibsp { virtual const PropertySet* getRelyingParty(const opensaml::saml2md::EntityDescriptor* provider) const=0; /** + * Returns the set of audience values associated with this Application. + * + * @return set of audience values associated with the Application + */ + virtual const std::vector& getAudiences() const=0; +#endif + + /** + * Returns a set of attribute IDs to use as a REMOTE_USER value. + *

The first attribute with a value (and only a single value) will be used. + * + * @return a set of attribute IDs, or an empty set + */ + virtual const std::set& getRemoteUserAttributeIds() const=0; + + /** * Returns the default SessionInitiator when automatically requesting a session. * * @return the default SessionInitiator, or NULL @@ -189,13 +204,6 @@ namespace shibsp { * @return the mapped Handler, or NULL */ virtual const Handler* getHandler(const char* path) const=0; - - /** - * Returns the set of audience values associated with this Application. - * - * @return set of audience values associated with the Application - */ - virtual const std::vector& getAudiences() const=0; }; }; diff --git a/shibsp/SPConfig.cpp b/shibsp/SPConfig.cpp index ff26b4a..3df7a26 100644 --- a/shibsp/SPConfig.cpp +++ b/shibsp/SPConfig.cpp @@ -28,19 +28,25 @@ #include "ServiceProvider.h" #include "SessionCache.h" #include "SPConfig.h" -#include "attribute/AttributeDecoder.h" -#include "attribute/filtering/AttributeFilter.h" -#include "attribute/filtering/MatchFunctor.h" -#include "attribute/resolver/AttributeExtractor.h" -#include "attribute/resolver/AttributeResolver.h" -#include "binding/ArtifactResolver.h" +#include "attribute/Attribute.h" #include "handler/SessionInitiator.h" -#include "metadata/MetadataExt.h" #include "remoting/ListenerService.h" -#include "security/PKIXTrustEngine.h" + +#ifndef SHIBSP_LITE +# include "attribute/AttributeDecoder.h" +# include "attribute/filtering/AttributeFilter.h" +# include "attribute/filtering/MatchFunctor.h" +# include "attribute/resolver/AttributeExtractor.h" +# include "attribute/resolver/AttributeResolver.h" +# include "binding/ArtifactResolver.h" +# include "metadata/MetadataExt.h" +# include "security/PKIXTrustEngine.h" +# include +#else +# include +#endif #include -#include #include #include @@ -56,6 +62,14 @@ DECL_XMLTOOLING_EXCEPTION_FACTORY(AttributeResolutionException,shibsp); DECL_XMLTOOLING_EXCEPTION_FACTORY(ConfigurationException,shibsp); DECL_XMLTOOLING_EXCEPTION_FACTORY(ListenerException,shibsp); +#ifdef SHIBSP_LITE +DECL_XMLTOOLING_EXCEPTION_FACTORY(MetadataException,opensaml::saml2md); +DECL_XMLTOOLING_EXCEPTION_FACTORY(SecurityPolicyException,opensaml); +DECL_XMLTOOLING_EXCEPTION_FACTORY(ProfileException,opensaml); +DECL_XMLTOOLING_EXCEPTION_FACTORY(FatalProfileException,opensaml); +DECL_XMLTOOLING_EXCEPTION_FACTORY(RetryableProfileException,opensaml); +#endif + namespace shibsp { SPInternalConfig g_config; } @@ -95,10 +109,17 @@ bool SPInternalConfig::init(const char* catalog_path) catalog_path = SHIBSP_SCHEMAS; XMLToolingConfig::getConfig().catalog_path = catalog_path; +#ifndef SHIBSP_LITE if (!SAMLConfig::getConfig().init()) { log.fatal("failed to initialize OpenSAML library"); return false; } +#else + if (!XMLToolingConfig::getConfig().init()) { + log.fatal("failed to initialize XMLTooling library"); + return false; + } +#endif XMLToolingConfig::getConfig().setTemplateEngine(new TemplateEngine()); XMLToolingConfig::getConfig().getTemplateEngine()->setTagPrefix("shibmlp"); @@ -109,24 +130,36 @@ bool SPInternalConfig::init(const char* catalog_path) REGISTER_XMLTOOLING_EXCEPTION_FACTORY(AttributeResolutionException,shibsp); REGISTER_XMLTOOLING_EXCEPTION_FACTORY(ConfigurationException,shibsp); REGISTER_XMLTOOLING_EXCEPTION_FACTORY(ListenerException,shibsp); - + +#ifdef SHIBSP_LITE + REGISTER_XMLTOOLING_EXCEPTION_FACTORY(SecurityPolicyException,opensaml); + REGISTER_XMLTOOLING_EXCEPTION_FACTORY(ProfileException,opensaml); + REGISTER_XMLTOOLING_EXCEPTION_FACTORY(FatalProfileException,opensaml); + REGISTER_XMLTOOLING_EXCEPTION_FACTORY(RetryableProfileException,opensaml); + REGISTER_XMLTOOLING_EXCEPTION_FACTORY(MetadataException,opensaml::saml2md); +#endif + +#ifndef SHIBSP_LITE if (isEnabled(Metadata)) registerMetadataExtClasses(); if (isEnabled(Trust)) registerPKIXTrustEngine(); +#endif registerAttributeFactories(); registerHandlers(); registerSessionInitiators(); registerServiceProviders(); +#ifndef SHIBSP_LITE if (isEnabled(AttributeResolution)) { - registerAttributeDecoders(); registerAttributeExtractors(); - registerAttributeFilters(); + registerAttributeDecoders(); registerAttributeResolvers(); + registerAttributeFilters(); registerMatchFunctors(); } +#endif if (isEnabled(Listener)) registerListenerServices(); @@ -139,9 +172,11 @@ bool SPInternalConfig::init(const char* catalog_path) if (isEnabled(Caching)) registerSessionCaches(); +#ifndef SHIBSP_LITE if (isEnabled(OutOfProcess)) m_artifactResolver = new ArtifactResolver(); - +#endif + log.info("library initialization complete"); return true; } @@ -155,7 +190,9 @@ void SPInternalConfig::term() log.info("shutting down the library"); setServiceProvider(NULL); +#ifndef SHIBSP_LITE setArtifactResolver(NULL); +#endif AssertionConsumerServiceManager.deregisterFactories(); ManageNameIDServiceManager.deregisterFactories(); @@ -165,13 +202,15 @@ void SPInternalConfig::term() ServiceProviderManager.deregisterFactories(); Attribute::deregisterFactories(); +#ifndef SHIBSP_LITE if (isEnabled(AttributeResolution)) { MatchFunctorManager.deregisterFactories(); - AttributeDecoderManager.deregisterFactories(); AttributeFilterManager.deregisterFactories(); + AttributeDecoderManager.deregisterFactories(); AttributeExtractorManager.deregisterFactories(); AttributeResolverManager.deregisterFactories(); } +#endif if (isEnabled(Listener)) ListenerServiceManager.deregisterFactories(); @@ -184,6 +223,10 @@ void SPInternalConfig::term() if (isEnabled(Caching)) SessionCacheManager.deregisterFactories(); +#ifndef SHIBSP_LITE SAMLConfig::getConfig().term(); +#else + XMLToolingConfig::getConfig().term(); +#endif log.info("library shutdown complete"); } diff --git a/shibsp/SPConfig.h b/shibsp/SPConfig.h index 7de91c5..30fe579 100644 --- a/shibsp/SPConfig.h +++ b/shibsp/SPConfig.h @@ -24,7 +24,9 @@ #define __shibsp_config_h__ #include -#include +#ifndef SHIBSP_LITE +# include +#endif #include #include @@ -35,19 +37,22 @@ namespace shibsp { class SHIBSP_API AccessControl; - class SHIBSP_API AttributeDecoder; - class SHIBSP_API AttributeExtractor; - class SHIBSP_API AttributeFilter; - class SHIBSP_API AttributeResolver; - class SHIBSP_API FilterPolicyContext; class SHIBSP_API Handler; class SHIBSP_API ListenerService; - class SHIBSP_API MatchFunctor; class SHIBSP_API RequestMapper; class SHIBSP_API ServiceProvider; class SHIBSP_API SessionCache; class SHIBSP_API SessionInitiator; +#ifndef SHIBSP_LITE + class SHIBSP_API AttributeDecoder; + class SHIBSP_API AttributeExtractor; + class SHIBSP_API AttributeFilter; + class SHIBSP_API AttributeResolver; + class SHIBSP_API FilterPolicyContext; + class SHIBSP_API MatchFunctor; +#endif + #if defined (_MSC_VER) #pragma warning( push ) #pragma warning( disable : 4250 4251 ) @@ -75,10 +80,12 @@ namespace shibsp { enum components_t { Listener = 1, Caching = 2, +#ifndef SHIBSP_LITE Metadata = 4, Trust = 8, Credentials = 16, AttributeResolution = 32, +#endif RequestMapping = 64, OutOfProcess = 128, InProcess = 256, @@ -141,6 +148,7 @@ namespace shibsp { return m_serviceProvider; } +#ifndef SHIBSP_LITE /** * Sets the global ArtifactResolver instance. * @@ -162,6 +170,7 @@ namespace shibsp { opensaml::MessageDecoder::ArtifactResolver* getArtifactResolver() const { return m_artifactResolver; } +#endif /** Separator for serialized values of multi-valued attributes. */ char attribute_value_delimeter; @@ -171,6 +180,7 @@ namespace shibsp { */ xmltooling::PluginManager AccessControlManager; +#ifndef SHIBSP_LITE /** * Manages factories for AttributeDecoder plugins. */ @@ -192,6 +202,12 @@ namespace shibsp { xmltooling::PluginManager AttributeResolverManager; /** + * Manages factories for MatchFunctor plugins. + */ + xmltooling::PluginManager< MatchFunctor,xmltooling::QName,std::pair > MatchFunctorManager; +#endif + + /** * Manages factories for Handler plugins that implement AssertionConsumerService functionality. */ xmltooling::PluginManager< Handler,std::string,std::pair > AssertionConsumerServiceManager; @@ -207,11 +223,6 @@ namespace shibsp { xmltooling::PluginManager ListenerServiceManager; /** - * Manages factories for MatchFunctor plugins. - */ - xmltooling::PluginManager< MatchFunctor,xmltooling::QName,std::pair > MatchFunctorManager; - - /** * Manages factories for Handler plugins that implement ManageNameIDService functionality. */ xmltooling::PluginManager< Handler,std::string,std::pair > ManageNameIDServiceManager; @@ -242,13 +253,19 @@ namespace shibsp { xmltooling::PluginManager< Handler,std::string,std::pair > SingleLogoutServiceManager; protected: - SPConfig() : attribute_value_delimeter(';'), m_serviceProvider(NULL), m_artifactResolver(NULL), m_features(0) {} + SPConfig() : attribute_value_delimeter(';'), m_serviceProvider(NULL), +#ifndef SHIBSP_LITE + m_artifactResolver(NULL), +#endif + m_features(0) {} /** Global ServiceProvider instance. */ ServiceProvider* m_serviceProvider; +#ifndef SHIBSP_LITE /** Global ArtifactResolver instance. */ opensaml::MessageDecoder::ArtifactResolver* m_artifactResolver; +#endif private: unsigned long m_features; diff --git a/shibsp/SPRequest.h b/shibsp/SPRequest.h index 5a4785f..6e1e13c 100644 --- a/shibsp/SPRequest.h +++ b/shibsp/SPRequest.h @@ -24,8 +24,8 @@ #define __shibsp_req_h__ #include -#include -#include +#include +#include namespace shibsp { @@ -42,7 +42,7 @@ namespace shibsp { * *

This interface need not be threadsafe. */ - class SHIBSP_API SPRequest : public virtual opensaml::HTTPRequest, public virtual opensaml::HTTPResponse + class SHIBSP_API SPRequest : public virtual xmltooling::HTTPRequest, public virtual xmltooling::HTTPResponse { protected: SPRequest() {} diff --git a/shibsp/ServiceProvider.cpp b/shibsp/ServiceProvider.cpp index af2e8f0..f971e4d 100644 --- a/shibsp/ServiceProvider.cpp +++ b/shibsp/ServiceProvider.cpp @@ -28,22 +28,16 @@ #include "SessionCache.h" #include "SPRequest.h" #include "attribute/Attribute.h" -#include "attribute/resolver/AttributeExtractor.h" -#include "attribute/resolver/AttributeResolver.h" #include "handler/SessionInitiator.h" #include "util/TemplateParameters.h" #include #include -#include -#include #include #include #include using namespace shibsp; -using namespace opensaml::saml2md; -using namespace opensaml; using namespace xmltooling; using namespace std; @@ -81,7 +75,7 @@ namespace shibsp { } else if (!strcmp(page,"access")) { istringstream msg("Access Denied"); - return static_cast(request).sendResponse(msg, HTTPResponse::SAML_HTTP_STATUS_FORBIDDEN); + return request.sendResponse(msg, HTTPResponse::XMLTOOLING_HTTP_STATUS_FORBIDDEN); } } @@ -100,7 +94,8 @@ namespace shibsp { request.clearHeader("Shib-Attributes"); request.clearHeader("Shib-Application-ID"); - // Let plugins do the rest. + // TODO: Figure out a way to clear attribute headers... + /* AttributeExtractor* extractor = request.getApplication().getAttributeExtractor(); if (extractor) { Locker locker(extractor); @@ -111,6 +106,7 @@ namespace shibsp { Locker locker(resolver); resolver->clearHeaders(request); } + */ } }; @@ -196,7 +192,7 @@ pair ServiceProvider::doAuthentication(SPRequest& request, bool handl catch (exception& e) { request.log(SPRequest::SPWarn, string("error during session lookup: ") + e.what()); // If it's not a retryable session failure, we throw to the outer handler for reporting. - if (dynamic_cast(&e)==NULL) + if (dynamic_cast(&e)==NULL) throw; } @@ -344,7 +340,7 @@ pair ServiceProvider::doExport(SPRequest& request, bool requireSessio // Still no data? if (!session) { if (requireSession) - throw RetryableProfileException("Unable to obtain session to export to request."); + throw opensaml::RetryableProfileException("Unable to obtain session to export to request."); else return make_pair(false,0); // just bail silently } @@ -453,7 +449,7 @@ pair ServiceProvider::doHandler(SPRequest& request) const // Make sure this is SSL, if it should be if ((!handlerSSL.first || handlerSSL.second) && !request.isSecure()) - throw SecurityPolicyException("Blocked non-SSL access to Shibboleth handler."); + throw opensaml::FatalProfileException("Blocked non-SSL access to Shibboleth handler."); // We dispatch based on our path info. We know the request URL begins with or equals the handler URL, // so the path info is the next character (or null). @@ -469,7 +465,7 @@ pair ServiceProvider::doHandler(SPRequest& request) const throw ConfigurationException("Configured Shibboleth handler failed to process the request."); } - catch (MetadataException& e) { + catch (opensaml::saml2md::MetadataException& e) { TemplateParameters tp(&e); tp.m_map["requestURL"] = targetURL.substr(0,targetURL.find('?')); // See if a metadata error page is installed. diff --git a/shibsp/ServiceProvider.h b/shibsp/ServiceProvider.h index 7689a7a..2a322d6 100644 --- a/shibsp/ServiceProvider.h +++ b/shibsp/ServiceProvider.h @@ -24,9 +24,11 @@ #define __shibsp_sp_h__ #include -#include +#ifndef SHIBSP_LITE +# include +# include +#endif #include -#include namespace shibsp { @@ -37,7 +39,9 @@ namespace shibsp { class SHIBSP_API SessionCache; class SHIBSP_API SPRequest; class SHIBSP_API TemplateParameters; +#ifndef SHIBSP_LITE class SHIBSP_API TransactionLog; +#endif /** * Interface to a Shibboleth ServiceProvider instance. @@ -62,6 +66,7 @@ namespace shibsp { */ virtual void init()=0; +#ifndef SHIBSP_LITE /** * Returns a TransactionLog instance. * @@ -76,6 +81,7 @@ namespace shibsp { * @return a StorageService if available, or NULL */ virtual xmltooling::StorageService* getStorageService(const char* id) const=0; +#endif /** * Returns a SessionCache instance. @@ -93,6 +99,7 @@ namespace shibsp { */ virtual ListenerService* getListenerService(bool required=true) const=0; +#ifndef SHIBSP_LITE /** * Returns the security policy settings for an identified policy. * @@ -108,6 +115,7 @@ namespace shibsp { * @return an array of policy rules */ virtual const std::vector& getPolicyRules(const char* id) const=0; +#endif /** * Returns a RequestMapper instance. diff --git a/shibsp/SessionCache.cpp b/shibsp/SessionCache.cpp index bbd19a0..6f05c85 100644 --- a/shibsp/SessionCache.cpp +++ b/shibsp/SessionCache.cpp @@ -23,22 +23,29 @@ #include "internal.h" #include "SessionCache.h" +#include + using namespace shibsp; using namespace xmltooling; namespace shibsp { - SHIBSP_DLLLOCAL PluginManager::Factory RemotedCacheFactory; +#ifndef SHIBSP_LITE SHIBSP_DLLLOCAL PluginManager::Factory StorageServiceCacheFactory; +#else + SHIBSP_DLLLOCAL PluginManager::Factory RemotedCacheFactory; +#endif static const XMLCh cacheTimeout[] = UNICODE_LITERAL_12(c,a,c,h,e,T,i,m,e,o,u,t); } void SHIBSP_API shibsp::registerSessionCaches() { - SPConfig& conf = SPConfig::getConfig(); - conf.SessionCacheManager.registerFactory(REMOTED_SESSION_CACHE, RemotedCacheFactory); - conf.SessionCacheManager.registerFactory(STORAGESERVICE_SESSION_CACHE, StorageServiceCacheFactory); +#ifndef SHIBSP_LITE + SPConfig::getConfig().SessionCacheManager.registerFactory(STORAGESERVICE_SESSION_CACHE, StorageServiceCacheFactory); +#else + SPConfig::getConfig().SessionCacheManager.registerFactory(REMOTED_SESSION_CACHE, RemotedCacheFactory); +#endif } SessionCache::SessionCache(const DOMElement* e) : m_cacheTimeout(60*60*8) diff --git a/shibsp/SessionCache.h b/shibsp/SessionCache.h index 341c224..870ca75 100644 --- a/shibsp/SessionCache.h +++ b/shibsp/SessionCache.h @@ -24,8 +24,11 @@ #define __shibsp_sessioncache_h__ #include -#include -#include + +#ifndef SHIBSP_LITE +# include +# include +#endif #include namespace shibsp { @@ -61,6 +64,7 @@ namespace shibsp { */ virtual const char* getAuthnInstant() const=0; +#ifndef SHIBSP_LITE /** * Returns the NameID associated with a session. * @@ -69,6 +73,7 @@ namespace shibsp { * @return a SAML 2.0 NameID associated with the session, if any */ virtual const opensaml::saml2::NameID* getNameID() const=0; +#endif /** * Returns the SessionIndex provided with the session. @@ -101,13 +106,6 @@ namespace shibsp { virtual const std::multimap& getAttributes() const=0; /** - * Adds additional attributes to the session. - * - * @param attributes reference to an array of Attributes to cache (will be freed by cache) - */ - virtual void addAttributes(const std::vector& attributes)=0; - - /** * Returns the identifiers of the assertion(s) cached by the session. * *

The SSO assertion is guaranteed to be first in the set. @@ -116,6 +114,14 @@ namespace shibsp { */ virtual const std::vector& getAssertionIDs() const=0; +#ifndef SHIBSP_LITE + /** + * Adds additional attributes to the session. + * + * @param attributes reference to an array of Attributes to cache (will be freed by cache) + */ + virtual void addAttributes(const std::vector& attributes)=0; + /** * Returns an assertion cached by the session. * @@ -130,6 +136,7 @@ namespace shibsp { * @param assertion pointer to an assertion to cache (will be freed by cache) */ virtual void addAssertion(opensaml::Assertion* assertion)=0; +#endif }; /** @@ -165,6 +172,7 @@ namespace shibsp { public: virtual ~SessionCache() {} +#ifndef SHIBSP_LITE /** * Inserts a new session into the cache. * @@ -197,6 +205,7 @@ namespace shibsp { const std::vector* tokens=NULL, const std::multimap* attributes=NULL )=0; +#endif /** * Locates an existing session. @@ -222,11 +231,13 @@ namespace shibsp { virtual void remove(const char* key, const Application& application, const char* client_addr)=0; }; - /** SessionCache implementation that delegates to a remoted version. */ - #define REMOTED_SESSION_CACHE "Remoted" - +#ifndef SHIBSP_LITE /** SessionCache implementation backed by a StorageService. */ #define STORAGESERVICE_SESSION_CACHE "StorageService" +#endif + + /** SessionCache implementation for lite builds that delegates to a remoted version. */ + #define REMOTED_SESSION_CACHE "Remoted" /** * Registers SessionCache classes into the runtime. diff --git a/shibsp/attribute/Attribute.cpp b/shibsp/attribute/Attribute.cpp index 3809e97..a943272 100644 --- a/shibsp/attribute/Attribute.cpp +++ b/shibsp/attribute/Attribute.cpp @@ -22,7 +22,9 @@ #include "internal.h" #include "SPConfig.h" -#include "attribute/AttributeDecoder.h" +#ifndef SHIBSP_LITE +# include "attribute/AttributeDecoder.h" +#endif #include "attribute/SimpleAttribute.h" #include "attribute/ScopedAttribute.h" #include "attribute/NameIDAttribute.h" @@ -48,6 +50,7 @@ namespace shibsp { return new NameIDAttribute(in); } +#ifndef SHIBSP_LITE SHIBSP_DLLLOCAL PluginManager::Factory StringAttributeDecoderFactory; SHIBSP_DLLLOCAL PluginManager::Factory ScopedAttributeDecoderFactory; SHIBSP_DLLLOCAL PluginManager::Factory NameIDAttributeDecoderFactory; @@ -57,8 +60,10 @@ namespace shibsp { static const XMLCh _NameIDAttributeDecoder[] = UNICODE_LITERAL_22(N,a,m,e,I,D,A,t,t,r,i,b,u,t,e,D,e,c,o,d,e,r); static const XMLCh caseSensitive[] = UNICODE_LITERAL_13(c,a,s,e,S,e,n,s,i,t,i,v,e); +#endif }; +#ifndef SHIBSP_LITE QName shibsp::StringAttributeDecoderType(shibspconstants::SHIB2ATTRIBUTEMAP_NS, _StringAttributeDecoder); QName shibsp::ScopedAttributeDecoderType(shibspconstants::SHIB2ATTRIBUTEMAP_NS, _ScopedAttributeDecoder); QName shibsp::NameIDAttributeDecoderType(shibspconstants::SHIB2ATTRIBUTEMAP_NS, _NameIDAttributeDecoder); @@ -71,6 +76,16 @@ void shibsp::registerAttributeDecoders() conf.AttributeDecoderManager.registerFactory(NameIDAttributeDecoderType, NameIDAttributeDecoderFactory); } +AttributeDecoder::AttributeDecoder(const DOMElement *e) : m_caseSensitive(true) +{ + if (e) { + const XMLCh* flag = e->getAttributeNS(NULL,caseSensitive); + if (flag && (*flag == chLatin_f || *flag == chDigit_0)) + m_caseSensitive = false; + } +} +#endif + void shibsp::registerAttributeFactories() { Attribute::registerFactory("", SimpleAttributeFactory); @@ -88,12 +103,3 @@ Attribute* Attribute::unmarshall(DDF& in) throw AttributeException("No registered factory for Attribute of type ($1).", xmltooling::params(1,in.name())); return (i->second)(in); } - -AttributeDecoder::AttributeDecoder(const DOMElement *e) : m_caseSensitive(true) -{ - if (e) { - const XMLCh* flag = e->getAttributeNS(NULL,caseSensitive); - if (flag && (*flag == chLatin_f || *flag == chDigit_0)) - m_caseSensitive = false; - } -} diff --git a/shibsp/attribute/resolver/AttributeExtractor.h b/shibsp/attribute/resolver/AttributeExtractor.h index af61e62..4ae7d60 100644 --- a/shibsp/attribute/resolver/AttributeExtractor.h +++ b/shibsp/attribute/resolver/AttributeExtractor.h @@ -24,15 +24,13 @@ #define __shibsp_extractor_h__ #include - -#include #include +#include namespace shibsp { class SHIBSP_API Application; class SHIBSP_API Attribute; - class SHIBSP_API SPRequest; /** * A service that extracts and decodes attributes from XML objects. @@ -61,14 +59,6 @@ namespace shibsp { const xmltooling::XMLObject& xmlObject, std::multimap& attributes ) const=0; - - /** - * Clears possible HTTP request headers that might be populated - * during attribute export. - * - * @param request the SP request being processed - */ - virtual void clearHeaders(SPRequest& request) const=0; }; /** diff --git a/shibsp/attribute/resolver/AttributeResolver.h b/shibsp/attribute/resolver/AttributeResolver.h index 4b12938..2e143b9 100644 --- a/shibsp/attribute/resolver/AttributeResolver.h +++ b/shibsp/attribute/resolver/AttributeResolver.h @@ -33,9 +33,8 @@ namespace shibsp { class SHIBSP_API Application; class SHIBSP_API Attribute; - class SHIBSP_API ResolutionContext; class SHIBSP_API Session; - class SHIBSP_API SPRequest; + class SHIBSP_API ResolutionContext; #if defined (_MSC_VER) #pragma warning( push ) @@ -96,14 +95,6 @@ namespace shibsp { * @throws AttributeResolutionException thrown if there is a problem resolving the attributes for the subject */ virtual void resolveAttributes(ResolutionContext& ctx) const=0; - - /** - * Clears possible HTTP request headers that might be populated - * during attribute export. - * - * @param request the SP request being processed - */ - virtual void clearHeaders(SPRequest& request) const=0; }; #if defined (_MSC_VER) diff --git a/shibsp/attribute/resolver/impl/ChainingAttributeResolver.cpp b/shibsp/attribute/resolver/impl/ChainingAttributeResolver.cpp index a2a1154..f2ef837 100644 --- a/shibsp/attribute/resolver/impl/ChainingAttributeResolver.cpp +++ b/shibsp/attribute/resolver/impl/ChainingAttributeResolver.cpp @@ -102,11 +102,6 @@ namespace shibsp { void resolveAttributes(ResolutionContext& ctx) const; - void clearHeaders(SPRequest& request) const { - for (vector::const_iterator i=m_resolvers.begin(); i!=m_resolvers.end(); ++i) - (*i)->clearHeaders(request); - } - private: vector m_resolvers; }; diff --git a/shibsp/attribute/resolver/impl/QueryAttributeResolver.cpp b/shibsp/attribute/resolver/impl/QueryAttributeResolver.cpp index c846355..044230b 100644 --- a/shibsp/attribute/resolver/impl/QueryAttributeResolver.cpp +++ b/shibsp/attribute/resolver/impl/QueryAttributeResolver.cpp @@ -184,10 +184,6 @@ namespace shibsp { void resolveAttributes(ResolutionContext& ctx) const; - void clearHeaders(SPRequest& request) const { - // Doesn't have to do anything, the extractor is the only possibly source of attributes. - } - private: bool SAML1Query(QueryContext& ctx) const; bool SAML2Query(QueryContext& ctx) const; diff --git a/shibsp/attribute/resolver/impl/XMLAttributeExtractor.cpp b/shibsp/attribute/resolver/impl/XMLAttributeExtractor.cpp index 9b73062..e99c101 100644 --- a/shibsp/attribute/resolver/impl/XMLAttributeExtractor.cpp +++ b/shibsp/attribute/resolver/impl/XMLAttributeExtractor.cpp @@ -23,7 +23,6 @@ #include "internal.h" #include "Application.h" #include "ServiceProvider.h" -#include "SPRequest.h" #include "attribute/AttributeDecoder.h" #include "attribute/resolver/AttributeExtractor.h" #include "util/SPConstants.h" @@ -81,10 +80,12 @@ namespace shibsp { const Application& application, const char* assertingParty, const saml2::Attribute& attr, multimap& attributes ) const; + /* void clearHeaders(SPRequest& request) const { for (vector::const_iterator i = m_attributeIds.begin(); i!=m_attributeIds.end(); ++i) request.clearHeader(i->c_str()); } + */ private: Category& m_log; @@ -95,7 +96,7 @@ namespace shibsp { typedef map< pair,pair > attrmap_t; #endif attrmap_t m_attrMap; - vector m_attributeIds; + //vector m_attributeIds; }; class XMLExtractor : public AttributeExtractor, public ReloadableXMLFile @@ -112,10 +113,12 @@ namespace shibsp { const Application& application, const RoleDescriptor* issuer, const XMLObject& xmlObject, multimap& attributes ) const; + /* void clearHeaders(SPRequest& request) const { if (m_impl) m_impl->clearHeaders(request); } + */ protected: pair load(); @@ -227,7 +230,7 @@ XMLExtractorImpl::XMLExtractorImpl(const DOMElement* e, Category& log) : m_log(l decl.first = decoder; decl.second = id.get(); - m_attributeIds.push_back(id.get()); + //m_attributeIds.push_back(id.get()); child = XMLHelper::getNextSiblingElement(child, shibspconstants::SHIB2ATTRIBUTEMAP_NS, saml1::Attribute::LOCAL_NAME); } diff --git a/shibsp/base.h b/shibsp/base.h index 757726f..d34219c 100644 --- a/shibsp/base.h +++ b/shibsp/base.h @@ -24,7 +24,12 @@ #ifndef __shibsp_base_h__ #define __shibsp_base_h__ -#include +#ifdef SHIBSP_LITE +# define XMLTOOLING_LITE +# include +#else +# include +#endif // Windows and GCC4 Symbol Visibility Macros #ifdef WIN32 diff --git a/shibsp/exceptions.h b/shibsp/exceptions.h index 5cd9625..5bd65f4 100644 --- a/shibsp/exceptions.h +++ b/shibsp/exceptions.h @@ -24,7 +24,11 @@ #define __shibsp_exceptions_h__ #include -#include +#ifndef SHIBSP_LITE +# include +#else +# include +#endif namespace shibsp { @@ -37,4 +41,17 @@ namespace shibsp { }; +#ifdef SHIBSP_LITE +namespace opensaml { + DECL_XMLTOOLING_EXCEPTION(SecurityPolicyException,SHIBSP_EXCEPTIONAPI(SHIBSP_API),opensaml,xmltooling::XMLToolingException,Exceptions in security policy processing); + DECL_XMLTOOLING_EXCEPTION(ProfileException,SHIBSP_EXCEPTIONAPI(SHIBSP_API),opensaml,xmltooling::ValidationException,Exceptions in SAML profile processing); + DECL_XMLTOOLING_EXCEPTION(FatalProfileException,SHIBSP_EXCEPTIONAPI(SHIBSP_API),opensaml,ProfileException,Fatal exceptions in SAML profile processing); + DECL_XMLTOOLING_EXCEPTION(RetryableProfileException,SHIBSP_EXCEPTIONAPI(SHIBSP_API),opensaml,ProfileException,Non-fatal exceptions in SAML profile processing); + + namespace saml2md { + DECL_XMLTOOLING_EXCEPTION(MetadataException,SHIBSP_EXCEPTIONAPI(SHIBSP_API),opensaml::saml2md,xmltooling::XMLToolingException,Exceptions related to metadata use); + }; +}; +#endif + #endif /* __shibsp_exceptions_h__ */ diff --git a/shibsp/handler/AbstractHandler.h b/shibsp/handler/AbstractHandler.h index bc17689..3fda7f8 100644 --- a/shibsp/handler/AbstractHandler.h +++ b/shibsp/handler/AbstractHandler.h @@ -27,9 +27,10 @@ #include #include -#include -#include + #include +#include +#include namespace shibsp { @@ -61,6 +62,7 @@ namespace shibsp { const std::map* remapper=NULL ); +#ifndef SHIBSP_LITE /** * Examines a protocol response message for errors and raises an annotated exception * if an error is found. @@ -70,7 +72,8 @@ namespace shibsp { * @param response a response message of some known protocol */ virtual void checkError(const xmltooling::XMLObject* response) const; - +#endif + /** * Implements various mechanisms to preserve RelayState, * such as cookies or StorageService-backed keys. @@ -82,7 +85,7 @@ namespace shibsp { * @param response outgoing HTTP response * @param relayState RelayState token to supply with message */ - virtual void preserveRelayState(const Application& application, opensaml::HTTPResponse& response, std::string& relayState) const; + virtual void preserveRelayState(const Application& application, xmltooling::HTTPResponse& response, std::string& relayState) const; /** * Implements various mechanisms to recover RelayState, @@ -97,7 +100,7 @@ namespace shibsp { * @param clear true iff the token state should be cleared */ virtual void recoverRelayState( - const Application& application, opensaml::HTTPRequest& request, std::string& relayState, bool clear=true + const Application& application, xmltooling::HTTPRequest& request, std::string& relayState, bool clear=true ) const; /** Logging object. */ diff --git a/shibsp/handler/AssertionConsumerService.h b/shibsp/handler/AssertionConsumerService.h index b9b5639..e3e4987 100644 --- a/shibsp/handler/AssertionConsumerService.h +++ b/shibsp/handler/AssertionConsumerService.h @@ -25,11 +25,15 @@ #include #include -#include -#include +#ifndef SHIBSP_LITE +# include +# include +#endif +#include namespace shibsp { + class SHIBSP_API Attribute; class SHIBSP_API ResolutionContext; #if defined (_MSC_VER) @@ -58,6 +62,7 @@ namespace shibsp { */ AssertionConsumerService(const xercesc::DOMElement* e, const char* appId, log4cpp::Category& log); +#ifndef SHIBSP_LITE /** * Implement protocol-specific handling of the incoming decoded message. * @@ -73,23 +78,12 @@ namespace shibsp { */ virtual std::string implementProtocol( const Application& application, - const opensaml::HTTPRequest& httpRequest, + const xmltooling::HTTPRequest& httpRequest, opensaml::SecurityPolicy& policy, const PropertySet* settings, const xmltooling::XMLObject& xmlObject ) const=0; - - /** - * Enforce address checking requirements. - * - * @param application reference to application receiving message - * @param httpRequest client request that initiated session - * @param issuedTo address for which security assertion was issued - */ - void checkAddress( - const Application& application, const opensaml::HTTPRequest& httpRequest, const char* issuedTo - ) const; - + /** * Attempt SSO-initiated attribute resolution using the supplied information. * @@ -112,11 +106,23 @@ namespace shibsp { const std::vector* tokens=NULL, const std::multimap* attributes=NULL ) const; +#endif + + /** + * Enforce address checking requirements. + * + * @param application reference to application receiving message + * @param httpRequest client request that initiated session + * @param issuedTo address for which security assertion was issued + */ + void checkAddress( + const Application& application, const xmltooling::HTTPRequest& httpRequest, const char* issuedTo + ) const; private: std::string processMessage( const Application& application, - opensaml::HTTPRequest& httpRequest, + xmltooling::HTTPRequest& httpRequest, std::string& entityID, std::string& relayState ) const; @@ -127,9 +133,11 @@ namespace shibsp { void maintainHistory(SPRequest& request, const char* entityID, const char* cookieProps) const; +#ifndef SHIBSP_LITE opensaml::MessageDecoder* m_decoder; - xmltooling::auto_ptr_char m_configNS; xmltooling::QName m_role; +#endif + xmltooling::auto_ptr_char m_configNS; }; #if defined (_MSC_VER) diff --git a/shibsp/handler/Handler.h b/shibsp/handler/Handler.h index 0517af9..94ccefa 100644 --- a/shibsp/handler/Handler.h +++ b/shibsp/handler/Handler.h @@ -55,12 +55,6 @@ namespace shibsp { /** Registers Handler implementations. */ void SHIBSP_API registerHandlers(); - - /** SessionInitiator that iterates through a set of protocol-specific versions. */ - #define CHAINING_SESSION_INITIATOR "Chaining" - - /** SessionInitiator that supports Shibboleth V1 AuthnRequest redirects. */ - #define SHIB1_SESSION_INITIATOR "Shibboleth" }; #endif /* __shibsp_handler_h__ */ diff --git a/shibsp/handler/RemotedHandler.h b/shibsp/handler/RemotedHandler.h index b26be6e..37c6e53 100644 --- a/shibsp/handler/RemotedHandler.h +++ b/shibsp/handler/RemotedHandler.h @@ -67,14 +67,14 @@ namespace shibsp { * @return a pair containing a "request completed" indicator and a server-specific response code */ virtual std::pair unwrap(SPRequest& request, DDF& out) const; - + /** * Builds a new request instance around a remoted data object. * * @param in the dataflow object containing the remoted request * @return a call-specific request object based on the input, to be freed by the caller */ - opensaml::HTTPRequest* getRequest(DDF& in) const; + xmltooling::HTTPRequest* getRequest(DDF& in) const; /** * Builds a new response instance around an outgoing data object. @@ -82,8 +82,8 @@ namespace shibsp { * @param out the dataflow object to be returned by the caller * @return a call-specific response object, to be freed by the caller */ - opensaml::HTTPResponse* getResponse(DDF& out) const; - + xmltooling::HTTPResponse* getResponse(DDF& out) const; + /** Message address for remote half. */ std::string m_address; }; diff --git a/shibsp/handler/impl/AbstractHandler.cpp b/shibsp/handler/impl/AbstractHandler.cpp index 837fc08..b5083c2 100644 --- a/shibsp/handler/impl/AbstractHandler.cpp +++ b/shibsp/handler/impl/AbstractHandler.cpp @@ -28,13 +28,18 @@ #include "handler/AbstractHandler.h" #include "remoting/ListenerService.h" -#include -#include -#include -#include -#include +#ifndef SHIBSP_LITE +# include +# include +# include +# include +# include +# include +#else +# include "lite/SAMLConstants.h" +#endif + #include -#include #include using namespace shibsp; @@ -67,6 +72,7 @@ AbstractHandler::AbstractHandler( load(e,log,filter,remapper); } +#ifndef SHIBSP_LITE void AbstractHandler::checkError(const XMLObject* response) const { const saml2p::StatusResponseType* r2 = dynamic_cast(response); @@ -114,6 +120,7 @@ void AbstractHandler::checkError(const XMLObject* response) const } } } +#endif void AbstractHandler::preserveRelayState(const Application& application, HTTPResponse& response, string& relayState) const { @@ -141,6 +148,7 @@ void AbstractHandler::preserveRelayState(const Application& application, HTTPRes mech.second+=3; if (*mech.second) { if (SPConfig::getConfig().isEnabled(SPConfig::OutOfProcess)) { +#ifndef SHIBSP_LITE StorageService* storage = application.getServiceProvider().getStorageService(mech.second); if (storage) { string rsKey; @@ -153,6 +161,7 @@ void AbstractHandler::preserveRelayState(const Application& application, HTTPRes m_log.error("Storage-backed RelayState with invalid StorageService ID (%s)", mech.second); relayState.erase(); } +#endif } else if (SPConfig::getConfig().isEnabled(SPConfig::InProcess)) { DDF out,in = DDF("set::RelayState").structure(); @@ -185,6 +194,7 @@ void AbstractHandler::recoverRelayState(const Application& application, HTTPRequ key++; if (!ssid.empty() && *key) { if (conf.isEnabled(SPConfig::OutOfProcess)) { +#ifndef SHIBSP_LITE StorageService* storage = conf.getServiceProvider()->getStorageService(ssid.c_str()); if (storage) { if (storage->readString("RelayState",key,&relayState)>0) { @@ -201,6 +211,7 @@ void AbstractHandler::recoverRelayState(const Application& application, HTTPRequ ); relayState.erase(); } +#endif } else if (conf.isEnabled(SPConfig::InProcess)) { DDF out,in = DDF("get::RelayState").structure(); diff --git a/shibsp/handler/impl/AssertionConsumerService.cpp b/shibsp/handler/impl/AssertionConsumerService.cpp index 651dc04..6c9b6fc 100644 --- a/shibsp/handler/impl/AssertionConsumerService.cpp +++ b/shibsp/handler/impl/AssertionConsumerService.cpp @@ -24,18 +24,23 @@ #include "Application.h" #include "exceptions.h" #include "ServiceProvider.h" -#include "attribute/resolver/AttributeResolver.h" -#include "attribute/resolver/ResolutionContext.h" #include "handler/AssertionConsumerService.h" -#include "security/SecurityPolicy.h" #include "util/SPConstants.h" -#include -#include -#include +# include +#ifndef SHIBSP_LITE +# include "attribute/resolver/AttributeResolver.h" +# include "attribute/resolver/ResolutionContext.h" +# include "security/SecurityPolicy.h" +# include +# include +# include +using namespace samlconstants; +#else +# include "lite/CommonDomainCookie.h" +#endif using namespace shibspconstants; -using namespace samlconstants; using namespace shibsp; using namespace opensaml; using namespace xmltooling; @@ -43,22 +48,30 @@ using namespace log4cpp; using namespace std; AssertionConsumerService::AssertionConsumerService(const DOMElement* e, const char* appId, Category& log) - : AbstractHandler(e, log), m_decoder(NULL), m_configNS(SHIB2SPCONFIG_NS), - m_role(samlconstants::SAML20MD_NS, opensaml::saml2md::IDPSSODescriptor::LOCAL_NAME) + : AbstractHandler(e, log), +#ifndef SHIBSP_LITE + m_decoder(NULL), m_role(samlconstants::SAML20MD_NS, opensaml::saml2md::IDPSSODescriptor::LOCAL_NAME), +#endif + m_configNS(SHIB2SPCONFIG_NS) + { string address(appId); address += getString("Location").second; address += "::run::ACS"; setAddress(address.c_str()); +#ifndef SHIBSP_LITE if (SPConfig::getConfig().isEnabled(SPConfig::OutOfProcess)) { m_decoder = SAMLConfig::getConfig().MessageDecoderManager.newPlugin(getString("Binding").second,e); m_decoder->setArtifactResolver(SPConfig::getConfig().getArtifactResolver()); } +#endif } AssertionConsumerService::~AssertionConsumerService() { +#ifndef SHIBSP_LITE delete m_decoder; +#endif } pair AssertionConsumerService::run(SPRequest& request, bool isHandler) const @@ -158,6 +171,7 @@ string AssertionConsumerService::processMessage( const Application& application, HTTPRequest& httpRequest, string& entityID, string& relayState ) const { +#ifndef SHIBSP_LITE // Locate policy key. pair policyId = getString("policyId", m_configNS.get()); // namespace-qualified if inside handler element if (!policyId.first) @@ -185,6 +199,9 @@ string AssertionConsumerService::processMessage( entityID = issuer.get(); return key; +#else + throw ConfigurationException("Cannot process message using lite version of shibsp library."); +#endif } pair AssertionConsumerService::sendRedirect( @@ -226,6 +243,7 @@ void AssertionConsumerService::checkAddress( } } +#ifndef SHIBSP_LITE ResolutionContext* AssertionConsumerService::resolveAttributes( const Application& application, const saml2md::EntityDescriptor* issuer, @@ -258,6 +276,7 @@ ResolutionContext* AssertionConsumerService::resolveAttributes( return NULL; } +#endif void AssertionConsumerService::maintainHistory(SPRequest& request, const char* entityID, const char* cookieProps) const { diff --git a/shibsp/handler/impl/RemotedHandler.cpp b/shibsp/handler/impl/RemotedHandler.cpp index a66e073..906d560 100644 --- a/shibsp/handler/impl/RemotedHandler.cpp +++ b/shibsp/handler/impl/RemotedHandler.cpp @@ -27,12 +27,15 @@ #include #include -#include #include -#include -#include -#include -#include + +#ifndef SHIBSP_LITE +# include +# include +# include +# include +# include +#endif using namespace shibsp; using namespace opensaml; @@ -41,8 +44,9 @@ using namespace log4cpp; using namespace xercesc; using namespace std; +#ifndef SHIBSP_LITE namespace shibsp { - class SHIBSP_DLLLOCAL RemotedRequest : public virtual opensaml::HTTPRequest + class SHIBSP_DLLLOCAL RemotedRequest : public virtual HTTPRequest { DDF& m_input; mutable CGIParser* m_parser; @@ -108,7 +112,7 @@ namespace shibsp { } }; - class SHIBSP_DLLLOCAL RemotedResponse : public virtual opensaml::HTTPResponse + class SHIBSP_DLLLOCAL RemotedResponse : public virtual HTTPResponse { DDF& m_output; public: @@ -199,9 +203,10 @@ long RemotedResponse::sendRedirect(const char* url) if (!m_output.isstruct()) m_output.structure(); m_output.addmember("redirect").string(url); - return HTTPResponse::SAML_HTTP_STATUS_MOVED; + return HTTPResponse::XMLTOOLING_HTTP_STATUS_MOVED; } +#endif void RemotedHandler::setAddress(const char* address) { @@ -253,6 +258,7 @@ DDF RemotedHandler::wrap(const SPRequest& request, const vector* headers } if (certs) { +#ifndef SHIBSP_LITE const vector& xvec = request.getClientCertificates(); if (!xvec.empty()) { DDF clist = in.addmember("certificates").list(); @@ -261,6 +267,16 @@ DDF RemotedHandler::wrap(const SPRequest& request, const vector* headers clist.add(x509); } } +#else + const vector& xvec = request.getClientCertificates(); + if (!xvec.empty()) { + DDF clist = in.addmember("certificates").list(); + for (vector::const_iterator x = xvec.begin(); x!=xvec.end(); ++x) { + DDF x509 = DDF(NULL).string(x->c_str()); + clist.add(x509); + } + } +#endif } return in; @@ -280,17 +296,25 @@ pair RemotedHandler::unwrap(SPRequest& request, DDF& out) const h = out["response"]; if (h.isstruct()) { istringstream s(h["data"].string()); - return make_pair(true, static_cast(request).sendResponse(s, h["status"].integer())); + return make_pair(true, request.sendResponse(s, h["status"].integer())); } return make_pair(false,0); } HTTPRequest* RemotedHandler::getRequest(DDF& in) const { +#ifndef SHIBSP_LITE return new RemotedRequest(in); +#else + throw ConfigurationException("Cannot process message using lite version of shibsp library."); +#endif } HTTPResponse* RemotedHandler::getResponse(DDF& out) const { +#ifndef SHIBSP_LITE return new RemotedResponse(out); +#else + throw ConfigurationException("Cannot process message using lite version of shibsp library."); +#endif } diff --git a/shibsp/handler/impl/SAML1Consumer.cpp b/shibsp/handler/impl/SAML1Consumer.cpp index 478adf5..13c1e1f 100644 --- a/shibsp/handler/impl/SAML1Consumer.cpp +++ b/shibsp/handler/impl/SAML1Consumer.cpp @@ -21,32 +21,36 @@ */ #include "internal.h" -#include "Application.h" -#include "exceptions.h" -#include "ServiceProvider.h" -#include "SessionCache.h" -#include "attribute/Attribute.h" -#include "attribute/filtering/AttributeFilter.h" -#include "attribute/filtering/BasicFilteringContext.h" -#include "attribute/resolver/AttributeExtractor.h" -#include "attribute/resolver/ResolutionContext.h" #include "handler/AssertionConsumerService.h" -#include -#include -#include -#include - -using namespace shibsp; +#ifndef SHIBSP_LITE +# include "exceptions.h" +# include "Application.h" +# include "ServiceProvider.h" +# include "SessionCache.h" +# include "attribute/Attribute.h" +# include "attribute/filtering/AttributeFilter.h" +# include "attribute/filtering/BasicFilteringContext.h" +# include "attribute/resolver/AttributeExtractor.h" +# include "attribute/resolver/ResolutionContext.h" +# include +# include +# include +# include using namespace opensaml::saml1; using namespace opensaml::saml1p; using namespace opensaml; -using namespace xmltooling; -using namespace log4cpp; -using namespace std; using saml2::NameID; using saml2::NameIDBuilder; using saml2md::EntityDescriptor; +#else +# include "lite/SAMLConstants.h" +#endif + +using namespace shibsp; +using namespace xmltooling; +using namespace log4cpp; +using namespace std; namespace shibsp { @@ -60,11 +64,14 @@ namespace shibsp { public: SAML1Consumer(const DOMElement* e, const char* appId) : AssertionConsumerService(e, appId, Category::getInstance(SHIBSP_LOGCAT".SAML1")) { +#ifndef SHIBSP_LITE m_post = XMLString::equals(getString("Binding").second, samlconstants::SAML1_PROFILE_BROWSER_POST); +#endif } virtual ~SAML1Consumer() {} private: +#ifndef SHIBSP_LITE string implementProtocol( const Application& application, const HTTPRequest& httpRequest, @@ -72,8 +79,8 @@ namespace shibsp { const PropertySet* settings, const XMLObject& xmlObject ) const; - bool m_post; +#endif }; #if defined (_MSC_VER) @@ -87,6 +94,8 @@ namespace shibsp { }; +#ifndef SHIBSP_LITE + string SAML1Consumer::implementProtocol( const Application& application, const HTTPRequest& httpRequest, @@ -288,3 +297,5 @@ string SAML1Consumer::implementProtocol( throw; } } + +#endif diff --git a/shibsp/handler/impl/SAML2Consumer.cpp b/shibsp/handler/impl/SAML2Consumer.cpp index 5d544ec..cca120e 100644 --- a/shibsp/handler/impl/SAML2Consumer.cpp +++ b/shibsp/handler/impl/SAML2Consumer.cpp @@ -21,27 +21,29 @@ */ #include "internal.h" -#include "Application.h" -#include "exceptions.h" -#include "ServiceProvider.h" -#include "SessionCache.h" -#include "attribute/Attribute.h" -#include "attribute/filtering/AttributeFilter.h" -#include "attribute/filtering/BasicFilteringContext.h" -#include "attribute/resolver/AttributeExtractor.h" -#include "attribute/resolver/ResolutionContext.h" #include "handler/AssertionConsumerService.h" -#include -#include -#include -#include - -using namespace shibsp; +#ifndef SHIBSP_LITE +# include "exceptions.h" +# include "Application.h" +# include "ServiceProvider.h" +# include "SessionCache.h" +# include "attribute/Attribute.h" +# include "attribute/filtering/AttributeFilter.h" +# include "attribute/filtering/BasicFilteringContext.h" +# include "attribute/resolver/AttributeExtractor.h" +# include "attribute/resolver/ResolutionContext.h" +# include +# include +# include +# include using namespace opensaml::saml2; using namespace opensaml::saml2p; using namespace opensaml::saml2md; using namespace opensaml; +#endif + +using namespace shibsp; using namespace xmltooling; using namespace log4cpp; using namespace std; @@ -57,11 +59,12 @@ namespace shibsp { { public: SAML2Consumer(const DOMElement* e, const char* appId) - : AssertionConsumerService(e, appId, Category::getInstance(SHIBSP_LOGCAT".SAML2")) { + : AssertionConsumerService(e, appId, Category::getInstance(SHIBSP_LOGCAT".SAML2")) { } virtual ~SAML2Consumer() {} private: +#ifndef SHIBSP_LITE string implementProtocol( const Application& application, const HTTPRequest& httpRequest, @@ -69,6 +72,7 @@ namespace shibsp { const PropertySet* settings, const XMLObject& xmlObject ) const; +#endif }; #if defined (_MSC_VER) @@ -82,6 +86,8 @@ namespace shibsp { }; +#ifndef SHIBSP_LITE + string SAML2Consumer::implementProtocol( const Application& application, const HTTPRequest& httpRequest, @@ -420,3 +426,5 @@ string SAML2Consumer::implementProtocol( throw; } } + +#endif diff --git a/shibsp/handler/impl/SAML2SessionInitiator.cpp b/shibsp/handler/impl/SAML2SessionInitiator.cpp index 1da89c6..57ee0e5 100644 --- a/shibsp/handler/impl/SAML2SessionInitiator.cpp +++ b/shibsp/handler/impl/SAML2SessionInitiator.cpp @@ -30,17 +30,19 @@ #include "handler/SessionInitiator.h" #include "util/SPConstants.h" -#include -#include -#include -#include -#include -#include - -using namespace shibsp; +#ifndef SHIBSP_LITE +# include +# include +# include +# include +# include +# include using namespace opensaml::saml2; using namespace opensaml::saml2p; using namespace opensaml::saml2md; +#endif + +using namespace shibsp; using namespace opensaml; using namespace xmltooling; using namespace log4cpp; @@ -58,11 +60,13 @@ namespace shibsp { public: SAML2SessionInitiator(const DOMElement* e, const char* appId); virtual ~SAML2SessionInitiator() { +#ifndef SHIBSP_LITE if (SPConfig::getConfig().isEnabled(SPConfig::OutOfProcess)) { XMLString::release(&m_outgoing); for_each(m_encoders.begin(), m_encoders.end(), cleanup_pair()); delete m_requestTemplate; } +#endif } void setParent(const PropertySet* parent); @@ -85,10 +89,12 @@ namespace shibsp { ) const; string m_appId; +#ifndef SHIBSP_LITE XMLCh* m_outgoing; vector m_bindings; map m_encoders; AuthnRequest* m_requestTemplate; +#endif }; #if defined (_MSC_VER) @@ -103,8 +109,11 @@ namespace shibsp { }; SAML2SessionInitiator::SAML2SessionInitiator(const DOMElement* e, const char* appId) - : AbstractHandler(e, Category::getInstance(SHIBSP_LOGCAT".SessionInitiator")), m_appId(appId), m_outgoing(NULL), m_requestTemplate(NULL) + : AbstractHandler(e, Category::getInstance(SHIBSP_LOGCAT".SessionInitiator")), m_appId(appId) { +#ifndef SHIBSP_LITE + m_outgoing=NULL; + m_requestTemplate=NULL; if (SPConfig::getConfig().isEnabled(SPConfig::OutOfProcess)) { // Check for a template AuthnRequest to build from. DOMElement* child = XMLHelper::getFirstChildElement(e, samlconstants::SAML20P_NS, AuthnRequest::LOCAL_NAME); @@ -146,6 +155,7 @@ SAML2SessionInitiator::SAML2SessionInitiator(const DOMElement* e, const char* ap break; } } +#endif // If Location isn't set, defer address registration until the setParent call. pair loc = getString("Location"); @@ -384,6 +394,7 @@ pair SAML2SessionInitiator::doRequest( string& relayState ) const { +#ifndef SHIBSP_LITE // Use metadata to locate the IdP's SSO service. MetadataProvider* m=app.getMetadataProvider(); Locker locker(m); @@ -509,4 +520,7 @@ pair SAML2SessionInitiator::doRequest( long ret = encoder->encode(httpResponse, req.get(), dest.get(), entityID, relayState.c_str()); req.release(); // freed by encoder return make_pair(true,ret); +#else + return make_pair(false,0); +#endif } diff --git a/shibsp/handler/impl/Shib1SessionInitiator.cpp b/shibsp/handler/impl/Shib1SessionInitiator.cpp index 4c5b807..c085095 100644 --- a/shibsp/handler/impl/Shib1SessionInitiator.cpp +++ b/shibsp/handler/impl/Shib1SessionInitiator.cpp @@ -30,8 +30,10 @@ #include "handler/SessionInitiator.h" #include "util/SPConstants.h" -#include -#include +#ifndef SHIBSP_LITE +# include +# include +#endif #include #include @@ -75,7 +77,6 @@ namespace shibsp { const char* acsLocation, string& relayState ) const; - string m_appId; }; @@ -209,15 +210,16 @@ pair Shib1SessionInitiator::doRequest( string& relayState ) const { +#ifndef SHIBSP_LITE // Use metadata to invoke the SSO service directly. MetadataProvider* m=app.getMetadataProvider(); Locker locker(m); const EntityDescriptor* entity=m->getEntityDescriptor(entityID); - if (!entity) { - m_log.error("unable to locate metadata for provider (%s)", entityID); - throw MetadataException("Unable to locate metadata for identity provider ($entityID)", - namedparams(1, "entityID", entityID)); - } + if (!entity) { + m_log.error("unable to locate metadata for provider (%s)", entityID); + throw MetadataException("Unable to locate metadata for identity provider ($entityID)", + namedparams(1, "entityID", entityID)); + } const IDPSSODescriptor* role=entity->getIDPSSODescriptor(shibspconstants::SHIB1_PROTOCOL_ENUM); if (!role) { m_log.error("unable to locate Shibboleth-aware identity provider role for provider (%s)", entityID); @@ -246,4 +248,7 @@ pair Shib1SessionInitiator::doRequest( "&providerId=" + urlenc->encode(app.getString("entityID").second); return make_pair(true, httpResponse.sendRedirect(req.c_str())); +#else + return make_pair(false,0); +#endif } diff --git a/shibsp/handler/impl/WAYFSessionInitiator.cpp b/shibsp/handler/impl/WAYFSessionInitiator.cpp index 148573c..92de900 100644 --- a/shibsp/handler/impl/WAYFSessionInitiator.cpp +++ b/shibsp/handler/impl/WAYFSessionInitiator.cpp @@ -27,6 +27,7 @@ #include "handler/AbstractHandler.h" #include "handler/SessionInitiator.h" +#include #include #include diff --git a/shibsp/impl/RemotedSessionCache.cpp b/shibsp/impl/RemotedSessionCache.cpp index 888775b..45184eb 100644 --- a/shibsp/impl/RemotedSessionCache.cpp +++ b/shibsp/impl/RemotedSessionCache.cpp @@ -25,20 +25,19 @@ #include "exceptions.h" #include "ServiceProvider.h" #include "SessionCache.h" -#include "TransactionLog.h" #include "attribute/Attribute.h" #include "remoting/ListenerService.h" #include "util/SPConstants.h" +#include #include #include #include +#include #include #include using namespace shibsp; -using namespace opensaml::saml2md; -using namespace opensaml; using namespace xmltooling; using namespace log4cpp; using namespace std; @@ -50,19 +49,7 @@ namespace shibsp { { public: RemotedSession(RemotedCache* cache, DDF& obj) : m_version(obj["version"].integer()), m_obj(obj), - m_nameid(NULL), m_expires(0), m_lastAccess(time(NULL)), m_cache(cache), m_lock(NULL) { - const char* nameid = obj["nameid"].string(); - if (nameid) { - // Parse and bind the NameID into an XMLObject. - istringstream instr(nameid); - DOMDocument* doc = XMLToolingConfig::getConfig().getParser().parse(instr); - XercesJanitor janitor(doc); - auto_ptr n(saml2::NameIDBuilder::buildNameID()); - n->unmarshall(doc->getDocumentElement(), true); - janitor.release(); - m_nameid = n.release(); - } - + m_expires(0), m_lastAccess(time(NULL)), m_cache(cache), m_lock(NULL) { auto_ptr_XMLCh exp(m_obj["expires"].string()); if (exp.get()) { DateTime iso(exp.get()); @@ -76,9 +63,7 @@ namespace shibsp { ~RemotedSession() { delete m_lock; m_obj.destroy(); - delete m_nameid; for_each(m_attributes.begin(), m_attributes.end(), cleanup_pair()); - for_each(m_tokens.begin(), m_tokens.end(), cleanup_pair()); } Lockable* lock() { @@ -101,9 +86,6 @@ namespace shibsp { const char* getAuthnInstant() const { return m_obj["authn_instant"].string(); } - const opensaml::saml2::NameID* getNameID() const { - return m_nameid; - } const char* getSessionIndex() const { return m_obj["session_index"].string(); } @@ -130,15 +112,6 @@ namespace shibsp { return m_ids; } - const Assertion* getAssertion(const char* id) const; - - void addAttributes(const vector& attributes) { - throw ConfigurationException("addAttributes method not implemented by this session cache plugin."); - } - void addAssertion(Assertion* assertion) { - throw ConfigurationException("addAssertion method not implemented by this session cache plugin."); - } - time_t expires() const { return m_expires; } time_t lastAccess() const { return m_lastAccess; } void validate(const Application& application, const char* client_addr, time_t timeout, bool local=true); @@ -148,10 +121,8 @@ namespace shibsp { int m_version; mutable DDF m_obj; - saml2::NameID* m_nameid; mutable multimap m_attributes; mutable vector m_ids; - mutable map m_tokens; time_t m_expires,m_lastAccess; RemotedCache* m_cache; Mutex* m_lock; @@ -163,19 +134,6 @@ namespace shibsp { RemotedCache(const DOMElement* e); ~RemotedCache(); - string insert( - time_t expires, - const Application& application, - const char* client_addr=NULL, - const saml2md::EntityDescriptor* issuer=NULL, - const saml2::NameID* nameid=NULL, - const char* authn_instant=NULL, - const char* session_index=NULL, - const char* authncontext_class=NULL, - const char* authncontext_decl=NULL, - const vector* tokens=NULL, - const multimap* attributes=NULL - ); Session* find(const char* key, const Application& application, const char* client_addr=NULL, time_t timeout=0); void remove(const char* key, const Application& application, const char* client_addr); @@ -221,46 +179,13 @@ void RemotedSession::unmarshallAttributes() const } } -const Assertion* RemotedSession::getAssertion(const char* id) const -{ - map::const_iterator i = m_tokens.find(id); - if (i!=m_tokens.end()) - return i->second; - - // Fetch from remoted cache. - DDF in("getAssertion::"REMOTED_SESSION_CACHE"::SessionCache"); - DDFJanitor jin(in); - in.structure(); - in.addmember("key").string(m_obj.name()); - in.addmember("id").string(id); - - DDF out=SPConfig::getConfig().getServiceProvider()->getListenerService()->send(in); - DDFJanitor jout(out); - - // Parse and bind the document into an XMLObject. - istringstream instr(out.string()); - DOMDocument* doc = XMLToolingConfig::getConfig().getParser().parse(instr); - XercesJanitor janitor(doc); - auto_ptr xmlObject(XMLObjectBuilder::buildOneFromElement(doc->getDocumentElement(), true)); - janitor.release(); - - Assertion* token = dynamic_cast(xmlObject.get()); - if (!token) - throw FatalProfileException("Cached assertion was of an unknown object type."); - - // Transfer ownership to us. - xmlObject.release(); - m_tokens[id]=token; - return token; -} - void RemotedSession::validate(const Application& application, const char* client_addr, time_t timeout, bool local) { // Basic expiration? time_t now = time(NULL); if (now > m_expires) { m_cache->m_log.info("session expired (ID: %s)", m_obj.name()); - throw RetryableProfileException("Your session has expired, and you must re-authenticate."); + throw opensaml::RetryableProfileException("Your session has expired, and you must re-authenticate."); } // Address check? @@ -269,7 +194,7 @@ void RemotedSession::validate(const Application& application, const char* client m_cache->m_log.debug("comparing client address %s against %s", client_addr, getClientAddress()); if (strcmp(getClientAddress(),client_addr)) { m_cache->m_log.warn("client address mismatch"); - throw RetryableProfileException( + throw opensaml::RetryableProfileException( "Your IP address ($1) does not match the address recorded at the time the session was established.", params(1,client_addr) ); @@ -340,118 +265,6 @@ RemotedCache::~RemotedCache() delete shutdown_wait; } -string RemotedCache::insert( - time_t expires, - const Application& application, - const char* client_addr, - const saml2md::EntityDescriptor* issuer, - const saml2::NameID* nameid, - const char* authn_instant, - const char* session_index, - const char* authncontext_class, - const char* authncontext_decl, - const vector* tokens, - const multimap* attributes - ) -{ - DDF in("insert::"REMOTED_SESSION_CACHE"::SessionCache"); - DDFJanitor jin(in); - in.structure(); - if (expires) { -#ifndef HAVE_GMTIME_R - struct tm* ptime=gmtime(&expires); -#else - struct tm res; - struct tm* ptime=gmtime_r(&expires,&res); -#endif - char timebuf[32]; - strftime(timebuf,32,"%Y-%m-%dT%H:%M:%SZ",ptime); - in.addmember("expires").string(timebuf); - } - in.addmember("application_id").string(application.getId()); - if (client_addr) - in.addmember("client_addr").string(client_addr); - if (issuer) { - auto_ptr_char provid(issuer->getEntityID()); - in.addmember("entity_id").string(provid.get()); - } - if (authn_instant) - in.addmember("authn_instant").string(authn_instant); - if (session_index) - in.addmember("session_index").string(session_index); - if (authncontext_class) - in.addmember("authncontext_class").string(authncontext_class); - if (authncontext_decl) - in.addmember("authncontext_decl").string(authncontext_decl); - - if (nameid) { - ostringstream namestr; - namestr << *nameid; - in.addmember("nameid").string(namestr.str().c_str()); - } - - if (tokens) { - in.addmember("assertions").list(); - in.addmember("tokens").list(); - for (vector::const_iterator t = tokens->begin(); t!=tokens->end(); ++t) { - ostringstream tokenstr; - tokenstr << *(*t); - auto_ptr_char tokenid((*t)->getID()); - DDF tokid = DDF(NULL).string(tokenid.get()); - in["assertions"].add(tokid); - DDF tok = DDF(tokenid.get()).string(tokenstr.str().c_str()); - in["tokens"].add(tok); - } - } - - if (attributes) { - DDF attr; - DDF attrs = in.addmember("attributes").list(); - for (multimap::const_iterator a=attributes->begin(); a!=attributes->end(); ++a) { - attr = a->second->marshall(); - attrs.add(attr); - } - } - - DDF out=application.getServiceProvider().getListenerService()->send(in); - DDFJanitor jout(out); - if (out["key"].isstring()) { - // Transaction Logging - auto_ptr_char name(nameid ? nameid->getName() : NULL); - const char* pid = in["entity_id"].string(); - TransactionLog* xlog = application.getServiceProvider().getTransactionLog(); - Locker locker(xlog); - xlog->log.infoStream() << - "New session (ID: " << - out["key"].string() << - ") with (applicationId: " << - application.getId() << - ") for principal from (IdP: " << - (pid ? pid : "none") << - ") at (ClientAddress: " << - (client_addr ? client_addr : "none") << - ") with (NameIdentifier: " << - (name.get() ? name.get() : "none") << - ")"; - - if (attributes) { - xlog->log.infoStream() << - "Cached the following attributes with session (ID: " << - out["key"].string() << - ") for (applicationId: " << - application.getId() << - ") {"; - for (multimap::const_iterator a=attributes->begin(); a!=attributes->end(); ++a) - xlog->log.infoStream() << "\t" << a->second->getId() << " (" << a->second->valueCount() << " values)"; - xlog->log.info("}"); - for_each(attributes->begin(), attributes->end(), cleanup_pair()); - } - - return out["key"].string(); - } - throw RetryableProfileException("A remoted cache insertion operation did not return a usable session key."); -} - Session* RemotedCache::find(const char* key, const Application& application, const char* client_addr, time_t timeout) { #ifdef _DEBUG @@ -672,57 +485,3 @@ void* RemotedCache::cleanup_fn(void* cache_p) cache->cleanup(); return NULL; } - -/* These are currently unimplemented. - -void RemotedSession::addAttributes(const vector& attributes) -{ - DDF in("addAttributes::"REMOTED_SESSION_CACHE); - DDFJanitor jin(in); - in.structure(); - in.addmember("key").string(m_key.c_str()); - in.addmember("application_id").string(m_appId.c_str()); - - DDF attr; - DDF attrs = in.addmember("attributes").list(); - for (vector::const_iterator a=attributes.begin(); a!=attributes.end(); ++a) { - attr = (*a)->marshall(); - attrs.add(attr); - } - - attr=SPConfig::getConfig().getServiceProvider()->getListenerService()->send(in); - DDFJanitor jout(attr); - - // Transfer ownership to us. - m_attributes.insert(m_attributes.end(), attributes.begin(), attributes.end()); -} - -void RemotedSession::addAssertion(Assertion* assertion) -{ - if (!assertion) - throw FatalProfileException("Unknown object type passed to session cache for storage."); - - DDF in("addAssertion::"REMOTED_SESSION_CACHE); - DDFJanitor jin(in); - in.structure(); - in.addmember("key").string(m_key.c_str()); - in.addmember("application_id").string(m_appId.c_str()); - - ostringstream os; - os << *assertion; - string token(os.str()); - auto_ptr_char tokenid(assertion->getID()); - in.addmember("assertion_id").string(tokenid.get()); - in.addmember("assertion").string(token.c_str()); - - DDF out = SPConfig::getConfig().getServiceProvider()->getListenerService()->send(in); - out.destroy(); - - // Add to local record and token map. - // Next attempt to find and lock session will refresh from remote store anyway. - m_obj["assertions"].addmember(tokenid.get()).string(token.c_str()); - m_ids.clear(); - m_tokens[tokenid.get()] = assertion; -} - -*/ \ No newline at end of file diff --git a/shibsp/impl/XMLServiceProvider.cpp b/shibsp/impl/XMLServiceProvider.cpp index 92f7a08..7a296fb 100644 --- a/shibsp/impl/XMLServiceProvider.cpp +++ b/shibsp/impl/XMLServiceProvider.cpp @@ -29,34 +29,37 @@ #include "SessionCache.h" #include "SPConfig.h" #include "SPRequest.h" -#include "TransactionLog.h" -#include "attribute/filtering/AttributeFilter.h" -#include "attribute/resolver/AttributeExtractor.h" -#include "attribute/resolver/AttributeResolver.h" #include "handler/SessionInitiator.h" #include "remoting/ListenerService.h" -#include "security/PKIXTrustEngine.h" #include "util/DOMPropertySet.h" #include "util/SPConstants.h" -#include -#include #include #include -#include -#include -#include -#include +#include #include -#include #include #include +#include + +#ifndef SHIBSP_LITE +# include "TransactionLog.h" +# include "attribute/filtering/AttributeFilter.h" +# include "attribute/resolver/AttributeExtractor.h" +# include "attribute/resolver/AttributeResolver.h" +# include "security/PKIXTrustEngine.h" +# include +# include +# include +# include +# include #include - -using namespace shibsp; using namespace opensaml::saml2; using namespace opensaml::saml2md; using namespace opensaml; +#endif + +using namespace shibsp; using namespace xmltooling; using namespace log4cpp; using namespace std; @@ -82,6 +85,7 @@ namespace { const char* getId() const {return getString("id").second;} const char* getHash() const {return m_hash.c_str();} +#ifndef SHIBSP_LITE MetadataProvider* getMetadataProvider(bool required=true) const { if (required && !m_base && !m_metadata) throw ConfigurationException("No MetadataProvider available."); @@ -101,13 +105,17 @@ namespace { AttributeResolver* getAttributeResolver() const { return (!m_attrResolver && m_base) ? m_base->getAttributeResolver() : m_attrResolver; } - const set& getRemoteUserAttributeIds() const { - return (m_attributeIds.empty() && m_base) ? m_base->getRemoteUserAttributeIds() : m_attributeIds; - } CredentialResolver* getCredentialResolver() const { return (!m_credResolver && m_base) ? m_base->getCredentialResolver() : m_credResolver; } const PropertySet* getRelyingParty(const EntityDescriptor* provider) const; + const vector& getAudiences() const { + return (m_audiences.empty() && m_base) ? m_base->getAudiences() : m_audiences; + } +#endif + const set& getRemoteUserAttributeIds() const { + return (m_attributeIds.empty() && m_base) ? m_base->getRemoteUserAttributeIds() : m_attributeIds; + } const SessionInitiator* getDefaultSessionInitiator() const; const SessionInitiator* getSessionInitiatorById(const char* id) const; @@ -116,10 +124,6 @@ namespace { const vector& getAssertionConsumerServicesByBinding(const XMLCh* binding) const; const Handler* getHandler(const char* path) const; - const vector& getAudiences() const { - return (m_audiences.empty() && m_base) ? m_base->getAudiences() : m_audiences; - } - // Provides filter to exclude special config elements. short acceptNode(const DOMNode* node) const; @@ -128,6 +132,7 @@ namespace { const ServiceProvider* m_sp; // this is ok because its locking scope includes us const XMLApplication* m_base; string m_hash; +#ifndef SHIBSP_LITE MetadataProvider* m_metadata; TrustEngine* m_trust; AttributeExtractor* m_attrExtractor; @@ -135,6 +140,7 @@ namespace { AttributeResolver* m_attrResolver; CredentialResolver* m_credResolver; vector m_audiences; +#endif set m_attributeIds; // manage handler objects @@ -163,6 +169,7 @@ namespace { // maps unique ID strings to session initiators map m_sessionInitMap; +#ifndef SHIBSP_LITE // RelyingParty properties DOMPropertySet* m_partyDefault; #ifdef HAVE_GOOD_STL @@ -170,6 +177,7 @@ namespace { #else map m_partyMap; #endif +#endif }; // Top-level configuration implementation @@ -182,7 +190,9 @@ namespace { RequestMapper* m_requestMapper; map m_appmap; +#ifndef SHIBSP_LITE map< string,pair< PropertySet*,vector > > m_policyMap; +#endif // Provides filter to exclude special config elements. short acceptNode(const DOMNode* node) const; @@ -202,7 +212,11 @@ namespace { { public: XMLConfig(const DOMElement* e) : ReloadableXMLFile(e, Category::getInstance(SHIBSP_LOGCAT".Config")), - m_impl(NULL), m_listener(NULL), m_sessionCache(NULL), m_tranLog(NULL) { + m_impl(NULL), m_listener(NULL), m_sessionCache(NULL) +#ifndef SHIBSP_LITE + , m_tranLog(NULL) +#endif + { } void init() { @@ -213,10 +227,12 @@ namespace { delete m_impl; delete m_sessionCache; delete m_listener; +#ifndef SHIBSP_LITE delete m_tranLog; - XMLToolingConfig::getConfig().setReplayCache(NULL); SAMLConfig::getConfig().setArtifactMap(NULL); for_each(m_storage.begin(), m_storage.end(), cleanup_pair()); +#endif + XMLToolingConfig::getConfig().setReplayCache(NULL); } // PropertySet @@ -230,6 +246,7 @@ namespace { const DOMElement* getElement() const {return m_impl->getElement();} // ServiceProvider +#ifndef SHIBSP_LITE TransactionLog* getTransactionLog() const { if (m_tranLog) return m_tranLog; @@ -244,6 +261,7 @@ namespace { } return NULL; } +#endif ListenerService* getListenerService(bool required=true) const { if (required && !m_listener) @@ -268,6 +286,7 @@ namespace { return (i!=m_impl->m_appmap.end()) ? i->second : NULL; } +#ifndef SHIBSP_LITE const PropertySet* getPolicySettings(const char* id) const { map > >::const_iterator i = m_impl->m_policyMap.find(id); if (i!=m_impl->m_policyMap.end()) @@ -281,6 +300,7 @@ namespace { return i->second.second; throw ConfigurationException("Security Policy ($1) not found, check element.", params(1,id)); } +#endif protected: pair load(); @@ -290,8 +310,10 @@ namespace { XMLConfigImpl* m_impl; mutable ListenerService* m_listener; mutable SessionCache* m_sessionCache; +#ifndef SHIBSP_LITE mutable TransactionLog* m_tranLog; mutable map m_storage; +#endif }; #if defined (_MSC_VER) @@ -304,8 +326,12 @@ namespace { static const XMLCh _AttributeExtractor[] = UNICODE_LITERAL_18(A,t,t,r,i,b,u,t,e,E,x,t,r,a,c,t,o,r); static const XMLCh _AttributeFilter[] = UNICODE_LITERAL_15(A,t,t,r,i,b,u,t,e,F,i,l,t,e,r); static const XMLCh _AttributeResolver[] = UNICODE_LITERAL_17(A,t,t,r,i,b,u,t,e,R,e,s,o,l,v,e,r); + static const XMLCh _AssertionConsumerService[] = UNICODE_LITERAL_24(A,s,s,e,r,t,i,o,n,C,o,n,s,u,m,e,r,S,e,r,v,i,c,e); + static const XMLCh _Audience[] = UNICODE_LITERAL_8(A,u,d,i,e,n,c,e); + static const XMLCh Binding[] = UNICODE_LITERAL_7(B,i,n,d,i,n,g); static const XMLCh _CredentialResolver[] = UNICODE_LITERAL_18(C,r,e,d,e,n,t,i,a,l,R,e,s,o,l,v,e,r); static const XMLCh DefaultRelyingParty[] = UNICODE_LITERAL_19(D,e,f,a,u,l,t,R,e,l,y,i,n,g,P,a,r,t,y); + static const XMLCh _Extensions[] = UNICODE_LITERAL_10(E,x,t,e,n,s,i,o,n,s); static const XMLCh fatal[] = UNICODE_LITERAL_5(f,a,t,a,l); static const XMLCh _Handler[] = UNICODE_LITERAL_7(H,a,n,d,l,e,r); static const XMLCh _id[] = UNICODE_LITERAL_2(i,d); @@ -314,6 +340,7 @@ namespace { static const XMLCh Library[] = UNICODE_LITERAL_7(L,i,b,r,a,r,y); static const XMLCh Listener[] = UNICODE_LITERAL_8(L,i,s,t,e,n,e,r); static const XMLCh logger[] = UNICODE_LITERAL_6(l,o,g,g,e,r); + static const XMLCh _ManageNameIDService[] = UNICODE_LITERAL_19(M,a,n,a,g,e,N,a,m,e,I,D,S,e,r,v,i,c,e); static const XMLCh MemoryListener[] = UNICODE_LITERAL_14(M,e,m,o,r,y,L,i,s,t,e,n,e,r); static const XMLCh _MetadataProvider[] = UNICODE_LITERAL_16(M,e,t,a,d,a,t,a,P,r,o,v,i,d,e,r); static const XMLCh OutOfProcess[] = UNICODE_LITERAL_12(O,u,t,O,f,P,r,o,c,e,s,s); @@ -326,6 +353,7 @@ namespace { static const XMLCh SecurityPolicies[] = UNICODE_LITERAL_16(S,e,c,u,r,i,t,y,P,o,l,i,c,i,e,s); static const XMLCh _SessionCache[] = UNICODE_LITERAL_12(S,e,s,s,i,o,n,C,a,c,h,e); static const XMLCh _SessionInitiator[] = UNICODE_LITERAL_16(S,e,s,s,i,o,n,I,n,i,t,i,a,t,o,r); + static const XMLCh _SingleLogoutService[] = UNICODE_LITERAL_19(S,i,n,g,l,e,L,o,g,o,u,t,S,e,r,v,i,c,e); static const XMLCh _StorageService[] = UNICODE_LITERAL_14(S,t,o,r,a,g,e,S,e,r,v,i,c,e); static const XMLCh TCPListener[] = UNICODE_LITERAL_11(T,C,P,L,i,s,t,e,n,e,r); static const XMLCh _TrustEngine[] = UNICODE_LITERAL_11(T,r,u,s,t,E,n,g,i,n,e); @@ -354,8 +382,11 @@ XMLApplication::XMLApplication( const ServiceProvider* sp, const DOMElement* e, const XMLApplication* base - ) : m_sp(sp), m_base(base), m_metadata(NULL), m_trust(NULL), m_attrExtractor(NULL), m_attrFilter(NULL), m_attrResolver(NULL), - m_credResolver(NULL), m_partyDefault(NULL), m_sessionInitDefault(NULL), m_acsDefault(NULL) + ) : m_sp(sp), m_base(base), +#ifndef SHIBSP_LITE + m_metadata(NULL), m_trust(NULL), m_attrExtractor(NULL), m_attrFilter(NULL), m_attrResolver(NULL), m_credResolver(NULL), m_partyDefault(NULL), +#endif + m_sessionInitDefault(NULL), m_acsDefault(NULL) { #ifdef _DEBUG xmltooling::NDC ndc("XMLApplication"); @@ -369,12 +400,15 @@ XMLApplication::XMLApplication( setParent(base); SPConfig& conf=SPConfig::getConfig(); +#ifndef SHIBSP_LITE SAMLConfig& samlConf=SAMLConfig::getConfig(); +#endif XMLToolingConfig& xmlConf=XMLToolingConfig::getConfig(); m_hash=getId(); m_hash+=getString("entityID").second; - m_hash=samlConf.hashSHA1(m_hash.c_str(), true); + // TODO: some kind of non-hash method + //m_hash=samlConf.hashSHA1(m_hash.c_str(), true); pair attributes = getString("REMOTE_USER"); if (attributes.first) { @@ -405,8 +439,8 @@ XMLApplication::XMLApplication( try { // A handler is based on the Binding property in conjunction with the element name. // If it's an ACS or SI, also handle index/id mappings and defaulting. - if (XMLHelper::isNodeNamed(child,samlconstants::SAML20MD_NS,AssertionConsumerService::LOCAL_NAME)) { - auto_ptr_char bindprop(child->getAttributeNS(NULL,EndpointType::BINDING_ATTRIB_NAME)); + if (XMLString::equals(child->getLocalName(),_AssertionConsumerService)) { + auto_ptr_char bindprop(child->getAttributeNS(NULL,Binding)); if (!bindprop.get() || !*(bindprop.get())) { log.warn("md:AssertionConsumerService element has no Binding attribute, skipping it..."); child = XMLHelper::getNextSiblingElement(child); @@ -457,8 +491,8 @@ XMLApplication::XMLApplication( m_sessionInitDefault=sihandler; } } - else if (XMLHelper::isNodeNamed(child,samlconstants::SAML20MD_NS,SingleLogoutService::LOCAL_NAME)) { - auto_ptr_char bindprop(child->getAttributeNS(NULL,EndpointType::BINDING_ATTRIB_NAME)); + else if (XMLString::equals(child->getLocalName(),_SingleLogoutService)) { + auto_ptr_char bindprop(child->getAttributeNS(NULL,Binding)); if (!bindprop.get() || !*(bindprop.get())) { log.warn("md:SingleLogoutService element has no Binding attribute, skipping it..."); child = XMLHelper::getNextSiblingElement(child); @@ -466,8 +500,8 @@ XMLApplication::XMLApplication( } handler=conf.SingleLogoutServiceManager.newPlugin(bindprop.get(),make_pair(child, getId())); } - else if (XMLHelper::isNodeNamed(child,samlconstants::SAML20MD_NS,ManageNameIDService::LOCAL_NAME)) { - auto_ptr_char bindprop(child->getAttributeNS(NULL,EndpointType::BINDING_ATTRIB_NAME)); + else if (XMLString::equals(child->getLocalName(),_ManageNameIDService)) { + auto_ptr_char bindprop(child->getAttributeNS(NULL,Binding)); if (!bindprop.get() || !*(bindprop.get())) { log.warn("md:ManageNameIDService element has no Binding attribute, skipping it..."); child = XMLHelper::getNextSiblingElement(child); @@ -503,6 +537,7 @@ XMLApplication::XMLApplication( child = XMLHelper::getNextSiblingElement(child); } +#ifndef SHIBSP_LITE DOMNodeList* nlist=e->getElementsByTagNameNS(samlconstants::SAML20_NS,Audience::LOCAL_NAME); for (XMLSize_t i=0; nlist && igetLength(); i++) if (nlist->item(i)->getParentNode()->isSameNode(e) && nlist->item(i)->hasChildNodes()) @@ -593,7 +628,6 @@ XMLApplication::XMLApplication( } } - // Finally, load relying parties. child = XMLHelper::getFirstChildElement(e,DefaultRelyingParty); if (child) { @@ -607,11 +641,7 @@ XMLApplication::XMLApplication( child = XMLHelper::getNextSiblingElement(child,RelyingParty); } } - - if (conf.isEnabled(SPConfig::OutOfProcess)) { - // Really finally, build local browser profile and binding objects. - // TODO: may need some bits here... - } +#endif } catch (exception&) { cleanup(); @@ -627,32 +657,31 @@ XMLApplication::XMLApplication( void XMLApplication::cleanup() { + for_each(m_handlers.begin(),m_handlers.end(),xmltooling::cleanup()); +#ifndef SHIBSP_LITE delete m_partyDefault; #ifdef HAVE_GOOD_STL for_each(m_partyMap.begin(),m_partyMap.end(),cleanup_pair()); #else for_each(m_partyMap.begin(),m_partyMap.end(),cleanup_pair()); #endif - for_each(m_handlers.begin(),m_handlers.end(),xmltooling::cleanup()); delete m_credResolver; delete m_attrResolver; delete m_attrFilter; delete m_attrExtractor; delete m_trust; delete m_metadata; +#endif } short XMLApplication::acceptNode(const DOMNode* node) const { - if (XMLHelper::isNodeNamed(node,samlconstants::SAML20_NS,saml2::Attribute::LOCAL_NAME)) - return FILTER_REJECT; - else if (XMLHelper::isNodeNamed(node,samlconstants::SAML20_NS,Audience::LOCAL_NAME)) - return FILTER_REJECT; const XMLCh* name=node->getLocalName(); if (XMLString::equals(name,_Application) || - XMLString::equals(name,AssertionConsumerService::LOCAL_NAME) || - XMLString::equals(name,SingleLogoutService::LOCAL_NAME) || - XMLString::equals(name,ManageNameIDService::LOCAL_NAME) || + XMLString::equals(name,_Audience) || + XMLString::equals(name,_AssertionConsumerService) || + XMLString::equals(name,_SingleLogoutService) || + XMLString::equals(name,_ManageNameIDService) || XMLString::equals(name,_SessionInitiator) || XMLString::equals(name,DefaultRelyingParty) || XMLString::equals(name,RelyingParty) || @@ -667,6 +696,8 @@ short XMLApplication::acceptNode(const DOMNode* node) const return FILTER_ACCEPT; } +#ifndef SHIBSP_LITE + const PropertySet* XMLApplication::getRelyingParty(const EntityDescriptor* provider) const { if (!m_partyDefault && m_base) @@ -703,6 +734,8 @@ const PropertySet* XMLApplication::getRelyingParty(const EntityDescriptor* provi return m_partyDefault; } +#endif + const SessionInitiator* XMLApplication::getDefaultSessionInitiator() const { if (m_sessionInitDefault) return m_sessionInitDefault; @@ -758,7 +791,7 @@ short XMLConfigImpl::acceptNode(const DOMNode* node) const const XMLCh* name=node->getLocalName(); if (XMLString::equals(name,Applications) || XMLString::equals(name,_ArtifactMap) || - XMLString::equals(name,Extensions::LOCAL_NAME) || + XMLString::equals(name,_Extensions) || XMLString::equals(name,Implementation) || XMLString::equals(name,Listener) || XMLString::equals(name,MemoryListener) || @@ -776,7 +809,7 @@ short XMLConfigImpl::acceptNode(const DOMNode* node) const void XMLConfigImpl::doExtensions(const DOMElement* e, const char* label, Category& log) { - const DOMElement* exts=XMLHelper::getFirstChildElement(e,Extensions::LOCAL_NAME); + const DOMElement* exts=XMLHelper::getFirstChildElement(e,_Extensions); if (exts) { exts=XMLHelper::getFirstChildElement(exts,Library); while (exts) { @@ -811,7 +844,9 @@ XMLConfigImpl::XMLConfigImpl(const DOMElement* e, bool first, const XMLConfig* o try { SPConfig& conf=SPConfig::getConfig(); +#ifndef SHIBSP_LITE SAMLConfig& samlConf=SAMLConfig::getConfig(); +#endif XMLToolingConfig& xmlConf=XMLToolingConfig::getConfig(); const DOMElement* SHAR=XMLHelper::getFirstChildElement(e,OutOfProcess); const DOMElement* SHIRE=XMLHelper::getFirstChildElement(e,InProcess); @@ -831,8 +866,10 @@ XMLConfigImpl::XMLConfigImpl(const DOMElement* e, bool first, const XMLConfig* o XMLToolingConfig::getConfig().log_config(logpath.get()); } +#ifndef SHIBSP_LITE if (first) m_outer->m_tranLog = new TransactionLog(); +#endif } // First load any property sets. @@ -891,6 +928,7 @@ XMLConfigImpl::XMLConfigImpl(const DOMElement* e, bool first, const XMLConfig* o if (conf.isEnabled(SPConfig::Caching)) { if (conf.isEnabled(SPConfig::OutOfProcess)) { +#ifndef SHIBSP_LITE // First build any StorageServices. string inmemID; child=XMLHelper::getFirstChildElement(SHAR,_StorageService); @@ -966,6 +1004,7 @@ XMLConfigImpl::XMLConfigImpl(const DOMElement* e, bool first, const XMLConfig* o log.info("building in-memory ArtifactMap..."); samlConf.setArtifactMap(new ArtifactMap(child)); } +#endif } else { child=XMLHelper::getFirstChildElement(SHIRE,_SessionCache); @@ -992,6 +1031,7 @@ XMLConfigImpl::XMLConfigImpl(const DOMElement* e, bool first, const XMLConfig* o } } +#ifndef SHIBSP_LITE // Load security policies. child = XMLHelper::getLastChildElement(e,SecurityPolicies); if (child) { @@ -1018,6 +1058,7 @@ XMLConfigImpl::XMLConfigImpl(const DOMElement* e, bool first, const XMLConfig* o child = XMLHelper::getNextSiblingElement(child,Policy); } } +#endif // Load the default application. This actually has a fixed ID of "default". ;-) child=XMLHelper::getLastChildElement(e,Applications); @@ -1055,10 +1096,12 @@ XMLConfigImpl::XMLConfigImpl(const DOMElement* e, bool first, const XMLConfig* o XMLConfigImpl::~XMLConfigImpl() { for_each(m_appmap.begin(),m_appmap.end(),cleanup_pair()); +#ifndef SHIBSP_LITE for (map< string,pair > >::iterator i=m_policyMap.begin(); i!=m_policyMap.end(); ++i) { delete i->second.first; for_each(i->second.second.begin(), i->second.second.end(), xmltooling::cleanup()); } +#endif delete m_requestMapper; if (m_document) m_document->release(); diff --git a/shibsp/lite/CGIParser.cpp b/shibsp/lite/CGIParser.cpp new file mode 100644 index 0000000..5c90eda --- /dev/null +++ b/shibsp/lite/CGIParser.cpp @@ -0,0 +1,124 @@ +/* + * Copyright 2001-2007 Internet2 + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +/** + * CGIParser.cpp + * + * CGI GET/POST parameter parsing + */ + +#include "internal.h" +#include "lite/CGIParser.h" + +#include +#include + +using namespace opensaml; +using namespace xmltooling; +using namespace std; + + +CGIParser::CGIParser(const HTTPRequest& request) +{ + const char* pch=NULL; + if (!strcmp(request.getMethod(),"POST")) + pch=request.getRequestBody(); + else + pch=request.getQueryString(); + size_t cl=pch ? strlen(pch) : 0; + + const URLEncoder* dec = XMLToolingConfig::getConfig().getURLEncoder(); + while (cl && pch) { + char *name; + char *value; + value=fmakeword('&',&cl,&pch); + plustospace(value); + dec->decode(value); + name=makeword(value,'='); + kvp_map.insert(pair(name,value)); + free(name); + } +} + +CGIParser::~CGIParser() +{ + for (multimap::iterator i=kvp_map.begin(); i!=kvp_map.end(); i++) + free(i->second); +} + +pair CGIParser::getParameters(const char* name) const +{ + return kvp_map.equal_range(name); +} + +/* Parsing routines modified from NCSA source. */ +char* CGIParser::makeword(char *line, char stop) +{ + int x = 0,y; + char *word = (char *) malloc(sizeof(char) * (strlen(line) + 1)); + + for(x=0;((line[x]) && (line[x] != stop));x++) + word[x] = line[x]; + + word[x] = '\0'; + if(line[x]) + ++x; + y=0; + + while(line[x]) + line[y++] = line[x++]; + line[y] = '\0'; + return word; +} + +char* CGIParser::fmakeword(char stop, size_t *cl, const char** ppch) +{ + int wsize; + char *word; + int ll; + + wsize = 1024; + ll=0; + word = (char *) malloc(sizeof(char) * (wsize + 1)); + + while(1) + { + word[ll] = *((*ppch)++); + if(ll==wsize-1) + { + word[ll+1] = '\0'; + wsize+=1024; + word = (char *)realloc(word,sizeof(char)*(wsize+1)); + } + --(*cl); + if((word[ll] == stop) || word[ll] == EOF || (!(*cl))) + { + if(word[ll] != stop) + ll++; + word[ll] = '\0'; + return word; + } + ++ll; + } +} + +void CGIParser::plustospace(char *str) +{ + register int x; + + for(x=0;str[x];x++) + if(str[x] == '+') str[x] = ' '; +} diff --git a/shibsp/lite/CGIParser.h b/shibsp/lite/CGIParser.h new file mode 100644 index 0000000..4788b42 --- /dev/null +++ b/shibsp/lite/CGIParser.h @@ -0,0 +1,77 @@ +/* + * Copyright 2001-2007 Internet2 + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +/** + * @file shibsp/lite/CGIParser.h + * + * CGI GET/POST parameter parsing + */ + +#ifndef __shibsp_cgi_h__ +#define __shibsp_cgi_h__ + +#include +#include + +namespace opensaml { + +#if defined (_MSC_VER) + #pragma warning( push ) + #pragma warning( disable : 4251 ) +#endif + + /** + * CGI GET/POST parameter parsing + */ + class SHIBSP_API CGIParser + { + MAKE_NONCOPYABLE(CGIParser); + public: + /** + * Constructor + * + * @param request HTTP request interface + */ + CGIParser(const xmltooling::HTTPRequest& request); + + ~CGIParser(); + + /** Alias for multimap iterator. */ + typedef std::multimap::const_iterator walker; + + /** + * Returns a pair of bounded iterators around the values of a parameter. + * + * @param name name of parameter + * @return a pair of multimap iterators surrounding the matching value(s) + */ + std::pair getParameters(const char* name) const; + + private: + char* fmakeword(char stop, unsigned int *cl, const char** ppch); + char* makeword(char *line, char stop); + void plustospace(char *str); + + std::multimap kvp_map; + }; + +#if defined (_MSC_VER) + #pragma warning( pop ) +#endif + +}; + +#endif /* __shibsp_cgi_h__ */ diff --git a/shibsp/lite/CommonDomainCookie.cpp b/shibsp/lite/CommonDomainCookie.cpp new file mode 100644 index 0000000..fd3bfba --- /dev/null +++ b/shibsp/lite/CommonDomainCookie.cpp @@ -0,0 +1,100 @@ +/* + * Copyright 2001-2007 Internet2 + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +/** + * CommonDomainCookie.cpp + * + * Helper class for maintaining discovery cookie. + */ + +#include "internal.h" +#include "lite/CommonDomainCookie.h" + +#include +#include +#include + +using namespace opensaml; +using namespace xmltooling; +using namespace std; + +const char CommonDomainCookie::CDCName[] = "_saml_idp"; + +CommonDomainCookie::CommonDomainCookie(const char* cookie) +{ + if (!cookie) + return; + + // Copy it so we can URL-decode it. + char* b64=strdup(cookie); + XMLToolingConfig::getConfig().getURLEncoder()->decode(b64); + + // Chop it up and save off elements. + vector templist; + char* ptr=b64; + while (*ptr) { + while (*ptr && isspace(*ptr)) ptr++; + char* end=ptr; + while (*end && !isspace(*end)) end++; + templist.push_back(string(ptr,end-ptr)); + ptr=end; + } + free(b64); + + // Now Base64 decode the list. + unsigned int len; + for (vector::iterator i=templist.begin(); i!=templist.end(); ++i) { + XMLByte* decoded=Base64::decode(reinterpret_cast(i->c_str()),&len); + if (decoded && *decoded) { + m_list.push_back(reinterpret_cast(decoded)); + XMLString::release(&decoded); + } + } +} + +const char* CommonDomainCookie::set(const char* entityID) +{ + // First scan the list for this IdP. + for (vector::iterator i=m_list.begin(); i!=m_list.end(); i++) { + if (*i == entityID) { + m_list.erase(i); + break; + } + } + + // Append it to the end. + m_list.push_back(entityID); + + // Now rebuild the delimited list. + unsigned int len; + string delimited; + for (vector::const_iterator j=m_list.begin(); j!=m_list.end(); j++) { + if (!delimited.empty()) delimited += ' '; + + XMLByte* b64=Base64::encode(reinterpret_cast(j->c_str()),j->length(),&len); + XMLByte *pos, *pos2; + for (pos=b64, pos2=b64; *pos2; pos2++) + if (isgraph(*pos2)) + *pos++=*pos2; + *pos=0; + + delimited += reinterpret_cast(b64); + XMLString::release(&b64); + } + + m_encoded=XMLToolingConfig::getConfig().getURLEncoder()->encode(delimited.c_str()); + return m_encoded.c_str(); +} diff --git a/shibsp/lite/CommonDomainCookie.h b/shibsp/lite/CommonDomainCookie.h new file mode 100644 index 0000000..a15f88c --- /dev/null +++ b/shibsp/lite/CommonDomainCookie.h @@ -0,0 +1,82 @@ +/* + * Copyright 2001-2007 Internet2 + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +/** + * @file shibsp/lite/CommonDomainCookie.h + * + * Helper class for maintaining discovery cookie. + */ + +#ifndef __shibsp_cdc_h__ +#define __shibsp_cdc_h__ + +#include + +#include +#include + +#if defined (_MSC_VER) + #pragma warning( push ) + #pragma warning( disable : 4250 4251 ) +#endif + +namespace opensaml { + /** + * Helper class for maintaining discovery cookie. + */ + class SHIBSP_API CommonDomainCookie { + MAKE_NONCOPYABLE(CommonDomainCookie); + public: + /** + * Parses a cookie for reading or writing. + * + * @param cookie the raw cookie value + */ + CommonDomainCookie(const char* cookie); + + ~CommonDomainCookie() {} + + /** + * Returns list of IdPs stored in cookie. + * + * @return reference to vector of entityIDs + */ + const std::vector& get() const { + return m_list; + } + + /** + * Adds/moves an IdP to the front of the list. + * + * @param entityID name of IdP to add + * @return new value of cookie + */ + const char* set(const char* entityID); + + /** Name of cookie ("_saml_idp") */ + static const char CDCName[]; + + private: + std::string m_encoded; + std::vector m_list; + }; +}; + +#if defined (_MSC_VER) + #pragma warning( pop ) +#endif + +#endif /* __saml_cdc_h__ */ diff --git a/shibsp/lite/SAMLConstants.cpp b/shibsp/lite/SAMLConstants.cpp new file mode 100644 index 0000000..f924cd4 --- /dev/null +++ b/shibsp/lite/SAMLConstants.cpp @@ -0,0 +1,203 @@ +/* + * Copyright 2001-2007 Internet2 + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +/** + * SAMLConstants.cpp + * + * SAML XML namespace constants + */ + + +#include "internal.h" +#include "lite/SAMLConstants.h" +#include + +using namespace xercesc; +using namespace samlconstants; + +const XMLCh samlconstants::PAOS_NS[] = // urn:liberty:paos:2003-08 +{ chLatin_u, chLatin_r, chLatin_n, chColon, + chLatin_l, chLatin_i, chLatin_b, chLatin_e, chLatin_r, chLatin_t, chLatin_y, chColon, + chLatin_p, chLatin_a, chLatin_o, chLatin_s, chColon, + chDigit_2, chDigit_0, chDigit_0, chDigit_3, chDash, chDigit_0, chDigit_8, chNull +}; + +const XMLCh samlconstants::PAOS_PREFIX[] = UNICODE_LITERAL_4(p,a,o,s); + +const XMLCh samlconstants::SAML1_NS[] = // urn:oasis:names:tc:SAML:1.0:assertion +{ chLatin_u, chLatin_r, chLatin_n, chColon, chLatin_o, chLatin_a, chLatin_s, chLatin_i, chLatin_s, chColon, + chLatin_n, chLatin_a, chLatin_m, chLatin_e, chLatin_s, chColon, chLatin_t, chLatin_c, chColon, + chLatin_S, chLatin_A, chLatin_M, chLatin_L, chColon, chDigit_1, chPeriod, chDigit_0, chColon, + chLatin_a, chLatin_s, chLatin_s, chLatin_e, chLatin_r, chLatin_t, chLatin_i, chLatin_o, chLatin_n, chNull +}; + +const XMLCh samlconstants::SAML1P_NS[] = // urn:oasis:names:tc:SAML:1.0:protocol +{ chLatin_u, chLatin_r, chLatin_n, chColon, chLatin_o, chLatin_a, chLatin_s, chLatin_i, chLatin_s, chColon, + chLatin_n, chLatin_a, chLatin_m, chLatin_e, chLatin_s, chColon, chLatin_t, chLatin_c, chColon, + chLatin_S, chLatin_A, chLatin_M, chLatin_L, chColon, chDigit_1, chPeriod, chDigit_0, chColon, + chLatin_p, chLatin_r, chLatin_o, chLatin_t, chLatin_o, chLatin_c, chLatin_o, chLatin_l, chNull +}; + +const XMLCh samlconstants::SAML1_PREFIX[] = UNICODE_LITERAL_4(s,a,m,l); + +const XMLCh samlconstants::SAML1P_PREFIX[] = UNICODE_LITERAL_5(s,a,m,l,p); + +const XMLCh samlconstants::SAML20_VERSION[] = // 2.0 +{ chDigit_2, chPeriod, chDigit_0, chNull +}; + +const XMLCh samlconstants::SAML20_NS[] = // urn:oasis:names:tc:SAML:2.0:assertion +{ chLatin_u, chLatin_r, chLatin_n, chColon, chLatin_o, chLatin_a, chLatin_s, chLatin_i, chLatin_s, chColon, + chLatin_n, chLatin_a, chLatin_m, chLatin_e, chLatin_s, chColon, chLatin_t, chLatin_c, chColon, + chLatin_S, chLatin_A, chLatin_M, chLatin_L, chColon, chDigit_2, chPeriod, chDigit_0, chColon, + chLatin_a, chLatin_s, chLatin_s, chLatin_e, chLatin_r, chLatin_t, chLatin_i, chLatin_o, chLatin_n, chNull +}; + +const XMLCh samlconstants::SAML20P_NS[] = // urn:oasis:names:tc:SAML:2.0:protocol +{ chLatin_u, chLatin_r, chLatin_n, chColon, chLatin_o, chLatin_a, chLatin_s, chLatin_i, chLatin_s, chColon, + chLatin_n, chLatin_a, chLatin_m, chLatin_e, chLatin_s, chColon, chLatin_t, chLatin_c, chColon, + chLatin_S, chLatin_A, chLatin_M, chLatin_L, chColon, chDigit_2, chPeriod, chDigit_0, chColon, + chLatin_p, chLatin_r, chLatin_o, chLatin_t, chLatin_o, chLatin_c, chLatin_o, chLatin_l, chNull +}; + +const XMLCh samlconstants::SAML20MD_NS[] = // urn:oasis:names:tc:SAML:2.0:metadata +{ chLatin_u, chLatin_r, chLatin_n, chColon, chLatin_o, chLatin_a, chLatin_s, chLatin_i, chLatin_s, chColon, + chLatin_n, chLatin_a, chLatin_m, chLatin_e, chLatin_s, chColon, chLatin_t, chLatin_c, chColon, + chLatin_S, chLatin_A, chLatin_M, chLatin_L, chColon, chDigit_2, chPeriod, chDigit_0, chColon, + chLatin_m, chLatin_e, chLatin_t, chLatin_a, chLatin_d, chLatin_a, chLatin_t, chLatin_a, chNull +}; + +const XMLCh samlconstants::SAML20AC_NS[] = // urn:oasis:names:tc:SAML:2.0:ac +{ chLatin_u, chLatin_r, chLatin_n, chColon, chLatin_o, chLatin_a, chLatin_s, chLatin_i, chLatin_s, chColon, + chLatin_n, chLatin_a, chLatin_m, chLatin_e, chLatin_s, chColon, chLatin_t, chLatin_c, chColon, + chLatin_S, chLatin_A, chLatin_M, chLatin_L, chColon, chDigit_2, chPeriod, chDigit_0, chColon, + chLatin_a, chLatin_c, chNull +}; + +const XMLCh samlconstants::SAML20_PREFIX[] = UNICODE_LITERAL_4(s,a,m,l); + +const XMLCh samlconstants::SAML20P_PREFIX[] = UNICODE_LITERAL_5(s,a,m,l,p); + +const XMLCh samlconstants::SAML20MD_PREFIX[] = UNICODE_LITERAL_2(m,d); + +const XMLCh samlconstants::SAML20AC_PREFIX[] = UNICODE_LITERAL_2(a,c); + +const XMLCh samlconstants::SAML20ECP_NS[] = // urn:oasis:names:tc:SAML:2.0:profiles:SSO:ecp +{ chLatin_u, chLatin_r, chLatin_n, chColon, chLatin_o, chLatin_a, chLatin_s, chLatin_i, chLatin_s, chColon, + chLatin_n, chLatin_a, chLatin_m, chLatin_e, chLatin_s, chColon, chLatin_t, chLatin_c, chColon, + chLatin_S, chLatin_A, chLatin_M, chLatin_L, chColon, chDigit_2, chPeriod, chDigit_0, chColon, + chLatin_p, chLatin_r, chLatin_o, chLatin_f, chLatin_i, chLatin_l, chLatin_e, chLatin_s, chColon, + chLatin_S, chLatin_S, chLatin_O, chColon, chLatin_e, chLatin_c, chLatin_p, chNull +}; + +const XMLCh samlconstants::SAML20ECP_PREFIX[] = UNICODE_LITERAL_3(e,c,p); + +const XMLCh samlconstants::SAML20DCE_NS[] = // urn:oasis:names:tc:SAML:2.0:profiles:attribute:DCE +{ chLatin_u, chLatin_r, chLatin_n, chColon, chLatin_o, chLatin_a, chLatin_s, chLatin_i, chLatin_s, chColon, + chLatin_n, chLatin_a, chLatin_m, chLatin_e, chLatin_s, chColon, chLatin_t, chLatin_c, chColon, + chLatin_S, chLatin_A, chLatin_M, chLatin_L, chColon, chDigit_2, chPeriod, chDigit_0, chColon, + chLatin_p, chLatin_r, chLatin_o, chLatin_f, chLatin_i, chLatin_l, chLatin_e, chLatin_s, chColon, + chLatin_a, chLatin_t, chLatin_t, chLatin_r, chLatin_i, chLatin_b, chLatin_u, chLatin_t, chLatin_e, chColon, + chLatin_D, chLatin_C, chLatin_E, chNull +}; + +const XMLCh samlconstants::SAML20DCE_PREFIX[] = UNICODE_LITERAL_3(D,C,E); + +const XMLCh samlconstants::SAML20X500_NS[] = // urn:oasis:names:tc:SAML:2.0:profiles:attribute:X500 +{ chLatin_u, chLatin_r, chLatin_n, chColon, chLatin_o, chLatin_a, chLatin_s, chLatin_i, chLatin_s, chColon, + chLatin_n, chLatin_a, chLatin_m, chLatin_e, chLatin_s, chColon, chLatin_t, chLatin_c, chColon, + chLatin_S, chLatin_A, chLatin_M, chLatin_L, chColon, chDigit_2, chPeriod, chDigit_0, chColon, + chLatin_p, chLatin_r, chLatin_o, chLatin_f, chLatin_i, chLatin_l, chLatin_e, chLatin_s, chColon, + chLatin_a, chLatin_t, chLatin_t, chLatin_r, chLatin_i, chLatin_b, chLatin_u, chLatin_t, chLatin_e, chColon, + chLatin_X, chDigit_5, chDigit_0, chDigit_0, chNull +}; + +const XMLCh samlconstants::SAML20X500_PREFIX[] = { chLatin_x, chDigit_5, chDigit_0, chDigit_0 }; + +const XMLCh samlconstants::SAML20XACML_NS[] = // urn:oasis:names:tc:SAML:2.0:profiles:attribute:XACML +{ chLatin_u, chLatin_r, chLatin_n, chColon, chLatin_o, chLatin_a, chLatin_s, chLatin_i, chLatin_s, chColon, + chLatin_n, chLatin_a, chLatin_m, chLatin_e, chLatin_s, chColon, chLatin_t, chLatin_c, chColon, + chLatin_S, chLatin_A, chLatin_M, chLatin_L, chColon, chDigit_2, chPeriod, chDigit_0, chColon, + chLatin_p, chLatin_r, chLatin_o, chLatin_f, chLatin_i, chLatin_l, chLatin_e, chLatin_s, chColon, + chLatin_a, chLatin_t, chLatin_t, chLatin_r, chLatin_i, chLatin_b, chLatin_u, chLatin_t, chLatin_e, chColon, + chLatin_X, chLatin_A, chLatin_C, chLatin_M, chLatin_L, chNull +}; + +const XMLCh samlconstants::SAML20XACML_PREFIX[] = UNICODE_LITERAL_9(x,a,c,m,l,p,r,o,f); + +const XMLCh samlconstants::SAML1MD_NS[] = // urn:oasis:names:tc:SAML:profiles:v1metadata +{ chLatin_u, chLatin_r, chLatin_n, chColon, chLatin_o, chLatin_a, chLatin_s, chLatin_i, chLatin_s, chColon, + chLatin_n, chLatin_a, chLatin_m, chLatin_e, chLatin_s, chColon, chLatin_t, chLatin_c, chColon, + chLatin_S, chLatin_A, chLatin_M, chLatin_L, chColon, + chLatin_p, chLatin_r, chLatin_o, chLatin_f, chLatin_i, chLatin_l, chLatin_e, chLatin_s, chColon, + chLatin_v, chDigit_1, chLatin_m, chLatin_e, chLatin_t, chLatin_a, chLatin_d, chLatin_a, chLatin_t, chLatin_a, chNull +}; + +const XMLCh samlconstants::SAML1MD_PREFIX[] = +{ chLatin_s, chLatin_a, chLatin_m, chLatin_l, chDigit_1, chLatin_m, chLatin_d, chNull }; + +const XMLCh samlconstants::SAML10_PROTOCOL_ENUM[] = // urn:oasis:names:tc:SAML:1.0:protocol +{ chLatin_u, chLatin_r, chLatin_n, chColon, chLatin_o, chLatin_a, chLatin_s, chLatin_i, chLatin_s, chColon, + chLatin_n, chLatin_a, chLatin_m, chLatin_e, chLatin_s, chColon, chLatin_t, chLatin_c, chColon, + chLatin_S, chLatin_A, chLatin_M, chLatin_L, chColon, chDigit_1, chPeriod, chDigit_0, chColon, + chLatin_p, chLatin_r, chLatin_o, chLatin_t, chLatin_o, chLatin_c, chLatin_o, chLatin_l, chNull +}; + +const XMLCh samlconstants::SAML11_PROTOCOL_ENUM[] = // urn:oasis:names:tc:SAML:1.1:protocol +{ chLatin_u, chLatin_r, chLatin_n, chColon, chLatin_o, chLatin_a, chLatin_s, chLatin_i, chLatin_s, chColon, + chLatin_n, chLatin_a, chLatin_m, chLatin_e, chLatin_s, chColon, chLatin_t, chLatin_c, chColon, + chLatin_S, chLatin_A, chLatin_M, chLatin_L, chColon, chDigit_1, chPeriod, chDigit_1, chColon, + chLatin_p, chLatin_r, chLatin_o, chLatin_t, chLatin_o, chLatin_c, chLatin_o, chLatin_l, chNull +}; + +const XMLCh samlconstants::SAML20MD_QUERY_EXT_NS[] = // urn:oasis:names:tc:SAML:metadata:ext:query +{ chLatin_u, chLatin_r, chLatin_n, chColon, chLatin_o, chLatin_a, chLatin_s, chLatin_i, chLatin_s, chColon, + chLatin_n, chLatin_a, chLatin_m, chLatin_e, chLatin_s, chColon, chLatin_t, chLatin_c, chColon, + chLatin_S, chLatin_A, chLatin_M, chLatin_L, chColon, + chLatin_m, chLatin_e, chLatin_t, chLatin_a, chLatin_d, chLatin_a, chLatin_t, chLatin_a, chColon, + chLatin_e, chLatin_x, chLatin_t, chColon, chLatin_q, chLatin_u, chLatin_e, chLatin_r, chLatin_y, chNull +}; + +const XMLCh samlconstants::SAML20MD_QUERY_EXT_PREFIX[] = UNICODE_LITERAL_5(q,u,e,r,y); + +const XMLCh samlconstants::SAML20P_THIRDPARTY_EXT_NS[] = // urn:oasis:names:tc:SAML:protocol:ext:third-party +{ chLatin_u, chLatin_r, chLatin_n, chColon, chLatin_o, chLatin_a, chLatin_s, chLatin_i, chLatin_s, chColon, + chLatin_n, chLatin_a, chLatin_m, chLatin_e, chLatin_s, chColon, chLatin_t, chLatin_c, chColon, + chLatin_S, chLatin_A, chLatin_M, chLatin_L, chColon, + chLatin_p, chLatin_r, chLatin_o, chLatin_t, chLatin_o, chLatin_c, chLatin_o, chLatin_l, chColon, + chLatin_e, chLatin_x, chLatin_t, chColon, + chLatin_t, chLatin_h, chLatin_i, chLatin_r, chLatin_d, chDash, chLatin_p, chLatin_a, chLatin_r, chLatin_t, chLatin_y, chNull +}; + +const XMLCh samlconstants::SAML20P_THIRDPARTY_EXT_PREFIX[] = UNICODE_LITERAL_6(t,h,r,p,t,y); + +const char samlconstants::SAML1_BINDING_SOAP[] = "urn:oasis:names:tc:SAML:1.0:bindings:SOAP-binding"; + +const char samlconstants::SAML1_PROFILE_BROWSER_ARTIFACT[] = "urn:oasis:names:tc:SAML:1.0:profiles:artifact-01"; + +const char samlconstants::SAML1_PROFILE_BROWSER_POST[] = "urn:oasis:names:tc:SAML:1.0:profiles:browser-post"; + +const char samlconstants::SAML20_BINDING_SOAP[] = "urn:oasis:names:tc:SAML:2.0:bindings:SOAP"; + +const char samlconstants::SAML20_BINDING_HTTP_ARTIFACT[] = "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact"; + +const char samlconstants::SAML20_BINDING_HTTP_POST[] = "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"; + +const char samlconstants::SAML20_BINDING_HTTP_POST_SIMPLESIGN[] = "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST-SimpleSign"; + +const char samlconstants::SAML20_BINDING_HTTP_REDIRECT[] = "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect"; + +const char samlconstants::SAML20_BINDING_URL_ENCODING_DEFLATE[] = "urn:oasis:names:tc:SAML:2.0:bindings:URL-Encoding:DEFLATE"; diff --git a/shibsp/lite/SAMLConstants.h b/shibsp/lite/SAMLConstants.h new file mode 100644 index 0000000..35664bd --- /dev/null +++ b/shibsp/lite/SAMLConstants.h @@ -0,0 +1,154 @@ +/* + * Copyright 2001-2007 Internet2 + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +/** + * @file shibsp/lite/SAMLConstants.h + * + * SAML XML namespace constants + */ + +#ifndef __shibsp_xmlconstants_h__ +#define __shibsp_xmlconstants_h__ + +#include + +/** + * SAML related constants. + */ +namespace samlconstants { + + /** Liberty PAOS XML Namespace ("urn:liberty:paos:2003-08") */ + extern SHIBSP_API const XMLCh PAOS_NS[]; + + /** Liberty PAOS QName prefix ("paos") */ + extern SHIBSP_API const XMLCh PAOS_PREFIX[]; + + /** SAML 1.X Assertion XML namespace ("urn:oasis:names:tc:SAML:1.0:assertion") */ + extern SHIBSP_API const XMLCh SAML1_NS[]; + + /** SAML 1.X Protocol XML namespace ("urn:oasis:names:tc:SAML:1.0:protocol") */ + extern SHIBSP_API const XMLCh SAML1P_NS[]; + + /** SAML 1.X Assertion QName prefix ("saml") */ + extern SHIBSP_API const XMLCh SAML1_PREFIX[]; + + /** SAML 1.X Protocol QName prefix ("samlp") */ + extern SHIBSP_API const XMLCh SAML1P_PREFIX[]; + + /** SAML 2.0 Version ("2.0") */ + extern SHIBSP_API const XMLCh SAML20_VERSION[]; + + /** SAML 2.0 Assertion XML namespace ("urn:oasis:names:tc:SAML:2.0:assertion") */ + extern SHIBSP_API const XMLCh SAML20_NS[]; + + /** SAML 2.0 Protocol XML namespace ("urn:oasis:names:tc:SAML:2.0:protocol") */ + extern SHIBSP_API const XMLCh SAML20P_NS[]; + + /** SAML 2.0 Metadata XML namespace ("urn:oasis:names:tc:SAML:2.0:metadata") */ + extern SHIBSP_API const XMLCh SAML20MD_NS[]; + + /** SAML 2.0 AuthnContext XML namespace ("urn:oasis:names:tc:SAML:2.0:ac") */ + extern SHIBSP_API const XMLCh SAML20AC_NS[]; + + /** SAML 2.0 Assertion QName prefix ("saml") */ + extern SHIBSP_API const XMLCh SAML20_PREFIX[]; + + /** SAML 2.0 Protocol QName prefix ("samlp") */ + extern SHIBSP_API const XMLCh SAML20P_PREFIX[]; + + /** SAML 2.0 Metadata QName prefix ("md") */ + extern SHIBSP_API const XMLCh SAML20MD_PREFIX[]; + + /** SAML 2.0 AuthnContext QName prefix ("ac") */ + extern SHIBSP_API const XMLCh SAML20AC_PREFIX[]; + + /** SAML 2.0 Enhanced Client/Proxy SSO Profile XML Namespace ("urn:oasis:names:tc:SAML:2.0:profiles:SSO:ecp") */ + extern SHIBSP_API const XMLCh SAML20ECP_NS[]; + + /** SAML 2.0 Enhanced Client/Proxy SSO Profile QName prefix ("ecp") */ + extern SHIBSP_API const XMLCh SAML20ECP_PREFIX[]; + + /** SAML 2.0 DCE PAC Attribute Profile XML Namespace ("urn:oasis:names:tc:SAML:2.0:profiles:attribute:DCE") */ + extern SHIBSP_API const XMLCh SAML20DCE_NS[]; + + /** SAML 2.0 DCE PAC Attribute Profile QName prefix ("DCE") */ + extern SHIBSP_API const XMLCh SAML20DCE_PREFIX[]; + + /** SAML 2.0 X.500 Attribute Profile XML Namespace ("urn:oasis:names:tc:SAML:2.0:profiles:attribute:X500") */ + extern SHIBSP_API const XMLCh SAML20X500_NS[]; + + /** SAML 2.0 X.500 Attribute Profile QName prefix ("x500") */ + extern SHIBSP_API const XMLCh SAML20X500_PREFIX[]; + + /** SAML 2.0 XACML Attribute Profile XML Namespace ("urn:oasis:names:tc:SAML:2.0:profiles:attribute:XACML") */ + extern SHIBSP_API const XMLCh SAML20XACML_NS[]; + + /** SAML 2.0 XACML Attribute Profile QName prefix ("xacmlprof") */ + extern SHIBSP_API const XMLCh SAML20XACML_PREFIX[]; + + /** SAML 1.x Metadata Profile XML Namespace ("urn:oasis:names:tc:SAML:profiles:v1metadata") */ + extern SHIBSP_API const XMLCh SAML1MD_NS[]; + + /** SAML 1.x Metadata Profile QName prefix ("saml1md") */ + extern SHIBSP_API const XMLCh SAML1MD_PREFIX[]; + + /** SAML 1.0 Protocol Enumeration constant ("urn:oasis:names:tc:SAML:1.0:protocol") */ + extern SHIBSP_API const XMLCh SAML10_PROTOCOL_ENUM[]; + + /** SAML 1.1 Protocol Enumeration constant ("urn:oasis:names:tc:SAML:1.1:protocol") */ + extern SHIBSP_API const XMLCh SAML11_PROTOCOL_ENUM[]; + + /** SAML Query Requester Metadata Extension XML Namespace ("urn:oasis:names:tc:SAML:metadata:ext:query") */ + extern SHIBSP_API const XMLCh SAML20MD_QUERY_EXT_NS[]; + + /** SAML Query Requester Metadata Extension QName prefix ("query") */ + extern SHIBSP_API const XMLCh SAML20MD_QUERY_EXT_PREFIX[]; + + /** SAML Third-Party Request Protocol Extension XML Namespace ("urn:oasis:names:tc:SAML:protocol:ext:third-party") */ + extern SHIBSP_API const XMLCh SAML20P_THIRDPARTY_EXT_NS[]; + + /** SAML Third-Party Request Protocol Extension QName prefix ("query") */ + extern SHIBSP_API const XMLCh SAML20P_THIRDPARTY_EXT_PREFIX[]; + + /** SAML 1.x SOAP binding ("urn:oasis:names:tc:SAML:1.0:bindings:SOAP-binding") */ + extern SHIBSP_API const char SAML1_BINDING_SOAP[]; + + /** SAML 1.x Browser Artifact profile ("urn:oasis:names:tc:SAML:1.0:profiles:artifact-01") */ + extern SHIBSP_API const char SAML1_PROFILE_BROWSER_ARTIFACT[]; + + /** SAML 1.x Browser POST profile ("urn:oasis:names:tc:SAML:1.0:profiles:browser-post") */ + extern SHIBSP_API const char SAML1_PROFILE_BROWSER_POST[]; + + /** SAML 2.0 SOAP binding ("urn:oasis:names:tc:SAML:2.0:bindings:SOAP") */ + extern SHIBSP_API const char SAML20_BINDING_SOAP[]; + + /** SAML 2.0 HTTP-Artifact binding ("urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact") */ + extern SHIBSP_API const char SAML20_BINDING_HTTP_ARTIFACT[]; + + /** SAML 2.0 HTTP-POST binding ("urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST") */ + extern SHIBSP_API const char SAML20_BINDING_HTTP_POST[]; + + /** SAML 2.0 HTTP-POST-SimpleSign binding ("urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST-SimpleSign") */ + extern SHIBSP_API const char SAML20_BINDING_HTTP_POST_SIMPLESIGN[]; + + /** SAML 2.0 HTTP-Redirect binding ("urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect") */ + extern SHIBSP_API const char SAML20_BINDING_HTTP_REDIRECT[]; + + /** SAML 2.0 HTTP-Redirect DEFLATE URL encoding ("urn:oasis:names:tc:SAML:2.0:bindings:URL-Encoding:DEFLATE") */ + extern SHIBSP_API const char SAML20_BINDING_URL_ENCODING_DEFLATE[]; +}; + +#endif /* __shibsp_xmlconstants_h__ */ diff --git a/shibsp/shibsp-lite.vcproj b/shibsp/shibsp-lite.vcproj new file mode 100644 index 0000000..ccd9121 --- /dev/null +++ b/shibsp/shibsp-lite.vcproj @@ -0,0 +1,526 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/shibsp/shibsp.vcproj b/shibsp/shibsp.vcproj index fc9857e..715ca77 100644 --- a/shibsp/shibsp.vcproj +++ b/shibsp/shibsp.vcproj @@ -40,11 +40,12 @@ - - diff --git a/shibsp/util/SPConstants.h b/shibsp/util/SPConstants.h index be5eda2..98c8b37 100644 --- a/shibsp/util/SPConstants.h +++ b/shibsp/util/SPConstants.h @@ -24,7 +24,11 @@ #define __shibsp_constants_h__ #include -#include +#ifndef SHIBSP_LITE +# include +#else +# include +#endif /** * Shibboleth SP XML constants. -- 2.1.4