saml/saml2/core/Assertions.h

   1 /**
   2  * Licensed to the University Corporation for Advanced Internet
   3  * Development, Inc. (UCAID) under one or more contributor license
   4  * agreements. See the NOTICE file distributed with this work for
   5  * additional information regarding copyright ownership.
   6  *
   7  * UCAID licenses this file to you under the Apache License,
   8  * Version 2.0 (the "License"); you may not use this file except
   9  * in compliance with the License. You may obtain a copy of the
  10  * License at
  11  *
  12  * http://www.apache.org/licenses/LICENSE-2.0
  13  *
  14  * Unless required by applicable law or agreed to in writing,
  15  * software distributed under the License is distributed on an
  16  * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND,
  17  * either express or implied. See the License for the specific
  18  * language governing permissions and limitations under the License.
  19  */
  20
  21 /**
  22  * @file saml/saml2/core/Assertions.h
  23  *
  24  * XMLObjects representing the SAML 2.0 Assertions schema.
  25  */
  26
  27 #ifndef __saml2_assertions_h__
  28 #define __saml2_assertions_h__
  29
  30 #include <saml/Assertion.h>
  31 #include <saml/util/SAMLConstants.h>
  32
  33 #include <xmltooling/ConcreteXMLObjectBuilder.h>
  34 #include <xmltooling/ElementProxy.h>
  35
  36 #define DECL_SAML2OBJECTBUILDER(cname) \
  37     DECL_XMLOBJECTBUILDER(SAML_API,cname,samlconstants::SAML20_NS,samlconstants::SAML20_PREFIX)
  38
  39 namespace xmltooling {
  40     class XMLTOOL_API CredentialCriteria;
  41     class XMLTOOL_API CredentialResolver;
  42     class XMLTOOL_API DateTime;
  43 };
  44
  45 namespace xmlencryption {
  46     class XMLTOOL_API EncryptedData;
  47     class XMLTOOL_API EncryptedKey;
  48 };
  49
  50 namespace xmlsignature {
  51     class XMLTOOL_API KeyInfo;
  52     class XMLTOOL_API Signature;
  53 };
  54
  55 namespace opensaml {
  56
  57     namespace saml2md {
  58         class SAML_API MetadataProvider;
  59         class SAML_API MetadataCredentialCriteria;
  60     };
  61
  62     /**
  63      * @namespace opensaml::saml2
  64      * SAML 2.0 assertion namespace
  65      */
  66     namespace saml2 {
  67
  68         // Forward references
  69         class SAML_API Assertion;
  70         class SAML_API EncryptedAssertion;
  71
  72         /**
  73          * Marker interface for SAML types that can be encrypted.
  74          */
  75         class SAML_API EncryptableObject : public virtual xmltooling::XMLObject
  76         {
  77         protected:
  78             EncryptableObject() {}
  79             virtual ~EncryptableObject() {}
  80         };
  81
  82         DECL_XMLOBJECT_SIMPLE(SAML_API,AssertionIDRef,AssertionID,SAML 2.0 AssertionIDRef element);
  83         DECL_XMLOBJECT_SIMPLE(SAML_API,AssertionURIRef,AssertionURI,SAML 2.0 AssertionURIRef element);
  84         DECL_XMLOBJECT_SIMPLE(SAML_API,Audience,AudienceURI,SAML 2.0 Audience element);
  85         DECL_XMLOBJECT_SIMPLE(SAML_API,AuthnContextClassRef,Reference,SAML 2.0 AuthnContextClassRef element);
  86         DECL_XMLOBJECT_SIMPLE(SAML_API,AuthnContextDeclRef,Reference,SAML 2.0 AuthnContextDeclRef element);
  87         DECL_XMLOBJECT_SIMPLE(SAML_API,AuthenticatingAuthority,ID,SAML 2.0 AuthenticatingAuthority element);
  88
  89         BEGIN_XMLOBJECT(SAML_API,EncryptedElementType,xmltooling::XMLObject,SAML 2.0 EncryptedElementType type);
  90             DECL_TYPED_FOREIGN_CHILD(EncryptedData,xmlencryption);
  91             DECL_TYPED_FOREIGN_CHILDREN(EncryptedKey,xmlencryption);
  92             /** EncryptedElementType local name */
  93             static const XMLCh TYPE_NAME[];
  94
  95             /**
  96              * Encrypts an object to a single recipient using this object as a container.
  97              *
  98              * @param xmlObject         object to encrypt
  99              * @param metadataProvider  a locked MetadataProvider to supply encryption keys
 100              * @param criteria          metadata-based CredentialCriteria to use
 101              * @param compact           true iff compact KeyInfo should be used
 102              * @param algorithm         optionally specifies data encryption algorithm if none can be determined from metadata
 103              * @return  the encrypted object
 104              */
 105             virtual void encrypt(
 106                 const EncryptableObject& xmlObject,
 107                 const saml2md::MetadataProvider& metadataProvider,
 108                 saml2md::MetadataCredentialCriteria& criteria,
 109                 bool compact=false,
 110                 const XMLCh* algorithm=nullptr
 111                 );
 112
 113             /**
 114              * Encrypts an object to multiple recipients using this object as a container.
 115              *
 116              * @param xmlObject     object to encrypt
 117              * @param recipients    pairs containing a locked MetadataProvider to supply encryption keys,
 118              *                      and a metadata-based CredentialCriteria to use
 119              * @param compact       true iff compact KeyInfo should be used
 120              * @param algorithm     optionally specifies data encryption algorithm if none can be determined from metadata
 121              * @return  the encrypted object
 122              */
 123             virtual void encrypt(
 124                 const EncryptableObject& xmlObject,
 125                 const std::vector< std::pair<const saml2md::MetadataProvider*, saml2md::MetadataCredentialCriteria*> >& recipients,
 126                 bool compact=false,
 127                 const XMLCh* algorithm=nullptr
 128                 );
 129
 130             /**
 131              * Decrypts the element using the supplied CredentialResolver.
 132              *
 133              * <p>The object returned will be unmarshalled around the decrypted DOM element in a
 134              * new Document owned by the object.
 135              *
 136              * <p>The final boolean parameter is used to enforce a requirement for an authenticated cipher
 137              * suite such as AES-GCM or similar. These ciphers include an HMAC or equivalent step that
 138              * prevents tampering. Newer applications should set this parameter to true unless the ciphertext
 139              * has been independently authenticated, and even in such a case, it is rarely possible to prevent
 140              * chosen ciphertext attacks by trusted signers.
 141              *
 142              * @param credResolver  locked resolver supplying decryption keys
 143              * @param recipient     identifier naming the recipient (the entity performing the decryption)
 144              * @param criteria      optional external criteria to use with resolver
 145              * @param requireAuthenticatedCipher    true iff the bulk data encryption algorithm must be an authenticated cipher
 146              * @return  the decrypted and unmarshalled object
 147              */
 148             virtual xmltooling::XMLObject* decrypt(
 149                 const xmltooling::CredentialResolver& credResolver,
 150                 const XMLCh* recipient,
 151                 xmltooling::CredentialCriteria* criteria=nullptr,
 152                 bool requireAuthenticatedCipher=false
 153                 ) const;
 154         END_XMLOBJECT;
 155
 156         BEGIN_XMLOBJECT(SAML_API,EncryptedID,EncryptedElementType,SAML 2.0 EncryptedID element);
 157         END_XMLOBJECT;
 158
 159         BEGIN_XMLOBJECT(SAML_API,BaseID,EncryptableObject,SAML 2.0 BaseID abstract element);
 160             DECL_STRING_ATTRIB(NameQualifier,NAMEQUALIFIER);
 161             DECL_STRING_ATTRIB(SPNameQualifier,SPNAMEQUALIFIER);
 162         END_XMLOBJECT;
 163
 164         BEGIN_XMLOBJECT(SAML_API,NameIDType,xmltooling::XMLObject,SAML 2.0 NameIDType type);
 165             DECL_STRING_ATTRIB(NameQualifier,NAMEQUALIFIER);
 166             DECL_STRING_ATTRIB(SPNameQualifier,SPNAMEQUALIFIER);
 167             DECL_STRING_ATTRIB(Format,FORMAT);
 168             DECL_STRING_ATTRIB(SPProvidedID,SPPROVIDEDID);
 169             DECL_SIMPLE_CONTENT(Name);
 170             /** NameIDType local name */
 171             static const XMLCh TYPE_NAME[];
 172             /** Unspecified name format ID */
 173             static const XMLCh UNSPECIFIED[];
 174             /** Email address name format ID */
 175             static const XMLCh EMAIL[];
 176             /** X.509 subject name format ID */
 177             static const XMLCh X509_SUBJECT[];
 178             /** Windows domain qualified name format ID */
 179             static const XMLCh WIN_DOMAIN_QUALIFIED[];
 180             /** Kerberos principal name format ID */
 181             static const XMLCh KERBEROS[];
 182             /** Entity identifier name format ID */
 183             static const XMLCh ENTITY[];
 184             /** Persistent identifier name format ID */
 185             static const XMLCh PERSISTENT[];
 186             /** Transient identifier name format ID */
 187             static const XMLCh TRANSIENT[];
 188         END_XMLOBJECT;
 189
 190         BEGIN_XMLOBJECT2(SAML_API,NameID,NameIDType,EncryptableObject,SAML 2.0 NameID element);
 191         END_XMLOBJECT;
 192
 193         BEGIN_XMLOBJECT(SAML_API,Issuer,NameIDType,SAML 2.0 Issuer element);
 194         END_XMLOBJECT;
 195
 196         BEGIN_XMLOBJECT(SAML_API,Condition,xmltooling::XMLObject,SAML 2.0 Condition element);
 197         END_XMLOBJECT;
 198
 199         BEGIN_XMLOBJECT(SAML_API,AudienceRestriction,Condition,SAML 2.0 AudienceRestriction element);
 200             DECL_TYPED_CHILDREN(Audience);
 201             /** AudienceRestrictionType local name */
 202             static const XMLCh TYPE_NAME[];
 203         END_XMLOBJECT;
 204
 205         BEGIN_XMLOBJECT(SAML_API,OneTimeUse,Condition,SAML 2.0 OneTimeUse element);
 206             /** OneTimeUseType local name */
 207             static const XMLCh TYPE_NAME[];
 208         END_XMLOBJECT;
 209
 210         BEGIN_XMLOBJECT(SAML_API,ProxyRestriction,Condition,SAML 2.0 ProxyRestriction element);
 211             DECL_INTEGER_ATTRIB(Count,COUNT);
 212             DECL_TYPED_CHILDREN(Audience);
 213             /** ProxyRestrictionType local name */
 214             static const XMLCh TYPE_NAME[];
 215         END_XMLOBJECT;
 216
 217         BEGIN_XMLOBJECT(SAML_API,Delegate,xmltooling::XMLObject,SAML 2.0 Delegation Restriction Condition Delegate element);
 218             DECL_STRING_ATTRIB(ConfirmationMethod,CONFIRMATIONMETHOD);
 219             DECL_DATETIME_ATTRIB(DelegationInstant,DELEGATIONINSTANT);
 220             DECL_TYPED_CHILD(BaseID);
 221             DECL_TYPED_CHILD(NameID);
 222             DECL_TYPED_CHILD(EncryptedID);
 223             /** DelegateType local name */
 224             static const XMLCh TYPE_NAME[];
 225         END_XMLOBJECT;
 226
 227         BEGIN_XMLOBJECT(SAML_API,DelegationRestrictionType,Condition,SAML 2.0 Delegation Restriction Condition type);
 228             DECL_TYPED_CHILDREN(Delegate);
 229             /** DelegationRestrictionType local name */
 230             static const XMLCh TYPE_NAME[];
 231         END_XMLOBJECT;
 232
 233         BEGIN_XMLOBJECT(SAML_API,Conditions,xmltooling::XMLObject,SAML 2.0 Conditions element);
 234             DECL_DATETIME_ATTRIB(NotBefore,NOTBEFORE);
 235             DECL_DATETIME_ATTRIB(NotOnOrAfter,NOTONORAFTER);
 236             DECL_TYPED_CHILDREN(AudienceRestriction);
 237             DECL_TYPED_CHILDREN(OneTimeUse);
 238             DECL_TYPED_CHILDREN(ProxyRestriction);
 239             DECL_TYPED_CHILDREN(Condition);
 240             /** ConditionsType local name */
 241             static const XMLCh TYPE_NAME[];
 242         END_XMLOBJECT;
 243
 244         BEGIN_XMLOBJECT(SAML_API,SubjectConfirmationDataType,xmltooling::XMLObject,SAML 2.0 SubjectConfirmationDataType base type);
 245             DECL_DATETIME_ATTRIB(NotBefore,NOTBEFORE);
 246             DECL_DATETIME_ATTRIB(NotOnOrAfter,NOTONORAFTER);
 247             DECL_STRING_ATTRIB(Recipient,RECIPIENT);
 248             DECL_STRING_ATTRIB(InResponseTo,INRESPONSETO);
 249             DECL_STRING_ATTRIB(Address,ADDRESS);
 250         END_XMLOBJECT;
 251
 252         BEGIN_XMLOBJECT2(SAML_API,SubjectConfirmationData,SubjectConfirmationDataType,xmltooling::ElementProxy,SAML 2.0 SubjectConfirmationData element);
 253             DECL_SIMPLE_CONTENT(Data);
 254         END_XMLOBJECT;
 255
 256         BEGIN_XMLOBJECT2(SAML_API,KeyInfoConfirmationDataType,SubjectConfirmationDataType,xmltooling::AttributeExtensibleXMLObject,SAML 2.0 KeyInfoConfirmationDataType type);
 257             DECL_TYPED_FOREIGN_CHILDREN(KeyInfo,xmlsignature);
 258             /** KeyInfoConfirmationDataType local name */
 259             static const XMLCh TYPE_NAME[];
 260         END_XMLOBJECT;
 261
 262         BEGIN_XMLOBJECT(SAML_API,SubjectConfirmation,xmltooling::XMLObject,SAML 2.0 SubjectConfirmation element);
 263             DECL_STRING_ATTRIB(Method,METHOD);
 264             DECL_TYPED_CHILD(BaseID);
 265             DECL_TYPED_CHILD(NameID);
 266             DECL_TYPED_CHILD(EncryptedID);
 267             DECL_XMLOBJECT_CHILD(SubjectConfirmationData);
 268             /** SubjectConfirmationType local name */
 269             static const XMLCh TYPE_NAME[];
 270             /** Bearer confirmation method */
 271             static const XMLCh BEARER[];
 272             /** Holder of key confirmation method */
 273             static const XMLCh HOLDER_KEY[];
 274             /** Sender vouches confirmation method */
 275             static const XMLCh SENDER_VOUCHES[];
 276         END_XMLOBJECT;
 277
 278         BEGIN_XMLOBJECT(SAML_API,Subject,xmltooling::XMLObject,SAML 2.0 Subject element);
 279             DECL_TYPED_CHILD(BaseID);
 280             DECL_TYPED_CHILD(NameID);
 281             DECL_TYPED_CHILD(EncryptedID);
 282             DECL_TYPED_CHILDREN(SubjectConfirmation);
 283             /** SubjectType local name */
 284             static const XMLCh TYPE_NAME[];
 285         END_XMLOBJECT;
 286
 287         BEGIN_XMLOBJECT(SAML_API,Statement,xmltooling::XMLObject,SAML 2.0 Statement element);
 288         END_XMLOBJECT;
 289
 290         BEGIN_XMLOBJECT(SAML_API,SubjectLocality,xmltooling::XMLObject,SAML 2.0 SubjectLocality element);
 291             DECL_STRING_ATTRIB(Address,ADDRESS);
 292             DECL_STRING_ATTRIB(DNSName,DNSNAME);
 293             /** SubjectLocalityType local name */
 294             static const XMLCh TYPE_NAME[];
 295         END_XMLOBJECT;
 296
 297         BEGIN_XMLOBJECT(SAML_API,AuthnContextDecl,xmltooling::ElementProxy,SAML 2.0 AuthnContextDecl element);
 298         END_XMLOBJECT;
 299
 300         BEGIN_XMLOBJECT(SAML_API,AuthnContext,xmltooling::XMLObject,SAML 2.0 AuthnContext element);
 301             DECL_TYPED_CHILD(AuthnContextClassRef);
 302             DECL_XMLOBJECT_CHILD(AuthnContextDecl);
 303             DECL_TYPED_CHILD(AuthnContextDeclRef);
 304             DECL_TYPED_CHILDREN(AuthenticatingAuthority);
 305             /** AuthnContextType local name */
 306             static const XMLCh TYPE_NAME[];
 307         END_XMLOBJECT;
 308
 309         BEGIN_XMLOBJECT(SAML_API,AuthnStatement,Statement,SAML 2.0 AuthnStatement element);
 310             DECL_DATETIME_ATTRIB(AuthnInstant,AUTHNINSTANT);
 311             DECL_STRING_ATTRIB(SessionIndex,SESSIONINDEX);
 312             DECL_DATETIME_ATTRIB(SessionNotOnOrAfter,SESSIONNOTONORAFTER);
 313             DECL_TYPED_CHILD(SubjectLocality);
 314             DECL_TYPED_CHILD(AuthnContext);
 315             /** AuthnStatementType local name */
 316             static const XMLCh TYPE_NAME[];
 317         END_XMLOBJECT;
 318
 319         BEGIN_XMLOBJECT(SAML_API,Action,xmltooling::XMLObject,SAML 2.0 Action element);
 320             DECL_STRING_ATTRIB(Namespace,NAMESPACE);
 321             DECL_SIMPLE_CONTENT(Action);
 322             /** ActionType local name */
 323             static const XMLCh TYPE_NAME[];
 324             /** Read/Write/Execute/Delete/Control Action Namespace */
 325             static const XMLCh RWEDC_NEG_ACTION_NAMESPACE[];
 326             /** Read/Write/Execute/Delete/Control with Negation Action Namespace */
 327             static const XMLCh RWEDC_ACTION_NAMESPACE[];
 328             /** Get/Head/Put/Post Action Namespace */
 329             static const XMLCh GHPP_ACTION_NAMESPACE[];
 330             /** UNIX File Permissions Action Namespace */
 331             static const XMLCh UNIX_ACTION_NAMESPACE[];
 332         END_XMLOBJECT;
 333
 334         BEGIN_XMLOBJECT(SAML_API,Evidence,xmltooling::XMLObject,SAML 2.0 Evidence element);
 335             DECL_TYPED_CHILDREN(AssertionIDRef);
 336             DECL_TYPED_CHILDREN(AssertionURIRef);
 337             DECL_TYPED_CHILDREN(Assertion);
 338             DECL_TYPED_CHILDREN(EncryptedAssertion);
 339             /** EvidenceType local name */
 340             static const XMLCh TYPE_NAME[];
 341         END_XMLOBJECT;
 342
 343         BEGIN_XMLOBJECT(SAML_API,AuthzDecisionStatement,Statement,SAML 2.0 AuthzDecisionStatement element);
 344             DECL_STRING_ATTRIB(Resource,RESOURCE);
 345             DECL_STRING_ATTRIB(Decision,DECISION);
 346             DECL_TYPED_CHILDREN(Action);
 347             DECL_TYPED_CHILD(Evidence);
 348             /** AuthzDecisionStatementType local name */
 349             static const XMLCh TYPE_NAME[];
 350             /** Permit Decision */
 351             static const XMLCh DECISION_PERMIT[];
 352             /** Deny Decision */
 353             static const XMLCh DECISION_DENY[];
 354             /** Indeterminate Decision */
 355             static const XMLCh DECISION_INDETERMINATE[];
 356         END_XMLOBJECT;
 357
 358         BEGIN_XMLOBJECT(SAML_API,AttributeValue,xmltooling::ElementProxy,SAML 2.0 AttributeValue element);
 359         END_XMLOBJECT;
 360
 361         BEGIN_XMLOBJECT2(SAML_API,Attribute,xmltooling::AttributeExtensibleXMLObject,EncryptableObject,SAML 2.0 Attribute element);
 362             DECL_STRING_ATTRIB(Name,NAME);
 363             DECL_STRING_ATTRIB(NameFormat,NAMEFORMAT);
 364             DECL_STRING_ATTRIB(FriendlyName,FRIENDLYNAME);
 365             DECL_XMLOBJECT_CHILDREN(AttributeValue);
 366             /** AttributeType local name */
 367             static const XMLCh TYPE_NAME[];
 368             /** Unspecified attribute name format ID */
 369             static const XMLCh UNSPECIFIED[];
 370             /** URI reference attribute name format ID */
 371             static const XMLCh URI_REFERENCE[];
 372             /** Basic attribute name format ID */
 373             static const XMLCh BASIC[];
 374         END_XMLOBJECT;
 375
 376         BEGIN_XMLOBJECT(SAML_API,EncryptedAttribute,EncryptedElementType,SAML 2.0 EncryptedAttribute element);
 377         END_XMLOBJECT;
 378
 379         BEGIN_XMLOBJECT(SAML_API,AttributeStatement,Statement,SAML 2.0 AttributeStatement element);
 380             DECL_TYPED_CHILDREN(Attribute);
 381             DECL_TYPED_CHILDREN(EncryptedAttribute);
 382             /** AttributeStatementType local name */
 383             static const XMLCh TYPE_NAME[];
 384         END_XMLOBJECT;
 385
 386         BEGIN_XMLOBJECT(SAML_API,EncryptedAssertion,EncryptedElementType,SAML 2.0 EncryptedAssertion element);
 387         END_XMLOBJECT;
 388
 389         BEGIN_XMLOBJECT(SAML_API,Advice,xmltooling::ElementExtensibleXMLObject,SAML 2.0 Advice element);
 390             DECL_TYPED_CHILDREN(AssertionIDRef);
 391             DECL_TYPED_CHILDREN(AssertionURIRef);
 392             DECL_TYPED_CHILDREN(Assertion);
 393             DECL_TYPED_CHILDREN(EncryptedAssertion);
 394             /** AdviceType local name */
 395             static const XMLCh TYPE_NAME[];
 396         END_XMLOBJECT;
 397
 398         /**
 399          * SAML 2.0 assertion or protocol message.
 400          */
 401         class SAML_API RootObject : virtual public opensaml::RootObject
 402         {
 403         protected:
 404             RootObject() {}
 405         public:
 406             virtual ~RootObject() {}
 407
 408             /** Gets the Version attribute. */
 409             virtual const XMLCh* getVersion() const=0;
 410
 411             /** Gets the Issuer. */
 412             virtual Issuer* getIssuer() const=0;
 413         };
 414
 415         BEGIN_XMLOBJECT3(SAML_API,Assertion,saml2::RootObject,opensaml::Assertion,EncryptableObject,SAML 2.0 Assertion element);
 416             DECL_INHERITED_STRING_ATTRIB(Version,VER);
 417             DECL_INHERITED_STRING_ATTRIB(ID,ID);
 418             DECL_INHERITED_DATETIME_ATTRIB(IssueInstant,ISSUEINSTANT);
 419             DECL_INHERITED_TYPED_CHILD(Issuer);
 420             DECL_TYPED_CHILD(Subject);
 421             DECL_TYPED_CHILD(Conditions);
 422             DECL_TYPED_CHILD(Advice);
 423             DECL_TYPED_CHILDREN(Statement);
 424             DECL_TYPED_CHILDREN(AuthnStatement);
 425             DECL_TYPED_CHILDREN(AttributeStatement);
 426             DECL_TYPED_CHILDREN(AuthzDecisionStatement);
 427             /** AssertionType local name */
 428             static const XMLCh TYPE_NAME[];
 429         END_XMLOBJECT;
 430
 431         DECL_SAML2OBJECTBUILDER(Action);
 432         DECL_SAML2OBJECTBUILDER(Advice);
 433         DECL_SAML2OBJECTBUILDER(Assertion);
 434         DECL_SAML2OBJECTBUILDER(AssertionIDRef);
 435         DECL_SAML2OBJECTBUILDER(AssertionURIRef);
 436         DECL_SAML2OBJECTBUILDER(Attribute);
 437         DECL_SAML2OBJECTBUILDER(AttributeStatement);
 438         DECL_SAML2OBJECTBUILDER(AttributeValue);
 439         DECL_SAML2OBJECTBUILDER(Audience);
 440         DECL_SAML2OBJECTBUILDER(AudienceRestriction);
 441         DECL_SAML2OBJECTBUILDER(AuthenticatingAuthority);
 442         DECL_SAML2OBJECTBUILDER(AuthnContext);
 443         DECL_SAML2OBJECTBUILDER(AuthnContextClassRef);
 444         DECL_SAML2OBJECTBUILDER(AuthnContextDecl);
 445         DECL_SAML2OBJECTBUILDER(AuthnContextDeclRef);
 446         DECL_SAML2OBJECTBUILDER(AuthnStatement);
 447         DECL_SAML2OBJECTBUILDER(AuthzDecisionStatement);
 448         DECL_SAML2OBJECTBUILDER(Conditions);
 449         DECL_SAML2OBJECTBUILDER(EncryptedAssertion);
 450         DECL_SAML2OBJECTBUILDER(EncryptedAttribute);
 451         DECL_SAML2OBJECTBUILDER(EncryptedID);
 452         DECL_SAML2OBJECTBUILDER(Evidence);
 453         DECL_SAML2OBJECTBUILDER(Issuer);
 454         DECL_SAML2OBJECTBUILDER(NameID);
 455         DECL_SAML2OBJECTBUILDER(OneTimeUse);
 456         DECL_SAML2OBJECTBUILDER(ProxyRestriction);
 457         DECL_SAML2OBJECTBUILDER(Subject);
 458         DECL_SAML2OBJECTBUILDER(SubjectConfirmation);
 459         DECL_SAML2OBJECTBUILDER(SubjectConfirmationData);
 460         DECL_SAML2OBJECTBUILDER(SubjectLocality);
 461
 462         DECL_XMLOBJECTBUILDER(SAML_API,Delegate,samlconstants::SAML20_DELEGATION_CONDITION_NS,samlconstants::SAML20_DELEGATION_CONDITION_PREFIX);
 463
 464         /**
 465          * Builder for NameIDType objects.
 466          *
 467          * This is customized to force the element name to be specified.
 468          */
 469         class SAML_API NameIDTypeBuilder : public xmltooling::XMLObjectBuilder {
 470         public:
 471             virtual ~NameIDTypeBuilder() {}
 472             /** Builder that allows element/type override. */
 473 #ifdef HAVE_COVARIANT_RETURNS
 474             virtual NameIDType* buildObject(
 475 #else
 476             virtual xmltooling::XMLObject* buildObject(
 477 #endif
 478                 const XMLCh* nsURI, const XMLCh* localName, const XMLCh* prefix=nullptr, const xmltooling::QName* schemaType=nullptr
 479                 ) const;
 480
 481             /** Singleton builder. */
 482             static NameIDType* buildNameIDType(const XMLCh* nsURI, const XMLCh* localName, const XMLCh* prefix=nullptr) {
 483                 const NameIDTypeBuilder* b = dynamic_cast<const NameIDTypeBuilder*>(
 484                     XMLObjectBuilder::getBuilder(xmltooling::QName(samlconstants::SAML20_NS,NameIDType::TYPE_NAME))
 485                     );
 486                 if (b) {
 487                     xmltooling::QName schemaType(samlconstants::SAML20_NS,NameIDType::TYPE_NAME,samlconstants::SAML20_PREFIX);
 488 #ifdef HAVE_COVARIANT_RETURNS
 489                     return b->buildObject(nsURI, localName, prefix, &schemaType);
 490 #else
 491                     return dynamic_cast<NameIDType*>(b->buildObject(nsURI, localName, prefix, &schemaType));
 492 #endif
 493                 }
 494                 throw xmltooling::XMLObjectException("Unable to obtain typed builder for NameIDType.");
 495             }
 496         };
 497
 498         /**
 499          * Builder for Condition extension objects.
 500          *
 501          * This is customized to force the schema type to be specified.
 502          */
 503         class SAML_API ConditionBuilder : public xmltooling::XMLObjectBuilder {
 504         public:
 505             virtual ~ConditionBuilder() {}
 506             /** Builder that allows element/type override. */
 507 #ifdef HAVE_COVARIANT_RETURNS
 508             virtual Condition* buildObject(
 509 #else
 510             virtual xmltooling::XMLObject* buildObject(
 511 #endif
 512                 const XMLCh* nsURI, const XMLCh* localName, const XMLCh* prefix=nullptr, const xmltooling::QName* schemaType=nullptr
 513                 ) const;
 514
 515             /** Singleton builder. */
 516             static Condition* buildCondition(const xmltooling::QName& schemaType) {
 517                 const ConditionBuilder* b = dynamic_cast<const ConditionBuilder*>(
 518                     XMLObjectBuilder::getBuilder(xmltooling::QName(samlconstants::SAML20_NS,Condition::LOCAL_NAME))
 519                     );
 520                 if (b) {
 521 #ifdef HAVE_COVARIANT_RETURNS
 522                     return b->buildObject(samlconstants::SAML20_NS, Condition::LOCAL_NAME, samlconstants::SAML20_PREFIX, &schemaType);
 523 #else
 524                     return dynamic_cast<Condition*>(b->buildObject(samlconstants::SAML20_NS, Condition::LOCAL_NAME, samlconstants::SAML20_PREFIX, &schemaType));
 525 #endif
 526                 }
 527                 throw xmltooling::XMLObjectException("Unable to obtain typed builder for Condition.");
 528             }
 529         };
 530
 531         /**
 532          * Builder for DelegationRestrictionType objects.
 533          *
 534          * This is customized to return a Condition element with an xsi:type of DelegationRestrictionType.
 535          */
 536         class SAML_API DelegationRestrictionTypeBuilder : public xmltooling::ConcreteXMLObjectBuilder {
 537         public:
 538             virtual ~DelegationRestrictionTypeBuilder() {}
 539             /** Default builder. */
 540 #ifdef HAVE_COVARIANT_RETURNS
 541             virtual DelegationRestrictionType* buildObject() const {
 542 #else
 543             virtual xmltooling::XMLObject* buildObject() const {
 544 #endif
 545                 xmltooling::QName schemaType(
 546                     samlconstants::SAML20_DELEGATION_CONDITION_NS,
 547                     DelegationRestrictionType::TYPE_NAME,
 548                     samlconstants::SAML20_DELEGATION_CONDITION_PREFIX
 549                     );
 550                 return buildObject(
 551                     samlconstants::SAML20_DELEGATION_CONDITION_NS,
 552                     DelegationRestrictionType::LOCAL_NAME,
 553                     samlconstants::SAML20_DELEGATION_CONDITION_PREFIX,
 554                     &schemaType
 555                     );
 556             }
 557             /** Builder that allows element/type override. */
 558 #ifdef HAVE_COVARIANT_RETURNS
 559             virtual DelegationRestrictionType* buildObject(
 560 #else
 561             virtual xmltooling::XMLObject* buildObject(
 562 #endif
 563                 const XMLCh* nsURI, const XMLCh* localName, const XMLCh* prefix=nullptr, const xmltooling::QName* schemaType=nullptr
 564                 ) const;
 565
 566             /** Singleton builder. */
 567             static DelegationRestrictionType* buildDelegationRestrictionType() {
 568                 const DelegationRestrictionTypeBuilder* b = dynamic_cast<const DelegationRestrictionTypeBuilder*>(
 569                     XMLObjectBuilder::getBuilder(xmltooling::QName(samlconstants::SAML20_DELEGATION_CONDITION_NS,DelegationRestrictionType::TYPE_NAME))
 570                     );
 571                 if (b)
 572 #ifdef HAVE_COVARIANT_RETURNS
 573                     return b->buildObject();
 574 #else
 575                     return dynamic_cast<DelegationRestrictionType*>(b->buildObject());
 576 #endif
 577                 throw xmltooling::XMLObjectException("Unable to obtain typed builder for DelegationRestrictionType.");
 578             }
 579         };
 580
 581         /**
 582          * Builder for KeyInfoConfirmationDataType objects.
 583          *
 584          * This is customized to return a SubjectConfirmationData element with an
 585          * xsi:type of KeyInfoConfirmationDataType.
 586          */
 587         class SAML_API KeyInfoConfirmationDataTypeBuilder : public xmltooling::ConcreteXMLObjectBuilder {
 588         public:
 589             virtual ~KeyInfoConfirmationDataTypeBuilder() {}
 590             /** Default builder. */
 591 #ifdef HAVE_COVARIANT_RETURNS
 592             virtual KeyInfoConfirmationDataType* buildObject() const {
 593 #else
 594             virtual xmltooling::XMLObject* buildObject() const {
 595 #endif
 596                 xmltooling::QName schemaType(
 597                     samlconstants::SAML20_NS,KeyInfoConfirmationDataType::TYPE_NAME,samlconstants::SAML20_PREFIX
 598                     );
 599                 return buildObject(
 600                     samlconstants::SAML20_NS,KeyInfoConfirmationDataType::LOCAL_NAME,samlconstants::SAML20_PREFIX,&schemaType
 601                     );
 602             }
 603             /** Builder that allows element/type override. */
 604 #ifdef HAVE_COVARIANT_RETURNS
 605             virtual KeyInfoConfirmationDataType* buildObject(
 606 #else
 607             virtual xmltooling::XMLObject* buildObject(
 608 #endif
 609                 const XMLCh* nsURI, const XMLCh* localName, const XMLCh* prefix=nullptr, const xmltooling::QName* schemaType=nullptr
 610                 ) const;
 611
 612             /** Singleton builder. */
 613             static KeyInfoConfirmationDataType* buildKeyInfoConfirmationDataType() {
 614                 const KeyInfoConfirmationDataTypeBuilder* b = dynamic_cast<const KeyInfoConfirmationDataTypeBuilder*>(
 615                     XMLObjectBuilder::getBuilder(xmltooling::QName(samlconstants::SAML20_NS,KeyInfoConfirmationDataType::TYPE_NAME))
 616                     );
 617                 if (b)
 618 #ifdef HAVE_COVARIANT_RETURNS
 619                     return b->buildObject();
 620 #else
 621                     return dynamic_cast<KeyInfoConfirmationDataType*>(b->buildObject());
 622 #endif
 623                 throw xmltooling::XMLObjectException("Unable to obtain typed builder for KeyInfoConfirmationDataType.");
 624             }
 625         };
 626
 627         /**
 628          * Builder for Statement extension objects.
 629          *
 630          * This is customized to force the schema type to be specified.
 631          */
 632         class SAML_API StatementBuilder : public xmltooling::XMLObjectBuilder {
 633         public:
 634             virtual ~StatementBuilder() {}
 635             /** Builder that allows element/type override. */
 636 #ifdef HAVE_COVARIANT_RETURNS
 637             virtual Statement* buildObject(
 638 #else
 639             virtual xmltooling::XMLObject* buildObject(
 640 #endif
 641                 const XMLCh* nsURI, const XMLCh* localName, const XMLCh* prefix=nullptr, const xmltooling::QName* schemaType=nullptr
 642                 ) const;
 643
 644             /** Singleton builder. */
 645             static Statement* buildStatement(const xmltooling::QName& schemaType) {
 646                 const StatementBuilder* b = dynamic_cast<const StatementBuilder*>(
 647                     XMLObjectBuilder::getBuilder(xmltooling::QName(samlconstants::SAML20_NS,Statement::LOCAL_NAME))
 648                     );
 649                 if (b) {
 650 #ifdef HAVE_COVARIANT_RETURNS
 651                     return b->buildObject(samlconstants::SAML20_NS, Statement::LOCAL_NAME, samlconstants::SAML20_PREFIX, &schemaType);
 652 #else
 653                     return dynamic_cast<Statement*>(b->buildObject(samlconstants::SAML20_NS, Statement::LOCAL_NAME, samlconstants::SAML20_PREFIX, &schemaType));
 654 #endif
 655                 }
 656                 throw xmltooling::XMLObjectException("Unable to obtain typed builder for Statement.");
 657             }
 658         };
 659
 660         /**
 661          * Registers builders and validators for SAML 2.0 Assertion classes into the runtime.
 662          */
 663         void SAML_API registerAssertionClasses();
 664     };
 665 };
 666
 667 #endif /* __saml2_assertions_h__ */