saml/saml2/core/Assertions.h

   1 /*
   2  *  Copyright 2001-2006 Internet2
   3  *
   4  * Licensed under the Apache License, Version 2.0 (the "License");
   5  * you may not use this file except in compliance with the License.
   6  * You may obtain a copy of the License at
   7  *
   8  *     http://www.apache.org/licenses/LICENSE-2.0
   9  *
  10  * Unless required by applicable law or agreed to in writing, software
  11  * distributed under the License is distributed on an "AS IS" BASIS,
  12  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  13  * See the License for the specific language governing permissions and
  14  * limitations under the License.
  15  */
  16
  17 /**
  18  * @file Assertions.h
  19  *
  20  * XMLObjects representing the SAML 2.0 Assertions schema
  21  */
  22
  23 #ifndef __saml2_assertions_h__
  24 #define __saml2_assertions_h__
  25
  26 #include <saml/signature/SignableObject.h>
  27 #include <saml/util/SAMLConstants.h>
  28
  29 #include <xmltooling/AttributeExtensibleXMLObject.h>
  30 #include <xmltooling/ElementProxy.h>
  31 #include <xmltooling/SimpleElement.h>
  32 #include <xmltooling/XMLObjectBuilder.h>
  33 #include <xmltooling/encryption/Encryption.h>
  34 #include <xmltooling/signature/KeyResolver.h>
  35 #include <xmltooling/signature/Signature.h>
  36 #include <xmltooling/util/DateTime.h>
  37 #include <xmltooling/validation/ValidatingXMLObject.h>
  38
  39 #define DECL_SAML2OBJECTBUILDER(cname) \
  40     DECL_XMLOBJECTBUILDER(SAML_API,cname,opensaml::SAMLConstants::SAML20_NS,opensaml::SAMLConstants::SAML20_PREFIX)
  41
  42 namespace opensaml {
  43
  44     /**
  45      * @namespace saml2
  46      * SAML 2.0 assertion namespace
  47      */
  48     namespace saml2 {
  49
  50         // Forward references
  51         class SAML_API Assertion;
  52
  53         DECL_XMLOBJECT_SIMPLE(SAML_API,AssertionIDRef,AssertionID,SAML 2.0 AssertionIDRef element);
  54         DECL_XMLOBJECT_SIMPLE(SAML_API,AssertionURIRef,AssertionURI,SAML 2.0 AssertionURIRef element);
  55         DECL_XMLOBJECT_SIMPLE(SAML_API,Audience,AudienceURI,SAML 2.0 Audience element);
  56         DECL_XMLOBJECT_SIMPLE(SAML_API,AuthnContextClassRef,Reference,SAML 2.0 AuthnContextClassRef element);
  57         DECL_XMLOBJECT_SIMPLE(SAML_API,AuthnContextDeclRef,Reference,SAML 2.0 AuthnContextDeclRef element);
  58         DECL_XMLOBJECT_SIMPLE(SAML_API,AuthenticatingAuthority,ID,SAML 2.0 AuthenticatingAuthority element);
  59
  60         BEGIN_XMLOBJECT(SAML_API,EncryptedElementType,xmltooling::XMLObject,SAML 2.0 EncryptedElementType type);
  61             DECL_TYPED_FOREIGN_CHILD(EncryptedData,xmlencryption);
  62             DECL_TYPED_FOREIGN_CHILDREN(EncryptedKey,xmlencryption);
  63             /** EncryptedElementType local name */
  64             static const XMLCh TYPE_NAME[];
  65
  66             /**
  67              * Decrypts the element using a standard approach based on a wrapped decryption key
  68              * inside the message. The key decryption key should be supplied using the provided
  69              * resolver. The recipient name may be used when multiple encrypted keys are found.
  70              * The object returned will be unmarshalled around the decrypted DOM element, but the
  71              * DOM itself will be released.
  72              *
  73              * @param KEKresolver   resolver supplying key decryption key
  74              * @param recipient     identifier naming the recipient (the entity performing the decryption)
  75              * @return  the decrypted and unmarshalled object
  76              */
  77             virtual xmltooling::XMLObject* decrypt(xmlsignature::KeyResolver* KEKresolver, const XMLCh* recipient) const=0;
  78         END_XMLOBJECT;
  79
  80         BEGIN_XMLOBJECT(SAML_API,EncryptedID,EncryptedElementType,SAML 2.0 EncryptedID element);
  81         END_XMLOBJECT;
  82
  83         BEGIN_XMLOBJECT(SAML_API,BaseID,xmltooling::XMLObject,SAML 2.0 BaseIDAbstractType abstract type);
  84             DECL_STRING_ATTRIB(NameQualifier,NAMEQUALIFIER);
  85             DECL_STRING_ATTRIB(SPNameQualifier,SPNAMEQUALIFIER);
  86         END_XMLOBJECT;
  87
  88         BEGIN_XMLOBJECT(SAML_API,NameIDType,xmltooling::SimpleElement,SAML 2.0 NameIDType type);
  89             DECL_STRING_ATTRIB(NameQualifier,NAMEQUALIFIER);
  90             DECL_STRING_ATTRIB(SPNameQualifier,SPNAMEQUALIFIER);
  91             DECL_STRING_ATTRIB(Format,FORMAT);
  92             DECL_STRING_ATTRIB(SPProvidedID,SPPROVIDEDID);
  93             DECL_XMLOBJECT_CONTENT(Name);
  94             /** NameIDType local name */
  95             static const XMLCh TYPE_NAME[];
  96         END_XMLOBJECT;
  97
  98         BEGIN_XMLOBJECT(SAML_API,NameID,NameIDType,SAML 2.0 NameID element);
  99         END_XMLOBJECT;
 100
 101         BEGIN_XMLOBJECT(SAML_API,Issuer,NameIDType,SAML 2.0 Issuer element);
 102         END_XMLOBJECT;
 103
 104         BEGIN_XMLOBJECT(SAML_API,Condition,xmltooling::XMLObject,SAML 2.0 Condition element);
 105         END_XMLOBJECT;
 106
 107         BEGIN_XMLOBJECT(SAML_API,AudienceRestriction,Condition,SAML 2.0 AudienceRestriction element);
 108             DECL_TYPED_CHILDREN(Audience);
 109             /** AudienceRestrictionType local name */
 110             static const XMLCh TYPE_NAME[];
 111         END_XMLOBJECT;
 112
 113         BEGIN_XMLOBJECT(SAML_API,OneTimeUse,Condition,SAML 2.0 OneTimeUse element);
 114             /** OneTimeUseType local name */
 115             static const XMLCh TYPE_NAME[];
 116         END_XMLOBJECT;
 117
 118         BEGIN_XMLOBJECT(SAML_API,ProxyRestriction,Condition,SAML 2.0 ProxyRestriction element);
 119             DECL_INTEGER_ATTRIB(Count,COUNT);
 120             DECL_TYPED_CHILDREN(Audience);
 121             /** ProxyRestrictionType local name */
 122             static const XMLCh TYPE_NAME[];
 123         END_XMLOBJECT;
 124
 125         BEGIN_XMLOBJECT(SAML_API,Conditions,xmltooling::XMLObject,SAML 2.0 Conditions element);
 126             DECL_DATETIME_ATTRIB(NotBefore,NOTBEFORE);
 127             DECL_DATETIME_ATTRIB(NotOnOrAfter,NOTONORAFTER);
 128             DECL_TYPED_CHILDREN(AudienceRestriction);
 129             DECL_TYPED_CHILDREN(OneTimeUse);
 130             DECL_TYPED_CHILDREN(ProxyRestriction);
 131             DECL_TYPED_CHILDREN(Condition);
 132             /** ConditionsType local name */
 133             static const XMLCh TYPE_NAME[];
 134         END_XMLOBJECT;
 135
 136         BEGIN_XMLOBJECT2(SAML_API,SubjectConfirmationData,xmltooling::ElementProxy,xmltooling::AttributeExtensibleXMLObject,SAML 2.0 SubjectConfirmationData element);
 137             DECL_DATETIME_ATTRIB(NotBefore,NOTBEFORE);
 138             DECL_DATETIME_ATTRIB(NotOnOrAfter,NOTONORAFTER);
 139             DECL_STRING_ATTRIB(Recipient,RECIPIENT);
 140             DECL_STRING_ATTRIB(InResponseTo,INRESPONSETO);
 141             DECL_STRING_ATTRIB(Address,ADDRESS);
 142             DECL_XMLOBJECT_CONTENT(Data);
 143         END_XMLOBJECT;
 144
 145         BEGIN_XMLOBJECT(SAML_API,KeyInfoConfirmationDataType,xmltooling::AttributeExtensibleXMLObject,SAML 2.0 KeyInfoConfirmationDataType type);
 146             DECL_DATETIME_ATTRIB(NotBefore,NOTBEFORE);
 147             DECL_DATETIME_ATTRIB(NotOnOrAfter,NOTONORAFTER);
 148             DECL_STRING_ATTRIB(Recipient,RECIPIENT);
 149             DECL_STRING_ATTRIB(InResponseTo,INRESPONSETO);
 150             DECL_STRING_ATTRIB(Address,ADDRESS);
 151             DECL_TYPED_FOREIGN_CHILDREN(KeyInfo,xmlsignature);
 152             /** KeyInfoConfirmationDataType local name */
 153             static const XMLCh TYPE_NAME[];
 154         END_XMLOBJECT;
 155
 156         BEGIN_XMLOBJECT(SAML_API,SubjectConfirmation,xmltooling::XMLObject,SAML 2.0 SubjectConfirmation element);
 157             DECL_STRING_ATTRIB(Method,METHOD);
 158             DECL_TYPED_CHILD(BaseID);
 159             DECL_TYPED_CHILD(NameID);
 160             DECL_TYPED_CHILD(EncryptedID);
 161             DECL_XMLOBJECT_CHILD(SubjectConfirmationData);
 162             DECL_TYPED_CHILD(KeyInfoConfirmationDataType);
 163             /** SubjectConfirmationType local name */
 164             static const XMLCh TYPE_NAME[];
 165         END_XMLOBJECT;
 166
 167         BEGIN_XMLOBJECT(SAML_API,Subject,xmltooling::XMLObject,SAML 2.0 Subject element);
 168             DECL_TYPED_CHILD(BaseID);
 169             DECL_TYPED_CHILD(NameID);
 170             DECL_TYPED_CHILD(EncryptedID);
 171             DECL_TYPED_CHILDREN(SubjectConfirmation);
 172             /** SubjectType local name */
 173             static const XMLCh TYPE_NAME[];
 174         END_XMLOBJECT;
 175
 176         BEGIN_XMLOBJECT(SAML_API,Statement,xmltooling::XMLObject,SAML 2.0 Statement element);
 177         END_XMLOBJECT;
 178
 179         BEGIN_XMLOBJECT(SAML_API,SubjectLocality,xmltooling::XMLObject,SAML 2.0 SubjectLocality element);
 180             DECL_STRING_ATTRIB(Address,ADDRESS);
 181             DECL_STRING_ATTRIB(DNSName,DNSNAME);
 182             /** SubjectLocalityType local name */
 183             static const XMLCh TYPE_NAME[];
 184         END_XMLOBJECT;
 185
 186         BEGIN_XMLOBJECT2(SAML_API,AuthnContextDecl,xmltooling::ElementProxy,xmltooling::AttributeExtensibleXMLObject,SAML 2.0 AuthnContextDecl element);
 187         END_XMLOBJECT;
 188
 189         BEGIN_XMLOBJECT(SAML_API,AuthnContext,xmltooling::XMLObject,SAML 2.0 AuthnContext element);
 190             DECL_TYPED_CHILD(AuthnContextClassRef);
 191             DECL_XMLOBJECT_CHILD(AuthnContextDecl);
 192             DECL_TYPED_CHILD(AuthnContextDeclRef);
 193             DECL_TYPED_CHILDREN(AuthenticatingAuthority);
 194             /** AuthnContextType local name */
 195             static const XMLCh TYPE_NAME[];
 196         END_XMLOBJECT;
 197
 198         BEGIN_XMLOBJECT(SAML_API,AuthnStatement,Statement,SAML 2.0 AuthnStatement element);
 199             DECL_DATETIME_ATTRIB(AuthnInstant,AUTHNINSTANT);
 200             DECL_STRING_ATTRIB(SessionIndex,SESSIONINDEX);
 201             DECL_DATETIME_ATTRIB(SessionNotOnOrAfter,SESSIONNOTONORAFTER);
 202             DECL_TYPED_CHILD(SubjectLocality);
 203             DECL_TYPED_CHILD(AuthnContext);
 204             /** AuthnStatementType local name */
 205             static const XMLCh TYPE_NAME[];
 206         END_XMLOBJECT;
 207
 208         BEGIN_XMLOBJECT(SAML_API,Action,xmltooling::SimpleElement,SAML 2.0 Action element);
 209             DECL_STRING_ATTRIB(Namespace,NAMESPACE);
 210             DECL_XMLOBJECT_CONTENT(Action);
 211             /** ActionType local name */
 212             static const XMLCh TYPE_NAME[];
 213         END_XMLOBJECT;
 214
 215         BEGIN_XMLOBJECT(SAML_API,Evidence,xmltooling::XMLObject,SAML 2.0 Evidence element);
 216             DECL_TYPED_CHILDREN(AssertionIDRef);
 217             DECL_TYPED_CHILDREN(AssertionURIRef);
 218             DECL_TYPED_CHILDREN(Assertion);
 219             //DECL_TYPED_CHILDREN(EncryptedAssertion);
 220             /** EvidenceType local name */
 221             static const XMLCh TYPE_NAME[];
 222         END_XMLOBJECT;
 223
 224         BEGIN_XMLOBJECT(SAML_API,AuthzDecisionStatement,Statement,SAML 2.0 AuthzDecisionStatement element);
 225             DECL_STRING_ATTRIB(Resource,RESOURCE);
 226             DECL_STRING_ATTRIB(Decision,DECISION);
 227             DECL_TYPED_CHILDREN(Action);
 228             DECL_TYPED_CHILD(Evidence);
 229             /** AuthzDecisionStatementType local name */
 230             static const XMLCh TYPE_NAME[];
 231             /** Permit Decision */
 232             static const XMLCh DECISION_PERMIT[];
 233             /** Deny Decision */
 234             static const XMLCh DECISION_DENY[];
 235             /** Indeterminate Decision */
 236             static const XMLCh DECISION_INDETERMINATE[];
 237         END_XMLOBJECT;
 238
 239         BEGIN_XMLOBJECT2(SAML_API,AttributeValue,xmltooling::ElementProxy,xmltooling::AttributeExtensibleXMLObject,SAML 2.0 AttributeValue element);
 240         END_XMLOBJECT;
 241
 242         BEGIN_XMLOBJECT(SAML_API,Attribute,xmltooling::AttributeExtensibleXMLObject,SAML 2.0 Attribute element);
 243             DECL_STRING_ATTRIB(Name,NAME);
 244             DECL_STRING_ATTRIB(NameFormat,NAMEFORMAT);
 245             DECL_STRING_ATTRIB(FriendlyName,FRIENDLYNAME);
 246             DECL_XMLOBJECT_CHILDREN(AttributeValue);
 247             /** AttributeType local name */
 248             static const XMLCh TYPE_NAME[];
 249         END_XMLOBJECT;
 250
 251         BEGIN_XMLOBJECT(SAML_API,EncryptedAttribute,EncryptedElementType,SAML 2.0 EncryptedAttribute element);
 252         END_XMLOBJECT;
 253
 254         BEGIN_XMLOBJECT(SAML_API,AttributeStatement,Statement,SAML 2.0 AttributeStatement element);
 255             DECL_TYPED_CHILDREN(Attribute);
 256             DECL_TYPED_CHILDREN(EncryptedAttribute);
 257             /** AttributeStatementType local name */
 258             static const XMLCh TYPE_NAME[];
 259         END_XMLOBJECT;
 260
 261         BEGIN_XMLOBJECT(SAML_API,EncryptedAssertion,EncryptedElementType,SAML 2.0 EncryptedAssertion element);
 262         END_XMLOBJECT;
 263
 264         BEGIN_XMLOBJECT(SAML_API,Advice,xmltooling::XMLObject,SAML 2.0 Advice element);
 265             DECL_TYPED_CHILDREN(AssertionIDRef);
 266             DECL_TYPED_CHILDREN(AssertionURIRef);
 267             DECL_TYPED_CHILDREN(Assertion);
 268             DECL_TYPED_CHILDREN(EncryptedAssertion);
 269             DECL_XMLOBJECT_CHILDREN(Other);
 270             /** AdviceType local name */
 271             static const XMLCh TYPE_NAME[];
 272         END_XMLOBJECT;
 273
 274         BEGIN_XMLOBJECT(SAML_API,Assertion,SignableObject,SAML 2.0 Assertion element);
 275             DECL_STRING_ATTRIB(Version,VER);
 276             DECL_STRING_ATTRIB(ID,ID);
 277             DECL_DATETIME_ATTRIB(IssueInstant,ISSUEINSTANT);
 278             DECL_TYPED_CHILD(Issuer);
 279             DECL_TYPED_FOREIGN_CHILD(Signature,xmlsignature);
 280             DECL_TYPED_CHILD(Subject);
 281             DECL_TYPED_CHILD(Conditions);
 282             DECL_TYPED_CHILD(Advice);
 283             DECL_TYPED_CHILDREN(Statement);
 284             DECL_TYPED_CHILDREN(AuthnStatement);
 285             DECL_TYPED_CHILDREN(AttributeStatement);
 286             DECL_TYPED_CHILDREN(AuthzDecisionStatement);
 287             /** AssertionType local name */
 288             static const XMLCh TYPE_NAME[];
 289         END_XMLOBJECT;
 290
 291         DECL_SAML2OBJECTBUILDER(Action);
 292         DECL_SAML2OBJECTBUILDER(Advice);
 293         DECL_SAML2OBJECTBUILDER(Assertion);
 294         DECL_SAML2OBJECTBUILDER(AssertionIDRef);
 295         DECL_SAML2OBJECTBUILDER(AssertionURIRef);
 296         DECL_SAML2OBJECTBUILDER(Attribute);
 297         DECL_SAML2OBJECTBUILDER(AttributeStatement);
 298         DECL_SAML2OBJECTBUILDER(AttributeValue);
 299         DECL_SAML2OBJECTBUILDER(Audience);
 300         DECL_SAML2OBJECTBUILDER(AudienceRestriction);
 301         DECL_SAML2OBJECTBUILDER(AuthenticatingAuthority);
 302         DECL_SAML2OBJECTBUILDER(AuthnContext);
 303         DECL_SAML2OBJECTBUILDER(AuthnContextClassRef);
 304         DECL_SAML2OBJECTBUILDER(AuthnContextDecl);
 305         DECL_SAML2OBJECTBUILDER(AuthnContextDeclRef);
 306         DECL_SAML2OBJECTBUILDER(AuthnStatement);
 307         DECL_SAML2OBJECTBUILDER(AuthzDecisionStatement);
 308         DECL_SAML2OBJECTBUILDER(Conditions);
 309         DECL_SAML2OBJECTBUILDER(EncryptedAssertion);
 310         DECL_SAML2OBJECTBUILDER(EncryptedAttribute);
 311         DECL_SAML2OBJECTBUILDER(EncryptedID);
 312         DECL_SAML2OBJECTBUILDER(Evidence);
 313         DECL_SAML2OBJECTBUILDER(Issuer);
 314         DECL_SAML2OBJECTBUILDER(NameID);
 315         DECL_SAML2OBJECTBUILDER(OneTimeUse);
 316         DECL_SAML2OBJECTBUILDER(ProxyRestriction);
 317         DECL_SAML2OBJECTBUILDER(Subject);
 318         DECL_SAML2OBJECTBUILDER(SubjectConfirmation);
 319         DECL_SAML2OBJECTBUILDER(SubjectConfirmationData);
 320         DECL_SAML2OBJECTBUILDER(SubjectLocality);
 321
 322         /**
 323          * Builder for NameIDType objects.
 324          *
 325          * This is customized to force the element name to be specified.
 326          */
 327         class SAML_API NameIDTypeBuilder : public xmltooling::XMLObjectBuilder {
 328         public:
 329             virtual ~NameIDTypeBuilder() {}
 330             /** Builder that allows element/type override. */
 331             virtual NameIDType* buildObject(
 332                 const XMLCh* nsURI, const XMLCh* localName, const XMLCh* prefix=NULL, const xmltooling::QName* schemaType=NULL
 333                 ) const;
 334
 335             /** Singleton builder. */
 336             static NameIDType* buildNameIDType(const XMLCh* nsURI, const XMLCh* localName, const XMLCh* prefix=NULL) {
 337                 const NameIDTypeBuilder* b = dynamic_cast<const NameIDTypeBuilder*>(
 338                     XMLObjectBuilder::getBuilder(xmltooling::QName(SAMLConstants::SAML20_NS,NameIDType::TYPE_NAME))
 339                     );
 340                 if (b) {
 341                     xmltooling::QName schemaType(SAMLConstants::SAML20_NS,NameIDType::TYPE_NAME,SAMLConstants::SAML20_PREFIX);
 342                     return b->buildObject(nsURI, localName, prefix, &schemaType);
 343                 }
 344                 throw xmltooling::XMLObjectException("Unable to obtain typed builder for NameIDType.");
 345             }
 346         };
 347
 348         /**
 349          * Builder for KeyInfoConfirmationDataType objects.
 350          *
 351          * This is customized to return a SubjectConfirmationData element with an
 352          * xsi:type of KeyInfoConfirmationDataType.
 353          */
 354         class SAML_API KeyInfoConfirmationDataTypeBuilder : public xmltooling::XMLObjectBuilder {
 355         public:
 356             virtual ~KeyInfoConfirmationDataTypeBuilder() {}
 357             /** Default builder. */
 358             virtual KeyInfoConfirmationDataType* buildObject() const {
 359                 xmltooling::QName schemaType(
 360                     SAMLConstants::SAML20_NS,KeyInfoConfirmationDataType::TYPE_NAME,SAMLConstants::SAML20_PREFIX
 361                     );
 362                 return buildObject(
 363                     SAMLConstants::SAML20_NS,KeyInfoConfirmationDataType::LOCAL_NAME,SAMLConstants::SAML20_PREFIX,&schemaType
 364                     );
 365             }
 366             /** Builder that allows element/type override. */
 367             virtual KeyInfoConfirmationDataType* buildObject(
 368                 const XMLCh* nsURI, const XMLCh* localName, const XMLCh* prefix=NULL, const xmltooling::QName* schemaType=NULL
 369                 ) const;
 370
 371             /** Singleton builder. */
 372             static KeyInfoConfirmationDataType* buildKeyInfoConfirmationDataType() {
 373                 const KeyInfoConfirmationDataTypeBuilder* b = dynamic_cast<const KeyInfoConfirmationDataTypeBuilder*>(
 374                     XMLObjectBuilder::getBuilder(xmltooling::QName(SAMLConstants::SAML20_NS,KeyInfoConfirmationDataType::TYPE_NAME))
 375                     );
 376                 if (b)
 377                     return b->buildObject();
 378                 throw xmltooling::XMLObjectException("Unable to obtain typed builder for KeyInfoConfirmationDataType.");
 379             }
 380         };
 381
 382         /**
 383          * Registers builders and validators for Assertion classes into the runtime.
 384          */
 385         void SAML_API registerAssertionClasses();
 386     };
 387 };
 388
 389 #endif /* __saml2_assertions_h__ */