From 570c594bdbb64ae1f5f0b58b7559c1044d61e1f0 Mon Sep 17 00:00:00 2001 From: Scott Cantor Date: Thu, 12 Apr 2007 03:56:27 +0000 Subject: [PATCH] Add credential context APIs, refactor criteria matching, auto-extract criteria from KeyInfos. --- saml/Makefile.am | 1 + saml/saml.vcproj | 4 ++ saml/saml2/metadata/MetadataCredentialContext.h | 64 ++++++++++++++++++++++ saml/saml2/metadata/MetadataCredentialCriteria.h | 6 +- .../metadata/impl/AbstractMetadataProvider.cpp | 29 ++-------- 5 files changed, 77 insertions(+), 27 deletions(-) create mode 100644 saml/saml2/metadata/MetadataCredentialContext.h diff --git a/saml/Makefile.am b/saml/Makefile.am index 5444b1a..3b25823 100644 --- a/saml/Makefile.am +++ b/saml/Makefile.am @@ -90,6 +90,7 @@ saml2mdinclude_HEADERS = \ saml2/metadata/ChainingMetadataProvider.h \ saml2/metadata/EndpointManager.h \ saml2/metadata/Metadata.h \ + saml2/metadata/MetadataCredentialContext.h \ saml2/metadata/MetadataCredentialCriteria.h \ saml2/metadata/MetadataFilter.h \ saml2/metadata/MetadataProvider.h \ diff --git a/saml/saml.vcproj b/saml/saml.vcproj index e74017e..17cfdeb 100644 --- a/saml/saml.vcproj +++ b/saml/saml.vcproj @@ -762,6 +762,10 @@ > + + diff --git a/saml/saml2/metadata/MetadataCredentialContext.h b/saml/saml2/metadata/MetadataCredentialContext.h new file mode 100644 index 0000000..8ffc950 --- /dev/null +++ b/saml/saml2/metadata/MetadataCredentialContext.h @@ -0,0 +1,64 @@ +/* + * Copyright 2001-2007 Internet2 + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +/** + * @file saml/saml2/metadata/MetadataCredentialContext.h + * + * Metadata-based CredentialContext subclass. + */ + +#ifndef __saml_metacredctx_h__ +#define __saml_metacredctx_h__ + +#include +#include + +namespace opensaml { + namespace saml2md { + + /** + * Metadata-based CredentialContext subclass. + */ + class SAML_API MetadataCredentialContext : public xmltooling::KeyInfoCredentialContext + { + public: + /* + * Constructor. + * + * @param descriptor source of metadata-supplied credential + */ + MetadataCredentialContext(const KeyDescriptor& descriptor) + : KeyInfoCredentialContext(descriptor.getKeyInfo()), m_descriptor(descriptor) { + } + + virtual ~MetadataCredentialContext() {} + + /** + * Return the KeyDescriptor associated with the credential. + * + * @return the associated KeyDescriptor + */ + const KeyDescriptor& getKeyDescriptor() const { + return m_descriptor; + } + + private: + const KeyDescriptor& m_descriptor; + }; + }; +}; + +#endif /* __saml_metacredctx_h__ */ diff --git a/saml/saml2/metadata/MetadataCredentialCriteria.h b/saml/saml2/metadata/MetadataCredentialCriteria.h index 0a6a430..ddc2146 100644 --- a/saml/saml2/metadata/MetadataCredentialCriteria.h +++ b/saml/saml2/metadata/MetadataCredentialCriteria.h @@ -20,8 +20,8 @@ * Metadata-based CredentialCriteria subclass. */ -#ifndef __saml_metacred_h__ -#define __saml_metacred_h__ +#ifndef __saml_metacrit_h__ +#define __saml_metacrit_h__ #include #include @@ -66,4 +66,4 @@ namespace opensaml { }; }; -#endif /* __saml_metacred_h__ */ +#endif /* __saml_metacrit_h__ */ diff --git a/saml/saml2/metadata/impl/AbstractMetadataProvider.cpp b/saml/saml2/metadata/impl/AbstractMetadataProvider.cpp index 4440fb4..7036070 100644 --- a/saml/saml2/metadata/impl/AbstractMetadataProvider.cpp +++ b/saml/saml2/metadata/impl/AbstractMetadataProvider.cpp @@ -24,6 +24,7 @@ #include "binding/SAMLArtifact.h" #include "saml2/metadata/Metadata.h" #include "saml2/metadata/AbstractMetadataProvider.h" +#include "saml2/metadata/MetadataCredentialContext.h" #include "saml2/metadata/MetadataCredentialCriteria.h" #include @@ -234,7 +235,9 @@ const AbstractMetadataProvider::credmap_t::mapped_type& AbstractMetadataProvider AbstractMetadataProvider::credmap_t::mapped_type& resolved = m_credentialMap[&role]; for (vector::const_iterator k = keys.begin(); k!=keys.end(); ++k) { if ((*k)->getKeyInfo()) { - Credential* c = resolver->resolve((*k)->getKeyInfo()); + auto_ptr mcc(new MetadataCredentialContext(*(*k))); + Credential* c = resolver->resolve(mcc.get()); + mcc.release(); resolved.push_back(make_pair((*k)->getUse(), c)); } } @@ -250,29 +253,7 @@ bool AbstractMetadataProvider::matches(const pair& cre return false; else if (criteria->getUsage()==CredentialCriteria::ENCRYPTION_CREDENTIAL && XMLString::equals(cred.first,KeyDescriptor::KEYTYPE_SIGNING)) return false; - - const char* alg = criteria->getKeyAlgorithm(); - if (alg && *alg) { - const char* alg2 = cred.second->getAlgorithm(); - if (alg2 && *alg2) { - if (!XMLString::equals(alg,alg2)) - return false; - } - } - if (criteria->getKeySize()>0 && cred.second->getKeySize()>0) { - if (criteria->getKeySize() != cred.second->getKeySize()) - return false; - } - - if (cred.second->getPublicKey()) { - // See if we have to match a specific key. - auto_ptr critcred( - XMLToolingConfig::getConfig().getKeyInfoResolver()->resolve(*criteria,Credential::RESOLVE_KEYS) - ); - if (critcred.get()) - if (!critcred->isEqual(*(cred.second->getPublicKey()))) - return false; - } + return cred.second->matches(*criteria); } return true; } -- 2.1.4