Add option to reject unauthenticated ciphers

[shibboleth/cpp-opensaml.git] / saml / saml2 / core / impl / Assertions.cpp

diff --git a/saml/saml2/core/impl/Assertions.cpp b/saml/saml2/core/impl/Assertions.cpp
index 4ed2efd..4a163d5 100644 (file)
--- a/saml/saml2/core/impl/Assertions.cpp
+++ b/saml/saml2/core/impl/Assertions.cpp
@@ -241,12 +241,14 @@ void EncryptedElementType::encrypt(
     }
 }
 
-XMLObject* EncryptedElementType::decrypt(const CredentialResolver& credResolver, const XMLCh* recipient, CredentialCriteria* criteria) const
+XMLObject* EncryptedElementType::decrypt(
+    const CredentialResolver& credResolver, const XMLCh* recipient, CredentialCriteria* criteria, bool requireAuthenticatedCipher
+    ) const
 {
     if (!getEncryptedData())
         throw DecryptionException("No encrypted data present.");
     opensaml::EncryptedKeyResolver ekr(*this);
-    Decrypter decrypter(&credResolver, criteria, &ekr);
+    Decrypter decrypter(&credResolver, criteria, &ekr, requireAuthenticatedCipher);
     DOMDocumentFragment* frag = decrypter.decryptData(*getEncryptedData(), recipient);
     if (frag->hasChildNodes() && frag->getFirstChild()==frag->getLastChild()) {
         DOMNode* plaintext=frag->getFirstChild();