A "simple" attribute resolver, and token validation.

[shibboleth/sp.git] / shibsp / Application.h

diff --git a/shibsp/Application.h b/shibsp/Application.h
index c6deb96..eb90c61 100644 (file)
--- a/shibsp/Application.h
+++ b/shibsp/Application.h
@@ -1,5 +1,5 @@
 /*
- *  Copyright 2001-2006 Internet2
+ *  Copyright 2001-2007 Internet2
  * 
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -26,10 +26,12 @@
 #include <shibsp/util/PropertySet.h>
 #include <saml/saml2/metadata/MetadataProvider.h>
 #include <xmltooling/security/TrustEngine.h>
+#include <xmltooling/validation/Validator.h>
 
 namespace shibsp {
     
     class SHIBSP_API Handler;
+    class SHIBSP_API ServiceProvider;
 
     /**
      * Interface to a Shibboleth Application instance.
@@ -46,6 +48,13 @@ namespace shibsp {
         virtual ~Application() {}
 
         /**
+         * Returns the owning ServiceProvider instance.
+         *
+         * @return a locked ServiceProvider
+         */
+        virtual const ServiceProvider& getServiceProvider() const=0;
+
+        /**
          * Returns the Application's ID.
          * 
          * @return  the ID
@@ -147,6 +156,17 @@ namespace shibsp {
          * @return set of audience values associated with the Application
          */
         virtual const std::vector<const XMLCh*>& getAudiences() const=0;
+
+        /**
+         * Returns a validator for applying verification rules to incoming SAML tokens.
+         *
+         * <p>The validator must be freed by the caller.
+         * 
+         * @param ts    timestamp against which to evaluate the token's validity, or 0 to ignore
+         * @param role  metadata role of token issuer, if known
+         * @return a validator
+         */
+        virtual xmltooling::Validator* getTokenValidator(time_t ts=0, const opensaml::saml2md::RoleDescriptor* role=NULL) const=0;
     };
 };