#ifndef __shib_h__
#define __shib_h__
+#include <xmltooling/util/Threads.h>
+
#include <saml/saml.h>
-#include <shib/shib-threads.h>
#include <xsec/xenc/XENCEncryptionMethod.hpp>
#ifdef WIN32
virtual ~IEntitiesDescriptor() {}
};
- // Supports Shib role extension describing attribute scoping rules
- struct SHIB_EXPORTS IScopedRoleDescriptor : public virtual IRoleDescriptor
- {
- virtual saml::Iterator<std::pair<const XMLCh*,bool> > getScopes() const=0;
- virtual ~IScopedRoleDescriptor() {}
- };
-
- // Shib extension interfaces to key authority data
+ // Shib extension interfaces
struct SHIB_EXPORTS IKeyAuthority
{
virtual int getVerifyDepth() const=0;
struct SHIB_EXPORTS IExtendedEntityDescriptor : public virtual IEntityDescriptor
{
virtual saml::Iterator<const IKeyAuthority*> getKeyAuthorities() const=0;
+ virtual saml::Iterator<std::pair<const XMLCh*,bool> > getScopes() const=0;
virtual ~IExtendedEntityDescriptor() {}
};
virtual const char* getAlias() const=0;
virtual const char* getHeader() const=0;
virtual bool getCaseSensitive() const=0;
- virtual void apply(saml::SAMLAttribute& attribute, const IRoleDescriptor* role=NULL) const=0;
+ virtual void apply(saml::SAMLAttribute& attribute, const IEntityDescriptor* source=NULL) const=0;
virtual ~IAttributeRule() {}
};
template class SHIB_EXPORTS saml::ArrayIterator<IAAP*>;
#endif
- struct SHIB_EXPORTS Constants
- {
- static const XMLCh SHIB_ATTRIBUTE_NAMESPACE_URI[];
- static const XMLCh SHIB_NAMEID_FORMAT_URI[];
- static const XMLCh SHIB_AUTHNREQUEST_PROFILE_URI[];
- static const XMLCh SHIB_LEGACY_AUTHNREQUEST_PROFILE_URI[];
- static const XMLCh SHIB_SESSIONINIT_PROFILE_URI[];
- static const XMLCh SHIB_LOGOUT_PROFILE_URI[];
- static const XMLCh SHIB_NS[];
- static const XMLCh InvalidHandle[];
- };
-
// Glue classes between abstract metadata and concrete providers
class SHIB_EXPORTS Metadata
const IAttributeRule* operator->() const {return m_rule;}
operator const IAttributeRule*() const {return m_rule;}
- static void apply(const saml::Iterator<IAAP*>& aaps, saml::SAMLAssertion& assertion, const IRoleDescriptor* role=NULL);
+ static void apply(const saml::Iterator<IAAP*>& aaps, saml::SAMLAssertion& assertion, const IEntityDescriptor* source=NULL);
private:
AAP(const AAP&);
class SHIB_EXPORTS ShibBrowserProfile : virtual public saml::SAMLBrowserProfile
{
public:
+ struct SHIB_EXPORTS ITokenValidator {
+ virtual void validateToken(
+ saml::SAMLAssertion* token,
+ time_t=0,
+ const IRoleDescriptor* role=NULL,
+ const saml::Iterator<ITrust*>& trusts=EMPTY(ITrust*)
+ ) const=0;
+ virtual ~ITokenValidator() {}
+ };
+
ShibBrowserProfile(
+ const ITokenValidator* validator,
const saml::Iterator<IMetadata*>& metadatas=EMPTY(IMetadata*),
const saml::Iterator<ITrust*>& trusts=EMPTY(ITrust*)
);
saml::SAMLBrowserProfile* m_profile;
saml::Iterator<IMetadata*> m_metadatas;
saml::Iterator<ITrust*> m_trusts;
+ const ITokenValidator* m_validator;
};
class SHIB_EXPORTS ShibConfig
const DOMElement* m_root;
std::string m_source;
time_t m_filestamp;
- RWLock* m_lock;
+ xmltooling::RWLock* m_lock;
};
/* These helpers attach metadata-derived information as exception properties and then