* SAML replay and freshness checking SecurityPolicyRule
*/
+#ifndef __saml_flowrule_h__
+#define __saml_flowrule_h__
+
#include <saml/binding/SecurityPolicyRule.h>
/**
* SAML replay and freshness checking SecurityPolicyRule
*
- * Subclasses can provide support for additional message types
- * by overriding the main method and then calling the check method.
+ * Some form of message rule to extract ID and timestamp must be
+ * run prior to this rule.
*/
class SAML_API MessageFlowRule : public SecurityPolicyRule
{
MessageFlowRule(const DOMElement* e);
virtual ~MessageFlowRule() {}
- std::pair<saml2::Issuer*,const saml2md::RoleDescriptor*> evaluate(
- const GenericRequest& request,
- const xmltooling::XMLObject& message,
- const saml2md::MetadataProvider* metadataProvider,
- const xmltooling::QName* role,
- const TrustEngine* trustEngine
- ) const;
-
- protected:
+ void evaluate(const xmltooling::XMLObject& message, const GenericRequest* request, SecurityPolicy& policy) const;
+
/**
- * Performs the check.
+ * Controls whether rule executes replay checking.
*
- * @param id message identifier
- * @param issueInstant timestamp of protocol message
+ * @param checkReplay replay checking value to set
+ */
+ void setCheckReplay(bool checkReplay) {
+ m_checkReplay = checkReplay;
+ }
+
+ /**
+ * Controls maximum elapsed time between message issue and rule execution.
*
- * @exception BindingException raised if a check fails
+ * @param expires maximum elapsed time in seconds
*/
- void check(const XMLCh* id, time_t issueInstant) const;
+ void setExpires(time_t expires) {
+ m_expires = expires;
+ }
private:
bool m_checkReplay;
};
};
+
+#endif /* __saml_flowrule_h__ */
projects / shibboleth / cpp-opensaml.git / blobdiff