Redesigned target around URL->application mapping

[shibboleth/sp.git] / shib / ClubShibPOSTProfile.cpp

diff --git a/shib/ClubShibPOSTProfile.cpp b/shib/ClubShibPOSTProfile.cpp
index 4fd37c7..d31036f 100644 (file)
--- a/shib/ClubShibPOSTProfile.cpp
+++ b/shib/ClubShibPOSTProfile.cpp
@@ -55,65 +55,52 @@
    $History:$
 */
 
-#ifdef WIN32
-# define SHIB_EXPORTS __declspec(dllexport)
-#endif
+#include "internal.h"
 
-#include <shib.h>
 using namespace shibboleth;
 using namespace saml;
 using namespace std;
 
-ClubShibPOSTProfile::ClubShibPOSTProfile(const Iterator<const XMLCh*>& policies, const XMLCh* receiver, int ttlSeconds)
-    : ShibPOSTProfile(policies,receiver,ttlSeconds)
-{
-    bool found=false;
-    for (vector<const XMLCh*>::iterator i=m_policies.begin(); !found && i!=m_policies.end(); i++)
-        if (!XMLString::compareString(Constants::POLICY_CLUBSHIB,*i))
-            found=true;
-    if (!found)
-        throw SAMLException(SAMLException::REQUESTER, "ClubShibPOSTProfile() policy array must include Club Shib");
-}
+ClubShibPOSTProfile::ClubShibPOSTProfile(
+    const Iterator<IMetadata*>& metadatas, const Iterator<ITrust*>& trusts,
+    const Iterator<const XMLCh*>& policies, const XMLCh* receiver, int ttlSeconds
+    ) : ShibPOSTProfile(metadatas, trusts, policies,receiver,ttlSeconds) {}
 
-ClubShibPOSTProfile::ClubShibPOSTProfile(const Iterator<const XMLCh*>& policies, const XMLCh* issuer)
-    : ShibPOSTProfile(policies,issuer)
-{
-    bool found=false;
-    for (vector<const XMLCh*>::iterator i=m_policies.begin(); !found && i!=m_policies.end(); i++)
-        if (!XMLString::compareString(Constants::POLICY_CLUBSHIB,*i))
-            found=true;
-    if (!found)
-        throw SAMLException(SAMLException::REQUESTER, "ClubShibPOSTProfile() policy array must include Club Shib");
-}
+ClubShibPOSTProfile::ClubShibPOSTProfile(
+    const Iterator<IMetadata*>& metadatas, const Iterator<ICredentials*>& creds,
+    const Iterator<const XMLCh*>& policies, const XMLCh* issuer
+    ) : ShibPOSTProfile(metadatas,creds,policies,issuer) {}
 
-ClubShibPOSTProfile::~ClubShibPOSTProfile()
-{
-}
+ClubShibPOSTProfile::~ClubShibPOSTProfile() {}
 
-SAMLResponse* ClubShibPOSTProfile::prepare(const XMLCh* recipient,
-                                           const XMLCh* name,
-                                           const XMLCh* nameQualifier,
-                                           const XMLCh* subjectIP,
-                                           const XMLCh* authMethod,
-                                           time_t authInstant,
-                                           const Iterator<SAMLAuthorityBinding*>& bindings,
-                                           const saml::Key& responseKey, const saml::X509Certificate* responseCert,
-                                           const saml::Key* assertionKey, const saml::X509Certificate* assertionCert)
+SAMLResponse* ClubShibPOSTProfile::prepare(
+    const XMLCh* recipient,
+    const XMLCh* name,
+    const XMLCh* nameQualifier,
+    const XMLCh* subjectIP,
+    const XMLCh* authMethod,
+    time_t authInstant,
+    const saml::Iterator<saml::SAMLAuthorityBinding*>& bindings,
+    XSECCryptoKey* responseKey,
+    const Iterator<XSECCryptoX509*>& responseCerts,
+    XSECCryptoKey* assertionKey,
+    const Iterator<XSECCryptoX509*>& assertionCerts
+    )
 {
-    if (responseKey.getType()!=Key::RSA)
-        throw InvalidCryptoException(SAMLException::RESPONDER, "ClubShibPOSTProfile::prepare() requires the response key be an RSA private key");
-    if (assertionKey && assertionKey->getType()!=Key::RSA)
-        throw InvalidCryptoException(SAMLException::RESPONDER, "ClubShibPOSTProfile::prepare() requires the assertion key be an RSA private key");
+    if (responseKey->getKeyType()!=XSECCryptoKey::KEY_RSA_PRIVATE || responseKey->getKeyType()!=XSECCryptoKey::KEY_RSA_PAIR)
+        throw TrustException(SAMLException::RESPONDER, "ClubShibPOSTProfile::prepare() requires the response key be an RSA private key");
+    if (assertionKey && assertionKey->getKeyType()!=XSECCryptoKey::KEY_RSA_PRIVATE || assertionKey->getKeyType()!=XSECCryptoKey::KEY_RSA_PAIR)
+        throw TrustException(SAMLException::RESPONDER, "ClubShibPOSTProfile::prepare() requires the assertion key be an RSA private key");
 
     return ShibPOSTProfile::prepare(recipient,name,nameQualifier,subjectIP,authMethod,authInstant,bindings,
-                                    responseKey,responseCert,assertionKey,assertionCert);
+                                    responseKey,responseCerts,assertionKey,assertionCerts);
 }
 
-bool ClubShibPOSTProfile::verifySignature(const SAMLSignedObject& obj, const XMLCh* signerName,
-                                          const saml::Iterator<saml::X509Certificate*>& roots,
-                                          const saml::Key* knownKey)
+void ClubShibPOSTProfile::verifySignature(
+    const SAMLSignedObject& obj, const IOriginSite* originSite, const XMLCh* signerName, XSECCryptoKey* knownKey
+    )
 {
-    if (!ShibPOSTProfile::verifySignature(obj,signerName,roots,knownKey))
-        return false;
-    return (obj.getSignatureAlgorithm()==SAMLSignedObject::RSA_SHA1);
+    ShibPOSTProfile::verifySignature(obj,originSite,signerName,knownKey);
+    if (obj.getSignatureAlgorithm()!=SIGNATURE_RSA)
+        throw TrustException("ClubShibPOSTProfile::verifySignature() requires the RSA signature algorithm");
 }