2 * Copyright 2001-2006 Internet2
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
8 * http://www.apache.org/licenses/LICENSE-2.0
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
20 * XMLObjects representing the SAML 2.0 Assertions schema
23 #ifndef __saml2_assertions_h__
24 #define __saml2_assertions_h__
26 #include <saml/signature/SignableObject.h>
27 #include <saml/util/SAMLConstants.h>
29 #include <xmltooling/AttributeExtensibleXMLObject.h>
30 #include <xmltooling/ElementProxy.h>
31 #include <xmltooling/SimpleElement.h>
32 #include <xmltooling/XMLObjectBuilder.h>
33 #include <xmltooling/encryption/Encryption.h>
34 #include <xmltooling/signature/KeyResolver.h>
35 #include <xmltooling/signature/Signature.h>
36 #include <xmltooling/util/DateTime.h>
37 #include <xmltooling/validation/ValidatingXMLObject.h>
39 #define DECL_SAML2OBJECTBUILDER(cname) \
40 DECL_XMLOBJECTBUILDER(SAML_API,cname,opensaml::SAMLConstants::SAML20_NS,opensaml::SAMLConstants::SAML20_PREFIX)
46 * SAML 2.0 assertion namespace
51 class SAML_API Assertion;
53 DECL_XMLOBJECT_SIMPLE(SAML_API,AssertionIDRef,AssertionID,SAML 2.0 AssertionIDRef element);
54 DECL_XMLOBJECT_SIMPLE(SAML_API,AssertionURIRef,AssertionURI,SAML 2.0 AssertionURIRef element);
55 DECL_XMLOBJECT_SIMPLE(SAML_API,Audience,AudienceURI,SAML 2.0 Audience element);
56 DECL_XMLOBJECT_SIMPLE(SAML_API,AuthnContextClassRef,Reference,SAML 2.0 AuthnContextClassRef element);
57 DECL_XMLOBJECT_SIMPLE(SAML_API,AuthnContextDeclRef,Reference,SAML 2.0 AuthnContextDeclRef element);
58 DECL_XMLOBJECT_SIMPLE(SAML_API,AuthenticatingAuthority,ID,SAML 2.0 AuthenticatingAuthority element);
60 BEGIN_XMLOBJECT(SAML_API,EncryptedElementType,xmltooling::XMLObject,SAML 2.0 EncryptedElementType type);
61 DECL_TYPED_FOREIGN_CHILD(EncryptedData,xmlencryption);
62 DECL_TYPED_FOREIGN_CHILDREN(EncryptedKey,xmlencryption);
63 /** EncryptedElementType local name */
64 static const XMLCh TYPE_NAME[];
67 * Decrypts the element using a standard approach based on a wrapped decryption key
68 * inside the message. The key decryption key should be supplied using the provided
69 * resolver. The recipient name may be used when multiple encrypted keys are found.
70 * The object returned will be unmarshalled around the decrypted DOM element, but the
71 * DOM itself will be released.
73 * @param KEKresolver resolver supplying key decryption key
74 * @param recipient identifier naming the recipient (the entity performing the decryption)
75 * @return the decrypted and unmarshalled object
77 virtual xmltooling::XMLObject* decrypt(xmlsignature::KeyResolver* KEKresolver, const XMLCh* recipient) const=0;
80 BEGIN_XMLOBJECT(SAML_API,EncryptedID,EncryptedElementType,SAML 2.0 EncryptedID element);
83 BEGIN_XMLOBJECT(SAML_API,BaseID,xmltooling::XMLObject,SAML 2.0 BaseIDAbstractType abstract type);
84 DECL_STRING_ATTRIB(NameQualifier,NAMEQUALIFIER);
85 DECL_STRING_ATTRIB(SPNameQualifier,SPNAMEQUALIFIER);
88 BEGIN_XMLOBJECT(SAML_API,NameIDType,xmltooling::SimpleElement,SAML 2.0 NameIDType type);
89 DECL_STRING_ATTRIB(NameQualifier,NAMEQUALIFIER);
90 DECL_STRING_ATTRIB(SPNameQualifier,SPNAMEQUALIFIER);
91 DECL_STRING_ATTRIB(Format,FORMAT);
92 DECL_STRING_ATTRIB(SPProvidedID,SPPROVIDEDID);
93 DECL_XMLOBJECT_CONTENT(Name);
94 /** NameIDType local name */
95 static const XMLCh TYPE_NAME[];
98 BEGIN_XMLOBJECT(SAML_API,NameID,NameIDType,SAML 2.0 NameID element);
101 BEGIN_XMLOBJECT(SAML_API,Issuer,NameIDType,SAML 2.0 Issuer element);
104 BEGIN_XMLOBJECT(SAML_API,Condition,xmltooling::XMLObject,SAML 2.0 Condition element);
107 BEGIN_XMLOBJECT(SAML_API,AudienceRestriction,Condition,SAML 2.0 AudienceRestriction element);
108 DECL_TYPED_CHILDREN(Audience);
109 /** AudienceRestrictionType local name */
110 static const XMLCh TYPE_NAME[];
113 BEGIN_XMLOBJECT(SAML_API,OneTimeUse,Condition,SAML 2.0 OneTimeUse element);
114 /** OneTimeUseType local name */
115 static const XMLCh TYPE_NAME[];
118 BEGIN_XMLOBJECT(SAML_API,ProxyRestriction,Condition,SAML 2.0 ProxyRestriction element);
119 DECL_INTEGER_ATTRIB(Count,COUNT);
120 DECL_TYPED_CHILDREN(Audience);
121 /** ProxyRestrictionType local name */
122 static const XMLCh TYPE_NAME[];
125 BEGIN_XMLOBJECT(SAML_API,Conditions,xmltooling::XMLObject,SAML 2.0 Conditions element);
126 DECL_DATETIME_ATTRIB(NotBefore,NOTBEFORE);
127 DECL_DATETIME_ATTRIB(NotOnOrAfter,NOTONORAFTER);
128 DECL_TYPED_CHILDREN(AudienceRestriction);
129 DECL_TYPED_CHILDREN(OneTimeUse);
130 DECL_TYPED_CHILDREN(ProxyRestriction);
131 DECL_TYPED_CHILDREN(Condition);
132 /** ConditionsType local name */
133 static const XMLCh TYPE_NAME[];
136 BEGIN_XMLOBJECT2(SAML_API,SubjectConfirmationData,xmltooling::ElementProxy,xmltooling::AttributeExtensibleXMLObject,SAML 2.0 SubjectConfirmationData element);
137 DECL_DATETIME_ATTRIB(NotBefore,NOTBEFORE);
138 DECL_DATETIME_ATTRIB(NotOnOrAfter,NOTONORAFTER);
139 DECL_STRING_ATTRIB(Recipient,RECIPIENT);
140 DECL_STRING_ATTRIB(InResponseTo,INRESPONSETO);
141 DECL_STRING_ATTRIB(Address,ADDRESS);
142 DECL_XMLOBJECT_CONTENT(Data);
145 BEGIN_XMLOBJECT(SAML_API,KeyInfoConfirmationDataType,xmltooling::AttributeExtensibleXMLObject,SAML 2.0 KeyInfoConfirmationDataType type);
146 DECL_DATETIME_ATTRIB(NotBefore,NOTBEFORE);
147 DECL_DATETIME_ATTRIB(NotOnOrAfter,NOTONORAFTER);
148 DECL_STRING_ATTRIB(Recipient,RECIPIENT);
149 DECL_STRING_ATTRIB(InResponseTo,INRESPONSETO);
150 DECL_STRING_ATTRIB(Address,ADDRESS);
151 DECL_TYPED_FOREIGN_CHILDREN(KeyInfo,xmlsignature);
152 /** KeyInfoConfirmationDataType local name */
153 static const XMLCh TYPE_NAME[];
156 BEGIN_XMLOBJECT(SAML_API,SubjectConfirmation,xmltooling::XMLObject,SAML 2.0 SubjectConfirmation element);
157 DECL_STRING_ATTRIB(Method,METHOD);
158 DECL_TYPED_CHILD(BaseID);
159 DECL_TYPED_CHILD(NameID);
160 DECL_TYPED_CHILD(EncryptedID);
161 DECL_XMLOBJECT_CHILD(SubjectConfirmationData);
162 DECL_TYPED_CHILD(KeyInfoConfirmationDataType);
163 /** SubjectConfirmationType local name */
164 static const XMLCh TYPE_NAME[];
167 BEGIN_XMLOBJECT(SAML_API,Subject,xmltooling::XMLObject,SAML 2.0 Subject element);
168 DECL_TYPED_CHILD(BaseID);
169 DECL_TYPED_CHILD(NameID);
170 DECL_TYPED_CHILD(EncryptedID);
171 DECL_TYPED_CHILDREN(SubjectConfirmation);
172 /** SubjectType local name */
173 static const XMLCh TYPE_NAME[];
176 BEGIN_XMLOBJECT(SAML_API,Statement,xmltooling::XMLObject,SAML 2.0 Statement element);
179 BEGIN_XMLOBJECT(SAML_API,SubjectLocality,xmltooling::XMLObject,SAML 2.0 SubjectLocality element);
180 DECL_STRING_ATTRIB(Address,ADDRESS);
181 DECL_STRING_ATTRIB(DNSName,DNSNAME);
182 /** SubjectLocalityType local name */
183 static const XMLCh TYPE_NAME[];
186 BEGIN_XMLOBJECT2(SAML_API,AuthnContextDecl,xmltooling::ElementProxy,xmltooling::AttributeExtensibleXMLObject,SAML 2.0 AuthnContextDecl element);
189 BEGIN_XMLOBJECT(SAML_API,AuthnContext,xmltooling::XMLObject,SAML 2.0 AuthnContext element);
190 DECL_TYPED_CHILD(AuthnContextClassRef);
191 DECL_XMLOBJECT_CHILD(AuthnContextDecl);
192 DECL_TYPED_CHILD(AuthnContextDeclRef);
193 DECL_TYPED_CHILDREN(AuthenticatingAuthority);
194 /** AuthnContextType local name */
195 static const XMLCh TYPE_NAME[];
198 BEGIN_XMLOBJECT(SAML_API,AuthnStatement,Statement,SAML 2.0 AuthnStatement element);
199 DECL_DATETIME_ATTRIB(AuthnInstant,AUTHNINSTANT);
200 DECL_STRING_ATTRIB(SessionIndex,SESSIONINDEX);
201 DECL_DATETIME_ATTRIB(SessionNotOnOrAfter,SESSIONNOTONORAFTER);
202 DECL_TYPED_CHILD(SubjectLocality);
203 DECL_TYPED_CHILD(AuthnContext);
204 /** AuthnStatementType local name */
205 static const XMLCh TYPE_NAME[];
208 BEGIN_XMLOBJECT(SAML_API,Action,xmltooling::SimpleElement,SAML 2.0 Action element);
209 DECL_STRING_ATTRIB(Namespace,NAMESPACE);
210 DECL_XMLOBJECT_CONTENT(Action);
211 /** ActionType local name */
212 static const XMLCh TYPE_NAME[];
215 BEGIN_XMLOBJECT(SAML_API,Evidence,xmltooling::XMLObject,SAML 2.0 Evidence element);
216 DECL_TYPED_CHILDREN(AssertionIDRef);
217 DECL_TYPED_CHILDREN(AssertionURIRef);
218 DECL_TYPED_CHILDREN(Assertion);
219 //DECL_TYPED_CHILDREN(EncryptedAssertion);
220 /** EvidenceType local name */
221 static const XMLCh TYPE_NAME[];
224 BEGIN_XMLOBJECT(SAML_API,AuthzDecisionStatement,Statement,SAML 2.0 AuthzDecisionStatement element);
225 DECL_STRING_ATTRIB(Resource,RESOURCE);
226 DECL_STRING_ATTRIB(Decision,DECISION);
227 DECL_TYPED_CHILDREN(Action);
228 DECL_TYPED_CHILD(Evidence);
229 /** AuthzDecisionStatementType local name */
230 static const XMLCh TYPE_NAME[];
231 /** Permit Decision */
232 static const XMLCh DECISION_PERMIT[];
234 static const XMLCh DECISION_DENY[];
235 /** Indeterminate Decision */
236 static const XMLCh DECISION_INDETERMINATE[];
239 BEGIN_XMLOBJECT2(SAML_API,AttributeValue,xmltooling::ElementProxy,xmltooling::AttributeExtensibleXMLObject,SAML 2.0 AttributeValue element);
242 BEGIN_XMLOBJECT(SAML_API,Attribute,xmltooling::AttributeExtensibleXMLObject,SAML 2.0 Attribute element);
243 DECL_STRING_ATTRIB(Name,NAME);
244 DECL_STRING_ATTRIB(NameFormat,NAMEFORMAT);
245 DECL_STRING_ATTRIB(FriendlyName,FRIENDLYNAME);
246 DECL_XMLOBJECT_CHILDREN(AttributeValue);
247 /** AttributeType local name */
248 static const XMLCh TYPE_NAME[];
251 BEGIN_XMLOBJECT(SAML_API,EncryptedAttribute,EncryptedElementType,SAML 2.0 EncryptedAttribute element);
254 BEGIN_XMLOBJECT(SAML_API,AttributeStatement,Statement,SAML 2.0 AttributeStatement element);
255 DECL_TYPED_CHILDREN(Attribute);
256 DECL_TYPED_CHILDREN(EncryptedAttribute);
257 /** AttributeStatementType local name */
258 static const XMLCh TYPE_NAME[];
261 BEGIN_XMLOBJECT(SAML_API,EncryptedAssertion,EncryptedElementType,SAML 2.0 EncryptedAssertion element);
264 BEGIN_XMLOBJECT(SAML_API,Advice,xmltooling::XMLObject,SAML 2.0 Advice element);
265 DECL_TYPED_CHILDREN(AssertionIDRef);
266 DECL_TYPED_CHILDREN(AssertionURIRef);
267 DECL_TYPED_CHILDREN(Assertion);
268 DECL_TYPED_CHILDREN(EncryptedAssertion);
269 DECL_XMLOBJECT_CHILDREN(Other);
270 /** AdviceType local name */
271 static const XMLCh TYPE_NAME[];
274 BEGIN_XMLOBJECT(SAML_API,Assertion,SignableObject,SAML 2.0 Assertion element);
275 DECL_STRING_ATTRIB(Version,VER);
276 DECL_STRING_ATTRIB(ID,ID);
277 DECL_DATETIME_ATTRIB(IssueInstant,ISSUEINSTANT);
278 DECL_TYPED_CHILD(Issuer);
279 DECL_TYPED_FOREIGN_CHILD(Signature,xmlsignature);
280 DECL_TYPED_CHILD(Subject);
281 DECL_TYPED_CHILD(Conditions);
282 DECL_TYPED_CHILD(Advice);
283 DECL_TYPED_CHILDREN(Statement);
284 DECL_TYPED_CHILDREN(AuthnStatement);
285 DECL_TYPED_CHILDREN(AttributeStatement);
286 DECL_TYPED_CHILDREN(AuthzDecisionStatement);
287 /** AssertionType local name */
288 static const XMLCh TYPE_NAME[];
291 DECL_SAML2OBJECTBUILDER(Action);
292 DECL_SAML2OBJECTBUILDER(Advice);
293 DECL_SAML2OBJECTBUILDER(Assertion);
294 DECL_SAML2OBJECTBUILDER(AssertionIDRef);
295 DECL_SAML2OBJECTBUILDER(AssertionURIRef);
296 DECL_SAML2OBJECTBUILDER(Attribute);
297 DECL_SAML2OBJECTBUILDER(AttributeStatement);
298 DECL_SAML2OBJECTBUILDER(AttributeValue);
299 DECL_SAML2OBJECTBUILDER(Audience);
300 DECL_SAML2OBJECTBUILDER(AudienceRestriction);
301 DECL_SAML2OBJECTBUILDER(AuthenticatingAuthority);
302 DECL_SAML2OBJECTBUILDER(AuthnContext);
303 DECL_SAML2OBJECTBUILDER(AuthnContextClassRef);
304 DECL_SAML2OBJECTBUILDER(AuthnContextDecl);
305 DECL_SAML2OBJECTBUILDER(AuthnContextDeclRef);
306 DECL_SAML2OBJECTBUILDER(AuthnStatement);
307 DECL_SAML2OBJECTBUILDER(AuthzDecisionStatement);
308 DECL_SAML2OBJECTBUILDER(Conditions);
309 DECL_SAML2OBJECTBUILDER(EncryptedAssertion);
310 DECL_SAML2OBJECTBUILDER(EncryptedAttribute);
311 DECL_SAML2OBJECTBUILDER(EncryptedID);
312 DECL_SAML2OBJECTBUILDER(Evidence);
313 DECL_SAML2OBJECTBUILDER(Issuer);
314 DECL_SAML2OBJECTBUILDER(NameID);
315 DECL_SAML2OBJECTBUILDER(OneTimeUse);
316 DECL_SAML2OBJECTBUILDER(ProxyRestriction);
317 DECL_SAML2OBJECTBUILDER(Subject);
318 DECL_SAML2OBJECTBUILDER(SubjectConfirmation);
319 DECL_SAML2OBJECTBUILDER(SubjectConfirmationData);
320 DECL_SAML2OBJECTBUILDER(SubjectLocality);
323 * Builder for NameIDType objects.
325 * This is customized to force the element name to be specified.
327 class SAML_API NameIDTypeBuilder : public xmltooling::XMLObjectBuilder {
329 virtual ~NameIDTypeBuilder() {}
330 /** Builder that allows element/type override. */
331 virtual NameIDType* buildObject(
332 const XMLCh* nsURI, const XMLCh* localName, const XMLCh* prefix=NULL, const xmltooling::QName* schemaType=NULL
335 /** Singleton builder. */
336 static NameIDType* buildNameIDType(const XMLCh* nsURI, const XMLCh* localName, const XMLCh* prefix=NULL) {
337 const NameIDTypeBuilder* b = dynamic_cast<const NameIDTypeBuilder*>(
338 XMLObjectBuilder::getBuilder(xmltooling::QName(SAMLConstants::SAML20_NS,NameIDType::TYPE_NAME))
341 xmltooling::QName schemaType(SAMLConstants::SAML20_NS,NameIDType::TYPE_NAME,SAMLConstants::SAML20_PREFIX);
342 return b->buildObject(nsURI, localName, prefix, &schemaType);
344 throw xmltooling::XMLObjectException("Unable to obtain typed builder for NameIDType.");
349 * Builder for KeyInfoConfirmationDataType objects.
351 * This is customized to return a SubjectConfirmationData element with an
352 * xsi:type of KeyInfoConfirmationDataType.
354 class SAML_API KeyInfoConfirmationDataTypeBuilder : public xmltooling::XMLObjectBuilder {
356 virtual ~KeyInfoConfirmationDataTypeBuilder() {}
357 /** Default builder. */
358 virtual KeyInfoConfirmationDataType* buildObject() const {
359 xmltooling::QName schemaType(
360 SAMLConstants::SAML20_NS,KeyInfoConfirmationDataType::TYPE_NAME,SAMLConstants::SAML20_PREFIX
363 SAMLConstants::SAML20_NS,KeyInfoConfirmationDataType::LOCAL_NAME,SAMLConstants::SAML20_PREFIX,&schemaType
366 /** Builder that allows element/type override. */
367 virtual KeyInfoConfirmationDataType* buildObject(
368 const XMLCh* nsURI, const XMLCh* localName, const XMLCh* prefix=NULL, const xmltooling::QName* schemaType=NULL
371 /** Singleton builder. */
372 static KeyInfoConfirmationDataType* buildKeyInfoConfirmationDataType() {
373 const KeyInfoConfirmationDataTypeBuilder* b = dynamic_cast<const KeyInfoConfirmationDataTypeBuilder*>(
374 XMLObjectBuilder::getBuilder(xmltooling::QName(SAMLConstants::SAML20_NS,KeyInfoConfirmationDataType::TYPE_NAME))
377 return b->buildObject();
378 throw xmltooling::XMLObjectException("Unable to obtain typed builder for KeyInfoConfirmationDataType.");
383 * Registers builders and validators for Assertion classes into the runtime.
385 void SAML_API registerAssertionClasses();
389 #endif /* __saml2_assertions_h__ */