namespace opensaml {\r
\r
/**\r
- * Singleton object that manages library startup/shutdown.configuration.\r
+ * SAML-specific signature profile context.\r
+ * This is not a synchronized implementation.\r
*/\r
class SAML_API SigningContext : public virtual xmlsignature::SigningContext\r
{\r
/**\r
* Constructor.\r
* \r
- * @param id identifier of object being signed\r
- * @param key signing key to use, will be freed by context\r
- * @param certs a certificate chain to embed, or NULL\r
+ * @param id identifier of object being signed\r
+ * @param credentials resolver to signing key/certs to use\r
+ * @param keyInfo a complete KeyInfo object to attach, will be freed by context\r
*/\r
- SigningContext(const XMLCh* id, XSECCryptoKey* key, const std::vector<XSECCryptoX509*>* certs=NULL)\r
- : m_id(id), m_key(key), m_certs(certs), m_keyInfo(NULL) {\r
- }\r
- \r
- /**\r
- * Constructor.\r
- * \r
- * @param id identifier of object being signed\r
- * @param key signing key to use, will be freed by context\r
- * @param keyInfo a complete KeyInfo object to attach, will be freed by context\r
- */\r
- SigningContext(const XMLCh* id, XSECCryptoKey* key, xmlsignature::KeyInfo* keyInfo)\r
- : m_id(id), m_key(key), m_certs(NULL), m_keyInfo(keyInfo) {\r
+ SigningContext(const XMLCh* id, xmltooling::CredentialResolver& creds, xmlsignature::KeyInfo* keyInfo=NULL)\r
+ : m_id(id), m_creds(creds), m_keyInfo(keyInfo) {\r
}\r
\r
virtual ~SigningContext() {\r
- delete m_key;\r
delete m_keyInfo;\r
}\r
\r
/**\r
- * Given a "blank" native signature, asks the context to define the\r
- * appropriate signature transforms, references, etc.\r
- * This method MAY attach ds:KeyInfo information, or a set of X.509\r
- * certificates can be returned from the SigningContext::getX509Certificates()\r
- * method instead.\r
+ * Given a "blank" native signature, creates signature content\r
+ * appropriate for the SAML assertion or message being signed.\r
* \r
* @param sig native signature interface\r
+ * @return indicator whether ds:KeyInfo was created by context \r
*/\r
- virtual void createSignature(DSIGSignature* sig) const;\r
- \r
+ virtual bool createSignature(DSIGSignature* sig);\r
+\r
/**\r
- * Gets a reference to a collection of certificates to append to\r
- * the ds:KeyInfo element in a ds:X509Data chain.\r
- * The certificate corresponding to the signing key SHOULD be\r
- * first, followed by any additional intermediates to append. \r
+ * Gets a reference to the credential resolver supplied during construction.\r
* \r
- * @return an immutable collection of certificates to embed\r
+ * @return the resolver\r
*/\r
- virtual const std::vector<XSECCryptoX509*>* getX509Certificates() const {\r
- return m_certs;\r
+ virtual xmltooling::CredentialResolver& getCredentialResolver() {\r
+ return m_creds;\r
}\r
-\r
+ \r
/**\r
* Gets a KeyInfo structure to embed.\r
* Ownership of the object MUST be transferred to the caller.\r
* \r
* @return pointer to a KeyInfo structure, will be freed by caller\r
*/\r
- virtual xmlsignature::KeyInfo* getKeyInfo() const {\r
+ virtual xmlsignature::KeyInfo* getKeyInfo() {\r
xmlsignature::KeyInfo* ret=m_keyInfo;\r
m_keyInfo=NULL;\r
return ret;\r
}\r
\r
- /**\r
- * Gets the signing key to use.\r
- * Must be compatible with the intended signature algorithm. Ownership of the key\r
- * MUST be transferred to the caller.\r
- * \r
- * @return pointer to a signing key, will be freed by caller\r
- */\r
- virtual XSECCryptoKey* getSigningKey() const {\r
- XSECCryptoKey* ret=m_key;\r
- m_key=NULL;\r
- return ret;\r
- }\r
- \r
void addInclusivePrefix(const char* prefix) {\r
m_prefixes.push_back(prefix);\r
}\r
/** Identifier of object to sign. */\r
const XMLCh* m_id;\r
\r
- /** Signing key. */\r
- mutable XSECCryptoKey* m_key;\r
- \r
- /** Optional pointer to certificate chain to embed. */\r
- const std::vector<XSECCryptoX509*>* m_certs;\r
+ /** Reference to credentials to sign with. */\r
+ xmltooling::CredentialResolver& m_creds;\r
\r
/** Optional pointer to KeyInfo to embed. */\r
mutable xmlsignature::KeyInfo* m_keyInfo;\r
namespace opensaml {\r
\r
/**\r
- * Singleton object that manages library startup/shutdown.configuration.\r
+ * SAML-specific signature profile verification.\r
*/\r
class SAML_API VerifyingContext : public virtual xmlsignature::VerifyingContext\r
{\r
virtual ~VerifyingContext() {}\r
\r
/**\r
- * Given a native signature, asks the context to verify the signature\r
- * in accordance with the relying party's requirements.\r
+ * Given a native signature, verifies that the signature content\r
+ * is appropriate for the SAML assertion/message being verified.\r
+ * Does <strong>NOT</strong> perform actual cryptographic evaluation\r
+ * of the signature in the absence of policy. Subclasses should\r
+ * override this method with their policies, call the base class\r
+ * and then evaluate further.\r
* \r
* @param sig native signature object\r
* \r
#include <xsec/enc/OpenSSL/OpenSSLCryptoKeyRSA.hpp>\r
#include <xmltooling/signature/Signature.h>\r
\r
-class TestContext : public VerifyingContext\r
+class TestContext : public virtual CredentialResolver, public SigningContext, public VerifyingContext\r
{\r
- SigningContext* m_signing;\r
vector<XSECCryptoX509*> m_certs;\r
+ OpenSSLCryptoKeyRSA* m_key;\r
public:\r
- TestContext(const XMLCh* uri) : VerifyingContext(uri), m_signing(NULL) {\r
- OpenSSLCryptoKeyRSA* key=NULL;\r
+ TestContext(const XMLCh* uri) : VerifyingContext(uri), SigningContext(uri,*this), m_key(NULL) {\r
string keypath=data_path + "key.pem";\r
BIO* in=BIO_new(BIO_s_file_internal());\r
if (in && BIO_read_filename(in,keypath.c_str())>0) {\r
EVP_PKEY* pkey=PEM_read_bio_PrivateKey(in, NULL, NULL, NULL);\r
if (pkey) {\r
- key=new OpenSSLCryptoKeyRSA(pkey);\r
+ m_key=new OpenSSLCryptoKeyRSA(pkey);\r
EVP_PKEY_free(pkey);\r
}\r
}\r
if (in) BIO_free(in);\r
- TS_ASSERT(key!=NULL);\r
+ TS_ASSERT(m_key!=NULL);\r
\r
string certpath=data_path + "cert.pem";\r
in=BIO_new(BIO_s_file_internal());\r
}\r
if (in) BIO_free(in);\r
TS_ASSERT(m_certs.size()>0);\r
- m_signing=new SigningContext(uri, key, &m_certs);\r
}\r
\r
virtual ~TestContext() {\r
- delete m_signing;\r
+ delete m_key;\r
for_each(m_certs.begin(),m_certs.end(),xmltooling::cleanup<XSECCryptoX509>());\r
}\r
\r
- SigningContext* getSigningContext() { return m_signing; }\r
- \r
void verifySignature(DSIGSignature* sig) const {\r
VerifyingContext::verifySignature(sig);\r
sig->setSigningKey(NULL);\r
sig->setKeyInfoResolver(&resolver);\r
sig->verify();\r
}\r
+\r
+ xmlsignature::KeyInfo* getKeyInfo() { return NULL; }\r
+ const char* getId() const { return "test"; }\r
+ const vector<XSECCryptoX509*>* getX509Certificates() { return &m_certs; }\r
+ XSECCryptoKey* getPublicKey() { return m_key; }\r
+ XSECCryptoKey* getPrivateKey() { return m_key; }\r
+ Lockable& lock() { return *this; }\r
+ void unlock() {}\r
};\r
\r
class SAML1AssertionTest : public CxxTest::TestSuite, public SAMLObjectBaseTestCase {\r
\r
// Signing context for the assertion.\r
TestContext tc(id.get());\r
- MarshallingContext mctx(sig,tc.getSigningContext());\r
+ MarshallingContext mctx(sig,&tc);\r
DOMElement* rootElement = assertion->marshall((DOMDocument*)NULL,&mctx);\r
\r
string buf;\r