2 * Licensed to the University Corporation for Advanced Internet
3 * Development, Inc. (UCAID) under one or more contributor license
4 * agreements. See the NOTICE file distributed with this work for
5 * additional information regarding copyright ownership.
7 * UCAID licenses this file to you under the Apache License,
8 * Version 2.0 (the "License"); you may not use this file except
9 * in compliance with the License. You may obtain a copy of the
12 * http://www.apache.org/licenses/LICENSE-2.0
14 * Unless required by applicable law or agreed to in writing,
15 * software distributed under the License is distributed on an
16 * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND,
17 * either express or implied. See the License for the specific
18 * language governing permissions and limitations under the License.
22 * @file shibsp/security/SecurityPolicyProvider.h
\r
24 * Interface to a source of security policy settings and rules.
\r
27 #ifndef __shibsp_policyfactory_h__
\r
28 #define __shibsp_policyfactory_h__
\r
32 #include <shibsp/base.h>
\r
35 #include <xmltooling/Lockable.h>
\r
36 #include <xmltooling/unicode.h>
\r
38 namespace xmltooling {
\r
39 class XMLTOOL_API QName;
\r
42 namespace opensaml {
\r
43 class SAML_API SecurityPolicyRule;
\r
48 class SHIBSP_API Application;
\r
49 class SHIBSP_API PropertySet;
\r
50 class SHIBSP_API SecurityPolicy;
\r
53 * Interface to a source of security policy settings and rules.
\r
55 class SHIBSP_API SecurityPolicyProvider : public virtual xmltooling::Lockable
\r
57 MAKE_NONCOPYABLE(SecurityPolicyProvider);
\r
59 SecurityPolicyProvider();
\r
61 virtual ~SecurityPolicyProvider();
\r
64 * Returns the security policy settings for an identified policy.
\r
66 * @param id identifies the policy to return, or nullptr for default
\r
67 * @return a PropertySet
\r
69 virtual const PropertySet* getPolicySettings(const char* id=nullptr) const=0;
\r
72 * Returns the security policy rules for an identified policy.
\r
74 * @param id identifies the policy to return, or nullptr for default
\r
75 * @return an array of policy rules
\r
77 virtual const std::vector<const opensaml::SecurityPolicyRule*>& getPolicyRules(const char* id=nullptr) const=0;
\r
80 * Returns a set of XML Signature/Encryption algorithm identifiers to block.
\r
82 * @return an array of algorithm URIs to block
\r
84 virtual const std::vector<xmltooling::xstring>& getAlgorithmBlacklist() const=0;
\r
87 * Returns a set of XML Signature/Encryption algorithm identifiers to permit.
\r
89 * @return an array of algorithm URIs to permit
\r
91 virtual const std::vector<xmltooling::xstring>& getAlgorithmWhitelist() const=0;
\r
94 * Returns a SecurityPolicy applicable to an application and/or policy identifier.
\r
96 * <p>The caller <strong>MUST</strong> lock the application's MetadataProvider for the life
\r
97 * of the returned object.
\r
99 * @param application reference to application applying policy
\r
100 * @param role identifies the role (generally IdP or SP) of the policy peer
\r
101 * @param policyId identifies policy, defaults to the application's default
\r
102 * @return a new policy instance, which the caller is responsible for freeing
\r
104 virtual SecurityPolicy* createSecurityPolicy(
\r
105 const Application& application, const xmltooling::QName* role, const char* policyId=nullptr
\r
110 * Registers SecurityPolicyProvider classes into the runtime.
\r
112 void SHIBSP_API registerSecurityPolicyProviders();
\r
114 /** SecurityPolicyProvider based on an XML configuration format. */
\r
115 #define XML_SECURITYPOLICY_PROVIDER "XML"
\r
120 #endif /* __shibsp_policyfactory_h__ */
\r