Simplify/rename signing and encryption properties.

git-svn-id: https://svn.middleware.georgetown.edu/cpp-sp/trunk@2423 cb58f699-b61c-0410-a6fe-9272a202ed29

diff --git a/configs/shibboleth2.xml.in b/configs/shibboleth2.xml.in
index 884d4c0..8121b37 100644 (file)
--- a/configs/shibboleth2.xml.in
+++ b/configs/shibboleth2.xml.in
@@ -193,8 +193,7 @@
                        styleSheet="/shibboleth-sp/main.css"/>
                
                <!-- Configure handling of outgoing messages and SOAP authentication. -->
-               <DefaultRelyingParty authType="TLS" artifactEndpointIndex="1"
-                       signRequests="front" encryptRequests="front" signResponses="true" encryptResponses="true">
+               <DefaultRelyingParty authType="TLS" artifactEndpointIndex="1" signing="front" encryption="front">
                        <!-- Uncomment and modify to tweak settings for specific IdPs or groups. -->
                        <!--
                        <RelyingParty Name="SpecialFederation" keyName="SpecialKey"/>

diff --git a/schemas/shibboleth-2.0-native-sp-config.xsd b/schemas/shibboleth-2.0-native-sp-config.xsd
index 15d340a..2b7ee70 100644 (file)
--- a/schemas/shibboleth-2.0-native-sp-config.xsd
+++ b/schemas/shibboleth-2.0-native-sp-config.xsd
@@ -616,12 +616,10 @@
                <attribute name="authType" type="conf:string"/>\r
                <attribute name="authUsername" type="conf:string"/>\r
                <attribute name="authPassword" type="conf:string"/>\r
-               <attribute name="signRequests" type="conf:bindingBoolean"/>\r
-               <attribute name="signResponses" type="conf:bindingBoolean"/>\r
-               <attribute name="signatureAlg" type="anyURI"/>\r
+               <attribute name="signing" type="conf:bindingBoolean"/>\r
+               <attribute name="signingAlg" type="anyURI"/>\r
                <attribute name="digestAlg" type="anyURI"/>\r
-               <attribute name="encryptRequests" type="conf:bindingBoolean"/>\r
-               <attribute name="encryptResponses" type="conf:bindingBoolean"/>\r
+               <attribute name="encryption" type="conf:bindingBoolean"/>\r
                <attribute name="encryptionAlg" type="anyURI"/>\r
                <attribute name="keyName" type="conf:string"/>\r
                <attribute name="artifactEndpointIndex" type="unsignedShort"/>\r

diff --git a/shibsp/binding/impl/SOAPClient.cpp b/shibsp/binding/impl/SOAPClient.cpp
index 2c84cc1..03de42b 100644 (file)
--- a/shibsp/binding/impl/SOAPClient.cpp
+++ b/shibsp/binding/impl/SOAPClient.cpp
@@ -50,7 +50,7 @@ void SOAPClient::send(const soap11::Envelope& env, MetadataCredentialCriteria& p
 {
     // Check for message signing requirements.   
     m_relyingParty = m_app.getRelyingParty(dynamic_cast<const EntityDescriptor*>(peer.getRole().getParent()));
-    pair<bool,const char*> flag = m_relyingParty->getString("signRequests");
+    pair<bool,const char*> flag = m_relyingParty->getString("signing");
     if (flag.first && (!strcmp(flag.second, "true") || !strcmp(flag.second, "back"))) {
         m_credResolver=m_app.getCredentialResolver();
         if (m_credResolver) {
@@ -60,7 +60,7 @@ void SOAPClient::send(const soap11::Envelope& env, MetadataCredentialCriteria& p
             pair<bool,const char*> keyName = m_relyingParty->getString("keyName");
             if (keyName.first)
                 peer.getKeyNames().insert(keyName.second);
-            pair<bool,const XMLCh*> sigalg = m_relyingParty->getXMLString("signatureAlg");
+            pair<bool,const XMLCh*> sigalg = m_relyingParty->getXMLString("signingAlg");
             if (sigalg.first)
                 peer.setXMLAlgorithm(sigalg.second);
             const Credential* cred = m_credResolver->resolve(&peer);

diff --git a/shibsp/handler/AbstractHandler.h b/shibsp/handler/AbstractHandler.h
index 7893b13..e88ab33 100644 (file)
--- a/shibsp/handler/AbstractHandler.h
+++ b/shibsp/handler/AbstractHandler.h
@@ -102,8 +102,7 @@ namespace shibsp {
          * @param role              recipient of message, if known
          * @param application       the Application sending the message
          * @param httpResponse      channel for sending message
-         * @param signingOption     name of property to lookup controlling signing
-         * @param signIfPossible    true iff signing should be attempted regardless of property
+         * @param signIfPossible    true iff signing should be attempted regardless of "signing" property
          * @return  the result of sending the message using the encoder
          */
         long sendMessage(
@@ -114,7 +113,6 @@ namespace shibsp {
             const opensaml::saml2md::RoleDescriptor* role,
             const Application& application,
             xmltooling::HTTPResponse& httpResponse,
-            const char* signingOption,
             bool signIfPossible=false
             ) const;
 #endif

diff --git a/shibsp/handler/impl/AbstractHandler.cpp b/shibsp/handler/impl/AbstractHandler.cpp
index 22910f9..d087e0d 100644 (file)
--- a/shibsp/handler/impl/AbstractHandler.cpp
+++ b/shibsp/handler/impl/AbstractHandler.cpp
@@ -166,13 +166,12 @@ long AbstractHandler::sendMessage(
     const saml2md::RoleDescriptor* role,
     const Application& application,
     HTTPResponse& httpResponse,
-    const char* signingOption,
     bool signIfPossible
     ) const
 {
     const EntityDescriptor* entity = role ? dynamic_cast<const EntityDescriptor*>(role->getParent()) : NULL;
     const PropertySet* relyingParty = application.getRelyingParty(entity);
-    pair<bool,const char*> flag = signIfPossible ? make_pair(true,"true") : relyingParty->getString(signingOption);
+    pair<bool,const char*> flag = signIfPossible ? make_pair(true,"true") : relyingParty->getString("signing");
     if (role && flag.first &&
         (!strcmp(flag.second, "true") ||
             (encoder.isUserAgentPresent() && !strcmp(flag.second, "front")) ||
@@ -186,7 +185,7 @@ long AbstractHandler::sendMessage(
             pair<bool,const char*> keyName = relyingParty->getString("keyName");
             if (keyName.first)
                 mcc.getKeyNames().insert(keyName.second);
-            pair<bool,const XMLCh*> sigalg = relyingParty->getXMLString("signatureAlg");
+            pair<bool,const XMLCh*> sigalg = relyingParty->getXMLString("signingAlg");
             if (sigalg.first)
                 mcc.setXMLAlgorithm(sigalg.second);
             const Credential* cred = credResolver->resolve(&mcc);

diff --git a/shibsp/handler/impl/SAML2Logout.cpp b/shibsp/handler/impl/SAML2Logout.cpp
index 8efe4ab..aae1079 100644 (file)
--- a/shibsp/handler/impl/SAML2Logout.cpp
+++ b/shibsp/handler/impl/SAML2Logout.cpp
@@ -602,7 +602,7 @@ pair<bool,long> SAML2Logout::sendResponse(
 
     auto_ptr_char dest(logout->getDestination());
 
-    long ret = sendMessage(*encoder, logout.get(), relayState, dest.get(), role, application, httpResponse, "signResponses");
+    long ret = sendMessage(*encoder, logout.get(), relayState, dest.get(), role, application, httpResponse);
     logout.release();  // freed by encoder
     return make_pair(true,ret);
 }

diff --git a/shibsp/handler/impl/SAML2LogoutInitiator.cpp b/shibsp/handler/impl/SAML2LogoutInitiator.cpp
index c0abf10..17e190d 100644 (file)
--- a/shibsp/handler/impl/SAML2LogoutInitiator.cpp
+++ b/shibsp/handler/impl/SAML2LogoutInitiator.cpp
@@ -363,7 +363,7 @@ pair<bool,long> SAML2LogoutInitiator::doRequest(
 
         msg->setDestination(ep->getLocation());
         auto_ptr_char dest(ep->getLocation());
-        ret.second = sendMessage(*encoder, msg.get(), NULL, dest.get(), role, application, response, "signRequests");
+        ret.second = sendMessage(*encoder, msg.get(), NULL, dest.get(), role, application, response);
         ret.first = true;
         msg.release();  // freed by encoder
     }
@@ -406,7 +406,7 @@ LogoutRequest* SAML2LogoutInitiator::buildRequest(
 
     const NameID* nameid = session.getNameID();
     const PropertySet* relyingParty = application.getRelyingParty(dynamic_cast<EntityDescriptor*>(role.getParent()));
-    pair<bool,const char*> flag = relyingParty->getString("encryptRequests");
+    pair<bool,const char*> flag = relyingParty->getString("encryption");
     if (flag.first &&
         (!strcmp(flag.second, "true") || (encoder && !strcmp(flag.second, "front")) || (!encoder && !strcmp(flag.second, "back")))) {
         auto_ptr<EncryptedID> encrypted(EncryptedIDBuilder::buildEncryptedID());
@@ -423,7 +423,7 @@ LogoutRequest* SAML2LogoutInitiator::buildRequest(
 
     if (!encoder) {
         // No encoder being used, so sign for SOAP client manually.
-        flag = relyingParty->getString("signRequests");
+        flag = relyingParty->getString("signing");
         if (flag.first && (!strcmp(flag.second, "true") || !strcmp(flag.second, "back"))) {
             CredentialResolver* credResolver=application.getCredentialResolver();
             if (credResolver) {
@@ -434,21 +434,20 @@ LogoutRequest* SAML2LogoutInitiator::buildRequest(
                 pair<bool,const char*> keyName = relyingParty->getString("keyName");
                 if (keyName.first)
                     mcc.getKeyNames().insert(keyName.second);
-                pair<bool,const XMLCh*> sigalg = relyingParty->getXMLString("signatureAlg");
+                pair<bool,const XMLCh*> sigalg = relyingParty->getXMLString("signingAlg");
                 if (sigalg.first)
                     mcc.setXMLAlgorithm(sigalg.second);
                 const Credential* cred = credResolver->resolve(&mcc);
                 if (cred) {
                     xmlsignature::Signature* sig = xmlsignature::SignatureBuilder::buildSignature();
                     msg->setSignature(sig);
-                    pair<bool, const XMLCh*> alg = relyingParty->getXMLString("signatureAlg");
-                    if (alg.first)
-                        sig->setSignatureAlgorithm(alg.second);
-                    alg = relyingParty->getXMLString("digestAlg");
-                    if (alg.first) {
+                    if (sigalg.first)
+                        sig->setSignatureAlgorithm(sigalg.second);
+                    sigalg = relyingParty->getXMLString("digestAlg");
+                    if (sigalg.first) {
                         ContentReference* cr = dynamic_cast<ContentReference*>(sig->getContentReference());
                         if (cr)
-                            cr->setDigestAlgorithm(alg.second);
+                            cr->setDigestAlgorithm(sigalg.second);
                     }
             
                     // Sign response while marshalling.

diff --git a/shibsp/handler/impl/SAML2SessionInitiator.cpp b/shibsp/handler/impl/SAML2SessionInitiator.cpp
index baa27cf..1acb4de 100644 (file)
--- a/shibsp/handler/impl/SAML2SessionInitiator.cpp
+++ b/shibsp/handler/impl/SAML2SessionInitiator.cpp
@@ -487,7 +487,7 @@ pair<bool,long> SAML2SessionInitiator::doRequest(
     auto_ptr_char dest(ep->getLocation());
 
     long ret = sendMessage(
-        *encoder, req.get(), relayState.c_str(), dest.get(), role, app, httpResponse, "signRequests", role->WantAuthnRequestsSigned()
+        *encoder, req.get(), relayState.c_str(), dest.get(), role, app, httpResponse, role->WantAuthnRequestsSigned()
         );
     req.release();  // freed by encoder
     return make_pair(true,ret);