2 * Licensed to the University Corporation for Advanced Internet
3 * Development, Inc. (UCAID) under one or more contributor license
4 * agreements. See the NOTICE file distributed with this work for
5 * additional information regarding copyright ownership.
7 * UCAID licenses this file to you under the Apache License,
8 * Version 2.0 (the "License"); you may not use this file except
9 * in compliance with the License. You may obtain a copy of the
12 * http://www.apache.org/licenses/LICENSE-2.0
14 * Unless required by applicable law or agreed to in writing,
15 * software distributed under the License is distributed on an
16 * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND,
17 * either express or implied. See the License for the specific
18 * language governing permissions and limitations under the License.
22 * @file saml/saml2/core/Assertions.h
24 * XMLObjects representing the SAML 2.0 Assertions schema.
27 #ifndef __saml2_assertions_h__
28 #define __saml2_assertions_h__
30 #include <saml/Assertion.h>
31 #include <saml/util/SAMLConstants.h>
33 #include <xmltooling/ConcreteXMLObjectBuilder.h>
34 #include <xmltooling/ElementProxy.h>
36 #define DECL_SAML2OBJECTBUILDER(cname) \
37 DECL_XMLOBJECTBUILDER(SAML_API,cname,samlconstants::SAML20_NS,samlconstants::SAML20_PREFIX)
39 namespace xmltooling {
40 class XMLTOOL_API CredentialCriteria;
41 class XMLTOOL_API CredentialResolver;
42 class XMLTOOL_API DateTime;
45 namespace xmlencryption {
46 class XMLTOOL_API EncryptedData;
47 class XMLTOOL_API EncryptedKey;
50 namespace xmlsignature {
51 class XMLTOOL_API KeyInfo;
52 class XMLTOOL_API Signature;
58 class SAML_API MetadataProvider;
59 class SAML_API MetadataCredentialCriteria;
63 * @namespace opensaml::saml2
64 * SAML 2.0 assertion namespace
69 class SAML_API Assertion;
70 class SAML_API EncryptedAssertion;
73 * Marker interface for SAML types that can be encrypted.
75 class SAML_API EncryptableObject : public virtual xmltooling::XMLObject
78 EncryptableObject() {}
79 virtual ~EncryptableObject() {}
82 DECL_XMLOBJECT_SIMPLE(SAML_API,AssertionIDRef,AssertionID,SAML 2.0 AssertionIDRef element);
83 DECL_XMLOBJECT_SIMPLE(SAML_API,AssertionURIRef,AssertionURI,SAML 2.0 AssertionURIRef element);
84 DECL_XMLOBJECT_SIMPLE(SAML_API,Audience,AudienceURI,SAML 2.0 Audience element);
85 DECL_XMLOBJECT_SIMPLE(SAML_API,AuthnContextClassRef,Reference,SAML 2.0 AuthnContextClassRef element);
86 DECL_XMLOBJECT_SIMPLE(SAML_API,AuthnContextDeclRef,Reference,SAML 2.0 AuthnContextDeclRef element);
87 DECL_XMLOBJECT_SIMPLE(SAML_API,AuthenticatingAuthority,ID,SAML 2.0 AuthenticatingAuthority element);
89 BEGIN_XMLOBJECT(SAML_API,EncryptedElementType,xmltooling::XMLObject,SAML 2.0 EncryptedElementType type);
90 DECL_TYPED_FOREIGN_CHILD(EncryptedData,xmlencryption);
91 DECL_TYPED_FOREIGN_CHILDREN(EncryptedKey,xmlencryption);
92 /** EncryptedElementType local name */
93 static const XMLCh TYPE_NAME[];
96 * Encrypts an object to a single recipient using this object as a container.
98 * @param xmlObject object to encrypt
99 * @param metadataProvider a locked MetadataProvider to supply encryption keys
100 * @param criteria metadata-based CredentialCriteria to use
101 * @param compact true iff compact KeyInfo should be used
102 * @param algorithm optionally specifies data encryption algorithm if none can be determined from metadata
103 * @return the encrypted object
105 virtual void encrypt(
106 const EncryptableObject& xmlObject,
107 const saml2md::MetadataProvider& metadataProvider,
108 saml2md::MetadataCredentialCriteria& criteria,
110 const XMLCh* algorithm=nullptr
114 * Encrypts an object to multiple recipients using this object as a container.
116 * @param xmlObject object to encrypt
117 * @param recipients pairs containing a locked MetadataProvider to supply encryption keys,
118 * and a metadata-based CredentialCriteria to use
119 * @param compact true iff compact KeyInfo should be used
120 * @param algorithm optionally specifies data encryption algorithm if none can be determined from metadata
121 * @return the encrypted object
123 virtual void encrypt(
124 const EncryptableObject& xmlObject,
125 const std::vector< std::pair<const saml2md::MetadataProvider*, saml2md::MetadataCredentialCriteria*> >& recipients,
127 const XMLCh* algorithm=nullptr
131 * Decrypts the element using the supplied CredentialResolver.
133 * <p>The object returned will be unmarshalled around the decrypted DOM element in a
134 * new Document owned by the object.
136 * <p>The final boolean parameter is used to enforce a requirement for an authenticated cipher
137 * suite such as AES-GCM or similar. These ciphers include an HMAC or equivalent step that
138 * prevents tampering. Newer applications should set this parameter to true unless the ciphertext
139 * has been independently authenticated, and even in such a case, it is rarely possible to prevent
140 * chosen ciphertext attacks by trusted signers.
142 * @param credResolver locked resolver supplying decryption keys
143 * @param recipient identifier naming the recipient (the entity performing the decryption)
144 * @param criteria optional external criteria to use with resolver
145 * @param requireAuthenticatedCipher true iff the bulk data encryption algorithm must be an authenticated cipher
146 * @return the decrypted and unmarshalled object
148 virtual xmltooling::XMLObject* decrypt(
149 const xmltooling::CredentialResolver& credResolver,
150 const XMLCh* recipient,
151 xmltooling::CredentialCriteria* criteria=nullptr,
152 bool requireAuthenticatedCipher=false
156 BEGIN_XMLOBJECT(SAML_API,EncryptedID,EncryptedElementType,SAML 2.0 EncryptedID element);
159 BEGIN_XMLOBJECT(SAML_API,BaseID,EncryptableObject,SAML 2.0 BaseID abstract element);
160 DECL_STRING_ATTRIB(NameQualifier,NAMEQUALIFIER);
161 DECL_STRING_ATTRIB(SPNameQualifier,SPNAMEQUALIFIER);
164 BEGIN_XMLOBJECT(SAML_API,NameIDType,xmltooling::XMLObject,SAML 2.0 NameIDType type);
165 DECL_STRING_ATTRIB(NameQualifier,NAMEQUALIFIER);
166 DECL_STRING_ATTRIB(SPNameQualifier,SPNAMEQUALIFIER);
167 DECL_STRING_ATTRIB(Format,FORMAT);
168 DECL_STRING_ATTRIB(SPProvidedID,SPPROVIDEDID);
169 DECL_SIMPLE_CONTENT(Name);
170 /** NameIDType local name */
171 static const XMLCh TYPE_NAME[];
172 /** Unspecified name format ID */
173 static const XMLCh UNSPECIFIED[];
174 /** Email address name format ID */
175 static const XMLCh EMAIL[];
176 /** X.509 subject name format ID */
177 static const XMLCh X509_SUBJECT[];
178 /** Windows domain qualified name format ID */
179 static const XMLCh WIN_DOMAIN_QUALIFIED[];
180 /** Kerberos principal name format ID */
181 static const XMLCh KERBEROS[];
182 /** Entity identifier name format ID */
183 static const XMLCh ENTITY[];
184 /** Persistent identifier name format ID */
185 static const XMLCh PERSISTENT[];
186 /** Transient identifier name format ID */
187 static const XMLCh TRANSIENT[];
190 BEGIN_XMLOBJECT2(SAML_API,NameID,NameIDType,EncryptableObject,SAML 2.0 NameID element);
193 BEGIN_XMLOBJECT(SAML_API,Issuer,NameIDType,SAML 2.0 Issuer element);
196 BEGIN_XMLOBJECT(SAML_API,Condition,xmltooling::XMLObject,SAML 2.0 Condition element);
199 BEGIN_XMLOBJECT(SAML_API,AudienceRestriction,Condition,SAML 2.0 AudienceRestriction element);
200 DECL_TYPED_CHILDREN(Audience);
201 /** AudienceRestrictionType local name */
202 static const XMLCh TYPE_NAME[];
205 BEGIN_XMLOBJECT(SAML_API,OneTimeUse,Condition,SAML 2.0 OneTimeUse element);
206 /** OneTimeUseType local name */
207 static const XMLCh TYPE_NAME[];
210 BEGIN_XMLOBJECT(SAML_API,ProxyRestriction,Condition,SAML 2.0 ProxyRestriction element);
211 DECL_INTEGER_ATTRIB(Count,COUNT);
212 DECL_TYPED_CHILDREN(Audience);
213 /** ProxyRestrictionType local name */
214 static const XMLCh TYPE_NAME[];
217 BEGIN_XMLOBJECT(SAML_API,Delegate,xmltooling::XMLObject,SAML 2.0 Delegation Restriction Condition Delegate element);
218 DECL_STRING_ATTRIB(ConfirmationMethod,CONFIRMATIONMETHOD);
219 DECL_DATETIME_ATTRIB(DelegationInstant,DELEGATIONINSTANT);
220 DECL_TYPED_CHILD(BaseID);
221 DECL_TYPED_CHILD(NameID);
222 DECL_TYPED_CHILD(EncryptedID);
223 /** DelegateType local name */
224 static const XMLCh TYPE_NAME[];
227 BEGIN_XMLOBJECT(SAML_API,DelegationRestrictionType,Condition,SAML 2.0 Delegation Restriction Condition type);
228 DECL_TYPED_CHILDREN(Delegate);
229 /** DelegationRestrictionType local name */
230 static const XMLCh TYPE_NAME[];
233 BEGIN_XMLOBJECT(SAML_API,Conditions,xmltooling::XMLObject,SAML 2.0 Conditions element);
234 DECL_DATETIME_ATTRIB(NotBefore,NOTBEFORE);
235 DECL_DATETIME_ATTRIB(NotOnOrAfter,NOTONORAFTER);
236 DECL_TYPED_CHILDREN(AudienceRestriction);
237 DECL_TYPED_CHILDREN(OneTimeUse);
238 DECL_TYPED_CHILDREN(ProxyRestriction);
239 DECL_TYPED_CHILDREN(Condition);
240 /** ConditionsType local name */
241 static const XMLCh TYPE_NAME[];
244 BEGIN_XMLOBJECT(SAML_API,SubjectConfirmationDataType,xmltooling::XMLObject,SAML 2.0 SubjectConfirmationDataType base type);
245 DECL_DATETIME_ATTRIB(NotBefore,NOTBEFORE);
246 DECL_DATETIME_ATTRIB(NotOnOrAfter,NOTONORAFTER);
247 DECL_STRING_ATTRIB(Recipient,RECIPIENT);
248 DECL_STRING_ATTRIB(InResponseTo,INRESPONSETO);
249 DECL_STRING_ATTRIB(Address,ADDRESS);
252 BEGIN_XMLOBJECT2(SAML_API,SubjectConfirmationData,SubjectConfirmationDataType,xmltooling::ElementProxy,SAML 2.0 SubjectConfirmationData element);
253 DECL_SIMPLE_CONTENT(Data);
256 BEGIN_XMLOBJECT2(SAML_API,KeyInfoConfirmationDataType,SubjectConfirmationDataType,xmltooling::AttributeExtensibleXMLObject,SAML 2.0 KeyInfoConfirmationDataType type);
257 DECL_TYPED_FOREIGN_CHILDREN(KeyInfo,xmlsignature);
258 /** KeyInfoConfirmationDataType local name */
259 static const XMLCh TYPE_NAME[];
262 BEGIN_XMLOBJECT(SAML_API,SubjectConfirmation,xmltooling::XMLObject,SAML 2.0 SubjectConfirmation element);
263 DECL_STRING_ATTRIB(Method,METHOD);
264 DECL_TYPED_CHILD(BaseID);
265 DECL_TYPED_CHILD(NameID);
266 DECL_TYPED_CHILD(EncryptedID);
267 DECL_XMLOBJECT_CHILD(SubjectConfirmationData);
268 /** SubjectConfirmationType local name */
269 static const XMLCh TYPE_NAME[];
270 /** Bearer confirmation method */
271 static const XMLCh BEARER[];
272 /** Holder of key confirmation method */
273 static const XMLCh HOLDER_KEY[];
274 /** Sender vouches confirmation method */
275 static const XMLCh SENDER_VOUCHES[];
278 BEGIN_XMLOBJECT(SAML_API,Subject,xmltooling::XMLObject,SAML 2.0 Subject element);
279 DECL_TYPED_CHILD(BaseID);
280 DECL_TYPED_CHILD(NameID);
281 DECL_TYPED_CHILD(EncryptedID);
282 DECL_TYPED_CHILDREN(SubjectConfirmation);
283 /** SubjectType local name */
284 static const XMLCh TYPE_NAME[];
287 BEGIN_XMLOBJECT(SAML_API,Statement,xmltooling::XMLObject,SAML 2.0 Statement element);
290 BEGIN_XMLOBJECT(SAML_API,SubjectLocality,xmltooling::XMLObject,SAML 2.0 SubjectLocality element);
291 DECL_STRING_ATTRIB(Address,ADDRESS);
292 DECL_STRING_ATTRIB(DNSName,DNSNAME);
293 /** SubjectLocalityType local name */
294 static const XMLCh TYPE_NAME[];
297 BEGIN_XMLOBJECT(SAML_API,AuthnContextDecl,xmltooling::ElementProxy,SAML 2.0 AuthnContextDecl element);
300 BEGIN_XMLOBJECT(SAML_API,AuthnContext,xmltooling::XMLObject,SAML 2.0 AuthnContext element);
301 DECL_TYPED_CHILD(AuthnContextClassRef);
302 DECL_XMLOBJECT_CHILD(AuthnContextDecl);
303 DECL_TYPED_CHILD(AuthnContextDeclRef);
304 DECL_TYPED_CHILDREN(AuthenticatingAuthority);
305 /** AuthnContextType local name */
306 static const XMLCh TYPE_NAME[];
309 BEGIN_XMLOBJECT(SAML_API,AuthnStatement,Statement,SAML 2.0 AuthnStatement element);
310 DECL_DATETIME_ATTRIB(AuthnInstant,AUTHNINSTANT);
311 DECL_STRING_ATTRIB(SessionIndex,SESSIONINDEX);
312 DECL_DATETIME_ATTRIB(SessionNotOnOrAfter,SESSIONNOTONORAFTER);
313 DECL_TYPED_CHILD(SubjectLocality);
314 DECL_TYPED_CHILD(AuthnContext);
315 /** AuthnStatementType local name */
316 static const XMLCh TYPE_NAME[];
319 BEGIN_XMLOBJECT(SAML_API,Action,xmltooling::XMLObject,SAML 2.0 Action element);
320 DECL_STRING_ATTRIB(Namespace,NAMESPACE);
321 DECL_SIMPLE_CONTENT(Action);
322 /** ActionType local name */
323 static const XMLCh TYPE_NAME[];
324 /** Read/Write/Execute/Delete/Control Action Namespace */
325 static const XMLCh RWEDC_NEG_ACTION_NAMESPACE[];
326 /** Read/Write/Execute/Delete/Control with Negation Action Namespace */
327 static const XMLCh RWEDC_ACTION_NAMESPACE[];
328 /** Get/Head/Put/Post Action Namespace */
329 static const XMLCh GHPP_ACTION_NAMESPACE[];
330 /** UNIX File Permissions Action Namespace */
331 static const XMLCh UNIX_ACTION_NAMESPACE[];
334 BEGIN_XMLOBJECT(SAML_API,Evidence,xmltooling::XMLObject,SAML 2.0 Evidence element);
335 DECL_TYPED_CHILDREN(AssertionIDRef);
336 DECL_TYPED_CHILDREN(AssertionURIRef);
337 DECL_TYPED_CHILDREN(Assertion);
338 DECL_TYPED_CHILDREN(EncryptedAssertion);
339 /** EvidenceType local name */
340 static const XMLCh TYPE_NAME[];
343 BEGIN_XMLOBJECT(SAML_API,AuthzDecisionStatement,Statement,SAML 2.0 AuthzDecisionStatement element);
344 DECL_STRING_ATTRIB(Resource,RESOURCE);
345 DECL_STRING_ATTRIB(Decision,DECISION);
346 DECL_TYPED_CHILDREN(Action);
347 DECL_TYPED_CHILD(Evidence);
348 /** AuthzDecisionStatementType local name */
349 static const XMLCh TYPE_NAME[];
350 /** Permit Decision */
351 static const XMLCh DECISION_PERMIT[];
353 static const XMLCh DECISION_DENY[];
354 /** Indeterminate Decision */
355 static const XMLCh DECISION_INDETERMINATE[];
358 BEGIN_XMLOBJECT(SAML_API,AttributeValue,xmltooling::ElementProxy,SAML 2.0 AttributeValue element);
361 BEGIN_XMLOBJECT2(SAML_API,Attribute,xmltooling::AttributeExtensibleXMLObject,EncryptableObject,SAML 2.0 Attribute element);
362 DECL_STRING_ATTRIB(Name,NAME);
363 DECL_STRING_ATTRIB(NameFormat,NAMEFORMAT);
364 DECL_STRING_ATTRIB(FriendlyName,FRIENDLYNAME);
365 DECL_XMLOBJECT_CHILDREN(AttributeValue);
366 /** AttributeType local name */
367 static const XMLCh TYPE_NAME[];
368 /** Unspecified attribute name format ID */
369 static const XMLCh UNSPECIFIED[];
370 /** URI reference attribute name format ID */
371 static const XMLCh URI_REFERENCE[];
372 /** Basic attribute name format ID */
373 static const XMLCh BASIC[];
376 BEGIN_XMLOBJECT(SAML_API,EncryptedAttribute,EncryptedElementType,SAML 2.0 EncryptedAttribute element);
379 BEGIN_XMLOBJECT(SAML_API,AttributeStatement,Statement,SAML 2.0 AttributeStatement element);
380 DECL_TYPED_CHILDREN(Attribute);
381 DECL_TYPED_CHILDREN(EncryptedAttribute);
382 /** AttributeStatementType local name */
383 static const XMLCh TYPE_NAME[];
386 BEGIN_XMLOBJECT(SAML_API,EncryptedAssertion,EncryptedElementType,SAML 2.0 EncryptedAssertion element);
389 BEGIN_XMLOBJECT(SAML_API,Advice,xmltooling::ElementExtensibleXMLObject,SAML 2.0 Advice element);
390 DECL_TYPED_CHILDREN(AssertionIDRef);
391 DECL_TYPED_CHILDREN(AssertionURIRef);
392 DECL_TYPED_CHILDREN(Assertion);
393 DECL_TYPED_CHILDREN(EncryptedAssertion);
394 /** AdviceType local name */
395 static const XMLCh TYPE_NAME[];
399 * SAML 2.0 assertion or protocol message.
401 class SAML_API RootObject : virtual public opensaml::RootObject
406 virtual ~RootObject() {}
408 /** Gets the Version attribute. */
409 virtual const XMLCh* getVersion() const=0;
411 /** Gets the Issuer. */
412 virtual Issuer* getIssuer() const=0;
415 BEGIN_XMLOBJECT3(SAML_API,Assertion,saml2::RootObject,opensaml::Assertion,EncryptableObject,SAML 2.0 Assertion element);
416 DECL_INHERITED_STRING_ATTRIB(Version,VER);
417 DECL_INHERITED_STRING_ATTRIB(ID,ID);
418 DECL_INHERITED_DATETIME_ATTRIB(IssueInstant,ISSUEINSTANT);
419 DECL_INHERITED_TYPED_CHILD(Issuer);
420 DECL_TYPED_CHILD(Subject);
421 DECL_TYPED_CHILD(Conditions);
422 DECL_TYPED_CHILD(Advice);
423 DECL_TYPED_CHILDREN(Statement);
424 DECL_TYPED_CHILDREN(AuthnStatement);
425 DECL_TYPED_CHILDREN(AttributeStatement);
426 DECL_TYPED_CHILDREN(AuthzDecisionStatement);
427 /** AssertionType local name */
428 static const XMLCh TYPE_NAME[];
431 DECL_SAML2OBJECTBUILDER(Action);
432 DECL_SAML2OBJECTBUILDER(Advice);
433 DECL_SAML2OBJECTBUILDER(Assertion);
434 DECL_SAML2OBJECTBUILDER(AssertionIDRef);
435 DECL_SAML2OBJECTBUILDER(AssertionURIRef);
436 DECL_SAML2OBJECTBUILDER(Attribute);
437 DECL_SAML2OBJECTBUILDER(AttributeStatement);
438 DECL_SAML2OBJECTBUILDER(AttributeValue);
439 DECL_SAML2OBJECTBUILDER(Audience);
440 DECL_SAML2OBJECTBUILDER(AudienceRestriction);
441 DECL_SAML2OBJECTBUILDER(AuthenticatingAuthority);
442 DECL_SAML2OBJECTBUILDER(AuthnContext);
443 DECL_SAML2OBJECTBUILDER(AuthnContextClassRef);
444 DECL_SAML2OBJECTBUILDER(AuthnContextDecl);
445 DECL_SAML2OBJECTBUILDER(AuthnContextDeclRef);
446 DECL_SAML2OBJECTBUILDER(AuthnStatement);
447 DECL_SAML2OBJECTBUILDER(AuthzDecisionStatement);
448 DECL_SAML2OBJECTBUILDER(Conditions);
449 DECL_SAML2OBJECTBUILDER(EncryptedAssertion);
450 DECL_SAML2OBJECTBUILDER(EncryptedAttribute);
451 DECL_SAML2OBJECTBUILDER(EncryptedID);
452 DECL_SAML2OBJECTBUILDER(Evidence);
453 DECL_SAML2OBJECTBUILDER(Issuer);
454 DECL_SAML2OBJECTBUILDER(NameID);
455 DECL_SAML2OBJECTBUILDER(OneTimeUse);
456 DECL_SAML2OBJECTBUILDER(ProxyRestriction);
457 DECL_SAML2OBJECTBUILDER(Subject);
458 DECL_SAML2OBJECTBUILDER(SubjectConfirmation);
459 DECL_SAML2OBJECTBUILDER(SubjectConfirmationData);
460 DECL_SAML2OBJECTBUILDER(SubjectLocality);
462 DECL_XMLOBJECTBUILDER(SAML_API,Delegate,samlconstants::SAML20_DELEGATION_CONDITION_NS,samlconstants::SAML20_DELEGATION_CONDITION_PREFIX);
465 * Builder for NameIDType objects.
467 * This is customized to force the element name to be specified.
469 class SAML_API NameIDTypeBuilder : public xmltooling::XMLObjectBuilder {
471 virtual ~NameIDTypeBuilder() {}
472 /** Builder that allows element/type override. */
473 #ifdef HAVE_COVARIANT_RETURNS
474 virtual NameIDType* buildObject(
476 virtual xmltooling::XMLObject* buildObject(
478 const XMLCh* nsURI, const XMLCh* localName, const XMLCh* prefix=nullptr, const xmltooling::QName* schemaType=nullptr
481 /** Singleton builder. */
482 static NameIDType* buildNameIDType(const XMLCh* nsURI, const XMLCh* localName, const XMLCh* prefix=nullptr) {
483 const NameIDTypeBuilder* b = dynamic_cast<const NameIDTypeBuilder*>(
484 XMLObjectBuilder::getBuilder(xmltooling::QName(samlconstants::SAML20_NS,NameIDType::TYPE_NAME))
487 xmltooling::QName schemaType(samlconstants::SAML20_NS,NameIDType::TYPE_NAME,samlconstants::SAML20_PREFIX);
488 #ifdef HAVE_COVARIANT_RETURNS
489 return b->buildObject(nsURI, localName, prefix, &schemaType);
491 return dynamic_cast<NameIDType*>(b->buildObject(nsURI, localName, prefix, &schemaType));
494 throw xmltooling::XMLObjectException("Unable to obtain typed builder for NameIDType.");
499 * Builder for Condition extension objects.
501 * This is customized to force the schema type to be specified.
503 class SAML_API ConditionBuilder : public xmltooling::XMLObjectBuilder {
505 virtual ~ConditionBuilder() {}
506 /** Builder that allows element/type override. */
507 #ifdef HAVE_COVARIANT_RETURNS
508 virtual Condition* buildObject(
510 virtual xmltooling::XMLObject* buildObject(
512 const XMLCh* nsURI, const XMLCh* localName, const XMLCh* prefix=nullptr, const xmltooling::QName* schemaType=nullptr
515 /** Singleton builder. */
516 static Condition* buildCondition(const xmltooling::QName& schemaType) {
517 const ConditionBuilder* b = dynamic_cast<const ConditionBuilder*>(
518 XMLObjectBuilder::getBuilder(xmltooling::QName(samlconstants::SAML20_NS,Condition::LOCAL_NAME))
521 #ifdef HAVE_COVARIANT_RETURNS
522 return b->buildObject(samlconstants::SAML20_NS, Condition::LOCAL_NAME, samlconstants::SAML20_PREFIX, &schemaType);
524 return dynamic_cast<Condition*>(b->buildObject(samlconstants::SAML20_NS, Condition::LOCAL_NAME, samlconstants::SAML20_PREFIX, &schemaType));
527 throw xmltooling::XMLObjectException("Unable to obtain typed builder for Condition.");
532 * Builder for DelegationRestrictionType objects.
534 * This is customized to return a Condition element with an xsi:type of DelegationRestrictionType.
536 class SAML_API DelegationRestrictionTypeBuilder : public xmltooling::ConcreteXMLObjectBuilder {
538 virtual ~DelegationRestrictionTypeBuilder() {}
539 /** Default builder. */
540 #ifdef HAVE_COVARIANT_RETURNS
541 virtual DelegationRestrictionType* buildObject() const {
543 virtual xmltooling::XMLObject* buildObject() const {
545 xmltooling::QName schemaType(
546 samlconstants::SAML20_DELEGATION_CONDITION_NS,
547 DelegationRestrictionType::TYPE_NAME,
548 samlconstants::SAML20_DELEGATION_CONDITION_PREFIX
551 samlconstants::SAML20_DELEGATION_CONDITION_NS,
552 DelegationRestrictionType::LOCAL_NAME,
553 samlconstants::SAML20_DELEGATION_CONDITION_PREFIX,
557 /** Builder that allows element/type override. */
558 #ifdef HAVE_COVARIANT_RETURNS
559 virtual DelegationRestrictionType* buildObject(
561 virtual xmltooling::XMLObject* buildObject(
563 const XMLCh* nsURI, const XMLCh* localName, const XMLCh* prefix=nullptr, const xmltooling::QName* schemaType=nullptr
566 /** Singleton builder. */
567 static DelegationRestrictionType* buildDelegationRestrictionType() {
568 const DelegationRestrictionTypeBuilder* b = dynamic_cast<const DelegationRestrictionTypeBuilder*>(
569 XMLObjectBuilder::getBuilder(xmltooling::QName(samlconstants::SAML20_DELEGATION_CONDITION_NS,DelegationRestrictionType::TYPE_NAME))
572 #ifdef HAVE_COVARIANT_RETURNS
573 return b->buildObject();
575 return dynamic_cast<DelegationRestrictionType*>(b->buildObject());
577 throw xmltooling::XMLObjectException("Unable to obtain typed builder for DelegationRestrictionType.");
582 * Builder for KeyInfoConfirmationDataType objects.
584 * This is customized to return a SubjectConfirmationData element with an
585 * xsi:type of KeyInfoConfirmationDataType.
587 class SAML_API KeyInfoConfirmationDataTypeBuilder : public xmltooling::ConcreteXMLObjectBuilder {
589 virtual ~KeyInfoConfirmationDataTypeBuilder() {}
590 /** Default builder. */
591 #ifdef HAVE_COVARIANT_RETURNS
592 virtual KeyInfoConfirmationDataType* buildObject() const {
594 virtual xmltooling::XMLObject* buildObject() const {
596 xmltooling::QName schemaType(
597 samlconstants::SAML20_NS,KeyInfoConfirmationDataType::TYPE_NAME,samlconstants::SAML20_PREFIX
600 samlconstants::SAML20_NS,KeyInfoConfirmationDataType::LOCAL_NAME,samlconstants::SAML20_PREFIX,&schemaType
603 /** Builder that allows element/type override. */
604 #ifdef HAVE_COVARIANT_RETURNS
605 virtual KeyInfoConfirmationDataType* buildObject(
607 virtual xmltooling::XMLObject* buildObject(
609 const XMLCh* nsURI, const XMLCh* localName, const XMLCh* prefix=nullptr, const xmltooling::QName* schemaType=nullptr
612 /** Singleton builder. */
613 static KeyInfoConfirmationDataType* buildKeyInfoConfirmationDataType() {
614 const KeyInfoConfirmationDataTypeBuilder* b = dynamic_cast<const KeyInfoConfirmationDataTypeBuilder*>(
615 XMLObjectBuilder::getBuilder(xmltooling::QName(samlconstants::SAML20_NS,KeyInfoConfirmationDataType::TYPE_NAME))
618 #ifdef HAVE_COVARIANT_RETURNS
619 return b->buildObject();
621 return dynamic_cast<KeyInfoConfirmationDataType*>(b->buildObject());
623 throw xmltooling::XMLObjectException("Unable to obtain typed builder for KeyInfoConfirmationDataType.");
628 * Builder for Statement extension objects.
630 * This is customized to force the schema type to be specified.
632 class SAML_API StatementBuilder : public xmltooling::XMLObjectBuilder {
634 virtual ~StatementBuilder() {}
635 /** Builder that allows element/type override. */
636 #ifdef HAVE_COVARIANT_RETURNS
637 virtual Statement* buildObject(
639 virtual xmltooling::XMLObject* buildObject(
641 const XMLCh* nsURI, const XMLCh* localName, const XMLCh* prefix=nullptr, const xmltooling::QName* schemaType=nullptr
644 /** Singleton builder. */
645 static Statement* buildStatement(const xmltooling::QName& schemaType) {
646 const StatementBuilder* b = dynamic_cast<const StatementBuilder*>(
647 XMLObjectBuilder::getBuilder(xmltooling::QName(samlconstants::SAML20_NS,Statement::LOCAL_NAME))
650 #ifdef HAVE_COVARIANT_RETURNS
651 return b->buildObject(samlconstants::SAML20_NS, Statement::LOCAL_NAME, samlconstants::SAML20_PREFIX, &schemaType);
653 return dynamic_cast<Statement*>(b->buildObject(samlconstants::SAML20_NS, Statement::LOCAL_NAME, samlconstants::SAML20_PREFIX, &schemaType));
656 throw xmltooling::XMLObjectException("Unable to obtain typed builder for Statement.");
661 * Registers builders and validators for SAML 2.0 Assertion classes into the runtime.
663 void SAML_API registerAssertionClasses();
667 #endif /* __saml2_assertions_h__ */