1 /** 2 * Licensed to the University Corporation for Advanced Internet 3 * Development, Inc. (UCAID) under one or more contributor license 4 * agreements. See the NOTICE file distributed with this work for 5 * additional information regarding copyright ownership. 6 * 7 * UCAID licenses this file to you under the Apache License, 8 * Version 2.0 (the "License"); you may not use this file except 9 * in compliance with the License. You may obtain a copy of the 10 * License at 11 * 12 * http://www.apache.org/licenses/LICENSE-2.0 13 * 14 * Unless required by applicable law or agreed to in writing, 15 * software distributed under the License is distributed on an 16 * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, 17 * either express or implied. See the License for the specific 18 * language governing permissions and limitations under the License. 19 */ 20 21 /** 22 * @file shibsp/TransactionLog.h 23 * 24 * Formatted event record logging. 25 */ 26 27 #if !defined (__shibsp_txlog_h__) 28 #define __shibsp_txlog_h__ 29 30 #ifndef SHIBSP_LITE 31 32 #include <shibsp/base.h> 33 #include <xmltooling/logging.h> 34 #include <xmltooling/Lockable.h> 35 #include <xmltooling/io/GenericRequest.h> 36 37 #include <map> 38 #include <vector> 39 #include <iostream> 40 #include <boost/scoped_ptr.hpp> 41 42 namespace xmltooling { 43 class XMLTOOL_API Mutex; 44 }; 45 46 namespace opensaml { 47 namespace saml1 { 48 class SAML_API AuthenticationStatement; 49 }; 50 51 namespace saml1p { 52 class SAML_API Response; 53 }; 54 55 namespace saml2 { 56 class SAML_API AuthnStatement; 57 class SAML_API NameID; 58 }; 59 60 namespace saml2p { 61 class SAML_API AuthnRequest; 62 class SAML_API LogoutRequest; 63 class SAML_API LogoutResponse; 64 class SAML_API StatusResponseType; 65 }; 66 67 namespace saml2md { 68 class SAML_API EntityDescriptor; 69 }; 70 }; 71 72 namespace shibsp { 73 class SHIBSP_API Application; 74 class SHIBSP_API Attribute; 75 class SHIBSP_API Session; 76 77 /** 78 * Interface to a synchronized event/audit logging object. 79 */ 80 class SHIBSP_API TransactionLog : public virtual xmltooling::Lockable 81 { 82 MAKE_NONCOPYABLE(TransactionLog); 83 public: 84 /** 85 * Constructor. 86 * 87 * @param fmt formatting string for events 88 * @param absent string to output when a field is empty 89 */ 90 TransactionLog(const char* fmt=nullptr, const char* absent=nullptr); 91 92 virtual ~TransactionLog(); 93 94 xmltooling::Lockable* lock(); 95 void unlock(); 96 97 /** 98 * Callback interface that outputs an event record to a stream using formatting tokens. 99 */ 100 class SHIBSP_API Event { 101 MAKE_NONCOPYABLE(Event); 102 protected: 103 /** Function that handles a formatting token. */ 104 typedef bool (*handler_fn)(const Event& e, std::ostream&); 105 106 /** Map of tokens to handlers. */ 107 std::map<std::string, handler_fn> m_handlers; 108 109 /** 110 * Constructor. 111 */ 112 Event(); 113 114 public: 115 virtual ~Event(); 116 117 /** 118 * Returns a type string to be used for the log category in the event log. 119 * 120 * @return type or category for the event 121 */ 122 virtual const char* getType() const=0; 123 124 /** Exception */ 125 const std::exception* m_exception; 126 127 /** Request object associated with event. */ 128 const xmltooling::GenericRequest* m_request; 129 130 /** Application object associated with event. */ 131 const Application* m_app; 132 133 /** Session identifier. */ 134 const char* m_sessionID; 135 136 /** Peer entity associated with event. */ 137 const opensaml::saml2md::EntityDescriptor* m_peer; 138 139 /** Protocol associated with event. */ 140 const char* m_protocol; 141 142 /** Protocol binding associated with event. */ 143 const char* m_binding; 144 145 /** SAML 2.0 NameID. */ 146 const opensaml::saml2::NameID* m_nameID; 147 148 /** 149 * Outputs an event record to a stream based on the defined formatting string. 150 * 151 * @param out stream to use 152 * @param field field to output 153 * @param absent string to output if the field is empty 154 * @return true iff the field was recognized and substituted 155 */ 156 virtual bool write(std::ostream& out, const char* field, const char* absent) const; 157 }; 158 159 /** 160 * Write a formatted event record to the log. 161 * <p>This method is internally synchronized and the caller does <strong>NOT</strong> 162 * need to explicitly lock and unlock the object. 163 * 164 * @param e event to log 165 */ 166 virtual void write(const Event& e); 167 168 private: 169 xmltooling::logging::Category& m_log; 170 boost::scoped_ptr<xmltooling::Mutex> m_lock; 171 std::string m_absent; 172 std::vector<std::string> m_formatting; 173 }; 174 175 class SHIBSP_API LoginEvent : public TransactionLog::Event 176 { 177 public: 178 /** 179 * Constructor. 180 */ 181 LoginEvent(); 182 183 virtual ~LoginEvent(); 184 185 const char* getType() const; 186 187 /** SAML 2.0 AuthnStatement. */ 188 const opensaml::saml2::AuthnStatement* m_saml2AuthnStatement; 189 190 /** SAML 2.0 Response. */ 191 const opensaml::saml2p::StatusResponseType* m_saml2Response; 192 193 /** SAML 1.x AuthnStatement. */ 194 const opensaml::saml1::AuthenticationStatement* m_saml1AuthnStatement; 195 196 /** SAML 1.x Response. */ 197 const opensaml::saml1p::Response* m_saml1Response; 198 199 /** Attributes associated with event. */ 200 const std::vector<Attribute*>* m_attributes; 201 }; 202 203 class SHIBSP_API LogoutEvent : public TransactionLog::Event 204 { 205 public: 206 /** 207 * Constructor. 208 */ 209 LogoutEvent(); 210 211 virtual ~LogoutEvent(); 212 213 const char* getType() const; 214 215 /** Result of logout (local, global, partial). */ 216 enum logout_type_t { 217 LOGOUT_EVENT_UNKNOWN, 218 LOGOUT_EVENT_INVALID, 219 LOGOUT_EVENT_LOCAL, 220 LOGOUT_EVENT_GLOBAL, 221 LOGOUT_EVENT_PARTIAL 222 } m_logoutType; 223 224 /** SAML 2.0 Request. */ 225 const opensaml::saml2p::LogoutRequest* m_saml2Request; 226 227 /** SAML 2.0 Response. */ 228 const opensaml::saml2p::LogoutResponse* m_saml2Response; 229 230 /** Primary session associated with event. */ 231 const Session* m_session; 232 233 /** All sessions associated with event. */ 234 std::vector<std::string> m_sessions; 235 }; 236 237 class SHIBSP_API AuthnRequestEvent : public TransactionLog::Event 238 { 239 public: 240 /** 241 * Constructor. 242 */ 243 AuthnRequestEvent(); 244 245 virtual ~AuthnRequestEvent(); 246 247 const char* getType() const; 248 249 /** SAML 2.0 Request. */ 250 const opensaml::saml2p::AuthnRequest* m_saml2Request; 251 }; 252 253 /** 254 * Registers Event classes into the runtime. 255 */ 256 void SHIBSP_API registerEvents(); 257 }; 258 259 #endif 260 261 /** Login event. */ 262 #define LOGIN_EVENT "Login" 263 264 /** Logout event. */ 265 #define LOGOUT_EVENT "Logout" 266 267 /** AuthnRequest event. */ 268 #define AUTHNREQUEST_EVENT "AuthnRequest" 269 270 /** NameIDMgmt event. */ 271 #define NAMEIDMGMT_EVENT "NameIDMgmt" 272 273 #endif /* __shibsp_txlog_h__ */ 274