saml/SAMLConfig.cpp

   1
   2 /*
   3  *  Copyright 2001-2007 Internet2
   4  *
   5  * Licensed under the Apache License, Version 2.0 (the "License");
   6  * you may not use this file except in compliance with the License.
   7  * You may obtain a copy of the License at
   8  *
   9  *     http://www.apache.org/licenses/LICENSE-2.0
  10  *
  11  * Unless required by applicable law or agreed to in writing, software
  12  * distributed under the License is distributed on an "AS IS" BASIS,
  13  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  14  * See the License for the specific language governing permissions and
  15  * limitations under the License.
  16  */
  17
  18 /**
  19  * SAMLConfig.cpp
  20  *
  21  * Library configuration
  22  */
  23
  24 #include "internal.h"
  25
  26 #if defined(XMLTOOLING_LOG4SHIB)
  27 # ifndef OPENSAML_LOG4SHIB
  28 #  error "Logging library mismatch (XMLTooling is using log4shib)."
  29 # endif
  30 #elif defined(XMLTOOLING_LOG4CPP)
  31 # ifndef OPENSAML_LOG4CPP
  32 #  error "Logging library mismatch (XMLTooling is using log4cpp)."
  33 # endif
  34 #else
  35 # error "No supported logging library."
  36 #endif
  37
  38 #include "exceptions.h"
  39 #include "SAMLConfig.h"
  40 #include "binding/ArtifactMap.h"
  41 #include "binding/MessageDecoder.h"
  42 #include "binding/MessageEncoder.h"
  43 #include "binding/SAMLArtifact.h"
  44 #include "binding/SecurityPolicyRule.h"
  45 #include "saml1/core/Assertions.h"
  46 #include "saml1/core/Protocols.h"
  47 #include "saml2/core/Protocols.h"
  48 #include "saml2/metadata/Metadata.h"
  49 #include "saml2/metadata/MetadataFilter.h"
  50 #include "saml2/metadata/MetadataProvider.h"
  51 #include "util/SAMLConstants.h"
  52
  53 #include <xmltooling/logging.h>
  54 #include <xmltooling/XMLToolingConfig.h>
  55 #include <xmltooling/signature/Signature.h>
  56 #include <xmltooling/util/NDC.h>
  57
  58 #include <xsec/enc/XSECCryptoException.hpp>
  59 #include <xsec/enc/XSECCryptoProvider.hpp>
  60 #include <xsec/utils/XSECPlatformUtils.hpp>
  61
  62 using namespace opensaml;
  63 using namespace xmlsignature;
  64 using namespace xmltooling::logging;
  65 using namespace xmltooling;
  66 using namespace std;
  67
  68 // Expose entry points when used as an extension library
  69
  70 extern "C" int SAML_API xmltooling_extension_init(void*)
  71 {
  72     if (SAMLConfig::getConfig().init(false))
  73         return 0;
  74     return -1;
  75 }
  76
  77 extern "C" void SAML_API xmltooling_extension_term()
  78 {
  79     SAMLConfig::getConfig().term(false);
  80 }
  81
  82 DECL_XMLTOOLING_EXCEPTION_FACTORY(ArtifactException,opensaml);
  83 DECL_XMLTOOLING_EXCEPTION_FACTORY(SecurityPolicyException,opensaml);
  84 DECL_XMLTOOLING_EXCEPTION_FACTORY(MetadataException,opensaml::saml2md);
  85 DECL_XMLTOOLING_EXCEPTION_FACTORY(MetadataFilterException,opensaml::saml2md);
  86 DECL_XMLTOOLING_EXCEPTION_FACTORY(BindingException,opensaml);
  87 DECL_XMLTOOLING_EXCEPTION_FACTORY(ProfileException,opensaml);
  88 DECL_XMLTOOLING_EXCEPTION_FACTORY(FatalProfileException,opensaml);
  89 DECL_XMLTOOLING_EXCEPTION_FACTORY(RetryableProfileException,opensaml);
  90
  91 namespace opensaml {
  92    SAMLInternalConfig g_config;
  93 }
  94
  95 SAMLConfig& SAMLConfig::getConfig()
  96 {
  97     return g_config;
  98 }
  99
 100 SAMLInternalConfig& SAMLInternalConfig::getInternalConfig()
 101 {
 102     return g_config;
 103 }
 104
 105 void SAMLConfig::setArtifactMap(ArtifactMap* artifactMap)
 106 {
 107     delete m_artifactMap;
 108     m_artifactMap = artifactMap;
 109 }
 110
 111 bool SAMLInternalConfig::init(bool initXMLTooling)
 112 {
 113 #ifdef _DEBUG
 114     xmltooling::NDC ndc("init");
 115 #endif
 116     Category& log=Category::getInstance(SAML_LOGCAT".SAMLConfig");
 117     log.debug("library initialization started");
 118
 119     if (initXMLTooling) {
 120         XMLToolingConfig::getConfig().init();
 121         log.debug("XMLTooling library initialized");
 122     }
 123
 124     REGISTER_XMLTOOLING_EXCEPTION_FACTORY(ArtifactException,opensaml);
 125     REGISTER_XMLTOOLING_EXCEPTION_FACTORY(SecurityPolicyException,opensaml);
 126     REGISTER_XMLTOOLING_EXCEPTION_FACTORY(MetadataException,opensaml::saml2md);
 127     REGISTER_XMLTOOLING_EXCEPTION_FACTORY(MetadataFilterException,opensaml::saml2md);
 128     REGISTER_XMLTOOLING_EXCEPTION_FACTORY(BindingException,opensaml);
 129     REGISTER_XMLTOOLING_EXCEPTION_FACTORY(ProfileException,opensaml);
 130     REGISTER_XMLTOOLING_EXCEPTION_FACTORY(FatalProfileException,opensaml);
 131     REGISTER_XMLTOOLING_EXCEPTION_FACTORY(RetryableProfileException,opensaml);
 132
 133     saml1::registerAssertionClasses();
 134     saml1p::registerProtocolClasses();
 135     saml2::registerAssertionClasses();
 136     saml2p::registerProtocolClasses();
 137     saml2md::registerMetadataClasses();
 138     saml2md::registerMetadataProviders();
 139     saml2md::registerMetadataFilters();
 140     registerSAMLArtifacts();
 141     registerMessageEncoders();
 142     registerMessageDecoders();
 143     registerSecurityPolicyRules();
 144
 145     log.info("library initialization complete");
 146     return true;
 147 }
 148
 149 void SAMLInternalConfig::term(bool termXMLTooling)
 150 {
 151 #ifdef _DEBUG
 152     xmltooling::NDC ndc("term");
 153 #endif
 154     Category& log=Category::getInstance(SAML_LOGCAT".SAMLConfig");
 155
 156     MessageDecoderManager.deregisterFactories();
 157     MessageEncoderManager.deregisterFactories();
 158     SecurityPolicyRuleManager.deregisterFactories();
 159     SAMLArtifactManager.deregisterFactories();
 160     MetadataFilterManager.deregisterFactories();
 161     MetadataProviderManager.deregisterFactories();
 162
 163     delete m_artifactMap;
 164     m_artifactMap = NULL;
 165
 166     if (termXMLTooling) {
 167         XMLToolingConfig::getConfig().term();
 168         log.debug("XMLTooling library shut down");
 169     }
 170     log.info("library shutdown complete");
 171 }
 172
 173 void SAMLInternalConfig::generateRandomBytes(void* buf, unsigned int len)
 174 {
 175     try {
 176         if (XSECPlatformUtils::g_cryptoProvider->getRandom(reinterpret_cast<unsigned char*>(buf),len)<len)
 177             throw XMLSecurityException("Unable to generate random data; was PRNG seeded?");
 178     }
 179     catch (XSECCryptoException& e) {
 180         throw XMLSecurityException("Unable to generate random data: $1",params(1,e.getMsg()));
 181     }
 182 }
 183
 184 void SAMLInternalConfig::generateRandomBytes(std::string& buf, unsigned int len)
 185 {
 186     buf.erase();
 187     auto_ptr<unsigned char> hold(new unsigned char[len]);
 188     generateRandomBytes(hold.get(),len);
 189     for (unsigned int i=0; i<len; i++)
 190         buf+=(hold.get())[i];
 191 }
 192
 193 XMLCh* SAMLInternalConfig::generateIdentifier()
 194 {
 195     unsigned char key[17];
 196     generateRandomBytes(key,16);
 197
 198     char hexform[34];
 199     sprintf(hexform,"_%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x",
 200             key[0],key[1],key[2],key[3],key[4],key[5],key[6],key[7],
 201             key[8],key[9],key[10],key[11],key[12],key[13],key[14],key[15]);
 202     hexform[33]=0;
 203     return XMLString::transcode(hexform);
 204 }
 205
 206 string SAMLInternalConfig::hashSHA1(const char* s, bool toHex)
 207 {
 208     static char DIGITS[] = {'0', '1', '2', '3', '4', '5', '6', '7', '8', '9', 'a', 'b', 'c', 'd', 'e', 'f'};
 209
 210     auto_ptr<XSECCryptoHash> hasher(XSECPlatformUtils::g_cryptoProvider->hashSHA1());
 211     if (hasher.get()) {
 212         unsigned char buf[21];
 213         hasher->hash(reinterpret_cast<unsigned char*>(const_cast<char*>(s)),strlen(s));
 214         if (hasher->finish(buf,20)==20) {
 215             string ret;
 216             if (toHex) {
 217                 for (unsigned int i=0; i<20; i++) {
 218                     ret+=(DIGITS[((unsigned char)(0xF0 & buf[i])) >> 4 ]);
 219                     ret+=(DIGITS[0x0F & buf[i]]);
 220                 }
 221             }
 222             else {
 223                 for (unsigned int i=0; i<20; i++) {
 224                     ret+=buf[i];
 225                 }
 226             }
 227             return ret;
 228         }
 229     }
 230     throw XMLSecurityException("Unable to generate SHA-1 hash.");
 231 }
 232
 233 using namespace saml2p;
 234 using namespace saml2md;
 235
 236 void opensaml::annotateException(XMLToolingException* e, const EntityDescriptor* entity, const Status* status, bool rethrow)
 237 {
 238     const RoleDescriptor* role = NULL;
 239     if (entity) {
 240         const list<XMLObject*>& roles=entity->getOrderedChildren();
 241         for (list<XMLObject*>::const_iterator child=roles.begin(); !role && child!=roles.end(); ++child) {
 242             role=dynamic_cast<RoleDescriptor*>(*child);
 243             if (role && !role->isValid())
 244                 role = NULL;
 245         }
 246     }
 247     annotateException(e, role, status, rethrow);
 248 }
 249
 250 void opensaml::annotateException(XMLToolingException* e, const RoleDescriptor* role, const Status* status, bool rethrow)
 251 {
 252     if (role) {
 253         auto_ptr_char id(dynamic_cast<EntityDescriptor*>(role->getParent())->getEntityID());
 254         e->addProperty("entityID",id.get());
 255
 256         const vector<ContactPerson*>& contacts=role->getContactPersons();
 257         for (vector<ContactPerson*>::const_iterator c=contacts.begin(); c!=contacts.end(); ++c) {
 258             const XMLCh* ctype=(*c)->getContactType();
 259             if (ctype && (XMLString::equals(ctype,ContactPerson::CONTACT_SUPPORT)
 260                     || XMLString::equals(ctype,ContactPerson::CONTACT_TECHNICAL))) {
 261                 GivenName* fname=(*c)->getGivenName();
 262                 SurName* lname=(*c)->getSurName();
 263                 auto_ptr_char first(fname ? fname->getName() : NULL);
 264                 auto_ptr_char last(lname ? lname->getName() : NULL);
 265                 if (first.get() && last.get()) {
 266                     string contact=string(first.get()) + ' ' + last.get();
 267                     e->addProperty("contactName",contact.c_str());
 268                 }
 269                 else if (first.get())
 270                     e->addProperty("contactName",first.get());
 271                 else if (last.get())
 272                     e->addProperty("contactName",last.get());
 273                 const vector<EmailAddress*>& emails=const_cast<const ContactPerson*>(*c)->getEmailAddresss();
 274                 if (!emails.empty()) {
 275                     auto_ptr_char email(emails.front()->getAddress());
 276                     if (email.get())
 277                         e->addProperty("contactEmail",email.get());
 278                 }
 279                 break;
 280             }
 281         }
 282
 283         auto_ptr_char eurl(role->getErrorURL());
 284         if (eurl.get()) {
 285             e->addProperty("errorURL",eurl.get());
 286         }
 287     }
 288
 289     if (status) {
 290         auto_ptr_char sc(status->getStatusCode() ? status->getStatusCode()->getValue() : NULL);
 291         if (sc.get() && *sc.get())
 292             e->addProperty("statusCode", sc.get());
 293         if (status->getStatusCode()->getStatusCode()) {
 294             auto_ptr_char sc2(status->getStatusCode()->getStatusCode()->getValue());
 295             if (sc2.get() && *sc.get())
 296                 e->addProperty("statusCode2", sc2.get());
 297         }
 298         if (status->getStatusMessage()) {
 299             auto_ptr_char msg(status->getStatusMessage()->getMessage());
 300             if (msg.get() && *msg.get())
 301                 e->addProperty("statusMessage", msg.get());
 302         }
 303     }
 304
 305     if (rethrow)
 306         e->raise();
 307 }