New policy rules for handling conditions.

[shibboleth/cpp-opensaml.git] / saml / binding / impl / MessageFlowRule.cpp

diff --git a/saml/binding/impl/MessageFlowRule.cpp b/saml/binding/impl/MessageFlowRule.cpp
index f371f1f..4ef7632 100644 (file)
--- a/saml/binding/impl/MessageFlowRule.cpp
+++ b/saml/binding/impl/MessageFlowRule.cpp
@@ -1,6 +1,6 @@
 /*
  *  Copyright 2001-2009 Internet2
- * 
+ *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
  * You may obtain a copy of the License at
@@ -16,7 +16,7 @@
 
 /**
  * MessageFlowRule.cpp
- * 
+ *
  * SAML replay and freshness checking SecurityPolicyRule
  */
 
@@ -39,12 +39,12 @@ namespace opensaml {
     public:
         MessageFlowRule(const DOMElement* e);
         virtual ~MessageFlowRule() {}
-        
+
         const char* getType() const {
             return MESSAGEFLOW_POLICY_RULE;
         }
         bool evaluate(const XMLObject& message, const GenericRequest* request, SecurityPolicy& policy) const;
-    
+
     private:
         bool m_checkReplay;
         time_t m_expires;
@@ -77,7 +77,7 @@ bool MessageFlowRule::evaluate(const XMLObject& message, const GenericRequest* r
     Category& log=Category::getInstance(SAML_LOGCAT".SecurityPolicyRule.MessageFlow");
     log.debug("evaluating message flow policy (replay checking %s, expiration %lu)", m_checkReplay ? "on" : "off", m_expires);
 
-    time_t now = time(NULL);
+    time_t now = policy.getTime();
     time_t skew = XMLToolingConfig::getConfig().clock_skew_secs;
     time_t issueInstant = policy.getIssueInstant();
     if (issueInstant == 0) {
@@ -95,7 +95,7 @@ bool MessageFlowRule::evaluate(const XMLObject& message, const GenericRequest* r
             throw SecurityPolicyException("Message expired, was issued too long ago.");
         }
     }
-    
+
     // Check replay.
     if (m_checkReplay) {
         const XMLCh* id = policy.getMessageID();