Allow message-only policy rules, basic SAML SOAP client.

[shibboleth/cpp-opensaml.git] / saml / binding / impl / SecurityPolicy.cpp

diff --git a/saml/binding/impl/SecurityPolicy.cpp b/saml/binding/impl/SecurityPolicy.cpp
index 437241a..350057e 100644 (file)
--- a/saml/binding/impl/SecurityPolicy.cpp
+++ b/saml/binding/impl/SecurityPolicy.cpp
@@ -23,7 +23,10 @@
 #include "internal.h"
 #include "exceptions.h"
 #include "binding/SecurityPolicy.h"
+#include "saml1/core/Assertions.h"
+#include "saml1/core/Protocols.h"
 #include "saml2/core/Assertions.h"
+#include "saml2/core/Protocols.h"
 
 using namespace opensaml::saml2md;
 using namespace opensaml::saml2;
@@ -32,6 +35,7 @@ using namespace xmltooling;
 using namespace std;
 
 namespace opensaml {
+    SAML_DLLLOCAL PluginManager<SecurityPolicyRule,const DOMElement*>::Factory ClientCertAuthRuleFactory;
     SAML_DLLLOCAL PluginManager<SecurityPolicyRule,const DOMElement*>::Factory MessageFlowRuleFactory;
     SAML_DLLLOCAL PluginManager<SecurityPolicyRule,const DOMElement*>::Factory SimpleSigningRuleFactory;
     SAML_DLLLOCAL PluginManager<SecurityPolicyRule,const DOMElement*>::Factory XMLSigningRuleFactory;
@@ -40,6 +44,7 @@ namespace opensaml {
 void SAML_API opensaml::registerSecurityPolicyRules()
 {
     SAMLConfig& conf=SAMLConfig::getConfig();
+    conf.SecurityPolicyRuleManager.registerFactory(CLIENTCERTAUTH_POLICY_RULE, ClientCertAuthRuleFactory);
     conf.SecurityPolicyRuleManager.registerFactory(MESSAGEFLOW_POLICY_RULE, MessageFlowRuleFactory);
     conf.SecurityPolicyRuleManager.registerFactory(SIMPLESIGNING_POLICY_RULE, SimpleSigningRuleFactory);
     conf.SecurityPolicyRuleManager.registerFactory(XMLSIGNING_POLICY_RULE, XMLSigningRuleFactory);
@@ -53,17 +58,17 @@ SecurityPolicy::~SecurityPolicy()
     delete m_issuer;
 }
 
-void SecurityPolicy::evaluate(const GenericRequest& request, const XMLObject& message)
+void SecurityPolicy::evaluate(const XMLObject& message, const GenericRequest* request)
 {
     for (vector<const SecurityPolicyRule*>::const_iterator i=m_rules.begin(); i!=m_rules.end(); ++i) {
 
         // Run the rule...
-        pair<Issuer*,const RoleDescriptor*> ident = (*i)->evaluate(request,message,m_metadata,&m_role,m_trust);
+        pair<Issuer*,const RoleDescriptor*> ident = (*i)->evaluate(message,request,m_metadata,&m_role,m_trust);
 
         // Make sure returned issuer doesn't conflict.
          
         if (ident.first) {
-            if (!(m_matchingPolicy ? m_matchingPolicy : &m_defaultMatching)->issuerMatches(ident.first, m_issuer)) {
+            if (!getIssuerMatchingPolicy().issuerMatches(ident.first, m_issuer)) {
                 delete ident.first;
                 throw BindingException("Policy rules returned differing Issuers.");
             }
@@ -81,7 +86,7 @@ void SecurityPolicy::evaluate(const GenericRequest& request, const XMLObject& me
 
 void SecurityPolicy::setIssuer(saml2::Issuer* issuer)
 {
-    if (!((m_matchingPolicy ? m_matchingPolicy : &m_defaultMatching))->issuerMatches(issuer, m_issuer)) {
+    if (!getIssuerMatchingPolicy().issuerMatches(issuer, m_issuer)) {
         delete issuer;
         throw BindingException("Externally provided Issuer conflicts with policy results.");
     }