class SHIBSP_DLLLOCAL XMLSecurityPolicyProviderImpl
{
public:
- XMLSecurityPolicyProviderImpl(const DOMElement* e, Category& log);
+ XMLSecurityPolicyProviderImpl(const DOMElement*, Category&);
~XMLSecurityPolicyProviderImpl() {
if (m_document)
m_document->release();
private:
DOMDocument* m_document;
+ bool m_includeDefaultBlacklist;
vector<xstring> m_whitelist,m_blacklist;
vector< boost::shared_ptr<SecurityPolicyRule> > m_ruleJanitor; // need this to maintain vector type in API
typedef map< string,pair< boost::shared_ptr<PropertySet>,vector<const SecurityPolicyRule*> > > policymap_t;
{
public:
XMLSecurityPolicyProvider(const DOMElement* e)
- : ReloadableXMLFile(e, Category::getInstance(SHIBSP_LOGCAT".SecurityPolicyProvider.XML")) {
+ : ReloadableXMLFile(e, Category::getInstance(SHIBSP_LOGCAT ".SecurityPolicyProvider.XML")) {
background_load(); // guarantees an exception or the policy is loaded
}
return i->second.second;
throw ConfigurationException("Security Policy ($1) not found, check <SecurityPolicies> element.", params(1,id));
}
+ const vector<xstring>& getDefaultAlgorithmBlacklist() const {
+ return m_impl->m_includeDefaultBlacklist ? m_defaultBlacklist : m_empty;
+ }
const vector<xstring>& getAlgorithmBlacklist() const {
return m_impl->m_blacklist;
}
private:
scoped_ptr<XMLSecurityPolicyProviderImpl> m_impl;
+ static vector<xstring> m_empty;
};
#if defined (_MSC_VER)
static const XMLCh _id[] = UNICODE_LITERAL_2(i,d);
static const XMLCh _type[] = UNICODE_LITERAL_4(t,y,p,e);
+ static const XMLCh includeDefaultBlacklist[] = UNICODE_LITERAL_23(i,n,c,l,u,d,e,D,e,f,a,u,l,t,B,l,a,c,k,l,i,s,t);
static const XMLCh AlgorithmBlacklist[] = UNICODE_LITERAL_18(A,l,g,o,r,i,t,h,m,B,l,a,c,k,l,i,s,t);
static const XMLCh AlgorithmWhitelist[] = UNICODE_LITERAL_18(A,l,g,o,r,i,t,h,m,W,h,i,t,e,l,i,s,t);
static const XMLCh Policy[] = UNICODE_LITERAL_6(P,o,l,i,c,y);
SecurityPolicyProvider::SecurityPolicyProvider()
{
+ m_defaultBlacklist.push_back(DSIGConstants::s_unicodeStrURIRSA_MD5);
+ m_defaultBlacklist.push_back(DSIGConstants::s_unicodeStrURIMD5);
+ m_defaultBlacklist.push_back(DSIGConstants::s_unicodeStrURIRSA_1_5);
}
SecurityPolicyProvider::~SecurityPolicyProvider()
{
}
+const vector<xstring>& SecurityPolicyProvider::getDefaultAlgorithmBlacklist() const
+{
+ return m_defaultBlacklist;
+}
+
SecurityPolicy* SecurityPolicyProvider::createSecurityPolicy(
const Application& application, const xmltooling::QName* role, const char* policyId
) const
}
XMLSecurityPolicyProviderImpl::XMLSecurityPolicyProviderImpl(const DOMElement* e, Category& log)
- : m_document(nullptr), m_defaultPolicy(m_policyMap.end())
+ : m_document(nullptr), m_includeDefaultBlacklist(true), m_defaultPolicy(m_policyMap.end())
{
#ifdef _DEBUG
xmltooling::NDC ndc("XMLSecurityPolicyProviderImpl");
const XMLCh* algs = nullptr;
const DOMElement* alglist = XMLHelper::getLastChildElement(e, AlgorithmBlacklist);
- if (alglist && alglist->hasChildNodes()) {
- algs = alglist->getFirstChild()->getNodeValue();
+ if (alglist) {
+ m_includeDefaultBlacklist = XMLHelper::getAttrBool(alglist, true, includeDefaultBlacklist);
+ if (alglist->hasChildNodes()) {
+ algs = alglist->getFirstChild()->getNodeValue();
+ }
}
else if ((alglist = XMLHelper::getLastChildElement(e, AlgorithmWhitelist)) && alglist->hasChildNodes()) {
algs = alglist->getFirstChild()->getNodeValue();
+ m_includeDefaultBlacklist = false;
}
if (algs) {
const XMLCh* token;
throw ConfigurationException("XML SecurityPolicyProvider requires at least one Policy.");
}
+vector<xstring> XMLSecurityPolicyProvider::m_empty;
+
pair<bool,DOMElement*> XMLSecurityPolicyProvider::load(bool backup)
{
// Load from source using base class.
projects / shibboleth / cpp-sp.git / blobdiff