/*
- * Copyright 2001-2007 Internet2
+ * Copyright 2001-2010 Internet2
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
#include "Application.h"
#include "exceptions.h"
#include "ServiceProvider.h"
+#include "SPRequest.h"
#include "handler/AbstractHandler.h"
#include "handler/RemotedHandler.h"
#ifndef SHIBSP_LITE
# include "metadata/MetadataProviderCriteria.h"
+# include <saml/exceptions.h>
+# include <saml/SAMLConfig.h>
+# include <saml/signature/ContentReference.h>
+# include <saml/saml2/metadata/Metadata.h>
+# include <saml/saml2/metadata/MetadataProvider.h>
+# include <xmltooling/XMLToolingConfig.h>
+# include <xmltooling/security/Credential.h>
+# include <xmltooling/security/CredentialCriteria.h>
+# include <xmltooling/security/SecurityHelper.h>
+# include <xmltooling/signature/Signature.h>
+# include <xmltooling/util/ParserPool.h>
# include <xmltooling/util/PathResolver.h>
+# include <xercesc/framework/LocalFileInputSource.hpp>
+# include <xercesc/framework/Wrapper4InputSource.hpp>
#endif
-#include <xercesc/framework/LocalFileInputSource.hpp>
-#include <xercesc/framework/Wrapper4InputSource.hpp>
using namespace shibsp;
#ifndef SHIBSP_LITE
set<string> m_acl;
#ifndef SHIBSP_LITE
+ string m_salt;
short m_http,m_https;
vector<string> m_bases;
#endif
#ifndef SHIBSP_LITE
static XMLCh EndpointBase[] = UNICODE_LITERAL_12(E,n,d,p,o,i,n,t,B,a,s,e);
+ pair<bool,const char*> salt = getString("salt");
+ if (salt.first)
+ m_salt = salt.second;
+
pair<bool,bool> flag = getBool("http");
if (flag.first)
m_http = flag.second ? 1 : -1;
// Find application.
const char* aid=in["application_id"].string();
const char* hurl=in["handler_url"].string();
- const Application* app=aid ? SPConfig::getConfig().getServiceProvider()->getApplication(aid) : NULL;
+ const Application* app=aid ? SPConfig::getConfig().getServiceProvider()->getApplication(aid) : nullptr;
if (!app) {
// Something's horribly wrong.
m_log.error("couldn't find application (%s) for metadata request", aid ? aid : "(missing)");
}
// Wrap a response shim.
- DDF ret(NULL);
+ DDF ret(nullptr);
DDFJanitor jout(ret);
auto_ptr<HTTPResponse> resp(getResponse(ret));
#ifndef SHIBSP_LITE
m_log.debug("processing metadata request");
- const PropertySet* relyingParty=NULL;
+ const PropertySet* relyingParty=nullptr;
if (entityID) {
MetadataProvider* m=application.getMetadataProvider();
Locker locker(m);
entity = EntityDescriptorBuilder::buildEntityDescriptor();
}
+ if (!entity->getID()) {
+ string hashinput = m_salt + relyingParty->getString("entityID").second;
+ string hashed = '_' + SecurityHelper::doHash("SHA1", hashinput.c_str(), hashinput.length());
+ auto_ptr_XMLCh widenit(hashed.c_str());
+ entity->setID(widenit.get());
+ }
+
auto_ptr<EntityDescriptor> wrapper(entity);
pair<bool,unsigned int> cache = getUnsignedInt("cacheDuration");
if (cache.first) {
entity->setCacheDuration(cache.second);
}
- else {
- cache = getUnsignedInt("validUntil");
- if (cache.first)
- entity->setValidUntil(time(NULL) + cache.second);
- }
+ cache = getUnsignedInt("validUntil");
+ if (cache.first)
+ entity->setValidUntil(time(nullptr) + cache.second);
entity->setEntityID(relyingParty->getXMLString("entityID").second);
SPSSODescriptor* role;
prop = relyingParty->getString("keyName");
if (prop.first)
cc.getKeyNames().insert(prop.second);
+ vector<const Credential*> signingcreds,enccreds;
cc.setUsage(Credential::SIGNING_CREDENTIAL);
- vector<const Credential*> creds;
- credResolver->resolve(creds,&cc);
- for (vector<const Credential*>::const_iterator c = creds.begin(); c != creds.end(); ++c) {
+ credResolver->resolve(signingcreds, &cc);
+ cc.setUsage(Credential::ENCRYPTION_CREDENTIAL);
+ credResolver->resolve(enccreds, &cc);
+
+ for (vector<const Credential*>::const_iterator c = signingcreds.begin(); c != signingcreds.end(); ++c) {
KeyInfo* kinfo = (*c)->getKeyInfo();
if (kinfo) {
KeyDescriptor* kd = KeyDescriptorBuilder::buildKeyDescriptor();
- kd->setUse(KeyDescriptor::KEYTYPE_SIGNING);
kd->setKeyInfo(kinfo);
+ const XMLCh* use = KeyDescriptor::KEYTYPE_SIGNING;
+ for (vector<const Credential*>::iterator match = enccreds.begin(); match != enccreds.end(); ++match) {
+ if (*match == *c) {
+ use = nullptr;
+ enccreds.erase(match);
+ break;
+ }
+ }
+ kd->setUse(use);
role->getKeyDescriptors().push_back(kd);
}
}
- cc.setUsage(Credential::ENCRYPTION_CREDENTIAL);
- creds.clear();
- credResolver->resolve(creds,&cc);
- for (vector<const Credential*>::const_iterator c = creds.begin(); c != creds.end(); ++c) {
+ for (vector<const Credential*>::const_iterator c = enccreds.begin(); c != enccreds.end(); ++c) {
KeyInfo* kinfo = (*c)->getKeyInfo();
if (kinfo) {
KeyDescriptor* kd = KeyDescriptorBuilder::buildKeyDescriptor();
projects / shibboleth / sp.git / blobdiff