2 * Copyright 2001-2006 Internet2
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
8 * http://www.apache.org/licenses/LICENSE-2.0
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
20 * XMLObjects representing the SAML 2.0 Assertions schema
23 #ifndef __saml2_assertions_h__
24 #define __saml2_assertions_h__
26 #include <saml/signature/SignableObject.h>
27 #include <saml/util/SAMLConstants.h>
29 #include <xmltooling/AttributeExtensibleXMLObject.h>
30 #include <xmltooling/ElementProxy.h>
31 #include <xmltooling/SimpleElement.h>
32 #include <xmltooling/XMLObjectBuilder.h>
33 #include <xmltooling/signature/KeyInfo.h>
34 #include <xmltooling/signature/Signature.h>
35 #include <xmltooling/util/DateTime.h>
36 #include <xmltooling/validation/ValidatingXMLObject.h>
38 #define DECL_SAML2OBJECTBUILDER(cname) \
39 DECL_XMLOBJECTBUILDER(SAML_API,cname,opensaml::SAMLConstants::SAML20_NS,opensaml::SAMLConstants::SAML20_PREFIX)
45 * SAML 2.0 assertion namespace
50 class SAML_API Assertion;
52 DECL_XMLOBJECT_SIMPLE(SAML_API,AssertionIDRef,AssertionID,SAML 2.0 AssertionIDRef element);
53 DECL_XMLOBJECT_SIMPLE(SAML_API,AssertionURIRef,AssertionURI,SAML 2.0 AssertionURIRef element);
54 DECL_XMLOBJECT_SIMPLE(SAML_API,Audience,AudienceURI,SAML 2.0 Audience element);
55 DECL_XMLOBJECT_SIMPLE(SAML_API,AuthnContextClassRef,Reference,SAML 2.0 AuthnContextClassRef element);
56 DECL_XMLOBJECT_SIMPLE(SAML_API,AuthnContextDeclRef,Reference,SAML 2.0 AuthnContextDeclRef element);
57 DECL_XMLOBJECT_SIMPLE(SAML_API,AuthenticatingAuthority,ID,SAML 2.0 AuthenticatingAuthority element);
59 BEGIN_XMLOBJECT(SAML_API,BaseID,xmltooling::XMLObject,SAML 2.0 BaseIDAbstractType abstract type);
60 DECL_STRING_ATTRIB(NameQualifier,NAMEQUALIFIER);
61 DECL_STRING_ATTRIB(SPNameQualifier,SPNAMEQUALIFIER);
64 BEGIN_XMLOBJECT(SAML_API,NameIDType,xmltooling::SimpleElement,SAML 2.0 NameIDType type);
65 DECL_STRING_ATTRIB(NameQualifier,NAMEQUALIFIER);
66 DECL_STRING_ATTRIB(SPNameQualifier,SPNAMEQUALIFIER);
67 DECL_STRING_ATTRIB(Format,FORMAT);
68 DECL_STRING_ATTRIB(SPProvidedID,SPPROVIDEDID);
69 DECL_XMLOBJECT_CONTENT(Name);
70 /** NameIDType local name */
71 static const XMLCh TYPE_NAME[];
74 BEGIN_XMLOBJECT(SAML_API,NameID,NameIDType,SAML 2.0 NameID element);
77 BEGIN_XMLOBJECT(SAML_API,Issuer,NameIDType,SAML 2.0 Issuer element);
80 BEGIN_XMLOBJECT(SAML_API,Condition,xmltooling::XMLObject,SAML 2.0 Condition element);
83 BEGIN_XMLOBJECT(SAML_API,AudienceRestriction,Condition,SAML 2.0 AudienceRestriction element);
84 DECL_TYPED_CHILDREN(Audience);
85 /** AudienceRestrictionType local name */
86 static const XMLCh TYPE_NAME[];
89 BEGIN_XMLOBJECT(SAML_API,OneTimeUse,Condition,SAML 2.0 OneTimeUse element);
90 /** OneTimeUseType local name */
91 static const XMLCh TYPE_NAME[];
94 BEGIN_XMLOBJECT(SAML_API,ProxyRestriction,Condition,SAML 2.0 ProxyRestriction element);
95 DECL_INTEGER_ATTRIB(Count,COUNT);
96 DECL_TYPED_CHILDREN(Audience);
97 /** ProxyRestrictionType local name */
98 static const XMLCh TYPE_NAME[];
101 BEGIN_XMLOBJECT(SAML_API,Conditions,xmltooling::XMLObject,SAML 2.0 Conditions element);
102 DECL_DATETIME_ATTRIB(NotBefore,NOTBEFORE);
103 DECL_DATETIME_ATTRIB(NotOnOrAfter,NOTONORAFTER);
104 DECL_TYPED_CHILDREN(AudienceRestriction);
105 DECL_TYPED_CHILDREN(OneTimeUse);
106 DECL_TYPED_CHILDREN(ProxyRestriction);
107 DECL_TYPED_CHILDREN(Condition);
108 /** ConditionsType local name */
109 static const XMLCh TYPE_NAME[];
112 BEGIN_XMLOBJECT2(SAML_API,SubjectConfirmationData,xmltooling::ElementProxy,xmltooling::AttributeExtensibleXMLObject,SAML 2.0 SubjectConfirmationData element);
113 DECL_DATETIME_ATTRIB(NotBefore,NOTBEFORE);
114 DECL_DATETIME_ATTRIB(NotOnOrAfter,NOTONORAFTER);
115 DECL_STRING_ATTRIB(Recipient,RECIPIENT);
116 DECL_STRING_ATTRIB(InResponseTo,INRESPONSETO);
117 DECL_STRING_ATTRIB(Address,ADDRESS);
118 DECL_XMLOBJECT_CONTENT(Data);
121 BEGIN_XMLOBJECT(SAML_API,KeyInfoConfirmationDataType,xmltooling::AttributeExtensibleXMLObject,SAML 2.0 KeyInfoConfirmationDataType type);
122 DECL_DATETIME_ATTRIB(NotBefore,NOTBEFORE);
123 DECL_DATETIME_ATTRIB(NotOnOrAfter,NOTONORAFTER);
124 DECL_STRING_ATTRIB(Recipient,RECIPIENT);
125 DECL_STRING_ATTRIB(InResponseTo,INRESPONSETO);
126 DECL_STRING_ATTRIB(Address,ADDRESS);
127 DECL_TYPED_FOREIGN_CHILDREN(KeyInfo,xmlsignature);
128 /** KeyInfoConfirmationDataType local name */
129 static const XMLCh TYPE_NAME[];
132 BEGIN_XMLOBJECT(SAML_API,SubjectConfirmation,xmltooling::XMLObject,SAML 2.0 SubjectConfirmation element);
133 DECL_STRING_ATTRIB(Method,METHOD);
134 DECL_TYPED_CHILD(BaseID);
135 DECL_TYPED_CHILD(NameID);
136 //DECL_TYPED_CHILD(EncryptedID);
137 DECL_XMLOBJECT_CHILD(SubjectConfirmationData);
138 DECL_TYPED_CHILD(KeyInfoConfirmationDataType);
139 /** SubjectConfirmationType local name */
140 static const XMLCh TYPE_NAME[];
143 BEGIN_XMLOBJECT(SAML_API,Subject,xmltooling::XMLObject,SAML 2.0 Subject element);
144 DECL_TYPED_CHILD(BaseID);
145 DECL_TYPED_CHILD(NameID);
146 //DECL_TYPED_CHILD(EncryptedID);
147 DECL_TYPED_CHILDREN(SubjectConfirmation);
148 /** SubjectType local name */
149 static const XMLCh TYPE_NAME[];
152 BEGIN_XMLOBJECT(SAML_API,Statement,xmltooling::XMLObject,SAML 2.0 Statement element);
155 BEGIN_XMLOBJECT(SAML_API,SubjectLocality,xmltooling::XMLObject,SAML 2.0 SubjectLocality element);
156 DECL_STRING_ATTRIB(Address,ADDRESS);
157 DECL_STRING_ATTRIB(DNSName,DNSNAME);
158 /** SubjectLocalityType local name */
159 static const XMLCh TYPE_NAME[];
162 BEGIN_XMLOBJECT2(SAML_API,AuthnContextDecl,xmltooling::ElementProxy,xmltooling::AttributeExtensibleXMLObject,SAML 2.0 AuthnContextDecl element);
165 BEGIN_XMLOBJECT(SAML_API,AuthnContext,xmltooling::XMLObject,SAML 2.0 AuthnContext element);
166 DECL_TYPED_CHILD(AuthnContextClassRef);
167 DECL_XMLOBJECT_CHILD(AuthnContextDecl);
168 DECL_TYPED_CHILD(AuthnContextDeclRef);
169 DECL_TYPED_CHILDREN(AuthenticatingAuthority);
170 /** AuthnContextType local name */
171 static const XMLCh TYPE_NAME[];
174 BEGIN_XMLOBJECT(SAML_API,AuthnStatement,Statement,SAML 2.0 AuthnStatement element);
175 DECL_DATETIME_ATTRIB(AuthnInstant,AUTHNINSTANT);
176 DECL_STRING_ATTRIB(SessionIndex,SESSIONINDEX);
177 DECL_DATETIME_ATTRIB(SessionNotOnOrAfter,SESSIONNOTONORAFTER);
178 DECL_TYPED_CHILD(SubjectLocality);
179 DECL_TYPED_CHILD(AuthnContext);
180 /** AuthnStatementType local name */
181 static const XMLCh TYPE_NAME[];
184 BEGIN_XMLOBJECT(SAML_API,Action,xmltooling::SimpleElement,SAML 2.0 Action element);
185 DECL_STRING_ATTRIB(Namespace,NAMESPACE);
186 DECL_XMLOBJECT_CONTENT(Action);
187 /** ActionType local name */
188 static const XMLCh TYPE_NAME[];
191 BEGIN_XMLOBJECT(SAML_API,Evidence,xmltooling::XMLObject,SAML 2.0 Evidence element);
192 DECL_TYPED_CHILDREN(AssertionIDRef);
193 DECL_TYPED_CHILDREN(AssertionURIRef);
194 DECL_TYPED_CHILDREN(Assertion);
195 //DECL_TYPED_CHILDREN(EncryptedAssertion);
196 /** EvidenceType local name */
197 static const XMLCh TYPE_NAME[];
200 BEGIN_XMLOBJECT(SAML_API,AuthzDecisionStatement,Statement,SAML 2.0 AuthzDecisionStatement element);
201 DECL_STRING_ATTRIB(Resource,RESOURCE);
202 DECL_STRING_ATTRIB(Decision,DECISION);
203 DECL_TYPED_CHILDREN(Action);
204 DECL_TYPED_CHILD(Evidence);
205 /** AuthzDecisionStatementType local name */
206 static const XMLCh TYPE_NAME[];
207 /** Permit Decision */
208 static const XMLCh DECISION_PERMIT[];
210 static const XMLCh DECISION_DENY[];
211 /** Indeterminate Decision */
212 static const XMLCh DECISION_INDETERMINATE[];
215 BEGIN_XMLOBJECT2(SAML_API,AttributeValue,xmltooling::ElementProxy,xmltooling::AttributeExtensibleXMLObject,SAML 2.0 AttributeValue element);
218 BEGIN_XMLOBJECT(SAML_API,Attribute,xmltooling::AttributeExtensibleXMLObject,SAML 2.0 Attribute element);
219 DECL_STRING_ATTRIB(Name,NAME);
220 DECL_STRING_ATTRIB(NameFormat,NAMEFORMAT);
221 DECL_STRING_ATTRIB(FriendlyName,FRIENDLYNAME);
222 DECL_XMLOBJECT_CHILDREN(AttributeValue);
223 /** AttributeType local name */
224 static const XMLCh TYPE_NAME[];
227 BEGIN_XMLOBJECT(SAML_API,AttributeStatement,Statement,SAML 2.0 AttributeStatement element);
228 DECL_TYPED_CHILDREN(Attribute);
229 //DECL_TYPED_CHILDREN(EncryptedAttribute);
230 /** AttributeStatementType local name */
231 static const XMLCh TYPE_NAME[];
234 BEGIN_XMLOBJECT(SAML_API,Advice,xmltooling::XMLObject,SAML 2.0 Advice element);
235 DECL_TYPED_CHILDREN(AssertionIDRef);
236 DECL_TYPED_CHILDREN(AssertionURIRef);
237 DECL_TYPED_CHILDREN(Assertion);
238 //DECL_TYPED_CHILDREN(EncryptedAssertion);
239 DECL_XMLOBJECT_CHILDREN(Other);
240 /** AdviceType local name */
241 static const XMLCh TYPE_NAME[];
244 BEGIN_XMLOBJECT(SAML_API,Assertion,SignableObject,SAML 2.0 Assertion element);
245 DECL_STRING_ATTRIB(Version,VER);
246 DECL_STRING_ATTRIB(ID,ID);
247 DECL_DATETIME_ATTRIB(IssueInstant,ISSUEINSTANT);
248 DECL_TYPED_CHILD(Issuer);
249 DECL_TYPED_FOREIGN_CHILD(Signature,xmlsignature);
250 DECL_TYPED_CHILD(Subject);
251 DECL_TYPED_CHILD(Conditions);
252 DECL_TYPED_CHILD(Advice);
253 DECL_TYPED_CHILDREN(Statement);
254 DECL_TYPED_CHILDREN(AuthnStatement);
255 DECL_TYPED_CHILDREN(AttributeStatement);
256 DECL_TYPED_CHILDREN(AuthzDecisionStatement);
257 /** AssertionType local name */
258 static const XMLCh TYPE_NAME[];
261 DECL_SAML2OBJECTBUILDER(Action);
262 DECL_SAML2OBJECTBUILDER(Advice);
263 DECL_SAML2OBJECTBUILDER(Assertion);
264 DECL_SAML2OBJECTBUILDER(AssertionIDRef);
265 DECL_SAML2OBJECTBUILDER(AssertionURIRef);
266 DECL_SAML2OBJECTBUILDER(Attribute);
267 DECL_SAML2OBJECTBUILDER(AttributeStatement);
268 DECL_SAML2OBJECTBUILDER(AttributeValue);
269 DECL_SAML2OBJECTBUILDER(Audience);
270 DECL_SAML2OBJECTBUILDER(AudienceRestriction);
271 DECL_SAML2OBJECTBUILDER(AuthenticatingAuthority);
272 DECL_SAML2OBJECTBUILDER(AuthnContext);
273 DECL_SAML2OBJECTBUILDER(AuthnContextClassRef);
274 DECL_SAML2OBJECTBUILDER(AuthnContextDecl);
275 DECL_SAML2OBJECTBUILDER(AuthnContextDeclRef);
276 DECL_SAML2OBJECTBUILDER(AuthnStatement);
277 DECL_SAML2OBJECTBUILDER(AuthzDecisionStatement);
278 DECL_SAML2OBJECTBUILDER(Conditions);
279 DECL_SAML2OBJECTBUILDER(Evidence);
280 DECL_SAML2OBJECTBUILDER(Issuer);
281 DECL_SAML2OBJECTBUILDER(NameID);
282 DECL_SAML2OBJECTBUILDER(OneTimeUse);
283 DECL_SAML2OBJECTBUILDER(ProxyRestriction);
284 DECL_SAML2OBJECTBUILDER(Subject);
285 DECL_SAML2OBJECTBUILDER(SubjectConfirmation);
286 DECL_SAML2OBJECTBUILDER(SubjectConfirmationData);
287 DECL_SAML2OBJECTBUILDER(SubjectLocality);
290 * Builder for NameIDType objects.
292 * This is customized to force the element name to be specified.
294 class SAML_API NameIDTypeBuilder : public xmltooling::XMLObjectBuilder {
296 virtual ~NameIDTypeBuilder() {}
297 /** Builder that allows element/type override. */
298 virtual NameIDType* buildObject(
299 const XMLCh* nsURI, const XMLCh* localName, const XMLCh* prefix=NULL, const xmltooling::QName* schemaType=NULL
302 /** Singleton builder. */
303 static NameIDType* buildNameIDType(const XMLCh* nsURI, const XMLCh* localName, const XMLCh* prefix=NULL) {
304 const NameIDTypeBuilder* b = dynamic_cast<const NameIDTypeBuilder*>(
305 XMLObjectBuilder::getBuilder(xmltooling::QName(SAMLConstants::SAML20_NS,NameIDType::TYPE_NAME))
308 xmltooling::QName schemaType(SAMLConstants::SAML20_NS,NameIDType::TYPE_NAME,SAMLConstants::SAML20_PREFIX);
309 return b->buildObject(nsURI, localName, prefix, &schemaType);
311 throw xmltooling::XMLObjectException("Unable to obtain typed builder for NameIDType.");
316 * Builder for KeyInfoConfirmationDataType objects.
318 * This is customized to return a SubjectConfirmationData element with an
319 * xsi:type of KeyInfoConfirmationDataType.
321 class SAML_API KeyInfoConfirmationDataTypeBuilder : public xmltooling::XMLObjectBuilder {
323 virtual ~KeyInfoConfirmationDataTypeBuilder() {}
324 /** Default builder. */
325 virtual KeyInfoConfirmationDataType* buildObject() const {
326 xmltooling::QName schemaType(
327 SAMLConstants::SAML20_NS,KeyInfoConfirmationDataType::TYPE_NAME,SAMLConstants::SAML20_PREFIX
330 SAMLConstants::SAML20_NS,KeyInfoConfirmationDataType::LOCAL_NAME,SAMLConstants::SAML20_PREFIX,&schemaType
333 /** Builder that allows element/type override. */
334 virtual KeyInfoConfirmationDataType* buildObject(
335 const XMLCh* nsURI, const XMLCh* localName, const XMLCh* prefix=NULL, const xmltooling::QName* schemaType=NULL
338 /** Singleton builder. */
339 static KeyInfoConfirmationDataType* buildKeyInfoConfirmationDataType() {
340 const KeyInfoConfirmationDataTypeBuilder* b = dynamic_cast<const KeyInfoConfirmationDataTypeBuilder*>(
341 XMLObjectBuilder::getBuilder(xmltooling::QName(SAMLConstants::SAML20_NS,KeyInfoConfirmationDataType::TYPE_NAME))
344 return b->buildObject();
345 throw xmltooling::XMLObjectException("Unable to obtain typed builder for KeyInfoConfirmationDataType.");
350 * Registers builders and validators for Assertion classes into the runtime.
352 void SAML_API registerAssertionClasses();
356 #endif /* __saml2_assertions_h__ */