--- /dev/null
+/*\r
+ * Copyright 2010 Internet2\r
+ * \r
+ * Licensed under the Apache License, Version 2.0 (the "License");\r
+ * you may not use this file except in compliance with the License.\r
+ * You may obtain a copy of the License at\r
+ *\r
+ * http://www.apache.org/licenses/LICENSE-2.0\r
+ *\r
+ * Unless required by applicable law or agreed to in writing, software\r
+ * distributed under the License is distributed on an "AS IS" BASIS,\r
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
+ * See the License for the specific language governing permissions and\r
+ * limitations under the License.\r
+ */\r
+\r
+/**\r
+ * @file shibsp/security/SecurityPolicyProvider.h\r
+ * \r
+ * Interface to a source of security policy settings and rules.\r
+ */\r
+\r
+#ifndef __shibsp_policyfactory_h__\r
+#define __shibsp_policyfactory_h__\r
+\r
+#ifndef SHIBSP_LITE\r
+\r
+#include <shibsp/base.h>\r
+\r
+#include <vector>\r
+#include <xmltooling/Lockable.h>\r
+#include <xmltooling/unicode.h>\r
+\r
+namespace xmltooling {\r
+ class XMLTOOL_API QName;\r
+};\r
+\r
+namespace opensaml {\r
+ class SAML_API SecurityPolicy;\r
+ class SAML_API SecurityPolicyRule;\r
+};\r
+\r
+namespace shibsp {\r
+\r
+ class SHIBSP_API Application;\r
+ class SHIBSP_API PropertySet;\r
+\r
+ /**\r
+ * Interface to a source of security policy settings and rules.\r
+ */\r
+ class SHIBSP_API SecurityPolicyProvider : public virtual xmltooling::Lockable\r
+ {\r
+ MAKE_NONCOPYABLE(SecurityPolicyProvider);\r
+ protected:\r
+ SecurityPolicyProvider();\r
+ public:\r
+ virtual ~SecurityPolicyProvider();\r
+ \r
+ /**\r
+ * Returns the security policy settings for an identified policy.\r
+ *\r
+ * @param id identifies the policy to return\r
+ * @return a PropertySet\r
+ */\r
+ virtual const PropertySet* getPolicySettings(const char* id) const=0;\r
+\r
+ /**\r
+ * Returns the security policy rules for an identified policy.\r
+ *\r
+ * @param id identifies the policy to return\r
+ * @return an array of policy rules\r
+ */\r
+ virtual const std::vector<const opensaml::SecurityPolicyRule*>& getPolicyRules(const char* id) const=0;\r
+\r
+ /**\r
+ * Returns a set of XML Signature/Encryption algorithm identifiers to block.\r
+ *\r
+ * @return an array of algorithm URIs to block\r
+ */\r
+ virtual const std::vector<xmltooling::xstring>& getAlgorithmBlacklist() const=0;\r
+\r
+ /**\r
+ * Returns a set of XML Signature/Encryption algorithm identifiers to permit.\r
+ *\r
+ * @return an array of algorithm URIs to permit\r
+ */\r
+ virtual const std::vector<xmltooling::xstring>& getAlgorithmWhitelist() const=0;\r
+\r
+ /**\r
+ * Returns a SecurityPolicy applicable to an application and/or policy identifier.\r
+ *\r
+ * <p>The caller <strong>MUST</strong> lock the application's MetadataProvider for the life\r
+ * of the returned object.\r
+ *\r
+ * @param application reference to application applying policy\r
+ * @param role identifies the role (generally IdP or SP) of the policy peer\r
+ * @param policyId identifies policy, defaults to the application's default\r
+ * @return a new policy instance, which the caller is responsible for freeing\r
+ */\r
+ virtual opensaml::SecurityPolicy* createSecurityPolicy(\r
+ const Application& application, const xmltooling::QName* role, const char* policyId=nullptr\r
+ ) const;\r
+ };\r
+\r
+ /**\r
+ * Registers SecurityPolicyProvider classes into the runtime.\r
+ */\r
+ void SHIBSP_API registerSecurityPolicyProviders();\r
+\r
+ /** SecurityPolicyProvider based on an XML configuration format. */\r
+ #define XML_SECURITYPOLICY_PROVIDER "XML"\r
+};\r
+\r
+#endif\r
+\r
+#endif /* __shibsp_policyfactory_h__ */\r