Add policy rules for SAML 1 SSO and SAML 2 Bearer confirmation, with unit tests.

[shibboleth/cpp-opensaml.git] / saml / binding / SecurityPolicy.h

diff --git a/saml/binding/SecurityPolicy.h b/saml/binding/SecurityPolicy.h
index 72d2464..6a5aac7 100644 (file)
--- a/saml/binding/SecurityPolicy.h
+++ b/saml/binding/SecurityPolicy.h
@@ -70,11 +70,7 @@ namespace opensaml {
             const xmltooling::QName* role=NULL,
             const xmltooling::TrustEngine* trustEngine=NULL,
             bool validate=true
-            ) : m_metadataCriteria(NULL), m_messageID(NULL), m_issueInstant(0), m_issuer(NULL), m_issuerRole(NULL), m_authenticated(false),
-                m_matchingPolicy(NULL), m_metadata(metadataProvider), m_role(NULL), m_trust(trustEngine), m_validate(validate), m_entityOnly(true) {
-            if (role)
-                m_role = new xmltooling::QName(*role);
-        }
+            );
 
         virtual ~SecurityPolicy();
 
@@ -135,6 +131,45 @@ namespace opensaml {
         }
 
         /**
+         * Returns the SAML audiences that represent the receiving peer.
+         *
+         * @return audience values of the peer processing the message
+         */
+        const std::vector<const XMLCh*>& getAudiences() const {
+            return m_audiences;
+        }
+
+        /**
+         * Returns the SAML audiences that represent the receiving peer.
+         *
+         * @return audience values of the peer processing the message
+         */
+        std::vector<const XMLCh*>& getAudiences() {
+            return m_audiences;
+        }
+
+        /**
+         * Gets the effective time of message processing.
+         *
+         * @return  the time at which the message is being processed
+         */
+        time_t getTime() const {
+            if (m_ts == 0)
+                return m_ts = time(NULL);
+            return m_ts;
+        }
+
+        /**
+         * Returns the message identifier to which the message being evaluated
+         * is a response.
+         *
+         * @return correlated message identifier
+         */
+        const XMLCh* getCorrelationID() const {
+            return m_correlationID;
+        }
+
+        /**
          * Gets a mutable array of installed policy rules.
          *
          * <p>If adding rules, their lifetime must be at least as long as the policy object.
@@ -205,6 +240,28 @@ namespace opensaml {
         }
 
         /**
+         * Sets effective time of message processing.
+         *
+         * <p>Assumed to be the time of policy instantiation, can be adjusted to pre- or post-date
+         * message processing.
+         *
+         * @param ts    the time at which the message is being processed
+         */
+        void setTime(time_t ts) {
+            m_ts = ts;
+        }
+
+        /**
+         * Sets the message identifier to which the message being evaluated
+         * is a response.
+         *
+         * @param correlationID correlated message identifier
+         */
+        void setCorrelationID(const XMLCh* correlationID) {
+            m_correlationID = correlationID;
+        }
+
+        /**
          * Evaluates the policy against the given request and message,
          * possibly populating message information in the policy object.
          *
@@ -410,6 +467,11 @@ namespace opensaml {
         const xmltooling::TrustEngine* m_trust;
         bool m_validate;
         bool m_entityOnly;
+
+        // contextual information
+        mutable time_t m_ts;
+        const XMLCh* m_correlationID;
+        std::vector<const XMLCh*> m_audiences;
     };
 
 };