*/
/**
- * @file Assertions.h
+ * @file saml/saml2/core/Assertions.h
*
* XMLObjects representing the SAML 2.0 Assertions schema
*/
#include <xmltooling/ElementProxy.h>
#include <xmltooling/SimpleElement.h>
#include <xmltooling/XMLObjectBuilder.h>
-#include <xmltooling/signature/KeyInfo.h>
+#include <xmltooling/encryption/Encryption.h>
+#include <xmltooling/signature/KeyResolver.h>
#include <xmltooling/signature/Signature.h>
#include <xmltooling/util/DateTime.h>
-#include <xmltooling/validation/ValidatingXMLObject.h>
+#include <xmltooling/validation/ValidatorSuite.h>
#define DECL_SAML2OBJECTBUILDER(cname) \
DECL_XMLOBJECTBUILDER(SAML_API,cname,opensaml::SAMLConstants::SAML20_NS,opensaml::SAMLConstants::SAML20_PREFIX)
namespace opensaml {
/**
- * @namespace saml2
+ * @namespace opensaml::saml2
* SAML 2.0 assertion namespace
*/
namespace saml2 {
// Forward references
class SAML_API Assertion;
+ class SAML_API EncryptedAssertion;
DECL_XMLOBJECT_SIMPLE(SAML_API,AssertionIDRef,AssertionID,SAML 2.0 AssertionIDRef element);
DECL_XMLOBJECT_SIMPLE(SAML_API,AssertionURIRef,AssertionURI,SAML 2.0 AssertionURIRef element);
DECL_XMLOBJECT_SIMPLE(SAML_API,AuthnContextDeclRef,Reference,SAML 2.0 AuthnContextDeclRef element);
DECL_XMLOBJECT_SIMPLE(SAML_API,AuthenticatingAuthority,ID,SAML 2.0 AuthenticatingAuthority element);
+ BEGIN_XMLOBJECT(SAML_API,EncryptedElementType,xmltooling::XMLObject,SAML 2.0 EncryptedElementType type);
+ DECL_TYPED_FOREIGN_CHILD(EncryptedData,xmlencryption);
+ DECL_TYPED_FOREIGN_CHILDREN(EncryptedKey,xmlencryption);
+ /** EncryptedElementType local name */
+ static const XMLCh TYPE_NAME[];
+
+ /**
+ * Decrypts the element using a standard approach based on a wrapped decryption key
+ * inside the message. The key decryption key should be supplied using the provided
+ * resolver. The recipient name may be used when multiple encrypted keys are found.
+ * The object returned will be unmarshalled around the decrypted DOM element, but the
+ * DOM itself will be released.
+ *
+ * @param KEKresolver resolver supplying key decryption key
+ * @param recipient identifier naming the recipient (the entity performing the decryption)
+ * @return the decrypted and unmarshalled object
+ */
+ virtual xmltooling::XMLObject* decrypt(xmlsignature::KeyResolver* KEKresolver, const XMLCh* recipient) const=0;
+ END_XMLOBJECT;
+
+ BEGIN_XMLOBJECT(SAML_API,EncryptedID,EncryptedElementType,SAML 2.0 EncryptedID element);
+ END_XMLOBJECT;
+
BEGIN_XMLOBJECT(SAML_API,BaseID,xmltooling::XMLObject,SAML 2.0 BaseIDAbstractType abstract type);
DECL_STRING_ATTRIB(NameQualifier,NAMEQUALIFIER);
DECL_STRING_ATTRIB(SPNameQualifier,SPNAMEQUALIFIER);
DECL_XMLOBJECT_CONTENT(Name);
/** NameIDType local name */
static const XMLCh TYPE_NAME[];
+ /** Unspecified name format ID */\r
+ static const XMLCh UNSPECIFIED[];\r
+ /** Email address name format ID */\r
+ static const XMLCh EMAIL[];\r
+ /** X.509 subject name format ID */\r
+ static const XMLCh X509_SUBJECT[];\r
+ /** Windows domain qualified name format ID */\r
+ static const XMLCh WIN_DOMAIN_QUALIFIED[];\r
+ /** Kerberos principal name format ID */\r
+ static const XMLCh KERBEROS[];\r
+ /** Entity identifier name format ID */\r
+ static const XMLCh ENTITY[];\r
+ /** Persistent identifier name format ID */\r
+ static const XMLCh PERSISTENT[];\r
+ /** Transient identifier name format ID */\r
+ static const XMLCh TRANSIENT[];\r
END_XMLOBJECT;
BEGIN_XMLOBJECT(SAML_API,NameID,NameIDType,SAML 2.0 NameID element);
DECL_STRING_ATTRIB(Method,METHOD);
DECL_TYPED_CHILD(BaseID);
DECL_TYPED_CHILD(NameID);
- //DECL_TYPED_CHILD(EncryptedID);
+ DECL_TYPED_CHILD(EncryptedID);
DECL_XMLOBJECT_CHILD(SubjectConfirmationData);
DECL_TYPED_CHILD(KeyInfoConfirmationDataType);
/** SubjectConfirmationType local name */
static const XMLCh TYPE_NAME[];
+ /** Bearer confirmation method */
+ static const XMLCh BEARER[];\r
+ /** Holder of key confirmation method */\r
+ static const XMLCh HOLDER_KEY[];\r
+ /** Sender vouches confirmation method */\r
+ static const XMLCh SENDER_VOUCHES[];\r
END_XMLOBJECT;
BEGIN_XMLOBJECT(SAML_API,Subject,xmltooling::XMLObject,SAML 2.0 Subject element);
DECL_TYPED_CHILD(BaseID);
DECL_TYPED_CHILD(NameID);
- //DECL_TYPED_CHILD(EncryptedID);
+ DECL_TYPED_CHILD(EncryptedID);
DECL_TYPED_CHILDREN(SubjectConfirmation);
/** SubjectType local name */
static const XMLCh TYPE_NAME[];
DECL_XMLOBJECT_CONTENT(Action);
/** ActionType local name */
static const XMLCh TYPE_NAME[];
+ /** Read/Write/Execute/Delete/Control Action Namespace */
+ static const XMLCh RWEDC_NEG_ACTION_NAMESPACE[];\r
+ /** Read/Write/Execute/Delete/Control with Negation Action Namespace */
+ static const XMLCh RWEDC_ACTION_NAMESPACE[];\r
+ /** Get/Head/Put/Post Action Namespace */
+ static const XMLCh GHPP_ACTION_NAMESPACE[];\r
+ /** UNIX File Permissions Action Namespace */
+ static const XMLCh UNIX_ACTION_NAMESPACE[];\r
END_XMLOBJECT;
BEGIN_XMLOBJECT(SAML_API,Evidence,xmltooling::XMLObject,SAML 2.0 Evidence element);
DECL_TYPED_CHILDREN(AssertionIDRef);
DECL_TYPED_CHILDREN(AssertionURIRef);
DECL_TYPED_CHILDREN(Assertion);
- //DECL_TYPED_CHILDREN(EncryptedAssertion);
+ DECL_TYPED_CHILDREN(EncryptedAssertion);
/** EvidenceType local name */
static const XMLCh TYPE_NAME[];
END_XMLOBJECT;
DECL_XMLOBJECT_CHILDREN(AttributeValue);
/** AttributeType local name */
static const XMLCh TYPE_NAME[];
+ /** Unspecified attribute name format ID */\r
+ static const XMLCh UNSPECIFIED[];\r
+ /** URI reference attribute name format ID */\r
+ static const XMLCh URI_REFERENCE[];\r
+ /** Basic attribute name format ID */\r
+ static const XMLCh BASIC[];\r
+ END_XMLOBJECT;
+
+ BEGIN_XMLOBJECT(SAML_API,EncryptedAttribute,EncryptedElementType,SAML 2.0 EncryptedAttribute element);
END_XMLOBJECT;
BEGIN_XMLOBJECT(SAML_API,AttributeStatement,Statement,SAML 2.0 AttributeStatement element);
DECL_TYPED_CHILDREN(Attribute);
- //DECL_TYPED_CHILDREN(EncryptedAttribute);
+ DECL_TYPED_CHILDREN(EncryptedAttribute);
/** AttributeStatementType local name */
static const XMLCh TYPE_NAME[];
END_XMLOBJECT;
+ BEGIN_XMLOBJECT(SAML_API,EncryptedAssertion,EncryptedElementType,SAML 2.0 EncryptedAssertion element);
+ END_XMLOBJECT;
+
BEGIN_XMLOBJECT(SAML_API,Advice,xmltooling::XMLObject,SAML 2.0 Advice element);
DECL_TYPED_CHILDREN(AssertionIDRef);
DECL_TYPED_CHILDREN(AssertionURIRef);
DECL_TYPED_CHILDREN(Assertion);
- //DECL_TYPED_CHILDREN(EncryptedAssertion);
+ DECL_TYPED_CHILDREN(EncryptedAssertion);
DECL_XMLOBJECT_CHILDREN(Other);
/** AdviceType local name */
static const XMLCh TYPE_NAME[];
DECL_SAML2OBJECTBUILDER(AuthnStatement);
DECL_SAML2OBJECTBUILDER(AuthzDecisionStatement);
DECL_SAML2OBJECTBUILDER(Conditions);
+ DECL_SAML2OBJECTBUILDER(EncryptedAssertion);
+ DECL_SAML2OBJECTBUILDER(EncryptedAttribute);
+ DECL_SAML2OBJECTBUILDER(EncryptedID);
DECL_SAML2OBJECTBUILDER(Evidence);
DECL_SAML2OBJECTBUILDER(Issuer);
DECL_SAML2OBJECTBUILDER(NameID);
};
/**
- * Registers builders and validators for Assertion classes into the runtime.
+ * Registers builders and validators for SAML 2.0 Assertion classes into the runtime.
*/
void SAML_API registerAssertionClasses();
};