2 * Licensed to the University Corporation for Advanced Internet
3 * Development, Inc. (UCAID) under one or more contributor license
4 * agreements. See the NOTICE file distributed with this work for
5 * additional information regarding copyright ownership.
7 * UCAID licenses this file to you under the Apache License,
8 * Version 2.0 (the "License"); you may not use this file except
9 * in compliance with the License. You may obtain a copy of the
12 * http://www.apache.org/licenses/LICENSE-2.0
14 * Unless required by applicable law or agreed to in writing,
15 * software distributed under the License is distributed on an
16 * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND,
17 * either express or implied. See the License for the specific
18 * language governing permissions and limitations under the License.
22 * ProtocolsSchemaValidators.cpp
24 * Schema-based validators for SAML 1.x Protocols classes
28 #include "exceptions.h"
29 #include "saml1/core/Protocols.h"
31 #include <xmltooling/validation/Validator.h>
32 #include <xmltooling/validation/ValidatorSuite.h>
34 using namespace opensaml::saml1p;
35 using namespace opensaml::saml1;
36 using namespace opensaml;
37 using namespace xmltooling;
39 using samlconstants::SAML1P_NS;
44 XMLOBJECTVALIDATOR_SIMPLE(SAML_DLLLOCAL,AssertionArtifact);
45 XMLOBJECTVALIDATOR_SIMPLE(SAML_DLLLOCAL,StatusMessage);
47 BEGIN_XMLOBJECTVALIDATOR(SAML_DLLLOCAL,RespondWith);
48 XMLOBJECTVALIDATOR_REQUIRE(RespondWith,QName);
49 END_XMLOBJECTVALIDATOR;
51 BEGIN_XMLOBJECTVALIDATOR(SAML_DLLLOCAL,AuthenticationQuery);
52 XMLOBJECTVALIDATOR_REQUIRE(AuthenticationQuery,AuthenticationMethod);
53 XMLOBJECTVALIDATOR_REQUIRE(AuthenticationQuery,Subject);
54 END_XMLOBJECTVALIDATOR;
56 BEGIN_XMLOBJECTVALIDATOR(SAML_DLLLOCAL,AttributeQuery);
57 XMLOBJECTVALIDATOR_REQUIRE(AttributeQuery,Subject);
58 END_XMLOBJECTVALIDATOR;
60 BEGIN_XMLOBJECTVALIDATOR(SAML_DLLLOCAL,AuthorizationDecisionQuery);
61 XMLOBJECTVALIDATOR_REQUIRE(AuthorizationDecisionQuery,Subject);
62 XMLOBJECTVALIDATOR_REQUIRE(AuthorizationDecisionQuery,Resource);
63 XMLOBJECTVALIDATOR_NONEMPTY(AuthorizationDecisionQuery,Action);
64 END_XMLOBJECTVALIDATOR;
66 BEGIN_XMLOBJECTVALIDATOR(SAML_DLLLOCAL,Request);
67 XMLOBJECTVALIDATOR_REQUIRE(Request,RequestID);
68 XMLOBJECTVALIDATOR_REQUIRE(Request,IssueInstant);
69 pair<bool,int> minor=ptr->getMinorVersion();
71 throw ValidationException("Request must have MinorVersion");
73 if (ptr->getQuery()!=nullptr)
75 if (!ptr->getAssertionIDReferences().empty())
77 if (!ptr->getAssertionArtifacts().empty())
80 throw ValidationException("Request must have either a query, >0 assertion references, or >0 artifacts.");
81 END_XMLOBJECTVALIDATOR;
83 BEGIN_XMLOBJECTVALIDATOR(SAML_DLLLOCAL,StatusCode);
84 XMLOBJECTVALIDATOR_REQUIRE(StatusCode,Value);
85 END_XMLOBJECTVALIDATOR;
87 BEGIN_XMLOBJECTVALIDATOR(SAML_DLLLOCAL,Status);
88 XMLOBJECTVALIDATOR_REQUIRE(Status,StatusCode);
89 const xmltooling::QName* value=ptr->getStatusCode()->getValue();
90 if (!value || (*value!=StatusCode::SUCCESS && *value!=StatusCode::REQUESTER &&
91 *value!=StatusCode::RESPONDER && *value!=StatusCode::VERSIONMISMATCH))
92 throw ValidationException("Top-level status code not one of the allowable values.");
93 END_XMLOBJECTVALIDATOR;
95 BEGIN_XMLOBJECTVALIDATOR(SAML_DLLLOCAL,Response);
96 XMLOBJECTVALIDATOR_REQUIRE(Response,ResponseID);
97 XMLOBJECTVALIDATOR_REQUIRE(Response,IssueInstant);
98 XMLOBJECTVALIDATOR_REQUIRE(Response,Status);
99 pair<bool,int> minor=ptr->getMinorVersion();
101 throw ValidationException("Response must have MinorVersion");
102 END_XMLOBJECTVALIDATOR;
106 #define REGISTER_ELEMENT(cname) \
107 q=xmltooling::QName(SAML1P_NS,cname::LOCAL_NAME); \
108 XMLObjectBuilder::registerBuilder(q,new cname##Builder()); \
109 SchemaValidators.registerValidator(q,new cname##SchemaValidator())
111 #define REGISTER_TYPE(cname) \
112 q=xmltooling::QName(SAML1P_NS,cname::TYPE_NAME); \
113 XMLObjectBuilder::registerBuilder(q,new cname##Builder()); \
114 SchemaValidators.registerValidator(q,new cname##SchemaValidator())
116 #define REGISTER_ELEMENT_NOVAL(cname) \
117 q=xmltooling::QName(SAML1P_NS,cname::LOCAL_NAME); \
118 XMLObjectBuilder::registerBuilder(q,new cname##Builder());
120 #define REGISTER_TYPE_NOVAL(cname) \
121 q=xmltooling::QName(SAML1P_NS,cname::TYPE_NAME); \
122 XMLObjectBuilder::registerBuilder(q,new cname##Builder());
124 void opensaml::saml1p::registerProtocolClasses() {
126 REGISTER_ELEMENT(AssertionArtifact);
127 REGISTER_ELEMENT(AttributeQuery);
128 REGISTER_ELEMENT(AuthenticationQuery);
129 REGISTER_ELEMENT(AuthorizationDecisionQuery);
130 REGISTER_ELEMENT_NOVAL(Query);
131 REGISTER_ELEMENT(Request);
132 REGISTER_ELEMENT(RespondWith);
133 REGISTER_ELEMENT(Response);
134 REGISTER_ELEMENT(Status);
135 REGISTER_ELEMENT(StatusCode);
136 REGISTER_ELEMENT_NOVAL(StatusDetail);
137 REGISTER_ELEMENT(StatusMessage);
138 REGISTER_TYPE(AttributeQuery);
139 REGISTER_TYPE(AuthenticationQuery);
140 REGISTER_TYPE(AuthorizationDecisionQuery);
141 REGISTER_TYPE(Request);
142 REGISTER_TYPE(Response);
143 REGISTER_TYPE(Status);
144 REGISTER_TYPE(StatusCode);
145 REGISTER_TYPE_NOVAL(StatusDetail);