2 * Licensed to the University Corporation for Advanced Internet
3 * Development, Inc. (UCAID) under one or more contributor license
4 * agreements. See the NOTICE file distributed with this work for
5 * additional information regarding copyright ownership.
7 * UCAID licenses this file to you under the Apache License,
8 * Version 2.0 (the "License"); you may not use this file except
9 * in compliance with the License. You may obtain a copy of the
12 * http://www.apache.org/licenses/LICENSE-2.0
14 * Unless required by applicable law or agreed to in writing,
15 * software distributed under the License is distributed on an
16 * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND,
17 * either express or implied. See the License for the specific
18 * language governing permissions and limitations under the License.
22 * @file shibsp/security/SecurityPolicyProvider.h
24 * Interface to a source of security policy settings and rules.
27 #ifndef __shibsp_policyfactory_h__
28 #define __shibsp_policyfactory_h__
32 #include <shibsp/base.h>
35 #include <xmltooling/Lockable.h>
36 #include <xmltooling/unicode.h>
38 namespace xmltooling {
39 class XMLTOOL_API QName;
43 class SAML_API SecurityPolicyRule;
48 class SHIBSP_API Application;
49 class SHIBSP_API PropertySet;
50 class SHIBSP_API SecurityPolicy;
53 * Interface to a source of security policy settings and rules.
55 class SHIBSP_API SecurityPolicyProvider : public virtual xmltooling::Lockable
57 MAKE_NONCOPYABLE(SecurityPolicyProvider);
59 SecurityPolicyProvider();
61 /** Default algorithms to block in the current release. */
62 std::vector<xmltooling::xstring> m_defaultBlacklist;
65 virtual ~SecurityPolicyProvider();
68 * Returns the security policy settings for an identified policy.
70 * @param id identifies the policy to return, or nullptr for default
71 * @return a PropertySet
73 virtual const PropertySet* getPolicySettings(const char* id=nullptr) const=0;
76 * Returns the security policy rules for an identified policy.
78 * @param id identifies the policy to return, or nullptr for default
79 * @return an array of policy rules
81 virtual const std::vector<const opensaml::SecurityPolicyRule*>& getPolicyRules(const char* id=nullptr) const=0;
84 * Returns a default/implicit set of XML Signature/Encryption algorithm identifiers to block.
86 * @return an array of algorithm URIs to block
88 virtual const std::vector<xmltooling::xstring>& getDefaultAlgorithmBlacklist() const;
91 * Returns a set of XML Signature/Encryption algorithm identifiers to block.
93 * @return an array of algorithm URIs to block
95 virtual const std::vector<xmltooling::xstring>& getAlgorithmBlacklist() const=0;
98 * Returns a set of XML Signature/Encryption algorithm identifiers to permit.
100 * @return an array of algorithm URIs to permit
102 virtual const std::vector<xmltooling::xstring>& getAlgorithmWhitelist() const=0;
105 * Returns a SecurityPolicy applicable to an application and/or policy identifier.
107 * <p>The caller <strong>MUST</strong> lock the application's MetadataProvider for the life
108 * of the returned object.
110 * @param application reference to application applying policy
111 * @param role identifies the role (generally IdP or SP) of the policy peer
112 * @param policyId identifies policy, defaults to the application's default
113 * @return a new policy instance, which the caller is responsible for freeing
115 virtual SecurityPolicy* createSecurityPolicy(
116 const Application& application, const xmltooling::QName* role, const char* policyId=nullptr
121 * Registers SecurityPolicyProvider classes into the runtime.
123 void SHIBSP_API registerSecurityPolicyProviders();
125 /** SecurityPolicyProvider based on an XML configuration format. */
126 #define XML_SECURITYPOLICY_PROVIDER "XML"
131 #endif /* __shibsp_policyfactory_h__ */