projects / shibboleth / cpp-opensaml.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
First metadata check-in, misc. fixes.
[shibboleth/cpp-opensaml.git] / saml / saml2 / core / impl / Assertions20SchemaValidators.cpp
1 /*
2 *  Copyright 2001-2006 Internet2
3  * 
4 * Licensed under the Apache License, Version 2.0 (the "License");
5  * you may not use this file except in compliance with the License.
6  * You may obtain a copy of the License at
7  *
8  *     http://www.apache.org/licenses/LICENSE-2.0
9  *
10  * Unless required by applicable law or agreed to in writing, software
11  * distributed under the License is distributed on an "AS IS" BASIS,
12  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13  * See the License for the specific language governing permissions and
14  * limitations under the License.
15  */
16
17 /**
18  * Assertions20SchemaValidators.cpp
19  * 
20  * Schema-based validators for SAML 2.0 Assertions classes
21  */
22
23 #include "internal.h"
24 #include "exceptions.h"
25 #include "saml2/core/Assertions.h"
26
27 using namespace opensaml::saml2;
28 using namespace opensaml;
29 using namespace xmltooling;
30 using namespace std;
31
32 namespace opensaml {
33     namespace saml2 {
34         
35         XMLOBJECTVALIDATOR_SIMPLE(SAML_DLLLOCAL,Action);
36         XMLOBJECTVALIDATOR_SIMPLE(SAML_DLLLOCAL,AssertionIDRef);
37         XMLOBJECTVALIDATOR_SIMPLE(SAML_DLLLOCAL,AssertionURIRef);
38         XMLOBJECTVALIDATOR_SIMPLE(SAML_DLLLOCAL,Audience);
39         XMLOBJECTVALIDATOR_SIMPLE(SAML_DLLLOCAL,AuthnContextClassRef);
40         XMLOBJECTVALIDATOR_SIMPLE(SAML_DLLLOCAL,AuthnContextDeclRef);
41         XMLOBJECTVALIDATOR_SIMPLE(SAML_DLLLOCAL,AuthenticatingAuthority);
42         XMLOBJECTVALIDATOR_SIMPLE(SAML_DLLLOCAL,NameIDType);
43         XMLOBJECTVALIDATOR_SIMPLE(SAML_DLLLOCAL,NameID);
44         XMLOBJECTVALIDATOR_SIMPLE(SAML_DLLLOCAL,Issuer);
45
46         BEGIN_XMLOBJECTVALIDATOR(SAML_DLLLOCAL,EncryptedElementType);
47             XMLOBJECTVALIDATOR_REQUIRE(EncryptedElementType,EncryptedData);
48         END_XMLOBJECTVALIDATOR;
49         
50         BEGIN_XMLOBJECTVALIDATOR_SUB(SAML_DLLLOCAL,EncryptedID,EncryptedElementType);
51             EncryptedElementTypeSchemaValidator::validate(xmlObject);
52         END_XMLOBJECTVALIDATOR;
53
54         BEGIN_XMLOBJECTVALIDATOR_SUB(SAML_DLLLOCAL,EncryptedAttribute,EncryptedElementType);
55             EncryptedElementTypeSchemaValidator::validate(xmlObject);
56         END_XMLOBJECTVALIDATOR;
57
58         BEGIN_XMLOBJECTVALIDATOR_SUB(SAML_DLLLOCAL,EncryptedAssertion,EncryptedElementType);
59             EncryptedElementTypeSchemaValidator::validate(xmlObject);
60         END_XMLOBJECTVALIDATOR;
61
62         BEGIN_XMLOBJECTVALIDATOR(SAML_DLLLOCAL,AudienceRestriction);
63             XMLOBJECTVALIDATOR_NONEMPTY(AudienceRestriction,Audience);
64         END_XMLOBJECTVALIDATOR;
65
66         BEGIN_XMLOBJECTVALIDATOR(SAML_DLLLOCAL,ProxyRestriction);
67             if (ptr->getAudiences().empty()) {
68                 XMLOBJECTVALIDATOR_REQUIRE(ProxyRestriction,Count);
69             }
70         END_XMLOBJECTVALIDATOR;
71
72         BEGIN_XMLOBJECTVALIDATOR(SAML_DLLLOCAL,Conditions);
73             if (!ptr->hasChildren()) {
74                 XMLOBJECTVALIDATOR_ONEOF(Conditions,NotBefore,NotOnOrAfter);
75             }
76         END_XMLOBJECTVALIDATOR;
77
78         BEGIN_XMLOBJECTVALIDATOR(SAML_DLLLOCAL,KeyInfoConfirmationDataType);
79             XMLOBJECTVALIDATOR_NONEMPTY(KeyInfoConfirmationDataType,KeyInfo);
80         END_XMLOBJECTVALIDATOR;
81
82         BEGIN_XMLOBJECTVALIDATOR(SAML_DLLLOCAL,SubjectConfirmation);
83             XMLOBJECTVALIDATOR_REQUIRE(SubjectConfirmation,Method);
84             int count=0;
85             if (ptr->getBaseID())
86                 count++;
87             if (ptr->getNameID())
88                 count++;
89             if (ptr->getEncryptedID())
90                 count++;
91             if (count > 1)
92                 throw ValidationException("SubjectConfirmation cannot contain multiple identifier elements.");
93         END_XMLOBJECTVALIDATOR;
94
95         BEGIN_XMLOBJECTVALIDATOR(SAML_DLLLOCAL,Subject);
96             int count=0;
97             if (ptr->getBaseID())
98                 count++;
99             if (ptr->getNameID())
100                 count++;
101             if (ptr->getEncryptedID())
102                 count++;
103             if (count > 1)
104                 throw ValidationException("Subject cannot contain multiple identifier elements.");
105         END_XMLOBJECTVALIDATOR;
106
107         BEGIN_XMLOBJECTVALIDATOR(SAML_DLLLOCAL,SubjectLocality);
108             XMLOBJECTVALIDATOR_ONEOF(SubjectLocality,Address,DNSName);
109         END_XMLOBJECTVALIDATOR;
110
111         BEGIN_XMLOBJECTVALIDATOR(SAML_DLLLOCAL,AuthnContext);
112             if (!ptr->getAuthnContextClassRef()) {
113                 XMLOBJECTVALIDATOR_ONLYONEOF(AuthnContext,AuthnContextDeclRef,AuthnContextDecl);
114             }
115         END_XMLOBJECTVALIDATOR;
116
117         BEGIN_XMLOBJECTVALIDATOR(SAML_DLLLOCAL,AuthnStatement);
118             XMLOBJECTVALIDATOR_REQUIRE(AuthnStatement,AuthnInstant);
119             XMLOBJECTVALIDATOR_REQUIRE(AuthnStatement,AuthnContext);
120         END_XMLOBJECTVALIDATOR;
121
122         BEGIN_XMLOBJECTVALIDATOR(SAML_DLLLOCAL,Evidence);
123             if (!ptr->hasChildren())
124                 throw ValidationException("Evidence must have at least one child element.");
125         END_XMLOBJECTVALIDATOR;
126
127         BEGIN_XMLOBJECTVALIDATOR(SAML_DLLLOCAL,AuthzDecisionStatement);
128             XMLOBJECTVALIDATOR_REQUIRE(AuthzDecisionStatement,Resource);
129             XMLOBJECTVALIDATOR_REQUIRE(AuthzDecisionStatement,Decision);
130             if (!XMLString::equals(ptr->getDecision(),AuthzDecisionStatement::DECISION_PERMIT) &&
131                 !XMLString::equals(ptr->getDecision(),AuthzDecisionStatement::DECISION_DENY) &&
132                 !XMLString::equals(ptr->getDecision(),AuthzDecisionStatement::DECISION_INDETERMINATE))
133                 throw ValidationException("Decision must be one of Deny, Permit, or Indeterminate.");
134             XMLOBJECTVALIDATOR_NONEMPTY(AuthzDecisionStatement,Action);
135         END_XMLOBJECTVALIDATOR;
136
137         BEGIN_XMLOBJECTVALIDATOR(SAML_DLLLOCAL,Attribute);
138             XMLOBJECTVALIDATOR_REQUIRE(Attribute,Name);
139         END_XMLOBJECTVALIDATOR;
140
141         BEGIN_XMLOBJECTVALIDATOR(SAML_DLLLOCAL,AttributeStatement);
142             XMLOBJECTVALIDATOR_NONEMPTY(AttributeStatement,Attribute);
143         END_XMLOBJECTVALIDATOR;
144
145         BEGIN_XMLOBJECTVALIDATOR(SAML_DLLLOCAL,Assertion);
146             XMLOBJECTVALIDATOR_REQUIRE(Assertion,Version);
147             XMLOBJECTVALIDATOR_REQUIRE(Assertion,ID);
148             XMLOBJECTVALIDATOR_REQUIRE(Assertion,IssueInstant);
149             XMLOBJECTVALIDATOR_REQUIRE(Assertion,Issuer);
150             if ((!ptr->getAuthnStatements().empty() ||
151                 !ptr->getAttributeStatements().empty() ||
152                 !ptr->getAuthzDecisionStatements().empty()) && !ptr->getSubject())
153                 throw ValidationException("Assertion with standard statements must have a Subject.");
154         END_XMLOBJECTVALIDATOR;
155
156         class SAML_DLLLOCAL checkWildcardNS {
157         public:
158             void operator()(const XMLObject* xmlObject) const {
159                 const XMLCh* ns=xmlObject->getElementQName().getNamespaceURI();
160                 if (XMLString::equals(ns,SAMLConstants::SAML20_NS) || !ns || !*ns) {
161                     throw ValidationException(
162                         "Object contains an illegal extension child element ($1).",
163                         params(1,xmlObject->getElementQName().toString().c_str())
164                         );
165                 }
166             }
167         };
168
169         BEGIN_XMLOBJECTVALIDATOR(SAML_DLLLOCAL,Advice);
170             const vector<XMLObject*>& anys=ptr->getOthers();
171             for_each(anys.begin(),anys.end(),checkWildcardNS());
172         END_XMLOBJECTVALIDATOR;
173
174     };
175 };
176
177 #define REGISTER_ELEMENT(cname) \
178     q=QName(SAMLConstants::SAML20_NS,cname::LOCAL_NAME); \
179     XMLObjectBuilder::registerBuilder(q,new cname##Builder()); \
180     Validator::registerValidator(q,new cname##SchemaValidator())
181     
182 #define REGISTER_TYPE(cname) \
183     q=QName(SAMLConstants::SAML20_NS,cname::TYPE_NAME); \
184     XMLObjectBuilder::registerBuilder(q,new cname##Builder()); \
185     Validator::registerValidator(q,new cname##SchemaValidator())
186
187 #define REGISTER_ELEMENT_NOVAL(cname) \
188     q=QName(SAMLConstants::SAML20_NS,cname::LOCAL_NAME); \
189     XMLObjectBuilder::registerBuilder(q,new cname##Builder());
190     
191 #define REGISTER_TYPE_NOVAL(cname) \
192     q=QName(SAMLConstants::SAML20_NS,cname::TYPE_NAME); \
193     XMLObjectBuilder::registerBuilder(q,new cname##Builder());
194
195 void opensaml::saml2::registerAssertionClasses() {
196     QName q;
197     REGISTER_ELEMENT(Action);
198     REGISTER_ELEMENT(Advice);
199     REGISTER_ELEMENT(Assertion);
200     REGISTER_ELEMENT(AssertionIDRef);
201     REGISTER_ELEMENT(AssertionURIRef);
202     REGISTER_ELEMENT(Attribute);
203     REGISTER_ELEMENT(AttributeStatement);
204     REGISTER_ELEMENT_NOVAL(AttributeValue);
205     REGISTER_ELEMENT(Audience);
206     REGISTER_ELEMENT(AudienceRestriction);
207     REGISTER_ELEMENT(AuthenticatingAuthority);
208     REGISTER_ELEMENT(AuthnContext);
209     REGISTER_ELEMENT(AuthnContextClassRef);
210     REGISTER_ELEMENT_NOVAL(AuthnContextDecl);
211     REGISTER_ELEMENT(AuthnContextDeclRef);
212     REGISTER_ELEMENT(AuthnStatement);
213     REGISTER_ELEMENT(AuthzDecisionStatement);
214     REGISTER_ELEMENT(Conditions);
215     REGISTER_ELEMENT(EncryptedAssertion);
216     REGISTER_ELEMENT(EncryptedAttribute);
217     REGISTER_ELEMENT(EncryptedID);
218     REGISTER_ELEMENT(Evidence);
219     REGISTER_ELEMENT(Issuer);
220     REGISTER_ELEMENT(NameID);
221     REGISTER_ELEMENT_NOVAL(OneTimeUse);
222     REGISTER_ELEMENT(ProxyRestriction);
223     REGISTER_ELEMENT(Subject);
224     REGISTER_ELEMENT(SubjectConfirmation);
225     REGISTER_ELEMENT_NOVAL(SubjectConfirmationData);
226     REGISTER_ELEMENT(SubjectLocality);
227     REGISTER_TYPE(Action);
228     REGISTER_TYPE(Advice);
229     REGISTER_TYPE(Assertion);
230     REGISTER_TYPE(Attribute);
231     REGISTER_TYPE(AttributeStatement);
232     REGISTER_TYPE(AudienceRestriction);
233     REGISTER_TYPE(AuthnContext);
234     REGISTER_TYPE(AuthnStatement);
235     REGISTER_TYPE(AuthzDecisionStatement);
236     REGISTER_TYPE(Conditions);
237     REGISTER_TYPE(Evidence);
238     REGISTER_TYPE(KeyInfoConfirmationDataType);
239     REGISTER_TYPE(NameIDType);
240     REGISTER_TYPE_NOVAL(OneTimeUse);
241     REGISTER_TYPE(ProxyRestriction);
242     REGISTER_TYPE(Subject);
243     REGISTER_TYPE(SubjectConfirmation);
244     REGISTER_TYPE(SubjectLocality);
245 }
Unnamed repository; edit this file 'description' to name the repository.