SAML 2 SSO validator.

[shibboleth/cpp-opensaml.git] / saml / saml2 / profile / BrowserSSOProfileValidator.h

diff --git a/saml/saml2/profile/BrowserSSOProfileValidator.h b/saml/saml2/profile/BrowserSSOProfileValidator.h
new file mode 100644 (file)
index 0000000..1a8a0c3
--- /dev/null
+++ b/saml/saml2/profile/BrowserSSOProfileValidator.h
@@ -0,0 +1,85 @@
+/*
+ *  Copyright 2001-2007 Internet2
+ * 
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+/**
+ * @file saml/saml2/profile/BrowserSSOProfileValidator.h
+ * 
+ * SAML 2.0 Browser SSO Profile Assertion Validator 
+ */
+
+#ifndef __saml2_ssoval_h__
+#define __saml2_ssoval_h__
+
+#include <saml/saml2/profile/AssertionValidator.h>
+
+namespace opensaml {
+    
+    namespace saml2 {
+        
+        /**
+         * SAML 2.0 Browser SSO Profile Assertion Validator
+         *
+         * <p>In addition to standard core requirements for validity, SSO assertions
+         * <strong>MUST</strong> have NotBefore/NotOnOrAfter attributes and each subject statement
+         * <strong>MUST</strong> be confirmable via bearer method.
+         */
+        class SAML_API BrowserSSOProfileValidator : public AssertionValidator
+        {
+        public:
+            /**
+             * Constructor
+             * 
+             * @param audiences     set of audience values representing recipient
+             * @param ts            timestamp to evaluate assertion conditions, or 0 to bypass check
+             * @param destination   server location to which assertion was delivered, or 0 to bypass check
+             * @param requestID     ID of request that resulted in assertion, or NULL if unsolicited
+             */
+            BrowserSSOProfileValidator(
+                const std::vector<const XMLCh*>& audiences,
+                time_t ts=0,
+                const XMLCh* destination=NULL,
+                const XMLCh* requestID=NULL
+                ) : AssertionValidator(audiences, ts), m_destination(destination), m_requestID(requestID) {
+            }
+            virtual ~BrowserSSOProfileValidator() {}
+    
+            void validateAssertion(const Assertion& assertion) const;
+
+            /**
+             * Return address information from the confirmed bearer SubjectConfirmation, if any.
+             *
+             * @return  address information
+             */
+            const char* getAddress() const {
+                return m_address.c_str();
+            }
+        
+        protected:
+            /** Server location to which assertion was delivered. */
+            const XMLCh* m_destination;
+
+            /** ID of request that resulted in assertions. */
+            const XMLCh* m_requestID;
+
+        private:
+            /** Address in confirmed bearer SubjectConfirmationData. */
+            mutable std::string m_address;
+        };
+        
+    };
+};
+
+#endif /* __saml2_ssoval_h__ */