saml/saml1/core/impl/ProtocolsSchemaValidators.cpp

   1 /*
   2 *  Copyright 2001-2006 Internet2
   3  *
   4 * Licensed under the Apache License, Version 2.0 (the "License");
   5  * you may not use this file except in compliance with the License.
   6  * You may obtain a copy of the License at
   7  *
   8  *     http://www.apache.org/licenses/LICENSE-2.0
   9  *
  10  * Unless required by applicable law or agreed to in writing, software
  11  * distributed under the License is distributed on an "AS IS" BASIS,
  12  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  13  * See the License for the specific language governing permissions and
  14  * limitations under the License.
  15  */
  16
  17 /**
  18  * ProtocolsSchemaValidators.cpp
  19  *
  20  * Schema-based validators for SAML 1.x Protocols classes
  21  */
  22
  23 #include "internal.h"
  24 #include "exceptions.h"
  25 #include "saml1/core/Protocols.h"
  26
  27 #include <xmltooling/validation/ValidatorSuite.h>
  28
  29 using namespace opensaml::saml1p;
  30 using namespace opensaml::saml1;
  31 using namespace opensaml;
  32 using namespace xmltooling;
  33 using namespace std;
  34
  35 namespace opensaml {
  36     namespace saml1p {
  37
  38         XMLOBJECTVALIDATOR_SIMPLE(SAML_DLLLOCAL,AssertionArtifact);
  39         XMLOBJECTVALIDATOR_SIMPLE(SAML_DLLLOCAL,StatusMessage);
  40
  41         BEGIN_XMLOBJECTVALIDATOR(SAML_DLLLOCAL,RespondWith);
  42             XMLOBJECTVALIDATOR_REQUIRE(RespondWith,QName);
  43         END_XMLOBJECTVALIDATOR;
  44
  45         BEGIN_XMLOBJECTVALIDATOR(SAML_DLLLOCAL,AuthenticationQuery);
  46             XMLOBJECTVALIDATOR_REQUIRE(AuthenticationQuery,AuthenticationMethod);
  47             XMLOBJECTVALIDATOR_REQUIRE(AuthenticationQuery,Subject);
  48         END_XMLOBJECTVALIDATOR;
  49
  50         BEGIN_XMLOBJECTVALIDATOR(SAML_DLLLOCAL,AttributeQuery);
  51             XMLOBJECTVALIDATOR_REQUIRE(AttributeQuery,Subject);
  52         END_XMLOBJECTVALIDATOR;
  53
  54         BEGIN_XMLOBJECTVALIDATOR(SAML_DLLLOCAL,AuthorizationDecisionQuery);
  55             XMLOBJECTVALIDATOR_REQUIRE(AuthorizationDecisionQuery,Subject);
  56             XMLOBJECTVALIDATOR_REQUIRE(AuthorizationDecisionQuery,Resource);
  57             XMLOBJECTVALIDATOR_NONEMPTY(AuthorizationDecisionQuery,Action);
  58         END_XMLOBJECTVALIDATOR;
  59
  60         BEGIN_XMLOBJECTVALIDATOR(SAML_DLLLOCAL,Request);
  61             XMLOBJECTVALIDATOR_REQUIRE(Request,RequestID);
  62             XMLOBJECTVALIDATOR_REQUIRE(Request,IssueInstant);
  63             pair<bool,int> minor=ptr->getMinorVersion();
  64             if (!minor.first)
  65                 throw ValidationException("Request must have MinorVersion");
  66             int count=0;
  67             if (ptr->getQuery()!=NULL)
  68                 count++;
  69             if (!ptr->getAssertionIDReferences().empty())
  70                 count++;
  71             if (!ptr->getAssertionArtifacts().empty())
  72                 count++;
  73             if (count != 1)
  74                 throw ValidationException("Request must have either a query, >0 assertion references, or >0 artifacts.");
  75         END_XMLOBJECTVALIDATOR;
  76
  77         BEGIN_XMLOBJECTVALIDATOR(SAML_DLLLOCAL,StatusCode);
  78             XMLOBJECTVALIDATOR_REQUIRE(StatusCode,Value);
  79         END_XMLOBJECTVALIDATOR;
  80
  81         BEGIN_XMLOBJECTVALIDATOR(SAML_DLLLOCAL,Status);
  82             XMLOBJECTVALIDATOR_REQUIRE(Status,StatusCode);
  83             const QName* value=ptr->getStatusCode()->getValue();
  84             if (!value || (*value!=StatusCode::SUCCESS && *value!=StatusCode::REQUESTER &&
  85                 *value!=StatusCode::RESPONDER && *value!=StatusCode::VERSIONMISMATCH))
  86                 throw ValidationException("Top-level status code not one of the allowable values.");
  87         END_XMLOBJECTVALIDATOR;
  88
  89         BEGIN_XMLOBJECTVALIDATOR(SAML_DLLLOCAL,Response);
  90             XMLOBJECTVALIDATOR_REQUIRE(Response,ResponseID);
  91             XMLOBJECTVALIDATOR_REQUIRE(Response,IssueInstant);
  92             XMLOBJECTVALIDATOR_REQUIRE(Response,Status);
  93             pair<bool,int> minor=ptr->getMinorVersion();
  94             if (!minor.first)
  95                 throw ValidationException("Response must have MinorVersion");
  96         END_XMLOBJECTVALIDATOR;
  97     };
  98 };
  99
 100 #define REGISTER_ELEMENT(cname) \
 101     q=QName(SAMLConstants::SAML1P_NS,cname::LOCAL_NAME); \
 102     XMLObjectBuilder::registerBuilder(q,new cname##Builder()); \
 103     SchemaValidators.registerValidator(q,new cname##SchemaValidator())
 104
 105 #define REGISTER_TYPE(cname) \
 106     q=QName(SAMLConstants::SAML1P_NS,cname::TYPE_NAME); \
 107     XMLObjectBuilder::registerBuilder(q,new cname##Builder()); \
 108     SchemaValidators.registerValidator(q,new cname##SchemaValidator())
 109
 110 #define REGISTER_ELEMENT_NOVAL(cname) \
 111     q=QName(SAMLConstants::SAML1P_NS,cname::LOCAL_NAME); \
 112     XMLObjectBuilder::registerBuilder(q,new cname##Builder());
 113
 114 #define REGISTER_TYPE_NOVAL(cname) \
 115     q=QName(SAMLConstants::SAML1P_NS,cname::TYPE_NAME); \
 116     XMLObjectBuilder::registerBuilder(q,new cname##Builder());
 117
 118 void opensaml::saml1p::registerProtocolClasses() {
 119     QName q;
 120     REGISTER_ELEMENT(AssertionArtifact);
 121     REGISTER_ELEMENT(AttributeQuery);
 122     REGISTER_ELEMENT(AuthenticationQuery);
 123     REGISTER_ELEMENT(AuthorizationDecisionQuery);
 124     REGISTER_ELEMENT(Request);
 125     REGISTER_ELEMENT(RespondWith);
 126     REGISTER_ELEMENT(Response);
 127     REGISTER_ELEMENT(Status);
 128     REGISTER_ELEMENT(StatusCode);
 129     REGISTER_ELEMENT_NOVAL(StatusDetail);
 130     REGISTER_ELEMENT(StatusMessage);
 131     REGISTER_TYPE(AttributeQuery);
 132     REGISTER_TYPE(AuthenticationQuery);
 133     REGISTER_TYPE(AuthorizationDecisionQuery);
 134     REGISTER_TYPE(Request);
 135     REGISTER_TYPE(Response);
 136     REGISTER_TYPE(Status);
 137     REGISTER_TYPE(StatusCode);
 138     REGISTER_TYPE_NOVAL(StatusDetail);
 139 }