From df39928338a40f7a2980406e9737893289673611 Mon Sep 17 00:00:00 2001 From: Scott Cantor Date: Fri, 20 Feb 2009 21:19:41 +0000 Subject: [PATCH] Expose audience collection on security policy. --- .cproject | 9 ++++---- saml/binding/SecurityPolicy.h | 32 +++++++++++++-------------- saml/binding/impl/SecurityPolicy.cpp | 1 - saml/profile/impl/AudienceRestrictionRule.cpp | 10 +++++---- samltest/saml1/profile/SAML1PolicyTest.h | 2 +- samltest/saml2/profile/SAML2PolicyTest.h | 2 +- 6 files changed, 29 insertions(+), 27 deletions(-) diff --git a/.cproject b/.cproject index 4bb7304..b224a74 100644 --- a/.cproject +++ b/.cproject @@ -79,9 +79,11 @@ - + + + @@ -101,16 +103,15 @@ + + - - - diff --git a/saml/binding/SecurityPolicy.h b/saml/binding/SecurityPolicy.h index b655d01..2dd16c2 100644 --- a/saml/binding/SecurityPolicy.h +++ b/saml/binding/SecurityPolicy.h @@ -131,12 +131,21 @@ namespace opensaml { } /** - * Returns the entityID of the receiving entity. + * Returns the SAML audiences that represent the receiving peer. * - * @return entityID of the peer processing the message + * @return audience values of the peer processing the message */ - const XMLCh* getRecipient() { - return m_recipient; + const std::vector& getAudiences() const { + return m_audiences; + } + + /** + * Returns the SAML audiences that represent the receiving peer. + * + * @return audience values of the peer processing the message + */ + std::vector& getAudiences() { + return m_audiences; } /** @@ -144,7 +153,7 @@ namespace opensaml { * * @return the time at which the message is being processed */ - time_t getTime() { + time_t getTime() const { if (m_ts == 0) return m_ts = time(NULL); return m_ts; @@ -221,15 +230,6 @@ namespace opensaml { } /** - * Sets entityID of receiving entity. - * - * @param recipient the entityID of the peer processing the message - */ - void setRecipient(const XMLCh* recipient) { - m_recipient = recipient; - } - - /** * Sets effective time of message processing. * *

Assumed to be the time of policy instantiation, can be adjusted to pre- or post-date @@ -449,8 +449,8 @@ namespace opensaml { bool m_entityOnly; // contextual information - const XMLCh* m_recipient; - time_t m_ts; + mutable time_t m_ts; + std::vector m_audiences; }; }; diff --git a/saml/binding/impl/SecurityPolicy.cpp b/saml/binding/impl/SecurityPolicy.cpp index d78e1df..bae5447 100644 --- a/saml/binding/impl/SecurityPolicy.cpp +++ b/saml/binding/impl/SecurityPolicy.cpp @@ -74,7 +74,6 @@ SecurityPolicy::SecurityPolicy( m_trust(trustEngine), m_validate(validate), m_entityOnly(true), - m_recipient(NULL), m_ts(0) { if (role) diff --git a/saml/profile/impl/AudienceRestrictionRule.cpp b/saml/profile/impl/AudienceRestrictionRule.cpp index e4b03e4..b579931 100644 --- a/saml/profile/impl/AudienceRestrictionRule.cpp +++ b/saml/profile/impl/AudienceRestrictionRule.cpp @@ -72,8 +72,9 @@ bool AudienceRestrictionRule::evaluate(const XMLObject& message, const GenericRe if (ac2) { const vector& auds2 = ac2->getAudiences(); for (vector::const_iterator a1 = auds2.begin(); a1!=auds2.end(); ++a1) { - if (XMLString::equals(policy.getRecipient(), (*a1)->getAudienceURI())) { - return true; + for (vector::const_iterator a2 = policy.getAudiences().begin(); a2!=policy.getAudiences().end(); ++a2) { + if (XMLString::equals((*a1)->getAudienceURI(), *a2)) + return true; } for (vector::const_iterator a2 = m_audiences.begin(); a2!=m_audiences.end(); ++a2) { if (XMLString::equals((*a1)->getAudienceURI(), *a2)) @@ -93,8 +94,9 @@ bool AudienceRestrictionRule::evaluate(const XMLObject& message, const GenericRe if (ac1) { const vector& auds1 = ac1->getAudiences(); for (vector::const_iterator a1 = auds1.begin(); a1!=auds1.end(); ++a1) { - if (XMLString::equals(policy.getRecipient(), (*a1)->getAudienceURI())) { - return true; + for (vector::const_iterator a2 = policy.getAudiences().begin(); a2!=policy.getAudiences().end(); ++a2) { + if (XMLString::equals((*a1)->getAudienceURI(), *a2)) + return true; } for (vector::const_iterator a2 = m_audiences.begin(); a2!=m_audiences.end(); ++a2) { if (XMLString::equals((*a1)->getAudienceURI(), *a2)) diff --git a/samltest/saml1/profile/SAML1PolicyTest.h b/samltest/saml1/profile/SAML1PolicyTest.h index 82660b1..49554e5 100644 --- a/samltest/saml1/profile/SAML1PolicyTest.h +++ b/samltest/saml1/profile/SAML1PolicyTest.h @@ -54,7 +54,7 @@ public: TSM_ASSERT_THROWS("Policy should have tripped on AudienceRestriction", m_policy->evaluate(*assertion.get()), SecurityPolicyException); auto_ptr_XMLCh recipient("https://sp.example.org"); - m_policy->setRecipient(recipient.get()); + m_policy->getAudiences().push_back(recipient.get()); m_policy->evaluate(*assertion.get()); } catch (exception& ex) { diff --git a/samltest/saml2/profile/SAML2PolicyTest.h b/samltest/saml2/profile/SAML2PolicyTest.h index f4cc1d8..3f3b958 100644 --- a/samltest/saml2/profile/SAML2PolicyTest.h +++ b/samltest/saml2/profile/SAML2PolicyTest.h @@ -54,7 +54,7 @@ public: TSM_ASSERT_THROWS("Policy should have tripped on AudienceRestriction", m_policy->evaluate(*assertion.get()), SecurityPolicyException); auto_ptr_XMLCh recipient("https://sp.example.org"); - m_policy->setRecipient(recipient.get()); + m_policy->getAudiences().push_back(recipient.get()); m_policy->evaluate(*assertion.get()); } catch (exception& ex) { -- 2.1.4