From 3582107119b14aeb81632921dd9442ef52cf64db Mon Sep 17 00:00:00 2001
From: Scott Cantor <cantor.2@osu.edu>
Date: Sat, 26 Sep 2009 04:15:13 +0000
Subject: [PATCH] Reducing header overuse, non-inlining selected methods
 (CPPOST-35).

---
 saml/Makefile.am                                   |  1 +
 saml/binding/impl/ClientCertAuthRule.cpp           |  1 +
 saml/saml.vcproj                                   |  4 ++
 saml/saml2/core/impl/Assertions.cpp                |  5 +-
 saml/saml2/metadata/MetadataCredentialCriteria.h   | 23 +--------
 .../metadata/impl/ChainingMetadataProvider.cpp     |  1 +
 .../metadata/impl/MetadataCredentialCriteria.cpp   | 54 ++++++++++++++++++++++
 saml/signature/ContentReference.cpp                |  1 +
 saml/signature/SignatureProfileValidator.cpp       |  3 +-
 samlsign/samlsign.cpp                              | 13 +++---
 samltest/encryption/EncryptedAssertionTest.h       |  3 +-
 samltest/signature/SAMLSignatureTestBase.h         |  3 +-
 12 files changed, 80 insertions(+), 32 deletions(-)
 create mode 100644 saml/saml2/metadata/impl/MetadataCredentialCriteria.cpp

diff --git a/saml/Makefile.am b/saml/Makefile.am
index f552599..d9135fc 100644
--- a/saml/Makefile.am
+++ b/saml/Makefile.am
@@ -144,6 +144,7 @@ libsaml_la_SOURCES = \
 	saml2/metadata/impl/ChainingMetadataProvider.cpp \
 	saml2/metadata/impl/DynamicMetadataProvider.cpp \
 	saml2/metadata/impl/EntityRoleMetadataFilter.cpp \
+    saml2/metadata/impl/MetadataCredentialCriteria.cpp \
 	saml2/metadata/impl/MetadataImpl.cpp \
 	saml2/metadata/impl/MetadataProvider.cpp \
 	saml2/metadata/impl/MetadataSchemaValidators.cpp \
diff --git a/saml/binding/impl/ClientCertAuthRule.cpp b/saml/binding/impl/ClientCertAuthRule.cpp
index 840c242..382eb10 100644
--- a/saml/binding/impl/ClientCertAuthRule.cpp
+++ b/saml/binding/impl/ClientCertAuthRule.cpp
@@ -28,6 +28,7 @@
 #include "saml2/metadata/MetadataProvider.h"
 
 #include <xmltooling/logging.h>
+#include <xmltooling/security/Credential.h>
 #include <xmltooling/security/X509TrustEngine.h>
 #include <xmltooling/util/ReplayCache.h>
 
diff --git a/saml/saml.vcproj b/saml/saml.vcproj
index 8d1427e..f943fb5 100644
--- a/saml/saml.vcproj
+++ b/saml/saml.vcproj
@@ -524,6 +524,10 @@
 							>
 						</File>
 						<File
+							RelativePath=".\saml2\metadata\impl\MetadataCredentialCriteria.cpp"
+							>
+						</File>
+						<File
 							RelativePath=".\saml2\metadata\impl\MetadataImpl.cpp"
 							>
 						</File>
diff --git a/saml/saml2/core/impl/Assertions.cpp b/saml/saml2/core/impl/Assertions.cpp
index 0e8b5f8..9b5495c 100644
--- a/saml/saml2/core/impl/Assertions.cpp
+++ b/saml/saml2/core/impl/Assertions.cpp
@@ -1,5 +1,5 @@
 /*
- *  Copyright 2001-2007 Internet2
+ *  Copyright 2001-2009 Internet2
  * 
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -32,6 +32,9 @@
 #include <xmltooling/logging.h>
 #include <xmltooling/encryption/Encrypter.h>
 #include <xmltooling/encryption/Decrypter.h>
+#include <xmltooling/security/Credential.h>
+
+#include <xsec/utils/XSECPlatformUtils.hpp>
 
 using namespace opensaml::saml2md;
 using namespace opensaml::saml2;
diff --git a/saml/saml2/metadata/MetadataCredentialCriteria.h b/saml/saml2/metadata/MetadataCredentialCriteria.h
index 5d3a1c7..aac4d85 100644
--- a/saml/saml2/metadata/MetadataCredentialCriteria.h
+++ b/saml/saml2/metadata/MetadataCredentialCriteria.h
@@ -24,7 +24,6 @@
 #define __saml_metacrit_h__
 
 #include <saml/base.h>
-#include <saml/saml2/metadata/MetadataCredentialContext.h>
 #include <xmltooling/security/CredentialCriteria.h>
 
 namespace opensaml {
@@ -41,13 +40,7 @@ namespace opensaml {
              *
              * @param role      source of metadata-supplied credentials
              */
-            MetadataCredentialCriteria(const RoleDescriptor& role) : m_role(role) {
-                const EntityDescriptor* entity = dynamic_cast<const EntityDescriptor*>(role.getParent());
-                if (entity) {
-                    xmltooling::auto_ptr_char name(entity->getEntityID());
-                    setPeerName(name.get());
-                }
-            }
+            MetadataCredentialCriteria(const RoleDescriptor& role);
     
             virtual ~MetadataCredentialCriteria() {}
             
@@ -60,19 +53,7 @@ namespace opensaml {
                 return m_role;
             }
 
-            bool matches(const xmltooling::Credential& credential) const {
-                const MetadataCredentialContext* context = dynamic_cast<const MetadataCredentialContext*>(credential.getCredentalContext());
-                if (context) {
-                    // Check for a usage mismatch.
-                    if ((getUsage() & (xmltooling::Credential::SIGNING_CREDENTIAL | xmltooling::Credential::TLS_CREDENTIAL)) &&
-                            XMLString::equals(context->getKeyDescriptor().getUse(),KeyDescriptor::KEYTYPE_ENCRYPTION))
-                        return false;
-                    else if ((getUsage() & xmltooling::Credential::ENCRYPTION_CREDENTIAL) &&
-                            XMLString::equals(context->getKeyDescriptor().getUse(),KeyDescriptor::KEYTYPE_SIGNING))
-                        return false;
-                }
-                return CredentialCriteria::matches(credential);
-            }
+            bool matches(const xmltooling::Credential& credential) const;
 
         private:
             const RoleDescriptor& m_role;
diff --git a/saml/saml2/metadata/impl/ChainingMetadataProvider.cpp b/saml/saml2/metadata/impl/ChainingMetadataProvider.cpp
index e544a29..ef7d131 100644
--- a/saml/saml2/metadata/impl/ChainingMetadataProvider.cpp
+++ b/saml/saml2/metadata/impl/ChainingMetadataProvider.cpp
@@ -23,6 +23,7 @@
 #include "internal.h"
 #include "exceptions.h"
 #include "saml/binding/SAMLArtifact.h"
+#include "saml2/metadata/Metadata.h"
 #include "saml2/metadata/ObservableMetadataProvider.h"
 #include "saml2/metadata/MetadataCredentialCriteria.h"
 
diff --git a/saml/saml2/metadata/impl/MetadataCredentialCriteria.cpp b/saml/saml2/metadata/impl/MetadataCredentialCriteria.cpp
new file mode 100644
index 0000000..90b9cf3
--- /dev/null
+++ b/saml/saml2/metadata/impl/MetadataCredentialCriteria.cpp
@@ -0,0 +1,54 @@
+/*
+ *  Copyright 2001-2009 Internet2
+ * 
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+/**
+ * MetadataCredentialCriteria.cpp
+ * 
+ * Metadata-based CredentialCriteria subclass.
+ */
+
+#include "internal.h"
+#include "saml2/metadata/MetadataCredentialContext.h"
+#include "saml2/metadata/MetadataCredentialCriteria.h"
+
+#include <xmltooling/security/Credential.h>
+
+using namespace opensaml::saml2md;
+using namespace xmltooling;
+
+MetadataCredentialCriteria::MetadataCredentialCriteria(const RoleDescriptor& role) : m_role(role)
+{
+    const EntityDescriptor* entity = dynamic_cast<const EntityDescriptor*>(role.getParent());
+    if (entity) {
+        auto_ptr_char name(entity->getEntityID());
+        setPeerName(name.get());
+    }
+}
+
+bool MetadataCredentialCriteria::matches(const Credential& credential) const
+{
+    const MetadataCredentialContext* context = dynamic_cast<const MetadataCredentialContext*>(credential.getCredentalContext());
+    if (context) {
+        // Check for a usage mismatch.
+        if ((getUsage() & (xmltooling::Credential::SIGNING_CREDENTIAL | xmltooling::Credential::TLS_CREDENTIAL)) &&
+                XMLString::equals(context->getKeyDescriptor().getUse(),KeyDescriptor::KEYTYPE_ENCRYPTION))
+            return false;
+        else if ((getUsage() & xmltooling::Credential::ENCRYPTION_CREDENTIAL) &&
+                XMLString::equals(context->getKeyDescriptor().getUse(),KeyDescriptor::KEYTYPE_SIGNING))
+            return false;
+    }
+    return CredentialCriteria::matches(credential);
+}
diff --git a/saml/signature/ContentReference.cpp b/saml/signature/ContentReference.cpp
index ffc7708..454bdb9 100644
--- a/saml/signature/ContentReference.cpp
+++ b/saml/signature/ContentReference.cpp
@@ -27,6 +27,7 @@
 #include <xmltooling/signature/Signature.h>
 #include <xercesc/util/XMLUniDefs.hpp>
 #include <xsec/dsig/DSIGReference.hpp>
+#include <xsec/dsig/DSIGSignature.hpp>
 #include <xsec/dsig/DSIGTransformC14n.hpp>
 
 using namespace opensaml;
diff --git a/saml/signature/SignatureProfileValidator.cpp b/saml/signature/SignatureProfileValidator.cpp
index a3159a6..a261dc2 100644
--- a/saml/signature/SignatureProfileValidator.cpp
+++ b/saml/signature/SignatureProfileValidator.cpp
@@ -1,5 +1,5 @@
 /*
- *  Copyright 2001-2007 Internet2
+ *  Copyright 2001-2009 Internet2
  * 
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -28,6 +28,7 @@
 
 #include <xercesc/util/XMLUniDefs.hpp>
 #include <xsec/dsig/DSIGReference.hpp>
+#include <xsec/dsig/DSIGSignature.hpp>
 #include <xsec/dsig/DSIGTransformC14n.hpp>
 #include <xsec/dsig/DSIGTransformList.hpp>
 
diff --git a/samlsign/samlsign.cpp b/samlsign/samlsign.cpp
index e0e2990..3be55b6 100644
--- a/samlsign/samlsign.cpp
+++ b/samlsign/samlsign.cpp
@@ -14,13 +14,11 @@
  * limitations under the License.
  */
 
-/* siterefresh.cpp - command-line tool to refresh and verify metadata
-
-   Scott Cantor
-   5/12/03
-
-   $Id:siterefresh.cpp 2252 2007-05-20 20:20:57Z cantor $
-*/
+/**
+ * samlsign.cpp
+ *
+ * Command-line tool to sign and verify objects.
+ */
 
 #if defined (_MSC_VER) || defined(__BORLANDC__)
 # include "config_win32.h"
@@ -41,6 +39,7 @@
 #include <saml/util/SAMLConstants.h>
 #include <xmltooling/logging.h>
 #include <xmltooling/XMLToolingConfig.h>
+#include <xmltooling/security/Credential.h>
 #include <xmltooling/security/SignatureTrustEngine.h>
 #include <xmltooling/signature/Signature.h>
 #include <xmltooling/signature/SignatureValidator.h>
diff --git a/samltest/encryption/EncryptedAssertionTest.h b/samltest/encryption/EncryptedAssertionTest.h
index 3a6fba0..c73704d 100644
--- a/samltest/encryption/EncryptedAssertionTest.h
+++ b/samltest/encryption/EncryptedAssertionTest.h
@@ -1,5 +1,5 @@
 /*
- *  Copyright 2001-2007 Internet2
+ *  Copyright 2001-2009 Internet2
  * 
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -24,6 +24,7 @@
 #include <saml/saml2/metadata/MetadataProvider.h>
 #include <saml/saml2/metadata/MetadataCredentialContext.h>
 #include <saml/saml2/metadata/MetadataCredentialCriteria.h>
+#include <xmltooling/security/Credential.h>
 
 using namespace opensaml::saml2md;
 using namespace opensaml::saml2;
diff --git a/samltest/signature/SAMLSignatureTestBase.h b/samltest/signature/SAMLSignatureTestBase.h
index aa6c290..eaba637 100644
--- a/samltest/signature/SAMLSignatureTestBase.h
+++ b/samltest/signature/SAMLSignatureTestBase.h
@@ -1,5 +1,5 @@
 /*
- *  Copyright 2001-2007 Internet2
+ *  Copyright 2001-2009 Internet2
  * 
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -18,6 +18,7 @@
 
 #include <sstream>
 #include <saml/signature/SignatureProfileValidator.h>
+#include <xmltooling/security/Credential.h>
 #include <xmltooling/security/CredentialCriteria.h>
 #include <xmltooling/security/CredentialResolver.h>
 #include <xmltooling/signature/KeyInfo.h>
-- 
2.1.4