saml2/metadata/ChainingMetadataProvider.h \
saml2/metadata/EndpointManager.h \
saml2/metadata/Metadata.h \
+ saml2/metadata/MetadataCredentialContext.h \
saml2/metadata/MetadataCredentialCriteria.h \
saml2/metadata/MetadataFilter.h \
saml2/metadata/MetadataProvider.h \
>\r
</File>\r
<File\r
+ RelativePath=".\saml2\metadata\MetadataCredentialContext.h"\r
+ >\r
+ </File>\r
+ <File\r
RelativePath=".\saml2\metadata\MetadataCredentialCriteria.h"\r
>\r
</File>\r
--- /dev/null
+/*
+ * Copyright 2001-2007 Internet2
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+/**
+ * @file saml/saml2/metadata/MetadataCredentialContext.h
+ *
+ * Metadata-based CredentialContext subclass.
+ */
+
+#ifndef __saml_metacredctx_h__
+#define __saml_metacredctx_h__
+
+#include <saml/saml2/metadata/Metadata.h>
+#include <xmltooling/security/KeyInfoCredentialContext.h>
+
+namespace opensaml {
+ namespace saml2md {
+
+ /**
+ * Metadata-based CredentialContext subclass.
+ */
+ class SAML_API MetadataCredentialContext : public xmltooling::KeyInfoCredentialContext
+ {
+ public:
+ /*
+ * Constructor.
+ *
+ * @param descriptor source of metadata-supplied credential
+ */
+ MetadataCredentialContext(const KeyDescriptor& descriptor)
+ : KeyInfoCredentialContext(descriptor.getKeyInfo()), m_descriptor(descriptor) {
+ }
+
+ virtual ~MetadataCredentialContext() {}
+
+ /**
+ * Return the KeyDescriptor associated with the credential.
+ *
+ * @return the associated KeyDescriptor
+ */
+ const KeyDescriptor& getKeyDescriptor() const {
+ return m_descriptor;
+ }
+
+ private:
+ const KeyDescriptor& m_descriptor;
+ };
+ };
+};
+
+#endif /* __saml_metacredctx_h__ */
* Metadata-based CredentialCriteria subclass.
*/
-#ifndef __saml_metacred_h__
-#define __saml_metacred_h__
+#ifndef __saml_metacrit_h__
+#define __saml_metacrit_h__
#include <saml/base.h>
#include <saml/saml2/metadata/Metadata.h>
};
};
-#endif /* __saml_metacred_h__ */
+#endif /* __saml_metacrit_h__ */
#include "binding/SAMLArtifact.h"
#include "saml2/metadata/Metadata.h"
#include "saml2/metadata/AbstractMetadataProvider.h"
+#include "saml2/metadata/MetadataCredentialContext.h"
#include "saml2/metadata/MetadataCredentialCriteria.h"
#include <xercesc/util/XMLUniDefs.hpp>
AbstractMetadataProvider::credmap_t::mapped_type& resolved = m_credentialMap[&role];
for (vector<KeyDescriptor*>::const_iterator k = keys.begin(); k!=keys.end(); ++k) {
if ((*k)->getKeyInfo()) {
- Credential* c = resolver->resolve((*k)->getKeyInfo());
+ auto_ptr<MetadataCredentialContext> mcc(new MetadataCredentialContext(*(*k)));
+ Credential* c = resolver->resolve(mcc.get());
+ mcc.release();
resolved.push_back(make_pair((*k)->getUse(), c));
}
}
return false;
else if (criteria->getUsage()==CredentialCriteria::ENCRYPTION_CREDENTIAL && XMLString::equals(cred.first,KeyDescriptor::KEYTYPE_SIGNING))
return false;
-
- const char* alg = criteria->getKeyAlgorithm();
- if (alg && *alg) {
- const char* alg2 = cred.second->getAlgorithm();
- if (alg2 && *alg2) {
- if (!XMLString::equals(alg,alg2))
- return false;
- }
- }
- if (criteria->getKeySize()>0 && cred.second->getKeySize()>0) {
- if (criteria->getKeySize() != cred.second->getKeySize())
- return false;
- }
-
- if (cred.second->getPublicKey()) {
- // See if we have to match a specific key.
- auto_ptr<Credential> critcred(
- XMLToolingConfig::getConfig().getKeyInfoResolver()->resolve(*criteria,Credential::RESOLVE_KEYS)
- );
- if (critcred.get())
- if (!critcred->isEqual(*(cred.second->getPublicKey())))
- return false;
- }
+ return cred.second->matches(*criteria);
}
return true;
}