2 * The Shibboleth License, Version 1.
4 * University Corporation for Advanced Internet Development, Inc.
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions are met:
11 * Redistributions of source code must retain the above copyright notice, this
12 * list of conditions and the following disclaimer.
14 * Redistributions in binary form must reproduce the above copyright notice,
15 * this list of conditions and the following disclaimer in the documentation
16 * and/or other materials provided with the distribution, if any, must include
17 * the following acknowledgment: "This product includes software developed by
18 * the University Corporation for Advanced Internet Development
19 * <http://www.ucaid.edu>Internet2 Project. Alternately, this acknowledegement
20 * may appear in the software itself, if and wherever such third-party
21 * acknowledgments normally appear.
23 * Neither the name of Shibboleth nor the names of its contributors, nor
24 * Internet2, nor the University Corporation for Advanced Internet Development,
25 * Inc., nor UCAID may be used to endorse or promote products derived from this
26 * software without specific prior written permission. For written permission,
27 * please contact shibboleth@shibboleth.org
29 * Products derived from this software may not be called Shibboleth, Internet2,
30 * UCAID, or the University Corporation for Advanced Internet Development, nor
31 * may Shibboleth appear in their name, without prior written permission of the
32 * University Corporation for Advanced Internet Development.
35 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
36 * AND WITH ALL FAULTS. ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
37 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A
38 * PARTICULAR PURPOSE, AND NON-INFRINGEMENT ARE DISCLAIMED AND THE ENTIRE RISK
39 * OF SATISFACTORY QUALITY, PERFORMANCE, ACCURACY, AND EFFORT IS WITH LICENSEE.
40 * IN NO EVENT SHALL THE COPYRIGHT OWNER, CONTRIBUTORS OR THE UNIVERSITY
41 * CORPORATION FOR ADVANCED INTERNET DEVELOPMENT, INC. BE LIABLE FOR ANY DIRECT,
42 * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
43 * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
44 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
45 * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
46 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
47 * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
50 /* ClubShibPOSTProfile.cpp - Club-Shib wrapper around SAML POST profile
59 # define SHIB_EXPORTS __declspec(dllexport)
63 using namespace shibboleth;
67 ClubShibPOSTProfile::ClubShibPOSTProfile(const Iterator<const XMLCh*>& policies, const XMLCh* receiver, int ttlSeconds)
68 : ShibPOSTProfile(policies,receiver,ttlSeconds)
71 for (vector<const XMLCh*>::iterator i=m_policies.begin(); !found && i!=m_policies.end(); i++)
72 if (!XMLString::compareString(Constants::POLICY_CLUBSHIB,*i))
75 throw SAMLException(SAMLException::REQUESTER, "ClubShibPOSTProfile() policy array must include Club Shib");
78 ClubShibPOSTProfile::ClubShibPOSTProfile(const Iterator<const XMLCh*>& policies, const XMLCh* issuer)
79 : ShibPOSTProfile(policies,issuer)
82 for (vector<const XMLCh*>::iterator i=m_policies.begin(); !found && i!=m_policies.end(); i++)
83 if (!XMLString::compareString(Constants::POLICY_CLUBSHIB,*i))
86 throw SAMLException(SAMLException::REQUESTER, "ClubShibPOSTProfile() policy array must include Club Shib");
89 ClubShibPOSTProfile::~ClubShibPOSTProfile()
93 SAMLResponse* ClubShibPOSTProfile::prepare(const XMLCh* recipient,
95 const XMLCh* nameQualifier,
96 const XMLCh* subjectIP,
97 const XMLCh* authMethod,
99 const Iterator<SAMLAuthorityBinding*>& bindings,
100 const saml::Key& responseKey, const saml::X509Certificate* responseCert,
101 const saml::Key* assertionKey, const saml::X509Certificate* assertionCert)
103 if (responseKey.getType()!=Key::RSA)
104 throw InvalidCryptoException(SAMLException::RESPONDER, "ClubShibPOSTProfile::prepare() requires the response key be an RSA private key");
105 if (assertionKey && assertionKey->getType()!=Key::RSA)
106 throw InvalidCryptoException(SAMLException::RESPONDER, "ClubShibPOSTProfile::prepare() requires the assertion key be an RSA private key");
108 return ShibPOSTProfile::prepare(recipient,name,nameQualifier,subjectIP,authMethod,authInstant,bindings,
109 responseKey,responseCert,assertionKey,assertionCert);
112 bool ClubShibPOSTProfile::verifySignature(const SAMLSignedObject& obj, const XMLCh* signerName,
113 const saml::Iterator<saml::X509Certificate*>& roots,
114 const saml::Key* knownKey)
116 if (!ShibPOSTProfile::verifySignature(obj,signerName,roots,knownKey))
118 return (obj.getSignatureAlgorithm()==SAMLSignedObject::RSA_SHA1);