-/*
-* Copyright 2001-2006 Internet2
- *
-* Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
+/**
+ * Licensed to the University Corporation for Advanced Internet
+ * Development, Inc. (UCAID) under one or more contributor license
+ * agreements. See the NOTICE file distributed with this work for
+ * additional information regarding copyright ownership.
+ *
+ * UCAID licenses this file to you under the Apache License,
+ * Version 2.0 (the "License"); you may not use this file except
+ * in compliance with the License. You may obtain a copy of the
+ * License at
*
- * http://www.apache.org/licenses/LICENSE-2.0
+ * http://www.apache.org/licenses/LICENSE-2.0
*
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND,
+ * either express or implied. See the License for the specific
+ * language governing permissions and limitations under the License.
*/
/**
* Assertions20SchemaValidators.cpp
- *
+ *
* Schema-based validators for SAML 2.0 Assertions classes
*/
#include "exceptions.h"
#include "saml2/core/Assertions.h"
+#include <xmltooling/validation/Validator.h>
+#include <xmltooling/validation/ValidatorSuite.h>
+
using namespace opensaml::saml2;
using namespace opensaml;
using namespace xmltooling;
using namespace std;
+using samlconstants::SAML20_NS;
namespace opensaml {
namespace saml2 {
-
+
XMLOBJECTVALIDATOR_SIMPLE(SAML_DLLLOCAL,Action);
XMLOBJECTVALIDATOR_SIMPLE(SAML_DLLLOCAL,AssertionIDRef);
XMLOBJECTVALIDATOR_SIMPLE(SAML_DLLLOCAL,AssertionURIRef);
BEGIN_XMLOBJECTVALIDATOR(SAML_DLLLOCAL,EncryptedElementType);
XMLOBJECTVALIDATOR_REQUIRE(EncryptedElementType,EncryptedData);
END_XMLOBJECTVALIDATOR;
-
+
BEGIN_XMLOBJECTVALIDATOR_SUB(SAML_DLLLOCAL,EncryptedID,EncryptedElementType);
EncryptedElementTypeSchemaValidator::validate(xmlObject);
END_XMLOBJECTVALIDATOR;
BEGIN_XMLOBJECTVALIDATOR(SAML_DLLLOCAL,ProxyRestriction);
if (ptr->getAudiences().empty()) {
- XMLOBJECTVALIDATOR_REQUIRE(ProxyRestriction,Count);
+ XMLOBJECTVALIDATOR_REQUIRE_INTEGER(ProxyRestriction,Count);
}
END_XMLOBJECTVALIDATOR;
+ BEGIN_XMLOBJECTVALIDATOR(SAML_DLLLOCAL,Delegate);
+ int count=0;
+ if (ptr->getBaseID())
+ count++;
+ if (ptr->getNameID())
+ count++;
+ if (ptr->getEncryptedID())
+ count++;
+ if (count != 1)
+ throw ValidationException("Delegate must contain exactly one identifier element.");
+ END_XMLOBJECTVALIDATOR;
+
+ BEGIN_XMLOBJECTVALIDATOR(SAML_DLLLOCAL,DelegationRestrictionType);
+ XMLOBJECTVALIDATOR_NONEMPTY(DelegationRestrictionType,Delegate);
+ END_XMLOBJECTVALIDATOR;
+
BEGIN_XMLOBJECTVALIDATOR(SAML_DLLLOCAL,Conditions);
- if (!ptr->hasChildren()) {
- XMLOBJECTVALIDATOR_ONEOF(Conditions,NotBefore,NotOnOrAfter);
+ if (ptr->getOneTimeUses().size() > 1) {
+ throw ValidationException("Multiple OneTimeUse condition elements are not permitted.");
+ }
+ else if (ptr->getProxyRestrictions().size() > 1) {
+ throw ValidationException("Multiple ProxyRestriction condition elements are not permitted.");
}
END_XMLOBJECTVALIDATOR;
BEGIN_XMLOBJECTVALIDATOR(SAML_DLLLOCAL,Assertion);
XMLOBJECTVALIDATOR_REQUIRE(Assertion,Version);
+ if (!XMLString::equals(samlconstants::SAML20_VERSION, ptr->getVersion()))
+ throw ValidationException("Assertion has wrong SAML Version.");
XMLOBJECTVALIDATOR_REQUIRE(Assertion,ID);
XMLOBJECTVALIDATOR_REQUIRE(Assertion,IssueInstant);
XMLOBJECTVALIDATOR_REQUIRE(Assertion,Issuer);
public:
void operator()(const XMLObject* xmlObject) const {
const XMLCh* ns=xmlObject->getElementQName().getNamespaceURI();
- if (XMLString::equals(ns,SAMLConstants::SAML20_NS) || !ns || !*ns) {
+ if (XMLString::equals(ns,SAML20_NS) || !ns || !*ns) {
throw ValidationException(
"Object contains an illegal extension child element ($1).",
params(1,xmlObject->getElementQName().toString().c_str())
};
BEGIN_XMLOBJECTVALIDATOR(SAML_DLLLOCAL,Advice);
- const vector<XMLObject*>& anys=ptr->getOthers();
+ const vector<XMLObject*>& anys=ptr->getUnknownXMLObjects();
for_each(anys.begin(),anys.end(),checkWildcardNS());
END_XMLOBJECTVALIDATOR;
};
#define REGISTER_ELEMENT(cname) \
- q=QName(SAMLConstants::SAML20_NS,cname::LOCAL_NAME); \
+ q=xmltooling::QName(SAML20_NS,cname::LOCAL_NAME); \
XMLObjectBuilder::registerBuilder(q,new cname##Builder()); \
- AssertionSchemaValidators.registerValidator(q,new cname##SchemaValidator())
-
+ SchemaValidators.registerValidator(q,new cname##SchemaValidator())
+
#define REGISTER_TYPE(cname) \
- q=QName(SAMLConstants::SAML20_NS,cname::TYPE_NAME); \
+ q=xmltooling::QName(SAML20_NS,cname::TYPE_NAME); \
XMLObjectBuilder::registerBuilder(q,new cname##Builder()); \
- AssertionSchemaValidators.registerValidator(q,new cname##SchemaValidator())
+ SchemaValidators.registerValidator(q,new cname##SchemaValidator())
#define REGISTER_ELEMENT_NOVAL(cname) \
- q=QName(SAMLConstants::SAML20_NS,cname::LOCAL_NAME); \
+ q=xmltooling::QName(SAML20_NS,cname::LOCAL_NAME); \
XMLObjectBuilder::registerBuilder(q,new cname##Builder());
-
+
#define REGISTER_TYPE_NOVAL(cname) \
- q=QName(SAMLConstants::SAML20_NS,cname::TYPE_NAME); \
+ q=xmltooling::QName(SAML20_NS,cname::TYPE_NAME); \
XMLObjectBuilder::registerBuilder(q,new cname##Builder());
-ValidatorSuite opensaml::saml2::AssertionSchemaValidators("AssertionSchemaValidators");
-
void opensaml::saml2::registerAssertionClasses() {
- QName q;
+ xmltooling::QName q;
REGISTER_ELEMENT(Action);
REGISTER_ELEMENT(Advice);
REGISTER_ELEMENT(Assertion);
REGISTER_ELEMENT(AuthnContextDeclRef);
REGISTER_ELEMENT(AuthnStatement);
REGISTER_ELEMENT(AuthzDecisionStatement);
+ REGISTER_ELEMENT_NOVAL(Condition);
REGISTER_ELEMENT(Conditions);
REGISTER_ELEMENT(EncryptedAssertion);
REGISTER_ELEMENT(EncryptedAttribute);
REGISTER_ELEMENT(NameID);
REGISTER_ELEMENT_NOVAL(OneTimeUse);
REGISTER_ELEMENT(ProxyRestriction);
+ REGISTER_ELEMENT_NOVAL(Statement);
REGISTER_ELEMENT(Subject);
REGISTER_ELEMENT(SubjectConfirmation);
REGISTER_ELEMENT_NOVAL(SubjectConfirmationData);
REGISTER_TYPE(Subject);
REGISTER_TYPE(SubjectConfirmation);
REGISTER_TYPE(SubjectLocality);
+
+ q=xmltooling::QName(samlconstants::SAML20_DELEGATION_CONDITION_NS,Delegate::LOCAL_NAME);
+ XMLObjectBuilder::registerBuilder(q,new DelegateBuilder());
+ SchemaValidators.registerValidator(q,new DelegateSchemaValidator());
+ q=xmltooling::QName(samlconstants::SAML20_DELEGATION_CONDITION_NS,Delegate::TYPE_NAME);
+ XMLObjectBuilder::registerBuilder(q,new DelegateBuilder());
+ SchemaValidators.registerValidator(q,new DelegateSchemaValidator());
+
+ q=xmltooling::QName(samlconstants::SAML20_DELEGATION_CONDITION_NS,DelegationRestrictionType::TYPE_NAME);
+ XMLObjectBuilder::registerBuilder(q,new DelegationRestrictionTypeBuilder());
+ SchemaValidators.registerValidator(q,new DelegationRestrictionTypeSchemaValidator());
}
projects / shibboleth / cpp-opensaml.git / blobdiff