Rework decoder handling in simple resolver, add IdP/SP names to decoder API, hook...

[shibboleth/cpp-sp.git] / shibsp / Application.h

diff --git a/shibsp/Application.h b/shibsp/Application.h
index c8f262d..89b31bb 100644 (file)
--- a/shibsp/Application.h
+++ b/shibsp/Application.h
@@ -26,9 +26,11 @@
 #include <shibsp/util/PropertySet.h>
 #include <saml/saml2/metadata/MetadataProvider.h>
 #include <xmltooling/security/TrustEngine.h>
+#include <xmltooling/validation/Validator.h>
 
 namespace shibsp {
     
+    class SHIBSP_API AttributeResolver;
     class SHIBSP_API Handler;
     class SHIBSP_API ServiceProvider;
 
@@ -88,7 +90,14 @@ namespace shibsp {
          * @return  a TrustEngine instance, or NULL
          */
         virtual xmltooling::TrustEngine* getTrustEngine() const=0;
-        
+
+        /**
+         * Returns an AttributeResolver for use with this Application.
+         * 
+         * @return  an AttributeResolver, or NULL
+         */
+        virtual AttributeResolver* getAttributeResolver() const=0;
+
         /**
          * Returns configuration properties governing security interactions with a peer entity.
          * 
@@ -155,6 +164,17 @@ namespace shibsp {
          * @return set of audience values associated with the Application
          */
         virtual const std::vector<const XMLCh*>& getAudiences() const=0;
+
+        /**
+         * Returns a validator for applying verification rules to incoming SAML tokens.
+         *
+         * <p>The validator must be freed by the caller.
+         * 
+         * @param ts    timestamp against which to evaluate the token's validity, or 0 to ignore
+         * @param role  metadata role of token issuer, if known
+         * @return a validator
+         */
+        virtual xmltooling::Validator* getTokenValidator(time_t ts=0, const opensaml::saml2md::RoleDescriptor* role=NULL) const=0;
     };
 };