2 * The Shibboleth License, Version 1.
4 * University Corporation for Advanced Internet Development, Inc.
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions are met:
11 * Redistributions of source code must retain the above copyright notice, this
12 * list of conditions and the following disclaimer.
14 * Redistributions in binary form must reproduce the above copyright notice,
15 * this list of conditions and the following disclaimer in the documentation
16 * and/or other materials provided with the distribution, if any, must include
17 * the following acknowledgment: "This product includes software developed by
18 * the University Corporation for Advanced Internet Development
19 * <http://www.ucaid.edu>Internet2 Project. Alternately, this acknowledegement
20 * may appear in the software itself, if and wherever such third-party
21 * acknowledgments normally appear.
23 * Neither the name of Shibboleth nor the names of its contributors, nor
24 * Internet2, nor the University Corporation for Advanced Internet Development,
25 * Inc., nor UCAID may be used to endorse or promote products derived from this
26 * software without specific prior written permission. For written permission,
27 * please contact shibboleth@shibboleth.org
29 * Products derived from this software may not be called Shibboleth, Internet2,
30 * UCAID, or the University Corporation for Advanced Internet Development, nor
31 * may Shibboleth appear in their name, without prior written permission of the
32 * University Corporation for Advanced Internet Development.
35 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
36 * AND WITH ALL FAULTS. ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
37 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A
38 * PARTICULAR PURPOSE, AND NON-INFRINGEMENT ARE DISCLAIMED AND THE ENTIRE RISK
39 * OF SATISFACTORY QUALITY, PERFORMANCE, ACCURACY, AND EFFORT IS WITH LICENSEE.
40 * IN NO EVENT SHALL THE COPYRIGHT OWNER, CONTRIBUTORS OR THE UNIVERSITY
41 * CORPORATION FOR ADVANCED INTERNET DEVELOPMENT, INC. BE LIABLE FOR ANY DIRECT,
42 * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
43 * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
44 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
45 * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
46 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
47 * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
51 * shib-ini.h -- config file handling, now XML-based
58 #include <shib/shib-threads.h>
59 #include <log4cpp/Category.hh>
60 #include <log4cpp/PropertyConfigurator.hh>
62 #include <sys/types.h>
67 using namespace shibboleth;
68 using namespace shibtarget;
69 using namespace log4cpp;
71 namespace shibtarget {
73 // Application configuration wrapper
74 class XMLApplication : public virtual IApplication, public XMLPropertySet, public DOMNodeFilter
77 XMLApplication(const DOMElement* e, const XMLApplication* base=NULL);
81 pair<bool,bool> getBool(const char* name, const char* ns=NULL) const;
82 pair<bool,const char*> getString(const char* name, const char* ns=NULL) const;
83 pair<bool,const XMLCh*> getXMLString(const char* name, const char* ns=NULL) const;
84 pair<bool,unsigned int> getUnsignedInt(const char* name, const char* ns=NULL) const;
85 pair<bool,int> getInt(const char* name, const char* ns=NULL) const;
86 const IPropertySet* getPropertySet(const char* name, const char* ns="urn:mace:shibboleth:target:config:1.0") const;
89 const char* getId() const {return getString("id").second;}
90 Iterator<SAMLAttributeDesignator*> getAttributeDesignators() const;
91 Iterator<IAAP*> getAAPProviders() const;
92 Iterator<IMetadata*> getMetadataProviders() const;
93 Iterator<ITrust*> getTrustProviders() const;
94 Iterator<IRevocation*> getRevocationProviders() const;
95 Iterator<const XMLCh*> getAudiences() const;
96 const char* getTLSCred(const IProvider* provider) const {return getCredentialUse(provider).first.c_str();}
97 const char* getSigningCred(const IProvider* provider) const {return getCredentialUse(provider).second.c_str();}
99 // Provides filter to exclude special config elements.
100 short acceptNode(const DOMNode* node) const;
103 const XMLApplication* m_base;
104 vector<SAMLAttributeDesignator*> m_designators;
105 vector<IAAP*> m_aaps;
106 vector<IMetadata*> m_metadatas;
107 vector<ITrust*> m_trusts;
108 vector<IRevocation*> m_revocations;
109 vector<const XMLCh*> m_audiences;
110 pair<string,string> m_credDefault;
112 map<xstring,pair<string,string> > m_credMap;
114 map<const XMLCh*,pair<string,string> > m_credMap;
116 const pair<string,string>& getCredentialUse(const IProvider* provider) const;
119 // Top-level configuration implementation
121 class XMLConfigImpl : public ReloadableXMLFileImpl, public XMLPropertySet, public DOMNodeFilter
124 XMLConfigImpl(const char* pathname, bool first, const XMLConfig* outer)
125 : ReloadableXMLFileImpl(pathname), m_outer(outer), m_requestMapper(NULL) { init(first); }
126 XMLConfigImpl(const DOMElement* e, bool first, const XMLConfig* outer)
127 : ReloadableXMLFileImpl(e), m_outer(outer), m_requestMapper(NULL) { init(first); }
130 IRequestMapper* m_requestMapper;
131 map<string,IApplication*> m_appmap;
132 vector<ICredentials*> m_creds;
134 // Provides filter to exclude special config elements.
135 short acceptNode(const DOMNode* node) const;
138 void init(bool first);
139 const XMLConfig* m_outer;
142 class XMLConfig : public IConfig, public ReloadableXMLFile
145 XMLConfig(const DOMElement* e) : ReloadableXMLFile(e), m_listener(NULL), m_cache(NULL) {}
146 ~XMLConfig() {delete m_listener; delete m_cache;}
149 pair<bool,bool> getBool(const char* name, const char* ns=NULL) const {return static_cast<XMLConfigImpl*>(m_impl)->getBool(name,ns);}
150 pair<bool,const char*> getString(const char* name, const char* ns=NULL) const {return static_cast<XMLConfigImpl*>(m_impl)->getString(name,ns);}
151 pair<bool,const XMLCh*> getXMLString(const char* name, const char* ns=NULL) const {return static_cast<XMLConfigImpl*>(m_impl)->getXMLString(name,ns);}
152 pair<bool,unsigned int> getUnsignedInt(const char* name, const char* ns=NULL) const {return static_cast<XMLConfigImpl*>(m_impl)->getUnsignedInt(name,ns);}
153 pair<bool,int> getInt(const char* name, const char* ns=NULL) const {return static_cast<XMLConfigImpl*>(m_impl)->getInt(name,ns);}
154 const IPropertySet* getPropertySet(const char* name, const char* ns="urn:mace:shibboleth:target:config:1.0") const {return static_cast<XMLConfigImpl*>(m_impl)->getPropertySet(name,ns);}
155 const DOMElement* getElement() const {return static_cast<XMLConfigImpl*>(m_impl)->getElement();}
158 const IListener* getListener() const {return m_listener;}
159 ISessionCache* getSessionCache() const {return m_cache;}
160 IRequestMapper* getRequestMapper() const {return static_cast<XMLConfigImpl*>(m_impl)->m_requestMapper;}
161 const IApplication* getApplication(const char* applicationId) const
163 map<string,IApplication*>::const_iterator i=static_cast<XMLConfigImpl*>(m_impl)->m_appmap.find(applicationId);
164 return (i!=static_cast<XMLConfigImpl*>(m_impl)->m_appmap.end()) ? i->second : NULL;
166 Iterator<ICredentials*> getCredentialsProviders() const {return static_cast<XMLConfigImpl*>(m_impl)->m_creds;}
169 virtual ReloadableXMLFileImpl* newImplementation(const char* pathname, bool first=true) const;
170 virtual ReloadableXMLFileImpl* newImplementation(const DOMElement* e, bool first=true) const;
173 friend class XMLConfigImpl;
174 mutable IListener* m_listener;
175 mutable ISessionCache* m_cache;
179 IConfig* STConfig::ShibTargetConfigFactory(const DOMElement* e)
181 XMLConfig* ret=new XMLConfig(e);
183 ret->getImplementation();
192 XMLPropertySet::~XMLPropertySet()
194 for (map<string,pair<char*,const XMLCh*> >::iterator i=m_map.begin(); i!=m_map.end(); i++)
195 XMLString::release(&(i->second.first));
196 for (map<string,IPropertySet*>::iterator j=m_nested.begin(); j!=m_nested.end(); j++)
200 void XMLPropertySet::load(const DOMElement* e, Category& log, DOMNodeFilter* filter)
205 // Process each attribute as a property.
206 DOMNamedNodeMap* attrs=m_root->getAttributes();
207 for (XMLSize_t i=0; i<attrs->getLength(); i++) {
208 DOMNode* a=attrs->item(i);
209 if (!XMLString::compareString(a->getNamespaceURI(),saml::XML::XMLNS_NS))
211 char* val=XMLString::transcode(a->getNodeValue());
213 auto_ptr_char ns(a->getNamespaceURI());
214 auto_ptr_char name(a->getLocalName());
216 m_map[string("{") + ns.get() + '}' + name.get()]=pair<char*,const XMLCh*>(val,a->getNodeValue());
217 log.debug("added property {%s}%s (%s)",ns.get(),name.get(),val);
220 m_map[name.get()]=pair<char*,const XMLCh*>(val,a->getNodeValue());
221 log.debug("added property %s (%s)",name.get(),val);
226 // Process non-excluded elements as nested sets.
227 DOMTreeWalker* walker=
228 static_cast<DOMDocumentTraversal*>(
229 m_root->getOwnerDocument())->createTreeWalker(const_cast<DOMElement*>(m_root),DOMNodeFilter::SHOW_ELEMENT,filter,false
231 e=static_cast<DOMElement*>(walker->firstChild());
233 auto_ptr_char ns(e->getNamespaceURI());
234 auto_ptr_char name(e->getLocalName());
237 key=string("{") + ns.get() + '}' + name.get();
240 if (m_nested.find(key)!=m_nested.end())
241 log.warn("load() skipping duplicate property set: %s",key.c_str());
243 XMLPropertySet* set=new XMLPropertySet();
244 set->load(e,log,filter);
246 log.debug("added nested property set: %s",key.c_str());
248 e=static_cast<DOMElement*>(walker->nextSibling());
253 pair<bool,bool> XMLPropertySet::getBool(const char* name, const char* ns) const
255 pair<bool,bool> ret=pair<bool,bool>(false,false);
256 map<string,pair<char*,const XMLCh*> >::const_iterator i;
259 i=m_map.find(string("{") + ns + '}' + name);
263 if (i!=m_map.end()) {
265 ret.second=(!strcmp(i->second.first,"true") || !strcmp(i->second.first,"1"));
270 pair<bool,const char*> XMLPropertySet::getString(const char* name, const char* ns) const
272 pair<bool,const char*> ret=pair<bool,const char*>(false,NULL);
273 map<string,pair<char*,const XMLCh*> >::const_iterator i;
276 i=m_map.find(string("{") + ns + '}' + name);
280 if (i!=m_map.end()) {
282 ret.second=i->second.first;
287 pair<bool,const XMLCh*> XMLPropertySet::getXMLString(const char* name, const char* ns) const
289 pair<bool,const XMLCh*> ret=pair<bool,const XMLCh*>(false,NULL);
290 map<string,pair<char*,const XMLCh*> >::const_iterator i;
293 i=m_map.find(string("{") + ns + '}' + name);
297 if (i!=m_map.end()) {
299 ret.second=i->second.second;
304 pair<bool,unsigned int> XMLPropertySet::getUnsignedInt(const char* name, const char* ns) const
306 pair<bool,unsigned int> ret=pair<bool,unsigned int>(false,0);
307 map<string,pair<char*,const XMLCh*> >::const_iterator i;
310 i=m_map.find(string("{") + ns + '}' + name);
314 if (i!=m_map.end()) {
316 ret.second=strtol(i->second.first,NULL,10);
321 pair<bool,int> XMLPropertySet::getInt(const char* name, const char* ns) const
323 pair<bool,int> ret=pair<bool,int>(false,0);
324 map<string,pair<char*,const XMLCh*> >::const_iterator i;
327 i=m_map.find(string("{") + ns + '}' + name);
331 if (i!=m_map.end()) {
333 ret.second=atoi(i->second.first);
338 const IPropertySet* XMLPropertySet::getPropertySet(const char* name, const char* ns) const
340 map<string,IPropertySet*>::const_iterator i;
343 i=m_nested.find(string("{") + ns + '}' + name);
345 i=m_nested.find(name);
347 return (i!=m_nested.end()) ? i->second : NULL;
350 XMLApplication::XMLApplication(const DOMElement* e, const XMLApplication* base) : m_base(base)
352 NDC ndc("XMLApplication");
353 Category& log=Category::getInstance("shibtarget.XMLApplication");
356 // First load any property sets.
359 // The rest of the content if any is inside the Policy container.
360 ShibTargetConfig& conf=ShibTargetConfig::getConfig();
361 const IPropertySet* policy=getPropertySet("Policy");
364 DOMNodeList* nlist=policy->getElement()->getElementsByTagNameNS(saml::XML::SAML_NS,L(AttributeDesignator));
365 for (i=0; nlist && i<nlist->getLength(); i++) {
366 m_designators.push_back(new SAMLAttributeDesignator(static_cast<DOMElement*>(nlist->item(i))));
369 nlist=policy->getElement()->getElementsByTagNameNS(saml::XML::SAML_NS,L(Audience));
370 for (i=0; nlist && i<nlist->getLength(); i++) {
371 m_audiences.push_back(nlist->item(i)->getFirstChild()->getNodeValue());
373 // Always include our own providerId as an audience.
374 m_audiences.push_back(getXMLString("providerId").second);
376 if (conf.isEnabled(ShibTargetConfig::AAP)) {
377 nlist=policy->getElement()->getElementsByTagNameNS(ShibTargetConfig::SHIBTARGET_NS,SHIBT_L(AAPProvider));
378 for (i=0; nlist && i<nlist->getLength(); i++) {
379 auto_ptr_char type(static_cast<DOMElement*>(nlist->item(i))->getAttributeNS(NULL,SHIBT_L(type)));
380 log.info("building AAP provider of type %s...",type.get());
381 IPlugIn* plugin=ShibConfig::getConfig().m_plugMgr.newPlugin(type.get(),static_cast<DOMElement*>(nlist->item(i)));
382 IAAP* aap=dynamic_cast<IAAP*>(plugin);
384 m_aaps.push_back(aap);
387 log.fatal("plugin was not an AAP provider");
388 throw UnsupportedExtensionException("plugin was not an AAP provider");
393 if (conf.isEnabled(ShibTargetConfig::Metadata)) {
394 nlist=policy->getElement()->getElementsByTagNameNS(ShibTargetConfig::SHIBTARGET_NS,SHIBT_L(FederationProvider));
395 for (i=0; nlist && i<nlist->getLength(); i++) {
396 auto_ptr_char type(static_cast<DOMElement*>(nlist->item(i))->getAttributeNS(NULL,SHIBT_L(type)));
397 log.info("building federation/metadata provider of type %s...",type.get());
398 IPlugIn* plugin=ShibConfig::getConfig().m_plugMgr.newPlugin(type.get(),static_cast<DOMElement*>(nlist->item(i)));
399 IMetadata* md=dynamic_cast<IMetadata*>(plugin);
401 m_metadatas.push_back(md);
404 log.fatal("plugin was not a federation/metadata provider");
405 throw UnsupportedExtensionException("plugin was not a federation/metadata provider");
410 if (conf.isEnabled(ShibTargetConfig::Trust)) {
411 nlist=policy->getElement()->getElementsByTagNameNS(ShibTargetConfig::SHIBTARGET_NS,SHIBT_L(TrustProvider));
412 for (i=0; nlist && i<nlist->getLength(); i++) {
413 auto_ptr_char type(static_cast<DOMElement*>(nlist->item(i))->getAttributeNS(NULL,SHIBT_L(type)));
414 log.info("building trust provider of type %s...",type.get());
415 IPlugIn* plugin=ShibConfig::getConfig().m_plugMgr.newPlugin(type.get(),static_cast<DOMElement*>(nlist->item(i)));
416 ITrust* trust=dynamic_cast<ITrust*>(plugin);
418 m_trusts.push_back(trust);
421 log.fatal("plugin was not a trust provider");
422 throw UnsupportedExtensionException("plugin was not a trust provider");
425 nlist=policy->getElement()->getElementsByTagNameNS(ShibTargetConfig::SHIBTARGET_NS,SHIBT_L(RevocationProvider));
426 for (i=0; nlist && i<nlist->getLength(); i++) {
427 auto_ptr_char type(static_cast<DOMElement*>(nlist->item(i))->getAttributeNS(NULL,SHIBT_L(type)));
428 log.info("building revocation provider of type %s...",type.get());
429 IPlugIn* plugin=ShibConfig::getConfig().m_plugMgr.newPlugin(type.get(),static_cast<DOMElement*>(nlist->item(i)));
430 IRevocation* rev=dynamic_cast<IRevocation*>(plugin);
432 m_revocations.push_back(rev);
435 log.fatal("plugin was not a revocation provider");
436 throw UnsupportedExtensionException("plugin was not a revocation provider");
442 // Finally, load credential mappings.
443 const DOMElement* cu=saml::XML::getFirstChildElement(e,ShibTargetConfig::SHIBTARGET_NS,SHIBT_L(CredentialUse));
445 auto_ptr_char TLS(cu->getAttributeNS(NULL,SHIBT_L(TLS)));
446 auto_ptr_char Signing(cu->getAttributeNS(NULL,SHIBT_L(Signing)));
447 m_credDefault.first=TLS.get();
448 m_credDefault.second=Signing.get();
449 cu=saml::XML::getFirstChildElement(cu,ShibTargetConfig::SHIBTARGET_NS,SHIBT_L(RelyingParty));
451 auto_ptr_char TLS2(cu->getAttributeNS(NULL,SHIBT_L(TLS)));
452 auto_ptr_char Signing2(cu->getAttributeNS(NULL,SHIBT_L(Signing)));
453 m_credMap[cu->getAttributeNS(NULL,SHIBT_L(Name))]=pair<string,string>(TLS2.get(),Signing2.get());
454 cu=saml::XML::getNextSiblingElement(cu,ShibTargetConfig::SHIBTARGET_NS,SHIBT_L(RelyingParty));
459 this->~XMLApplication(); // does this work?
464 XMLApplication::~XMLApplication()
466 Iterator<SAMLAttributeDesignator*> i(m_designators);
469 Iterator<IAAP*> j(m_aaps);
472 Iterator<IMetadata*> k(m_metadatas);
475 Iterator<ITrust*> l(m_trusts);
478 Iterator<IRevocation*> m(m_revocations);
483 short XMLApplication::acceptNode(const DOMNode* node) const
485 if (saml::XML::isElementNamed(static_cast<const DOMElement*>(node),saml::XML::SAML_NS,L(AttributeDesignator)))
486 return FILTER_REJECT;
487 else if (saml::XML::isElementNamed(static_cast<const DOMElement*>(node),saml::XML::SAML_NS,L(Audience)))
488 return FILTER_REJECT;
489 if (XMLString::compareString(node->getNamespaceURI(),ShibTargetConfig::SHIBTARGET_NS))
490 return FILTER_ACCEPT;
491 const XMLCh* name=node->getLocalName();
492 if (!XMLString::compareString(name,SHIBT_L(AAPProvider)) ||
493 !XMLString::compareString(name,SHIBT_L(CredentialUse)) ||
494 !XMLString::compareString(name,SHIBT_L(FederationProvider)) ||
495 !XMLString::compareString(name,SHIBT_L(RevocationProvider)) ||
496 !XMLString::compareString(name,SHIBT_L(TrustProvider)))
497 return FILTER_REJECT;
499 return FILTER_ACCEPT;
502 pair<bool,bool> XMLApplication::getBool(const char* name, const char* ns) const
504 pair<bool,bool> ret=XMLPropertySet::getBool(name,ns);
507 return m_base ? m_base->getBool(name,ns) : ret;
510 pair<bool,const char*> XMLApplication::getString(const char* name, const char* ns) const
512 pair<bool,const char*> ret=XMLPropertySet::getString(name,ns);
515 return m_base ? m_base->getString(name,ns) : ret;
518 pair<bool,const XMLCh*> XMLApplication::getXMLString(const char* name, const char* ns) const
520 pair<bool,const XMLCh*> ret=XMLPropertySet::getXMLString(name,ns);
523 return m_base ? m_base->getXMLString(name,ns) : ret;
526 pair<bool,unsigned int> XMLApplication::getUnsignedInt(const char* name, const char* ns) const
528 pair<bool,unsigned int> ret=XMLPropertySet::getUnsignedInt(name,ns);
531 return m_base ? m_base->getUnsignedInt(name,ns) : ret;
534 pair<bool,int> XMLApplication::getInt(const char* name, const char* ns) const
536 pair<bool,int> ret=XMLPropertySet::getInt(name,ns);
539 return m_base ? m_base->getInt(name,ns) : ret;
542 const IPropertySet* XMLApplication::getPropertySet(const char* name, const char* ns) const
544 const IPropertySet* ret=XMLPropertySet::getPropertySet(name,ns);
547 return m_base->getPropertySet(name,ns);
550 Iterator<SAMLAttributeDesignator*> XMLApplication::getAttributeDesignators() const
552 if (!m_designators.empty() || !m_base)
553 return m_designators;
554 return m_base->getAttributeDesignators();
557 Iterator<IAAP*> XMLApplication::getAAPProviders() const
559 return (m_aaps.empty() && m_base) ? m_base->getAAPProviders() : m_aaps;
562 Iterator<IMetadata*> XMLApplication::getMetadataProviders() const
564 return (m_metadatas.empty() && m_base) ? m_base->getMetadataProviders() : m_metadatas;
567 Iterator<ITrust*> XMLApplication::getTrustProviders() const
569 return (m_trusts.empty() && m_base) ? m_base->getTrustProviders() : m_trusts;
572 Iterator<IRevocation*> XMLApplication::getRevocationProviders() const
574 return (m_revocations.empty() && m_base) ? m_base->getRevocationProviders() : m_revocations;
577 Iterator<const XMLCh*> XMLApplication::getAudiences() const
579 return (m_audiences.empty() && m_base) ? m_base->getAudiences() : m_audiences;
582 const pair<string,string>& XMLApplication::getCredentialUse(const IProvider* provider) const
584 if (m_credDefault.first.empty() && m_base)
585 return m_base->getCredentialUse(provider);
588 map<xstring,pair<string,string> >::const_iterator i=m_credMap.find(provider->getId());
589 if (i!=m_credMap.end())
591 Iterator<const XMLCh*> groups=provider->getGroups();
592 while (groups.hasNext()) {
593 i=m_credMap.find(groups.next());
594 if (i!=m_credMap.end())
598 map<const XMLCh*,pair<string,string> >::const_iterator i=m_credMap.begin();
599 for (; i!=m_credMap.end(); i++) {
600 if (!XMLString::compareString(i->first,provider->getId()))
602 Iterator<const XMLCh*> groups=provider->getGroups();
603 while (groups.hasNext()) {
604 if (!XMLString::compareString(i->first,groups.next()))
609 return m_credDefault;
612 ReloadableXMLFileImpl* XMLConfig::newImplementation(const char* pathname, bool first) const
614 return new XMLConfigImpl(pathname,first,this);
617 ReloadableXMLFileImpl* XMLConfig::newImplementation(const DOMElement* e, bool first) const
619 return new XMLConfigImpl(e,first,this);
622 short XMLConfigImpl::acceptNode(const DOMNode* node) const
624 if (XMLString::compareString(node->getNamespaceURI(),ShibTargetConfig::SHIBTARGET_NS))
625 return FILTER_ACCEPT;
626 const XMLCh* name=node->getLocalName();
627 if (!XMLString::compareString(name,SHIBT_L(Applications)) ||
628 !XMLString::compareString(name,SHIBT_L(CredentialsProvider)) ||
629 !XMLString::compareString(name,SHIBT_L(Extensions)) ||
630 !XMLString::compareString(name,SHIBT_L(Implementation)) ||
631 !XMLString::compareString(name,SHIBT_L(Listener)) ||
632 !XMLString::compareString(name,SHIBT_L(MemorySessionCache)) ||
633 !XMLString::compareString(name,SHIBT_L(MySQLSessionCache)) ||
634 !XMLString::compareString(name,SHIBT_L(RequestMap)) ||
635 !XMLString::compareString(name,SHIBT_L(RequestMapProvider)) ||
636 !XMLString::compareString(name,SHIBT_L(SessionCache)) ||
637 !XMLString::compareString(name,SHIBT_L(TCPListener)) ||
638 !XMLString::compareString(name,SHIBT_L(UnixListener)))
639 return FILTER_REJECT;
641 return FILTER_ACCEPT;
644 void XMLConfigImpl::init(bool first)
646 NDC ndc("XMLConfigImpl");
647 Category& log=Category::getInstance("shibtarget.XMLConfig");
650 if (!saml::XML::isElementNamed(ReloadableXMLFileImpl::m_root,ShibTargetConfig::SHIBTARGET_NS,SHIBT_L(ShibbolethTargetConfig))) {
651 log.error("Construction requires a valid configuration file: (conf:ShibbolethTargetConfig as root element)");
652 throw MalformedException("Construction requires a valid configuration file: (conf:ShibbolethTargetConfig as root element)");
655 ShibConfig& shibConf=ShibConfig::getConfig();
656 ShibTargetConfig& conf=ShibTargetConfig::getConfig();
657 const DOMElement* SHAR=saml::XML::getFirstChildElement(ReloadableXMLFileImpl::m_root,ShibTargetConfig::SHIBTARGET_NS,SHIBT_L(SHAR));
658 const DOMElement* SHIRE=saml::XML::getFirstChildElement(ReloadableXMLFileImpl::m_root,ShibTargetConfig::SHIBTARGET_NS,SHIBT_L(SHIRE));
660 // Initialize log4cpp manually in order to redirect log messages as soon as possible.
661 const XMLCh* logger=NULL;
662 if (conf.isEnabled(ShibTargetConfig::SHARExtensions))
663 logger=SHAR->getAttributeNS(NULL,SHIBT_L(logger));
664 else if (conf.isEnabled(ShibTargetConfig::SHIREExtensions))
665 logger=SHIRE->getAttributeNS(NULL,SHIBT_L(logger));
666 if (!logger || !*logger)
667 logger=ReloadableXMLFileImpl::m_root->getAttributeNS(NULL,SHIBT_L(logger));
668 if (logger && *logger) {
669 auto_ptr_char logpath(logger);
670 cerr << "loading new logging configuration from " << logpath.get() << "\n";
672 PropertyConfigurator::configure(logpath.get());
673 cerr << "New logging configuration loaded, check log destination for process status..." << "\n";
675 catch (ConfigureFailure& e) {
676 cerr << "Error reading logging configuration: " << e.what() << "\n";
680 Category::getRoot().setPriority(Priority::DEBUG);
683 // First load any property sets.
684 load(ReloadableXMLFileImpl::m_root,log,this);
686 // Much of the processing can only occur on the first instantiation.
688 // Now load any extensions to insure any needed plugins are registered.
690 saml::XML::getFirstChildElement(ReloadableXMLFileImpl::m_root,ShibTargetConfig::SHIBTARGET_NS,SHIBT_L(Extensions));
692 exts=saml::XML::getFirstChildElement(exts,ShibTargetConfig::SHIBTARGET_NS,SHIBT_L(Library));
694 auto_ptr_char path(exts->getAttributeNS(NULL,SHIBT_L(path)));
696 SAMLConfig::getConfig().saml_register_extension(path.get(),exts);
697 log.debug("loaded global extension library %s",path.get());
699 catch (SAMLException& e) {
700 const XMLCh* fatal=exts->getAttributeNS(NULL,SHIBT_L(fatal));
701 if (fatal && (*fatal==chLatin_t || *fatal==chDigit_1)) {
702 log.fatal("unable to load mandatory global extension library %s: %s", path.get(), e.what());
706 log.crit("unable to load optional global extension library %s: %s", path.get(), e.what());
708 exts=saml::XML::getNextSiblingElement(exts,ShibTargetConfig::SHIBTARGET_NS,SHIBT_L(Library));
712 if (conf.isEnabled(ShibTargetConfig::SHARExtensions)) {
713 exts=saml::XML::getFirstChildElement(SHAR,ShibTargetConfig::SHIBTARGET_NS,SHIBT_L(Extensions));
715 exts=saml::XML::getFirstChildElement(exts,ShibTargetConfig::SHIBTARGET_NS,SHIBT_L(Library));
717 auto_ptr_char path(exts->getAttributeNS(NULL,SHIBT_L(path)));
719 SAMLConfig::getConfig().saml_register_extension(path.get(),exts);
720 log.debug("loaded SHAR extension library %s",path.get());
722 catch (SAMLException& e) {
723 const XMLCh* fatal=exts->getAttributeNS(NULL,SHIBT_L(fatal));
724 if (fatal && (*fatal==chLatin_t || *fatal==chDigit_1)) {
725 log.fatal("unable to load mandatory SHAR extension library %s: %s", path.get(), e.what());
729 log.crit("unable to load optional SHAR extension library %s: %s", path.get(), e.what());
731 exts=saml::XML::getNextSiblingElement(exts,ShibTargetConfig::SHIBTARGET_NS,SHIBT_L(Library));
736 if (conf.isEnabled(ShibTargetConfig::SHIREExtensions)) {
737 exts=saml::XML::getFirstChildElement(SHIRE,ShibTargetConfig::SHIBTARGET_NS,SHIBT_L(Extensions));
739 exts=saml::XML::getFirstChildElement(exts,ShibTargetConfig::SHIBTARGET_NS,SHIBT_L(Library));
741 auto_ptr_char path(exts->getAttributeNS(NULL,SHIBT_L(path)));
743 SAMLConfig::getConfig().saml_register_extension(path.get(),exts);
744 log.debug("loaded SHIRE extension library %s",path.get());
746 catch (SAMLException& e) {
747 const XMLCh* fatal=exts->getAttributeNS(NULL,SHIBT_L(fatal));
748 if (fatal && (*fatal==chLatin_t || *fatal==chDigit_1)) {
749 log.fatal("unable to load mandatory SHIRE extension library %s: %s", path.get(), e.what());
753 log.crit("unable to load optional SHIRE extension library %s: %s", path.get(), e.what());
755 exts=saml::XML::getNextSiblingElement(exts,ShibTargetConfig::SHIBTARGET_NS,SHIBT_L(Library));
760 // Instantiate the Listener and SessionCache objects.
761 if (conf.isEnabled(ShibTargetConfig::Listener)) {
762 IPlugIn* plugin=NULL;
763 exts=saml::XML::getFirstChildElement(SHAR,ShibTargetConfig::SHIBTARGET_NS,SHIBT_L(UnixListener));
765 log.info("building Listener of type %s...",shibtarget::XML::UnixListenerType);
766 plugin=shibConf.m_plugMgr.newPlugin(shibtarget::XML::UnixListenerType,exts);
769 exts=saml::XML::getFirstChildElement(SHAR,ShibTargetConfig::SHIBTARGET_NS,SHIBT_L(TCPListener));
771 log.info("building Listener of type %s...",shibtarget::XML::TCPListenerType);
772 plugin=shibConf.m_plugMgr.newPlugin(shibtarget::XML::TCPListenerType,exts);
775 exts=saml::XML::getFirstChildElement(SHAR,ShibTargetConfig::SHIBTARGET_NS,SHIBT_L(Listener));
777 auto_ptr_char type(exts->getAttributeNS(NULL,SHIBT_L(type)));
778 log.info("building Listener of type %s...",type.get());
779 plugin=shibConf.m_plugMgr.newPlugin(type.get(),exts);
782 log.fatal("can't build Listener object, missing conf:Listener element?");
783 throw MalformedException("can't build Listener object, missing conf:Listener element?");
788 IListener* listen=dynamic_cast<IListener*>(plugin);
790 m_outer->m_listener=listen;
793 log.fatal("plugin was not a Listener object");
794 throw UnsupportedExtensionException("plugin was not a Listener object");
799 if (conf.isEnabled(ShibTargetConfig::SessionCache)) {
800 IPlugIn* plugin=NULL;
801 exts=saml::XML::getFirstChildElement(SHAR,ShibTargetConfig::SHIBTARGET_NS,SHIBT_L(MemorySessionCache));
803 log.info("building Session Cache of type %s...",shibtarget::XML::MemorySessionCacheType);
804 plugin=shibConf.m_plugMgr.newPlugin(shibtarget::XML::MemorySessionCacheType,exts);
807 exts=saml::XML::getFirstChildElement(SHAR,ShibTargetConfig::SHIBTARGET_NS,SHIBT_L(MySQLSessionCache));
809 log.info("building Session Cache of type %s...",shibtarget::XML::MySQLSessionCacheType);
810 plugin=shibConf.m_plugMgr.newPlugin(shibtarget::XML::MySQLSessionCacheType,exts);
813 exts=saml::XML::getFirstChildElement(SHAR,ShibTargetConfig::SHIBTARGET_NS,SHIBT_L(SessionCache));
815 auto_ptr_char type(exts->getAttributeNS(NULL,SHIBT_L(type)));
816 log.info("building Session Cache of type %s...",type.get());
817 plugin=shibConf.m_plugMgr.newPlugin(type.get(),exts);
820 log.fatal("can't build Session Cache object, missing conf:SessionCache element?");
821 throw MalformedException("can't build Session Cache object, missing conf:SessionCache element?");
826 ISessionCache* cache=dynamic_cast<ISessionCache*>(plugin);
828 m_outer->m_cache=cache;
831 log.fatal("plugin was not a Session Cache object");
832 throw UnsupportedExtensionException("plugin was not a Session Cache object");
838 // Back to the fully dynamic stuff...next up is the Request Mapper.
839 if (conf.isEnabled(ShibTargetConfig::RequestMapper)) {
840 const DOMElement* child=saml::XML::getFirstChildElement(SHIRE,ShibTargetConfig::SHIBTARGET_NS,SHIBT_L(RequestMapProvider));
842 auto_ptr_char type(child->getAttributeNS(NULL,SHIBT_L(type)));
843 log.info("building Request Mapper of type %s...",type.get());
844 IPlugIn* plugin=shibConf.m_plugMgr.newPlugin(type.get(),child);
846 IRequestMapper* reqmap=dynamic_cast<IRequestMapper*>(plugin);
848 m_requestMapper=reqmap;
851 log.fatal("plugin was not a Request Mapper object");
852 throw UnsupportedExtensionException("plugin was not a Request Mapper object");
857 log.fatal("can't build Request Mapper object, missing conf:RequestMapProvider element?");
858 throw MalformedException("can't build Request Mapper object, missing conf:RequestMapProvider element?");
862 // Load the default application. This actually has a fixed ID of "default". ;-)
863 const DOMElement* app=saml::XML::getFirstChildElement(
864 ReloadableXMLFileImpl::m_root,ShibTargetConfig::SHIBTARGET_NS,SHIBT_L(Applications)
867 log.fatal("can't build default Application object, missing conf:Applications element?");
868 throw SAMLException("can't build default Application object, missing conf:Applications element?");
870 XMLApplication* defapp=new XMLApplication(app);
871 m_appmap[defapp->getId()]=defapp;
873 // Load any overrides.
874 DOMNodeList* nlist=app->getElementsByTagNameNS(ShibTargetConfig::SHIBTARGET_NS,SHIBT_L(Application));
875 for (int i=0; nlist && i<nlist->getLength(); i++) {
876 XMLApplication* iapp=new XMLApplication(static_cast<DOMElement*>(nlist->item(i)),defapp);
877 if (m_appmap.find(iapp->getId())!=m_appmap.end()) {
878 log.fatal("found conf:Application element with duplicate Id attribute");
879 throw SAMLException("found conf:Application element with duplicate Id attribute");
881 m_appmap[iapp->getId()]=iapp;
884 // Finally we load any credentials providers.
885 if (conf.isEnabled(ShibTargetConfig::Credentials)) {
886 nlist=ReloadableXMLFileImpl::m_root->getElementsByTagNameNS(
887 ShibTargetConfig::SHIBTARGET_NS,SHIBT_L(CredentialsProvider)
889 for (int i=0; nlist && i<nlist->getLength(); i++) {
890 auto_ptr_char type(static_cast<DOMElement*>(nlist->item(i))->getAttributeNS(NULL,SHIBT_L(type)));
891 log.info("building Credentials provider of type %s...",type.get());
892 IPlugIn* plugin=shibConf.m_plugMgr.newPlugin(type.get(),static_cast<DOMElement*>(nlist->item(i)));
894 ICredentials* creds=dynamic_cast<ICredentials*>(plugin);
896 m_creds.push_back(creds);
899 log.fatal("plugin was not a Credentials provider");
900 throw UnsupportedExtensionException("plugin was not a Credentials provider");
906 catch (SAMLException& e) {
907 log.errorStream() << "Error while loading target configuration: " << e.what() << CategoryStream::ENDLINE;
908 this->~XMLConfigImpl();
913 log.error("Unexpected error while loading target configuration");
914 this->~XMLConfigImpl();
920 XMLConfigImpl::~XMLConfigImpl()
922 delete m_requestMapper;
923 for (map<string,IApplication*>::iterator i=m_appmap.begin(); i!=m_appmap.end(); i++)
925 for (vector<ICredentials*>::iterator j=m_creds.begin(); j!=m_creds.end(); j++)