ReplayCache, some decoder work, and merged schema validators into one suite.

[shibboleth/cpp-opensaml.git] / saml / binding / MessageEncoder.h

/*\r
 *  Copyright 2001-2006 Internet2\r
 * \r
 * Licensed under the Apache License, Version 2.0 (the "License");\r
 * you may not use this file except in compliance with the License.\r
 * You may obtain a copy of the License at\r
 *\r
 *     http://www.apache.org/licenses/LICENSE-2.0\r
 *\r
 * Unless required by applicable law or agreed to in writing, software\r
 * distributed under the License is distributed on an "AS IS" BASIS,\r
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
 * See the License for the specific language governing permissions and\r
 * limitations under the License.\r
 */\r
\r
/**\r
 * @file saml/binding/MessageEncoder.h\r
 * \r
 * Interface to SAML protocol binding message encoders. \r
 */\r
\r
#ifndef __saml_encoder_h__\r
#define __saml_encoder_h__\r
\r
#include <saml/base.h>\r
\r
#include <map>\r
#include <string>\r
#include <xmltooling/XMLObject.h>\r
#include <xmltooling/signature/CredentialResolver.h>\r
\r
namespace opensaml {\r
\r
    class SAML_API SAMLArtifact;\r
    namespace saml2p {\r
        class SAML_API SAML2Artifact;\r
    };\r
\r
    /**\r
     * Interface to SAML protocol binding message encoders.\r
     */\r
    class SAML_API MessageEncoder\r
    {\r
        MAKE_NONCOPYABLE(MessageEncoder);\r
    public:\r
        virtual ~MessageEncoder() {}\r
\r
        /**\r
         * Interface to caller-supplied artifact generation mechanism.\r
         * \r
         * Generating an artifact for storage and retrieval requires knowledge of\r
         * the sender's SourceID (or sometimes SourceLocation), and the relying party's\r
         * preferred artifact type. This information can be supplied using whatever\r
         * configuration or defaults are appropriate for the SAML application.\r
         * A MessageEncoder implementation will invoke the supplied generator interface\r
         * when it requires an artifact be created.\r
         */\r
        class SAML_API ArtifactGenerator {\r
            MAKE_NONCOPYABLE(ArtifactGenerator);\r
        protected:\r
            ArtifactGenerator() {}\r
        public:\r
            virtual ~ArtifactGenerator() {}\r
            \r
            /**\r
             * Generate a SAML 1.x artifact suitable for consumption by the relying party.\r
             * \r
             * @param relyingParty  the party that will recieve the artifact\r
             * @return a SAML 1.x artifact with a random assertion handle\r
             */\r
            virtual SAMLArtifact* generateSAML1Artifact(const char* relyingParty) const=0;\r
\r
            /**\r
             * Generate a SAML 2.0 artifact suitable for consumption by the relying party.\r
             * \r
             * @param relyingParty  the party that will recieve the artifact\r
             * @return a SAML 2.0 artifact with a random message handle\r
             */\r
            virtual saml2p::SAML2Artifact* generateSAML2Artifact(const char* relyingParty) const=0;\r
        };\r
\r
        /**\r
         * Provides an ArtifactGenerator implementation for the MessageEncoder to use.\r
         * The implementation's lifetime must be longer than the lifetime of this object. \r
         * This method must be externally synchronized. \r
         * \r
         * @param artifactGenerator   an ArtifactGenerator implementation to use\r
         */\r
        void setArtifactGenerator(ArtifactGenerator* artifactGenerator) {\r
            m_artifactGenerator = artifactGenerator;\r
        }\r
        \r
        /**\r
         * Encodes an XML object/message into a set of binding-specific data "fields".\r
         * The XML content cannot have a parent object, and any existing references to\r
         * the content will be invalidated if the encode method returns successfully.\r
         * \r
         * If a CredentialResolver is supplied, the message is also signed in a\r
         * binding-specific manner. The CredentialResolver <strong>MUST</strong>\r
         * be locked by the caller. \r
         * \r
         * <p>An embedded URLEncoder instance may be required by some bindings\r
         * in order to produce predictable signature input.\r
         * \r
         * <p>Artifact-based bindings require an ArtifactGenerator be set to\r
         * produce an artifact suitable for the intended recipient.\r
         * \r
         * <p>Note that the name/value pairs resulting from the encoding operation are\r
         * <strong>NOT</strong> URL-encoded or otherwise transformed. It is the caller's\r
         * responsibility to apply any necessary encoding when preparing the data for\r
         * transport.\r
         * \r
         * @param outputFields      name/value pairs containing the results of encoding the message\r
         * @param xmlObject         XML object/message to encode\r
         * @param recipientID       optional entityID of message recipient\r
         * @param relayState        optional RelayState value to accompany message\r
         * @param credResolver      optional CredentialResolver instance to supply signing material\r
         * @param sigAlgorithm      optional signature algorithm identifier\r
         */\r
        virtual void encode(\r
            std::map<std::string,std::string>& outputFields,\r
            xmltooling::XMLObject* xmlObject,\r
            const char* recipientID=NULL,\r
            const char* relayState=NULL,\r
            const xmlsignature::CredentialResolver* credResolver=NULL,\r
            const XMLCh* sigAlgorithm=NULL\r
            ) const=0;\r
\r
    protected:\r
        MessageEncoder() : m_artifactGenerator(NULL) {}\r
        \r
        /**\r
         * Helper function to build a new XML Signature with KeyInfo, based\r
         * on the supplied CredentialResolver.\r
         * \r
         * @param credResolver      CredentialResolver instance to supply signing material\r
         * @param sigAlgorithm      optional signature algorithm identifier\r
         * @return  a new Signature object\r
         */\r
        xmlsignature::Signature* buildSignature(\r
            const xmlsignature::CredentialResolver* credResolver,\r
            const XMLCh* sigAlgorithm=NULL\r
            ) const;\r
        \r
        /** Pointer to an ArtifactGenerator implementation. */\r
        const ArtifactGenerator* m_artifactGenerator;\r
    };\r
\r
    /**\r
     * Registers MessageEncoder plugins into the runtime.\r
     */\r
    void SAML_API registerMessageEncoders();\r
\r
    /** MessageEncoder for SAML 1.x Browser/Artifact "binding" (really part of profile) */\r
    #define SAML1_ARTIFACT_ENCODER  "urn:oasis:names:tc:SAML:1.0:profiles:artifact-01"\r
\r
    /** MessageEncoder for SAML 1.x Browser/POST "binding" (really part of profile) */\r
    #define SAML1_POST_ENCODER  "urn:oasis:names:tc:SAML:1.0:profiles:browser-post"\r
    \r
    /** MessageEncoder for SAML 2.0 HTTP-Artifact binding */\r
    #define SAML2_ARTIFACT_ENCODER "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact"\r
\r
    /** MessageEncoder for SAML 2.0 HTTP-POST binding */\r
    #define SAML2_POST_ENCODER "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"\r
\r
    /** MessageEncoder for SAML 2.0 HTTP-Redirect binding */\r
    #define SAML2_REDIRECT_ENCODER "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect"\r
};\r
\r
#endif /* __saml_encoder_h__ */\r