X-Git-Url: http://www.project-moonshot.org/gitweb/?a=blobdiff_plain;f=saml%2Fsaml2%2Fcore%2Fimpl%2FAssertions20Impl.cpp;h=9c743c89b2685f0e0b4215b9d0ffb64364ee19f2;hb=f1208cd2f514700244816377443c4951dc22c848;hp=fd9a54a9c4066314f69243a4c43aae83198d5920;hpb=52a4b6e644370ea071381676df5fb497e8832980;p=shibboleth%2Fcpp-opensaml.git

diff --git a/saml/saml2/core/impl/Assertions20Impl.cpp b/saml/saml2/core/impl/Assertions20Impl.cpp
index fd9a54a..9c743c8 100644
--- a/saml/saml2/core/impl/Assertions20Impl.cpp
+++ b/saml/saml2/core/impl/Assertions20Impl.cpp
@@ -1,35 +1,43 @@
-/*
- *  Copyright 2001-2007 Internet2
+/**
+ * Licensed to the University Corporation for Advanced Internet
+ * Development, Inc. (UCAID) under one or more contributor license
+ * agreements. See the NOTICE file distributed with this work for
+ * additional information regarding copyright ownership.
  *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
+ * UCAID licenses this file to you under the Apache License,
+ * Version 2.0 (the "License"); you may not use this file except
+ * in compliance with the License. You may obtain a copy of the
+ * License at
  *
- *     http://www.apache.org/licenses/LICENSE-2.0
+ * http://www.apache.org/licenses/LICENSE-2.0
  *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND,
+ * either express or implied. See the License for the specific
+ * language governing permissions and limitations under the License.
  */
 
 /**
  * Assertions20Impl.cpp
  *
- * Implementation classes for SAML 2.0 Assertions schema
+ * Implementation classes for SAML 2.0 Assertions schema.
  */
 
 #include "internal.h"
 #include "exceptions.h"
 #include "saml/encryption/EncryptedKeyResolver.h"
 #include "saml2/core/Assertions.h"
+#include "signature/ContentReference.h"
 
 #include <xmltooling/AbstractComplexElement.h>
 #include <xmltooling/AbstractSimpleElement.h>
 #include <xmltooling/impl/AnyElement.h>
 #include <xmltooling/io/AbstractXMLObjectMarshaller.h>
 #include <xmltooling/io/AbstractXMLObjectUnmarshaller.h>
+#include <xmltooling/signature/KeyInfo.h>
+#include <xmltooling/signature/Signature.h>
+#include <xmltooling/util/DateTime.h>
 #include <xmltooling/util/XMLHelper.h>
 
 #include <ctime>
@@ -45,6 +53,7 @@ using xmlconstants::XMLSIG_NS;
 using xmlconstants::XMLENC_NS;
 using xmlconstants::XML_BOOL_NULL;
 using samlconstants::SAML20_NS;
+using samlconstants::SAML20_DELEGATION_CONDITION_NS;
 
 
 #if defined (_MSC_VER)
@@ -69,7 +78,7 @@ namespace opensaml {
             public AbstractXMLObjectUnmarshaller
         {
             void init() {
-                m_Format=m_SPProvidedID=m_NameQualifier=m_SPNameQualifier=NULL;
+                m_Format=m_SPProvidedID=m_NameQualifier=m_SPNameQualifier=nullptr;
             }
 
         protected:
@@ -107,17 +116,17 @@ namespace opensaml {
 
         protected:
             void marshallAttributes(DOMElement* domElement) const {
-                MARSHALL_STRING_ATTRIB(NameQualifier,NAMEQUALIFIER,NULL);
-                MARSHALL_STRING_ATTRIB(SPNameQualifier,SPNAMEQUALIFIER,NULL);
-                MARSHALL_STRING_ATTRIB(Format,FORMAT,NULL);
-                MARSHALL_STRING_ATTRIB(SPProvidedID,SPPROVIDEDID,NULL);
+                MARSHALL_STRING_ATTRIB(NameQualifier,NAMEQUALIFIER,nullptr);
+                MARSHALL_STRING_ATTRIB(SPNameQualifier,SPNAMEQUALIFIER,nullptr);
+                MARSHALL_STRING_ATTRIB(Format,FORMAT,nullptr);
+                MARSHALL_STRING_ATTRIB(SPProvidedID,SPPROVIDEDID,nullptr);
             }
 
             void processAttribute(const DOMAttr* attribute) {
-                PROC_STRING_ATTRIB(NameQualifier,NAMEQUALIFIER,NULL);
-                PROC_STRING_ATTRIB(SPNameQualifier,SPNAMEQUALIFIER,NULL);
-                PROC_STRING_ATTRIB(Format,FORMAT,NULL);
-                PROC_STRING_ATTRIB(SPProvidedID,SPPROVIDEDID,NULL);
+                PROC_STRING_ATTRIB(NameQualifier,NAMEQUALIFIER,nullptr);
+                PROC_STRING_ATTRIB(SPNameQualifier,SPNAMEQUALIFIER,nullptr);
+                PROC_STRING_ATTRIB(Format,FORMAT,nullptr);
+                PROC_STRING_ATTRIB(SPProvidedID,SPPROVIDEDID,nullptr);
                 AbstractXMLObjectUnmarshaller::processAttribute(attribute);
             }
         };
@@ -163,8 +172,8 @@ namespace opensaml {
             public AbstractXMLObjectUnmarshaller
         {
             void init() {
-                m_EncryptedData=NULL;
-                m_children.push_back(NULL);
+                m_EncryptedData=nullptr;
+                m_children.push_back(nullptr);
                 m_pos_EncryptedData=m_children.begin();
             }
 
@@ -231,7 +240,7 @@ namespace opensaml {
                 : AbstractXMLObject(nsURI, localName, prefix, schemaType) {
             }
 
-            ConditionImpl(const ConditionImpl& src) : AnyElementImpl(src) {}
+            ConditionImpl(const ConditionImpl& src) : AbstractXMLObject(src), AnyElementImpl(src) {}
 
             IMPL_XMLOBJECT_CLONE(Condition);
         };
@@ -308,7 +317,7 @@ namespace opensaml {
 
             ProxyRestrictionImpl(const XMLCh* nsURI, const XMLCh* localName, const XMLCh* prefix, const xmltooling::QName* schemaType)
                 : AbstractXMLObject(nsURI, localName, prefix, schemaType) {
-                m_Count=NULL;
+                m_Count=nullptr;
             }
 
             ProxyRestrictionImpl(const ProxyRestrictionImpl& src)
@@ -331,7 +340,7 @@ namespace opensaml {
 
         protected:
             void marshallAttributes(DOMElement* domElement) const {
-                MARSHALL_INTEGER_ATTRIB(Count,COUNT,NULL);
+                MARSHALL_INTEGER_ATTRIB(Count,COUNT,nullptr);
             }
 
             void processChildElement(XMLObject* childXMLObject, const DOMElement* root) {
@@ -340,11 +349,118 @@ namespace opensaml {
             }
 
             void processAttribute(const DOMAttr* attribute) {
-                PROC_INTEGER_ATTRIB(Count,COUNT,NULL);
+                PROC_INTEGER_ATTRIB(Count,COUNT,nullptr);
+                AbstractXMLObjectUnmarshaller::processAttribute(attribute);
+            }
+        };
+
+        class SAML_DLLLOCAL DelegateImpl : public virtual Delegate,
+            public AbstractComplexElement,
+            public AbstractDOMCachingXMLObject,
+            public AbstractXMLObjectMarshaller,
+            public AbstractXMLObjectUnmarshaller
+        {
+            void init() {
+                m_ConfirmationMethod=nullptr;
+                m_DelegationInstant=nullptr;
+                m_BaseID=nullptr;
+                m_NameID=nullptr;
+                m_EncryptedID=nullptr;
+                m_children.push_back(nullptr);
+                m_children.push_back(nullptr);
+                m_children.push_back(nullptr);
+                m_pos_BaseID=m_children.begin();
+                m_pos_NameID=m_pos_BaseID;
+                ++m_pos_NameID;
+                m_pos_EncryptedID=m_pos_NameID;
+                ++m_pos_EncryptedID;
+            }
+        public:
+            virtual ~DelegateImpl() {
+                XMLString::release(&m_ConfirmationMethod);
+                delete m_DelegationInstant;
+            }
+
+            DelegateImpl(const XMLCh* nsURI, const XMLCh* localName, const XMLCh* prefix, const xmltooling::QName* schemaType)
+                : AbstractXMLObject(nsURI, localName, prefix, schemaType) {
+                init();
+            }
+
+            DelegateImpl(const DelegateImpl& src)
+                    : AbstractXMLObject(src), AbstractComplexElement(src), AbstractDOMCachingXMLObject(src) {
+                init();
+                setConfirmationMethod(src.getConfirmationMethod());
+                setDelegationInstant(src.getDelegationInstant());
+                if (src.getBaseID())
+                    setBaseID(src.getBaseID()->cloneBaseID());
+                if (src.getNameID())
+                    setNameID(src.getNameID()->cloneNameID());
+                if (src.getEncryptedID())
+                    setEncryptedID(src.getEncryptedID()->cloneEncryptedID());
+            }
+
+            IMPL_XMLOBJECT_CLONE(Delegate);
+            IMPL_STRING_ATTRIB(ConfirmationMethod);
+            IMPL_DATETIME_ATTRIB(DelegationInstant,0);
+            IMPL_TYPED_CHILD(NameID);
+            IMPL_TYPED_CHILD(BaseID);
+            IMPL_TYPED_CHILD(EncryptedID);
+
+        protected:
+            void marshallAttributes(DOMElement* domElement) const {
+                MARSHALL_STRING_ATTRIB(ConfirmationMethod,CONFIRMATIONMETHOD,nullptr);
+                MARSHALL_DATETIME_ATTRIB(DelegationInstant,DELEGATIONINSTANT,nullptr);
+            }
+
+            void processChildElement(XMLObject* childXMLObject, const DOMElement* root) {
+                PROC_TYPED_CHILD(BaseID,SAML20_NS,false);
+                PROC_TYPED_CHILD(NameID,SAML20_NS,false);
+                PROC_TYPED_CHILD(EncryptedID,SAML20_NS,false);
+                AbstractXMLObjectUnmarshaller::processChildElement(childXMLObject,root);
+            }
+
+            void processAttribute(const DOMAttr* attribute) {
+                PROC_STRING_ATTRIB(ConfirmationMethod,CONFIRMATIONMETHOD,nullptr);
+                PROC_DATETIME_ATTRIB(DelegationInstant,DELEGATIONINSTANT,nullptr);
                 AbstractXMLObjectUnmarshaller::processAttribute(attribute);
             }
         };
 
+        class SAML_DLLLOCAL DelegationRestrictionTypeImpl : public virtual DelegationRestrictionType,
+            public AbstractComplexElement,
+            public AbstractDOMCachingXMLObject,
+            public AbstractXMLObjectMarshaller,
+            public AbstractXMLObjectUnmarshaller
+        {
+        public:
+            virtual ~DelegationRestrictionTypeImpl() {}
+
+            DelegationRestrictionTypeImpl(const XMLCh* nsURI, const XMLCh* localName, const XMLCh* prefix, const xmltooling::QName* schemaType)
+                : AbstractXMLObject(nsURI, localName, prefix, schemaType) {
+            }
+
+            DelegationRestrictionTypeImpl(const DelegationRestrictionTypeImpl& src)
+                    : AbstractXMLObject(src), AbstractComplexElement(src), AbstractDOMCachingXMLObject(src) {
+                VectorOf(Delegate) v=getDelegates();
+                for (vector<Delegate*>::const_iterator i=src.m_Delegates.begin(); i!=src.m_Delegates.end(); i++) {
+                    if (*i) {
+                        v.push_back((*i)->cloneDelegate());
+                    }
+                }
+            }
+
+            IMPL_XMLOBJECT_CLONE(DelegationRestrictionType);
+            Condition* cloneCondition() const {
+                return cloneDelegationRestrictionType();
+            }
+            IMPL_TYPED_CHILDREN(Delegate,m_children.end());
+
+        protected:
+            void processChildElement(XMLObject* childXMLObject, const DOMElement* root) {
+                PROC_TYPED_CHILDREN(Delegate,SAML20_DELEGATION_CONDITION_NS,false);
+                AbstractXMLObjectUnmarshaller::processChildElement(childXMLObject,root);
+            }
+        };
 
         class SAML_DLLLOCAL ConditionsImpl : public virtual Conditions,
             public AbstractComplexElement,
@@ -353,7 +469,7 @@ namespace opensaml {
             public AbstractXMLObjectUnmarshaller
         {
             void init() {
-                m_NotBefore=m_NotOnOrAfter=NULL;
+                m_NotBefore=m_NotOnOrAfter=nullptr;
             }
         public:
             virtual ~ConditionsImpl() {
@@ -411,8 +527,8 @@ namespace opensaml {
 
         protected:
             void marshallAttributes(DOMElement* domElement) const {
-                MARSHALL_DATETIME_ATTRIB(NotBefore,NOTBEFORE,NULL);
-                MARSHALL_DATETIME_ATTRIB(NotOnOrAfter,NOTONORAFTER,NULL);
+                MARSHALL_DATETIME_ATTRIB(NotBefore,NOTBEFORE,nullptr);
+                MARSHALL_DATETIME_ATTRIB(NotOnOrAfter,NOTONORAFTER,nullptr);
             }
 
             void processChildElement(XMLObject* childXMLObject, const DOMElement* root) {
@@ -424,8 +540,8 @@ namespace opensaml {
             }
 
             void processAttribute(const DOMAttr* attribute) {
-                PROC_DATETIME_ATTRIB(NotBefore,NOTBEFORE,NULL);
-                PROC_DATETIME_ATTRIB(NotOnOrAfter,NOTONORAFTER,NULL);
+                PROC_DATETIME_ATTRIB(NotBefore,NOTBEFORE,nullptr);
+                PROC_DATETIME_ATTRIB(NotOnOrAfter,NOTONORAFTER,nullptr);
                 AbstractXMLObjectUnmarshaller::processAttribute(attribute);
             }
         };
@@ -433,8 +549,8 @@ namespace opensaml {
         class SAML_DLLLOCAL SubjectConfirmationDataTypeImpl : public virtual SubjectConfirmationDataType, public virtual AbstractXMLObject
         {
             void init() {
-                m_NotBefore=m_NotOnOrAfter=NULL;
-                m_Recipient=m_InResponseTo=m_Address=NULL;
+                m_NotBefore=m_NotOnOrAfter=nullptr;
+                m_Recipient=m_InResponseTo=m_Address=nullptr;
             }
 
         protected:
@@ -473,19 +589,19 @@ namespace opensaml {
 
         protected:
             void marshallAttributes(DOMElement* domElement) const {
-                MARSHALL_DATETIME_ATTRIB(NotBefore,NOTBEFORE,NULL);
-                MARSHALL_DATETIME_ATTRIB(NotOnOrAfter,NOTONORAFTER,NULL);
-                MARSHALL_STRING_ATTRIB(Recipient,RECIPIENT,NULL);
-                MARSHALL_STRING_ATTRIB(InResponseTo,INRESPONSETO,NULL);
-                MARSHALL_STRING_ATTRIB(Address,ADDRESS,NULL);
+                MARSHALL_DATETIME_ATTRIB(NotBefore,NOTBEFORE,nullptr);
+                MARSHALL_DATETIME_ATTRIB(NotOnOrAfter,NOTONORAFTER,nullptr);
+                MARSHALL_STRING_ATTRIB(Recipient,RECIPIENT,nullptr);
+                MARSHALL_STRING_ATTRIB(InResponseTo,INRESPONSETO,nullptr);
+                MARSHALL_STRING_ATTRIB(Address,ADDRESS,nullptr);
             }
 
             void processAttribute(const DOMAttr* attribute) {
-                PROC_DATETIME_ATTRIB(NotBefore,NOTBEFORE,NULL);
-                PROC_DATETIME_ATTRIB(NotOnOrAfter,NOTONORAFTER,NULL);
-                PROC_STRING_ATTRIB(Recipient,RECIPIENT,NULL);
-                PROC_STRING_ATTRIB(InResponseTo,INRESPONSETO,NULL);
-                PROC_STRING_ATTRIB(Address,ADDRESS,NULL);
+                PROC_DATETIME_ATTRIB(NotBefore,NOTBEFORE,nullptr);
+                PROC_DATETIME_ATTRIB(NotOnOrAfter,NOTONORAFTER,nullptr);
+                PROC_STRING_ATTRIB(Recipient,RECIPIENT,nullptr);
+                PROC_STRING_ATTRIB(InResponseTo,INRESPONSETO,nullptr);
+                PROC_STRING_ATTRIB(Address,ADDRESS,nullptr);
             }
         };
 
@@ -500,7 +616,7 @@ namespace opensaml {
             }
 
             SubjectConfirmationDataImpl(const SubjectConfirmationDataImpl& src)
-                    : SubjectConfirmationDataTypeImpl(src), AnyElementImpl(src) {
+                    : AbstractXMLObject(src), SubjectConfirmationDataTypeImpl(src), AnyElementImpl(src) {
             }
 
             IMPL_XMLOBJECT_CLONE(SubjectConfirmationData);
@@ -541,11 +657,11 @@ namespace opensaml {
             }
 
             void processAttribute(const DOMAttr* attribute) {
-                PROC_DATETIME_ATTRIB(NotBefore,NOTBEFORE,NULL);
-                PROC_DATETIME_ATTRIB(NotOnOrAfter,NOTONORAFTER,NULL);
-                PROC_STRING_ATTRIB(Recipient,RECIPIENT,NULL);
-                PROC_STRING_ATTRIB(InResponseTo,INRESPONSETO,NULL);
-                PROC_STRING_ATTRIB(Address,ADDRESS,NULL);
+                PROC_DATETIME_ATTRIB(NotBefore,NOTBEFORE,nullptr);
+                PROC_DATETIME_ATTRIB(NotOnOrAfter,NOTONORAFTER,nullptr);
+                PROC_STRING_ATTRIB(Recipient,RECIPIENT,nullptr);
+                PROC_STRING_ATTRIB(InResponseTo,INRESPONSETO,nullptr);
+                PROC_STRING_ATTRIB(Address,ADDRESS,nullptr);
                 AnyElementImpl::processAttribute(attribute);
             }
         };
@@ -630,15 +746,15 @@ namespace opensaml {
             public AbstractXMLObjectUnmarshaller
         {
             void init() {
-                m_Method=NULL;
-                m_BaseID=NULL;
-                m_NameID=NULL;
-                m_EncryptedID=NULL;
-                m_SubjectConfirmationData=NULL;
-                m_children.push_back(NULL);
-                m_children.push_back(NULL);
-                m_children.push_back(NULL);
-                m_children.push_back(NULL);
+                m_Method=nullptr;
+                m_BaseID=nullptr;
+                m_NameID=nullptr;
+                m_EncryptedID=nullptr;
+                m_SubjectConfirmationData=nullptr;
+                m_children.push_back(nullptr);
+                m_children.push_back(nullptr);
+                m_children.push_back(nullptr);
+                m_children.push_back(nullptr);
                 m_pos_BaseID=m_children.begin();
                 m_pos_NameID=m_pos_BaseID;
                 ++m_pos_NameID;
@@ -648,7 +764,9 @@ namespace opensaml {
                 ++m_pos_SubjectConfirmationData;
             }
         public:
-            virtual ~SubjectConfirmationImpl() {}
+            virtual ~SubjectConfirmationImpl() {
+                XMLString::release(&m_Method);
+            }
 
             SubjectConfirmationImpl(const XMLCh* nsURI, const XMLCh* localName, const XMLCh* prefix, const xmltooling::QName* schemaType)
                 : AbstractXMLObject(nsURI, localName, prefix, schemaType) {
@@ -678,7 +796,7 @@ namespace opensaml {
 
         protected:
             void marshallAttributes(DOMElement* domElement) const {
-                MARSHALL_STRING_ATTRIB(Method,METHOD,NULL);
+                MARSHALL_STRING_ATTRIB(Method,METHOD,nullptr);
             }
 
             void processChildElement(XMLObject* childXMLObject, const DOMElement* root) {
@@ -690,7 +808,7 @@ namespace opensaml {
             }
 
             void processAttribute(const DOMAttr* attribute) {
-                PROC_STRING_ATTRIB(Method,METHOD,NULL);
+                PROC_STRING_ATTRIB(Method,METHOD,nullptr);
                 AbstractXMLObjectUnmarshaller::processAttribute(attribute);
             }
         };
@@ -702,12 +820,12 @@ namespace opensaml {
             public AbstractXMLObjectUnmarshaller
         {
             void init() {
-                m_BaseID=NULL;
-                m_NameID=NULL;
-                m_EncryptedID=NULL;
-                m_children.push_back(NULL);
-                m_children.push_back(NULL);
-                m_children.push_back(NULL);
+                m_BaseID=nullptr;
+                m_NameID=nullptr;
+                m_EncryptedID=nullptr;
+                m_children.push_back(nullptr);
+                m_children.push_back(nullptr);
+                m_children.push_back(nullptr);
                 m_pos_BaseID=m_children.begin();
                 m_pos_NameID=m_pos_BaseID;
                 ++m_pos_NameID;
@@ -762,7 +880,7 @@ namespace opensaml {
             public AbstractXMLObjectUnmarshaller
         {
             void init() {
-                m_Address=m_DNSName=NULL;
+                m_Address=m_DNSName=nullptr;
             }
         public:
             virtual ~SubjectLocalityImpl() {
@@ -788,13 +906,13 @@ namespace opensaml {
 
         protected:
             void marshallAttributes(DOMElement* domElement) const {
-                MARSHALL_STRING_ATTRIB(Address,ADDRESS,NULL);
-                MARSHALL_STRING_ATTRIB(DNSName,DNSNAME,NULL);
+                MARSHALL_STRING_ATTRIB(Address,ADDRESS,nullptr);
+                MARSHALL_STRING_ATTRIB(DNSName,DNSNAME,nullptr);
             }
 
             void processAttribute(const DOMAttr* attribute) {
-                PROC_STRING_ATTRIB(Address,ADDRESS,NULL);
-                PROC_STRING_ATTRIB(DNSName,DNSNAME,NULL);
+                PROC_STRING_ATTRIB(Address,ADDRESS,nullptr);
+                PROC_STRING_ATTRIB(DNSName,DNSNAME,nullptr);
                 AbstractXMLObjectUnmarshaller::processAttribute(attribute);
             }
         };
@@ -808,7 +926,7 @@ namespace opensaml {
                 : AbstractXMLObject(nsURI, localName, prefix, schemaType) {
             }
 
-            StatementImpl(const StatementImpl& src) : AnyElementImpl(src) {}
+            StatementImpl(const StatementImpl& src) : AbstractXMLObject(src), AnyElementImpl(src) {}
 
             IMPL_XMLOBJECT_CLONE(Statement);
         };
@@ -823,7 +941,7 @@ namespace opensaml {
                 : AbstractXMLObject(nsURI, localName, prefix, schemaType) {
             }
 
-            AuthnContextDeclImpl(const AuthnContextDeclImpl& src) : AnyElementImpl(src) {
+            AuthnContextDeclImpl(const AuthnContextDeclImpl& src) : AbstractXMLObject(src), AnyElementImpl(src) {
             }
 
             IMPL_XMLOBJECT_CLONE(AuthnContextDecl);
@@ -836,12 +954,12 @@ namespace opensaml {
             public AbstractXMLObjectUnmarshaller
         {
             void init() {
-                m_AuthnContextClassRef=NULL;
-                m_AuthnContextDecl=NULL;
-                m_AuthnContextDeclRef=NULL;
-                m_children.push_back(NULL);
-                m_children.push_back(NULL);
-                m_children.push_back(NULL);
+                m_AuthnContextClassRef=nullptr;
+                m_AuthnContextDecl=nullptr;
+                m_AuthnContextDeclRef=nullptr;
+                m_children.push_back(nullptr);
+                m_children.push_back(nullptr);
+                m_children.push_back(nullptr);
                 m_pos_AuthnContextClassRef=m_children.begin();
                 m_pos_AuthnContextDecl=m_pos_AuthnContextClassRef;
                 ++m_pos_AuthnContextDecl;
@@ -896,13 +1014,13 @@ namespace opensaml {
             public AbstractXMLObjectUnmarshaller
         {
             void init() {
-                m_AuthnInstant=NULL;
-                m_SessionIndex=NULL;
-                m_SessionNotOnOrAfter=NULL;
-                m_SubjectLocality=NULL;
-                m_AuthnContext=NULL;
-                m_children.push_back(NULL);
-                m_children.push_back(NULL);
+                m_AuthnInstant=nullptr;
+                m_SessionIndex=nullptr;
+                m_SessionNotOnOrAfter=nullptr;
+                m_SubjectLocality=nullptr;
+                m_AuthnContext=nullptr;
+                m_children.push_back(nullptr);
+                m_children.push_back(nullptr);
                 m_pos_SubjectLocality=m_children.begin();
                 m_pos_AuthnContext=m_pos_SubjectLocality;
                 ++m_pos_AuthnContext;
@@ -943,9 +1061,9 @@ namespace opensaml {
 
         protected:
             void marshallAttributes(DOMElement* domElement) const {
-                MARSHALL_DATETIME_ATTRIB(AuthnInstant,AUTHNINSTANT,NULL);
-                MARSHALL_STRING_ATTRIB(SessionIndex,SESSIONINDEX,NULL);
-                MARSHALL_DATETIME_ATTRIB(SessionNotOnOrAfter,SESSIONNOTONORAFTER,NULL);
+                MARSHALL_DATETIME_ATTRIB(AuthnInstant,AUTHNINSTANT,nullptr);
+                MARSHALL_STRING_ATTRIB(SessionIndex,SESSIONINDEX,nullptr);
+                MARSHALL_DATETIME_ATTRIB(SessionNotOnOrAfter,SESSIONNOTONORAFTER,nullptr);
             }
 
             void processChildElement(XMLObject* childXMLObject, const DOMElement* root) {
@@ -955,9 +1073,9 @@ namespace opensaml {
             }
 
             void processAttribute(const DOMAttr* attribute) {
-                PROC_DATETIME_ATTRIB(AuthnInstant,AUTHNINSTANT,NULL);
-                PROC_STRING_ATTRIB(SessionIndex,SESSIONINDEX,NULL);
-                PROC_DATETIME_ATTRIB(SessionNotOnOrAfter,SESSIONNOTONORAFTER,NULL);
+                PROC_DATETIME_ATTRIB(AuthnInstant,AUTHNINSTANT,nullptr);
+                PROC_STRING_ATTRIB(SessionIndex,SESSIONINDEX,nullptr);
+                PROC_DATETIME_ATTRIB(SessionNotOnOrAfter,SESSIONNOTONORAFTER,nullptr);
                 AbstractXMLObjectUnmarshaller::processAttribute(attribute);
             }
         };
@@ -974,7 +1092,7 @@ namespace opensaml {
             }
 
             ActionImpl(const XMLCh* nsURI, const XMLCh* localName, const XMLCh* prefix, const xmltooling::QName* schemaType)
-                    : AbstractXMLObject(nsURI, localName, prefix, schemaType), m_Namespace(NULL) {
+                    : AbstractXMLObject(nsURI, localName, prefix, schemaType), m_Namespace(nullptr) {
             }
 
             ActionImpl(const ActionImpl& src)
@@ -987,11 +1105,11 @@ namespace opensaml {
 
         protected:
             void marshallAttributes(DOMElement* domElement) const {
-                MARSHALL_STRING_ATTRIB(Namespace,NAMESPACE,NULL);
+                MARSHALL_STRING_ATTRIB(Namespace,NAMESPACE,nullptr);
             }
 
             void processAttribute(const DOMAttr* attribute) {
-                PROC_STRING_ATTRIB(Namespace,NAMESPACE,NULL);
+                PROC_STRING_ATTRIB(Namespace,NAMESPACE,nullptr);
                 AbstractXMLObjectUnmarshaller::processAttribute(attribute);
             }
         };
@@ -1063,10 +1181,10 @@ namespace opensaml {
             public AbstractXMLObjectUnmarshaller
         {
             void init() {
-                m_Resource=NULL;
-                m_Decision=NULL;
-                m_Evidence=NULL;
-                m_children.push_back(NULL);
+                m_Resource=nullptr;
+                m_Decision=nullptr;
+                m_Evidence=nullptr;
+                m_children.push_back(nullptr);
                 m_pos_Evidence=m_children.begin();
             }
         public:
@@ -1106,8 +1224,8 @@ namespace opensaml {
 
         protected:
             void marshallAttributes(DOMElement* domElement) const {
-                MARSHALL_STRING_ATTRIB(Resource,RESOURCE,NULL);
-                MARSHALL_STRING_ATTRIB(Decision,DECISION,NULL);
+                MARSHALL_STRING_ATTRIB(Resource,RESOURCE,nullptr);
+                MARSHALL_STRING_ATTRIB(Decision,DECISION,nullptr);
             }
 
             void processChildElement(XMLObject* childXMLObject, const DOMElement* root) {
@@ -1117,8 +1235,8 @@ namespace opensaml {
             }
 
             void processAttribute(const DOMAttr* attribute) {
-                PROC_STRING_ATTRIB(Resource,RESOURCE,NULL);
-                PROC_STRING_ATTRIB(Decision,DECISION,NULL);
+                PROC_STRING_ATTRIB(Resource,RESOURCE,nullptr);
+                PROC_STRING_ATTRIB(Decision,DECISION,nullptr);
                 AbstractXMLObjectUnmarshaller::processAttribute(attribute);
             }
         };
@@ -1132,7 +1250,7 @@ namespace opensaml {
                 : AbstractXMLObject(nsURI, localName, prefix, schemaType) {
             }
 
-            AttributeValueImpl(const AttributeValueImpl& src) : AnyElementImpl(src) {
+            AttributeValueImpl(const AttributeValueImpl& src) : AbstractXMLObject(src), AnyElementImpl(src) {
             }
 
             IMPL_XMLOBJECT_CLONE(AttributeValue);
@@ -1147,7 +1265,7 @@ namespace opensaml {
             public AbstractXMLObjectUnmarshaller
         {
             void init() {
-                m_Name=m_NameFormat=m_FriendlyName=NULL;
+                m_Name=m_NameFormat=m_FriendlyName=nullptr;
             }
         public:
             virtual ~AttributeImpl() {
@@ -1202,9 +1320,9 @@ namespace opensaml {
 
         protected:
             void marshallAttributes(DOMElement* domElement) const {
-                MARSHALL_STRING_ATTRIB(Name,NAME,NULL);
-                MARSHALL_STRING_ATTRIB(NameFormat,NAMEFORMAT,NULL);
-                MARSHALL_STRING_ATTRIB(FriendlyName,FRIENDLYNAME,NULL);
+                MARSHALL_STRING_ATTRIB(Name,NAME,nullptr);
+                MARSHALL_STRING_ATTRIB(NameFormat,NAMEFORMAT,nullptr);
+                MARSHALL_STRING_ATTRIB(FriendlyName,FRIENDLYNAME,nullptr);
                 marshallExtensionAttributes(domElement);
             }
 
@@ -1376,19 +1494,19 @@ namespace opensaml {
             public AbstractXMLObjectUnmarshaller
         {
             void init() {
-                m_ID=NULL;
-                m_Version=NULL;
-                m_IssueInstant=NULL;
-                m_Issuer=NULL;
-                m_Signature=NULL;
-                m_Subject=NULL;
-                m_Conditions=NULL;
-                m_Advice=NULL;
-                m_children.push_back(NULL);
-                m_children.push_back(NULL);
-                m_children.push_back(NULL);
-                m_children.push_back(NULL);
-                m_children.push_back(NULL);
+                m_ID=nullptr;
+                m_Version=nullptr;
+                m_IssueInstant=nullptr;
+                m_Issuer=nullptr;
+                m_Signature=nullptr;
+                m_Subject=nullptr;
+                m_Conditions=nullptr;
+                m_Advice=nullptr;
+                m_children.push_back(nullptr);
+                m_children.push_back(nullptr);
+                m_children.push_back(nullptr);
+                m_children.push_back(nullptr);
+                m_children.push_back(nullptr);
                 m_pos_Issuer=m_children.begin();
                 m_pos_Signature=m_pos_Issuer;
                 ++m_pos_Signature;
@@ -1476,7 +1594,7 @@ namespace opensaml {
 
             IMPL_XMLOBJECT_CLONE(Assertion);
             IMPL_STRING_ATTRIB(Version);
-            IMPL_ID_ATTRIB(ID);
+            IMPL_ID_ATTRIB_EX(ID,ID,nullptr);
             IMPL_DATETIME_ATTRIB(IssueInstant,0);
             IMPL_TYPED_CHILD(Issuer);
             IMPL_TYPED_CHILD(Subject);
@@ -1488,18 +1606,23 @@ namespace opensaml {
             IMPL_TYPED_CHILDREN(AuthzDecisionStatement, m_children.end());
 
         protected:
+            void prepareForMarshalling() const {
+                if (m_Signature)
+                    declareNonVisibleNamespaces();
+            }
+
             void marshallAttributes(DOMElement* domElement) const {
                 if (!m_Version)
                     const_cast<AssertionImpl*>(this)->m_Version=XMLString::transcode("2.0");
-                MARSHALL_STRING_ATTRIB(Version,VER,NULL);
+                MARSHALL_STRING_ATTRIB(Version,VER,nullptr);
                 if (!m_ID)
                     const_cast<AssertionImpl*>(this)->m_ID=SAMLConfig::getConfig().generateIdentifier();
-                MARSHALL_ID_ATTRIB(ID,ID,NULL);
+                MARSHALL_ID_ATTRIB(ID,ID,nullptr);
                 if (!m_IssueInstant) {
-                    const_cast<AssertionImpl*>(this)->m_IssueInstantEpoch=time(NULL);
+                    const_cast<AssertionImpl*>(this)->m_IssueInstantEpoch=time(nullptr);
                     const_cast<AssertionImpl*>(this)->m_IssueInstant=new DateTime(m_IssueInstantEpoch);
                 }
-                MARSHALL_DATETIME_ATTRIB(IssueInstant,ISSUEINSTANT,NULL);
+                MARSHALL_DATETIME_ATTRIB(IssueInstant,ISSUEINSTANT,nullptr);
             }
 
             void processChildElement(XMLObject* childXMLObject, const DOMElement* root) {
@@ -1516,9 +1639,9 @@ namespace opensaml {
             }
 
             void processAttribute(const DOMAttr* attribute) {
-                PROC_STRING_ATTRIB(Version,VER,NULL);
-                PROC_ID_ATTRIB(ID,ID,NULL);
-                PROC_DATETIME_ATTRIB(IssueInstant,ISSUEINSTANT,NULL);
+                PROC_STRING_ATTRIB(Version,VER,nullptr);
+                PROC_ID_ATTRIB(ID,ID,nullptr);
+                PROC_DATETIME_ATTRIB(IssueInstant,ISSUEINSTANT,nullptr);
                 AbstractXMLObjectUnmarshaller::processAttribute(attribute);
             }
         };
@@ -1551,6 +1674,8 @@ IMPL_XMLOBJECTBUILDER(AuthnStatement);
 IMPL_XMLOBJECTBUILDER(AuthzDecisionStatement);
 IMPL_XMLOBJECTBUILDER(Condition);
 IMPL_XMLOBJECTBUILDER(Conditions);
+IMPL_XMLOBJECTBUILDER(Delegate);
+IMPL_XMLOBJECTBUILDER(DelegationRestrictionType);
 IMPL_XMLOBJECTBUILDER(EncryptedAssertion);
 IMPL_XMLOBJECTBUILDER(EncryptedAttribute);
 IMPL_XMLOBJECTBUILDER(EncryptedID);
@@ -1617,6 +1742,12 @@ const XMLCh Conditions::LOCAL_NAME[] =              UNICODE_LITERAL_10(C,o,n,d,i
 const XMLCh Conditions::TYPE_NAME[] =               UNICODE_LITERAL_14(C,o,n,d,i,t,i,o,n,s,T,y,p,e);
 const XMLCh Conditions::NOTBEFORE_ATTRIB_NAME[] =   UNICODE_LITERAL_9(N,o,t,B,e,f,o,r,e);
 const XMLCh Conditions::NOTONORAFTER_ATTRIB_NAME[] =UNICODE_LITERAL_12(N,o,t,O,n,O,r,A,f,t,e,r);
+const XMLCh Delegate::LOCAL_NAME[] =                UNICODE_LITERAL_8(D,e,l,e,g,a,t,e);
+const XMLCh Delegate::TYPE_NAME[] =                 UNICODE_LITERAL_12(D,e,l,e,g,a,t,e,T,y,p,e);
+const XMLCh Delegate::CONFIRMATIONMETHOD_ATTRIB_NAME[] = UNICODE_LITERAL_18(C,o,n,f,i,r,m,a,t,i,o,n,M,e,t,h,o,d);
+const XMLCh Delegate::DELEGATIONINSTANT_ATTRIB_NAME[] = UNICODE_LITERAL_17(D,e,l,e,g,a,t,i,o,n,I,n,s,t,a,n,t);
+const XMLCh DelegationRestrictionType::LOCAL_NAME[] = UNICODE_LITERAL_9(C,o,n,d,i,t,i,o,n);
+const XMLCh DelegationRestrictionType::TYPE_NAME[] =UNICODE_LITERAL_25(D,e,l,e,g,a,t,i,o,n,R,e,s,t,r,i,c,t,i,o,n,T,y,p,e);
 const XMLCh EncryptedAssertion::LOCAL_NAME[] =      UNICODE_LITERAL_18(E,n,c,r,y,p,t,e,d,A,s,s,e,r,t,i,o,n);
 const XMLCh EncryptedAttribute::LOCAL_NAME[] =      UNICODE_LITERAL_18(E,n,c,r,y,p,t,e,d,A,t,t,r,i,b,u,t,e);
 const XMLCh EncryptedElementType::LOCAL_NAME[] =    {chNull};