From 9424cbad0360d512935936e6410fca5e32eb29bc Mon Sep 17 00:00:00 2001 From: Scott Cantor Date: Wed, 17 Oct 2007 05:15:54 +0000 Subject: [PATCH] Multi-line svn commit, see body. Move credential usage enum to Credential class. Get rid of test data relying on RetrievalMethod. --- saml/binding/impl/ClientCertAuthRule.cpp | 2 +- saml/saml2/core/impl/Assertions.cpp | 4 ++-- saml/saml2/metadata/MetadataCredentialCriteria.h | 4 ++-- .../metadata/impl/SignatureMetadataFilter.cpp | 2 +- samlsign/samlsign.cpp | 6 ++--- samltest/data/binding/example-metadata.xml | 26 ++++++++++++++++++---- samltest/encryption/EncryptedAssertionTest.h | 2 +- samltest/saml1/binding/SAML1ArtifactTest.h | 4 ++-- samltest/saml1/binding/SAML1POSTTest.h | 2 +- samltest/saml2/binding/SAML2ArtifactTest.h | 2 +- samltest/saml2/binding/SAML2POSTTest.h | 4 ++-- samltest/saml2/binding/SAML2RedirectTest.h | 2 +- samltest/signature/SAML1AssertionTest.h | 2 +- samltest/signature/SAML1RequestTest.h | 2 +- samltest/signature/SAML1ResponseTest.h | 2 +- samltest/signature/SAML2AssertionTest.h | 2 +- 16 files changed, 43 insertions(+), 25 deletions(-) diff --git a/saml/binding/impl/ClientCertAuthRule.cpp b/saml/binding/impl/ClientCertAuthRule.cpp index 262d2a7..8c30310 100644 --- a/saml/binding/impl/ClientCertAuthRule.cpp +++ b/saml/binding/impl/ClientCertAuthRule.cpp @@ -82,7 +82,7 @@ void ClientCertAuthRule::evaluate(const XMLObject& message, const GenericRequest MetadataCredentialCriteria cc(*(policy.getIssuerMetadata())); auto_ptr_char pn(policy.getIssuer()->getName()); cc.setPeerName(pn.get()); - cc.setUsage(CredentialCriteria::TLS_CREDENTIAL); + cc.setUsage(Credential::TLS_CREDENTIAL); if (!x509trust->validate(chain.front(), chain, *(policy.getMetadataProvider()), &cc)) { log.error("unable to verify certificate chain with supplied trust engine"); diff --git a/saml/saml2/core/impl/Assertions.cpp b/saml/saml2/core/impl/Assertions.cpp index d87a9db..0e8b5f8 100644 --- a/saml/saml2/core/impl/Assertions.cpp +++ b/saml/saml2/core/impl/Assertions.cpp @@ -50,7 +50,7 @@ void EncryptedElementType::encrypt( { // With one recipient, we let the library generate the encryption key for us. // Get the key encryption key to use. - criteria.setUsage(CredentialCriteria::ENCRYPTION_CREDENTIAL); + criteria.setUsage(Credential::ENCRYPTION_CREDENTIAL); const Credential* KEK = metadataProvider.resolve(&criteria); if (!KEK) throw EncryptionException("No key encryption credential found."); @@ -105,7 +105,7 @@ void EncryptedElementType::encrypt( // Now we encrypt the key for each recipient. for (vector< pair >::const_iterator r = recipients.begin(); r!=recipients.end(); ++r) { // Get key encryption key to use. - r->second->setUsage(CredentialCriteria::ENCRYPTION_CREDENTIAL); + r->second->setUsage(Credential::ENCRYPTION_CREDENTIAL); const Credential* KEK = r->first->resolve(r->second); if (!KEK) { auto_ptr_char name(dynamic_cast(r->second->getRole().getParent())->getEntityID()); diff --git a/saml/saml2/metadata/MetadataCredentialCriteria.h b/saml/saml2/metadata/MetadataCredentialCriteria.h index dfe4bcc..4aa54b8 100644 --- a/saml/saml2/metadata/MetadataCredentialCriteria.h +++ b/saml/saml2/metadata/MetadataCredentialCriteria.h @@ -64,10 +64,10 @@ namespace opensaml { const MetadataCredentialContext* context = dynamic_cast(credential.getCredentalContext()); if (context) { // Check for a usage mismatch. - if ((getUsage()==CredentialCriteria::SIGNING_CREDENTIAL || getUsage()==CredentialCriteria::TLS_CREDENTIAL) && + if ((getUsage()==xmltooling::Credential::SIGNING_CREDENTIAL || getUsage()==xmltooling::Credential::TLS_CREDENTIAL) && XMLString::equals(context->getKeyDescriptor().getUse(),KeyDescriptor::KEYTYPE_ENCRYPTION)) return false; - else if (getUsage()==CredentialCriteria::ENCRYPTION_CREDENTIAL && + else if (getUsage()==xmltooling::Credential::ENCRYPTION_CREDENTIAL && XMLString::equals(context->getKeyDescriptor().getUse(),KeyDescriptor::KEYTYPE_SIGNING)) return false; } diff --git a/saml/saml2/metadata/impl/SignatureMetadataFilter.cpp b/saml/saml2/metadata/impl/SignatureMetadataFilter.cpp index 3b70466..db93e5b 100644 --- a/saml/saml2/metadata/impl/SignatureMetadataFilter.cpp +++ b/saml/saml2/metadata/impl/SignatureMetadataFilter.cpp @@ -193,7 +193,7 @@ void SignatureMetadataFilter::verifySignature(Signature* sig, const XMLCh* peerN // Set up criteria. CredentialCriteria cc; - cc.setUsage(CredentialCriteria::SIGNING_CREDENTIAL); + cc.setUsage(Credential::SIGNING_CREDENTIAL); cc.setSignature(*sig, CredentialCriteria::KEYINFO_EXTRACTION_KEY); if (peerName) { auto_ptr_char pname(peerName); diff --git a/samlsign/samlsign.cpp b/samlsign/samlsign.cpp index 8ee8e7d..91c7b9a 100644 --- a/samlsign/samlsign.cpp +++ b/samlsign/samlsign.cpp @@ -247,7 +247,7 @@ int main(int argc,char* argv[]) // Set up criteria. CredentialCriteria cc; - cc.setUsage(CredentialCriteria::SIGNING_CREDENTIAL); + cc.setUsage(Credential::SIGNING_CREDENTIAL); cc.setSignature(*(signable->getSignature()), CredentialCriteria::KEYINFO_EXTRACTION_KEY); if (issuer) cc.setPeerName(issuer); @@ -313,7 +313,7 @@ int main(int argc,char* argv[]) else { // Set up criteria. CredentialCriteria cc; - cc.setUsage(CredentialCriteria::SIGNING_CREDENTIAL); + cc.setUsage(Credential::SIGNING_CREDENTIAL); cc.setSignature(*(signable->getSignature()), CredentialCriteria::KEYINFO_EXTRACTION_KEY); if (issuer) cc.setPeerName(issuer); @@ -332,7 +332,7 @@ int main(int argc,char* argv[]) ); Locker locker(cr.get()); CredentialCriteria cc; - cc.setUsage(CredentialCriteria::SIGNING_CREDENTIAL); + cc.setUsage(Credential::SIGNING_CREDENTIAL); const Credential* cred = cr->resolve(&cc); if (!cred) throw XMLSecurityException("Unable to resolve a signing credential."); diff --git a/samltest/data/binding/example-metadata.xml b/samltest/data/binding/example-metadata.xml index 1a3f5f3..d09818b 100644 --- a/samltest/data/binding/example-metadata.xml +++ b/samltest/data/binding/example-metadata.xml @@ -7,9 +7,27 @@ - - - + + sp.example.org + + + MIICjzCCAfigAwIBAgIJAKk8t1hYcMkhMA0GCSqGSIb3DQEBBAUAMDoxCzAJBgNV + BAYTAlVTMRIwEAYDVQQKEwlJbnRlcm5ldDIxFzAVBgNVBAMTDnNwLmV4YW1wbGUu + b3JnMB4XDTA1MDYyMDE1NDgzNFoXDTMyMTEwNTE1NDgzNFowOjELMAkGA1UEBhMC + VVMxEjAQBgNVBAoTCUludGVybmV0MjEXMBUGA1UEAxMOc3AuZXhhbXBsZS5vcmcw + gZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBANlZ1L1mKzYbUVKiMQLhZlfGDyYa + /jjCiaXP0WhLNgvJpOTeajvsrApYNnFX5MLNzuC3NeQIjXUNLN2Yo2MCSthBIOL5 + qE5dka4z9W9zytoflW1LmJ8vXpx8Ay/meG4z//J5iCpYVEquA0xl28HUIlownZUF + 7w7bx0cF/02qrR23AgMBAAGjgZwwgZkwHQYDVR0OBBYEFJZiO1qsyAyc3HwMlL9p + JpN6fbGwMGoGA1UdIwRjMGGAFJZiO1qsyAyc3HwMlL9pJpN6fbGwoT6kPDA6MQsw + CQYDVQQGEwJVUzESMBAGA1UEChMJSW50ZXJuZXQyMRcwFQYDVQQDEw5zcC5leGFt + cGxlLm9yZ4IJAKk8t1hYcMkhMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEEBQAD + gYEAMFq/UeSQyngE0GpZueyD2UW0M358uhseYOgGEIfm+qXIFQF6MYwNoX7WFzhC + LJZ2E6mEvZZFHCHUtl7mGDvsRwgZ85YCtRbvleEpqfgNQToto9pLYe+X6vvH9Z6p + gmYsTmak+kxO93JprrOd9xp8aZPMEprL7VCdrhbZEfyYER0= + + + - + sp.example.org diff --git a/samltest/encryption/EncryptedAssertionTest.h b/samltest/encryption/EncryptedAssertionTest.h index ef959dc..2fa9f93 100644 --- a/samltest/encryption/EncryptedAssertionTest.h +++ b/samltest/encryption/EncryptedAssertionTest.h @@ -95,7 +95,7 @@ public: // Sign while marshalling. vector sigs(1,sig); CredentialCriteria cc; - cc.setUsage(CredentialCriteria::SIGNING_CREDENTIAL); + cc.setUsage(Credential::SIGNING_CREDENTIAL); Locker locker(m_resolver); const Credential* cred = m_resolver->resolve(&cc); TSM_ASSERT("Retrieved credential was null", cred!=NULL); diff --git a/samltest/saml1/binding/SAML1ArtifactTest.h b/samltest/saml1/binding/SAML1ArtifactTest.h index ae593b1..55b6bdf 100644 --- a/samltest/saml1/binding/SAML1ArtifactTest.h +++ b/samltest/saml1/binding/SAML1ArtifactTest.h @@ -53,7 +53,7 @@ public: janitor.release(); CredentialCriteria cc; - cc.setUsage(CredentialCriteria::SIGNING_CREDENTIAL); + cc.setUsage(Credential::SIGNING_CREDENTIAL); Locker clocker(m_creds); const Credential* cred = m_creds->resolve(&cc); TSM_ASSERT("Retrieved credential was null", cred!=NULL); @@ -126,7 +126,7 @@ public: response->setSignature(SignatureBuilder::buildSignature()); vector sigs(1,response->getSignature()); CredentialCriteria cc; - cc.setUsage(CredentialCriteria::SIGNING_CREDENTIAL); + cc.setUsage(Credential::SIGNING_CREDENTIAL); Locker clocker(m_creds); const Credential* cred = m_creds->resolve(&cc); TSM_ASSERT("Retrieved credential was null", cred!=NULL); diff --git a/samltest/saml1/binding/SAML1POSTTest.h b/samltest/saml1/binding/SAML1POSTTest.h index 2621fa2..611da59 100644 --- a/samltest/saml1/binding/SAML1POSTTest.h +++ b/samltest/saml1/binding/SAML1POSTTest.h @@ -48,7 +48,7 @@ public: janitor.release(); CredentialCriteria cc; - cc.setUsage(CredentialCriteria::SIGNING_CREDENTIAL); + cc.setUsage(Credential::SIGNING_CREDENTIAL); Locker clocker(m_creds); const Credential* cred = m_creds->resolve(&cc); TSM_ASSERT("Retrieved credential was null", cred!=NULL); diff --git a/samltest/saml2/binding/SAML2ArtifactTest.h b/samltest/saml2/binding/SAML2ArtifactTest.h index 46c33b0..77a419b 100644 --- a/samltest/saml2/binding/SAML2ArtifactTest.h +++ b/samltest/saml2/binding/SAML2ArtifactTest.h @@ -52,7 +52,7 @@ public: janitor.release(); CredentialCriteria cc; - cc.setUsage(CredentialCriteria::SIGNING_CREDENTIAL); + cc.setUsage(Credential::SIGNING_CREDENTIAL); Locker clocker(m_creds); const Credential* cred = m_creds->resolve(&cc); TSM_ASSERT("Retrieved credential was null", cred!=NULL); diff --git a/samltest/saml2/binding/SAML2POSTTest.h b/samltest/saml2/binding/SAML2POSTTest.h index 1b4a05f..cce2a12 100644 --- a/samltest/saml2/binding/SAML2POSTTest.h +++ b/samltest/saml2/binding/SAML2POSTTest.h @@ -48,7 +48,7 @@ public: janitor.release(); CredentialCriteria cc; - cc.setUsage(CredentialCriteria::SIGNING_CREDENTIAL); + cc.setUsage(Credential::SIGNING_CREDENTIAL); Locker clocker(m_creds); const Credential* cred = m_creds->resolve(&cc); TSM_ASSERT("Retrieved credential was null", cred!=NULL); @@ -121,7 +121,7 @@ public: janitor.release(); CredentialCriteria cc; - cc.setUsage(CredentialCriteria::SIGNING_CREDENTIAL); + cc.setUsage(Credential::SIGNING_CREDENTIAL); Locker clocker(m_creds); const Credential* cred = m_creds->resolve(&cc); TSM_ASSERT("Retrieved credential was null", cred!=NULL); diff --git a/samltest/saml2/binding/SAML2RedirectTest.h b/samltest/saml2/binding/SAML2RedirectTest.h index 8a78a0e..862d75d 100644 --- a/samltest/saml2/binding/SAML2RedirectTest.h +++ b/samltest/saml2/binding/SAML2RedirectTest.h @@ -48,7 +48,7 @@ public: janitor.release(); CredentialCriteria cc; - cc.setUsage(CredentialCriteria::SIGNING_CREDENTIAL); + cc.setUsage(Credential::SIGNING_CREDENTIAL); Locker clocker(m_creds); const Credential* cred = m_creds->resolve(&cc); TSM_ASSERT("Retrieved credential was null", cred!=NULL); diff --git a/samltest/signature/SAML1AssertionTest.h b/samltest/signature/SAML1AssertionTest.h index 51cb1f1..1edf109 100644 --- a/samltest/signature/SAML1AssertionTest.h +++ b/samltest/signature/SAML1AssertionTest.h @@ -62,7 +62,7 @@ public: // Sign while marshalling. vector sigs(1,sig); CredentialCriteria cc; - cc.setUsage(CredentialCriteria::SIGNING_CREDENTIAL); + cc.setUsage(Credential::SIGNING_CREDENTIAL); Locker locker(m_resolver); const Credential* cred = m_resolver->resolve(&cc); TSM_ASSERT("Retrieved credential was null", cred!=NULL); diff --git a/samltest/signature/SAML1RequestTest.h b/samltest/signature/SAML1RequestTest.h index cebe076..45b6bab 100644 --- a/samltest/signature/SAML1RequestTest.h +++ b/samltest/signature/SAML1RequestTest.h @@ -62,7 +62,7 @@ public: // Sign while marshalling. vector sigs(1,sig); CredentialCriteria cc; - cc.setUsage(CredentialCriteria::SIGNING_CREDENTIAL); + cc.setUsage(Credential::SIGNING_CREDENTIAL); Locker locker(m_resolver); const Credential* cred = m_resolver->resolve(&cc); TSM_ASSERT("Retrieved credential was null", cred!=NULL); diff --git a/samltest/signature/SAML1ResponseTest.h b/samltest/signature/SAML1ResponseTest.h index 6a67106..a44a261 100644 --- a/samltest/signature/SAML1ResponseTest.h +++ b/samltest/signature/SAML1ResponseTest.h @@ -65,7 +65,7 @@ public: // Sign assertion while marshalling. vector sigs(1,assertion->getSignature()); CredentialCriteria cc; - cc.setUsage(CredentialCriteria::SIGNING_CREDENTIAL); + cc.setUsage(Credential::SIGNING_CREDENTIAL); Locker locker(m_resolver); const Credential* cred = m_resolver->resolve(&cc); TSM_ASSERT("Retrieved credential was null", cred!=NULL); diff --git a/samltest/signature/SAML2AssertionTest.h b/samltest/signature/SAML2AssertionTest.h index 1c5f2c6..38fec27 100644 --- a/samltest/signature/SAML2AssertionTest.h +++ b/samltest/signature/SAML2AssertionTest.h @@ -70,7 +70,7 @@ public: // Sign while marshalling. vector sigs(1,sig); CredentialCriteria cc; - cc.setUsage(CredentialCriteria::SIGNING_CREDENTIAL); + cc.setUsage(Credential::SIGNING_CREDENTIAL); Locker locker(m_resolver); const Credential* cred = m_resolver->resolve(&cc); TSM_ASSERT("Retrieved credential was null", cred!=NULL); -- 2.1.4