2 * Copyright 2001-2009 Internet2
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
8 * http://www.apache.org/licenses/LICENSE-2.0
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
18 * @file saml/binding/SecurityPolicy.h
20 * Overall policy used to verify the security of an incoming message.
23 #ifndef __saml_secpol_h__
24 #define __saml_secpol_h__
26 #include <saml/saml2/metadata/MetadataProvider.h>
31 #if defined (_MSC_VER)
32 #pragma warning( push )
33 #pragma warning( disable : 4250 4251 )
36 namespace xmltooling {
37 class XMLTOOL_API GenericRequest;
38 class XMLTOOL_API TrustEngine;
44 class SAML_API Issuer;
47 class SAML_API SecurityPolicyRule;
50 * A policy used to verify the security of an incoming message.
52 * <p>Its security mechanisms may be used to examine the transport layer
53 * (e.g client certificates and HTTP basic auth passwords) or to check the
54 * payload of a request to ensure it meets certain criteria (e.g. valid
55 * digital signature, freshness, replay).
57 * <p>Policy objects can be reused, but are not thread-safe.
59 class SAML_API SecurityPolicy
61 MAKE_NONCOPYABLE(SecurityPolicy);
64 * Constructor for policy.
66 * @param metadataProvider locked MetadataProvider instance
67 * @param role identifies the role (generally IdP or SP) of the policy peer
68 * @param trustEngine TrustEngine to authenticate policy peer
69 * @param validate true iff XML parsing should be done with validation
72 const saml2md::MetadataProvider* metadataProvider=NULL,
73 const xmltooling::QName* role=NULL,
74 const xmltooling::TrustEngine* trustEngine=NULL,
78 virtual ~SecurityPolicy();
81 * Returns the locked MetadataProvider supplied to the policy.
83 * @return the supplied MetadataProvider or NULL
85 const saml2md::MetadataProvider* getMetadataProvider() const {
90 * Returns a reference to a MetadataProvider::Criteria instance suitable for use with the
91 * installed MetadataProvider.
93 * <p>The object will be cleared/reset when returned, so do not mutate it and then
94 * call the method again before using it.
96 * @return reference to a MetadataProvider::Criteria instance
98 virtual saml2md::MetadataProvider::Criteria& getMetadataProviderCriteria() const;
101 * Returns the peer role element/type supplied to the policy.
103 * @return the peer role element/type, or an empty QName
105 const xmltooling::QName* getRole() const {
110 * Returns the TrustEngine supplied to the policy.
112 * @return the supplied TrustEngine or NULL
114 const xmltooling::TrustEngine* getTrustEngine() const {
119 * Returns XML message validation setting.
121 * @return validation flag
123 bool getValidating() const {
128 * Returns flag controlling non-entity issuer support.
130 * @return flag controlling non-entity issuer support
132 bool requireEntityIssuer() const {
137 * Returns the SAML audiences that represent the receiving peer.
139 * @return audience values of the peer processing the message
141 const std::vector<xmltooling::xstring>& getAudiences() const {
146 * Returns the SAML audiences that represent the receiving peer.
148 * @return audience values of the peer processing the message
150 std::vector<xmltooling::xstring>& getAudiences() {
155 * Gets the effective time of message processing.
157 * @return the time at which the message is being processed
159 time_t getTime() const {
161 return m_ts = time(NULL);
166 * Returns the message identifier to which the message being evaluated
169 * @return correlated message identifier
171 const XMLCh* getCorrelationID() const {
172 return m_correlationID.c_str();
176 * Gets a mutable array of installed policy rules.
178 * <p>If adding rules, their lifetime must be at least as long as the policy object.
180 * @return mutable array of rules
182 std::vector<const SecurityPolicyRule*>& getRules() {
187 * Sets a locked MetadataProvider for the policy.
189 * @param metadata a locked MetadataProvider or NULL
191 void setMetadataProvider(const saml2md::MetadataProvider* metadata) {
192 m_metadata = metadata;
196 * Sets a MetadataProvider::Criteria instance suitable for use with the
197 * installed MetadataProvider.
199 * <p>The policy will take ownership of the criteria object when this
202 * @param criteria a MetadataProvider::Criteria instance, or NULL
204 void setMetadataProviderCriteria(saml2md::MetadataProvider::Criteria* criteria);
207 * Sets a peer role element/type for to the policy.
209 * @param role the peer role element/type or NULL
211 void setRole(const xmltooling::QName* role) {
213 m_role = role ? new xmltooling::QName(*role) : NULL;
217 * Sets a TrustEngine for the policy.
219 * @param trust a TrustEngine or NULL
221 void setTrustEngine(const xmltooling::TrustEngine* trust) {
226 * Controls schema validation of incoming XML messages.
227 * This is separate from other forms of programmatic validation of objects,
228 * but can detect a much wider range of syntax errors.
230 * @param validate validation setting
232 void setValidating(bool validate=true) {
233 m_validate = validate;
237 * Sets flag controlling non-entity issuer support.
239 * @param entityOnly require that Issuer be in entity format
241 void requireEntityIssuer(bool entityOnly=true) {
242 m_entityOnly = entityOnly;
246 * Sets effective time of message processing.
248 * <p>Assumed to be the time of policy instantiation, can be adjusted to pre- or post-date
249 * message processing.
251 * @param ts the time at which the message is being processed
253 void setTime(time_t ts) {
258 * Sets the message identifier to which the message being evaluated
261 * @param correlationID correlated message identifier
263 void setCorrelationID(const XMLCh* correlationID) {
264 m_correlationID.erase();
266 m_correlationID = correlationID;
270 * Evaluates the policy against the given request and message,
271 * possibly populating message information in the policy object.
273 * @param message the incoming message
274 * @param request the protocol request
276 * @throws BindingException raised if the message/request is invalid according to the supplied rules
278 void evaluate(const xmltooling::XMLObject& message, const xmltooling::GenericRequest* request=NULL);
281 * Resets the policy object and/or clears any per-message state.
283 * <p>Resets can be complete (the default) or merely clear the previous message ID and timestamp
284 * when evaluating multiple layers of a message.
286 * @param messageOnly true iff security and issuer state should be left in place
288 virtual void reset(bool messageOnly=false);
291 * Resets the policy object and/or clears any per-message state for only this specific class.
293 * <p>Resets can be complete (the default) or merely clear the previous message ID and timestamp
294 * when evaluating multiple layers of a message.
296 * @param messageOnly true iff security and issuer state should be left in place
298 void _reset(bool messageOnly=false);
301 * Returns the message identifier as determined by the registered policies.
303 * @return message identifier as determined by the registered policies
305 const XMLCh* getMessageID() const {
306 return m_messageID.c_str();
310 * Returns the message timestamp as determined by the registered policies.
312 * @return message timestamp as determined by the registered policies
314 time_t getIssueInstant() const {
315 return m_issueInstant;
319 * Gets the issuer of the message as determined by the registered policies.
321 * @return issuer of the message as determined by the registered policies
323 const saml2::Issuer* getIssuer() const {
328 * Gets the metadata for the role the issuer is operating in.
330 * @return metadata for the role the issuer is operating in
332 const saml2md::RoleDescriptor* getIssuerMetadata() const {
337 * Returns the authentication status of the message as determined by the registered policies.
339 * @return true iff a SecurityPolicyRule has indicated the issuer/message has been authenticated
341 bool isAuthenticated() const {
342 return m_authenticated;
346 * Sets the message identifier as determined by the registered policies.
348 * @param id message identifier
350 void setMessageID(const XMLCh* id) {
357 * Sets the message timestamp as determined by the registered policies.
359 * @param issueInstant message timestamp
361 void setIssueInstant(time_t issueInstant) {
362 m_issueInstant = issueInstant;
366 * Sets the issuer of the message as determined by the registered policies.
368 * @param issuer issuer of the message
370 void setIssuer(const saml2::Issuer* issuer);
373 * Sets the issuer of the message as determined by the registered policies.
375 * @param issuer issuer of the message
377 void setIssuer(const XMLCh* issuer);
380 * Sets the metadata for the role the issuer is operating in.
382 * @param issuerRole metadata for the role the issuer is operating in
384 void setIssuerMetadata(const saml2md::RoleDescriptor* issuerRole);
387 * Sets the authentication status of the message as determined by the registered policies.
389 * @param auth indicates whether the issuer/message has been authenticated
391 void setAuthenticated(bool auth) {
392 m_authenticated = auth;
395 /** Allows override of rules for comparing saml2:Issuer information. */
396 class SAML_API IssuerMatchingPolicy {
397 MAKE_NONCOPYABLE(IssuerMatchingPolicy);
399 IssuerMatchingPolicy() {}
400 virtual ~IssuerMatchingPolicy() {}
403 * Returns true iff the two operands "match". Applications can override this method to
404 * support non-standard issuer matching for complex policies.
406 * <p>The default implementation does a basic comparison of the XML content, treating
407 * an unsupplied Format as an "entityID".
409 * @param issuer1 the first Issuer to match
410 * @param issuer2 the second Issuer to match
411 * @return true iff the operands match
413 virtual bool issuerMatches(const saml2::Issuer* issuer1, const saml2::Issuer* issuer2) const;
416 * Returns true iff the two operands "match". Applications can override this method to
417 * support non-standard issuer matching for complex policies.
419 * <p>The default implementation does a basic comparison of the XML content, treating
420 * an unsupplied Format as an "entityID".
422 * @param issuer1 the first Issuer to match
423 * @param issuer2 the second Issuer to match
424 * @return true iff the operands match
426 virtual bool issuerMatches(const saml2::Issuer* issuer1, const XMLCh* issuer2) const;
430 * Returns the IssuerMatchingPolicy in effect.
432 * @return the effective IssuerMatchingPolicy
434 const IssuerMatchingPolicy& getIssuerMatchingPolicy() const {
435 return m_matchingPolicy ? *m_matchingPolicy : m_defaultMatching;
439 * Sets the IssuerMatchingPolicy in effect. Setting no policy will
440 * cause the simple, default approach to be used.
442 * <p>The matching object will be freed by the SecurityPolicy.
444 * @param matchingPolicy the IssuerMatchingPolicy to use
446 void setIssuerMatchingPolicy(IssuerMatchingPolicy* matchingPolicy) {
447 delete m_matchingPolicy;
448 m_matchingPolicy = matchingPolicy;
452 /** A shared matching object that just supports the default matching rules. */
453 static IssuerMatchingPolicy m_defaultMatching;
455 /** Manufactured MetadataProvider::Criteria instance. */
456 mutable saml2md::MetadataProvider::Criteria* m_metadataCriteria;
459 // information extracted from message
460 xmltooling::xstring m_messageID;
461 time_t m_issueInstant;
462 saml2::Issuer* m_issuer;
463 const saml2md::RoleDescriptor* m_issuerRole;
464 bool m_authenticated;
466 // components governing policy rules
467 IssuerMatchingPolicy* m_matchingPolicy;
468 std::vector<const SecurityPolicyRule*> m_rules;
469 const saml2md::MetadataProvider* m_metadata;
470 xmltooling::QName* m_role;
471 const xmltooling::TrustEngine* m_trust;
475 // contextual information
477 xmltooling::xstring m_correlationID;
478 std::vector<xmltooling::xstring> m_audiences;
483 #if defined (_MSC_VER)
484 #pragma warning( pop )
487 #endif /* __saml_secpol_h__ */