<listOptionValue builtIn="false" value="XMLTOOL_DLLLOCAL"/>\r
<listOptionValue builtIn="false" value="XMLTOOLING_LOGCAT="XMLTooling""/>\r
</option>\r
+<option id="org.eclipse.linuxtools.cdt.autotools.option.configure.includes.959417153" name="includes" superClass="org.eclipse.linuxtools.cdt.autotools.option.configure.includes" valueType="includePath">\r
+<listOptionValue builtIn="false" value=""C:\openssl-0.9.8k\inc32""/>\r
+<listOptionValue builtIn="false" value=""C:\curl-7.19.6\include""/>\r
+<listOptionValue builtIn="false" value=""C:\log4shib-1.0.3\include""/>\r
+<listOptionValue builtIn="false" value=""C:\xerces-c-3.0.1-x86-windows-vc-9.0\include""/>\r
+<listOptionValue builtIn="false" value=""C:\xml-security-c-1.5.1\include""/>\r
+<listOptionValue builtIn="false" value=""C:\Program Files\Microsoft Visual Studio 9.0\VC\include""/>\r
+</option>\r
<inputType id="org.eclipse.linuxtools.cdt.autotools.inputType.configure.387715961" superClass="org.eclipse.linuxtools.cdt.autotools.inputType.configure"/>\r
<inputType id="org.eclipse.linuxtools.cdt.autotools.inputType.configure1.2086982536" superClass="org.eclipse.linuxtools.cdt.autotools.inputType.configure1"/>\r
</tool>\r
#define PACKAGE_NAME "xmltooling"
/* Define to the full name and version of this package. */
-#define PACKAGE_STRING "xmltooling 1.3"
+#define PACKAGE_STRING "xmltooling 1.3.3"
/* Define to the one symbol short name of this package. */
#define PACKAGE_TARNAME "xmltooling"
/* Define to the version of this package. */
-#define PACKAGE_VERSION "1.3"
+#define PACKAGE_VERSION "1.3.3"
/* Define to the necessary symbol if this constant uses a non-standard name on
your system. */
/* #undef TM_IN_SYS_TIME */
/* Version number of package */
-#define VERSION "1.3"
+#define VERSION "1.3.3"
/* Define if you wish to disable XML-Security-dependent features. */
/* #undef XMLTOOLING_NO_XMLSEC */
AC_PREREQ([2.50])
-AC_INIT([xmltooling], [1.3], [mace-opensaml-users@internet2.edu], [xmltooling])
+AC_INIT([xmltooling], [1.3.3], [mace-opensaml-users@internet2.edu], [xmltooling])
AM_CONFIG_HEADER(config.h)
AM_CONFIG_HEADER(xmltooling/config_pub.h)
-AM_INIT_AUTOMAKE([xmltooling], [1.3])
+AM_INIT_AUTOMAKE([xmltooling], [1.3.3])
sinclude(doxygen.m4)
sinclude(acx_pthread.m4)
-VERSION 1.3
+VERSION 1.3.3
-Issues addressed by this release:
----------------------------------
-https://bugs.internet2.edu/jira/browse/CPPXT/fixforversion/10253
+Change Log:
+-----------
+https://bugs.internet2.edu/jira/browse/CPPXT
Documentation:
--------------
void XMLObject::releaseThisandParentDOM() const
{
- if (getDOM()) {
- releaseDOM();
- releaseParentDOM(true);
- }
+ releaseDOM();
+ releaseParentDOM(true);
}
void XMLObject::releaseThisAndChildrenDOM() const
{
- if (getDOM()) {
- releaseChildrenDOM(true);
- releaseDOM();
- }
+ releaseChildrenDOM(true);
+ releaseDOM();
}
AbstractXMLObject::AbstractXMLObject(const XMLCh* nsURI, const XMLCh* localName, const XMLCh* prefix, const QName* schemaType)
{
delete oldValue;
releaseThisandParentDOM();
+ if (!newValue || !*newValue)
+ return NULL;
DateTime* ret = new DateTime(newValue);
if (duration)
ret->parseDuration();
libxmltooling_lite_la_SOURCES = \
${common_sources}
libxmltooling_lite_la_CPPFLAGS = -DXMLTOOLING_LITE
-libxmltooling_lite_la_LDFLAGS = -version-info 4:0:0
+libxmltooling_lite_la_LDFLAGS = -version-info 4:3:0
if BUILD_XMLSEC
-libxmltooling_la_LDFLAGS = $(XMLSEC_LIBS) -version-info 4:0:0
+libxmltooling_la_LDFLAGS = $(XMLSEC_LIBS) -version-info 4:3:0
libxmltooling_la_SOURCES = \
${common_sources} \
${xmlsec_sources}
#include "encryption/Encryption.h"
#include "encryption/Encrypter.h"
#include "impl/UnknownElement.h"
+#include "io/HTTPResponse.h"
#include "security/TrustEngine.h"
#include "security/OpenSSLCryptoX509CRL.h"
#include "security/CredentialResolver.h"
# include <log4cpp/OstreamAppender.hh>
#endif
#include <xercesc/util/PlatformUtils.hpp>
+#include <xercesc/util/XMLUniDefs.hpp>
#ifndef XMLTOOLING_NO_XMLSEC
# include <curl/curl.h>
# include <openssl/err.h>
m_pathResolver = new PathResolver();
m_urlEncoder = new URLEncoder();
+ HTTPResponse::getAllowedSchemes().push_back("https");
+ HTTPResponse::getAllowedSchemes().push_back("http");
+
// Register xml:id as an ID attribute.
static const XMLCh xmlid[] = UNICODE_LITERAL_2(i,d);
AttributeExtensibleXMLObject::registerIDAttribute(QName(xmlconstants::XML_NS, xmlid));
#include <xmltooling/exceptions.h>
class XENCCipher;
+class XSECCryptoKey;
namespace xmltooling {
class XMLTOOL_API CredentialCriteria;
#include "HTTPResponse.h"
using namespace xmltooling;
-using std::istream;
+using namespace std;
GenericResponse::GenericResponse()
{
{
}
+vector<string> HTTPResponse::m_allowedSchemes;
+
+vector<string>& HTTPResponse::getAllowedSchemes()
+{
+ return m_allowedSchemes;
+}
+
+void HTTPResponse::sanitizeURL(const char* url)
+{
+ const char* ch;
+ for (ch=url; *ch; ++ch) {
+ if (iscntrl(*ch))
+ throw IOException("URL contained a control character.");
+ }
+
+ ch = strchr(url, ':');
+ if (!ch)
+ throw IOException("URL is malformed.");
+ string s(url, ch - url);
+ for (vector<string>::const_iterator i = m_allowedSchemes.begin(); i != m_allowedSchemes.end(); ++i) {
+#ifdef HAVE_STRCASECMP
+ if (!strcasecmp(s.c_str(), i->c_str()))
+#else
+ if (!stricmp(s.c_str(), i->c_str()))
+#endif
+ return;
+ }
+
+ throw IOException("URL contains invalid scheme ($1).", params(1, s.c_str()));
+}
+
HTTPResponse::HTTPResponse()
{
}
void HTTPResponse::setCookie(const char* name, const char* value)
{
- std::string cookie(name);
+ string cookie(name);
cookie = cookie + '=' + value;
setResponseHeader("Set-Cookie", cookie.c_str());
}
+void HTTPResponse::setResponseHeader(const char* name, const char* value)
+{
+ for (const char* ch=name; *ch; ++ch) {
+ if (iscntrl(*ch))
+ throw IOException("Response header name contained a control character.");
+ }
+
+ for (const char* ch=value; *ch; ++ch) {
+ if (iscntrl(*ch))
+ throw IOException("Value for response header ($1) contained a control character.", params(1,name));
+ }
+}
+
+long HTTPResponse::sendRedirect(const char* url)
+{
+ sanitizeURL(url);
+ return XMLTOOLING_HTTP_STATUS_MOVED;
+}
+
long HTTPResponse::sendError(istream& inputStream)
{
return sendResponse(inputStream, XMLTOOLING_HTTP_STATUS_ERROR);
#include <xmltooling/io/GenericResponse.h>
+#include <string>
+#include <vector>
+
namespace xmltooling {
-
+
+#if defined (_MSC_VER)
+ #pragma warning( push )
+ #pragma warning( disable : 4251 )
+#endif
+
/**
* Interface to HTTP response.
*
* @param name header name
* @param value value to set, or NULL to clear
*/
- virtual void setResponseHeader(const char* name, const char* value)=0;
+ virtual void setResponseHeader(const char* name, const char* value);
/**
* Sets a client cookie.
/**
* Redirect the client to the specified URL and complete the response.
- * Any headers previously set will be sent ahead of the redirect.
*
+ * <p>Any headers previously set will be sent ahead of the redirect.
+ *
+ * <p>The URL will be validated with the sanitizeURL method below.
+ *
* @param url location to redirect client
* @return a result code to return from the calling MessageEncoder
*/
- virtual long sendRedirect(const char* url)=0;
+ virtual long sendRedirect(const char* url);
/** Some common HTTP status codes. */
enum status_t {
using GenericResponse::sendResponse;
long sendResponse(std::istream& inputStream);
+
+ /**
+ * Returns a modifiable array of schemes to permit in sanitized URLs.
+ *
+ * <p>Updates to this array must be externally synchronized with any use
+ * of this class or its subclasses.
+ *
+ * @return a mutable array of strings containing the schemes to permit
+ */
+ static std::vector<std::string>& getAllowedSchemes();
+
+ /**
+ * Manually check for unsafe URLs vulnerable to injection attacks.
+ *
+ * @param url location to check
+ */
+ static void sanitizeURL(const char* url);
+
+ private:
+ static std::vector<std::string> m_allowedSchemes;
};
+
+#if defined (_MSC_VER)
+ #pragma warning( pop )
+#endif
};
#endif /* __xmltooling_httpres_h__ */
using xmlsignature::KeyInfo;
using xmlsignature::Signature;
+using namespace xmltooling::logging;
using namespace xmltooling;
using namespace std;
bool CredentialCriteria::matches(const Credential& credential) const
{
+ Category& log = Category::getInstance(XMLTOOLING_LOGCAT".CredentialCriteria");
+
// Usage check, if specified and we have one, compare masks.
if (getUsage() != Credential::UNSPECIFIED_CREDENTIAL) {
if (credential.getUsage() != Credential::UNSPECIFIED_CREDENTIAL)
- if ((getUsage() & credential.getUsage()) == 0)
+ if ((getUsage() & credential.getUsage()) == 0) {
+ if (log.isDebugEnabled())
+ log.debug("usage didn't match (%u != %u)", getUsage(), credential.getUsage());
return false;
+ }
}
// Algorithm check, if specified and we have one.
const char* alg = getKeyAlgorithm();
if (alg && *alg) {
const char* alg2 = credential.getAlgorithm();
- if (alg2 && *alg2)
- if (strcmp(alg,alg2))
+ if (alg2 && *alg2) {
+ if (strcmp(alg,alg2)) {
+ if (log.isDebugEnabled())
+ log.debug("key algorithm didn't match ('%s' != '%s')", getKeyAlgorithm(), credential.getAlgorithm());
return false;
+ }
+ }
}
// KeySize check, if specified and we have one.
- if (credential.getKeySize()>0 && getKeySize()>0 && credential.getKeySize() != getKeySize())
+ if (credential.getKeySize()>0 && getKeySize()>0 && credential.getKeySize() != getKeySize()) {
+ if (log.isDebugEnabled())
+ log.debug("key size didn't match (%u != %u)", getKeySize(), credential.getKeySize());
return false;
+ }
// See if we can test key names.
set<string> critnames = getKeyNames();
break;
}
}
- if (!found)
+ if (!found) {
+ log.debug("credential name(s) didn't overlap");
return false;
+ }
}
// See if we have to match a specific key.
if (!key2)
return true; // no key here, so we can't test it
- return SecurityHelper::matches(*key1, *key2);
+ if (SecurityHelper::matches(*key1, *key2))
+ return true;
+
+ log.debug("keys didn't match");
+ return false;
}
class XMLTOOL_DLLLOCAL FilesystemCredential;
class XMLTOOL_DLLLOCAL FilesystemCredentialResolver : public CredentialResolver
{
- friend class XMLTOOL_DLLLOCAL FilesystemCredential;
public:
FilesystemCredentialResolver(const DOMElement* e);
virtual ~FilesystemCredentialResolver();
Credential* m_credential;
string m_keypass,m_certpass;
unsigned int m_keyinfomask,m_usage;
+ bool m_extractNames;
vector<string> m_keynames;
ManagedKey m_key;
vector<ManagedCert> m_certs;
vector<ManagedCRL> m_crls;
+
+ friend class XMLTOOL_DLLLOCAL FilesystemCredential;
};
#if defined (_MSC_VER)
{
public:
FilesystemCredential(
- FilesystemCredentialResolver* resolver, XSECCryptoKey* key, const vector<XSECCryptoX509*>& xseccerts, const vector<XSECCryptoX509CRL*>& crls
+ FilesystemCredentialResolver* resolver,
+ XSECCryptoKey* key,
+ const vector<XSECCryptoX509*>& xseccerts,
+ const vector<XSECCryptoX509CRL*>& crls
) : BasicX509Credential(key ? key : (xseccerts.empty() ? NULL : xseccerts.front()->clonePublicKey()), xseccerts, crls), m_resolver(resolver) {
- extract();
+ if (m_resolver->m_extractNames)
+ extract();
m_keyNames.insert(m_resolver->m_keynames.begin(), m_resolver->m_keynames.end());
}
static const XMLCh Certificate[] = UNICODE_LITERAL_11(C,e,r,t,i,f,i,c,a,t,e);
static const XMLCh _certificate[] = UNICODE_LITERAL_11(c,e,r,t,i,f,i,c,a,t,e);
static const XMLCh CRL[] = UNICODE_LITERAL_3(C,R,L);
+ static const XMLCh extractNames[] = UNICODE_LITERAL_12(e,x,t,r,a,c,t,N,a,m,e,s);
static const XMLCh _format[] = UNICODE_LITERAL_6(f,o,r,m,a,t);
static const XMLCh Key[] = UNICODE_LITERAL_3(K,e,y);
static const XMLCh _key[] = UNICODE_LITERAL_3(k,e,y);
};
FilesystemCredentialResolver::FilesystemCredentialResolver(const DOMElement* e)
- : m_lock(NULL), m_credential(NULL), m_usage(Credential::UNSPECIFIED_CREDENTIAL)
+ : m_lock(NULL), m_credential(NULL), m_usage(Credential::UNSPECIFIED_CREDENTIAL), m_extractNames(true)
{
#ifdef _DEBUG
NDC ndc("FilesystemCredentialResolver");
path = e->getOwnerDocument()->createElementNS(NULL,Path);
child->appendChild(path);
path->appendChild(e->getOwnerDocument()->createTextNode(e->getAttributeNS(NULL,_certificate)));
+ if (e->hasAttributeNS(NULL, extractNames))
+ child->setAttributeNS(NULL, extractNames, e->getAttributeNS(NULL, extractNames));
}
e = dummy; // reset "root" to the dummy config element
}
const XMLCh* prop;
const DOMElement* root = e;
- // Save off usage flags.
+ // Save off usage bits.
const XMLCh* usage = root->getAttributeNS(NULL,_use);
if (usage && *usage) {
auto_ptr_char u(usage);
const XMLCh* certformat = certnode->getAttributeNS(NULL,_format);
+ const XMLCh* extractFlag = certnode->getAttributeNS(NULL, extractNames);
+ if (extractFlag && (*extractFlag == chLatin_f || *extractFlag == chDigit_0))
+ m_extractNames = false;
+
e = XMLHelper::getFirstChildElement(certnode);
while (e) {
if (e->hasChildNodes() && (XMLString::equals(e->getLocalName(), Path) || XMLString::equals(e->getLocalName(), CAPath))) {
* Encapsulates OpenSSL-capable SOAP transport layer.
*/
-#ifndef __xmltooling_opensslsoaptrans_h__
+#if !defined(__xmltooling_opensslsoaptrans_h__) && !defined(XMLTOOLING_NO_XMLSEC)
#define __xmltooling_opensslsoaptrans_h__
#include <xmltooling/soap/SOAPTransport.h>
g_CURLPool = NULL;
}
-SOAPTransport::SOAPTransport()
-{
-}
-
-SOAPTransport::~SOAPTransport()
-{
-}
-
-bool SOAPTransport::setProviderOption(const char* provider, const char* option, const char* value)
-{
- return false;
-}
-
-HTTPSOAPTransport::HTTPSOAPTransport()
-{
-}
-
-HTTPSOAPTransport::~HTTPSOAPTransport()
-{
-}
-
OpenSSLSOAPTransport::OpenSSLSOAPTransport()
{
}
#include "internal.h"
#include "exceptions.h"
#include "logging.h"
+#include "soap/HTTPSOAPTransport.h"
#include "soap/SOAP.h"
#include "soap/SOAPClient.h"
#include "util/XMLHelper.h"
using namespace xercesc;
using namespace std;
+SOAPTransport::SOAPTransport()
+{
+}
+
+SOAPTransport::~SOAPTransport()
+{
+}
+
+bool SOAPTransport::setProviderOption(const char* provider, const char* option, const char* value)
+{
+ return false;
+}
+
+HTTPSOAPTransport::HTTPSOAPTransport()
+{
+}
+
+HTTPSOAPTransport::~HTTPSOAPTransport()
+{
+}
+
SOAPClient::SOAPClient(bool validate) : m_validate(validate), m_transport(NULL)
{
}
/*
- * Copyright 2001-2007 Internet2
+ * Copyright 2001-2009 Internet2
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
#define XMLTOOLING_VERSION_MAJOR 1
#define XMLTOOLING_VERSION_MINOR 3
-#define XMLTOOLING_VERSION_REVISION 0
+#define XMLTOOLING_VERSION_REVISION 3
/** DO NOT MODIFY BELOW THIS LINE */
>\r
</File>\r
<File\r
- RelativePath=".\soap\OpenSSLSOAPTransport.h"\r
- >\r
- </File>\r
- <File\r
RelativePath=".\soap\SOAP.h"\r
>\r
</File>\r
//\r
\r
VS_VERSION_INFO VERSIONINFO\r
- FILEVERSION 1,3,0,0\r
- PRODUCTVERSION 2,2,1,0\r
+ FILEVERSION 1,3,3,0\r
+ PRODUCTVERSION 2,3,0,0\r
FILEFLAGSMASK 0x3fL\r
#ifdef _DEBUG\r
FILEFLAGS 0x1L\r
#else\r
VALUE "FileDescription", "OpenSAML XMLTooling Library\0"\r
#endif\r
- VALUE "FileVersion", "1, 3, 0, 0\0"\r
+ VALUE "FileVersion", "1, 3, 3, 0\0"\r
#ifdef XMLTOOLING_LITE\r
#ifdef _DEBUG\r
VALUE "InternalName", "xmltooling-lite1_3D\0"\r
#endif\r
#endif\r
VALUE "PrivateBuild", "\0"\r
- VALUE "ProductName", "OpenSAML 2.2.1\0"\r
- VALUE "ProductVersion", "2, 2, 1, 0\0"\r
+ VALUE "ProductName", "OpenSAML 2.3\0"\r
+ VALUE "ProductVersion", "2, 3, 0, 0\0"\r
VALUE "SpecialBuild", "\0"\r
END\r
END\r