/*
- * Copyright 2001-2007 Internet2
+ * Copyright 2001-2009 Internet2
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
const xmltooling::QName* role=NULL,
const xmltooling::TrustEngine* trustEngine=NULL,
bool validate=true
- ) : m_metadataCriteria(NULL), m_messageID(NULL), m_issueInstant(0), m_issuer(NULL), m_issuerRole(NULL), m_authenticated(false),
- m_matchingPolicy(NULL), m_metadata(metadataProvider), m_role(NULL), m_trust(trustEngine), m_validate(validate), m_entityOnly(true) {
- if (role)
- m_role = new xmltooling::QName(*role);
- }
+ );
virtual ~SecurityPolicy();
* Returns a reference to a MetadataProvider::Criteria instance suitable for use with the
* installed MetadataProvider.
*
+ * <p>The object will be cleared/reset when returned, so do not mutate it and then
+ * call the method again before using it.
+ *
* @return reference to a MetadataProvider::Criteria instance
*/
virtual saml2md::MetadataProvider::Criteria& getMetadataProviderCriteria() const;
}
/**
+ * Returns the SAML audiences that represent the receiving peer.
+ *
+ * @return audience values of the peer processing the message
+ */
+ const std::vector<const XMLCh*>& getAudiences() const {
+ return m_audiences;
+ }
+
+ /**
+ * Returns the SAML audiences that represent the receiving peer.
+ *
+ * @return audience values of the peer processing the message
+ */
+ std::vector<const XMLCh*>& getAudiences() {
+ return m_audiences;
+ }
+
+ /**
+ * Gets the effective time of message processing.
+ *
+ * @return the time at which the message is being processed
+ */
+ time_t getTime() const {
+ if (m_ts == 0)
+ return m_ts = time(NULL);
+ return m_ts;
+ }
+
+ /**
* Gets a mutable array of installed policy rules.
*
* <p>If adding rules, their lifetime must be at least as long as the policy object.
}
/**
+ * Sets a MetadataProvider::Criteria instance suitable for use with the
+ * installed MetadataProvider.
+ *
+ * <p>The policy will take ownership of the criteria object when this
+ * method completes.
+ *
+ * @param criteria a MetadataProvider::Criteria instance, or NULL
+ */
+ void setMetadataProviderCriteria(saml2md::MetadataProvider::Criteria* criteria);
+
+ /**
* Sets a peer role element/type for to the policy.
*
* @param role the peer role element/type or NULL
}
/**
+ * Sets effective time of message processing.
+ *
+ * <p>Assumed to be the time of policy instantiation, can be adjusted to pre- or post-date
+ * message processing.
+ *
+ * @param ts the time at which the message is being processed
+ */
+ void setTime(time_t ts) {
+ m_ts = ts;
+ }
+
+ /**
* Evaluates the policy against the given request and message,
* possibly populating message information in the policy object.
*
*
* @param messageOnly true iff security and issuer state should be left in place
*/
- void reset(bool messageOnly=false);
+ virtual void reset(bool messageOnly=false);
+
+ /**
+ * Resets the policy object and/or clears any per-message state for only this specific class.
+ *
+ * <p>Resets can be complete (the default) or merely clear the previous message ID and timestamp
+ * when evaluating multiple layers of a message.
+ *
+ * @param messageOnly true iff security and issuer state should be left in place
+ */
+ void _reset(bool messageOnly=false);
/**
* Returns the message identifier as determined by the registered policies.
const xmltooling::TrustEngine* m_trust;
bool m_validate;
bool m_entityOnly;
+
+ // contextual information
+ mutable time_t m_ts;
+ std::vector<const XMLCh*> m_audiences;
};
};