1 /**
2  * Licensed to the University Corporation for Advanced Internet
3  * Development, Inc. (UCAID) under one or more contributor license
4  * agreements. See the NOTICE file distributed with this work for
5  * additional information regarding copyright ownership.
6  *
7  * UCAID licenses this file to you under the Apache License,
8  * Version 2.0 (the "License"); you may not use this file except
9  * in compliance with the License. You may obtain a copy of the
10  * License at
11  *
12  * http://www.apache.org/licenses/LICENSE-2.0
13  *
14  * Unless required by applicable law or agreed to in writing,
15  * software distributed under the License is distributed on an
16  * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND,
17  * either express or implied. See the License for the specific
18  * language governing permissions and limitations under the License.
19  */
20 
21 /**
22  * @file shibsp/TransactionLog.h
23  *
24  * Formatted event record logging.
25  */
26 
27 #if !defined (__shibsp_txlog_h__)
28 #define __shibsp_txlog_h__
29 
30 #ifndef SHIBSP_LITE
31 
32 #include <shibsp/base.h>
33 #include <xmltooling/logging.h>
34 #include <xmltooling/Lockable.h>
35 #include <xmltooling/io/GenericRequest.h>
36 
37 #include <map>
38 #include <vector>
39 #include <iostream>
40 #include <boost/scoped_ptr.hpp>
41 
42 namespace xmltooling {
43     class XMLTOOL_API Mutex;
44 };
45 
46 namespace opensaml {
47     namespace saml1 {
48         class SAML_API AuthenticationStatement;
49     };
50 
51     namespace saml1p {
52         class SAML_API Response;
53     };
54 
55     namespace saml2 {
56         class SAML_API AuthnStatement;
57         class SAML_API NameID;
58     };
59 
60     namespace saml2p {
61         class SAML_API AuthnRequest;
62         class SAML_API LogoutRequest;
63         class SAML_API LogoutResponse;
64         class SAML_API StatusResponseType;
65     };
66 
67     namespace saml2md {
68         class SAML_API EntityDescriptor;
69     };
70 };
71 
72 namespace shibsp {
73     class SHIBSP_API Application;
74     class SHIBSP_API Attribute;
75     class SHIBSP_API Session;
76 
77     /**
78      * Interface to a synchronized event/audit logging object.
79      */
80     class SHIBSP_API TransactionLog : public virtual xmltooling::Lockable
81     {
82         MAKE_NONCOPYABLE(TransactionLog);
83     public:
84         /**
85          * Constructor.
86          *
87          * @param fmt       formatting string for events
88          * @param absent    string to output when a field is empty
89          */
90         TransactionLog(const char* fmt=nullptr, const char* absent=nullptr);
91 
92         virtual ~TransactionLog();
93 
94         xmltooling::Lockable* lock();
95         void unlock();
96 
97         /**
98          * Callback interface that outputs an event record to a stream using formatting tokens.
99          */
100         class SHIBSP_API Event {
101             MAKE_NONCOPYABLE(Event);
102         protected:
103             /** Function that handles a formatting token. */
104             typedef bool (*handler_fn)(const Event& e, std::ostream&);
105 
106             /** Map of tokens to handlers. */
107             std::map<std::string, handler_fn> m_handlers;
108 
109             /**
110              * Constructor.
111              */
112             Event();
113 
114         public:
115             virtual ~Event();
116 
117             /**
118              * Returns a type string to be used for the log category in the event log.
119              *
120              * @return  type or category for the event
121              */
122             virtual const char* getType() const=0;
123 
124             /** Exception */
125             const std::exception* m_exception;
126 
127             /** Request object associated with event. */
128             const xmltooling::GenericRequest* m_request;
129 
130             /** Application object associated with event. */
131             const Application* m_app;
132 
133             /** Session identifier. */
134             const char* m_sessionID;
135 
136             /** Peer entity associated with event. */
137             const opensaml::saml2md::EntityDescriptor* m_peer;
138 
139             /** Protocol associated with event. */
140             const char* m_protocol;
141 
142             /** Protocol binding associated with event. */
143             const char* m_binding;
144 
145             /** SAML 2.0 NameID. */
146             const opensaml::saml2::NameID* m_nameID;
147 
148             /**
149              * Outputs an event record to a stream based on the defined formatting string.
150              *
151              * @param out       stream to use
152              * @param field     field to output
153              * @param absent    string to output if the field is empty
154              * @return  true iff the field was recognized and substituted
155              */
156             virtual bool write(std::ostream& out, const char* field, const char* absent) const;
157         };
158 
159         /**
160          * Write a formatted event record to the log.
161          * <p>This method is internally synchronized and the caller does <strong>NOT</strong>
162          * need to explicitly lock and unlock the object.
163          *
164          * @param e event to log
165          */
166         virtual void write(const Event& e);
167 
168     private:
169         xmltooling::logging::Category& m_log;
170         boost::scoped_ptr<xmltooling::Mutex> m_lock;
171         std::string m_absent;
172         std::vector<std::string> m_formatting;
173     };
174 
175     class SHIBSP_API LoginEvent : public TransactionLog::Event
176     {
177     public:
178         /**
179          * Constructor.
180          */
181         LoginEvent();
182 
183         virtual ~LoginEvent();
184 
185         const char* getType() const;
186 
187         /** SAML 2.0 AuthnStatement. */
188         const opensaml::saml2::AuthnStatement* m_saml2AuthnStatement;
189 
190         /** SAML 2.0 Response. */
191         const opensaml::saml2p::StatusResponseType* m_saml2Response;
192 
193         /** SAML 1.x AuthnStatement. */
194         const opensaml::saml1::AuthenticationStatement* m_saml1AuthnStatement;
195 
196         /** SAML 1.x Response. */
197         const opensaml::saml1p::Response* m_saml1Response;
198 
199         /** Attributes associated with event. */
200         const std::vector<Attribute*>* m_attributes;
201     };
202 
203     class SHIBSP_API LogoutEvent : public TransactionLog::Event
204     {
205     public:
206         /**
207          * Constructor.
208          */
209         LogoutEvent();
210 
211         virtual ~LogoutEvent();
212 
213         const char* getType() const;
214 
215         /** Result of logout (local, global, partial). */
216         enum logout_type_t {
217             LOGOUT_EVENT_UNKNOWN,
218             LOGOUT_EVENT_INVALID,
219             LOGOUT_EVENT_LOCAL,
220             LOGOUT_EVENT_GLOBAL,
221             LOGOUT_EVENT_PARTIAL
222         } m_logoutType;
223 
224         /** SAML 2.0 Request. */
225         const opensaml::saml2p::LogoutRequest* m_saml2Request;
226 
227         /** SAML 2.0 Response. */
228         const opensaml::saml2p::LogoutResponse* m_saml2Response;
229 
230         /** Primary session associated with event. */
231         const Session* m_session;
232 
233         /** All sessions associated with event. */
234         std::vector<std::string> m_sessions;
235     };
236 
237     class SHIBSP_API AuthnRequestEvent : public TransactionLog::Event
238     {
239     public:
240         /**
241          * Constructor.
242          */
243         AuthnRequestEvent();
244 
245         virtual ~AuthnRequestEvent();
246 
247         const char* getType() const;
248 
249         /** SAML 2.0 Request. */
250         const opensaml::saml2p::AuthnRequest* m_saml2Request;
251     };
252 
253     /**
254      * Registers Event classes into the runtime.
255      */
256     void SHIBSP_API registerEvents();
257 };
258 
259 #endif
260 
261 /** Login event. */
262 #define LOGIN_EVENT         "Login"
263 
264 /** Logout event. */
265 #define LOGOUT_EVENT        "Logout"
266 
267 /** AuthnRequest event. */
268 #define AUTHNREQUEST_EVENT  "AuthnRequest"
269 
270 /** NameIDMgmt event. */
271 #define NAMEIDMGMT_EVENT    "NameIDMgmt"
272 
273 #endif /* __shibsp_txlog_h__ */
274