X-Git-Url: http://www.project-moonshot.org/gitweb/?a=blobdiff_plain;f=saml%2Fsaml2%2Fmetadata%2Fimpl%2FMetadataSchemaValidators.cpp;h=45c337ef0eab707d50f0e5a8186c9bf549584cd6;hb=0547a02ac67aeb6607ac96dadb25aae560aecf20;hp=5516158c8ae1987f9307f53cf17cb7bd80c0cbde;hpb=e8d75900802dfa84c06290f88e365fd355ce6881;p=shibboleth%2Fcpp-opensaml.git diff --git a/saml/saml2/metadata/impl/MetadataSchemaValidators.cpp b/saml/saml2/metadata/impl/MetadataSchemaValidators.cpp index 5516158..45c337e 100644 --- a/saml/saml2/metadata/impl/MetadataSchemaValidators.cpp +++ b/saml/saml2/metadata/impl/MetadataSchemaValidators.cpp @@ -1,6 +1,6 @@ /* -* Copyright 2001-2006 Internet2 - * +* Copyright 2001-2009 Internet2 + * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at @@ -16,14 +16,16 @@ /** * MetadataSchemaValidators.cpp - * - * Schema-based validators for SAML 2.0 Metadata classes + * + * Schema-based validators for SAML 2.0 Metadata classes. */ #include "internal.h" #include "exceptions.h" #include "saml2/metadata/Metadata.h" +#include +#include #include using namespace opensaml::saml2md; @@ -31,10 +33,14 @@ using namespace opensaml::saml2; using namespace opensaml; using namespace xmltooling; using namespace std; +using samlconstants::SAML20MD_NS; +using samlconstants::SAML20MD_QUERY_EXT_NS; +using samlconstants::SAML20MD_ALGSUPPORT_NS; +using samlconstants::SAML20MD_ENTITY_ATTRIBUTE_NS; namespace opensaml { namespace saml2md { - + XMLOBJECTVALIDATOR_SIMPLE(SAML_DLLLOCAL,ActionNamespace); XMLOBJECTVALIDATOR_SIMPLE(SAML_DLLLOCAL,AffiliateMember); XMLOBJECTVALIDATOR_SIMPLE(SAML_DLLLOCAL,AttributeProfile); @@ -52,10 +58,10 @@ namespace opensaml { END_XMLOBJECTVALIDATOR; BEGIN_XMLOBJECTVALIDATOR(SAML_DLLLOCAL,localizedURIType); - XMLOBJECTVALIDATOR_REQUIRE(localizedNameType,TextContent); + XMLOBJECTVALIDATOR_REQUIRE(localizedURIType,TextContent); XMLOBJECTVALIDATOR_REQUIRE(localizedURIType,Lang); END_XMLOBJECTVALIDATOR; - + BEGIN_XMLOBJECTVALIDATOR_SUB(SAML_DLLLOCAL,OrganizationName,localizedNameType); localizedNameTypeSchemaValidator::validate(xmlObject); END_XMLOBJECTVALIDATOR; @@ -72,7 +78,7 @@ namespace opensaml { public: void operator()(const XMLObject* xmlObject) const { const XMLCh* ns=xmlObject->getElementQName().getNamespaceURI(); - if (XMLString::equals(ns,SAMLConstants::SAML20MD_NS) || !ns || !*ns) { + if (XMLString::equals(ns,SAML20MD_NS) || !ns || !*ns) { throw ValidationException( "Object contains an illegal extension child element ($1).", params(1,xmlObject->getElementQName().toString().c_str()) @@ -84,10 +90,10 @@ namespace opensaml { BEGIN_XMLOBJECTVALIDATOR(SAML_DLLLOCAL,Extensions); if (!ptr->hasChildren()) throw ValidationException("Extensions must have at least one child element."); - const list& anys=ptr->getXMLObjects(); + const vector& anys=ptr->getUnknownXMLObjects(); for_each(anys.begin(),anys.end(),checkWildcardNS()); END_XMLOBJECTVALIDATOR; - + BEGIN_XMLOBJECTVALIDATOR(SAML_DLLLOCAL,Organization); XMLOBJECTVALIDATOR_NONEMPTY(Organization,OrganizationName); XMLOBJECTVALIDATOR_NONEMPTY(Organization,OrganizationDisplayName); @@ -95,8 +101,10 @@ namespace opensaml { END_XMLOBJECTVALIDATOR; BEGIN_XMLOBJECTVALIDATOR(SAML_DLLLOCAL,ContactPerson); + /* Pending errata decision. if (!ptr->hasChildren()) throw ValidationException("ContactPerson must have at least one child element."); + */ if (!XMLString::equals(ptr->getContactType(),ContactPerson::CONTACT_TECHNICAL) && !XMLString::equals(ptr->getContactType(),ContactPerson::CONTACT_SUPPORT) && !XMLString::equals(ptr->getContactType(),ContactPerson::CONTACT_ADMINISTRATIVE) && @@ -125,7 +133,7 @@ namespace opensaml { BEGIN_XMLOBJECTVALIDATOR(SAML_DLLLOCAL,EndpointType); XMLOBJECTVALIDATOR_REQUIRE(EndpointType,Binding); XMLOBJECTVALIDATOR_REQUIRE(EndpointType,Location); - const list& anys=ptr->getXMLObjects(); + const vector& anys=ptr->getUnknownXMLObjects(); for_each(anys.begin(),anys.end(),checkWildcardNS()); END_XMLOBJECTVALIDATOR; @@ -230,7 +238,7 @@ namespace opensaml { ptr->getAuthnAuthorityDescriptors().empty() && ptr->getAttributeAuthorityDescriptors().empty() && ptr->getPDPDescriptors().empty()) { - + if (!ptr->getAffiliationDescriptor()) throw ValidationException("EntityDescriptor must have at least one child role or affiliation descriptor."); } @@ -241,31 +249,44 @@ namespace opensaml { BEGIN_XMLOBJECTVALIDATOR(SAML_DLLLOCAL,EntitiesDescriptor); if (ptr->getEntityDescriptors().empty() && ptr->getEntitiesDescriptors().empty()) - throw ValidationException("EntitiesDescriptor must contain at least one child descriptor."); + throw ValidationException("EntitiesDescriptor must contain at least one child descriptor."); + END_XMLOBJECTVALIDATOR; + + BEGIN_XMLOBJECTVALIDATOR(SAML_DLLLOCAL,EntityAttributes); + if (!ptr->hasChildren()) + throw ValidationException("EntityAttributes must contain at least one child element."); + END_XMLOBJECTVALIDATOR; + + BEGIN_XMLOBJECTVALIDATOR(SAML_DLLLOCAL,DigestMethod); + XMLOBJECTVALIDATOR_REQUIRE(DigestMethod,Algorithm); + END_XMLOBJECTVALIDATOR; + + BEGIN_XMLOBJECTVALIDATOR(SAML_DLLLOCAL,SigningMethod); + XMLOBJECTVALIDATOR_REQUIRE(SigningMethod,Algorithm); END_XMLOBJECTVALIDATOR; }; }; #define REGISTER_ELEMENT(cname) \ - q=QName(SAMLConstants::SAML20MD_NS,cname::LOCAL_NAME); \ + q=xmltooling::QName(SAML20MD_NS,cname::LOCAL_NAME); \ XMLObjectBuilder::registerBuilder(q,new cname##Builder()); \ SchemaValidators.registerValidator(q,new cname##SchemaValidator()) - + #define REGISTER_TYPE(cname) \ - q=QName(SAMLConstants::SAML20MD_NS,cname::TYPE_NAME); \ + q=xmltooling::QName(SAML20MD_NS,cname::TYPE_NAME); \ XMLObjectBuilder::registerBuilder(q,new cname##Builder()); \ SchemaValidators.registerValidator(q,new cname##SchemaValidator()) #define REGISTER_ELEMENT_NOVAL(cname) \ - q=QName(SAMLConstants::SAML20MD_NS,cname::LOCAL_NAME); \ + q=xmltooling::QName(SAML20MD_NS,cname::LOCAL_NAME); \ XMLObjectBuilder::registerBuilder(q,new cname##Builder()); - + #define REGISTER_TYPE_NOVAL(cname) \ - q=QName(SAMLConstants::SAML20MD_NS,cname::TYPE_NAME); \ + q=xmltooling::QName(SAML20MD_NS,cname::TYPE_NAME); \ XMLObjectBuilder::registerBuilder(q,new cname##Builder()); void opensaml::saml2md::registerMetadataClasses() { - QName q; + xmltooling::QName q; REGISTER_ELEMENT(AdditionalMetadataLocation); REGISTER_ELEMENT(AffiliateMember); REGISTER_ELEMENT(AffiliationDescriptor); @@ -297,6 +318,7 @@ void opensaml::saml2md::registerMetadataClasses() { REGISTER_ELEMENT(OrganizationURL); REGISTER_ELEMENT(PDPDescriptor); REGISTER_ELEMENT(RequestedAttribute); + REGISTER_ELEMENT(RoleDescriptor); REGISTER_ELEMENT(ServiceDescription); REGISTER_ELEMENT(ServiceName); REGISTER_ELEMENT(SingleLogoutService); @@ -324,23 +346,50 @@ void opensaml::saml2md::registerMetadataClasses() { REGISTER_TYPE(RequestedAttribute); REGISTER_TYPE(SPSSODescriptor); - q=QName(SAMLConstants::SAML1MD_NS,SourceID::LOCAL_NAME); + q=xmltooling::QName(SAML20MD_NS,xmlencryption::EncryptionMethod::LOCAL_NAME); + XMLObjectBuilder::registerBuilder(q,new xmlencryption::EncryptionMethodBuilder()); + + q=xmltooling::QName(samlconstants::SAML1MD_NS,SourceID::LOCAL_NAME); XMLObjectBuilder::registerBuilder(q,new SourceIDBuilder()); SchemaValidators.registerValidator(q,new SourceIDSchemaValidator()); - q=QName(SAMLConstants::SAML20MD_QUERY_EXT_NS,ActionNamespace::LOCAL_NAME); + q=xmltooling::QName(SAML20MD_QUERY_EXT_NS,ActionNamespace::LOCAL_NAME); XMLObjectBuilder::registerBuilder(q,new ActionNamespaceBuilder()); SchemaValidators.registerValidator(q,new ActionNamespaceSchemaValidator()); - q=QName(SAMLConstants::SAML20MD_QUERY_EXT_NS,AuthnQueryDescriptorType::TYPE_NAME); + q=xmltooling::QName(SAML20MD_QUERY_EXT_NS,AuthnQueryDescriptorType::TYPE_NAME); XMLObjectBuilder::registerBuilder(q,new AuthnQueryDescriptorTypeBuilder()); SchemaValidators.registerValidator(q,new RoleDescriptorSchemaValidator()); - q=QName(SAMLConstants::SAML20MD_QUERY_EXT_NS,AttributeQueryDescriptorType::TYPE_NAME); + q=xmltooling::QName(SAML20MD_QUERY_EXT_NS,AttributeQueryDescriptorType::TYPE_NAME); XMLObjectBuilder::registerBuilder(q,new AttributeQueryDescriptorTypeBuilder()); SchemaValidators.registerValidator(q,new RoleDescriptorSchemaValidator()); - q=QName(SAMLConstants::SAML20MD_QUERY_EXT_NS,AuthzDecisionQueryDescriptorType::TYPE_NAME); + q=xmltooling::QName(SAML20MD_QUERY_EXT_NS,AuthzDecisionQueryDescriptorType::TYPE_NAME); XMLObjectBuilder::registerBuilder(q,new AuthzDecisionQueryDescriptorTypeBuilder()); SchemaValidators.registerValidator(q,new RoleDescriptorSchemaValidator()); + + q=xmltooling::QName(SAML20MD_ENTITY_ATTRIBUTE_NS,EntityAttributes::LOCAL_NAME); + XMLObjectBuilder::registerBuilder(q,new EntityAttributesBuilder()); + SchemaValidators.registerValidator(q,new EntityAttributesSchemaValidator()); + + q=xmltooling::QName(SAML20MD_ENTITY_ATTRIBUTE_NS,EntityAttributes::TYPE_NAME); + XMLObjectBuilder::registerBuilder(q,new EntityAttributesBuilder()); + SchemaValidators.registerValidator(q,new EntityAttributesSchemaValidator()); + + q=xmltooling::QName(SAML20MD_ALGSUPPORT_NS,DigestMethod::LOCAL_NAME); + XMLObjectBuilder::registerBuilder(q,new DigestMethodBuilder()); + SchemaValidators.registerValidator(q,new DigestMethodSchemaValidator()); + + q=xmltooling::QName(SAML20MD_ALGSUPPORT_NS,DigestMethod::TYPE_NAME); + XMLObjectBuilder::registerBuilder(q,new DigestMethodBuilder()); + SchemaValidators.registerValidator(q,new DigestMethodSchemaValidator()); + + q=xmltooling::QName(SAML20MD_ALGSUPPORT_NS,SigningMethod::LOCAL_NAME); + XMLObjectBuilder::registerBuilder(q,new SigningMethodBuilder()); + SchemaValidators.registerValidator(q,new SigningMethodSchemaValidator()); + + q=xmltooling::QName(SAML20MD_ALGSUPPORT_NS,SigningMethod::TYPE_NAME); + XMLObjectBuilder::registerBuilder(q,new SigningMethodBuilder()); + SchemaValidators.registerValidator(q,new SigningMethodSchemaValidator()); }