1 /**
2  * Licensed to the University Corporation for Advanced Internet
3  * Development, Inc. (UCAID) under one or more contributor license
4  * agreements. See the NOTICE file distributed with this work for
5  * additional information regarding copyright ownership.
6  *
7  * UCAID licenses this file to you under the Apache License,
8  * Version 2.0 (the "License"); you may not use this file except
9  * in compliance with the License. You may obtain a copy of the
10  * License at
11  *
12  * http://www.apache.org/licenses/LICENSE-2.0
13  *
14  * Unless required by applicable law or agreed to in writing,
15  * software distributed under the License is distributed on an
16  * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND,
17  * either express or implied. See the License for the specific
18  * language governing permissions and limitations under the License.
19  */
20 
21 /**
22  * @file shibsp/SPConfig.h
23  *
24  * Library configuration.
25  */
26 
27 #ifndef __shibsp_config_h__
28 #define __shibsp_config_h__
29 
30 #include <shibsp/base.h>
31 
32 #include <string>
33 #ifndef SHIBSP_LITE
34 # include <shibsp/TransactionLog.h>
35 # include <saml/binding/MessageDecoder.h>
36 # include <saml/binding/MessageEncoder.h>
37 #else
38 # include <xmltooling/logging.h>
39 #endif
40 #include <xmltooling/PluginManager.h>
41 #include <xmltooling/QName.h>
42 #include <xercesc/dom/DOM.hpp>
43 
44 /**
45  * @namespace shibsp
46  * Shibboleth Service Provider Library
47  */
48 namespace shibsp {
49 
50     class SHIBSP_API AccessControl;
51     class SHIBSP_API Handler;
52     class SHIBSP_API ListenerService;
53     class SHIBSP_API RequestMapper;
54     class SHIBSP_API ProtocolProvider;
55     class SHIBSP_API ServiceProvider;
56     class SHIBSP_API SessionCache;
57     class SHIBSP_API SessionInitiator;
58 
59 #ifndef SHIBSP_LITE
60     class SHIBSP_API AttributeDecoder;
61     class SHIBSP_API AttributeExtractor;
62     class SHIBSP_API AttributeFilter;
63     class SHIBSP_API AttributeResolver;
64     class SHIBSP_API FilterPolicyContext;
65     class SHIBSP_API MatchFunctor;
66     class SHIBSP_API SecurityPolicyProvider;
67 #endif
68 
69 #if defined (_MSC_VER)
70     #pragma warning( push )
71     #pragma warning( disable : 4250 4251 )
72 #endif
73 
74     /**
75      * Singleton object that manages library startup/shutdown.
76      */
77     class SHIBSP_API SPConfig
78     {
79         MAKE_NONCOPYABLE(SPConfig);
80     public:
81         SPConfig();
82 
83         virtual ~SPConfig();
84 
85         /**
86          * Returns the global configuration object for the library.
87          *
88          * @return reference to the global library configuration object
89          */
90         static SPConfig& getConfig();
91 
92         /**
93          * Bitmask values representing subsystems of the library.
94          */
95         enum components_t {
96             Listener = 1,
97             Caching = 2,
98 #ifndef SHIBSP_LITE
99             Metadata = 4,
100             Trust = 8,
101             Credentials = 16,
102             AttributeResolution = 32,
103 #endif
104             RequestMapping = 64,
105             OutOfProcess = 128,
106             InProcess = 256,
107             Logging = 512,
108             Handlers = 1024
109         };
110 
111         /**
112          * Set a bitmask of subsystems to activate.
113          *
114          * @param enabled   bitmask of component constants
115          */
116         void setFeatures(unsigned long enabled);
117 
118 
119         /**
120          * Gets the bitmask of subsystems being activated.
121          *
122          * @return bitmask of component constants
123          */
124         unsigned long getFeatures() const;
125 
126         /**
127          * Test whether a subsystem is enabled.
128          *
129          * @param feature   subsystem/component to test
130          * @return true iff feature is enabled
131          */
132         bool isEnabled(components_t feature) const;
133 
134         /**
135          * Initializes library
136          *
137          * Each process using the library MUST call this function exactly once
138          * before using any library classes.
139          *
140          * @param catalog_path  delimited set of schema catalog files to load
141          * @param inst_prefix   installation prefix for software
142          * @return true iff initialization was successful
143          */
144         virtual bool init(const char* catalog_path=nullptr, const char* inst_prefix=nullptr);
145 
146         /**
147          * Shuts down library
148          *
149          * Each process using the library SHOULD call this function exactly once
150          * before terminating itself.
151          */
152         virtual void term();
153 
154         /**
155          * Sets the global ServiceProvider instance.
156          * This method must be externally synchronized with any code that uses the object.
157          * Any previously set object is destroyed.
158          *
159          * @param serviceProvider   new ServiceProvider instance to store
160          */
161         void setServiceProvider(ServiceProvider* serviceProvider);
162 
163         /**
164          * Returns the global ServiceProvider instance.
165          *
166          * @return  global ServiceProvider or nullptr
167          */
168         ServiceProvider* getServiceProvider() const;
169 
170         /**
171          * Instantiates and installs a ServiceProvider instance based on an XML configuration string
172          * or a configuration pathname.
173          *
174          * @param config    a snippet of XML to parse (it <strong>MUST</strong> contain a type attribute) or a pathname
175          * @param rethrow   true iff caught exceptions should be rethrown instead of just returning the status
176          * @return true iff instantiation was successful
177          */
178         virtual bool instantiate(const char* config=nullptr, bool rethrow=false);
179 
180 #ifndef SHIBSP_LITE
181         /**
182          * Sets the global ArtifactResolver instance.
183          *
184          * <p>This method must be externally synchronized with any code that uses the object.
185          * Any previously set object is destroyed.
186          *
187          * @param artifactResolver   new ArtifactResolver instance to store
188          */
189         void setArtifactResolver(opensaml::MessageDecoder::ArtifactResolver* artifactResolver);
190 
191         /**
192          * Returns the global ArtifactResolver instance.
193          *
194          * @return  global ArtifactResolver or nullptr
195          */
196         const opensaml::MessageDecoder::ArtifactResolver* getArtifactResolver() const;
197 #endif
198 
199         /**
200           * Separator for serialized values of multi-valued attributes.
201           *
202           * <p>This is deprecated, and was never actually read within the code.</p>
203           *
204           * @deprecated
205           */
206         char attribute_value_delimeter;
207 
208         /**
209          * Manages factories for AccessControl plugins.
210          */
211         xmltooling::PluginManager<AccessControl,std::string,const xercesc::DOMElement*> AccessControlManager;
212 
213 #ifndef SHIBSP_LITE
214         /**
215          * Manages factories for AttributeDecoder plugins.
216          */
217         xmltooling::PluginManager<AttributeDecoder,xmltooling::QName,const xercesc::DOMElement*> AttributeDecoderManager;
218 
219         /**
220          * Manages factories for AttributeExtractor plugins.
221          */
222         xmltooling::PluginManager<AttributeExtractor,std::string,const xercesc::DOMElement*> AttributeExtractorManager;
223 
224         /**
225          * Manages factories for AttributeFilter plugins.
226          */
227         xmltooling::PluginManager<AttributeFilter,std::string,const xercesc::DOMElement*> AttributeFilterManager;
228 
229         /**
230          * Manages factories for AttributeResolver plugins.
231          */
232         xmltooling::PluginManager<AttributeResolver,std::string,const xercesc::DOMElement*> AttributeResolverManager;
233 
234         /**
235          * Manages factories for Event plugins.
236          */
237         xmltooling::PluginManager<TransactionLog::Event,std::string,void*> EventManager;
238 
239         /**
240          * Manages factories for MatchFunctor plugins.
241          */
242         xmltooling::PluginManager< MatchFunctor,xmltooling::QName,std::pair<const FilterPolicyContext*,const xercesc::DOMElement*> > MatchFunctorManager;
243 
244         /**
245          * Manages factories for SecurityPolicyProvider plugins.
246          */
247         xmltooling::PluginManager<SecurityPolicyProvider,std::string,const xercesc::DOMElement*> SecurityPolicyProviderManager;
248 #endif
249 
250         /**
251          * Manages factories for Handler plugins that implement ArtifactResolutionService functionality.
252          */
253         xmltooling::PluginManager< Handler,std::string,std::pair<const xercesc::DOMElement*,const char*> > ArtifactResolutionServiceManager;
254 
255         /**
256          * Manages factories for Handler plugins that implement AssertionConsumerService functionality.
257          */
258         xmltooling::PluginManager< Handler,std::string,std::pair<const xercesc::DOMElement*,const char*> > AssertionConsumerServiceManager;
259 
260         /**
261          * Manages factories for Handler plugins that implement customized functionality.
262          */
263         xmltooling::PluginManager< Handler,std::string,std::pair<const xercesc::DOMElement*,const char*> > HandlerManager;
264 
265         /**
266          * Manages factories for ListenerService plugins.
267          */
268         xmltooling::PluginManager<ListenerService,std::string,const xercesc::DOMElement*> ListenerServiceManager;
269 
270         /**
271          * Manages factories for Handler plugins that implement LogoutInitiator functionality.
272          */
273         xmltooling::PluginManager< Handler,std::string,std::pair<const xercesc::DOMElement*,const char*> > LogoutInitiatorManager;
274 
275         /**
276          * Manages factories for Handler plugins that implement ManageNameIDService functionality.
277          */
278         xmltooling::PluginManager< Handler,std::string,std::pair<const xercesc::DOMElement*,const char*> > ManageNameIDServiceManager;
279 
280         /**
281          * Manages factories for ProtocolProvider plugins.
282          */
283         xmltooling::PluginManager<ProtocolProvider,std::string,const xercesc::DOMElement*> ProtocolProviderManager;
284 
285         /**
286          * Manages factories for RequestMapper plugins.
287          */
288         xmltooling::PluginManager<RequestMapper,std::string,const xercesc::DOMElement*> RequestMapperManager;
289 
290         /**
291          * Manages factories for ServiceProvider plugins.
292          */
293         xmltooling::PluginManager<ServiceProvider,std::string,const xercesc::DOMElement*> ServiceProviderManager;
294 
295         /**
296          * Manages factories for SessionCache plugins.
297          */
298         xmltooling::PluginManager<SessionCache,std::string,const xercesc::DOMElement*> SessionCacheManager;
299 
300         /**
301          * Manages factories for Handler plugins that implement SessionInitiator functionality.
302          */
303         xmltooling::PluginManager< SessionInitiator,std::string,std::pair<const xercesc::DOMElement*,const char*> > SessionInitiatorManager;
304 
305         /**
306          * Manages factories for Handler plugins that implement SingleLogoutService functionality.
307          */
308         xmltooling::PluginManager< Handler,std::string,std::pair<const xercesc::DOMElement*,const char*> > SingleLogoutServiceManager;
309 
310 #ifndef SHIBSP_LITE
311         /**
312         * Determine whether messages should be digitally signed or encrypted based on the setting and endpoint.
313         *
314         * @param setting the applicable "signing" or "encryption" property in effect
315         * @param isUserAgentPresent true iff the user agent is mediating the exchange
316         * @param URL of endpoint to receive message
317         * @return whether requests should be digitally signed or encrypted
318         */
319         static bool shouldSignOrEncrypt(const char* setting, const char* endpoint, bool isUserAgentPresent);
320 #endif
321 
322         /**
323          * Helper for deprecation warnings about an at-risk feature or setting.
324          */
325         xmltooling::logging::Category& deprecation() const;
326 
327     protected:
328         /** Global ServiceProvider instance. */
329         ServiceProvider* m_serviceProvider;
330 
331 #ifndef SHIBSP_LITE
332         /** Global ArtifactResolver instance. */
333         opensaml::MessageDecoder::ArtifactResolver* m_artifactResolver;
334 #endif
335 
336     private:
337         unsigned long m_features;
338         xercesc::DOMDocument* m_configDoc;
339     };
340 
341 #if defined (_MSC_VER)
342     #pragma warning( pop )
343 #endif
344 
345 };
346 
347 #endif /* __shibsp_config_h__ */
348