Expose audience collection on security policy.

[shibboleth/cpp-opensaml.git] / saml / saml1 / profile / AssertionValidator.cpp

diff --git a/saml/saml1/profile/AssertionValidator.cpp b/saml/saml1/profile/AssertionValidator.cpp
index 69cdf25..a7b2ada 100644 (file)
--- a/saml/saml1/profile/AssertionValidator.cpp
+++ b/saml/saml1/profile/AssertionValidator.cpp
@@ -47,8 +47,11 @@ void AssertionValidator::validateAssertion(const Assertion& assertion) const
 #endif
 
     const Conditions* conds = assertion.getConditions();
+    if (!conds)
+        return;
+    
     // First verify the time conditions, using the specified timestamp, if non-zero.
-    if (m_ts>0 && conds) {
+    if (m_ts>0) {
         unsigned int skew = XMLToolingConfig::getConfig().clock_skew_secs;
         time_t t=conds->getNotBeforeEpoch();
         if (m_ts+skew < t)
@@ -85,8 +88,13 @@ void AssertionValidator::validateCondition(const Condition* c) const
     bool found = false;
     const vector<Audience*>& auds1 = ac->getAudiences();
     for (vector<Audience*>::const_iterator a = auds1.begin(); !found && a!=auds1.end(); ++a) {
-        for (vector<const XMLCh*>::const_iterator a2 = m_audiences.begin(); !found && a2!=m_audiences.end(); ++a2) {
-            found = XMLString::equals((*a)->getAudienceURI(), *a2);
+        if (XMLString::equals(m_recipient, (*a)->getAudienceURI())) {
+            found = true;
+        }
+        else if (m_audiences) {
+            for (vector<const XMLCh*>::const_iterator a2 = m_audiences->begin(); !found && a2!=m_audiences->end(); ++a2) {
+                found = XMLString::equals((*a)->getAudienceURI(), *a2);
+            }
         }
     }