projects
/
shibboleth
/
cpp-opensaml.git
/ commitdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
| commitdiff |
tree
raw
|
patch
|
inline
| side by side (parent:
c3cd4ec
)
Expose audience collection on security policy.
author
Scott Cantor
<cantor.2@osu.edu>
Fri, 20 Feb 2009 21:19:41 +0000
(21:19 +0000)
committer
Scott Cantor
<cantor.2@osu.edu>
Fri, 20 Feb 2009 21:19:41 +0000
(21:19 +0000)
.cproject
patch
|
blob
|
history
saml/binding/SecurityPolicy.h
patch
|
blob
|
history
saml/binding/impl/SecurityPolicy.cpp
patch
|
blob
|
history
saml/profile/impl/AudienceRestrictionRule.cpp
patch
|
blob
|
history
samltest/saml1/profile/SAML1PolicyTest.h
patch
|
blob
|
history
samltest/saml2/profile/SAML2PolicyTest.h
patch
|
blob
|
history
diff --git
a/.cproject
b/.cproject
index
4bb7304
..
b224a74
100644
(file)
--- a/
.cproject
+++ b/
.cproject
@@
-79,9
+79,11
@@
<pathentry kind="out" path="saml/Debug"/>
\r
<pathentry kind="out" path="samltest/Debug"/>
\r
<pathentry kind="con" path="org.eclipse.cdt.make.core.DISCOVERED_SCANNER_INFO"/>
\r
<pathentry kind="out" path="saml/Debug"/>
\r
<pathentry kind="out" path="samltest/Debug"/>
\r
<pathentry kind="con" path="org.eclipse.cdt.make.core.DISCOVERED_SCANNER_INFO"/>
\r
-<pathentry excluding="util/|saml1/|signature/|saml2/|encryption/|security/|security/impl/|saml1/binding/|saml1/binding/impl/|saml2/binding/|saml2/binding/impl/|binding/|binding/impl/|zlib/|saml1/profile/|saml1/profile/impl/|saml2/profile/|saml2/profile/impl/|profile/impl/" kind="src" path="saml"/>
\r
+<pathentry excluding="util/|saml1/|signature/|saml2/|encryption/|security/|security/impl/|saml1/binding/|saml1/binding/impl/|saml2/binding/|saml2/binding/impl/|binding/|binding/impl/|zlib/|saml1/profile/|saml1/profile/impl/|saml2/profile/|saml2/profile/impl/|profile
|profile
/impl/" kind="src" path="saml"/>
\r
<pathentry excluding="impl/" kind="src" path="saml/binding"/>
\r
<pathentry kind="src" path="saml/binding/impl"/>
\r
<pathentry excluding="impl/" kind="src" path="saml/binding"/>
\r
<pathentry kind="src" path="saml/binding/impl"/>
\r
+<pathentry excluding="impl/" kind="src" path="saml/profile"/>
\r
+<pathentry kind="src" path="saml/profile/impl"/>
\r
<pathentry excluding="impl/" kind="src" path="saml/saml1/core"/>
\r
<pathentry kind="src" path="saml/saml1/core/impl"/>
\r
<pathentry excluding="impl/" kind="src" path="saml/saml1/binding"/>
\r
<pathentry excluding="impl/" kind="src" path="saml/saml1/core"/>
\r
<pathentry kind="src" path="saml/saml1/core/impl"/>
\r
<pathentry excluding="impl/" kind="src" path="saml/saml1/binding"/>
\r
@@
-101,16
+103,15
@@
<pathentry excluding="saml1/core/impl/|signature/|saml2/core/impl/|saml2/metadata/|security/|saml1/binding/|saml2/binding/|encryption/|saml2/profile/|saml1/profile/" kind="src" path="samltest"/>
\r
<pathentry kind="src" path="samltest/saml1/binding"/>
\r
<pathentry kind="src" path="samltest/saml1/core/impl"/>
\r
<pathentry excluding="saml1/core/impl/|signature/|saml2/core/impl/|saml2/metadata/|security/|saml1/binding/|saml2/binding/|encryption/|saml2/profile/|saml1/profile/" kind="src" path="samltest"/>
\r
<pathentry kind="src" path="samltest/saml1/binding"/>
\r
<pathentry kind="src" path="samltest/saml1/core/impl"/>
\r
+<pathentry kind="src" path="samltest/saml1/profile"/>
\r
<pathentry kind="src" path="samltest/saml2/binding"/>
\r
<pathentry kind="src" path="samltest/saml2/core/impl"/>
\r
<pathentry kind="src" path="samltest/saml2/metadata"/>
\r
<pathentry kind="src" path="samltest/saml2/binding"/>
\r
<pathentry kind="src" path="samltest/saml2/core/impl"/>
\r
<pathentry kind="src" path="samltest/saml2/metadata"/>
\r
+<pathentry kind="src" path="samltest/saml2/profile"/>
\r
<pathentry kind="src" path="samltest/security"/>
\r
<pathentry kind="src" path="samltest/signature"/>
\r
<pathentry kind="src" path="samltest/encryption"/>
\r
<pathentry kind="src" path="samlsign"/>
\r
<pathentry kind="src" path="samltest/security"/>
\r
<pathentry kind="src" path="samltest/signature"/>
\r
<pathentry kind="src" path="samltest/encryption"/>
\r
<pathentry kind="src" path="samlsign"/>
\r
-<pathentry kind="src" path="samltest/saml2/profile"/>
\r
-<pathentry kind="src" path="saml/profile/impl"/>
\r
-<pathentry kind="src" path="samltest/saml1/profile"/>
\r
</storageModule>
\r
</cconfiguration>
\r
</storageModule>
\r
</storageModule>
\r
</cconfiguration>
\r
</storageModule>
\r
diff --git
a/saml/binding/SecurityPolicy.h
b/saml/binding/SecurityPolicy.h
index
b655d01
..
2dd16c2
100644
(file)
--- a/
saml/binding/SecurityPolicy.h
+++ b/
saml/binding/SecurityPolicy.h
@@
-131,12
+131,21
@@
namespace opensaml {
}
/**
}
/**
- * Returns the
entityID of the receiving entity
.
+ * Returns the
SAML audiences that represent the receiving peer
.
*
*
- * @return
entityID
of the peer processing the message
+ * @return
audience values
of the peer processing the message
*/
*/
- const XMLCh* getRecipient() {
- return m_recipient;
+ const std::vector<const XMLCh*>& getAudiences() const {
+ return m_audiences;
+ }
+
+ /**
+ * Returns the SAML audiences that represent the receiving peer.
+ *
+ * @return audience values of the peer processing the message
+ */
+ std::vector<const XMLCh*>& getAudiences() {
+ return m_audiences;
}
/**
}
/**
@@
-144,7
+153,7
@@
namespace opensaml {
*
* @return the time at which the message is being processed
*/
*
* @return the time at which the message is being processed
*/
- time_t getTime() {
+ time_t getTime()
const
{
if (m_ts == 0)
return m_ts = time(NULL);
return m_ts;
if (m_ts == 0)
return m_ts = time(NULL);
return m_ts;
@@
-221,15
+230,6
@@
namespace opensaml {
}
/**
}
/**
- * Sets entityID of receiving entity.
- *
- * @param recipient the entityID of the peer processing the message
- */
- void setRecipient(const XMLCh* recipient) {
- m_recipient = recipient;
- }
-
- /**
* Sets effective time of message processing.
*
* <p>Assumed to be the time of policy instantiation, can be adjusted to pre- or post-date
* Sets effective time of message processing.
*
* <p>Assumed to be the time of policy instantiation, can be adjusted to pre- or post-date
@@
-449,8
+449,8
@@
namespace opensaml {
bool m_entityOnly;
// contextual information
bool m_entityOnly;
// contextual information
-
const XMLCh* m_recipient
;
-
time_t m_t
s;
+
mutable time_t m_ts
;
+
std::vector<const XMLCh*> m_audience
s;
};
};
};
};
diff --git
a/saml/binding/impl/SecurityPolicy.cpp
b/saml/binding/impl/SecurityPolicy.cpp
index
d78e1df
..
bae5447
100644
(file)
--- a/
saml/binding/impl/SecurityPolicy.cpp
+++ b/
saml/binding/impl/SecurityPolicy.cpp
@@
-74,7
+74,6
@@
SecurityPolicy::SecurityPolicy(
m_trust(trustEngine),
m_validate(validate),
m_entityOnly(true),
m_trust(trustEngine),
m_validate(validate),
m_entityOnly(true),
- m_recipient(NULL),
m_ts(0)
{
if (role)
m_ts(0)
{
if (role)
diff --git
a/saml/profile/impl/AudienceRestrictionRule.cpp
b/saml/profile/impl/AudienceRestrictionRule.cpp
index
e4b03e4
..
b579931
100644
(file)
--- a/
saml/profile/impl/AudienceRestrictionRule.cpp
+++ b/
saml/profile/impl/AudienceRestrictionRule.cpp
@@
-72,8
+72,9
@@
bool AudienceRestrictionRule::evaluate(const XMLObject& message, const GenericRe
if (ac2) {
const vector<saml2::Audience*>& auds2 = ac2->getAudiences();
for (vector<saml2::Audience*>::const_iterator a1 = auds2.begin(); a1!=auds2.end(); ++a1) {
if (ac2) {
const vector<saml2::Audience*>& auds2 = ac2->getAudiences();
for (vector<saml2::Audience*>::const_iterator a1 = auds2.begin(); a1!=auds2.end(); ++a1) {
- if (XMLString::equals(policy.getRecipient(), (*a1)->getAudienceURI())) {
- return true;
+ for (vector<const XMLCh*>::const_iterator a2 = policy.getAudiences().begin(); a2!=policy.getAudiences().end(); ++a2) {
+ if (XMLString::equals((*a1)->getAudienceURI(), *a2))
+ return true;
}
for (vector<const XMLCh*>::const_iterator a2 = m_audiences.begin(); a2!=m_audiences.end(); ++a2) {
if (XMLString::equals((*a1)->getAudienceURI(), *a2))
}
for (vector<const XMLCh*>::const_iterator a2 = m_audiences.begin(); a2!=m_audiences.end(); ++a2) {
if (XMLString::equals((*a1)->getAudienceURI(), *a2))
@@
-93,8
+94,9
@@
bool AudienceRestrictionRule::evaluate(const XMLObject& message, const GenericRe
if (ac1) {
const vector<saml1::Audience*>& auds1 = ac1->getAudiences();
for (vector<saml1::Audience*>::const_iterator a1 = auds1.begin(); a1!=auds1.end(); ++a1) {
if (ac1) {
const vector<saml1::Audience*>& auds1 = ac1->getAudiences();
for (vector<saml1::Audience*>::const_iterator a1 = auds1.begin(); a1!=auds1.end(); ++a1) {
- if (XMLString::equals(policy.getRecipient(), (*a1)->getAudienceURI())) {
- return true;
+ for (vector<const XMLCh*>::const_iterator a2 = policy.getAudiences().begin(); a2!=policy.getAudiences().end(); ++a2) {
+ if (XMLString::equals((*a1)->getAudienceURI(), *a2))
+ return true;
}
for (vector<const XMLCh*>::const_iterator a2 = m_audiences.begin(); a2!=m_audiences.end(); ++a2) {
if (XMLString::equals((*a1)->getAudienceURI(), *a2))
}
for (vector<const XMLCh*>::const_iterator a2 = m_audiences.begin(); a2!=m_audiences.end(); ++a2) {
if (XMLString::equals((*a1)->getAudienceURI(), *a2))
diff --git
a/samltest/saml1/profile/SAML1PolicyTest.h
b/samltest/saml1/profile/SAML1PolicyTest.h
index
82660b1
..
49554e5
100644
(file)
--- a/
samltest/saml1/profile/SAML1PolicyTest.h
+++ b/
samltest/saml1/profile/SAML1PolicyTest.h
@@
-54,7
+54,7
@@
public:
TSM_ASSERT_THROWS("Policy should have tripped on AudienceRestriction", m_policy->evaluate(*assertion.get()), SecurityPolicyException);
auto_ptr_XMLCh recipient("https://sp.example.org");
TSM_ASSERT_THROWS("Policy should have tripped on AudienceRestriction", m_policy->evaluate(*assertion.get()), SecurityPolicyException);
auto_ptr_XMLCh recipient("https://sp.example.org");
- m_policy->
setRecipient
(recipient.get());
+ m_policy->
getAudiences().push_back
(recipient.get());
m_policy->evaluate(*assertion.get());
}
catch (exception& ex) {
m_policy->evaluate(*assertion.get());
}
catch (exception& ex) {
diff --git
a/samltest/saml2/profile/SAML2PolicyTest.h
b/samltest/saml2/profile/SAML2PolicyTest.h
index
f4cc1d8
..
3f3b958
100644
(file)
--- a/
samltest/saml2/profile/SAML2PolicyTest.h
+++ b/
samltest/saml2/profile/SAML2PolicyTest.h
@@
-54,7
+54,7
@@
public:
TSM_ASSERT_THROWS("Policy should have tripped on AudienceRestriction", m_policy->evaluate(*assertion.get()), SecurityPolicyException);
auto_ptr_XMLCh recipient("https://sp.example.org");
TSM_ASSERT_THROWS("Policy should have tripped on AudienceRestriction", m_policy->evaluate(*assertion.get()), SecurityPolicyException);
auto_ptr_XMLCh recipient("https://sp.example.org");
- m_policy->
setRecipient
(recipient.get());
+ m_policy->
getAudiences().push_back
(recipient.get());
m_policy->evaluate(*assertion.get());
}
catch (exception& ex) {
m_policy->evaluate(*assertion.get());
}
catch (exception& ex) {