/*
- * Copyright 2001-2007 Internet2
+ * Copyright 2001-2010 Internet2
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
/**
* BrowserSSOProfile20Validator.cpp
*
- * SAML 2.0 Browser SSO Profile Assertion Validator
+ * SAML 2.0 Browser SSO Profile Assertion Validator.
*/
#include "internal.h"
#include "saml2/profile/BrowserSSOProfileValidator.h"
#include <xmltooling/logging.h>
+#include <xmltooling/XMLToolingConfig.h>
#include <xmltooling/util/NDC.h>
using namespace opensaml::saml2;
using namespace xmltooling;
using namespace std;
+BrowserSSOProfileValidator::BrowserSSOProfileValidator(
+ const XMLCh* recipient,
+ const vector<const XMLCh*>* audiences,
+ time_t ts,
+ const char* destination,
+ const char* requestID
+ ) : AssertionValidator(recipient, audiences, ts), m_destination(destination), m_requestID(requestID)
+{
+}
+
+BrowserSSOProfileValidator::~BrowserSSOProfileValidator()
+{
+}
+
void BrowserSSOProfileValidator::validateAssertion(const Assertion& assertion) const
{
#ifdef _DEBUG
Category& log = Category::getInstance(SAML_LOGCAT".AssertionValidator");
// The assertion MUST have proper confirmation requirements.
- const char* msg=NULL;
+ const char* msg="assertion is missing bearer SubjectConfirmation";
const Subject* subject = assertion.getSubject();
if (subject) {
const vector<SubjectConfirmation*>& confs = subject->getSubjectConfirmations();
const SubjectConfirmationDataType* data = dynamic_cast<const SubjectConfirmationDataType*>((*sc)->getSubjectConfirmationData());
if (m_destination.get()) {
- if (!XMLString::equals(m_destination.get(), data ? data->getRecipient() : NULL)) {
+ if (!XMLString::equals(m_destination.get(), data ? data->getRecipient() : nullptr)) {
msg = "bearer confirmation failed with recipient mismatch";
continue;
}
}
if (m_requestID.get()) {
- if (!XMLString::equals(m_requestID.get(), data ? data->getInResponseTo() : NULL)) {
+ if (!XMLString::equals(m_requestID.get(), data ? data->getInResponseTo() : nullptr)) {
msg = "bearer confirmation failed with request correlation mismatch";
continue;
}
}
}
- log.error(msg);
+ log.error(msg ? msg : "no error message");
throw ValidationException("Unable to locate satisfiable bearer SubjectConfirmation in assertion.");
}
+
+const char* BrowserSSOProfileValidator::getAddress() const
+{
+ return m_address.c_str();
+}