Return results from policy rules.

[shibboleth/cpp-opensaml.git] / saml / binding / impl / ClientCertAuthRule.cpp

diff --git a/saml/binding/impl/ClientCertAuthRule.cpp b/saml/binding/impl/ClientCertAuthRule.cpp
index 6337b19..aaa3c8c 100644 (file)
--- a/saml/binding/impl/ClientCertAuthRule.cpp
+++ b/saml/binding/impl/ClientCertAuthRule.cpp
@@ -43,37 +43,38 @@ namespace opensaml {
     }
 };
 
-void ClientCertAuthRule::evaluate(const XMLObject& message, const GenericRequest* request, SecurityPolicy& policy) const
+bool ClientCertAuthRule::evaluate(const XMLObject& message, const GenericRequest* request, SecurityPolicy& policy) const
 {
     Category& log=Category::getInstance(SAML_LOGCAT".SecurityPolicyRule.ClientCertAuth");
     log.debug("evaluating client certificate authentication policy");
     
     if (!request) {
         log.debug("ignoring message, no protocol request available");
-        return;
+        return false;
     }
     else if (!policy.getIssuerMetadata()) {
         log.debug("ignoring message, no issuer metadata supplied");
-        return;
+        return false;
     }
 
     const X509TrustEngine* x509trust;
     if (!(x509trust=dynamic_cast<const X509TrustEngine*>(policy.getTrustEngine()))) {
         log.debug("ignoring message, no X509TrustEngine supplied");
-        return;
+        return false;
     }
     
     const std::vector<XSECCryptoX509*>& chain = request->getClientCertificates();
     if (chain.empty()) {
         log.debug("ignoring message, no client certificates in request");
-        return;
+        return false;
     }
     
     if (!x509trust->validate(chain.front(), chain, *(policy.getIssuerMetadata()), true,
             policy.getMetadataProvider()->getKeyResolver())) {
         log.error("unable to verify certificate chain with supplied trust engine");
-        return;
+        return false;
     }
     
     log.debug("client certificate verified against message issuer");
+    return true;
 }