2 * Copyright 2001-2007 Internet2
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
8 * http://www.apache.org/licenses/LICENSE-2.0
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
18 * @file saml/binding/SecurityPolicy.h
20 * Overall policy used to verify the security of an incoming message.
23 #ifndef __saml_secpol_h__
24 #define __saml_secpol_h__
26 #include <saml/base.h>
30 #include <xmltooling/XMLObject.h>
31 #include <xmltooling/io/GenericRequest.h>
32 #include <xmltooling/security/TrustEngine.h>
34 #if defined (_MSC_VER)
35 #pragma warning( push )
36 #pragma warning( disable : 4250 4251 )
42 class SAML_API Issuer;
45 class SAML_API MetadataProvider;
46 class SAML_API RoleDescriptor;
49 class SAML_API SecurityPolicyRule;
52 * A policy used to verify the security of an incoming message.
54 * <p>Its security mechanisms may be used to examine the transport layer
55 * (e.g client certificates and HTTP basic auth passwords) or to check the
56 * payload of a request to ensure it meets certain criteria (e.g. valid
57 * digital signature, freshness, replay).
59 * <p>Policy objects can be reused, but are not thread-safe.
61 class SAML_API SecurityPolicy
63 MAKE_NONCOPYABLE(SecurityPolicy);
66 * Constructor for policy.
68 * @param metadataProvider locked MetadataProvider instance
69 * @param role identifies the role (generally IdP or SP) of the policy peer
70 * @param trustEngine TrustEngine to authenticate policy peer
71 * @param validate true iff XML parsing should be done with validation
74 const saml2md::MetadataProvider* metadataProvider=NULL,
75 const xmltooling::QName* role=NULL,
76 const xmltooling::TrustEngine* trustEngine=NULL,
78 ) : m_messageID(NULL), m_issueInstant(0), m_issuer(NULL), m_issuerRole(NULL), m_authenticated(false),
79 m_matchingPolicy(NULL), m_metadata(metadataProvider), m_role(NULL), m_trust(trustEngine), m_validate(validate) {
81 m_role = new xmltooling::QName(*role);
84 virtual ~SecurityPolicy();
87 * Returns the locked MetadataProvider supplied to the policy.
89 * @return the supplied MetadataProvider or NULL
91 const saml2md::MetadataProvider* getMetadataProvider() const {
96 * Returns the peer role element/type supplied to the policy.
98 * @return the peer role element/type, or an empty QName
100 const xmltooling::QName* getRole() const {
105 * Returns the TrustEngine supplied to the policy.
107 * @return the supplied TrustEngine or NULL
109 const xmltooling::TrustEngine* getTrustEngine() const {
114 * Returns XML message validation setting.
116 * @return validation flag
118 bool getValidating() const {
123 * Gets a mutable array of installed policy rules.
125 * <p>If adding rules, their lifetime must be at least as long as the policy object.
127 * @return mutable array of rules
129 std::vector<const SecurityPolicyRule*>& getRules() {
134 * Sets a locked MetadataProvider for the policy.
136 * @param metadata a locked MetadataProvider or NULL
138 void setMetadataProvider(const saml2md::MetadataProvider* metadata) {
139 m_metadata = metadata;
143 * Sets a peer role element/type for to the policy.
145 * @param role the peer role element/type or NULL
147 void setRole(const xmltooling::QName* role) {
149 m_role = role ? new xmltooling::QName(*role) : NULL;
153 * Sets a TrustEngine for the policy.
155 * @param trust a TrustEngine or NULL
157 void setTrustEngine(const xmltooling::TrustEngine* trust) {
162 * Controls schema validation of incoming XML messages.
163 * This is separate from other forms of programmatic validation of objects,
164 * but can detect a much wider range of syntax errors.
166 * @param validate validation setting
168 void setValidating(bool validate=true) {
169 m_validate = validate;
173 * Evaluates the policy against the given request and message,
174 * possibly populating message information in the policy object.
176 * @param message the incoming message
177 * @param request the protocol request
179 * @throws BindingException raised if the message/request is invalid according to the supplied rules
182 const xmltooling::XMLObject& message, const xmltooling::GenericRequest* request=NULL
186 * Resets the policy object and/or clears any per-message state.
188 * <p>Resets can be complete (the default) or merely clear the previous message ID and timestamp
189 * when evaluating multiple layers of a message.
191 * @param messageOnly true iff security and issuer state should be left in place
193 void reset(bool messageOnly=false);
196 * Returns the message identifier as determined by the registered policies.
198 * @return message identifier as determined by the registered policies
200 const XMLCh* getMessageID() const {
205 * Returns the message timestamp as determined by the registered policies.
207 * @return message timestamp as determined by the registered policies
209 time_t getIssueInstant() const {
210 return m_issueInstant;
214 * Gets the issuer of the message as determined by the registered policies.
216 * @return issuer of the message as determined by the registered policies
218 const saml2::Issuer* getIssuer() const {
223 * Gets the metadata for the role the issuer is operating in.
225 * @return metadata for the role the issuer is operating in
227 const saml2md::RoleDescriptor* getIssuerMetadata() const {
232 * Returns the authentication status of the message as determined by the registered policies.
234 * @return true iff a SecurityPolicyRule has indicated the issuer/message has been authenticated
236 bool isAuthenticated() const {
237 return m_authenticated;
241 * Sets the message identifier as determined by the registered policies.
243 * @param id message identifier
245 void setMessageID(const XMLCh* id) {
246 xercesc::XMLString::release(&m_messageID);
247 m_messageID = xercesc::XMLString::replicate(id);
251 * Sets the message timestamp as determined by the registered policies.
253 * @param issueInstant message timestamp
255 void setIssueInstant(time_t issueInstant) {
256 m_issueInstant = issueInstant;
260 * Sets the issuer of the message as determined by the registered policies.
262 * @param issuer issuer of the message
264 void setIssuer(const saml2::Issuer* issuer);
267 * Sets the issuer of the message as determined by the registered policies.
269 * @param issuer issuer of the message
271 void setIssuer(const XMLCh* issuer);
274 * Sets the metadata for the role the issuer is operating in.
276 * @param issuerRole metadata for the role the issuer is operating in
278 void setIssuerMetadata(const saml2md::RoleDescriptor* issuerRole);
281 * Sets the authentication status of the message as determined by the registered policies.
283 * @param auth indicates whether the issuer/message has been authenticated
285 void setAuthenticated(bool auth) {
286 m_authenticated = auth;
289 /** Allows override of rules for comparing saml2:Issuer information. */
290 class SAML_API IssuerMatchingPolicy {
291 MAKE_NONCOPYABLE(IssuerMatchingPolicy);
293 IssuerMatchingPolicy() {}
294 virtual ~IssuerMatchingPolicy() {}
297 * Returns true iff the two operands "match". Applications can override this method to
298 * support non-standard issuer matching for complex policies.
300 * <p>The default implementation does a basic comparison of the XML content, treating
301 * an unsupplied Format as an "entityID".
303 * @param issuer1 the first Issuer to match
304 * @param issuer2 the second Issuer to match
305 * @return true iff the operands match
307 virtual bool issuerMatches(const saml2::Issuer* issuer1, const saml2::Issuer* issuer2) const;
310 * Returns true iff the two operands "match". Applications can override this method to
311 * support non-standard issuer matching for complex policies.
313 * <p>The default implementation does a basic comparison of the XML content, treating
314 * an unsupplied Format as an "entityID".
316 * @param issuer1 the first Issuer to match
317 * @param issuer2 the second Issuer to match
318 * @return true iff the operands match
320 virtual bool issuerMatches(const saml2::Issuer* issuer1, const XMLCh* issuer2) const;
324 * Returns the IssuerMatchingPolicy in effect.
326 * @return the effective IssuerMatchingPolicy
328 const IssuerMatchingPolicy& getIssuerMatchingPolicy() const {
329 return m_matchingPolicy ? *m_matchingPolicy : m_defaultMatching;
333 * Sets the IssuerMatchingPolicy in effect. Setting no policy will
334 * cause the simple, default approach to be used.
336 * <p>The matching object will be freed by the SecurityPolicy.
338 * @param matchingPolicy the IssuerMatchingPolicy to use
340 void setIssuerMatchingPolicy(IssuerMatchingPolicy* matchingPolicy) {
341 delete m_matchingPolicy;
342 m_matchingPolicy = matchingPolicy;
346 /** A shared matching object that just supports the default matching rules. */
347 static IssuerMatchingPolicy m_defaultMatching;
350 // information extracted from message
352 time_t m_issueInstant;
353 saml2::Issuer* m_issuer;
354 const saml2md::RoleDescriptor* m_issuerRole;
355 bool m_authenticated;
357 // components governing policy rules
358 IssuerMatchingPolicy* m_matchingPolicy;
359 std::vector<const SecurityPolicyRule*> m_rules;
360 const saml2md::MetadataProvider* m_metadata;
361 xmltooling::QName* m_role;
362 const xmltooling::TrustEngine* m_trust;
368 #if defined (_MSC_VER)
369 #pragma warning( pop )
372 #endif /* __saml_secpol_h__ */