/*
-* Copyright 2001-2006 Internet2
- *
+* Copyright 2001-2007 Internet2
+ *
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
/**
* Assertions20SchemaValidators.cpp
- *
+ *
* Schema-based validators for SAML 2.0 Assertions classes
*/
#include "exceptions.h"
#include "saml2/core/Assertions.h"
+#include <xmltooling/validation/ValidatorSuite.h>
+
using namespace opensaml::saml2;
using namespace opensaml;
using namespace xmltooling;
using namespace std;
+using samlconstants::SAML20_NS;
namespace opensaml {
namespace saml2 {
-
+
XMLOBJECTVALIDATOR_SIMPLE(SAML_DLLLOCAL,Action);
XMLOBJECTVALIDATOR_SIMPLE(SAML_DLLLOCAL,AssertionIDRef);
XMLOBJECTVALIDATOR_SIMPLE(SAML_DLLLOCAL,AssertionURIRef);
BEGIN_XMLOBJECTVALIDATOR(SAML_DLLLOCAL,EncryptedElementType);
XMLOBJECTVALIDATOR_REQUIRE(EncryptedElementType,EncryptedData);
END_XMLOBJECTVALIDATOR;
-
+
BEGIN_XMLOBJECTVALIDATOR_SUB(SAML_DLLLOCAL,EncryptedID,EncryptedElementType);
EncryptedElementTypeSchemaValidator::validate(xmlObject);
END_XMLOBJECTVALIDATOR;
BEGIN_XMLOBJECTVALIDATOR(SAML_DLLLOCAL,ProxyRestriction);
if (ptr->getAudiences().empty()) {
- XMLOBJECTVALIDATOR_REQUIRE(ProxyRestriction,Count);
+ XMLOBJECTVALIDATOR_REQUIRE_INTEGER(ProxyRestriction,Count);
}
END_XMLOBJECTVALIDATOR;
+ BEGIN_XMLOBJECTVALIDATOR(SAML_DLLLOCAL,Delegate);
+ int count=0;
+ if (ptr->getBaseID())
+ count++;
+ if (ptr->getNameID())
+ count++;
+ if (ptr->getEncryptedID())
+ count++;
+ if (count != 1)
+ throw ValidationException("Delegate must contain exactly one identifier element.");
+ END_XMLOBJECTVALIDATOR;
+
+ BEGIN_XMLOBJECTVALIDATOR(SAML_DLLLOCAL,DelegationRestrictionType);
+ XMLOBJECTVALIDATOR_NONEMPTY(DelegationRestrictionType,Delegate);
+ END_XMLOBJECTVALIDATOR;
+
BEGIN_XMLOBJECTVALIDATOR(SAML_DLLLOCAL,Conditions);
if (!ptr->hasChildren()) {
XMLOBJECTVALIDATOR_ONEOF(Conditions,NotBefore,NotOnOrAfter);
BEGIN_XMLOBJECTVALIDATOR(SAML_DLLLOCAL,Assertion);
XMLOBJECTVALIDATOR_REQUIRE(Assertion,Version);
+ if (!XMLString::equals(samlconstants::SAML20_VERSION, ptr->getVersion()))
+ throw ValidationException("Assertion has wrong SAML Version.");
XMLOBJECTVALIDATOR_REQUIRE(Assertion,ID);
XMLOBJECTVALIDATOR_REQUIRE(Assertion,IssueInstant);
XMLOBJECTVALIDATOR_REQUIRE(Assertion,Issuer);
public:
void operator()(const XMLObject* xmlObject) const {
const XMLCh* ns=xmlObject->getElementQName().getNamespaceURI();
- if (XMLString::equals(ns,SAMLConstants::SAML20_NS) || !ns || !*ns) {
+ if (XMLString::equals(ns,SAML20_NS) || !ns || !*ns) {
throw ValidationException(
"Object contains an illegal extension child element ($1).",
params(1,xmlObject->getElementQName().toString().c_str())
};
BEGIN_XMLOBJECTVALIDATOR(SAML_DLLLOCAL,Advice);
- const vector<XMLObject*>& anys=ptr->getOthers();
+ const vector<XMLObject*>& anys=ptr->getUnknownXMLObjects();
for_each(anys.begin(),anys.end(),checkWildcardNS());
END_XMLOBJECTVALIDATOR;
};
#define REGISTER_ELEMENT(cname) \
- q=QName(SAMLConstants::SAML20_NS,cname::LOCAL_NAME); \
+ q=xmltooling::QName(SAML20_NS,cname::LOCAL_NAME); \
XMLObjectBuilder::registerBuilder(q,new cname##Builder()); \
- AssertionSchemaValidators.registerValidator(q,new cname##SchemaValidator())
-
+ SchemaValidators.registerValidator(q,new cname##SchemaValidator())
+
#define REGISTER_TYPE(cname) \
- q=QName(SAMLConstants::SAML20_NS,cname::TYPE_NAME); \
+ q=xmltooling::QName(SAML20_NS,cname::TYPE_NAME); \
XMLObjectBuilder::registerBuilder(q,new cname##Builder()); \
- AssertionSchemaValidators.registerValidator(q,new cname##SchemaValidator())
+ SchemaValidators.registerValidator(q,new cname##SchemaValidator())
#define REGISTER_ELEMENT_NOVAL(cname) \
- q=QName(SAMLConstants::SAML20_NS,cname::LOCAL_NAME); \
+ q=xmltooling::QName(SAML20_NS,cname::LOCAL_NAME); \
XMLObjectBuilder::registerBuilder(q,new cname##Builder());
-
+
#define REGISTER_TYPE_NOVAL(cname) \
- q=QName(SAMLConstants::SAML20_NS,cname::TYPE_NAME); \
+ q=xmltooling::QName(SAML20_NS,cname::TYPE_NAME); \
XMLObjectBuilder::registerBuilder(q,new cname##Builder());
-ValidatorSuite opensaml::saml2::AssertionSchemaValidators("AssertionSchemaValidators");
-
void opensaml::saml2::registerAssertionClasses() {
- QName q;
+ xmltooling::QName q;
REGISTER_ELEMENT(Action);
REGISTER_ELEMENT(Advice);
REGISTER_ELEMENT(Assertion);
REGISTER_ELEMENT(AuthnContextDeclRef);
REGISTER_ELEMENT(AuthnStatement);
REGISTER_ELEMENT(AuthzDecisionStatement);
+ REGISTER_ELEMENT_NOVAL(Condition);
REGISTER_ELEMENT(Conditions);
REGISTER_ELEMENT(EncryptedAssertion);
REGISTER_ELEMENT(EncryptedAttribute);
REGISTER_ELEMENT(NameID);
REGISTER_ELEMENT_NOVAL(OneTimeUse);
REGISTER_ELEMENT(ProxyRestriction);
+ REGISTER_ELEMENT_NOVAL(Statement);
REGISTER_ELEMENT(Subject);
REGISTER_ELEMENT(SubjectConfirmation);
REGISTER_ELEMENT_NOVAL(SubjectConfirmationData);
REGISTER_TYPE(Subject);
REGISTER_TYPE(SubjectConfirmation);
REGISTER_TYPE(SubjectLocality);
+
+ q=xmltooling::QName(samlconstants::SAML20_DELEGATION_CONDITION_NS,Delegate::LOCAL_NAME);
+ XMLObjectBuilder::registerBuilder(q,new DelegateBuilder());
+ SchemaValidators.registerValidator(q,new DelegateSchemaValidator());
+ q=xmltooling::QName(samlconstants::SAML20_DELEGATION_CONDITION_NS,Delegate::TYPE_NAME);
+ XMLObjectBuilder::registerBuilder(q,new DelegateBuilder());
+ SchemaValidators.registerValidator(q,new DelegateSchemaValidator());
+
+ q=xmltooling::QName(samlconstants::SAML20_DELEGATION_CONDITION_NS,DelegationRestrictionType::TYPE_NAME);
+ XMLObjectBuilder::registerBuilder(q,new DelegationRestrictionTypeBuilder());
+ SchemaValidators.registerValidator(q,new DelegationRestrictionTypeSchemaValidator());
}