From: cantor Date: Thu, 17 Jan 2008 05:14:48 +0000 (+0000) Subject: Change audience handling and validators to separate out entityID. X-Git-Tag: 2.4.1~258 X-Git-Url: http://www.project-moonshot.org/gitweb/?p=shibboleth%2Fopensaml2.git;a=commitdiff_plain;h=c1d72e996ed6819f24a38961f591892bd1a85a62 Change audience handling and validators to separate out entityID. Make entityID overridable by relying party. git-svn-id: https://svn.middleware.georgetown.edu/cpp-opensaml2/trunk@363 fb386ef7-a10c-0410-8ebf-fd3f8e989ab0 --- diff --git a/saml/saml1/profile/AssertionValidator.cpp b/saml/saml1/profile/AssertionValidator.cpp index 31014d4..a7b2ada 100644 --- a/saml/saml1/profile/AssertionValidator.cpp +++ b/saml/saml1/profile/AssertionValidator.cpp @@ -88,8 +88,13 @@ void AssertionValidator::validateCondition(const Condition* c) const bool found = false; const vector& auds1 = ac->getAudiences(); for (vector::const_iterator a = auds1.begin(); !found && a!=auds1.end(); ++a) { - for (vector::const_iterator a2 = m_audiences.begin(); !found && a2!=m_audiences.end(); ++a2) { - found = XMLString::equals((*a)->getAudienceURI(), *a2); + if (XMLString::equals(m_recipient, (*a)->getAudienceURI())) { + found = true; + } + else if (m_audiences) { + for (vector::const_iterator a2 = m_audiences->begin(); !found && a2!=m_audiences->end(); ++a2) { + found = XMLString::equals((*a)->getAudienceURI(), *a2); + } } } diff --git a/saml/saml1/profile/AssertionValidator.h b/saml/saml1/profile/AssertionValidator.h index 650ddfb..7e4eefc 100644 --- a/saml/saml1/profile/AssertionValidator.h +++ b/saml/saml1/profile/AssertionValidator.h @@ -41,10 +41,13 @@ namespace opensaml { /** * Constructor * - * @param audiences set of audience values representing recipient + * @param recipient name of assertion recipient (implicit audience) + * @param audiences additional audience values * @param ts timestamp to evaluate assertion conditions, or 0 to bypass check */ - AssertionValidator(const std::vector& audiences, time_t ts=0) : m_audiences(audiences), m_ts(ts) {} + AssertionValidator(const XMLCh* recipient, const std::vector* audiences=NULL, time_t ts=0) + : m_recipient(recipient), m_audiences(audiences), m_ts(ts) { + } virtual ~AssertionValidator() {} @@ -69,8 +72,11 @@ namespace opensaml { virtual void validateCondition(const Condition* condition) const; protected: - /** Set of audience values representing recipient. */ - const std::vector& m_audiences; + /** Name of recipient (implicit audience). */ + const XMLCh* m_recipient; + + /** Additional audience values. */ + const std::vector* m_audiences; /** Timestamp to evaluate assertion conditions. */ time_t m_ts; diff --git a/saml/saml1/profile/BrowserSSOProfileValidator.h b/saml/saml1/profile/BrowserSSOProfileValidator.h index 6073a7a..65d304b 100644 --- a/saml/saml1/profile/BrowserSSOProfileValidator.h +++ b/saml/saml1/profile/BrowserSSOProfileValidator.h @@ -41,11 +41,12 @@ namespace opensaml { /** * Constructor * - * @param audiences set of audience values representing recipient + * @recipient name of assertion recipient (implicit audience) + * @param audiences additional audience values * @param ts timestamp to evaluate assertion conditions, or 0 to bypass check */ - BrowserSSOProfileValidator(const std::vector& audiences, time_t ts=0) - : AssertionValidator(audiences, ts) { + BrowserSSOProfileValidator(const XMLCh* recipient, const std::vector* audiences=NULL, time_t ts=0) + : AssertionValidator(recipient, audiences, ts) { } virtual ~BrowserSSOProfileValidator() {} diff --git a/saml/saml2/profile/Assertion20Validator.cpp b/saml/saml2/profile/Assertion20Validator.cpp index faff298..463c45c 100644 --- a/saml/saml2/profile/Assertion20Validator.cpp +++ b/saml/saml2/profile/Assertion20Validator.cpp @@ -87,8 +87,13 @@ void AssertionValidator::validateCondition(const Condition* c) const bool found = false; const vector& auds1 = ac->getAudiences(); for (vector::const_iterator a = auds1.begin(); !found && a!=auds1.end(); ++a) { - for (vector::const_iterator a2 = m_audiences.begin(); !found && a2!=m_audiences.end(); ++a2) { - found = XMLString::equals((*a)->getAudienceURI(), *a2); + if (XMLString::equals(m_recipient, (*a)->getAudienceURI())) { + found = true; + } + else if (m_audiences) { + for (vector::const_iterator a2 = m_audiences->begin(); !found && a2!=m_audiences->end(); ++a2) { + found = XMLString::equals((*a)->getAudienceURI(), *a2); + } } } diff --git a/saml/saml2/profile/AssertionValidator.h b/saml/saml2/profile/AssertionValidator.h index f427bce..240fd9d 100644 --- a/saml/saml2/profile/AssertionValidator.h +++ b/saml/saml2/profile/AssertionValidator.h @@ -41,10 +41,13 @@ namespace opensaml { /** * Constructor * - * @param audiences set of audience values representing recipient + * @param recipient name of assertion recipient (implicit audience) + * @param audiences additional audience values * @param ts timestamp to evaluate assertion conditions, or 0 to bypass check */ - AssertionValidator(const std::vector& audiences, time_t ts=0) : m_audiences(audiences), m_ts(ts) {} + AssertionValidator(const XMLCh* recipient, const std::vector* audiences=NULL, time_t ts=0) + : m_recipient(recipient), m_audiences(audiences), m_ts(ts) { + } virtual ~AssertionValidator() {} @@ -69,8 +72,11 @@ namespace opensaml { virtual void validateCondition(const Condition* condition) const; protected: - /** Set of audience values representing recipient. */ - const std::vector& m_audiences; + /** Name of recipient (implicit audience). */ + const XMLCh* m_recipient; + + /** Additional audience values. */ + const std::vector* m_audiences; /** Timestamp to evaluate assertion conditions. */ time_t m_ts; diff --git a/saml/saml2/profile/BrowserSSOProfileValidator.h b/saml/saml2/profile/BrowserSSOProfileValidator.h index e6a9948..97318bd 100644 --- a/saml/saml2/profile/BrowserSSOProfileValidator.h +++ b/saml/saml2/profile/BrowserSSOProfileValidator.h @@ -42,17 +42,19 @@ namespace opensaml { /** * Constructor * - * @param audiences set of audience values representing recipient + * @param recipient name of assertion recipient (implicit audience) + * @param audiences additional audience values * @param ts timestamp to evaluate assertion conditions, or 0 to bypass check * @param destination server location to which assertion was delivered, or 0 to bypass check * @param requestID ID of request that resulted in assertion, or NULL if unsolicited */ BrowserSSOProfileValidator( - const std::vector& audiences, + const XMLCh* recipient, + const std::vector* audiences=NULL, time_t ts=0, const char* destination=NULL, const char* requestID=NULL - ) : AssertionValidator(audiences, ts), m_destination(destination), m_requestID(requestID) { + ) : AssertionValidator(recipient, audiences, ts), m_destination(destination), m_requestID(requestID) { } virtual ~BrowserSSOProfileValidator() {}