https://issues.shibboleth.net/jira/browse/CPPOST-70

[shibboleth/cpp-opensaml.git] / saml / saml2 / core / impl / Assertions20Impl.cpp
diff --git a/saml/saml2/core/impl/Assertions20Impl.cpp b/saml/saml2/core/impl/Assertions20Impl.cpp

index fd9a54a..a827715 100644 (file)
--- a/saml/saml2/core/impl/Assertions20Impl.cpp
+++ b/saml/saml2/core/impl/Assertions20Impl.cpp
@@ -1,35 +1,43 @@
-/*
- *  Copyright 2001-2007 Internet2
+/**
+ * Licensed to the University Corporation for Advanced Internet
+ * Development, Inc. (UCAID) under one or more contributor license
+ * agreements. See the NOTICE file distributed with this work for
+ * additional information regarding copyright ownership.
   *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
+ * UCAID licenses this file to you under the Apache License,
+ * Version 2.0 (the "License"); you may not use this file except
+ * in compliance with the License. You may obtain a copy of the
+ * License at
   *
- *     http://www.apache.org/licenses/LICENSE-2.0
+ * http://www.apache.org/licenses/LICENSE-2.0
   *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND,
+ * either express or implied. See the License for the specific
+ * language governing permissions and limitations under the License.
   */
  
  /**
   * Assertions20Impl.cpp
   *
- * Implementation classes for SAML 2.0 Assertions schema
+ * Implementation classes for SAML 2.0 Assertions schema.
   */
  
  #include "internal.h"
  #include "exceptions.h"
  #include "saml/encryption/EncryptedKeyResolver.h"
  #include "saml2/core/Assertions.h"
+#include "signature/ContentReference.h"
  
  #include <xmltooling/AbstractComplexElement.h>
  #include <xmltooling/AbstractSimpleElement.h>
  #include <xmltooling/impl/AnyElement.h>
  #include <xmltooling/io/AbstractXMLObjectMarshaller.h>
  #include <xmltooling/io/AbstractXMLObjectUnmarshaller.h>
+#include <xmltooling/signature/KeyInfo.h>
+#include <xmltooling/signature/Signature.h>
+#include <xmltooling/util/DateTime.h>
  #include <xmltooling/util/XMLHelper.h>
  
  #include <ctime>
@@ -45,6 +53,7 @@ using xmlconstants::XMLSIG_NS;
  using xmlconstants::XMLENC_NS;
  using xmlconstants::XML_BOOL_NULL;
  using samlconstants::SAML20_NS;
+using samlconstants::SAML20_DELEGATION_CONDITION_NS;
  
  
  #if defined (_MSC_VER)
@@ -69,7 +78,7 @@ namespace opensaml {
              public AbstractXMLObjectUnmarshaller
          {
              void init() {
-                m_Format=m_SPProvidedID=m_NameQualifier=m_SPNameQualifier=NULL;
+                m_Format=m_SPProvidedID=m_NameQualifier=m_SPNameQualifier=nullptr;
              }
  
          protected:
@@ -93,13 +102,16 @@ namespace opensaml {
              NameIDTypeImpl(const NameIDTypeImpl& src)
                      : AbstractXMLObject(src), AbstractSimpleElement(src), AbstractDOMCachingXMLObject(src) {
                  init();
+            }
+
+            void _clone(const NameIDTypeImpl& src) {
                  setNameQualifier(src.getNameQualifier());
                  setSPNameQualifier(src.getSPNameQualifier());
                  setFormat(src.getFormat());
                  setSPProvidedID(src.getSPProvidedID());
              }
  
-            IMPL_XMLOBJECT_CLONE(NameIDType);
+            IMPL_XMLOBJECT_CLONE_EX(NameIDType);
              IMPL_STRING_ATTRIB(NameQualifier);
              IMPL_STRING_ATTRIB(SPNameQualifier);
              IMPL_STRING_ATTRIB(Format);
@@ -107,17 +119,17 @@ namespace opensaml {
  
          protected:
              void marshallAttributes(DOMElement* domElement) const {
-                MARSHALL_STRING_ATTRIB(NameQualifier,NAMEQUALIFIER,NULL);
-                MARSHALL_STRING_ATTRIB(SPNameQualifier,SPNAMEQUALIFIER,NULL);
-                MARSHALL_STRING_ATTRIB(Format,FORMAT,NULL);
-                MARSHALL_STRING_ATTRIB(SPProvidedID,SPPROVIDEDID,NULL);
+                MARSHALL_STRING_ATTRIB(NameQualifier,NAMEQUALIFIER,nullptr);
+                MARSHALL_STRING_ATTRIB(SPNameQualifier,SPNAMEQUALIFIER,nullptr);
+                MARSHALL_STRING_ATTRIB(Format,FORMAT,nullptr);
+                MARSHALL_STRING_ATTRIB(SPProvidedID,SPPROVIDEDID,nullptr);
              }
  
              void processAttribute(const DOMAttr* attribute) {
-                PROC_STRING_ATTRIB(NameQualifier,NAMEQUALIFIER,NULL);
-                PROC_STRING_ATTRIB(SPNameQualifier,SPNAMEQUALIFIER,NULL);
-                PROC_STRING_ATTRIB(Format,FORMAT,NULL);
-                PROC_STRING_ATTRIB(SPProvidedID,SPPROVIDEDID,NULL);
+                PROC_STRING_ATTRIB(NameQualifier,NAMEQUALIFIER,nullptr);
+                PROC_STRING_ATTRIB(SPNameQualifier,SPNAMEQUALIFIER,nullptr);
+                PROC_STRING_ATTRIB(Format,FORMAT,nullptr);
+                PROC_STRING_ATTRIB(SPProvidedID,SPPROVIDEDID,nullptr);
                  AbstractXMLObjectUnmarshaller::processAttribute(attribute);
              }
          };
@@ -130,12 +142,10 @@ namespace opensaml {
              NameIDImpl(const XMLCh* nsURI, const XMLCh* localName, const XMLCh* prefix, const xmltooling::QName* schemaType)
                  : AbstractXMLObject(nsURI, localName, prefix, schemaType) {}
  
-            NameIDImpl(const NameIDImpl& src) : AbstractXMLObject(src), NameIDTypeImpl(src) {}
-
-            IMPL_XMLOBJECT_CLONE(NameID);
-            NameIDType* cloneNameIDType() const {
-                return new NameIDImpl(*this);
+            NameIDImpl(const NameIDImpl& src) : AbstractXMLObject(src), NameIDTypeImpl(src) {
              }
+
+            IMPL_XMLOBJECT_CLONE_EX(NameID);
          };
  
          class SAML_DLLLOCAL IssuerImpl : public virtual Issuer, public NameIDTypeImpl
@@ -146,12 +156,10 @@ namespace opensaml {
              IssuerImpl(const XMLCh* nsURI, const XMLCh* localName, const XMLCh* prefix, const xmltooling::QName* schemaType)
                  : AbstractXMLObject(nsURI, localName, prefix, schemaType) {}
  
-            IssuerImpl(const IssuerImpl& src) : AbstractXMLObject(src), NameIDTypeImpl(src) {}
-
-            IMPL_XMLOBJECT_CLONE(Issuer);
-            NameIDType* cloneNameIDType() const {
-                return new IssuerImpl(*this);
+            IssuerImpl(const IssuerImpl& src) : AbstractXMLObject(src), NameIDTypeImpl(src) {
              }
+
+            IMPL_XMLOBJECT_CLONE_EX(Issuer);
          };
  
          //TODO unit test for this
@@ -163,8 +171,8 @@ namespace opensaml {
              public AbstractXMLObjectUnmarshaller
          {
              void init() {
-                m_EncryptedData=NULL;
-                m_children.push_back(NULL);
+                m_EncryptedData=nullptr;
+                m_children.push_back(nullptr);
                  m_pos_EncryptedData=m_children.begin();
              }
  
@@ -184,6 +192,9 @@ namespace opensaml {
              EncryptedElementTypeImpl(const EncryptedElementTypeImpl& src)
                      : AbstractXMLObject(src), AbstractComplexElement(src), AbstractDOMCachingXMLObject(src) {
                  init();
+            }
+
+            void _clone(const EncryptedElementTypeImpl& src) {
                  if (src.getEncryptedData())
                      setEncryptedData(src.getEncryptedData()->cloneEncryptedData());
                  VectorOf(EncryptedKey) v=getEncryptedKeys();
@@ -194,7 +205,7 @@ namespace opensaml {
                  }
              }
  
-            IMPL_XMLOBJECT_CLONE(EncryptedElementType);
+            IMPL_XMLOBJECT_CLONE_EX(EncryptedElementType);
              IMPL_TYPED_FOREIGN_CHILD(EncryptedData,xmlencryption);
              IMPL_TYPED_FOREIGN_CHILDREN(EncryptedKey,xmlencryption,m_children.end());
  
@@ -214,12 +225,10 @@ namespace opensaml {
              EncryptedIDImpl(const XMLCh* nsURI, const XMLCh* localName, const XMLCh* prefix, const xmltooling::QName* schemaType)
                  : AbstractXMLObject(nsURI, localName, prefix, schemaType) {}
  
-            EncryptedIDImpl(const EncryptedIDImpl& src) : AbstractXMLObject(src), EncryptedElementTypeImpl(src) {}
-
-            IMPL_XMLOBJECT_CLONE(EncryptedID);
-            EncryptedElementType* cloneEncryptedElementType() const {
-                return new EncryptedIDImpl(*this);
+            EncryptedIDImpl(const EncryptedIDImpl& src) : AbstractXMLObject(src), EncryptedElementTypeImpl(src) {
              }
+
+            IMPL_XMLOBJECT_CLONE_EX(EncryptedID);
          };
  
          class SAML_DLLLOCAL ConditionImpl : public virtual Condition, public AnyElementImpl
@@ -231,7 +240,7 @@ namespace opensaml {
                  : AbstractXMLObject(nsURI, localName, prefix, schemaType) {
              }
  
-            ConditionImpl(const ConditionImpl& src) : AnyElementImpl(src) {}
+            ConditionImpl(const ConditionImpl& src) : AbstractXMLObject(src), AnyElementImpl(src) {}
  
              IMPL_XMLOBJECT_CLONE(Condition);
          };
@@ -259,10 +268,7 @@ namespace opensaml {
                  }
              }
  
-            IMPL_XMLOBJECT_CLONE(AudienceRestriction);
-            Condition* cloneCondition() const {
-                return cloneAudienceRestriction();
-            }
+            IMPL_XMLOBJECT_CLONE2(AudienceRestriction,Condition);
              IMPL_TYPED_CHILDREN(Audience,m_children.end());
  
          protected:
@@ -289,10 +295,7 @@ namespace opensaml {
                  : AbstractXMLObject(src), AbstractSimpleElement(src), AbstractDOMCachingXMLObject(src) {
              }
  
-            IMPL_XMLOBJECT_CLONE(OneTimeUse);
-            Condition* cloneCondition() const {
-                return cloneOneTimeUse();
-            }
+            IMPL_XMLOBJECT_CLONE2(OneTimeUse,Condition);
          };
  
          class SAML_DLLLOCAL ProxyRestrictionImpl : public virtual ProxyRestriction,
@@ -308,7 +311,7 @@ namespace opensaml {
  
              ProxyRestrictionImpl(const XMLCh* nsURI, const XMLCh* localName, const XMLCh* prefix, const xmltooling::QName* schemaType)
                  : AbstractXMLObject(nsURI, localName, prefix, schemaType) {
-                m_Count=NULL;
+                m_Count=nullptr;
              }
  
              ProxyRestrictionImpl(const ProxyRestrictionImpl& src)
@@ -322,16 +325,13 @@ namespace opensaml {
                  }
              }
  
-            IMPL_XMLOBJECT_CLONE(ProxyRestriction);
-            Condition* cloneCondition() const {
-                return cloneProxyRestriction();
-            }
+            IMPL_XMLOBJECT_CLONE2(ProxyRestriction,Condition);
              IMPL_TYPED_CHILDREN(Audience,m_children.end());
              IMPL_INTEGER_ATTRIB(Count);
  
          protected:
              void marshallAttributes(DOMElement* domElement) const {
-                MARSHALL_INTEGER_ATTRIB(Count,COUNT,NULL);
+                MARSHALL_INTEGER_ATTRIB(Count,COUNT,nullptr);
              }
  
              void processChildElement(XMLObject* childXMLObject, const DOMElement* root) {
@@ -340,11 +340,115 @@ namespace opensaml {
              }
  
              void processAttribute(const DOMAttr* attribute) {
-                PROC_INTEGER_ATTRIB(Count,COUNT,NULL);
+                PROC_INTEGER_ATTRIB(Count,COUNT,nullptr);
+                AbstractXMLObjectUnmarshaller::processAttribute(attribute);
+            }
+        };
+
+        class SAML_DLLLOCAL DelegateImpl : public virtual Delegate,
+            public AbstractComplexElement,
+            public AbstractDOMCachingXMLObject,
+            public AbstractXMLObjectMarshaller,
+            public AbstractXMLObjectUnmarshaller
+        {
+            void init() {
+                m_ConfirmationMethod=nullptr;
+                m_DelegationInstant=nullptr;
+                m_BaseID=nullptr;
+                m_NameID=nullptr;
+                m_EncryptedID=nullptr;
+                m_children.push_back(nullptr);
+                m_children.push_back(nullptr);
+                m_children.push_back(nullptr);
+                m_pos_BaseID=m_children.begin();
+                m_pos_NameID=m_pos_BaseID;
+                ++m_pos_NameID;
+                m_pos_EncryptedID=m_pos_NameID;
+                ++m_pos_EncryptedID;
+            }
+        public:
+            virtual ~DelegateImpl() {
+                XMLString::release(&m_ConfirmationMethod);
+                delete m_DelegationInstant;
+            }
+
+            DelegateImpl(const XMLCh* nsURI, const XMLCh* localName, const XMLCh* prefix, const xmltooling::QName* schemaType)
+                : AbstractXMLObject(nsURI, localName, prefix, schemaType) {
+                init();
+            }
+
+            DelegateImpl(const DelegateImpl& src)
+                    : AbstractXMLObject(src), AbstractComplexElement(src), AbstractDOMCachingXMLObject(src) {
+                init();
+                setConfirmationMethod(src.getConfirmationMethod());
+                setDelegationInstant(src.getDelegationInstant());
+                if (src.getBaseID())
+                    setBaseID(src.getBaseID()->cloneBaseID());
+                if (src.getNameID())
+                    setNameID(src.getNameID()->cloneNameID());
+                if (src.getEncryptedID())
+                    setEncryptedID(src.getEncryptedID()->cloneEncryptedID());
+            }
+
+            IMPL_XMLOBJECT_CLONE(Delegate);
+            IMPL_STRING_ATTRIB(ConfirmationMethod);
+            IMPL_DATETIME_ATTRIB(DelegationInstant,0);
+            IMPL_TYPED_CHILD(NameID);
+            IMPL_TYPED_CHILD(BaseID);
+            IMPL_TYPED_CHILD(EncryptedID);
+
+        protected:
+            void marshallAttributes(DOMElement* domElement) const {
+                MARSHALL_STRING_ATTRIB(ConfirmationMethod,CONFIRMATIONMETHOD,nullptr);
+                MARSHALL_DATETIME_ATTRIB(DelegationInstant,DELEGATIONINSTANT,nullptr);
+            }
+
+            void processChildElement(XMLObject* childXMLObject, const DOMElement* root) {
+                PROC_TYPED_CHILD(BaseID,SAML20_NS,false);
+                PROC_TYPED_CHILD(NameID,SAML20_NS,false);
+                PROC_TYPED_CHILD(EncryptedID,SAML20_NS,false);
+                AbstractXMLObjectUnmarshaller::processChildElement(childXMLObject,root);
+            }
+
+            void processAttribute(const DOMAttr* attribute) {
+                PROC_STRING_ATTRIB(ConfirmationMethod,CONFIRMATIONMETHOD,nullptr);
+                PROC_DATETIME_ATTRIB(DelegationInstant,DELEGATIONINSTANT,nullptr);
                  AbstractXMLObjectUnmarshaller::processAttribute(attribute);
              }
          };
  
+        class SAML_DLLLOCAL DelegationRestrictionTypeImpl : public virtual DelegationRestrictionType,
+            public AbstractComplexElement,
+            public AbstractDOMCachingXMLObject,
+            public AbstractXMLObjectMarshaller,
+            public AbstractXMLObjectUnmarshaller
+        {
+        public:
+            virtual ~DelegationRestrictionTypeImpl() {}
+
+            DelegationRestrictionTypeImpl(const XMLCh* nsURI, const XMLCh* localName, const XMLCh* prefix, const xmltooling::QName* schemaType)
+                : AbstractXMLObject(nsURI, localName, prefix, schemaType) {
+            }
+
+            DelegationRestrictionTypeImpl(const DelegationRestrictionTypeImpl& src)
+                    : AbstractXMLObject(src), AbstractComplexElement(src), AbstractDOMCachingXMLObject(src) {
+                VectorOf(Delegate) v=getDelegates();
+                for (vector<Delegate*>::const_iterator i=src.m_Delegates.begin(); i!=src.m_Delegates.end(); i++) {
+                    if (*i) {
+                        v.push_back((*i)->cloneDelegate());
+                    }
+                }
+            }
+
+            IMPL_XMLOBJECT_CLONE2(DelegationRestrictionType,Condition);
+            IMPL_TYPED_CHILDREN(Delegate,m_children.end());
+
+        protected:
+            void processChildElement(XMLObject* childXMLObject, const DOMElement* root) {
+                PROC_TYPED_CHILDREN(Delegate,SAML20_DELEGATION_CONDITION_NS,false);
+                AbstractXMLObjectUnmarshaller::processChildElement(childXMLObject,root);
+            }
+        };
  
          class SAML_DLLLOCAL ConditionsImpl : public virtual Conditions,
              public AbstractComplexElement,
@@ -353,7 +457,7 @@ namespace opensaml {
              public AbstractXMLObjectUnmarshaller
          {
              void init() {
-                m_NotBefore=m_NotOnOrAfter=NULL;
+                m_NotBefore=m_NotOnOrAfter=nullptr;
              }
          public:
              virtual ~ConditionsImpl() {
@@ -411,8 +515,8 @@ namespace opensaml {
  
          protected:
              void marshallAttributes(DOMElement* domElement) const {
-                MARSHALL_DATETIME_ATTRIB(NotBefore,NOTBEFORE,NULL);
-                MARSHALL_DATETIME_ATTRIB(NotOnOrAfter,NOTONORAFTER,NULL);
+                MARSHALL_DATETIME_ATTRIB(NotBefore,NOTBEFORE,nullptr);
+                MARSHALL_DATETIME_ATTRIB(NotOnOrAfter,NOTONORAFTER,nullptr);
              }
  
              void processChildElement(XMLObject* childXMLObject, const DOMElement* root) {
@@ -424,8 +528,8 @@ namespace opensaml {
              }
  
              void processAttribute(const DOMAttr* attribute) {
-                PROC_DATETIME_ATTRIB(NotBefore,NOTBEFORE,NULL);
-                PROC_DATETIME_ATTRIB(NotOnOrAfter,NOTONORAFTER,NULL);
+                PROC_DATETIME_ATTRIB(NotBefore,NOTBEFORE,nullptr);
+                PROC_DATETIME_ATTRIB(NotOnOrAfter,NOTONORAFTER,nullptr);
                  AbstractXMLObjectUnmarshaller::processAttribute(attribute);
              }
          };
@@ -433,8 +537,8 @@ namespace opensaml {
          class SAML_DLLLOCAL SubjectConfirmationDataTypeImpl : public virtual SubjectConfirmationDataType, public virtual AbstractXMLObject
          {
              void init() {
-                m_NotBefore=m_NotOnOrAfter=NULL;
-                m_Recipient=m_InResponseTo=m_Address=NULL;
+                m_NotBefore=m_NotOnOrAfter=nullptr;
+                m_Recipient=m_InResponseTo=m_Address=nullptr;
              }
  
          protected:
@@ -458,6 +562,9 @@ namespace opensaml {
  
              SubjectConfirmationDataTypeImpl(const SubjectConfirmationDataTypeImpl& src) : AbstractXMLObject(src) {
                  init();
+            }
+
+            void _clone(const SubjectConfirmationDataTypeImpl& src) {
                  setNotBefore(src.getNotBefore());
                  setNotOnOrAfter(src.getNotOnOrAfter());
                  setRecipient(src.getRecipient());
@@ -465,6 +572,10 @@ namespace opensaml {
                  setAddress(src.getAddress());
              }
  
+            SubjectConfirmationDataType* cloneSubjectConfirmationDataType() const {
+                return dynamic_cast<SubjectConfirmationDataType*>(clone());
+            }
+
              IMPL_DATETIME_ATTRIB(NotBefore,0);
              IMPL_DATETIME_ATTRIB(NotOnOrAfter,SAMLTIME_MAX);
              IMPL_STRING_ATTRIB(Recipient);
@@ -473,19 +584,19 @@ namespace opensaml {
  
          protected:
              void marshallAttributes(DOMElement* domElement) const {
-                MARSHALL_DATETIME_ATTRIB(NotBefore,NOTBEFORE,NULL);
-                MARSHALL_DATETIME_ATTRIB(NotOnOrAfter,NOTONORAFTER,NULL);
-                MARSHALL_STRING_ATTRIB(Recipient,RECIPIENT,NULL);
-                MARSHALL_STRING_ATTRIB(InResponseTo,INRESPONSETO,NULL);
-                MARSHALL_STRING_ATTRIB(Address,ADDRESS,NULL);
+                MARSHALL_DATETIME_ATTRIB(NotBefore,NOTBEFORE,nullptr);
+                MARSHALL_DATETIME_ATTRIB(NotOnOrAfter,NOTONORAFTER,nullptr);
+                MARSHALL_STRING_ATTRIB(Recipient,RECIPIENT,nullptr);
+                MARSHALL_STRING_ATTRIB(InResponseTo,INRESPONSETO,nullptr);
+                MARSHALL_STRING_ATTRIB(Address,ADDRESS,nullptr);
              }
  
              void processAttribute(const DOMAttr* attribute) {
-                PROC_DATETIME_ATTRIB(NotBefore,NOTBEFORE,NULL);
-                PROC_DATETIME_ATTRIB(NotOnOrAfter,NOTONORAFTER,NULL);
-                PROC_STRING_ATTRIB(Recipient,RECIPIENT,NULL);
-                PROC_STRING_ATTRIB(InResponseTo,INRESPONSETO,NULL);
-                PROC_STRING_ATTRIB(Address,ADDRESS,NULL);
+                PROC_DATETIME_ATTRIB(NotBefore,NOTBEFORE,nullptr);
+                PROC_DATETIME_ATTRIB(NotOnOrAfter,NOTONORAFTER,nullptr);
+                PROC_STRING_ATTRIB(Recipient,RECIPIENT,nullptr);
+                PROC_STRING_ATTRIB(InResponseTo,INRESPONSETO,nullptr);
+                PROC_STRING_ATTRIB(Address,ADDRESS,nullptr);
              }
          };
  
@@ -500,14 +611,16 @@ namespace opensaml {
              }
  
              SubjectConfirmationDataImpl(const SubjectConfirmationDataImpl& src)
-                    : SubjectConfirmationDataTypeImpl(src), AnyElementImpl(src) {
+                    : AbstractXMLObject(src), SubjectConfirmationDataTypeImpl(src), AnyElementImpl(src) {
              }
  
-            IMPL_XMLOBJECT_CLONE(SubjectConfirmationData);
-            SubjectConfirmationDataType* cloneSubjectConfirmationDataType() const {
-                return new SubjectConfirmationDataImpl(*this);
+            void _clone(const SubjectConfirmationDataImpl& src) {
+                SubjectConfirmationDataTypeImpl::_clone(src);
+                AnyElementImpl::_clone(src);
              }
  
+            IMPL_XMLOBJECT_CLONE_EX(SubjectConfirmationData);
+
              void setAttribute(const xmltooling::QName& qualifiedName, const XMLCh* value, bool ID=false) {
                  if (!qualifiedName.hasNamespaceURI()) {
                      if (XMLString::equals(qualifiedName.getLocalPart(),NOTBEFORE_ATTRIB_NAME)) {
@@ -541,11 +654,11 @@ namespace opensaml {
              }
  
              void processAttribute(const DOMAttr* attribute) {
-                PROC_DATETIME_ATTRIB(NotBefore,NOTBEFORE,NULL);
-                PROC_DATETIME_ATTRIB(NotOnOrAfter,NOTONORAFTER,NULL);
-                PROC_STRING_ATTRIB(Recipient,RECIPIENT,NULL);
-                PROC_STRING_ATTRIB(InResponseTo,INRESPONSETO,NULL);
-                PROC_STRING_ATTRIB(Address,ADDRESS,NULL);
+                PROC_DATETIME_ATTRIB(NotBefore,NOTBEFORE,nullptr);
+                PROC_DATETIME_ATTRIB(NotOnOrAfter,NOTONORAFTER,nullptr);
+                PROC_STRING_ATTRIB(Recipient,RECIPIENT,nullptr);
+                PROC_STRING_ATTRIB(InResponseTo,INRESPONSETO,nullptr);
+                PROC_STRING_ATTRIB(Address,ADDRESS,nullptr);
                  AnyElementImpl::processAttribute(attribute);
              }
          };
@@ -568,16 +681,16 @@ namespace opensaml {
              KeyInfoConfirmationDataTypeImpl(const KeyInfoConfirmationDataTypeImpl& src)
                      : AbstractXMLObject(src), SubjectConfirmationDataTypeImpl(src), AbstractComplexElement(src),
                          AbstractAttributeExtensibleXMLObject(src), AbstractDOMCachingXMLObject(src) {
+            }
+
+            void _clone(const KeyInfoConfirmationDataTypeImpl& src) {
+                SubjectConfirmationDataTypeImpl::_clone(src);
                  VectorOf(KeyInfo) v=getKeyInfos();
                  for (vector<KeyInfo*>::const_iterator i=src.m_KeyInfos.begin(); i!=src.m_KeyInfos.end(); ++i)
                      v.push_back((*i)->cloneKeyInfo());
              }
  
-            IMPL_XMLOBJECT_CLONE(KeyInfoConfirmationDataType);
-            SubjectConfirmationDataType* cloneSubjectConfirmationDataType() const {
-                return new KeyInfoConfirmationDataTypeImpl(*this);
-            }
-
+            IMPL_XMLOBJECT_CLONE_EX(KeyInfoConfirmationDataType);
              IMPL_TYPED_CHILDREN(KeyInfo,m_children.end());
  
          public:
@@ -630,15 +743,15 @@ namespace opensaml {
              public AbstractXMLObjectUnmarshaller
          {
              void init() {
-                m_Method=NULL;
-                m_BaseID=NULL;
-                m_NameID=NULL;
-                m_EncryptedID=NULL;
-                m_SubjectConfirmationData=NULL;
-                m_children.push_back(NULL);
-                m_children.push_back(NULL);
-                m_children.push_back(NULL);
-                m_children.push_back(NULL);
+                m_Method=nullptr;
+                m_BaseID=nullptr;
+                m_NameID=nullptr;
+                m_EncryptedID=nullptr;
+                m_SubjectConfirmationData=nullptr;
+                m_children.push_back(nullptr);
+                m_children.push_back(nullptr);
+                m_children.push_back(nullptr);
+                m_children.push_back(nullptr);
                  m_pos_BaseID=m_children.begin();
                  m_pos_NameID=m_pos_BaseID;
                  ++m_pos_NameID;
@@ -648,7 +761,9 @@ namespace opensaml {
                  ++m_pos_SubjectConfirmationData;
              }
          public:
-            virtual ~SubjectConfirmationImpl() {}
+            virtual ~SubjectConfirmationImpl() {
+                XMLString::release(&m_Method);
+            }
  
              SubjectConfirmationImpl(const XMLCh* nsURI, const XMLCh* localName, const XMLCh* prefix, const xmltooling::QName* schemaType)
                  : AbstractXMLObject(nsURI, localName, prefix, schemaType) {
@@ -678,7 +793,7 @@ namespace opensaml {
  
          protected:
              void marshallAttributes(DOMElement* domElement) const {
-                MARSHALL_STRING_ATTRIB(Method,METHOD,NULL);
+                MARSHALL_STRING_ATTRIB(Method,METHOD,nullptr);
              }
  
              void processChildElement(XMLObject* childXMLObject, const DOMElement* root) {
@@ -690,7 +805,7 @@ namespace opensaml {
              }
  
              void processAttribute(const DOMAttr* attribute) {
-                PROC_STRING_ATTRIB(Method,METHOD,NULL);
+                PROC_STRING_ATTRIB(Method,METHOD,nullptr);
                  AbstractXMLObjectUnmarshaller::processAttribute(attribute);
              }
          };
@@ -702,12 +817,12 @@ namespace opensaml {
              public AbstractXMLObjectUnmarshaller
          {
              void init() {
-                m_BaseID=NULL;
-                m_NameID=NULL;
-                m_EncryptedID=NULL;
-                m_children.push_back(NULL);
-                m_children.push_back(NULL);
-                m_children.push_back(NULL);
+                m_BaseID=nullptr;
+                m_NameID=nullptr;
+                m_EncryptedID=nullptr;
+                m_children.push_back(nullptr);
+                m_children.push_back(nullptr);
+                m_children.push_back(nullptr);
                  m_pos_BaseID=m_children.begin();
                  m_pos_NameID=m_pos_BaseID;
                  ++m_pos_NameID;
@@ -762,7 +877,7 @@ namespace opensaml {
              public AbstractXMLObjectUnmarshaller
          {
              void init() {
-                m_Address=m_DNSName=NULL;
+                m_Address=m_DNSName=nullptr;
              }
          public:
              virtual ~SubjectLocalityImpl() {
@@ -788,13 +903,13 @@ namespace opensaml {
  
          protected:
              void marshallAttributes(DOMElement* domElement) const {
-                MARSHALL_STRING_ATTRIB(Address,ADDRESS,NULL);
-                MARSHALL_STRING_ATTRIB(DNSName,DNSNAME,NULL);
+                MARSHALL_STRING_ATTRIB(Address,ADDRESS,nullptr);
+                MARSHALL_STRING_ATTRIB(DNSName,DNSNAME,nullptr);
              }
  
              void processAttribute(const DOMAttr* attribute) {
-                PROC_STRING_ATTRIB(Address,ADDRESS,NULL);
-                PROC_STRING_ATTRIB(DNSName,DNSNAME,NULL);
+                PROC_STRING_ATTRIB(Address,ADDRESS,nullptr);
+                PROC_STRING_ATTRIB(DNSName,DNSNAME,nullptr);
                  AbstractXMLObjectUnmarshaller::processAttribute(attribute);
              }
          };
@@ -808,9 +923,9 @@ namespace opensaml {
                  : AbstractXMLObject(nsURI, localName, prefix, schemaType) {
              }
  
-            StatementImpl(const StatementImpl& src) : AnyElementImpl(src) {}
+            StatementImpl(const StatementImpl& src) : AbstractXMLObject(src), AnyElementImpl(src) {}
  
-            IMPL_XMLOBJECT_CLONE(Statement);
+            IMPL_XMLOBJECT_CLONE_EX(Statement);
          };
  
          //TODO need unit test for this
@@ -823,10 +938,10 @@ namespace opensaml {
                  : AbstractXMLObject(nsURI, localName, prefix, schemaType) {
              }
  
-            AuthnContextDeclImpl(const AuthnContextDeclImpl& src) : AnyElementImpl(src) {
+            AuthnContextDeclImpl(const AuthnContextDeclImpl& src) : AbstractXMLObject(src), AnyElementImpl(src) {
              }
  
-            IMPL_XMLOBJECT_CLONE(AuthnContextDecl);
+            IMPL_XMLOBJECT_CLONE_EX(AuthnContextDecl);
          };
  
          class SAML_DLLLOCAL AuthnContextImpl : public virtual AuthnContext,
@@ -836,12 +951,12 @@ namespace opensaml {
              public AbstractXMLObjectUnmarshaller
          {
              void init() {
-                m_AuthnContextClassRef=NULL;
-                m_AuthnContextDecl=NULL;
-                m_AuthnContextDeclRef=NULL;
-                m_children.push_back(NULL);
-                m_children.push_back(NULL);
-                m_children.push_back(NULL);
+                m_AuthnContextClassRef=nullptr;
+                m_AuthnContextDecl=nullptr;
+                m_AuthnContextDeclRef=nullptr;
+                m_children.push_back(nullptr);
+                m_children.push_back(nullptr);
+                m_children.push_back(nullptr);
                  m_pos_AuthnContextClassRef=m_children.begin();
                  m_pos_AuthnContextDecl=m_pos_AuthnContextClassRef;
                  ++m_pos_AuthnContextDecl;
@@ -896,13 +1011,13 @@ namespace opensaml {
              public AbstractXMLObjectUnmarshaller
          {
              void init() {
-                m_AuthnInstant=NULL;
-                m_SessionIndex=NULL;
-                m_SessionNotOnOrAfter=NULL;
-                m_SubjectLocality=NULL;
-                m_AuthnContext=NULL;
-                m_children.push_back(NULL);
-                m_children.push_back(NULL);
+                m_AuthnInstant=nullptr;
+                m_SessionIndex=nullptr;
+                m_SessionNotOnOrAfter=nullptr;
+                m_SubjectLocality=nullptr;
+                m_AuthnContext=nullptr;
+                m_children.push_back(nullptr);
+                m_children.push_back(nullptr);
                  m_pos_SubjectLocality=m_children.begin();
                  m_pos_AuthnContext=m_pos_SubjectLocality;
                  ++m_pos_AuthnContext;
@@ -931,10 +1046,7 @@ namespace opensaml {
                      setAuthnContext(src.getAuthnContext()->cloneAuthnContext());
              }
  
-            IMPL_XMLOBJECT_CLONE(AuthnStatement);
-            Statement* cloneStatement() const {
-                return cloneAuthnStatement();
-            }
+            IMPL_XMLOBJECT_CLONE2(AuthnStatement,Statement);
              IMPL_DATETIME_ATTRIB(AuthnInstant,0);
              IMPL_STRING_ATTRIB(SessionIndex);
              IMPL_DATETIME_ATTRIB(SessionNotOnOrAfter,SAMLTIME_MAX);
@@ -943,9 +1055,9 @@ namespace opensaml {
  
          protected:
              void marshallAttributes(DOMElement* domElement) const {
-                MARSHALL_DATETIME_ATTRIB(AuthnInstant,AUTHNINSTANT,NULL);
-                MARSHALL_STRING_ATTRIB(SessionIndex,SESSIONINDEX,NULL);
-                MARSHALL_DATETIME_ATTRIB(SessionNotOnOrAfter,SESSIONNOTONORAFTER,NULL);
+                MARSHALL_DATETIME_ATTRIB(AuthnInstant,AUTHNINSTANT,nullptr);
+                MARSHALL_STRING_ATTRIB(SessionIndex,SESSIONINDEX,nullptr);
+                MARSHALL_DATETIME_ATTRIB(SessionNotOnOrAfter,SESSIONNOTONORAFTER,nullptr);
              }
  
              void processChildElement(XMLObject* childXMLObject, const DOMElement* root) {
@@ -955,9 +1067,9 @@ namespace opensaml {
              }
  
              void processAttribute(const DOMAttr* attribute) {
-                PROC_DATETIME_ATTRIB(AuthnInstant,AUTHNINSTANT,NULL);
-                PROC_STRING_ATTRIB(SessionIndex,SESSIONINDEX,NULL);
-                PROC_DATETIME_ATTRIB(SessionNotOnOrAfter,SESSIONNOTONORAFTER,NULL);
+                PROC_DATETIME_ATTRIB(AuthnInstant,AUTHNINSTANT,nullptr);
+                PROC_STRING_ATTRIB(SessionIndex,SESSIONINDEX,nullptr);
+                PROC_DATETIME_ATTRIB(SessionNotOnOrAfter,SESSIONNOTONORAFTER,nullptr);
                  AbstractXMLObjectUnmarshaller::processAttribute(attribute);
              }
          };
@@ -974,7 +1086,7 @@ namespace opensaml {
              }
  
              ActionImpl(const XMLCh* nsURI, const XMLCh* localName, const XMLCh* prefix, const xmltooling::QName* schemaType)
-                    : AbstractXMLObject(nsURI, localName, prefix, schemaType), m_Namespace(NULL) {
+                    : AbstractXMLObject(nsURI, localName, prefix, schemaType), m_Namespace(nullptr) {
              }
  
              ActionImpl(const ActionImpl& src)
@@ -987,11 +1099,11 @@ namespace opensaml {
  
          protected:
              void marshallAttributes(DOMElement* domElement) const {
-                MARSHALL_STRING_ATTRIB(Namespace,NAMESPACE,NULL);
+                MARSHALL_STRING_ATTRIB(Namespace,NAMESPACE,nullptr);
              }
  
              void processAttribute(const DOMAttr* attribute) {
-                PROC_STRING_ATTRIB(Namespace,NAMESPACE,NULL);
+                PROC_STRING_ATTRIB(Namespace,NAMESPACE,nullptr);
                  AbstractXMLObjectUnmarshaller::processAttribute(attribute);
              }
          };
@@ -1063,10 +1175,10 @@ namespace opensaml {
              public AbstractXMLObjectUnmarshaller
          {
              void init() {
-                m_Resource=NULL;
-                m_Decision=NULL;
-                m_Evidence=NULL;
-                m_children.push_back(NULL);
+                m_Resource=nullptr;
+                m_Decision=nullptr;
+                m_Evidence=nullptr;
+                m_children.push_back(nullptr);
                  m_pos_Evidence=m_children.begin();
              }
          public:
@@ -1095,10 +1207,7 @@ namespace opensaml {
                  }
              }
  
-            IMPL_XMLOBJECT_CLONE(AuthzDecisionStatement);
-            Statement* cloneStatement() const {
-                return cloneAuthzDecisionStatement();
-            }
+            IMPL_XMLOBJECT_CLONE2(AuthzDecisionStatement,Statement);
              IMPL_STRING_ATTRIB(Resource);
              IMPL_STRING_ATTRIB(Decision);
              IMPL_TYPED_CHILD(Evidence);
@@ -1106,8 +1215,8 @@ namespace opensaml {
  
          protected:
              void marshallAttributes(DOMElement* domElement) const {
-                MARSHALL_STRING_ATTRIB(Resource,RESOURCE,NULL);
-                MARSHALL_STRING_ATTRIB(Decision,DECISION,NULL);
+                MARSHALL_STRING_ATTRIB(Resource,RESOURCE,nullptr);
+                MARSHALL_STRING_ATTRIB(Decision,DECISION,nullptr);
              }
  
              void processChildElement(XMLObject* childXMLObject, const DOMElement* root) {
@@ -1117,8 +1226,8 @@ namespace opensaml {
              }
  
              void processAttribute(const DOMAttr* attribute) {
-                PROC_STRING_ATTRIB(Resource,RESOURCE,NULL);
-                PROC_STRING_ATTRIB(Decision,DECISION,NULL);
+                PROC_STRING_ATTRIB(Resource,RESOURCE,nullptr);
+                PROC_STRING_ATTRIB(Decision,DECISION,nullptr);
                  AbstractXMLObjectUnmarshaller::processAttribute(attribute);
              }
          };
@@ -1132,10 +1241,10 @@ namespace opensaml {
                  : AbstractXMLObject(nsURI, localName, prefix, schemaType) {
              }
  
-            AttributeValueImpl(const AttributeValueImpl& src) : AnyElementImpl(src) {
+            AttributeValueImpl(const AttributeValueImpl& src) : AbstractXMLObject(src), AnyElementImpl(src) {
              }
  
-            IMPL_XMLOBJECT_CLONE(AttributeValue);
+            IMPL_XMLOBJECT_CLONE_EX(AttributeValue);
          };
  
  
@@ -1147,7 +1256,7 @@ namespace opensaml {
              public AbstractXMLObjectUnmarshaller
          {
              void init() {
-                m_Name=m_NameFormat=m_FriendlyName=NULL;
+                m_Name=m_NameFormat=m_FriendlyName=nullptr;
              }
          public:
              virtual ~AttributeImpl() {
@@ -1202,9 +1311,9 @@ namespace opensaml {
  
          protected:
              void marshallAttributes(DOMElement* domElement) const {
-                MARSHALL_STRING_ATTRIB(Name,NAME,NULL);
-                MARSHALL_STRING_ATTRIB(NameFormat,NAMEFORMAT,NULL);
-                MARSHALL_STRING_ATTRIB(FriendlyName,FRIENDLYNAME,NULL);
+                MARSHALL_STRING_ATTRIB(Name,NAME,nullptr);
+                MARSHALL_STRING_ATTRIB(NameFormat,NAMEFORMAT,nullptr);
+                MARSHALL_STRING_ATTRIB(FriendlyName,FRIENDLYNAME,nullptr);
                  marshallExtensionAttributes(domElement);
              }
  
@@ -1228,10 +1337,7 @@ namespace opensaml {
  
              EncryptedAttributeImpl(const EncryptedAttributeImpl& src) : AbstractXMLObject(src), EncryptedElementTypeImpl(src) {}
  
-            IMPL_XMLOBJECT_CLONE(EncryptedAttribute);
-            EncryptedElementType* cloneEncryptedElementType() const {
-                return new EncryptedAttributeImpl(*this);
-            }
+            IMPL_XMLOBJECT_CLONE_EX(EncryptedAttribute);
          };
  
          class SAML_DLLLOCAL AttributeStatementImpl : public virtual AttributeStatement,
@@ -1266,10 +1372,7 @@ namespace opensaml {
                  }
              }
  
-            IMPL_XMLOBJECT_CLONE(AttributeStatement);
-            Statement* cloneStatement() const {
-                return cloneAttributeStatement();
-            }
+            IMPL_XMLOBJECT_CLONE2(AttributeStatement,Statement);
              IMPL_TYPED_CHILDREN(Attribute, m_children.end());
              IMPL_TYPED_CHILDREN(EncryptedAttribute, m_children.end());
  
@@ -1363,10 +1466,7 @@ namespace opensaml {
  
              EncryptedAssertionImpl(const EncryptedAssertionImpl& src) : AbstractXMLObject(src), EncryptedElementTypeImpl(src) {}
  
-            IMPL_XMLOBJECT_CLONE(EncryptedAssertion);
-            EncryptedElementType* cloneEncryptedElementType() const {
-                return new EncryptedAssertionImpl(*this);
-            }
+            IMPL_XMLOBJECT_CLONE_EX(EncryptedAssertion);
          };
  
          class SAML_DLLLOCAL AssertionImpl : public virtual Assertion,
@@ -1376,19 +1476,19 @@ namespace opensaml {
              public AbstractXMLObjectUnmarshaller
          {
              void init() {
-                m_ID=NULL;
-                m_Version=NULL;
-                m_IssueInstant=NULL;
-                m_Issuer=NULL;
-                m_Signature=NULL;
-                m_Subject=NULL;
-                m_Conditions=NULL;
-                m_Advice=NULL;
-                m_children.push_back(NULL);
-                m_children.push_back(NULL);
-                m_children.push_back(NULL);
-                m_children.push_back(NULL);
-                m_children.push_back(NULL);
+                m_ID=nullptr;
+                m_Version=nullptr;
+                m_IssueInstant=nullptr;
+                m_Issuer=nullptr;
+                m_Signature=nullptr;
+                m_Subject=nullptr;
+                m_Conditions=nullptr;
+                m_Advice=nullptr;
+                m_children.push_back(nullptr);
+                m_children.push_back(nullptr);
+                m_children.push_back(nullptr);
+                m_children.push_back(nullptr);
+                m_children.push_back(nullptr);
                  m_pos_Issuer=m_children.begin();
                  m_pos_Signature=m_pos_Issuer;
                  ++m_pos_Signature;
@@ -1476,7 +1576,7 @@ namespace opensaml {
  
              IMPL_XMLOBJECT_CLONE(Assertion);
              IMPL_STRING_ATTRIB(Version);
-            IMPL_ID_ATTRIB(ID);
+            IMPL_ID_ATTRIB_EX(ID,ID,nullptr);
              IMPL_DATETIME_ATTRIB(IssueInstant,0);
              IMPL_TYPED_CHILD(Issuer);
              IMPL_TYPED_CHILD(Subject);
@@ -1488,18 +1588,23 @@ namespace opensaml {
              IMPL_TYPED_CHILDREN(AuthzDecisionStatement, m_children.end());
  
          protected:
+            void prepareForMarshalling() const {
+                if (m_Signature)
+                    declareNonVisibleNamespaces();
+            }
+
              void marshallAttributes(DOMElement* domElement) const {
                  if (!m_Version)
                      const_cast<AssertionImpl*>(this)->m_Version=XMLString::transcode("2.0");
-                MARSHALL_STRING_ATTRIB(Version,VER,NULL);
+                MARSHALL_STRING_ATTRIB(Version,VER,nullptr);
                  if (!m_ID)
                      const_cast<AssertionImpl*>(this)->m_ID=SAMLConfig::getConfig().generateIdentifier();
-                MARSHALL_ID_ATTRIB(ID,ID,NULL);
+                MARSHALL_ID_ATTRIB(ID,ID,nullptr);
                  if (!m_IssueInstant) {
-                    const_cast<AssertionImpl*>(this)->m_IssueInstantEpoch=time(NULL);
+                    const_cast<AssertionImpl*>(this)->m_IssueInstantEpoch=time(nullptr);
                      const_cast<AssertionImpl*>(this)->m_IssueInstant=new DateTime(m_IssueInstantEpoch);
                  }
-                MARSHALL_DATETIME_ATTRIB(IssueInstant,ISSUEINSTANT,NULL);
+                MARSHALL_DATETIME_ATTRIB(IssueInstant,ISSUEINSTANT,nullptr);
              }
  
              void processChildElement(XMLObject* childXMLObject, const DOMElement* root) {
@@ -1516,9 +1621,9 @@ namespace opensaml {
              }
  
              void processAttribute(const DOMAttr* attribute) {
-                PROC_STRING_ATTRIB(Version,VER,NULL);
-                PROC_ID_ATTRIB(ID,ID,NULL);
-                PROC_DATETIME_ATTRIB(IssueInstant,ISSUEINSTANT,NULL);
+                PROC_STRING_ATTRIB(Version,VER,nullptr);
+                PROC_ID_ATTRIB(ID,ID,nullptr);
+                PROC_DATETIME_ATTRIB(IssueInstant,ISSUEINSTANT,nullptr);
                  AbstractXMLObjectUnmarshaller::processAttribute(attribute);
              }
          };
@@ -1551,6 +1656,8 @@ IMPL_XMLOBJECTBUILDER(AuthnStatement);
  IMPL_XMLOBJECTBUILDER(AuthzDecisionStatement);
  IMPL_XMLOBJECTBUILDER(Condition);
  IMPL_XMLOBJECTBUILDER(Conditions);
+IMPL_XMLOBJECTBUILDER(Delegate);
+IMPL_XMLOBJECTBUILDER(DelegationRestrictionType);
  IMPL_XMLOBJECTBUILDER(EncryptedAssertion);
  IMPL_XMLOBJECTBUILDER(EncryptedAttribute);
  IMPL_XMLOBJECTBUILDER(EncryptedID);
@@ -1617,6 +1724,12 @@ const XMLCh Conditions::LOCAL_NAME[] =              UNICODE_LITERAL_10(C,o,n,d,i
  const XMLCh Conditions::TYPE_NAME[] =               UNICODE_LITERAL_14(C,o,n,d,i,t,i,o,n,s,T,y,p,e);
  const XMLCh Conditions::NOTBEFORE_ATTRIB_NAME[] =   UNICODE_LITERAL_9(N,o,t,B,e,f,o,r,e);
  const XMLCh Conditions::NOTONORAFTER_ATTRIB_NAME[] =UNICODE_LITERAL_12(N,o,t,O,n,O,r,A,f,t,e,r);
+const XMLCh Delegate::LOCAL_NAME[] =                UNICODE_LITERAL_8(D,e,l,e,g,a,t,e);
+const XMLCh Delegate::TYPE_NAME[] =                 UNICODE_LITERAL_12(D,e,l,e,g,a,t,e,T,y,p,e);
+const XMLCh Delegate::CONFIRMATIONMETHOD_ATTRIB_NAME[] = UNICODE_LITERAL_18(C,o,n,f,i,r,m,a,t,i,o,n,M,e,t,h,o,d);
+const XMLCh Delegate::DELEGATIONINSTANT_ATTRIB_NAME[] = UNICODE_LITERAL_17(D,e,l,e,g,a,t,i,o,n,I,n,s,t,a,n,t);
+const XMLCh DelegationRestrictionType::LOCAL_NAME[] = UNICODE_LITERAL_9(C,o,n,d,i,t,i,o,n);
+const XMLCh DelegationRestrictionType::TYPE_NAME[] =UNICODE_LITERAL_25(D,e,l,e,g,a,t,i,o,n,R,e,s,t,r,i,c,t,i,o,n,T,y,p,e);
  const XMLCh EncryptedAssertion::LOCAL_NAME[] =      UNICODE_LITERAL_18(E,n,c,r,y,p,t,e,d,A,s,s,e,r,t,i,o,n);
  const XMLCh EncryptedAttribute::LOCAL_NAME[] =      UNICODE_LITERAL_18(E,n,c,r,y,p,t,e,d,A,t,t,r,i,b,u,t,e);
  const XMLCh EncryptedElementType::LOCAL_NAME[] =    {chNull};