projects / shibboleth / cpp-opensaml.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
Refined ElementProxy/ElementExtensible interfaces to match Java.
[shibboleth/cpp-opensaml.git] / saml / saml2 / core / impl / Assertions20SchemaValidators.cpp
1 /*
2 *  Copyright 2001-2006 Internet2
3  * 
4 * Licensed under the Apache License, Version 2.0 (the "License");
5  * you may not use this file except in compliance with the License.
6  * You may obtain a copy of the License at
7  *
8  *     http://www.apache.org/licenses/LICENSE-2.0
9  *
10  * Unless required by applicable law or agreed to in writing, software
11  * distributed under the License is distributed on an "AS IS" BASIS,
12  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13  * See the License for the specific language governing permissions and
14  * limitations under the License.
15  */
16
17 /**
18  * Assertions20SchemaValidators.cpp
19  * 
20  * Schema-based validators for SAML 2.0 Assertions classes
21  */
22
23 #include "internal.h"
24 #include "exceptions.h"
25 #include "saml2/core/Assertions.h"
26
27 #include <xmltooling/validation/ValidatorSuite.h>
28
29 using namespace opensaml::saml2;
30 using namespace opensaml;
31 using namespace xmltooling;
32 using namespace std;
33 using samlconstants::SAML20_NS;
34
35 namespace opensaml {
36     namespace saml2 {
37         
38         XMLOBJECTVALIDATOR_SIMPLE(SAML_DLLLOCAL,Action);
39         XMLOBJECTVALIDATOR_SIMPLE(SAML_DLLLOCAL,AssertionIDRef);
40         XMLOBJECTVALIDATOR_SIMPLE(SAML_DLLLOCAL,AssertionURIRef);
41         XMLOBJECTVALIDATOR_SIMPLE(SAML_DLLLOCAL,Audience);
42         XMLOBJECTVALIDATOR_SIMPLE(SAML_DLLLOCAL,AuthnContextClassRef);
43         XMLOBJECTVALIDATOR_SIMPLE(SAML_DLLLOCAL,AuthnContextDeclRef);
44         XMLOBJECTVALIDATOR_SIMPLE(SAML_DLLLOCAL,AuthenticatingAuthority);
45         XMLOBJECTVALIDATOR_SIMPLE(SAML_DLLLOCAL,NameIDType);
46         XMLOBJECTVALIDATOR_SIMPLE(SAML_DLLLOCAL,NameID);
47         XMLOBJECTVALIDATOR_SIMPLE(SAML_DLLLOCAL,Issuer);
48
49         BEGIN_XMLOBJECTVALIDATOR(SAML_DLLLOCAL,EncryptedElementType);
50             XMLOBJECTVALIDATOR_REQUIRE(EncryptedElementType,EncryptedData);
51         END_XMLOBJECTVALIDATOR;
52         
53         BEGIN_XMLOBJECTVALIDATOR_SUB(SAML_DLLLOCAL,EncryptedID,EncryptedElementType);
54             EncryptedElementTypeSchemaValidator::validate(xmlObject);
55         END_XMLOBJECTVALIDATOR;
56
57         BEGIN_XMLOBJECTVALIDATOR_SUB(SAML_DLLLOCAL,EncryptedAttribute,EncryptedElementType);
58             EncryptedElementTypeSchemaValidator::validate(xmlObject);
59         END_XMLOBJECTVALIDATOR;
60
61         BEGIN_XMLOBJECTVALIDATOR_SUB(SAML_DLLLOCAL,EncryptedAssertion,EncryptedElementType);
62             EncryptedElementTypeSchemaValidator::validate(xmlObject);
63         END_XMLOBJECTVALIDATOR;
64
65         BEGIN_XMLOBJECTVALIDATOR(SAML_DLLLOCAL,AudienceRestriction);
66             XMLOBJECTVALIDATOR_NONEMPTY(AudienceRestriction,Audience);
67         END_XMLOBJECTVALIDATOR;
68
69         BEGIN_XMLOBJECTVALIDATOR(SAML_DLLLOCAL,ProxyRestriction);
70             if (ptr->getAudiences().empty()) {
71                 XMLOBJECTVALIDATOR_REQUIRE_INTEGER(ProxyRestriction,Count);
72             }
73         END_XMLOBJECTVALIDATOR;
74
75         BEGIN_XMLOBJECTVALIDATOR(SAML_DLLLOCAL,Conditions);
76             if (!ptr->hasChildren()) {
77                 XMLOBJECTVALIDATOR_ONEOF(Conditions,NotBefore,NotOnOrAfter);
78             }
79         END_XMLOBJECTVALIDATOR;
80
81         BEGIN_XMLOBJECTVALIDATOR(SAML_DLLLOCAL,KeyInfoConfirmationDataType);
82             XMLOBJECTVALIDATOR_NONEMPTY(KeyInfoConfirmationDataType,KeyInfo);
83         END_XMLOBJECTVALIDATOR;
84
85         BEGIN_XMLOBJECTVALIDATOR(SAML_DLLLOCAL,SubjectConfirmation);
86             XMLOBJECTVALIDATOR_REQUIRE(SubjectConfirmation,Method);
87             int count=0;
88             if (ptr->getBaseID())
89                 count++;
90             if (ptr->getNameID())
91                 count++;
92             if (ptr->getEncryptedID())
93                 count++;
94             if (count > 1)
95                 throw ValidationException("SubjectConfirmation cannot contain multiple identifier elements.");
96         END_XMLOBJECTVALIDATOR;
97
98         BEGIN_XMLOBJECTVALIDATOR(SAML_DLLLOCAL,Subject);
99             int count=0;
100             if (ptr->getBaseID())
101                 count++;
102             if (ptr->getNameID())
103                 count++;
104             if (ptr->getEncryptedID())
105                 count++;
106             if (count > 1)
107                 throw ValidationException("Subject cannot contain multiple identifier elements.");
108         END_XMLOBJECTVALIDATOR;
109
110         BEGIN_XMLOBJECTVALIDATOR(SAML_DLLLOCAL,SubjectLocality);
111             XMLOBJECTVALIDATOR_ONEOF(SubjectLocality,Address,DNSName);
112         END_XMLOBJECTVALIDATOR;
113
114         BEGIN_XMLOBJECTVALIDATOR(SAML_DLLLOCAL,AuthnContext);
115             if (!ptr->getAuthnContextClassRef()) {
116                 XMLOBJECTVALIDATOR_ONLYONEOF(AuthnContext,AuthnContextDeclRef,AuthnContextDecl);
117             }
118         END_XMLOBJECTVALIDATOR;
119
120         BEGIN_XMLOBJECTVALIDATOR(SAML_DLLLOCAL,AuthnStatement);
121             XMLOBJECTVALIDATOR_REQUIRE(AuthnStatement,AuthnInstant);
122             XMLOBJECTVALIDATOR_REQUIRE(AuthnStatement,AuthnContext);
123         END_XMLOBJECTVALIDATOR;
124
125         BEGIN_XMLOBJECTVALIDATOR(SAML_DLLLOCAL,Evidence);
126             if (!ptr->hasChildren())
127                 throw ValidationException("Evidence must have at least one child element.");
128         END_XMLOBJECTVALIDATOR;
129
130         BEGIN_XMLOBJECTVALIDATOR(SAML_DLLLOCAL,AuthzDecisionStatement);
131             XMLOBJECTVALIDATOR_REQUIRE(AuthzDecisionStatement,Resource);
132             XMLOBJECTVALIDATOR_REQUIRE(AuthzDecisionStatement,Decision);
133             if (!XMLString::equals(ptr->getDecision(),AuthzDecisionStatement::DECISION_PERMIT) &&
134                 !XMLString::equals(ptr->getDecision(),AuthzDecisionStatement::DECISION_DENY) &&
135                 !XMLString::equals(ptr->getDecision(),AuthzDecisionStatement::DECISION_INDETERMINATE))
136                 throw ValidationException("Decision must be one of Deny, Permit, or Indeterminate.");
137             XMLOBJECTVALIDATOR_NONEMPTY(AuthzDecisionStatement,Action);
138         END_XMLOBJECTVALIDATOR;
139
140         BEGIN_XMLOBJECTVALIDATOR(SAML_DLLLOCAL,Attribute);
141             XMLOBJECTVALIDATOR_REQUIRE(Attribute,Name);
142         END_XMLOBJECTVALIDATOR;
143
144         BEGIN_XMLOBJECTVALIDATOR(SAML_DLLLOCAL,AttributeStatement);
145             XMLOBJECTVALIDATOR_NONEMPTY(AttributeStatement,Attribute);
146         END_XMLOBJECTVALIDATOR;
147
148         BEGIN_XMLOBJECTVALIDATOR(SAML_DLLLOCAL,Assertion);
149             XMLOBJECTVALIDATOR_REQUIRE(Assertion,Version);
150             if (!XMLString::equals(samlconstants::SAML20_VERSION, ptr->getVersion()))
151                 throw ValidationException("Assertion has wrong SAML Version.");
152             XMLOBJECTVALIDATOR_REQUIRE(Assertion,ID);
153             XMLOBJECTVALIDATOR_REQUIRE(Assertion,IssueInstant);
154             XMLOBJECTVALIDATOR_REQUIRE(Assertion,Issuer);
155             if ((!ptr->getAuthnStatements().empty() ||
156                 !ptr->getAttributeStatements().empty() ||
157                 !ptr->getAuthzDecisionStatements().empty()) && !ptr->getSubject())
158                 throw ValidationException("Assertion with standard statements must have a Subject.");
159         END_XMLOBJECTVALIDATOR;
160
161         class SAML_DLLLOCAL checkWildcardNS {
162         public:
163             void operator()(const XMLObject* xmlObject) const {
164                 const XMLCh* ns=xmlObject->getElementQName().getNamespaceURI();
165                 if (XMLString::equals(ns,SAML20_NS) || !ns || !*ns) {
166                     throw ValidationException(
167                         "Object contains an illegal extension child element ($1).",
168                         params(1,xmlObject->getElementQName().toString().c_str())
169                         );
170                 }
171             }
172         };
173
174         BEGIN_XMLOBJECTVALIDATOR(SAML_DLLLOCAL,Advice);
175             const vector<XMLObject*>& anys=ptr->getUnknownXMLObjects();
176             for_each(anys.begin(),anys.end(),checkWildcardNS());
177         END_XMLOBJECTVALIDATOR;
178
179     };
180 };
181
182 #define REGISTER_ELEMENT(cname) \
183     q=QName(SAML20_NS,cname::LOCAL_NAME); \
184     XMLObjectBuilder::registerBuilder(q,new cname##Builder()); \
185     SchemaValidators.registerValidator(q,new cname##SchemaValidator())
186     
187 #define REGISTER_TYPE(cname) \
188     q=QName(SAML20_NS,cname::TYPE_NAME); \
189     XMLObjectBuilder::registerBuilder(q,new cname##Builder()); \
190     SchemaValidators.registerValidator(q,new cname##SchemaValidator())
191
192 #define REGISTER_ELEMENT_NOVAL(cname) \
193     q=QName(SAML20_NS,cname::LOCAL_NAME); \
194     XMLObjectBuilder::registerBuilder(q,new cname##Builder());
195     
196 #define REGISTER_TYPE_NOVAL(cname) \
197     q=QName(SAML20_NS,cname::TYPE_NAME); \
198     XMLObjectBuilder::registerBuilder(q,new cname##Builder());
199
200 void opensaml::saml2::registerAssertionClasses() {
201     QName q;
202     REGISTER_ELEMENT(Action);
203     REGISTER_ELEMENT(Advice);
204     REGISTER_ELEMENT(Assertion);
205     REGISTER_ELEMENT(AssertionIDRef);
206     REGISTER_ELEMENT(AssertionURIRef);
207     REGISTER_ELEMENT(Attribute);
208     REGISTER_ELEMENT(AttributeStatement);
209     REGISTER_ELEMENT_NOVAL(AttributeValue);
210     REGISTER_ELEMENT(Audience);
211     REGISTER_ELEMENT(AudienceRestriction);
212     REGISTER_ELEMENT(AuthenticatingAuthority);
213     REGISTER_ELEMENT(AuthnContext);
214     REGISTER_ELEMENT(AuthnContextClassRef);
215     REGISTER_ELEMENT_NOVAL(AuthnContextDecl);
216     REGISTER_ELEMENT(AuthnContextDeclRef);
217     REGISTER_ELEMENT(AuthnStatement);
218     REGISTER_ELEMENT(AuthzDecisionStatement);
219     REGISTER_ELEMENT(Conditions);
220     REGISTER_ELEMENT(EncryptedAssertion);
221     REGISTER_ELEMENT(EncryptedAttribute);
222     REGISTER_ELEMENT(EncryptedID);
223     REGISTER_ELEMENT(Evidence);
224     REGISTER_ELEMENT(Issuer);
225     REGISTER_ELEMENT(NameID);
226     REGISTER_ELEMENT_NOVAL(OneTimeUse);
227     REGISTER_ELEMENT(ProxyRestriction);
228     REGISTER_ELEMENT(Subject);
229     REGISTER_ELEMENT(SubjectConfirmation);
230     REGISTER_ELEMENT_NOVAL(SubjectConfirmationData);
231     REGISTER_ELEMENT(SubjectLocality);
232     REGISTER_TYPE(Action);
233     REGISTER_TYPE(Advice);
234     REGISTER_TYPE(Assertion);
235     REGISTER_TYPE(Attribute);
236     REGISTER_TYPE(AttributeStatement);
237     REGISTER_TYPE(AudienceRestriction);
238     REGISTER_TYPE(AuthnContext);
239     REGISTER_TYPE(AuthnStatement);
240     REGISTER_TYPE(AuthzDecisionStatement);
241     REGISTER_TYPE(Conditions);
242     REGISTER_TYPE(Evidence);
243     REGISTER_TYPE(KeyInfoConfirmationDataType);
244     REGISTER_TYPE(NameIDType);
245     REGISTER_TYPE_NOVAL(OneTimeUse);
246     REGISTER_TYPE(ProxyRestriction);
247     REGISTER_TYPE(Subject);
248     REGISTER_TYPE(SubjectConfirmation);
249     REGISTER_TYPE(SubjectLocality);
250 }
Unnamed repository; edit this file 'description' to name the repository.