throw ValidationException("Assertion is no longer valid.");
}
- // Now we process conditions. Only audience restrictions at the moment.
+ // Now we process conditions, starting with the known types and then extensions.
+
+ const vector<AudienceRestrictionCondition*>& acvec = conds->getAudienceRestrictionConditions();
+ for (vector<AudienceRestrictionCondition*>::const_iterator ac = acvec.begin(); ac!=acvec.end(); ++ac)
+ validateCondition(*ac);
+
+ const vector<DoNotCacheCondition*>& dncvec = conds->getDoNotCacheConditions();
+ for (vector<DoNotCacheCondition*>::const_iterator dnc = dncvec.begin(); dnc!=dncvec.end(); ++dnc)
+ validateCondition(*dnc);
+
const vector<Condition*>& convec = conds->getConditions();
- for (vector<Condition*>::const_iterator c = convec.begin(); c!=convec.end(); ++c) {
- if (!validateCondition(*c)) {
- Category::getInstance(SAML_LOGCAT".AssertionValidator").error("unrecognized Condition in assertion (%s)",
- (*c)->getSchemaType() ? (*c)->getSchemaType()->toString().c_str() : (*c)->getElementQName().toString().c_str());
- throw ValidationException("Assertion contains an unrecognized condition.");
- }
- }
+ for (vector<Condition*>::const_iterator c = convec.begin(); c!=convec.end(); ++c)
+ validateCondition(*c);
}
-bool AssertionValidator::validateCondition(const Condition* condition) const
+void AssertionValidator::validateCondition(const Condition* c) const
{
- const AudienceRestrictionCondition* ac=dynamic_cast<const AudienceRestrictionCondition*>(condition);
- if (!ac)
- return false;
+ const AudienceRestrictionCondition* ac=dynamic_cast<const AudienceRestrictionCondition*>(c);
+ if (!ac) {
+ Category::getInstance(SAML_LOGCAT".AssertionValidator").error("unrecognized Condition in assertion (%s)",
+ c->getSchemaType() ? c->getSchemaType()->toString().c_str() : c->getElementQName().toString().c_str());
+ throw ValidationException("Assertion contains an unrecognized condition.");
+ }
bool found = false;
const vector<Audience*>& auds1 = ac->getAudiences();
);
throw ValidationException("Assertion contains an unacceptable AudienceRestrictionCondition.");
}
-
- return found;
}
/**
* Condition validation.
*
- * <p>Base class version only understands AudienceRestrictionConditions.
+ * <p>The base class version only understands AudienceRestrictionConditions.
+ * All other condition types will be rejected and require subclassing to
+ * prevent validation failure.
*
* @param condition condition to validate
- * @return true iff condition was understood
*/
- virtual bool validateCondition(const Condition* condition) const;
+ virtual void validateCondition(const Condition* condition) const;
protected:
/** Set of audience values representing recipient. */
throw ValidationException("Assertion is no longer valid.");
}
- // Now we process conditions. Only audience restrictions at the moment.
+ // Now we process conditions, starting with the known types and then extensions.
+
+ const vector<AudienceRestriction*>& acvec = conds->getAudienceRestrictions();
+ for (vector<AudienceRestriction*>::const_iterator ac = acvec.begin(); ac!=acvec.end(); ++ac)
+ validateCondition(*ac);
+
+ const vector<OneTimeUse*>& dncvec = conds->getOneTimeUses();
+ for (vector<OneTimeUse*>::const_iterator dnc = dncvec.begin(); dnc!=dncvec.end(); ++dnc)
+ validateCondition(*dnc);
+
const vector<Condition*>& convec = conds->getConditions();
- for (vector<Condition*>::const_iterator c = convec.begin(); c!=convec.end(); ++c) {
- if (!validateCondition(*c)) {
- Category::getInstance(SAML_LOGCAT".AssertionValidator").error("unrecognized Condition in assertion (%s)",
- (*c)->getSchemaType() ? (*c)->getSchemaType()->toString().c_str() : (*c)->getElementQName().toString().c_str());
- throw ValidationException("Assertion contains an unrecognized condition.");
- }
- }
+ for (vector<Condition*>::const_iterator c = convec.begin(); c!=convec.end(); ++c)
+ validateCondition(*c);
}
-bool AssertionValidator::validateCondition(const Condition* condition) const
+void AssertionValidator::validateCondition(const Condition* c) const
{
- const AudienceRestriction* ac=dynamic_cast<const AudienceRestriction*>(condition);
- if (!ac)
- return false;
+ const AudienceRestriction* ac=dynamic_cast<const AudienceRestriction*>(c);
+ if (!ac) {
+ Category::getInstance(SAML_LOGCAT".AssertionValidator").error("unrecognized Condition in assertion (%s)",
+ c->getSchemaType() ? c->getSchemaType()->toString().c_str() : c->getElementQName().toString().c_str());
+ throw ValidationException("Assertion contains an unrecognized condition.");
+ }
bool found = false;
const vector<Audience*>& auds1 = ac->getAudiences();
Category::getInstance(SAML_LOGCAT".AssertionValidator").error("unacceptable AudienceRestriction in assertion (%s)", os.str().c_str());
throw ValidationException("Assertion contains an unacceptable AudienceRestriction.");
}
-
- return found;
}
/**
* Condition validation.
*
- * <p>Base class version only understands AudienceRestrictions.
+ * <p>The base class version only understands AudienceRestriction conditions.
+ * All other condition types will be rejected and require subclassing to
+ * prevent validation failure.
*
* @param condition condition to validate
- * @return true iff condition was understood
*/
- virtual bool validateCondition(const Condition* condition) const;
+ virtual void validateCondition(const Condition* condition) const;
protected:
/** Set of audience values representing recipient. */