2 * Copyright 2010 Internet2
\r
4 * Licensed under the Apache License, Version 2.0 (the "License");
\r
5 * you may not use this file except in compliance with the License.
\r
6 * You may obtain a copy of the License at
\r
8 * http://www.apache.org/licenses/LICENSE-2.0
\r
10 * Unless required by applicable law or agreed to in writing, software
\r
11 * distributed under the License is distributed on an "AS IS" BASIS,
\r
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
\r
13 * See the License for the specific language governing permissions and
\r
14 * limitations under the License.
\r
18 * @file shibsp/security/SecurityPolicyProvider.h
\r
20 * Interface to a source of security policy settings and rules.
\r
23 #ifndef __shibsp_policyfactory_h__
\r
24 #define __shibsp_policyfactory_h__
\r
28 #include <shibsp/base.h>
\r
31 #include <xmltooling/Lockable.h>
\r
32 #include <xmltooling/unicode.h>
\r
34 namespace xmltooling {
\r
35 class XMLTOOL_API QName;
\r
38 namespace opensaml {
\r
39 class SAML_API SecurityPolicyRule;
\r
44 class SHIBSP_API Application;
\r
45 class SHIBSP_API PropertySet;
\r
46 class SHIBSP_API SecurityPolicy;
\r
49 * Interface to a source of security policy settings and rules.
\r
51 class SHIBSP_API SecurityPolicyProvider : public virtual xmltooling::Lockable
\r
53 MAKE_NONCOPYABLE(SecurityPolicyProvider);
\r
55 SecurityPolicyProvider();
\r
57 virtual ~SecurityPolicyProvider();
\r
60 * Returns the security policy settings for an identified policy.
\r
62 * @param id identifies the policy to return
\r
63 * @return a PropertySet
\r
65 virtual const PropertySet* getPolicySettings(const char* id) const=0;
\r
68 * Returns the security policy rules for an identified policy.
\r
70 * @param id identifies the policy to return
\r
71 * @return an array of policy rules
\r
73 virtual const std::vector<const opensaml::SecurityPolicyRule*>& getPolicyRules(const char* id) const=0;
\r
76 * Returns a set of XML Signature/Encryption algorithm identifiers to block.
\r
78 * @return an array of algorithm URIs to block
\r
80 virtual const std::vector<xmltooling::xstring>& getAlgorithmBlacklist() const=0;
\r
83 * Returns a set of XML Signature/Encryption algorithm identifiers to permit.
\r
85 * @return an array of algorithm URIs to permit
\r
87 virtual const std::vector<xmltooling::xstring>& getAlgorithmWhitelist() const=0;
\r
90 * Returns a SecurityPolicy applicable to an application and/or policy identifier.
\r
92 * <p>The caller <strong>MUST</strong> lock the application's MetadataProvider for the life
\r
93 * of the returned object.
\r
95 * @param application reference to application applying policy
\r
96 * @param role identifies the role (generally IdP or SP) of the policy peer
\r
97 * @param policyId identifies policy, defaults to the application's default
\r
98 * @return a new policy instance, which the caller is responsible for freeing
\r
100 virtual SecurityPolicy* createSecurityPolicy(
\r
101 const Application& application, const xmltooling::QName* role, const char* policyId=nullptr
\r
106 * Registers SecurityPolicyProvider classes into the runtime.
\r
108 void SHIBSP_API registerSecurityPolicyProviders();
\r
110 /** SecurityPolicyProvider based on an XML configuration format. */
\r
111 #define XML_SECURITYPOLICY_PROVIDER "XML"
\r
116 #endif /* __shibsp_policyfactory_h__ */
\r