Streamline setIssuer call in policy.

[shibboleth/cpp-opensaml.git] / saml / binding / impl / SecurityPolicy.cpp

diff --git a/saml/binding/impl/SecurityPolicy.cpp b/saml/binding/impl/SecurityPolicy.cpp
index 4091df7..bfdeb90 100644 (file)
--- a/saml/binding/impl/SecurityPolicy.cpp
+++ b/saml/binding/impl/SecurityPolicy.cpp
@@ -1,5 +1,5 @@
 /*
- *  Copyright 2001-2006 Internet2
+ *  Copyright 2001-2007 Internet2
  * 
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -68,6 +68,7 @@ void SecurityPolicy::reset()
     m_issueInstant=0;
     m_issuer=NULL;
     m_issuerRole=NULL;
+    m_secure=false;
 }
 
 void SecurityPolicy::evaluate(const XMLObject& message, const GenericRequest* request)
@@ -76,21 +77,33 @@ void SecurityPolicy::evaluate(const XMLObject& message, const GenericRequest* re
         (*i)->evaluate(message,request,*this);
 }
 
-void SecurityPolicy::setIssuer(saml2::Issuer* issuer)
+void SecurityPolicy::setIssuer(const Issuer* issuer)
 {
-    if (!getIssuerMatchingPolicy().issuerMatches(issuer, m_issuer)) {
-        delete issuer;
-        throw BindingException("A rule supplied an Issuer that conflicts with previous results.");
+    if (!getIssuerMatchingPolicy().issuerMatches(m_issuer, issuer))
+        throw SecurityPolicyException("A rule supplied an Issuer that conflicts with previous results.");
+    
+    if (!m_issuer) {
+        m_issuerRole = NULL;
+        m_issuer=issuer->cloneIssuer();
     }
+}
+
+void SecurityPolicy::setIssuer(const XMLCh* issuer)
+{
+    if (!getIssuerMatchingPolicy().issuerMatches(m_issuer, issuer))
+        throw SecurityPolicyException("A rule supplied an Issuer that conflicts with previous results.");
     
-    delete m_issuer;
-    m_issuer=issuer;
+    if (!m_issuer && issuer && *issuer) {
+        m_issuerRole = NULL;
+        m_issuer = IssuerBuilder::buildIssuer();
+        m_issuer->setName(issuer);
+    }
 }
 
 void SecurityPolicy::setIssuerMetadata(const RoleDescriptor* issuerRole)
 {
     if (issuerRole && m_issuerRole && issuerRole!=m_issuerRole)
-        throw BindingException("A rule supplied a RoleDescriptor that conflicts with previous results.");
+        throw SecurityPolicyException("A rule supplied a RoleDescriptor that conflicts with previous results.");
     m_issuerRole=issuerRole;
 }
 
@@ -122,3 +135,28 @@ bool SecurityPolicy::IssuerMatchingPolicy::issuerMatches(const Issuer* issuer1,
     
     return true;
 }
+
+bool SecurityPolicy::IssuerMatchingPolicy::issuerMatches(const Issuer* issuer1, const XMLCh* issuer2) const
+{
+    // NULL matches anything for the purposes of this interface.
+    if (!issuer1 || !issuer2 || !*issuer2)
+        return true;
+    
+    const XMLCh* op1=issuer1->getName();
+    if (!op1 || !XMLString::equals(op1,issuer2))
+        return false;
+    
+    op1=issuer1->getFormat();
+    if (op1 && *op1 && !XMLString::equals(op1, NameIDType::ENTITY))
+        return false;
+        
+    op1=issuer1->getNameQualifier();
+    if (op1 && *op1)
+        return false;
+
+    op1=issuer1->getSPNameQualifier();
+    if (op1 && *op1)
+        return false;
+    
+    return true;
+}