2 * Copyright 2001-2007 Internet2
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
8 * http://www.apache.org/licenses/LICENSE-2.0
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
18 * @file saml/saml2/core/Assertions.h
20 * XMLObjects representing the SAML 2.0 Assertions schema
23 #ifndef __saml2_assertions_h__
24 #define __saml2_assertions_h__
26 #include <saml/Assertion.h>
27 #include <saml/util/SAMLConstants.h>
29 #include <xmltooling/XMLObjectBuilder.h>
30 #include <xmltooling/encryption/Encryption.h>
31 #include <xmltooling/security/CredentialResolver.h>
32 #include <xmltooling/signature/Signature.h>
33 #include <xmltooling/util/DateTime.h>
35 #define DECL_SAML2OBJECTBUILDER(cname) \
36 DECL_XMLOBJECTBUILDER(SAML_API,cname,samlconstants::SAML20_NS,samlconstants::SAML20_PREFIX)
41 * @namespace opensaml::saml2
42 * SAML 2.0 assertion namespace
47 class SAML_API Assertion;
48 class SAML_API EncryptedAssertion;
50 DECL_XMLOBJECT_SIMPLE(SAML_API,AssertionIDRef,AssertionID,SAML 2.0 AssertionIDRef element);
51 DECL_XMLOBJECT_SIMPLE(SAML_API,AssertionURIRef,AssertionURI,SAML 2.0 AssertionURIRef element);
52 DECL_XMLOBJECT_SIMPLE(SAML_API,Audience,AudienceURI,SAML 2.0 Audience element);
53 DECL_XMLOBJECT_SIMPLE(SAML_API,AuthnContextClassRef,Reference,SAML 2.0 AuthnContextClassRef element);
54 DECL_XMLOBJECT_SIMPLE(SAML_API,AuthnContextDeclRef,Reference,SAML 2.0 AuthnContextDeclRef element);
55 DECL_XMLOBJECT_SIMPLE(SAML_API,AuthenticatingAuthority,ID,SAML 2.0 AuthenticatingAuthority element);
57 BEGIN_XMLOBJECT(SAML_API,EncryptedElementType,xmltooling::XMLObject,SAML 2.0 EncryptedElementType type);
58 DECL_TYPED_FOREIGN_CHILD(EncryptedData,xmlencryption);
59 DECL_TYPED_FOREIGN_CHILDREN(EncryptedKey,xmlencryption);
60 /** EncryptedElementType local name */
61 static const XMLCh TYPE_NAME[];
64 * Decrypts the element using a standard approach based on a wrapped decryption key
65 * inside the message. The key decryption key should be supplied using the provided
66 * resolver. The recipient name may be used when multiple encrypted keys are found.
67 * The object returned will be unmarshalled around the decrypted DOM element, but the
68 * DOM itself will be released.
70 * @param KEKresolver locked resolver supplying key decryption key
71 * @param recipient identifier naming the recipient (the entity performing the decryption)
72 * @return the decrypted and unmarshalled object
74 virtual xmltooling::XMLObject* decrypt(const xmltooling::CredentialResolver* KEKresolver, const XMLCh* recipient) const=0;
77 BEGIN_XMLOBJECT(SAML_API,EncryptedID,EncryptedElementType,SAML 2.0 EncryptedID element);
80 BEGIN_XMLOBJECT(SAML_API,BaseID,xmltooling::XMLObject,SAML 2.0 BaseID abstract element);
81 DECL_STRING_ATTRIB(NameQualifier,NAMEQUALIFIER);
82 DECL_STRING_ATTRIB(SPNameQualifier,SPNAMEQUALIFIER);
85 BEGIN_XMLOBJECT(SAML_API,NameIDType,xmltooling::XMLObject,SAML 2.0 NameIDType type);
86 DECL_STRING_ATTRIB(NameQualifier,NAMEQUALIFIER);
87 DECL_STRING_ATTRIB(SPNameQualifier,SPNAMEQUALIFIER);
88 DECL_STRING_ATTRIB(Format,FORMAT);
89 DECL_STRING_ATTRIB(SPProvidedID,SPPROVIDEDID);
90 DECL_SIMPLE_CONTENT(Name);
91 /** NameIDType local name */
92 static const XMLCh TYPE_NAME[];
93 /** Unspecified name format ID */
94 static const XMLCh UNSPECIFIED[];
95 /** Email address name format ID */
96 static const XMLCh EMAIL[];
97 /** X.509 subject name format ID */
98 static const XMLCh X509_SUBJECT[];
99 /** Windows domain qualified name format ID */
100 static const XMLCh WIN_DOMAIN_QUALIFIED[];
101 /** Kerberos principal name format ID */
102 static const XMLCh KERBEROS[];
103 /** Entity identifier name format ID */
104 static const XMLCh ENTITY[];
105 /** Persistent identifier name format ID */
106 static const XMLCh PERSISTENT[];
107 /** Transient identifier name format ID */
108 static const XMLCh TRANSIENT[];
111 BEGIN_XMLOBJECT(SAML_API,NameID,NameIDType,SAML 2.0 NameID element);
114 BEGIN_XMLOBJECT(SAML_API,Issuer,NameIDType,SAML 2.0 Issuer element);
117 BEGIN_XMLOBJECT(SAML_API,Condition,xmltooling::XMLObject,SAML 2.0 Condition element);
120 BEGIN_XMLOBJECT(SAML_API,AudienceRestriction,Condition,SAML 2.0 AudienceRestriction element);
121 DECL_TYPED_CHILDREN(Audience);
122 /** AudienceRestrictionType local name */
123 static const XMLCh TYPE_NAME[];
126 BEGIN_XMLOBJECT(SAML_API,OneTimeUse,Condition,SAML 2.0 OneTimeUse element);
127 /** OneTimeUseType local name */
128 static const XMLCh TYPE_NAME[];
131 BEGIN_XMLOBJECT(SAML_API,ProxyRestriction,Condition,SAML 2.0 ProxyRestriction element);
132 DECL_INTEGER_ATTRIB(Count,COUNT);
133 DECL_TYPED_CHILDREN(Audience);
134 /** ProxyRestrictionType local name */
135 static const XMLCh TYPE_NAME[];
138 BEGIN_XMLOBJECT(SAML_API,Conditions,xmltooling::XMLObject,SAML 2.0 Conditions element);
139 DECL_DATETIME_ATTRIB(NotBefore,NOTBEFORE);
140 DECL_DATETIME_ATTRIB(NotOnOrAfter,NOTONORAFTER);
141 DECL_TYPED_CHILDREN(AudienceRestriction);
142 DECL_TYPED_CHILDREN(OneTimeUse);
143 DECL_TYPED_CHILDREN(ProxyRestriction);
144 DECL_TYPED_CHILDREN(Condition);
145 /** ConditionsType local name */
146 static const XMLCh TYPE_NAME[];
149 BEGIN_XMLOBJECT(SAML_API,SubjectConfirmationDataType,xmltooling::XMLObject,SAML 2.0 SubjectConfirmationDataType base type);
150 DECL_DATETIME_ATTRIB(NotBefore,NOTBEFORE);
151 DECL_DATETIME_ATTRIB(NotOnOrAfter,NOTONORAFTER);
152 DECL_STRING_ATTRIB(Recipient,RECIPIENT);
153 DECL_STRING_ATTRIB(InResponseTo,INRESPONSETO);
154 DECL_STRING_ATTRIB(Address,ADDRESS);
157 BEGIN_XMLOBJECT2(SAML_API,SubjectConfirmationData,SubjectConfirmationDataType,xmltooling::ElementProxy,SAML 2.0 SubjectConfirmationData element);
158 DECL_SIMPLE_CONTENT(Data);
161 BEGIN_XMLOBJECT2(SAML_API,KeyInfoConfirmationDataType,SubjectConfirmationDataType,xmltooling::AttributeExtensibleXMLObject,SAML 2.0 KeyInfoConfirmationDataType type);
162 DECL_TYPED_FOREIGN_CHILDREN(KeyInfo,xmlsignature);
163 /** KeyInfoConfirmationDataType local name */
164 static const XMLCh TYPE_NAME[];
167 BEGIN_XMLOBJECT(SAML_API,SubjectConfirmation,xmltooling::XMLObject,SAML 2.0 SubjectConfirmation element);
168 DECL_STRING_ATTRIB(Method,METHOD);
169 DECL_TYPED_CHILD(BaseID);
170 DECL_TYPED_CHILD(NameID);
171 DECL_TYPED_CHILD(EncryptedID);
172 DECL_XMLOBJECT_CHILD(SubjectConfirmationData);
173 /** SubjectConfirmationType local name */
174 static const XMLCh TYPE_NAME[];
175 /** Bearer confirmation method */
176 static const XMLCh BEARER[];
177 /** Holder of key confirmation method */
178 static const XMLCh HOLDER_KEY[];
179 /** Sender vouches confirmation method */
180 static const XMLCh SENDER_VOUCHES[];
183 BEGIN_XMLOBJECT(SAML_API,Subject,xmltooling::XMLObject,SAML 2.0 Subject element);
184 DECL_TYPED_CHILD(BaseID);
185 DECL_TYPED_CHILD(NameID);
186 DECL_TYPED_CHILD(EncryptedID);
187 DECL_TYPED_CHILDREN(SubjectConfirmation);
188 /** SubjectType local name */
189 static const XMLCh TYPE_NAME[];
192 BEGIN_XMLOBJECT(SAML_API,Statement,xmltooling::XMLObject,SAML 2.0 Statement element);
195 BEGIN_XMLOBJECT(SAML_API,SubjectLocality,xmltooling::XMLObject,SAML 2.0 SubjectLocality element);
196 DECL_STRING_ATTRIB(Address,ADDRESS);
197 DECL_STRING_ATTRIB(DNSName,DNSNAME);
198 /** SubjectLocalityType local name */
199 static const XMLCh TYPE_NAME[];
202 BEGIN_XMLOBJECT(SAML_API,AuthnContextDecl,xmltooling::ElementProxy,SAML 2.0 AuthnContextDecl element);
205 BEGIN_XMLOBJECT(SAML_API,AuthnContext,xmltooling::XMLObject,SAML 2.0 AuthnContext element);
206 DECL_TYPED_CHILD(AuthnContextClassRef);
207 DECL_XMLOBJECT_CHILD(AuthnContextDecl);
208 DECL_TYPED_CHILD(AuthnContextDeclRef);
209 DECL_TYPED_CHILDREN(AuthenticatingAuthority);
210 /** AuthnContextType local name */
211 static const XMLCh TYPE_NAME[];
214 BEGIN_XMLOBJECT(SAML_API,AuthnStatement,Statement,SAML 2.0 AuthnStatement element);
215 DECL_DATETIME_ATTRIB(AuthnInstant,AUTHNINSTANT);
216 DECL_STRING_ATTRIB(SessionIndex,SESSIONINDEX);
217 DECL_DATETIME_ATTRIB(SessionNotOnOrAfter,SESSIONNOTONORAFTER);
218 DECL_TYPED_CHILD(SubjectLocality);
219 DECL_TYPED_CHILD(AuthnContext);
220 /** AuthnStatementType local name */
221 static const XMLCh TYPE_NAME[];
224 BEGIN_XMLOBJECT(SAML_API,Action,xmltooling::XMLObject,SAML 2.0 Action element);
225 DECL_STRING_ATTRIB(Namespace,NAMESPACE);
226 DECL_SIMPLE_CONTENT(Action);
227 /** ActionType local name */
228 static const XMLCh TYPE_NAME[];
229 /** Read/Write/Execute/Delete/Control Action Namespace */
230 static const XMLCh RWEDC_NEG_ACTION_NAMESPACE[];
231 /** Read/Write/Execute/Delete/Control with Negation Action Namespace */
232 static const XMLCh RWEDC_ACTION_NAMESPACE[];
233 /** Get/Head/Put/Post Action Namespace */
234 static const XMLCh GHPP_ACTION_NAMESPACE[];
235 /** UNIX File Permissions Action Namespace */
236 static const XMLCh UNIX_ACTION_NAMESPACE[];
239 BEGIN_XMLOBJECT(SAML_API,Evidence,xmltooling::XMLObject,SAML 2.0 Evidence element);
240 DECL_TYPED_CHILDREN(AssertionIDRef);
241 DECL_TYPED_CHILDREN(AssertionURIRef);
242 DECL_TYPED_CHILDREN(Assertion);
243 DECL_TYPED_CHILDREN(EncryptedAssertion);
244 /** EvidenceType local name */
245 static const XMLCh TYPE_NAME[];
248 BEGIN_XMLOBJECT(SAML_API,AuthzDecisionStatement,Statement,SAML 2.0 AuthzDecisionStatement element);
249 DECL_STRING_ATTRIB(Resource,RESOURCE);
250 DECL_STRING_ATTRIB(Decision,DECISION);
251 DECL_TYPED_CHILDREN(Action);
252 DECL_TYPED_CHILD(Evidence);
253 /** AuthzDecisionStatementType local name */
254 static const XMLCh TYPE_NAME[];
255 /** Permit Decision */
256 static const XMLCh DECISION_PERMIT[];
258 static const XMLCh DECISION_DENY[];
259 /** Indeterminate Decision */
260 static const XMLCh DECISION_INDETERMINATE[];
263 BEGIN_XMLOBJECT(SAML_API,AttributeValue,xmltooling::ElementProxy,SAML 2.0 AttributeValue element);
266 BEGIN_XMLOBJECT(SAML_API,Attribute,xmltooling::AttributeExtensibleXMLObject,SAML 2.0 Attribute element);
267 DECL_STRING_ATTRIB(Name,NAME);
268 DECL_STRING_ATTRIB(NameFormat,NAMEFORMAT);
269 DECL_STRING_ATTRIB(FriendlyName,FRIENDLYNAME);
270 DECL_XMLOBJECT_CHILDREN(AttributeValue);
271 /** AttributeType local name */
272 static const XMLCh TYPE_NAME[];
273 /** Unspecified attribute name format ID */
274 static const XMLCh UNSPECIFIED[];
275 /** URI reference attribute name format ID */
276 static const XMLCh URI_REFERENCE[];
277 /** Basic attribute name format ID */
278 static const XMLCh BASIC[];
281 BEGIN_XMLOBJECT(SAML_API,EncryptedAttribute,EncryptedElementType,SAML 2.0 EncryptedAttribute element);
284 BEGIN_XMLOBJECT(SAML_API,AttributeStatement,Statement,SAML 2.0 AttributeStatement element);
285 DECL_TYPED_CHILDREN(Attribute);
286 DECL_TYPED_CHILDREN(EncryptedAttribute);
287 /** AttributeStatementType local name */
288 static const XMLCh TYPE_NAME[];
291 BEGIN_XMLOBJECT(SAML_API,EncryptedAssertion,EncryptedElementType,SAML 2.0 EncryptedAssertion element);
294 BEGIN_XMLOBJECT(SAML_API,Advice,xmltooling::ElementExtensibleXMLObject,SAML 2.0 Advice element);
295 DECL_TYPED_CHILDREN(AssertionIDRef);
296 DECL_TYPED_CHILDREN(AssertionURIRef);
297 DECL_TYPED_CHILDREN(Assertion);
298 DECL_TYPED_CHILDREN(EncryptedAssertion);
299 /** AdviceType local name */
300 static const XMLCh TYPE_NAME[];
304 * SAML 2.0 assertion or protocol message.
306 class SAML_API RootObject : virtual public opensaml::RootObject
311 virtual ~RootObject() {}
313 /** Gets the Version attribute. */
314 virtual const XMLCh* getVersion() const=0;
316 /** Gets the Issuer. */
317 virtual Issuer* getIssuer() const=0;
320 BEGIN_XMLOBJECT2(SAML_API,Assertion,saml2::RootObject,opensaml::Assertion,SAML 2.0 Assertion element);
321 DECL_INHERITED_STRING_ATTRIB(Version,VER);
322 DECL_INHERITED_STRING_ATTRIB(ID,ID);
323 DECL_INHERITED_DATETIME_ATTRIB(IssueInstant,ISSUEINSTANT);
324 DECL_INHERITED_TYPED_CHILD(Issuer);
325 DECL_TYPED_CHILD(Subject);
326 DECL_TYPED_CHILD(Conditions);
327 DECL_TYPED_CHILD(Advice);
328 DECL_TYPED_CHILDREN(Statement);
329 DECL_TYPED_CHILDREN(AuthnStatement);
330 DECL_TYPED_CHILDREN(AttributeStatement);
331 DECL_TYPED_CHILDREN(AuthzDecisionStatement);
332 /** AssertionType local name */
333 static const XMLCh TYPE_NAME[];
336 DECL_SAML2OBJECTBUILDER(Action);
337 DECL_SAML2OBJECTBUILDER(Advice);
338 DECL_SAML2OBJECTBUILDER(Assertion);
339 DECL_SAML2OBJECTBUILDER(AssertionIDRef);
340 DECL_SAML2OBJECTBUILDER(AssertionURIRef);
341 DECL_SAML2OBJECTBUILDER(Attribute);
342 DECL_SAML2OBJECTBUILDER(AttributeStatement);
343 DECL_SAML2OBJECTBUILDER(AttributeValue);
344 DECL_SAML2OBJECTBUILDER(Audience);
345 DECL_SAML2OBJECTBUILDER(AudienceRestriction);
346 DECL_SAML2OBJECTBUILDER(AuthenticatingAuthority);
347 DECL_SAML2OBJECTBUILDER(AuthnContext);
348 DECL_SAML2OBJECTBUILDER(AuthnContextClassRef);
349 DECL_SAML2OBJECTBUILDER(AuthnContextDecl);
350 DECL_SAML2OBJECTBUILDER(AuthnContextDeclRef);
351 DECL_SAML2OBJECTBUILDER(AuthnStatement);
352 DECL_SAML2OBJECTBUILDER(AuthzDecisionStatement);
353 DECL_SAML2OBJECTBUILDER(Conditions);
354 DECL_SAML2OBJECTBUILDER(EncryptedAssertion);
355 DECL_SAML2OBJECTBUILDER(EncryptedAttribute);
356 DECL_SAML2OBJECTBUILDER(EncryptedID);
357 DECL_SAML2OBJECTBUILDER(Evidence);
358 DECL_SAML2OBJECTBUILDER(Issuer);
359 DECL_SAML2OBJECTBUILDER(NameID);
360 DECL_SAML2OBJECTBUILDER(OneTimeUse);
361 DECL_SAML2OBJECTBUILDER(ProxyRestriction);
362 DECL_SAML2OBJECTBUILDER(Subject);
363 DECL_SAML2OBJECTBUILDER(SubjectConfirmation);
364 DECL_SAML2OBJECTBUILDER(SubjectConfirmationData);
365 DECL_SAML2OBJECTBUILDER(SubjectLocality);
368 * Builder for NameIDType objects.
370 * This is customized to force the element name to be specified.
372 class SAML_API NameIDTypeBuilder : public xmltooling::XMLObjectBuilder {
374 virtual ~NameIDTypeBuilder() {}
375 /** Builder that allows element/type override. */
376 #ifdef HAVE_COVARIANT_RETURNS
377 virtual NameIDType* buildObject(
379 virtual xmltooling::XMLObject* buildObject(
381 const XMLCh* nsURI, const XMLCh* localName, const XMLCh* prefix=NULL, const xmltooling::QName* schemaType=NULL
384 /** Singleton builder. */
385 static NameIDType* buildNameIDType(const XMLCh* nsURI, const XMLCh* localName, const XMLCh* prefix=NULL) {
386 const NameIDTypeBuilder* b = dynamic_cast<const NameIDTypeBuilder*>(
387 XMLObjectBuilder::getBuilder(xmltooling::QName(samlconstants::SAML20_NS,NameIDType::TYPE_NAME))
390 xmltooling::QName schemaType(samlconstants::SAML20_NS,NameIDType::TYPE_NAME,samlconstants::SAML20_PREFIX);
391 #ifdef HAVE_COVARIANT_RETURNS
392 return b->buildObject(nsURI, localName, prefix, &schemaType);
394 return dynamic_cast<NameIDType*>(b->buildObject(nsURI, localName, prefix, &schemaType));
397 throw xmltooling::XMLObjectException("Unable to obtain typed builder for NameIDType.");
402 * Builder for KeyInfoConfirmationDataType objects.
404 * This is customized to return a SubjectConfirmationData element with an
405 * xsi:type of KeyInfoConfirmationDataType.
407 class SAML_API KeyInfoConfirmationDataTypeBuilder : public xmltooling::XMLObjectBuilder {
409 virtual ~KeyInfoConfirmationDataTypeBuilder() {}
410 /** Default builder. */
411 #ifdef HAVE_COVARIANT_RETURNS
412 virtual KeyInfoConfirmationDataType* buildObject() const {
414 virtual xmltooling::XMLObject* buildObject() const {
416 xmltooling::QName schemaType(
417 samlconstants::SAML20_NS,KeyInfoConfirmationDataType::TYPE_NAME,samlconstants::SAML20_PREFIX
420 samlconstants::SAML20_NS,KeyInfoConfirmationDataType::LOCAL_NAME,samlconstants::SAML20_PREFIX,&schemaType
423 /** Builder that allows element/type override. */
424 #ifdef HAVE_COVARIANT_RETURNS
425 virtual KeyInfoConfirmationDataType* buildObject(
427 virtual xmltooling::XMLObject* buildObject(
429 const XMLCh* nsURI, const XMLCh* localName, const XMLCh* prefix=NULL, const xmltooling::QName* schemaType=NULL
432 /** Singleton builder. */
433 static KeyInfoConfirmationDataType* buildKeyInfoConfirmationDataType() {
434 const KeyInfoConfirmationDataTypeBuilder* b = dynamic_cast<const KeyInfoConfirmationDataTypeBuilder*>(
435 XMLObjectBuilder::getBuilder(xmltooling::QName(samlconstants::SAML20_NS,KeyInfoConfirmationDataType::TYPE_NAME))
438 #ifdef HAVE_COVARIANT_RETURNS
439 return b->buildObject();
441 return dynamic_cast<KeyInfoConfirmationDataType*>(b->buildObject());
443 throw xmltooling::XMLObjectException("Unable to obtain typed builder for KeyInfoConfirmationDataType.");
448 * Registers builders and validators for SAML 2.0 Assertion classes into the runtime.
450 void SAML_API registerAssertionClasses();
454 #endif /* __saml2_assertions_h__ */
projects / shibboleth / cpp-opensaml.git / blob