- if (m_correlate && !XMLString::equals(m_correlate, response->getInResponseTo()))
- throw BindingException("InResponseTo attribute did not correlate with the Request ID.");
-
+ if (m_correlate && response->getInResponseTo() && !XMLString::equals(m_correlate, response->getInResponseTo()))
+ throw SecurityPolicyException("InResponseTo attribute did not correlate with the Request ID.");
+
+ SecurityPolicy& policy = m_soaper.getPolicy();
+ policy.reset(true);
+
+ // Extract Response details.
+ policy.setMessageID(response->getID());
+ policy.setIssueInstant(response->getIssueInstantEpoch());
+
+ // Extract and re-verify Issuer if present.
+ const Issuer* issuer = response->getIssuer();
+ if (issuer)
+ policy.setIssuer(issuer); // This will throw if it conflicts with the known peer identity.
+
+ // Now run the policy.
+ policy.evaluate(*response);
+