X-Git-Url: http://www.project-moonshot.org/gitweb/?a=blobdiff_plain;f=saml%2Fbinding%2FSecurityPolicy.h;h=c9b2b9a380dfc9a19ae934f85b0dffeff37cf619;hb=e9554c255ad3c91c7c4976e7a1a54905903e66a2;hp=72d24643028f92aad7741e482d777878b9f5207a;hpb=1d5fda59e4996860bb2480ad52e29b2160d04725;p=shibboleth%2Fcpp-opensaml.git diff --git a/saml/binding/SecurityPolicy.h b/saml/binding/SecurityPolicy.h index 72d2464..c9b2b9a 100644 --- a/saml/binding/SecurityPolicy.h +++ b/saml/binding/SecurityPolicy.h @@ -1,5 +1,5 @@ /* - * Copyright 2001-2009 Internet2 + * Copyright 2001-2010 Internet2 * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -27,14 +27,18 @@ #include #include -#include -#include +#include #if defined (_MSC_VER) #pragma warning( push ) #pragma warning( disable : 4250 4251 ) #endif +namespace xmltooling { + class XMLTOOL_API GenericRequest; + class XMLTOOL_API TrustEngine; +}; + namespace opensaml { namespace saml2 { @@ -66,26 +70,20 @@ namespace opensaml { * @param validate true iff XML parsing should be done with validation */ SecurityPolicy( - const saml2md::MetadataProvider* metadataProvider=NULL, - const xmltooling::QName* role=NULL, - const xmltooling::TrustEngine* trustEngine=NULL, + const saml2md::MetadataProvider* metadataProvider=nullptr, + const xmltooling::QName* role=nullptr, + const xmltooling::TrustEngine* trustEngine=nullptr, bool validate=true - ) : m_metadataCriteria(NULL), m_messageID(NULL), m_issueInstant(0), m_issuer(NULL), m_issuerRole(NULL), m_authenticated(false), - m_matchingPolicy(NULL), m_metadata(metadataProvider), m_role(NULL), m_trust(trustEngine), m_validate(validate), m_entityOnly(true) { - if (role) - m_role = new xmltooling::QName(*role); - } + ); virtual ~SecurityPolicy(); /** * Returns the locked MetadataProvider supplied to the policy. * - * @return the supplied MetadataProvider or NULL + * @return the supplied MetadataProvider or nullptr */ - const saml2md::MetadataProvider* getMetadataProvider() const { - return m_metadata; - } + const saml2md::MetadataProvider* getMetadataProvider() const; /** * Returns a reference to a MetadataProvider::Criteria instance suitable for use with the @@ -103,36 +101,57 @@ namespace opensaml { * * @return the peer role element/type, or an empty QName */ - const xmltooling::QName* getRole() const { - return m_role; - } + const xmltooling::QName* getRole() const; /** * Returns the TrustEngine supplied to the policy. * - * @return the supplied TrustEngine or NULL + * @return the supplied TrustEngine or nullptr */ - const xmltooling::TrustEngine* getTrustEngine() const { - return m_trust; - } + const xmltooling::TrustEngine* getTrustEngine() const; /** * Returns XML message validation setting. * * @return validation flag */ - bool getValidating() const { - return m_validate; - } + bool getValidating() const; /** * Returns flag controlling non-entity issuer support. * * @return flag controlling non-entity issuer support */ - bool requireEntityIssuer() const { - return m_entityOnly; - } + bool requireEntityIssuer() const; + + /** + * Returns the SAML audiences that represent the receiving peer. + * + * @return audience values of the peer processing the message + */ + const std::vector& getAudiences() const; + + /** + * Returns the SAML audiences that represent the receiving peer. + * + * @return audience values of the peer processing the message + */ + std::vector& getAudiences(); + + /** + * Gets the effective time of message processing. + * + * @return the time at which the message is being processed + */ + time_t getTime() const; + + /** + * Returns the message identifier to which the message being evaluated + * is a response. + * + * @return correlated message identifier + */ + const XMLCh* getCorrelationID() const; /** * Gets a mutable array of installed policy rules. @@ -141,18 +160,14 @@ namespace opensaml { * * @return mutable array of rules */ - std::vector& getRules() { - return m_rules; - } + std::vector& getRules(); /** * Sets a locked MetadataProvider for the policy. * - * @param metadata a locked MetadataProvider or NULL + * @param metadata a locked MetadataProvider or nullptr */ - void setMetadataProvider(const saml2md::MetadataProvider* metadata) { - m_metadata = metadata; - } + void setMetadataProvider(const saml2md::MetadataProvider* metadata); /** * Sets a MetadataProvider::Criteria instance suitable for use with the @@ -161,28 +176,23 @@ namespace opensaml { *

The policy will take ownership of the criteria object when this * method completes. * - * @param criteria a MetadataProvider::Criteria instance, or NULL + * @param criteria a MetadataProvider::Criteria instance, or nullptr */ void setMetadataProviderCriteria(saml2md::MetadataProvider::Criteria* criteria); /** * Sets a peer role element/type for to the policy. * - * @param role the peer role element/type or NULL + * @param role the peer role element/type or nullptr */ - void setRole(const xmltooling::QName* role) { - delete m_role; - m_role = role ? new xmltooling::QName(*role) : NULL; - } + void setRole(const xmltooling::QName* role); /** * Sets a TrustEngine for the policy. * - * @param trust a TrustEngine or NULL + * @param trust a TrustEngine or nullptr */ - void setTrustEngine(const xmltooling::TrustEngine* trust) { - m_trust = trust; - } + void setTrustEngine(const xmltooling::TrustEngine* trust); /** * Controls schema validation of incoming XML messages. @@ -191,18 +201,32 @@ namespace opensaml { * * @param validate validation setting */ - void setValidating(bool validate=true) { - m_validate = validate; - } + void setValidating(bool validate=true); /** * Sets flag controlling non-entity issuer support. * * @param entityOnly require that Issuer be in entity format */ - void requireEntityIssuer(bool entityOnly=true) { - m_entityOnly = entityOnly; - } + void requireEntityIssuer(bool entityOnly=true); + + /** + * Sets effective time of message processing. + * + *

Assumed to be the time of policy instantiation, can be adjusted to pre- or post-date + * message processing. + * + * @param ts the time at which the message is being processed + */ + void setTime(time_t ts); + + /** + * Sets the message identifier to which the message being evaluated + * is a response. + * + * @param correlationID correlated message identifier + */ + void setCorrelationID(const XMLCh* correlationID); /** * Evaluates the policy against the given request and message, @@ -213,9 +237,7 @@ namespace opensaml { * * @throws BindingException raised if the message/request is invalid according to the supplied rules */ - void evaluate( - const xmltooling::XMLObject& message, const xmltooling::GenericRequest* request=NULL - ); + void evaluate(const xmltooling::XMLObject& message, const xmltooling::GenericRequest* request=nullptr); /** * Resets the policy object and/or clears any per-message state. @@ -242,64 +264,49 @@ namespace opensaml { * * @return message identifier as determined by the registered policies */ - const XMLCh* getMessageID() const { - return m_messageID; - } + const XMLCh* getMessageID() const; /** * Returns the message timestamp as determined by the registered policies. * * @return message timestamp as determined by the registered policies */ - time_t getIssueInstant() const { - return m_issueInstant; - } + time_t getIssueInstant() const; /** * Gets the issuer of the message as determined by the registered policies. * * @return issuer of the message as determined by the registered policies */ - const saml2::Issuer* getIssuer() const { - return m_issuer; - } + const saml2::Issuer* getIssuer() const; /** * Gets the metadata for the role the issuer is operating in. * * @return metadata for the role the issuer is operating in */ - const saml2md::RoleDescriptor* getIssuerMetadata() const { - return m_issuerRole; - } + const saml2md::RoleDescriptor* getIssuerMetadata() const; /** * Returns the authentication status of the message as determined by the registered policies. * * @return true iff a SecurityPolicyRule has indicated the issuer/message has been authenticated */ - bool isAuthenticated() const { - return m_authenticated; - } + bool isAuthenticated() const; /** * Sets the message identifier as determined by the registered policies. * * @param id message identifier */ - void setMessageID(const XMLCh* id) { - xercesc::XMLString::release(&m_messageID); - m_messageID = xercesc::XMLString::replicate(id); - } + void setMessageID(const XMLCh* id); /** * Sets the message timestamp as determined by the registered policies. * * @param issueInstant message timestamp */ - void setIssueInstant(time_t issueInstant) { - m_issueInstant = issueInstant; - } + void setIssueInstant(time_t issueInstant); /** * Sets the issuer of the message as determined by the registered policies. @@ -327,16 +334,14 @@ namespace opensaml { * * @param auth indicates whether the issuer/message has been authenticated */ - void setAuthenticated(bool auth) { - m_authenticated = auth; - } + void setAuthenticated(bool auth); /** Allows override of rules for comparing saml2:Issuer information. */ class SAML_API IssuerMatchingPolicy { MAKE_NONCOPYABLE(IssuerMatchingPolicy); public: - IssuerMatchingPolicy() {} - virtual ~IssuerMatchingPolicy() {} + IssuerMatchingPolicy(); + virtual ~IssuerMatchingPolicy(); /** * Returns true iff the two operands "match". Applications can override this method to @@ -370,9 +375,7 @@ namespace opensaml { * * @return the effective IssuerMatchingPolicy */ - const IssuerMatchingPolicy& getIssuerMatchingPolicy() const { - return m_matchingPolicy ? *m_matchingPolicy : m_defaultMatching; - } + const IssuerMatchingPolicy& getIssuerMatchingPolicy() const; /** * Sets the IssuerMatchingPolicy in effect. Setting no policy will @@ -382,10 +385,7 @@ namespace opensaml { * * @param matchingPolicy the IssuerMatchingPolicy to use */ - void setIssuerMatchingPolicy(IssuerMatchingPolicy* matchingPolicy) { - delete m_matchingPolicy; - m_matchingPolicy = matchingPolicy; - } + void setIssuerMatchingPolicy(IssuerMatchingPolicy* matchingPolicy); protected: /** A shared matching object that just supports the default matching rules. */ @@ -396,7 +396,7 @@ namespace opensaml { private: // information extracted from message - XMLCh* m_messageID; + xmltooling::xstring m_messageID; time_t m_issueInstant; saml2::Issuer* m_issuer; const saml2md::RoleDescriptor* m_issuerRole; @@ -410,6 +410,11 @@ namespace opensaml { const xmltooling::TrustEngine* m_trust; bool m_validate; bool m_entityOnly; + + // contextual information + mutable time_t m_ts; + xmltooling::xstring m_correlationID; + std::vector m_audiences; }; };