2 * Copyright 2001-2006 Internet2
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
8 * http://www.apache.org/licenses/LICENSE-2.0
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
18 * AssertionsSchemaValidators.cpp
20 * Schema-based validators for SAML 1.x Assertions classes
24 #include "exceptions.h"
25 #include "saml1/core/Assertions.h"
27 using namespace opensaml::saml1;
28 using namespace opensaml;
29 using namespace xmltooling;
35 XMLOBJECTVALIDATOR_SIMPLE(SAML_DLLLOCAL,AssertionIDReference);
36 XMLOBJECTVALIDATOR_SIMPLE(SAML_DLLLOCAL,Audience);
37 XMLOBJECTVALIDATOR_SIMPLE(SAML_DLLLOCAL,ConfirmationMethod);
39 BEGIN_XMLOBJECTVALIDATOR(SAML_DLLLOCAL,AudienceRestrictionCondition);
40 XMLOBJECTVALIDATOR_NONEMPTY(AudienceRestrictionCondition,Audience);
41 END_XMLOBJECTVALIDATOR;
43 BEGIN_XMLOBJECTVALIDATOR(SAML_DLLLOCAL,Conditions);
44 if (!ptr->hasChildren()) {
45 XMLOBJECTVALIDATOR_ONEOF(Conditions,NotBefore,NotOnOrAfter);
47 END_XMLOBJECTVALIDATOR;
49 BEGIN_XMLOBJECTVALIDATOR(SAML_DLLLOCAL,SubjectConfirmation);
50 XMLOBJECTVALIDATOR_NONEMPTY(SubjectConfirmation,ConfirmationMethod);
51 END_XMLOBJECTVALIDATOR;
53 BEGIN_XMLOBJECTVALIDATOR(SAML_DLLLOCAL,Subject);
54 XMLOBJECTVALIDATOR_ONEOF(Subject,NameIdentifier,SubjectConfirmation);
55 END_XMLOBJECTVALIDATOR;
57 BEGIN_XMLOBJECTVALIDATOR(SAML_DLLLOCAL,SubjectLocality);
58 XMLOBJECTVALIDATOR_ONEOF(SubjectLocality,IPAddress,DNSAddress);
59 END_XMLOBJECTVALIDATOR;
61 BEGIN_XMLOBJECTVALIDATOR(SAML_DLLLOCAL,AuthorityBinding);
62 XMLOBJECTVALIDATOR_REQUIRE(AuthorityBinding,AuthorityKind);
63 XMLOBJECTVALIDATOR_REQUIRE(AuthorityBinding,Location);
64 XMLOBJECTVALIDATOR_REQUIRE(AuthorityBinding,Binding);
65 END_XMLOBJECTVALIDATOR;
67 BEGIN_XMLOBJECTVALIDATOR(SAML_DLLLOCAL,AuthenticationStatement);
68 XMLOBJECTVALIDATOR_REQUIRE(AuthenticationStatement,AuthenticationMethod);
69 XMLOBJECTVALIDATOR_REQUIRE(AuthenticationStatement,AuthenticationInstant);
70 XMLOBJECTVALIDATOR_REQUIRE(AuthenticationStatement,Subject);
71 END_XMLOBJECTVALIDATOR;
73 BEGIN_XMLOBJECTVALIDATOR(SAML_DLLLOCAL,Assertion);
74 XMLOBJECTVALIDATOR_REQUIRE(Assertion,AssertionID);
75 XMLOBJECTVALIDATOR_REQUIRE(Assertion,Issuer);
76 XMLOBJECTVALIDATOR_REQUIRE(Assertion,IssueInstant);
77 if (ptr->getAuthenticationStatements().empty() &&
78 ptr->getSubjectStatements().empty() &&
79 ptr->getStatements().empty())
80 throw ValidationException("Assertion must have at least one statement.");
81 END_XMLOBJECTVALIDATOR;
83 class SAML_DLLLOCAL checkWildcardNS {
85 void operator()(const XMLObject* xmlObject) const {
86 const XMLCh* ns=xmlObject->getElementQName().getNamespaceURI();
87 if (XMLString::equals(ns,SAMLConstants::SAML1_NS) || !ns || !*ns) {
88 throw ValidationException(
89 "Object contains an illegal extension child element ($1).",
90 params(1,xmlObject->getElementQName().toString().c_str())
96 BEGIN_XMLOBJECTVALIDATOR(SAML_DLLLOCAL,Advice);
97 const vector<XMLObject*>& anys=ptr->getOthers();
98 for_each(anys.begin(),anys.end(),checkWildcardNS());
99 END_XMLOBJECTVALIDATOR;
104 #define REGISTER_ELEMENT(cname) \
105 q=QName(SAMLConstants::SAML1_NS,cname::LOCAL_NAME); \
106 XMLObjectBuilder::registerBuilder(q,new cname##Builder()); \
107 Validator::registerValidator(q,new cname##SchemaValidator())
109 #define REGISTER_TYPE(cname) \
110 q=QName(SAMLConstants::SAML1_NS,cname::TYPE_NAME); \
111 XMLObjectBuilder::registerBuilder(q,new cname##Builder()); \
112 Validator::registerValidator(q,new cname##SchemaValidator())
114 #define REGISTER_ELEMENT_NOVAL(cname) \
115 q=QName(SAMLConstants::SAML1_NS,cname::LOCAL_NAME); \
116 XMLObjectBuilder::registerBuilder(q,new cname##Builder());
118 #define REGISTER_TYPE_NOVAL(cname) \
119 q=QName(SAMLConstants::SAML1_NS,cname::TYPE_NAME); \
120 XMLObjectBuilder::registerBuilder(q,new cname##Builder());
122 void opensaml::saml1::registerAssertionClasses() {
124 REGISTER_ELEMENT(Advice);
125 REGISTER_ELEMENT(Assertion);
126 REGISTER_ELEMENT(AssertionIDReference);
127 REGISTER_ELEMENT(Audience);
128 REGISTER_ELEMENT(AudienceRestrictionCondition);
129 REGISTER_ELEMENT(AuthenticationStatement);
130 REGISTER_ELEMENT(AuthorityBinding);
131 REGISTER_ELEMENT(Conditions);
132 REGISTER_ELEMENT(ConfirmationMethod);
133 REGISTER_ELEMENT_NOVAL(DoNotCacheCondition);
134 REGISTER_ELEMENT(SubjectConfirmation);
135 REGISTER_ELEMENT_NOVAL(SubjectConfirmationData);
136 REGISTER_ELEMENT(SubjectLocality);
137 REGISTER_TYPE(Advice);
138 REGISTER_TYPE(Assertion);
139 REGISTER_TYPE(AudienceRestrictionCondition);
140 REGISTER_TYPE(AuthenticationStatement);
141 REGISTER_TYPE(AuthorityBinding);
142 REGISTER_TYPE(Conditions);
143 REGISTER_TYPE_NOVAL(DoNotCacheCondition);
144 REGISTER_TYPE(SubjectConfirmation);
145 REGISTER_TYPE(SubjectLocality);