projects / shibboleth / sp.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
Glue SOAP client to SP config, expand policy settings.
[shibboleth/sp.git] / shibsp / impl / XMLServiceProvider.cpp
1 /*\r
2  *  Copyright 2001-2007 Internet2\r
3  * \r
4  * Licensed under the Apache License, Version 2.0 (the "License");\r
5  * you may not use this file except in compliance with the License.\r
6  * You may obtain a copy of the License at\r
7  *\r
8  *     http://www.apache.org/licenses/LICENSE-2.0\r
9  *\r
10  * Unless required by applicable law or agreed to in writing, software\r
11  * distributed under the License is distributed on an "AS IS" BASIS,\r
12  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
13  * See the License for the specific language governing permissions and\r
14  * limitations under the License.\r
15  */\r
16 \r
17 /**\r
18  * XMLServiceProvider.cpp\r
19  *\r
20  * XML-based SP configuration and mgmt\r
21  */\r
22 \r
23 #include "internal.h"\r
24 #include "exceptions.h"\r
25 #include "AccessControl.h"\r
26 #include "Application.h"\r
27 #include "Handler.h"\r
28 #include "RequestMapper.h"\r
29 #include "ServiceProvider.h"\r
30 #include "SessionCache.h"\r
31 #include "SPConfig.h"\r
32 #include "SPRequest.h"\r
33 #include "TransactionLog.h"\r
34 #include "attribute/Attribute.h"\r
35 #include "remoting/ListenerService.h"\r
36 #include "security/PKIXTrustEngine.h"\r
37 #include "util/DOMPropertySet.h"\r
38 #include "util/SPConstants.h"\r
39 \r
40 #include <sys/types.h>\r
41 #include <sys/stat.h>\r
42 #include <log4cpp/Category.hh>\r
43 #include <log4cpp/PropertyConfigurator.hh>\r
44 #include <saml/SAMLConfig.h>\r
45 #include <saml/saml1/core/Assertions.h>\r
46 #include <saml/saml2/metadata/ChainingMetadataProvider.h>\r
47 #include <xmltooling/XMLToolingConfig.h>\r
48 #include <xmltooling/security/ChainingTrustEngine.h>\r
49 #include <xmltooling/util/NDC.h>\r
50 #include <xmltooling/util/ReloadableXMLFile.h>\r
51 #include <xmltooling/util/ReplayCache.h>\r
52 \r
53 using namespace shibsp;\r
54 using namespace opensaml::saml2;\r
55 using namespace opensaml::saml2md;\r
56 using namespace opensaml;\r
57 using namespace xmltooling;\r
58 using namespace log4cpp;\r
59 using namespace std;\r
60 using xmlsignature::CredentialResolver;\r
61 \r
62 namespace {\r
63 \r
64 #if defined (_MSC_VER)\r
65     #pragma warning( push )\r
66     #pragma warning( disable : 4250 )\r
67 #endif\r
68 \r
69     static vector<const Handler*> g_noHandlers;\r
70 \r
71     // Application configuration wrapper\r
72     class SHIBSP_DLLLOCAL XMLApplication : public virtual Application, public DOMPropertySet, public DOMNodeFilter\r
73     {\r
74     public:\r
75         XMLApplication(const ServiceProvider*, const DOMElement* e, const XMLApplication* base=NULL);\r
76         ~XMLApplication() { cleanup(); }\r
77     \r
78         // PropertySet\r
79         pair<bool,bool> getBool(const char* name, const char* ns=NULL) const;\r
80         pair<bool,const char*> getString(const char* name, const char* ns=NULL) const;\r
81         pair<bool,const XMLCh*> getXMLString(const char* name, const char* ns=NULL) const;\r
82         pair<bool,unsigned int> getUnsignedInt(const char* name, const char* ns=NULL) const;\r
83         pair<bool,int> getInt(const char* name, const char* ns=NULL) const;\r
84         const PropertySet* getPropertySet(const char* name, const char* ns="urn:mace:shibboleth:target:config:1.0") const;\r
85 \r
86         // Application\r
87         const char* getId() const {return getString("id").second;}\r
88         const char* getHash() const {return m_hash.c_str();}\r
89         MetadataProvider* getMetadataProvider() const;\r
90         TrustEngine* getTrustEngine() const;\r
91         const vector<const XMLCh*>& getAudiences() const;\r
92         const PropertySet* getCredentialUse(const EntityDescriptor* provider) const;\r
93 \r
94         const Handler* getDefaultSessionInitiator() const;\r
95         const Handler* getSessionInitiatorById(const char* id) const;\r
96         const Handler* getDefaultAssertionConsumerService() const;\r
97         const Handler* getAssertionConsumerServiceByIndex(unsigned short index) const;\r
98         const vector<const Handler*>& getAssertionConsumerServicesByBinding(const XMLCh* binding) const;\r
99         const Handler* getHandler(const char* path) const;\r
100         \r
101         // Provides filter to exclude special config elements.\r
102         short acceptNode(const DOMNode* node) const;\r
103     \r
104     private:\r
105         void cleanup();\r
106         const ServiceProvider* m_sp;   // this is ok because its locking scope includes us\r
107         const XMLApplication* m_base;\r
108         string m_hash;\r
109         MetadataProvider* m_metadata;\r
110         TrustEngine* m_trust;\r
111         vector<const XMLCh*> m_audiences;\r
112 \r
113         // manage handler objects\r
114         vector<Handler*> m_handlers;\r
115 \r
116         // maps location (path info) to applicable handlers\r
117         map<string,const Handler*> m_handlerMap;\r
118 \r
119         // maps unique indexes to consumer services\r
120         map<unsigned int,const Handler*> m_acsIndexMap;\r
121         \r
122         // pointer to default consumer service\r
123         const Handler* m_acsDefault;\r
124 \r
125         // maps binding strings to supporting consumer service(s)\r
126 #ifdef HAVE_GOOD_STL\r
127         typedef map<xstring,vector<const Handler*> > ACSBindingMap;\r
128 #else\r
129         typedef map<string,vector<const Handler*> > ACSBindingMap;\r
130 #endif\r
131         ACSBindingMap m_acsBindingMap;\r
132 \r
133         // maps unique ID strings to session initiators\r
134         map<string,const Handler*> m_sessionInitMap;\r
135 \r
136         // pointer to default session initiator\r
137         const Handler* m_sessionInitDefault;\r
138 \r
139         DOMPropertySet* m_credDefault;\r
140 #ifdef HAVE_GOOD_STL\r
141         map<xstring,PropertySet*> m_credMap;\r
142 #else\r
143         map<const XMLCh*,PropertySet*> m_credMap;\r
144 #endif\r
145     };\r
146 \r
147     // Top-level configuration implementation\r
148     class SHIBSP_DLLLOCAL XMLConfig;\r
149     class SHIBSP_DLLLOCAL XMLConfigImpl : public DOMPropertySet, public DOMNodeFilter\r
150     {\r
151     public:\r
152         XMLConfigImpl(const DOMElement* e, bool first, const XMLConfig* outer);\r
153         ~XMLConfigImpl();\r
154         \r
155         RequestMapper* m_requestMapper;\r
156         map<string,Application*> m_appmap;\r
157         map<string,CredentialResolver*> m_credResolverMap;\r
158         map< string,pair< PropertySet*,vector<const SecurityPolicyRule*> > > m_policyMap;\r
159         \r
160         // Provides filter to exclude special config elements.\r
161         short acceptNode(const DOMNode* node) const;\r
162 \r
163         void setDocument(DOMDocument* doc) {\r
164             m_document = doc;\r
165         }\r
166 \r
167     private:\r
168         void doExtensions(const DOMElement* e, const char* label, Category& log);\r
169 \r
170         const XMLConfig* m_outer;\r
171         DOMDocument* m_document;\r
172     };\r
173 \r
174     class SHIBSP_DLLLOCAL XMLConfig : public ServiceProvider, public ReloadableXMLFile\r
175     {\r
176     public:\r
177         XMLConfig(const DOMElement* e)\r
178             : ReloadableXMLFile(e), m_impl(NULL), m_listener(NULL), m_sessionCache(NULL), m_tranLog(NULL) {\r
179         }\r
180         \r
181         void init() {\r
182             load();\r
183         }\r
184 \r
185         ~XMLConfig() {\r
186             delete m_impl;\r
187             delete m_sessionCache;\r
188             delete m_listener;\r
189             delete m_tranLog;\r
190             XMLToolingConfig::getConfig().setReplayCache(NULL);\r
191             for_each(m_storage.begin(), m_storage.end(), cleanup_pair<string,StorageService>());\r
192         }\r
193 \r
194         // PropertySet\r
195         pair<bool,bool> getBool(const char* name, const char* ns=NULL) const {return m_impl->getBool(name,ns);}\r
196         pair<bool,const char*> getString(const char* name, const char* ns=NULL) const {return m_impl->getString(name,ns);}\r
197         pair<bool,const XMLCh*> getXMLString(const char* name, const char* ns=NULL) const {return m_impl->getXMLString(name,ns);}\r
198         pair<bool,unsigned int> getUnsignedInt(const char* name, const char* ns=NULL) const {return m_impl->getUnsignedInt(name,ns);}\r
199         pair<bool,int> getInt(const char* name, const char* ns=NULL) const {return m_impl->getInt(name,ns);}\r
200         const PropertySet* getPropertySet(const char* name, const char* ns="urn:mace:shibboleth:sp:config:2.0") const {return m_impl->getPropertySet(name,ns);}\r
201         const DOMElement* getElement() const {return m_impl->getElement();}\r
202 \r
203         // ServiceProvider\r
204         TransactionLog* getTransactionLog() const {\r
205             if (m_tranLog)\r
206                 return m_tranLog;\r
207             throw ConfigurationException("No TransactionLog available.");\r
208         }\r
209 \r
210         StorageService* getStorageService(const char* id) const {\r
211             if (id) {\r
212                 map<string,StorageService*>::const_iterator i=m_storage.find(id);\r
213                 if (i!=m_storage.end())\r
214                     return i->second;\r
215             }\r
216             return NULL;\r
217         }\r
218 \r
219         ListenerService* getListenerService(bool required=true) const {\r
220             if (required && !m_listener)\r
221                 throw ConfigurationException("No ListenerService available.");\r
222             return m_listener;\r
223         }\r
224 \r
225         SessionCache* getSessionCache(bool required=true) const {\r
226             if (required && !m_sessionCache)\r
227                 throw ConfigurationException("No SessionCache available.");\r
228             return m_sessionCache;\r
229         }\r
230 \r
231         RequestMapper* getRequestMapper(bool required=true) const {\r
232             if (required && !m_impl->m_requestMapper)\r
233                 throw ConfigurationException("No RequestMapper available.");\r
234             return m_impl->m_requestMapper;\r
235         }\r
236 \r
237         const Application* getApplication(const char* applicationId) const {\r
238             map<string,Application*>::const_iterator i=m_impl->m_appmap.find(applicationId);\r
239             return (i!=m_impl->m_appmap.end()) ? i->second : NULL;\r
240         }\r
241 \r
242         CredentialResolver* getCredentialResolver(const char* id) const {\r
243             if (id) {\r
244                 map<string,CredentialResolver*>::const_iterator i=m_impl->m_credResolverMap.find(id);\r
245                 if (i!=m_impl->m_credResolverMap.end())\r
246                     return i->second;\r
247             }\r
248             return NULL;\r
249         }\r
250 \r
251         const PropertySet* getPolicySettings(const char* id) const {\r
252             map<string,pair<PropertySet*,vector<const SecurityPolicyRule*> > >::const_iterator i = m_impl->m_policyMap.find(id);\r
253             if (i!=m_impl->m_policyMap.end())\r
254                 return i->second.first;\r
255             throw ConfigurationException("Security Policy ($1) not found, check <SecurityPolicies> element.", params(1,id));\r
256         }\r
257 \r
258         const vector<const SecurityPolicyRule*>& getPolicyRules(const char* id) const {\r
259             map<string,pair<PropertySet*,vector<const SecurityPolicyRule*> > >::const_iterator i = m_impl->m_policyMap.find(id);\r
260             if (i!=m_impl->m_policyMap.end())\r
261                 return i->second.second;\r
262             throw ConfigurationException("Security Policy ($1) not found, check <SecurityPolicies> element.", params(1,id));\r
263         }\r
264 \r
265     protected:\r
266         pair<bool,DOMElement*> load();\r
267 \r
268     private:\r
269         friend class XMLConfigImpl;\r
270         XMLConfigImpl* m_impl;\r
271         mutable ListenerService* m_listener;\r
272         mutable SessionCache* m_sessionCache;\r
273         mutable TransactionLog* m_tranLog;\r
274         mutable map<string,StorageService*> m_storage;\r
275     };\r
276 \r
277 #if defined (_MSC_VER)\r
278     #pragma warning( pop )\r
279 #endif\r
280 \r
281     static const XMLCh _Application[] =         UNICODE_LITERAL_11(A,p,p,l,i,c,a,t,i,o,n);\r
282     static const XMLCh Applications[] =         UNICODE_LITERAL_12(A,p,p,l,i,c,a,t,i,o,n,s);\r
283     static const XMLCh Credentials[] =          UNICODE_LITERAL_11(C,r,e,d,e,n,t,i,a,l,s);\r
284     static const XMLCh CredentialUse[] =        UNICODE_LITERAL_13(C,r,e,d,e,n,t,i,a,l,U,s,e);\r
285     static const XMLCh fatal[] =                UNICODE_LITERAL_5(f,a,t,a,l);\r
286     static const XMLCh _Handler[] =             UNICODE_LITERAL_7(H,a,n,d,l,e,r);\r
287     static const XMLCh _id[] =                  UNICODE_LITERAL_2(i,d);\r
288     static const XMLCh Implementation[] =       UNICODE_LITERAL_14(I,m,p,l,e,m,e,n,t,a,t,i,o,n);\r
289     static const XMLCh InProcess[] =            UNICODE_LITERAL_9(I,n,P,r,o,c,e,s,s);\r
290     static const XMLCh Library[] =              UNICODE_LITERAL_7(L,i,b,r,a,r,y);\r
291     static const XMLCh Listener[] =             UNICODE_LITERAL_8(L,i,s,t,e,n,e,r);\r
292     static const XMLCh logger[] =               UNICODE_LITERAL_6(l,o,g,g,e,r);\r
293     static const XMLCh MemoryListener[] =       UNICODE_LITERAL_14(M,e,m,o,r,y,L,i,s,t,e,n,e,r);\r
294     static const XMLCh Policy[] =               UNICODE_LITERAL_6(P,o,l,i,c,y);\r
295     static const XMLCh RelyingParty[] =         UNICODE_LITERAL_12(R,e,l,y,i,n,g,P,a,r,t,y);\r
296     static const XMLCh _ReplayCache[] =         UNICODE_LITERAL_11(R,e,p,l,a,y,C,a,c,h,e);\r
297     static const XMLCh _RequestMapper[] =       UNICODE_LITERAL_13(R,e,q,u,e,s,t,M,a,p,p,e,r);\r
298     static const XMLCh Rule[] =                 UNICODE_LITERAL_4(R,u,l,e);\r
299     static const XMLCh SecurityPolicies[] =     UNICODE_LITERAL_16(S,e,c,u,r,i,t,y,P,o,l,i,c,i,e,s);\r
300     static const XMLCh _SessionCache[] =        UNICODE_LITERAL_12(S,e,s,s,i,o,n,C,a,c,h,e);\r
301     static const XMLCh SessionInitiator[] =     UNICODE_LITERAL_16(S,e,s,s,i,o,n,I,n,i,t,i,a,t,o,r);\r
302     static const XMLCh _StorageService[] =      UNICODE_LITERAL_14(S,t,o,r,a,g,e,S,e,r,v,i,c,e);\r
303     static const XMLCh OutOfProcess[] =         UNICODE_LITERAL_12(O,u,t,O,f,P,r,o,c,e,s,s);\r
304     static const XMLCh TCPListener[] =          UNICODE_LITERAL_11(T,C,P,L,i,s,t,e,n,e,r);\r
305     static const XMLCh _TrustEngine[] =         UNICODE_LITERAL_11(T,r,u,s,t,E,n,g,i,n,e);\r
306     static const XMLCh UnixListener[] =         UNICODE_LITERAL_12(U,n,i,x,L,i,s,t,e,n,e,r);\r
307     static const XMLCh _MetadataProvider[] =    UNICODE_LITERAL_16(M,e,t,a,d,a,t,a,P,r,o,v,i,d,e,r);\r
308     static const XMLCh _path[] =                UNICODE_LITERAL_4(p,a,t,h);\r
309     static const XMLCh _type[] =                UNICODE_LITERAL_4(t,y,p,e);\r
310 \r
311     class SHIBSP_DLLLOCAL PolicyNodeFilter : public DOMNodeFilter\r
312     {\r
313     public:\r
314         short acceptNode(const DOMNode* node) const {\r
315             if (XMLHelper::isNodeNamed(node,shibspconstants::SHIB2SPCONFIG_NS,Rule))\r
316                 return FILTER_REJECT;\r
317             return FILTER_ACCEPT;\r
318         }\r
319     };\r
320 };\r
321 \r
322 namespace shibsp {\r
323     ServiceProvider* XMLServiceProviderFactory(const DOMElement* const & e)\r
324     {\r
325         return new XMLConfig(e);\r
326     }\r
327 };\r
328 \r
329 XMLApplication::XMLApplication(\r
330     const ServiceProvider* sp,\r
331     const DOMElement* e,\r
332     const XMLApplication* base\r
333     ) : m_sp(sp), m_base(base), m_metadata(NULL), m_trust(NULL),\r
334         m_credDefault(NULL), m_sessionInitDefault(NULL), m_acsDefault(NULL)\r
335 {\r
336 #ifdef _DEBUG\r
337     xmltooling::NDC ndc("XMLApplication");\r
338 #endif\r
339     Category& log=Category::getInstance(SHIBSP_LOGCAT".Application");\r
340 \r
341     try {\r
342         // First load any property sets.\r
343         load(e,log,this);\r
344 \r
345         SPConfig& conf=SPConfig::getConfig();\r
346         SAMLConfig& samlConf=SAMLConfig::getConfig();\r
347         XMLToolingConfig& xmlConf=XMLToolingConfig::getConfig();\r
348 \r
349         m_hash=getId();\r
350         m_hash+=getString("providerId").second;\r
351         m_hash=samlConf.hashSHA1(m_hash.c_str(), true);\r
352 \r
353         const PropertySet* sessions = getPropertySet("Sessions");\r
354 \r
355         // Process handlers.\r
356         Handler* handler=NULL;\r
357         bool hardACS=false, hardSessionInit=false;\r
358         const DOMElement* child = sessions ? XMLHelper::getFirstChildElement(sessions->getElement()) : NULL;\r
359         while (child) {\r
360             try {\r
361                 // A handler is based on the Binding property in conjunction with the element name.\r
362                 // If it's an ACS or SI, also handle index/id mappings and defaulting.\r
363                 if (XMLHelper::isNodeNamed(child,samlconstants::SAML20MD_NS,AssertionConsumerService::LOCAL_NAME)) {\r
364                     auto_ptr_char bindprop(child->getAttributeNS(NULL,EndpointType::BINDING_ATTRIB_NAME));\r
365                     if (!bindprop.get() || !*(bindprop.get())) {\r
366                         log.warn("md:AssertionConsumerService element has no Binding attribute, skipping it...");\r
367                         child = XMLHelper::getNextSiblingElement(child);\r
368                         continue;\r
369                     }\r
370                     handler=conf.AssertionConsumerServiceManager.newPlugin(bindprop.get(),child);\r
371                     // Map by binding (may be > 1 per binding, e.g. SAML 1.0 vs 1.1)\r
372 #ifdef HAVE_GOOD_STL\r
373                     m_acsBindingMap[handler->getXMLString("Binding").second].push_back(handler);\r
374 #else\r
375                     m_acsBindingMap[handler->getString("Binding").second].push_back(handler);\r
376 #endif\r
377                     m_acsIndexMap[handler->getUnsignedInt("index").second]=handler;\r
378                     \r
379                     if (!hardACS) {\r
380                         pair<bool,bool> defprop=handler->getBool("isDefault");\r
381                         if (defprop.first) {\r
382                             if (defprop.second) {\r
383                                 hardACS=true;\r
384                                 m_acsDefault=handler;\r
385                             }\r
386                         }\r
387                         else if (!m_acsDefault)\r
388                             m_acsDefault=handler;\r
389                     }\r
390                 }\r
391                 else if (XMLString::equals(child->getLocalName(),SessionInitiator)) {\r
392                     auto_ptr_char bindprop(child->getAttributeNS(NULL,EndpointType::BINDING_ATTRIB_NAME));\r
393                     if (!bindprop.get() || !*(bindprop.get())) {\r
394                         log.warn("SessionInitiator element has no Binding attribute, skipping it...");\r
395                         child = XMLHelper::getNextSiblingElement(child);\r
396                         continue;\r
397                     }\r
398                     handler=conf.SessionInitiatorManager.newPlugin(bindprop.get(),child);\r
399                     pair<bool,const char*> si_id=handler->getString("id");\r
400                     if (si_id.first && si_id.second)\r
401                         m_sessionInitMap[si_id.second]=handler;\r
402                     if (!hardSessionInit) {\r
403                         pair<bool,bool> defprop=handler->getBool("isDefault");\r
404                         if (defprop.first) {\r
405                             if (defprop.second) {\r
406                                 hardSessionInit=true;\r
407                                 m_sessionInitDefault=handler;\r
408                             }\r
409                         }\r
410                         else if (!m_sessionInitDefault)\r
411                             m_sessionInitDefault=handler;\r
412                     }\r
413                 }\r
414                 else if (XMLHelper::isNodeNamed(child,samlconstants::SAML20MD_NS,SingleLogoutService::LOCAL_NAME)) {\r
415                     auto_ptr_char bindprop(child->getAttributeNS(NULL,EndpointType::BINDING_ATTRIB_NAME));\r
416                     if (!bindprop.get() || !*(bindprop.get())) {\r
417                         log.warn("md:SingleLogoutService element has no Binding attribute, skipping it...");\r
418                         child = XMLHelper::getNextSiblingElement(child);\r
419                         continue;\r
420                     }\r
421                     handler=conf.SingleLogoutServiceManager.newPlugin(bindprop.get(),child);\r
422                 }\r
423                 else if (XMLHelper::isNodeNamed(child,samlconstants::SAML20MD_NS,ManageNameIDService::LOCAL_NAME)) {\r
424                     auto_ptr_char bindprop(child->getAttributeNS(NULL,EndpointType::BINDING_ATTRIB_NAME));\r
425                     if (!bindprop.get() || !*(bindprop.get())) {\r
426                         log.warn("md:ManageNameIDService element has no Binding attribute, skipping it...");\r
427                         child = XMLHelper::getNextSiblingElement(child);\r
428                         continue;\r
429                     }\r
430                     handler=conf.ManageNameIDServiceManager.newPlugin(bindprop.get(),child);\r
431                 }\r
432                 else {\r
433                     auto_ptr_char type(child->getAttributeNS(NULL,_type));\r
434                     if (!type.get() || !*(type.get())) {\r
435                         log.warn("Handler element has no type attribute, skipping it...");\r
436                         child = XMLHelper::getNextSiblingElement(child);\r
437                         continue;\r
438                     }\r
439                     handler=conf.HandlerManager.newPlugin(type.get(),child);\r
440                 }\r
441 \r
442                 // Save off the objects after giving the property set to the handler for its use.\r
443                 m_handlers.push_back(handler);\r
444 \r
445                 // Insert into location map.\r
446                 pair<bool,const char*> location=handler->getString("Location");\r
447                 if (location.first && *location.second == '/')\r
448                     m_handlerMap[location.second]=handler;\r
449                 else if (location.first)\r
450                     m_handlerMap[string("/") + location.second]=handler;\r
451 \r
452             }\r
453             catch (exception& ex) {\r
454                 log.error("caught exception processing handler element: %s", ex.what());\r
455             }\r
456             \r
457             child = XMLHelper::getNextSiblingElement(child);\r
458         }\r
459 \r
460         DOMNodeList* nlist=e->getElementsByTagNameNS(samlconstants::SAML20_NS,Audience::LOCAL_NAME);\r
461         for (XMLSize_t i=0; nlist && i<nlist->getLength(); i++)\r
462             if (nlist->item(i)->getParentNode()->isSameNode(e) && nlist->item(i)->hasChildNodes())\r
463                 m_audiences.push_back(nlist->item(i)->getFirstChild()->getNodeValue());\r
464 \r
465         // Always include our own providerId as an audience.\r
466         m_audiences.push_back(getXMLString("providerId").second);\r
467 \r
468         if (conf.isEnabled(SPConfig::AttributeResolver)) {\r
469             // TODO\r
470         }\r
471 \r
472         if (conf.isEnabled(SPConfig::Metadata)) {\r
473             child = XMLHelper::getFirstChildElement(e,_MetadataProvider);\r
474             if (child) {\r
475                 auto_ptr_char type(child->getAttributeNS(NULL,_type));\r
476                 log.info("building metadata provider of type %s...",type.get());\r
477                 try {\r
478                     auto_ptr<MetadataProvider> mp(samlConf.MetadataProviderManager.newPlugin(type.get(),child));\r
479                     mp->init();\r
480                     m_metadata = mp.release();\r
481                 }\r
482                 catch (exception& ex) {\r
483                     log.crit("error building/initializing metadata provider: %s", ex.what());\r
484                 }\r
485             }\r
486         }\r
487 \r
488         if (conf.isEnabled(SPConfig::Trust)) {\r
489             child = XMLHelper::getFirstChildElement(e,_TrustEngine);\r
490             if (child) {\r
491                 auto_ptr_char type(child->getAttributeNS(NULL,_type));\r
492                 log.info("building trust engine of type %s...",type.get());\r
493                 try {\r
494                     m_trust = xmlConf.TrustEngineManager.newPlugin(type.get(),child);\r
495                 }\r
496                 catch (exception& ex) {\r
497                     log.crit("error building trust engine: %s",ex.what());\r
498                 }\r
499             }\r
500         }\r
501         \r
502         // Finally, load credential mappings.\r
503         child = XMLHelper::getFirstChildElement(e,CredentialUse);\r
504         if (child) {\r
505             m_credDefault=new DOMPropertySet();\r
506             m_credDefault->load(child,log,this);\r
507             child = XMLHelper::getFirstChildElement(child,RelyingParty);\r
508             while (child) {\r
509                 DOMPropertySet* rp=new DOMPropertySet();\r
510                 rp->load(child,log,this);\r
511                 m_credMap[child->getAttributeNS(NULL,opensaml::saml2::Attribute::NAME_ATTRIB_NAME)]=rp;\r
512                 child = XMLHelper::getNextSiblingElement(child,RelyingParty);\r
513             }\r
514         }\r
515         \r
516         if (conf.isEnabled(SPConfig::OutOfProcess)) {\r
517             // Really finally, build local browser profile and binding objects.\r
518             // TODO: may need some bits here...\r
519         }\r
520     }\r
521     catch (exception&) {\r
522         cleanup();\r
523         throw;\r
524     }\r
525 #ifndef _DEBUG\r
526     catch (...) {\r
527         cleanup();\r
528         throw;\r
529     }\r
530 #endif\r
531 }\r
532 \r
533 void XMLApplication::cleanup()\r
534 {\r
535     for_each(m_handlers.begin(),m_handlers.end(),xmltooling::cleanup<Handler>());\r
536     \r
537     delete m_credDefault;\r
538 #ifdef HAVE_GOOD_STL\r
539     for_each(m_credMap.begin(),m_credMap.end(),cleanup_pair<xstring,PropertySet>());\r
540 #else\r
541     for_each(m_credMap.begin(),m_credMap.end(),cleanup_pair<const XMLCh*,PropertySet>());\r
542 #endif\r
543 \r
544     delete m_trust;\r
545     delete m_metadata;\r
546 }\r
547 \r
548 short XMLApplication::acceptNode(const DOMNode* node) const\r
549 {\r
550     if (XMLHelper::isNodeNamed(node,samlconstants::SAML20_NS,opensaml::saml2::Attribute::LOCAL_NAME))\r
551         return FILTER_REJECT;\r
552     else if (XMLHelper::isNodeNamed(node,samlconstants::SAML20_NS,Audience::LOCAL_NAME))\r
553         return FILTER_REJECT;\r
554     const XMLCh* name=node->getLocalName();\r
555     if (XMLString::equals(name,_Application) ||\r
556         XMLString::equals(name,AssertionConsumerService::LOCAL_NAME) ||\r
557         XMLString::equals(name,SingleLogoutService::LOCAL_NAME) ||\r
558         XMLString::equals(name,ManageNameIDService::LOCAL_NAME) ||\r
559         XMLString::equals(name,SessionInitiator) ||\r
560         XMLString::equals(name,CredentialUse) ||\r
561         XMLString::equals(name,RelyingParty) ||\r
562         XMLString::equals(name,_MetadataProvider) ||\r
563         XMLString::equals(name,_TrustEngine))\r
564         return FILTER_REJECT;\r
565 \r
566     return FILTER_ACCEPT;\r
567 }\r
568 \r
569 pair<bool,bool> XMLApplication::getBool(const char* name, const char* ns) const\r
570 {\r
571     pair<bool,bool> ret=DOMPropertySet::getBool(name,ns);\r
572     if (ret.first)\r
573         return ret;\r
574     return m_base ? m_base->getBool(name,ns) : ret;\r
575 }\r
576 \r
577 pair<bool,const char*> XMLApplication::getString(const char* name, const char* ns) const\r
578 {\r
579     pair<bool,const char*> ret=DOMPropertySet::getString(name,ns);\r
580     if (ret.first)\r
581         return ret;\r
582     return m_base ? m_base->getString(name,ns) : ret;\r
583 }\r
584 \r
585 pair<bool,const XMLCh*> XMLApplication::getXMLString(const char* name, const char* ns) const\r
586 {\r
587     pair<bool,const XMLCh*> ret=DOMPropertySet::getXMLString(name,ns);\r
588     if (ret.first)\r
589         return ret;\r
590     return m_base ? m_base->getXMLString(name,ns) : ret;\r
591 }\r
592 \r
593 pair<bool,unsigned int> XMLApplication::getUnsignedInt(const char* name, const char* ns) const\r
594 {\r
595     pair<bool,unsigned int> ret=DOMPropertySet::getUnsignedInt(name,ns);\r
596     if (ret.first)\r
597         return ret;\r
598     return m_base ? m_base->getUnsignedInt(name,ns) : ret;\r
599 }\r
600 \r
601 pair<bool,int> XMLApplication::getInt(const char* name, const char* ns) const\r
602 {\r
603     pair<bool,int> ret=DOMPropertySet::getInt(name,ns);\r
604     if (ret.first)\r
605         return ret;\r
606     return m_base ? m_base->getInt(name,ns) : ret;\r
607 }\r
608 \r
609 const PropertySet* XMLApplication::getPropertySet(const char* name, const char* ns) const\r
610 {\r
611     const PropertySet* ret=DOMPropertySet::getPropertySet(name,ns);\r
612     if (ret || !m_base)\r
613         return ret;\r
614     return m_base->getPropertySet(name,ns);\r
615 }\r
616 \r
617 MetadataProvider* XMLApplication::getMetadataProvider() const\r
618 {\r
619     return (!m_metadata && m_base) ? m_base->getMetadataProvider() : m_metadata;\r
620 }\r
621 \r
622 TrustEngine* XMLApplication::getTrustEngine() const\r
623 {\r
624     return (!m_trust && m_base) ? m_base->getTrustEngine() : m_trust;\r
625 }\r
626 \r
627 const vector<const XMLCh*>& XMLApplication::getAudiences() const\r
628 {\r
629     return (m_audiences.empty() && m_base) ? m_base->getAudiences() : m_audiences;\r
630 }\r
631 \r
632 const PropertySet* XMLApplication::getCredentialUse(const EntityDescriptor* provider) const\r
633 {\r
634     if (!m_credDefault && m_base)\r
635         return m_base->getCredentialUse(provider);\r
636         \r
637 #ifdef HAVE_GOOD_STL\r
638     map<xstring,PropertySet*>::const_iterator i=m_credMap.find(provider->getEntityID());\r
639     if (i!=m_credMap.end())\r
640         return i->second;\r
641     const EntitiesDescriptor* group=dynamic_cast<const EntitiesDescriptor*>(provider->getParent());\r
642     while (group) {\r
643         if (group->getName()) {\r
644             i=m_credMap.find(group->getName());\r
645             if (i!=m_credMap.end())\r
646                 return i->second;\r
647         }\r
648         group=dynamic_cast<const EntitiesDescriptor*>(group->getParent());\r
649     }\r
650 #else\r
651     map<const XMLCh*,PropertySet*>::const_iterator i=m_credMap.begin();\r
652     for (; i!=m_credMap.end(); i++) {\r
653         if (XMLString::equals(i->first,provider->getId()))\r
654             return i->second;\r
655         const EntitiesDescriptor* group=dynamic_cast<const EntitiesDescriptor*>(provider->getParent());\r
656         while (group) {\r
657             if (XMLString::equals(i->first,group->getName()))\r
658                 return i->second;\r
659             group=dynamic_cast<const EntitiesDescriptor*>(group->getParent());\r
660         }\r
661     }\r
662 #endif\r
663     return m_credDefault;\r
664 }\r
665 \r
666 const Handler* XMLApplication::getDefaultSessionInitiator() const\r
667 {\r
668     if (m_sessionInitDefault) return m_sessionInitDefault;\r
669     return m_base ? m_base->getDefaultSessionInitiator() : NULL;\r
670 }\r
671 \r
672 const Handler* XMLApplication::getSessionInitiatorById(const char* id) const\r
673 {\r
674     map<string,const Handler*>::const_iterator i=m_sessionInitMap.find(id);\r
675     if (i!=m_sessionInitMap.end()) return i->second;\r
676     return m_base ? m_base->getSessionInitiatorById(id) : NULL;\r
677 }\r
678 \r
679 const Handler* XMLApplication::getDefaultAssertionConsumerService() const\r
680 {\r
681     if (m_acsDefault) return m_acsDefault;\r
682     return m_base ? m_base->getDefaultAssertionConsumerService() : NULL;\r
683 }\r
684 \r
685 const Handler* XMLApplication::getAssertionConsumerServiceByIndex(unsigned short index) const\r
686 {\r
687     map<unsigned int,const Handler*>::const_iterator i=m_acsIndexMap.find(index);\r
688     if (i!=m_acsIndexMap.end()) return i->second;\r
689     return m_base ? m_base->getAssertionConsumerServiceByIndex(index) : NULL;\r
690 }\r
691 \r
692 const vector<const Handler*>& XMLApplication::getAssertionConsumerServicesByBinding(const XMLCh* binding) const\r
693 {\r
694 #ifdef HAVE_GOOD_STL\r
695     ACSBindingMap::const_iterator i=m_acsBindingMap.find(binding);\r
696 #else\r
697     auto_ptr_char temp(binding);\r
698     ACSBindingMap::const_iterator i=m_acsBindingMap.find(temp.get());\r
699 #endif\r
700     if (i!=m_acsBindingMap.end())\r
701         return i->second;\r
702     return m_base ? m_base->getAssertionConsumerServicesByBinding(binding) : g_noHandlers;\r
703 }\r
704 \r
705 const Handler* XMLApplication::getHandler(const char* path) const\r
706 {\r
707     string wrap(path);\r
708     map<string,const Handler*>::const_iterator i=m_handlerMap.find(wrap.substr(0,wrap.find('?')));\r
709     if (i!=m_handlerMap.end())\r
710         return i->second;\r
711     return m_base ? m_base->getHandler(path) : NULL;\r
712 }\r
713 \r
714 short XMLConfigImpl::acceptNode(const DOMNode* node) const\r
715 {\r
716     if (!XMLString::equals(node->getNamespaceURI(),shibspconstants::SHIB2SPCONFIG_NS))\r
717         return FILTER_ACCEPT;\r
718     const XMLCh* name=node->getLocalName();\r
719     if (XMLString::equals(name,Applications) ||\r
720         XMLString::equals(name,Credentials) ||\r
721         XMLString::equals(name,Extensions::LOCAL_NAME) ||\r
722         XMLString::equals(name,Implementation) ||\r
723         XMLString::equals(name,Listener) ||\r
724         XMLString::equals(name,MemoryListener) ||\r
725         XMLString::equals(name,Policy) ||\r
726         XMLString::equals(name,_RequestMapper) ||\r
727         XMLString::equals(name,_ReplayCache) ||\r
728         XMLString::equals(name,_SessionCache) ||\r
729         XMLString::equals(name,_StorageService) ||\r
730         XMLString::equals(name,TCPListener) ||\r
731         XMLString::equals(name,UnixListener))\r
732         return FILTER_REJECT;\r
733 \r
734     return FILTER_ACCEPT;\r
735 }\r
736 \r
737 void XMLConfigImpl::doExtensions(const DOMElement* e, const char* label, Category& log)\r
738 {\r
739     const DOMElement* exts=XMLHelper::getFirstChildElement(e,Extensions::LOCAL_NAME);\r
740     if (exts) {\r
741         exts=XMLHelper::getFirstChildElement(exts,Library);\r
742         while (exts) {\r
743             auto_ptr_char path(exts->getAttributeNS(NULL,_path));\r
744             try {\r
745                 if (path.get()) {\r
746                     XMLToolingConfig::getConfig().load_library(path.get(),(void*)exts);\r
747                     log.debug("loaded %s extension library (%s)", label, path.get());\r
748                 }\r
749             }\r
750             catch (exception& e) {\r
751                 const XMLCh* fatal=exts->getAttributeNS(NULL,fatal);\r
752                 if (fatal && (*fatal==chLatin_t || *fatal==chDigit_1)) {\r
753                     log.fatal("unable to load mandatory %s extension library %s: %s", label, path.get(), e.what());\r
754                     throw;\r
755                 }\r
756                 else {\r
757                     log.crit("unable to load optional %s extension library %s: %s", label, path.get(), e.what());\r
758                 }\r
759             }\r
760             exts=XMLHelper::getNextSiblingElement(exts,Library);\r
761         }\r
762     }\r
763 }\r
764 \r
765 XMLConfigImpl::XMLConfigImpl(const DOMElement* e, bool first, const XMLConfig* outer) : m_requestMapper(NULL), m_outer(outer), m_document(NULL)\r
766 {\r
767 #ifdef _DEBUG\r
768     xmltooling::NDC ndc("XMLConfigImpl");\r
769 #endif\r
770     Category& log=Category::getInstance(SHIBSP_LOGCAT".Config");\r
771 \r
772     try {\r
773         SPConfig& conf=SPConfig::getConfig();\r
774         SAMLConfig& samlConf=SAMLConfig::getConfig();\r
775         XMLToolingConfig& xmlConf=XMLToolingConfig::getConfig();\r
776         const DOMElement* SHAR=XMLHelper::getFirstChildElement(e,OutOfProcess);\r
777         const DOMElement* SHIRE=XMLHelper::getFirstChildElement(e,InProcess);\r
778 \r
779         // Initialize log4cpp manually in order to redirect log messages as soon as possible.\r
780         if (conf.isEnabled(SPConfig::Logging)) {\r
781             const XMLCh* logconf=NULL;\r
782             if (conf.isEnabled(SPConfig::OutOfProcess))\r
783                 logconf=SHAR->getAttributeNS(NULL,logger);\r
784             else if (conf.isEnabled(SPConfig::InProcess))\r
785                 logconf=SHIRE->getAttributeNS(NULL,logger);\r
786             if (!logconf || !*logconf)\r
787                 logconf=e->getAttributeNS(NULL,logger);\r
788             if (logconf && *logconf) {\r
789                 auto_ptr_char logpath(logconf);\r
790                 log.debug("loading new logging configuration from (%s), check log destination for status of configuration",logpath.get());\r
791                 XMLToolingConfig::getConfig().log_config(logpath.get());\r
792             }\r
793             \r
794             if (first)\r
795                 m_outer->m_tranLog = new TransactionLog();\r
796         }\r
797         \r
798         // First load any property sets.\r
799         load(e,log,this);\r
800 \r
801         const DOMElement* child;\r
802         string plugtype;\r
803 \r
804         // Much of the processing can only occur on the first instantiation.\r
805         if (first) {\r
806             // Set clock skew.\r
807             pair<bool,unsigned int> skew=getUnsignedInt("clockSkew");\r
808             if (skew.first)\r
809                 xmlConf.clock_skew_secs=skew.second;\r
810 \r
811             // Extensions\r
812             doExtensions(e, "global", log);\r
813             if (conf.isEnabled(SPConfig::OutOfProcess))\r
814                 doExtensions(SHAR, "out of process", log);\r
815 \r
816             if (conf.isEnabled(SPConfig::InProcess))\r
817                 doExtensions(SHIRE, "in process", log);\r
818             \r
819             // Instantiate the ListenerService and SessionCache objects.\r
820             if (conf.isEnabled(SPConfig::Listener)) {\r
821                 child=XMLHelper::getFirstChildElement(SHAR,UnixListener);\r
822                 if (child)\r
823                     plugtype=UNIX_LISTENER_SERVICE;\r
824                 else {\r
825                     child=XMLHelper::getFirstChildElement(SHAR,TCPListener);\r
826                     if (child)\r
827                         plugtype=TCP_LISTENER_SERVICE;\r
828                     else {\r
829                         child=XMLHelper::getFirstChildElement(SHAR,MemoryListener);\r
830                         if (child)\r
831                             plugtype=MEMORY_LISTENER_SERVICE;\r
832                         else {\r
833                             child=XMLHelper::getFirstChildElement(SHAR,Listener);\r
834                             if (child) {\r
835                                 auto_ptr_char type(child->getAttributeNS(NULL,_type));\r
836                                 if (type.get())\r
837                                     plugtype=type.get();\r
838                             }\r
839                         }\r
840                     }\r
841                 }\r
842                 if (child) {\r
843                     log.info("building ListenerService of type %s...", plugtype.c_str());\r
844                     m_outer->m_listener = conf.ListenerServiceManager.newPlugin(plugtype.c_str(),child);\r
845                 }\r
846                 else {\r
847                     log.fatal("can't build ListenerService, missing conf:Listener element?");\r
848                     throw ConfigurationException("Can't build ListenerService, missing conf:Listener element?");\r
849                 }\r
850             }\r
851 \r
852             if (conf.isEnabled(SPConfig::Caching)) {\r
853                 if (conf.isEnabled(SPConfig::OutOfProcess)) {\r
854                     // First build any StorageServices.\r
855                     string inmemID;\r
856                     child=XMLHelper::getFirstChildElement(SHAR,_StorageService);\r
857                     while (child) {\r
858                         auto_ptr_char id(child->getAttributeNS(NULL,_id));\r
859                         auto_ptr_char type(child->getAttributeNS(NULL,_type));\r
860                         try {\r
861                             log.info("building StorageService (%s) of type %s...", id.get(), type.get());\r
862                             m_outer->m_storage[id.get()] = xmlConf.StorageServiceManager.newPlugin(type.get(),child);\r
863                             if (!strcmp(type.get(),MEMORY_STORAGE_SERVICE))\r
864                                 inmemID = id.get();\r
865                         }\r
866                         catch (exception& ex) {\r
867                             log.crit("failed to instantiate StorageService (%s): %s", id.get(), ex.what());\r
868                         }\r
869                         child=XMLHelper::getNextSiblingElement(child,_StorageService);\r
870                     }\r
871                 \r
872                     child=XMLHelper::getFirstChildElement(SHAR,_SessionCache);\r
873                     if (child) {\r
874                         auto_ptr_char type(child->getAttributeNS(NULL,_type));\r
875                         log.info("building SessionCache of type %s...",type.get());\r
876                         m_outer->m_sessionCache=conf.SessionCacheManager.newPlugin(type.get(),child);\r
877                     }\r
878                     else {\r
879                         log.warn("SessionCache unspecified, building SessionCache of type %s...",STORAGESERVICE_SESSION_CACHE);\r
880                         if (inmemID.empty()) {\r
881                             inmemID = "memory";\r
882                             log.info("no StorageServices configured, providing in-memory version for session cache");\r
883                             m_outer->m_storage[inmemID] = xmlConf.StorageServiceManager.newPlugin(MEMORY_STORAGE_SERVICE,NULL);\r
884                         }\r
885                         child = e->getOwnerDocument()->createElementNS(NULL,_SessionCache);\r
886                         auto_ptr_XMLCh ssid(inmemID.c_str());\r
887                         const_cast<DOMElement*>(child)->setAttributeNS(NULL,_StorageService,ssid.get());\r
888                         m_outer->m_sessionCache=conf.SessionCacheManager.newPlugin(STORAGESERVICE_SESSION_CACHE,child);\r
889                     }\r
890 \r
891                     // Replay cache.\r
892                     StorageService* replaySS=NULL;\r
893                     child=XMLHelper::getFirstChildElement(SHAR,_ReplayCache);\r
894                     if (child) {\r
895                         auto_ptr_char ssid(child->getAttributeNS(NULL,_StorageService));\r
896                         if (ssid.get() && *ssid.get()) {\r
897                             if (m_outer->m_storage.count(ssid.get()))\r
898                                 replaySS = m_outer->m_storage[ssid.get()];\r
899                             if (replaySS)\r
900                                 log.info("building ReplayCache on top of StorageService (%s)...", ssid.get());\r
901                             else\r
902                                 log.crit("unable to locate StorageService (%s) in configuration", ssid.get());\r
903                         }\r
904                     }\r
905                     if (!replaySS) {\r
906                         log.info("building ReplayCache using in-memory StorageService...");\r
907                         if (inmemID.empty()) {\r
908                             inmemID = "memory";\r
909                             log.info("no StorageServices configured, providing in-memory version for legacy config");\r
910                             m_outer->m_storage[inmemID] = xmlConf.StorageServiceManager.newPlugin(MEMORY_STORAGE_SERVICE,NULL);\r
911                         }\r
912                         replaySS = m_outer->m_storage[inmemID];\r
913                     }\r
914                     xmlConf.setReplayCache(new ReplayCache(replaySS));\r
915                 }\r
916                 else {\r
917                     log.info("building in-process SessionCache of type %s...",REMOTED_SESSION_CACHE);\r
918                     m_outer->m_sessionCache=conf.SessionCacheManager.newPlugin(REMOTED_SESSION_CACHE,NULL);\r
919                 }\r
920             }\r
921         } // end of first-time-only stuff\r
922         \r
923         // Back to the fully dynamic stuff...next up is the RequestMapper.\r
924         if (conf.isEnabled(SPConfig::RequestMapping)) {\r
925             child=XMLHelper::getFirstChildElement(SHIRE,_RequestMapper);\r
926             if (child) {\r
927                 auto_ptr_char type(child->getAttributeNS(NULL,_type));\r
928                 log.info("building RequestMapper of type %s...",type.get());\r
929                 m_requestMapper=conf.RequestMapperManager.newPlugin(type.get(),child);\r
930             }\r
931         }\r
932         \r
933         // Now we load the credentials map.\r
934         if (conf.isEnabled(SPConfig::Credentials)) {\r
935             child = XMLHelper::getLastChildElement(e,Credentials);\r
936             if (child) {\r
937                 // Step down and process resolvers.\r
938                 child=XMLHelper::getFirstChildElement(child);\r
939                 while (child) {\r
940                     auto_ptr_char id(child->getAttributeNS(NULL,_id));\r
941                     auto_ptr_char type(child->getAttributeNS(NULL,_type));\r
942                     try {\r
943                         CredentialResolver* cr=xmlConf.CredentialResolverManager.newPlugin(type.get(),child);\r
944                         m_credResolverMap[id.get()] = cr;\r
945                     }\r
946                     catch (exception& ex) {\r
947                         log.crit("failed to instantiate CredentialResolver (%s): %s", id.get(), ex.what());\r
948                     }\r
949                     child = XMLHelper::getNextSiblingElement(child);\r
950                 }\r
951             }\r
952         }\r
953 \r
954         // Load security policies.\r
955         child = XMLHelper::getLastChildElement(e,SecurityPolicies);\r
956         if (child) {\r
957             PolicyNodeFilter filter;\r
958             child = XMLHelper::getFirstChildElement(child,Policy);\r
959             while (child) {\r
960                 auto_ptr_char id(child->getAttributeNS(NULL,_id));\r
961                 pair< PropertySet*,vector<const SecurityPolicyRule*> >& rules = m_policyMap[id.get()];\r
962                 rules.first = NULL;\r
963                 auto_ptr<DOMPropertySet> settings(new DOMPropertySet());\r
964                 settings->load(child, log, &filter);\r
965                 rules.first = settings.release();\r
966                 const DOMElement* rule = XMLHelper::getFirstChildElement(child,Rule);\r
967                 while (rule) {\r
968                     auto_ptr_char type(rule->getAttributeNS(NULL,_type));\r
969                     try {\r
970                         rules.second.push_back(samlConf.SecurityPolicyRuleManager.newPlugin(type.get(),rule));\r
971                     }\r
972                     catch (exception& ex) {\r
973                         log.crit("error instantiating policy rule (%s) in policy (%s): %s", type.get(), id.get(), ex.what());\r
974                     }\r
975                     rule = XMLHelper::getNextSiblingElement(rule,Rule);\r
976                 }\r
977                 child = XMLHelper::getNextSiblingElement(child,Policy);\r
978             }\r
979         }\r
980 \r
981         // Load the default application. This actually has a fixed ID of "default". ;-)\r
982         child=XMLHelper::getLastChildElement(e,Applications);\r
983         if (!child) {\r
984             log.fatal("can't build default Application object, missing conf:Applications element?");\r
985             throw ConfigurationException("can't build default Application object, missing conf:Applications element?");\r
986         }\r
987         XMLApplication* defapp=new XMLApplication(m_outer,child);\r
988         m_appmap[defapp->getId()]=defapp;\r
989         \r
990         // Load any overrides.\r
991         child = XMLHelper::getFirstChildElement(child,_Application);\r
992         while (child) {\r
993             auto_ptr<XMLApplication> iapp(new XMLApplication(m_outer,child,defapp));\r
994             if (m_appmap.count(iapp->getId()))\r
995                 log.crit("found conf:Application element with duplicate id attribute (%s), skipping it", iapp->getId());\r
996             else\r
997                 m_appmap[iapp->getId()]=iapp.release();\r
998 \r
999             child = XMLHelper::getNextSiblingElement(child,_Application);\r
1000         }\r
1001     }\r
1002     catch (exception&) {\r
1003         this->~XMLConfigImpl();\r
1004         throw;\r
1005     }\r
1006 #ifndef _DEBUG\r
1007     catch (...) {\r
1008         this->~XMLConfigImpl();\r
1009         throw;\r
1010     }\r
1011 #endif\r
1012 }\r
1013 \r
1014 XMLConfigImpl::~XMLConfigImpl()\r
1015 {\r
1016     for_each(m_appmap.begin(),m_appmap.end(),cleanup_pair<string,Application>());\r
1017     for_each(m_credResolverMap.begin(),m_credResolverMap.end(),cleanup_pair<string,CredentialResolver>());\r
1018     for (map< string,pair<PropertySet*,vector<const SecurityPolicyRule*> > >::iterator i=m_policyMap.begin(); i!=m_policyMap.end(); ++i) {\r
1019         delete i->second.first;\r
1020         for_each(i->second.second.begin(), i->second.second.end(), xmltooling::cleanup<SecurityPolicyRule>());\r
1021     }\r
1022     delete m_requestMapper;\r
1023     if (m_document)\r
1024         m_document->release();\r
1025 }\r
1026 \r
1027 pair<bool,DOMElement*> XMLConfig::load()\r
1028 {\r
1029     // Load from source using base class.\r
1030     pair<bool,DOMElement*> raw = ReloadableXMLFile::load();\r
1031     \r
1032     // If we own it, wrap it.\r
1033     XercesJanitor<DOMDocument> docjanitor(raw.first ? raw.second->getOwnerDocument() : NULL);\r
1034 \r
1035     XMLConfigImpl* impl = new XMLConfigImpl(raw.second,(m_impl==NULL),this);\r
1036     \r
1037     // If we held the document, transfer it to the impl. If we didn't, it's a no-op.\r
1038     impl->setDocument(docjanitor.release());\r
1039 \r
1040     delete m_impl;\r
1041     m_impl = impl;\r
1042 \r
1043     return make_pair(false,(DOMElement*)NULL);\r
1044 }\r
Shibboleth SP