X-Git-Url: http://www.project-moonshot.org/gitweb/?p=shibboleth%2Fcpp-opensaml.git;a=blobdiff_plain;f=saml%2Fprofile%2Fimpl%2FAudienceRestrictionRule.cpp;h=97fb22e41d6b1f7bf19bbc3c00fe4ee0e4aaa5b1;hp=5201a38e0787de43b5ac832f5f4aff92d1442165;hb=1462057b3b9ae7e165d34d988e30b14c213672ca;hpb=f1208cd2f514700244816377443c4951dc22c848

diff --git a/saml/profile/impl/AudienceRestrictionRule.cpp b/saml/profile/impl/AudienceRestrictionRule.cpp
index 5201a38..97fb22e 100644
--- a/saml/profile/impl/AudienceRestrictionRule.cpp
+++ b/saml/profile/impl/AudienceRestrictionRule.cpp
@@ -31,11 +31,13 @@
 #include "saml1/core/Assertions.h"
 #include "saml2/core/Assertions.h"
 
+#include <boost/bind.hpp>
 #include <xmltooling/logging.h>
 
 using namespace opensaml;
 using namespace xmltooling::logging;
 using namespace xmltooling;
+using namespace boost;
 using namespace std;
 
 namespace opensaml {
@@ -73,23 +75,32 @@ AudienceRestrictionRule::AudienceRestrictionRule(const DOMElement* e)
 
 bool AudienceRestrictionRule::evaluate(const XMLObject& message, const GenericRequest* request, SecurityPolicy& policy) const
 {
+    static bool (*equals_fn)(const XMLCh*, const XMLCh*) = &XMLString::equals;
+
     const saml2::AudienceRestriction* ac2=dynamic_cast<const saml2::AudienceRestriction*>(&message);
     if (ac2) {
         const vector<saml2::Audience*>& auds2 = ac2->getAudiences();
-        for (vector<saml2::Audience*>::const_iterator a1 = auds2.begin(); a1!=auds2.end(); ++a1) {
-            for (vector<xstring>::const_iterator a2 = policy.getAudiences().begin(); a2!=policy.getAudiences().end(); ++a2) {
-                if (XMLString::equals((*a1)->getAudienceURI(), a2->c_str()))
-                    return true;
-            }
-            for (vector<const XMLCh*>::const_iterator a2 = m_audiences.begin(); a2!=m_audiences.end(); ++a2) {
-                if (XMLString::equals((*a1)->getAudienceURI(), *a2))
-                    return true;
-            }
+        for (vector<saml2::Audience*>::const_iterator a1 = auds2.begin(); a1 != auds2.end(); ++a1) {
+            const XMLCh* a1val = (*a1)->getAudienceURI();
+
+            vector<xstring>::const_iterator policyMatch = find_if(
+                policy.getAudiences().begin(), policy.getAudiences().end(),
+                boost::bind(equals_fn, a1val, boost::bind(&xstring::c_str, _1))
+                );
+            if (policyMatch != policy.getAudiences().end())
+                return true;
+
+            vector<const XMLCh*>::const_iterator ruleMatch = find_if(
+                m_audiences.begin(), m_audiences.end(),
+                boost::bind(equals_fn, a1val, _1)
+                );
+            if (ruleMatch != m_audiences.end())
+                return true;
         }
 
         ostringstream os;
         os << *ac2;
-        Category::getInstance(SAML_LOGCAT".SecurityPolicyRule.AudienceRestriction").error(
+        Category::getInstance(SAML_LOGCAT ".SecurityPolicyRule.AudienceRestriction").error(
             "unacceptable AudienceRestriction in assertion (%s)", os.str().c_str()
             );
         throw SecurityPolicyException("Assertion contains an unacceptable AudienceRestriction.");
@@ -98,20 +109,27 @@ bool AudienceRestrictionRule::evaluate(const XMLObject& message, const GenericRe
     const saml1::AudienceRestrictionCondition* ac1=dynamic_cast<const saml1::AudienceRestrictionCondition*>(&message);
     if (ac1) {
         const vector<saml1::Audience*>& auds1 = ac1->getAudiences();
-        for (vector<saml1::Audience*>::const_iterator a1 = auds1.begin(); a1!=auds1.end(); ++a1) {
-            for (vector<xstring>::const_iterator a2 = policy.getAudiences().begin(); a2!=policy.getAudiences().end(); ++a2) {
-                if (XMLString::equals((*a1)->getAudienceURI(), a2->c_str()))
-                    return true;
-            }
-            for (vector<const XMLCh*>::const_iterator a2 = m_audiences.begin(); a2!=m_audiences.end(); ++a2) {
-                if (XMLString::equals((*a1)->getAudienceURI(), *a2))
-                    return true;
-            }
+        for (vector<saml1::Audience*>::const_iterator a1 = auds1.begin(); a1 != auds1.end(); ++a1) {
+            const XMLCh* a1val = (*a1)->getAudienceURI();
+
+            vector<xstring>::const_iterator policyMatch = find_if(
+                policy.getAudiences().begin(), policy.getAudiences().end(),
+                boost::bind(equals_fn, a1val, boost::bind(&xstring::c_str, _1))
+                );
+            if (policyMatch != policy.getAudiences().end())
+                return true;
+
+            vector<const XMLCh*>::const_iterator ruleMatch = find_if(
+                m_audiences.begin(), m_audiences.end(),
+                boost::bind(equals_fn, a1val, _1)
+                );
+            if (ruleMatch != m_audiences.end())
+                return true;
         }
 
         ostringstream os;
         os << *ac1;
-        Category::getInstance(SAML_LOGCAT".SecurityPolicyRule.AudienceRestriction").error(
+        Category::getInstance(SAML_LOGCAT ".SecurityPolicyRule.AudienceRestriction").error(
             "unacceptable AudienceRestrictionCondition in assertion (%s)", os.str().c_str()
             );
         throw SecurityPolicyException("Assertion contains an unacceptable AudienceRestrictionCondition.");