2 * Copyright 2001-2006 Internet2
\r
4 * Licensed under the Apache License, Version 2.0 (the "License");
\r
5 * you may not use this file except in compliance with the License.
\r
6 * You may obtain a copy of the License at
\r
8 * http://www.apache.org/licenses/LICENSE-2.0
\r
10 * Unless required by applicable law or agreed to in writing, software
\r
11 * distributed under the License is distributed on an "AS IS" BASIS,
\r
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
\r
13 * See the License for the specific language governing permissions and
\r
14 * limitations under the License.
\r
18 * @file saml/binding/MessageEncoder.h
\r
20 * Interface to SAML protocol binding message encoders.
\r
23 #ifndef __saml_encoder_h__
\r
24 #define __saml_encoder_h__
\r
26 #include <saml/base.h>
\r
30 #include <xmltooling/XMLObject.h>
\r
31 #include <xmltooling/signature/CredentialResolver.h>
\r
32 #include <xmltooling/util/StorageService.h>
\r
34 namespace opensaml {
\r
36 class SAML_API SAMLArtifact;
\r
38 class SAML_API SAML2Artifact;
\r
42 * Interface to SAML protocol binding message encoders.
\r
44 class SAML_API MessageEncoder
\r
46 MAKE_NONCOPYABLE(MessageEncoder);
\r
48 virtual ~MessageEncoder() {}
\r
51 * Interface to caller-supplied artifact generation mechanism.
\r
53 * Generating an artifact for storage and retrieval requires knowledge of
\r
54 * the sender's SourceID (or sometimes SourceLocation), and the relying party's
\r
55 * preferred artifact type. This information can be supplied using whatever
\r
56 * configuration or defaults are appropriate for the SAML application.
\r
57 * An ArtifactMap implementation will invoke the supplied generator interface
\r
58 * when it requires an artifact be created.
\r
60 class SAML_API ArtifactGenerator {
\r
61 MAKE_NONCOPYABLE(ArtifactGenerator);
\r
63 ArtifactGenerator() {}
\r
65 virtual ~ArtifactGenerator() {}
\r
68 * Generate a SAML 1.x artifact suitable for consumption by the relying party.
\r
70 * @param relyingParty the party that will recieve the artifact
\r
71 * @return a SAML 1.x artifact with a random assertion handle
\r
73 virtual SAMLArtifact* generateSAML1Artifact(const char* relyingParty) const=0;
\r
76 * Generate a SAML 2.0 artifact suitable for consumption by the relying party.
\r
78 * @param relyingParty the party that will recieve the artifact
\r
79 * @return a SAML 2.0 artifact with a random message handle
\r
81 virtual saml2p::SAML2Artifact* generateSAML2Artifact(const char* relyingParty) const=0;
\r
85 * Provides an ArtifactGenerator implementation for the MessageEncoder to use.
\r
86 * The implementation's lifetime must be longer than the lifetime of this object.
\r
87 * This method must be externally synchronized.
\r
89 * @param artifactGenerator an ArtifactGenerator implementation to use
\r
91 void setArtifactGenerator(ArtifactGenerator* artifactGenerator) {
\r
92 m_artifactGenerator = artifactGenerator;
\r
96 * Encodes an XML object/message into a set of binding-specific data "fields".
\r
97 * The XML content cannot have a parent object, and any existing references to
\r
98 * the content will be invalidated if the encode method returns successfully.
\r
100 * If a CredentialResolver is supplied, the message is also signed in a
\r
101 * binding-specific manner. The CredentialResolver <strong>MUST</strong>
\r
102 * be locked by the caller.
\r
104 * <p>An embedded URLEncoder instance may be required by some bindings
\r
105 * in order to produce predictable signature input.
\r
107 * <p>Artifact-based bindings require an ArtifactGenerator be set to
\r
108 * produce an artifact suitable for the intended recipient.
\r
110 * <p>Note that the name/value pairs resulting from the encoding operation are
\r
111 * <strong>NOT</strong> URL-encoded or otherwise transformed. It is the caller's
\r
112 * responsibility to apply any necessary encoding when preparing the data for
\r
115 * @param outputFields name/value pairs containing the results of encoding the message
\r
116 * @param xmlObject XML object/message to encode
\r
117 * @param recipientID optional entityID of message recipient
\r
118 * @param relayState optional RelayState value to accompany message
\r
119 * @param credResolver optional CredentialResolver instance to supply signing material
\r
120 * @param sigAlgorithm optional signature algorithm identifier
\r
122 virtual void encode(
\r
123 std::map<std::string,std::string>& outputFields,
\r
124 xmltooling::XMLObject* xmlObject,
\r
125 const char* recipientID=NULL,
\r
126 const char* relayState=NULL,
\r
127 const xmlsignature::CredentialResolver* credResolver=NULL,
\r
128 const XMLCh* sigAlgorithm=NULL
\r
132 MessageEncoder() : m_artifactGenerator(NULL) {}
\r
135 * Helper function to build a new XML Signature with KeyInfo, based
\r
136 * on the supplied CredentialResolver.
\r
138 * @param credResolver CredentialResolver instance to supply signing material
\r
139 * @param sigAlgorithm optional signature algorithm identifier
\r
140 * @return a new Signature object
\r
142 xmlsignature::Signature* buildSignature(
\r
143 const xmlsignature::CredentialResolver* credResolver,
\r
144 const XMLCh* sigAlgorithm=NULL
\r
147 /** Pointer to an ArtifactGenerator implementation. */
\r
148 const ArtifactGenerator* m_artifactGenerator;
\r
152 * Registers MessageEncoder plugins into the runtime.
\r
154 void SAML_API registerMessageEncoders();
\r
156 /** MessageEncoder for SAML 1.x Browser/Artifact "binding" (really part of profile) */
\r
157 #define SAML1_ARTIFACT_ENCODER "urn:oasis:names:tc:SAML:1.0:profiles:artifact-01"
\r
159 /** MessageEncoder for SAML 1.x Browser/POST "binding" (really part of profile) */
\r
160 #define SAML1_POST_ENCODER "urn:oasis:names:tc:SAML:1.0:profiles:browser-post"
\r
162 /** MessageEncoder for SAML 2.0 HTTP-Artifact binding */
\r
163 #define SAML2_ARTIFACT_ENCODER "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact"
\r
165 /** MessageEncoder for SAML 2.0 HTTP-POST binding */
\r
166 #define SAML2_POST_ENCODER "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
\r
168 /** MessageEncoder for SAML 2.0 HTTP-Redirect binding */
\r
169 #define SAML2_REDIRECT_ENCODER "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect"
\r
172 #endif /* __saml_encoder_h__ */
\r