Merged issuer/protocol extraction back into rules.

[shibboleth/cpp-opensaml.git] / saml / binding / impl / SecurityPolicy.cpp

diff --git a/saml/binding/impl/SecurityPolicy.cpp b/saml/binding/impl/SecurityPolicy.cpp
index 0b30af3..b2157ce 100644 (file)
--- a/saml/binding/impl/SecurityPolicy.cpp
+++ b/saml/binding/impl/SecurityPolicy.cpp
@@ -23,7 +23,10 @@
 #include "internal.h"
 #include "exceptions.h"
 #include "binding/SecurityPolicy.h"
+#include "saml1/core/Assertions.h"
+#include "saml1/core/Protocols.h"
 #include "saml2/core/Assertions.h"
+#include "saml2/core/Protocols.h"
 
 using namespace opensaml::saml2md;
 using namespace opensaml::saml2;
@@ -32,19 +35,26 @@ using namespace xmltooling;
 using namespace std;
 
 namespace opensaml {
+    SAML_DLLLOCAL PluginManager<SecurityPolicyRule,const DOMElement*>::Factory ClientCertAuthRuleFactory;
     SAML_DLLLOCAL PluginManager<SecurityPolicyRule,const DOMElement*>::Factory MessageFlowRuleFactory;
-    SAML_DLLLOCAL PluginManager<SecurityPolicyRule,const DOMElement*>::Factory MessageSigningRuleFactory;
+    SAML_DLLLOCAL PluginManager<SecurityPolicyRule,const DOMElement*>::Factory SimpleSigningRuleFactory;
+    SAML_DLLLOCAL PluginManager<SecurityPolicyRule,const DOMElement*>::Factory XMLSigningRuleFactory;
 };
 
 void SAML_API opensaml::registerSecurityPolicyRules()
 {
     SAMLConfig& conf=SAMLConfig::getConfig();
+    conf.SecurityPolicyRuleManager.registerFactory(CLIENTCERTAUTH_POLICY_RULE, ClientCertAuthRuleFactory);
     conf.SecurityPolicyRuleManager.registerFactory(MESSAGEFLOW_POLICY_RULE, MessageFlowRuleFactory);
-    conf.SecurityPolicyRuleManager.registerFactory(MESSAGESIGNING_POLICY_RULE, MessageSigningRuleFactory);
+    conf.SecurityPolicyRuleManager.registerFactory(SIMPLESIGNING_POLICY_RULE, SimpleSigningRuleFactory);
+    conf.SecurityPolicyRuleManager.registerFactory(XMLSIGNING_POLICY_RULE, XMLSigningRuleFactory);
 }
 
+SecurityPolicy::IssuerMatchingPolicy SecurityPolicy::m_defaultMatching;
+
 SecurityPolicy::~SecurityPolicy()
 {
+    delete m_matchingPolicy;
     delete m_issuer;
 }
 
@@ -58,7 +68,7 @@ void SecurityPolicy::evaluate(const GenericRequest& request, const XMLObject& me
         // Make sure returned issuer doesn't conflict.
          
         if (ident.first) {
-            if (!issuerMatches(ident.first, m_issuer)) {
+            if (!getIssuerMatchingPolicy().issuerMatches(ident.first, m_issuer)) {
                 delete ident.first;
                 throw BindingException("Policy rules returned differing Issuers.");
             }
@@ -76,7 +86,7 @@ void SecurityPolicy::evaluate(const GenericRequest& request, const XMLObject& me
 
 void SecurityPolicy::setIssuer(saml2::Issuer* issuer)
 {
-    if (!issuerMatches(issuer, m_issuer)) {
+    if (!getIssuerMatchingPolicy().issuerMatches(issuer, m_issuer)) {
         delete issuer;
         throw BindingException("Externally provided Issuer conflicts with policy results.");
     }
@@ -85,14 +95,14 @@ void SecurityPolicy::setIssuer(saml2::Issuer* issuer)
     m_issuer=issuer;
 }
 
-void SecurityPolicy::setIssuerMetadata(const saml2md::RoleDescriptor* issuerRole)
+void SecurityPolicy::setIssuerMetadata(const RoleDescriptor* issuerRole)
 {
     if (issuerRole && m_issuerRole && issuerRole!=m_issuerRole)
         throw BindingException("Externally provided RoleDescriptor conflicts with policy results.");
     m_issuerRole=issuerRole;
 }
 
-bool SecurityPolicy::issuerMatches(const Issuer* issuer1, const Issuer* issuer2) const
+bool SecurityPolicy::IssuerMatchingPolicy::issuerMatches(const Issuer* issuer1, const Issuer* issuer2) const
 {
     // NULL matches anything for the purposes of this interface.
     if (!issuer1 || !issuer2)