X-Git-Url: http://www.project-moonshot.org/gitweb/?p=shibboleth%2Fcpp-opensaml.git;a=blobdiff_plain;f=saml%2Fbinding%2FSecurityPolicy.h;h=6a5aac78d7f3e6e68971657e607f27893b08d9af;hp=7f879ecf23d8f4396e32092feeb4e99e20ee1647;hb=69a716dedfd9e239bcc9206a7b8dc137b43f5f89;hpb=003e73203da5cdf8c3d001a75a56b9e45ef6465b diff --git a/saml/binding/SecurityPolicy.h b/saml/binding/SecurityPolicy.h index 7f879ec..6a5aac7 100644 --- a/saml/binding/SecurityPolicy.h +++ b/saml/binding/SecurityPolicy.h @@ -1,5 +1,5 @@ /* - * Copyright 2001-2007 Internet2 + * Copyright 2001-2009 Internet2 * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -70,11 +70,7 @@ namespace opensaml { const xmltooling::QName* role=NULL, const xmltooling::TrustEngine* trustEngine=NULL, bool validate=true - ) : m_metadataCriteria(NULL), m_messageID(NULL), m_issueInstant(0), m_issuer(NULL), m_issuerRole(NULL), m_authenticated(false), - m_matchingPolicy(NULL), m_metadata(metadataProvider), m_role(NULL), m_trust(trustEngine), m_validate(validate), m_entityOnly(true) { - if (role) - m_role = new xmltooling::QName(*role); - } + ); virtual ~SecurityPolicy(); @@ -91,6 +87,9 @@ namespace opensaml { * Returns a reference to a MetadataProvider::Criteria instance suitable for use with the * installed MetadataProvider. * + *
The object will be cleared/reset when returned, so do not mutate it and then
+ * call the method again before using it.
+ *
* @return reference to a MetadataProvider::Criteria instance
*/
virtual saml2md::MetadataProvider::Criteria& getMetadataProviderCriteria() const;
@@ -132,6 +131,45 @@ namespace opensaml {
}
/**
+ * Returns the SAML audiences that represent the receiving peer.
+ *
+ * @return audience values of the peer processing the message
+ */
+ const std::vector If adding rules, their lifetime must be at least as long as the policy object.
@@ -152,6 +190,17 @@ namespace opensaml {
}
/**
+ * Sets a MetadataProvider::Criteria instance suitable for use with the
+ * installed MetadataProvider.
+ *
+ * The policy will take ownership of the criteria object when this
+ * method completes.
+ *
+ * @param criteria a MetadataProvider::Criteria instance, or NULL
+ */
+ void setMetadataProviderCriteria(saml2md::MetadataProvider::Criteria* criteria);
+
+ /**
* Sets a peer role element/type for to the policy.
*
* @param role the peer role element/type or NULL
@@ -191,6 +240,28 @@ namespace opensaml {
}
/**
+ * Sets effective time of message processing.
+ *
+ * Assumed to be the time of policy instantiation, can be adjusted to pre- or post-date
+ * message processing.
+ *
+ * @param ts the time at which the message is being processed
+ */
+ void setTime(time_t ts) {
+ m_ts = ts;
+ }
+
+ /**
+ * Sets the message identifier to which the message being evaluated
+ * is a response.
+ *
+ * @param correlationID correlated message identifier
+ */
+ void setCorrelationID(const XMLCh* correlationID) {
+ m_correlationID = correlationID;
+ }
+
+ /**
* Evaluates the policy against the given request and message,
* possibly populating message information in the policy object.
*
@@ -211,7 +282,17 @@ namespace opensaml {
*
* @param messageOnly true iff security and issuer state should be left in place
*/
- void reset(bool messageOnly=false);
+ virtual void reset(bool messageOnly=false);
+
+ /**
+ * Resets the policy object and/or clears any per-message state for only this specific class.
+ *
+ * Resets can be complete (the default) or merely clear the previous message ID and timestamp
+ * when evaluating multiple layers of a message.
+ *
+ * @param messageOnly true iff security and issuer state should be left in place
+ */
+ void _reset(bool messageOnly=false);
/**
* Returns the message identifier as determined by the registered policies.
@@ -386,6 +467,11 @@ namespace opensaml {
const xmltooling::TrustEngine* m_trust;
bool m_validate;
bool m_entityOnly;
+
+ // contextual information
+ mutable time_t m_ts;
+ const XMLCh* m_correlationID;
+ std::vector