Add policy rules for SAML 1 SSO and SAML 2 Bearer confirmation, with unit tests.

[shibboleth/cpp-opensaml.git] / saml / saml2 / profile / BrowserSSOProfileValidator.h
diff --git a/saml/saml2/profile/BrowserSSOProfileValidator.h b/saml/saml2/profile/BrowserSSOProfileValidator.h

index 1a8a0c3..9af864c 100644 (file)
--- a/saml/saml2/profile/BrowserSSOProfileValidator.h
+++ b/saml/saml2/profile/BrowserSSOProfileValidator.h
@@ -1,6 +1,6 @@
  /*
   *  Copyright 2001-2007 Internet2
- * 
+ *
   * Licensed under the Apache License, Version 2.0 (the "License");
   * you may not use this file except in compliance with the License.
   * You may obtain a copy of the License at
@@ -16,8 +16,8 @@
  
  /**
   * @file saml/saml2/profile/BrowserSSOProfileValidator.h
- * 
- * SAML 2.0 Browser SSO Profile Assertion Validator 
+ *
+ * SAML 2.0 Browser SSO Profile Assertion Validator
   */
  
  #ifndef __saml2_ssoval_h__
@@ -26,36 +26,38 @@
  #include <saml/saml2/profile/AssertionValidator.h>
  
  namespace opensaml {
-    
+
      namespace saml2 {
-        
+
          /**
+         * @deprecated
           * SAML 2.0 Browser SSO Profile Assertion Validator
           *
           * <p>In addition to standard core requirements for validity, SSO assertions
-         * <strong>MUST</strong> have NotBefore/NotOnOrAfter attributes and each subject statement
-         * <strong>MUST</strong> be confirmable via bearer method.
+         * <strong>MUST</strong> be bearer-confirmable.
           */
          class SAML_API BrowserSSOProfileValidator : public AssertionValidator
          {
          public:
              /**
               * Constructor
-             * 
-             * @param audiences     set of audience values representing recipient
+             *
+             * @param recipient     name of assertion recipient (implicit audience)
+             * @param audiences     additional audience values
               * @param ts            timestamp to evaluate assertion conditions, or 0 to bypass check
               * @param destination   server location to which assertion was delivered, or 0 to bypass check
               * @param requestID     ID of request that resulted in assertion, or NULL if unsolicited
               */
              BrowserSSOProfileValidator(
-                const std::vector<const XMLCh*>& audiences,
+                const XMLCh* recipient,
+                const std::vector<const XMLCh*>* audiences=NULL,
                  time_t ts=0,
-                const XMLCh* destination=NULL,
-                const XMLCh* requestID=NULL
-                ) : AssertionValidator(audiences, ts), m_destination(destination), m_requestID(requestID) {
+                const char* destination=NULL,
+                const char* requestID=NULL
+                ) : AssertionValidator(recipient, audiences, ts), m_destination(destination), m_requestID(requestID) {
              }
              virtual ~BrowserSSOProfileValidator() {}
-    
+
              void validateAssertion(const Assertion& assertion) const;
  
              /**
@@ -66,19 +68,19 @@ namespace opensaml {
              const char* getAddress() const {
                  return m_address.c_str();
              }
-        
+
          protected:
              /** Server location to which assertion was delivered. */
-            const XMLCh* m_destination;
+            xmltooling::auto_ptr_XMLCh m_destination;
  
              /** ID of request that resulted in assertions. */
-            const XMLCh* m_requestID;
+            xmltooling::auto_ptr_XMLCh m_requestID;
  
          private:
              /** Address in confirmed bearer SubjectConfirmationData. */
              mutable std::string m_address;
          };
-        
+
      };
  };