*/
/**
- * AssertionsSchemaValidators.cpp
+ * Assertions20SchemaValidators.cpp
*
* Schema-based validators for SAML 2.0 Assertions classes
*/
#include "exceptions.h"
#include "saml2/core/Assertions.h"
+#include <xmltooling/validation/ValidatorSuite.h>
+
using namespace opensaml::saml2;
using namespace opensaml;
using namespace xmltooling;
using namespace std;
+using samlconstants::SAML20_NS;
namespace opensaml {
namespace saml2 {
XMLOBJECTVALIDATOR_SIMPLE(SAML_DLLLOCAL,NameID);
XMLOBJECTVALIDATOR_SIMPLE(SAML_DLLLOCAL,Issuer);
+ BEGIN_XMLOBJECTVALIDATOR(SAML_DLLLOCAL,EncryptedElementType);
+ XMLOBJECTVALIDATOR_REQUIRE(EncryptedElementType,EncryptedData);
+ END_XMLOBJECTVALIDATOR;
+
+ BEGIN_XMLOBJECTVALIDATOR_SUB(SAML_DLLLOCAL,EncryptedID,EncryptedElementType);
+ EncryptedElementTypeSchemaValidator::validate(xmlObject);
+ END_XMLOBJECTVALIDATOR;
+
+ BEGIN_XMLOBJECTVALIDATOR_SUB(SAML_DLLLOCAL,EncryptedAttribute,EncryptedElementType);
+ EncryptedElementTypeSchemaValidator::validate(xmlObject);
+ END_XMLOBJECTVALIDATOR;
+
+ BEGIN_XMLOBJECTVALIDATOR_SUB(SAML_DLLLOCAL,EncryptedAssertion,EncryptedElementType);
+ EncryptedElementTypeSchemaValidator::validate(xmlObject);
+ END_XMLOBJECTVALIDATOR;
+
BEGIN_XMLOBJECTVALIDATOR(SAML_DLLLOCAL,AudienceRestriction);
XMLOBJECTVALIDATOR_NONEMPTY(AudienceRestriction,Audience);
END_XMLOBJECTVALIDATOR;
BEGIN_XMLOBJECTVALIDATOR(SAML_DLLLOCAL,ProxyRestriction);
if (ptr->getAudiences().empty()) {
- XMLOBJECTVALIDATOR_REQUIRE(ProxyRestriction,Count);
+ XMLOBJECTVALIDATOR_REQUIRE_INTEGER(ProxyRestriction,Count);
}
END_XMLOBJECTVALIDATOR;
count++;
if (ptr->getNameID())
count++;
- //if (ptr->getEncryptedID())
- //count++;
+ if (ptr->getEncryptedID())
+ count++;
if (count > 1)
throw ValidationException("SubjectConfirmation cannot contain multiple identifier elements.");
END_XMLOBJECTVALIDATOR;
count++;
if (ptr->getNameID())
count++;
- //if (ptr->getEncryptedID())
- //count++;
+ if (ptr->getEncryptedID())
+ count++;
if (count > 1)
throw ValidationException("Subject cannot contain multiple identifier elements.");
END_XMLOBJECTVALIDATOR;
BEGIN_XMLOBJECTVALIDATOR(SAML_DLLLOCAL,Assertion);
XMLOBJECTVALIDATOR_REQUIRE(Assertion,Version);
+ if (!XMLString::equals(samlconstants::SAML20_VERSION, ptr->getVersion()))
+ throw ValidationException("Assertion has wrong SAML Version.");
XMLOBJECTVALIDATOR_REQUIRE(Assertion,ID);
XMLOBJECTVALIDATOR_REQUIRE(Assertion,IssueInstant);
XMLOBJECTVALIDATOR_REQUIRE(Assertion,Issuer);
public:
void operator()(const XMLObject* xmlObject) const {
const XMLCh* ns=xmlObject->getElementQName().getNamespaceURI();
- if (XMLString::equals(ns,SAMLConstants::SAML20_NS) || !ns || !*ns) {
+ if (XMLString::equals(ns,SAML20_NS) || !ns || !*ns) {
throw ValidationException(
"Object contains an illegal extension child element ($1).",
params(1,xmlObject->getElementQName().toString().c_str())
};
#define REGISTER_ELEMENT(cname) \
- q=QName(SAMLConstants::SAML20_NS,cname::LOCAL_NAME); \
+ q=QName(SAML20_NS,cname::LOCAL_NAME); \
XMLObjectBuilder::registerBuilder(q,new cname##Builder()); \
- Validator::registerValidator(q,new cname##SchemaValidator())
+ SchemaValidators.registerValidator(q,new cname##SchemaValidator())
#define REGISTER_TYPE(cname) \
- q=QName(SAMLConstants::SAML20_NS,cname::TYPE_NAME); \
+ q=QName(SAML20_NS,cname::TYPE_NAME); \
XMLObjectBuilder::registerBuilder(q,new cname##Builder()); \
- Validator::registerValidator(q,new cname##SchemaValidator())
+ SchemaValidators.registerValidator(q,new cname##SchemaValidator())
#define REGISTER_ELEMENT_NOVAL(cname) \
- q=QName(SAMLConstants::SAML20_NS,cname::LOCAL_NAME); \
+ q=QName(SAML20_NS,cname::LOCAL_NAME); \
XMLObjectBuilder::registerBuilder(q,new cname##Builder());
#define REGISTER_TYPE_NOVAL(cname) \
- q=QName(SAMLConstants::SAML20_NS,cname::TYPE_NAME); \
+ q=QName(SAML20_NS,cname::TYPE_NAME); \
XMLObjectBuilder::registerBuilder(q,new cname##Builder());
void opensaml::saml2::registerAssertionClasses() {
REGISTER_ELEMENT(AuthnStatement);
REGISTER_ELEMENT(AuthzDecisionStatement);
REGISTER_ELEMENT(Conditions);
+ REGISTER_ELEMENT(EncryptedAssertion);
+ REGISTER_ELEMENT(EncryptedAttribute);
+ REGISTER_ELEMENT(EncryptedID);
REGISTER_ELEMENT(Evidence);
REGISTER_ELEMENT(Issuer);
REGISTER_ELEMENT(NameID);