X-Git-Url: http://www.project-moonshot.org/gitweb/?p=shibboleth%2Fcpp-opensaml.git;a=blobdiff_plain;f=saml%2Fsaml2%2Fcore%2FAssertions.h;h=765b7a9cdf15a8ed9ed9e45e9ee1a0c6168f3fa1;hp=1cc75be7e753037a3f91c1678bea1848fdbff9b8;hb=fc51c80cb50454ac8f662f076445e9aa36875ddf;hpb=7ad96e97599881b4fbaf67da4a85155398dd4787 diff --git a/saml/saml2/core/Assertions.h b/saml/saml2/core/Assertions.h index 1cc75be..765b7a9 100644 --- a/saml/saml2/core/Assertions.h +++ b/saml/saml2/core/Assertions.h @@ -1,5 +1,5 @@ /* - * Copyright 2001-2006 Internet2 + * Copyright 2001-2007 Internet2 * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -15,7 +15,7 @@ */ /** - * @file Assertions.h + * @file saml/saml2/core/Assertions.h * * XMLObjects representing the SAML 2.0 Assertions schema */ @@ -23,31 +23,45 @@ #ifndef __saml2_assertions_h__ #define __saml2_assertions_h__ -#include +#include #include -#include -#include -#include #include -#include +#include +#include +#include #include #include -#include #define DECL_SAML2OBJECTBUILDER(cname) \ - DECL_XMLOBJECTBUILDER(SAML_API,cname,opensaml::SAMLConstants::SAML20_NS,opensaml::SAMLConstants::SAML20_PREFIX) + DECL_XMLOBJECTBUILDER(SAML_API,cname,samlconstants::SAML20_NS,samlconstants::SAML20_PREFIX) namespace opensaml { + namespace saml2md { + class SAML_API MetadataProvider; + class SAML_API MetadataCredentialCriteria; + }; + /** - * @namespace saml2 + * @namespace opensaml::saml2 * SAML 2.0 assertion namespace */ namespace saml2 { // Forward references class SAML_API Assertion; + class SAML_API EncryptedAssertion; + + /** + * Marker interface for SAML types that can be encrypted. + */ + class SAML_API EncryptableObject : public virtual xmltooling::XMLObject + { + protected: + EncryptableObject() {} + virtual ~EncryptableObject() {} + }; DECL_XMLOBJECT_SIMPLE(SAML_API,AssertionIDRef,AssertionID,SAML 2.0 AssertionIDRef element); DECL_XMLOBJECT_SIMPLE(SAML_API,AssertionURIRef,AssertionURI,SAML 2.0 AssertionURIRef element); @@ -56,22 +70,98 @@ namespace opensaml { DECL_XMLOBJECT_SIMPLE(SAML_API,AuthnContextDeclRef,Reference,SAML 2.0 AuthnContextDeclRef element); DECL_XMLOBJECT_SIMPLE(SAML_API,AuthenticatingAuthority,ID,SAML 2.0 AuthenticatingAuthority element); - BEGIN_XMLOBJECT(SAML_API,BaseID,xmltooling::XMLObject,SAML 2.0 BaseIDAbstractType abstract type); + BEGIN_XMLOBJECT(SAML_API,EncryptedElementType,xmltooling::XMLObject,SAML 2.0 EncryptedElementType type); + DECL_TYPED_FOREIGN_CHILD(EncryptedData,xmlencryption); + DECL_TYPED_FOREIGN_CHILDREN(EncryptedKey,xmlencryption); + /** EncryptedElementType local name */ + static const XMLCh TYPE_NAME[]; + + /** + * Encrypts an object to a single recipient using this object as a container. + * + * @param xmlObject object to encrypt + * @param metadataProvider a locked MetadataProvider to supply encryption keys + * @param criteria metadata-based CredentialCriteria to use + * @param compact true iff compact KeyInfo should be used + * @param algorithm optionally specifies data encryption algorithm if none can be determined from metadata + * @return the encrypted object + */ + virtual void encrypt( + const EncryptableObject& xmlObject, + const saml2md::MetadataProvider& metadataProvider, + saml2md::MetadataCredentialCriteria& criteria, + bool compact=false, + const XMLCh* algorithm=NULL + ); + + /** + * Encrypts an object to multiple recipients using this object as a container. + * + * @param xmlObject object to encrypt + * @param recipients pairs containing a locked MetadataProvider to supply encryption keys, + * and a metadata-based CredentialCriteria to use + * @param compact true iff compact KeyInfo should be used + * @param algorithm optionally specifies data encryption algorithm if none can be determined from metadata + * @return the encrypted object + */ + virtual void encrypt( + const EncryptableObject& xmlObject, + const std::vector< std::pair >& recipients, + bool compact=false, + const XMLCh* algorithm=NULL + ); + + /** + * Decrypts the element using the supplied CredentialResolver. + * + *

The object returned will be unmarshalled around the decrypted DOM element in a + * new Document owned by the object. + * + * @param credResolver locked resolver supplying decryption keys + * @param recipient identifier naming the recipient (the entity performing the decryption) + * @param criteria optional external criteria to use with resolver + * @return the decrypted and unmarshalled object + */ + virtual xmltooling::XMLObject* decrypt( + const xmltooling::CredentialResolver& credResolver, const XMLCh* recipient, xmltooling::CredentialCriteria* criteria=NULL + ) const; + END_XMLOBJECT; + + BEGIN_XMLOBJECT(SAML_API,EncryptedID,EncryptedElementType,SAML 2.0 EncryptedID element); + END_XMLOBJECT; + + BEGIN_XMLOBJECT(SAML_API,BaseID,EncryptableObject,SAML 2.0 BaseID abstract element); DECL_STRING_ATTRIB(NameQualifier,NAMEQUALIFIER); DECL_STRING_ATTRIB(SPNameQualifier,SPNAMEQUALIFIER); END_XMLOBJECT; - BEGIN_XMLOBJECT(SAML_API,NameIDType,xmltooling::SimpleElement,SAML 2.0 NameIDType type); + BEGIN_XMLOBJECT(SAML_API,NameIDType,xmltooling::XMLObject,SAML 2.0 NameIDType type); DECL_STRING_ATTRIB(NameQualifier,NAMEQUALIFIER); DECL_STRING_ATTRIB(SPNameQualifier,SPNAMEQUALIFIER); DECL_STRING_ATTRIB(Format,FORMAT); DECL_STRING_ATTRIB(SPProvidedID,SPPROVIDEDID); - DECL_XMLOBJECT_CONTENT(Name); + DECL_SIMPLE_CONTENT(Name); /** NameIDType local name */ static const XMLCh TYPE_NAME[]; + /** Unspecified name format ID */ + static const XMLCh UNSPECIFIED[]; + /** Email address name format ID */ + static const XMLCh EMAIL[]; + /** X.509 subject name format ID */ + static const XMLCh X509_SUBJECT[]; + /** Windows domain qualified name format ID */ + static const XMLCh WIN_DOMAIN_QUALIFIED[]; + /** Kerberos principal name format ID */ + static const XMLCh KERBEROS[]; + /** Entity identifier name format ID */ + static const XMLCh ENTITY[]; + /** Persistent identifier name format ID */ + static const XMLCh PERSISTENT[]; + /** Transient identifier name format ID */ + static const XMLCh TRANSIENT[]; END_XMLOBJECT; - BEGIN_XMLOBJECT(SAML_API,NameID,NameIDType,SAML 2.0 NameID element); + BEGIN_XMLOBJECT2(SAML_API,NameID,NameIDType,EncryptableObject,SAML 2.0 NameID element); END_XMLOBJECT; BEGIN_XMLOBJECT(SAML_API,Issuer,NameIDType,SAML 2.0 Issuer element); @@ -109,21 +199,19 @@ namespace opensaml { static const XMLCh TYPE_NAME[]; END_XMLOBJECT; - BEGIN_XMLOBJECT2(SAML_API,SubjectConfirmationData,xmltooling::ElementProxy,xmltooling::AttributeExtensibleXMLObject,SAML 2.0 SubjectConfirmationData element); + BEGIN_XMLOBJECT(SAML_API,SubjectConfirmationDataType,xmltooling::XMLObject,SAML 2.0 SubjectConfirmationDataType base type); DECL_DATETIME_ATTRIB(NotBefore,NOTBEFORE); DECL_DATETIME_ATTRIB(NotOnOrAfter,NOTONORAFTER); DECL_STRING_ATTRIB(Recipient,RECIPIENT); DECL_STRING_ATTRIB(InResponseTo,INRESPONSETO); DECL_STRING_ATTRIB(Address,ADDRESS); - DECL_XMLOBJECT_CONTENT(Data); END_XMLOBJECT; - BEGIN_XMLOBJECT(SAML_API,KeyInfoConfirmationDataType,xmltooling::AttributeExtensibleXMLObject,SAML 2.0 KeyInfoConfirmationDataType type); - DECL_DATETIME_ATTRIB(NotBefore,NOTBEFORE); - DECL_DATETIME_ATTRIB(NotOnOrAfter,NOTONORAFTER); - DECL_STRING_ATTRIB(Recipient,RECIPIENT); - DECL_STRING_ATTRIB(InResponseTo,INRESPONSETO); - DECL_STRING_ATTRIB(Address,ADDRESS); + BEGIN_XMLOBJECT2(SAML_API,SubjectConfirmationData,SubjectConfirmationDataType,xmltooling::ElementProxy,SAML 2.0 SubjectConfirmationData element); + DECL_SIMPLE_CONTENT(Data); + END_XMLOBJECT; + + BEGIN_XMLOBJECT2(SAML_API,KeyInfoConfirmationDataType,SubjectConfirmationDataType,xmltooling::AttributeExtensibleXMLObject,SAML 2.0 KeyInfoConfirmationDataType type); DECL_TYPED_FOREIGN_CHILDREN(KeyInfo,xmlsignature); /** KeyInfoConfirmationDataType local name */ static const XMLCh TYPE_NAME[]; @@ -133,17 +221,22 @@ namespace opensaml { DECL_STRING_ATTRIB(Method,METHOD); DECL_TYPED_CHILD(BaseID); DECL_TYPED_CHILD(NameID); - //DECL_TYPED_CHILD(EncryptedID); + DECL_TYPED_CHILD(EncryptedID); DECL_XMLOBJECT_CHILD(SubjectConfirmationData); - DECL_TYPED_CHILD(KeyInfoConfirmationDataType); /** SubjectConfirmationType local name */ static const XMLCh TYPE_NAME[]; + /** Bearer confirmation method */ + static const XMLCh BEARER[]; + /** Holder of key confirmation method */ + static const XMLCh HOLDER_KEY[]; + /** Sender vouches confirmation method */ + static const XMLCh SENDER_VOUCHES[]; END_XMLOBJECT; BEGIN_XMLOBJECT(SAML_API,Subject,xmltooling::XMLObject,SAML 2.0 Subject element); DECL_TYPED_CHILD(BaseID); DECL_TYPED_CHILD(NameID); - //DECL_TYPED_CHILD(EncryptedID); + DECL_TYPED_CHILD(EncryptedID); DECL_TYPED_CHILDREN(SubjectConfirmation); /** SubjectType local name */ static const XMLCh TYPE_NAME[]; @@ -159,7 +252,7 @@ namespace opensaml { static const XMLCh TYPE_NAME[]; END_XMLOBJECT; - BEGIN_XMLOBJECT2(SAML_API,AuthnContextDecl,xmltooling::ElementProxy,xmltooling::AttributeExtensibleXMLObject,SAML 2.0 AuthnContextDecl element); + BEGIN_XMLOBJECT(SAML_API,AuthnContextDecl,xmltooling::ElementProxy,SAML 2.0 AuthnContextDecl element); END_XMLOBJECT; BEGIN_XMLOBJECT(SAML_API,AuthnContext,xmltooling::XMLObject,SAML 2.0 AuthnContext element); @@ -181,18 +274,26 @@ namespace opensaml { static const XMLCh TYPE_NAME[]; END_XMLOBJECT; - BEGIN_XMLOBJECT(SAML_API,Action,xmltooling::SimpleElement,SAML 2.0 Action element); + BEGIN_XMLOBJECT(SAML_API,Action,xmltooling::XMLObject,SAML 2.0 Action element); DECL_STRING_ATTRIB(Namespace,NAMESPACE); - DECL_XMLOBJECT_CONTENT(Action); + DECL_SIMPLE_CONTENT(Action); /** ActionType local name */ static const XMLCh TYPE_NAME[]; + /** Read/Write/Execute/Delete/Control Action Namespace */ + static const XMLCh RWEDC_NEG_ACTION_NAMESPACE[]; + /** Read/Write/Execute/Delete/Control with Negation Action Namespace */ + static const XMLCh RWEDC_ACTION_NAMESPACE[]; + /** Get/Head/Put/Post Action Namespace */ + static const XMLCh GHPP_ACTION_NAMESPACE[]; + /** UNIX File Permissions Action Namespace */ + static const XMLCh UNIX_ACTION_NAMESPACE[]; END_XMLOBJECT; BEGIN_XMLOBJECT(SAML_API,Evidence,xmltooling::XMLObject,SAML 2.0 Evidence element); DECL_TYPED_CHILDREN(AssertionIDRef); DECL_TYPED_CHILDREN(AssertionURIRef); DECL_TYPED_CHILDREN(Assertion); - //DECL_TYPED_CHILDREN(EncryptedAssertion); + DECL_TYPED_CHILDREN(EncryptedAssertion); /** EvidenceType local name */ static const XMLCh TYPE_NAME[]; END_XMLOBJECT; @@ -212,41 +313,69 @@ namespace opensaml { static const XMLCh DECISION_INDETERMINATE[]; END_XMLOBJECT; - BEGIN_XMLOBJECT2(SAML_API,AttributeValue,xmltooling::ElementProxy,xmltooling::AttributeExtensibleXMLObject,SAML 2.0 AttributeValue element); + BEGIN_XMLOBJECT(SAML_API,AttributeValue,xmltooling::ElementProxy,SAML 2.0 AttributeValue element); + DECL_BOOLEAN_ATTRIB(Nil,NIL,false); END_XMLOBJECT; - BEGIN_XMLOBJECT(SAML_API,Attribute,xmltooling::AttributeExtensibleXMLObject,SAML 2.0 Attribute element); + BEGIN_XMLOBJECT2(SAML_API,Attribute,xmltooling::AttributeExtensibleXMLObject,EncryptableObject,SAML 2.0 Attribute element); DECL_STRING_ATTRIB(Name,NAME); DECL_STRING_ATTRIB(NameFormat,NAMEFORMAT); DECL_STRING_ATTRIB(FriendlyName,FRIENDLYNAME); DECL_XMLOBJECT_CHILDREN(AttributeValue); /** AttributeType local name */ static const XMLCh TYPE_NAME[]; + /** Unspecified attribute name format ID */ + static const XMLCh UNSPECIFIED[]; + /** URI reference attribute name format ID */ + static const XMLCh URI_REFERENCE[]; + /** Basic attribute name format ID */ + static const XMLCh BASIC[]; + END_XMLOBJECT; + + BEGIN_XMLOBJECT(SAML_API,EncryptedAttribute,EncryptedElementType,SAML 2.0 EncryptedAttribute element); END_XMLOBJECT; BEGIN_XMLOBJECT(SAML_API,AttributeStatement,Statement,SAML 2.0 AttributeStatement element); DECL_TYPED_CHILDREN(Attribute); - //DECL_TYPED_CHILDREN(EncryptedAttribute); + DECL_TYPED_CHILDREN(EncryptedAttribute); /** AttributeStatementType local name */ static const XMLCh TYPE_NAME[]; END_XMLOBJECT; - BEGIN_XMLOBJECT(SAML_API,Advice,xmltooling::XMLObject,SAML 2.0 Advice element); + BEGIN_XMLOBJECT(SAML_API,EncryptedAssertion,EncryptedElementType,SAML 2.0 EncryptedAssertion element); + END_XMLOBJECT; + + BEGIN_XMLOBJECT(SAML_API,Advice,xmltooling::ElementExtensibleXMLObject,SAML 2.0 Advice element); DECL_TYPED_CHILDREN(AssertionIDRef); DECL_TYPED_CHILDREN(AssertionURIRef); DECL_TYPED_CHILDREN(Assertion); - //DECL_TYPED_CHILDREN(EncryptedAssertion); - DECL_XMLOBJECT_CHILDREN(Other); + DECL_TYPED_CHILDREN(EncryptedAssertion); /** AdviceType local name */ static const XMLCh TYPE_NAME[]; END_XMLOBJECT; - BEGIN_XMLOBJECT(SAML_API,Assertion,SignableObject,SAML 2.0 Assertion element); - DECL_STRING_ATTRIB(Version,VER); - DECL_STRING_ATTRIB(ID,ID); - DECL_DATETIME_ATTRIB(IssueInstant,ISSUEINSTANT); - DECL_TYPED_CHILD(Issuer); - DECL_TYPED_FOREIGN_CHILD(Signature,xmlsignature); + /** + * SAML 2.0 assertion or protocol message. + */ + class SAML_API RootObject : virtual public opensaml::RootObject + { + protected: + RootObject() {} + public: + virtual ~RootObject() {} + + /** Gets the Version attribute. */ + virtual const XMLCh* getVersion() const=0; + + /** Gets the Issuer. */ + virtual Issuer* getIssuer() const=0; + }; + + BEGIN_XMLOBJECT3(SAML_API,Assertion,saml2::RootObject,opensaml::Assertion,EncryptableObject,SAML 2.0 Assertion element); + DECL_INHERITED_STRING_ATTRIB(Version,VER); + DECL_INHERITED_STRING_ATTRIB(ID,ID); + DECL_INHERITED_DATETIME_ATTRIB(IssueInstant,ISSUEINSTANT); + DECL_INHERITED_TYPED_CHILD(Issuer); DECL_TYPED_CHILD(Subject); DECL_TYPED_CHILD(Conditions); DECL_TYPED_CHILD(Advice); @@ -276,6 +405,9 @@ namespace opensaml { DECL_SAML2OBJECTBUILDER(AuthnStatement); DECL_SAML2OBJECTBUILDER(AuthzDecisionStatement); DECL_SAML2OBJECTBUILDER(Conditions); + DECL_SAML2OBJECTBUILDER(EncryptedAssertion); + DECL_SAML2OBJECTBUILDER(EncryptedAttribute); + DECL_SAML2OBJECTBUILDER(EncryptedID); DECL_SAML2OBJECTBUILDER(Evidence); DECL_SAML2OBJECTBUILDER(Issuer); DECL_SAML2OBJECTBUILDER(NameID); @@ -295,18 +427,26 @@ namespace opensaml { public: virtual ~NameIDTypeBuilder() {} /** Builder that allows element/type override. */ +#ifdef HAVE_COVARIANT_RETURNS virtual NameIDType* buildObject( +#else + virtual xmltooling::XMLObject* buildObject( +#endif const XMLCh* nsURI, const XMLCh* localName, const XMLCh* prefix=NULL, const xmltooling::QName* schemaType=NULL ) const; /** Singleton builder. */ static NameIDType* buildNameIDType(const XMLCh* nsURI, const XMLCh* localName, const XMLCh* prefix=NULL) { const NameIDTypeBuilder* b = dynamic_cast( - XMLObjectBuilder::getBuilder(xmltooling::QName(SAMLConstants::SAML20_NS,NameIDType::TYPE_NAME)) + XMLObjectBuilder::getBuilder(xmltooling::QName(samlconstants::SAML20_NS,NameIDType::TYPE_NAME)) ); if (b) { - xmltooling::QName schemaType(SAMLConstants::SAML20_NS,NameIDType::TYPE_NAME,SAMLConstants::SAML20_PREFIX); + xmltooling::QName schemaType(samlconstants::SAML20_NS,NameIDType::TYPE_NAME,samlconstants::SAML20_PREFIX); +#ifdef HAVE_COVARIANT_RETURNS return b->buildObject(nsURI, localName, prefix, &schemaType); +#else + return dynamic_cast(b->buildObject(nsURI, localName, prefix, &schemaType)); +#endif } throw xmltooling::XMLObjectException("Unable to obtain typed builder for NameIDType."); } @@ -318,36 +458,48 @@ namespace opensaml { * This is customized to return a SubjectConfirmationData element with an * xsi:type of KeyInfoConfirmationDataType. */ - class SAML_API KeyInfoConfirmationDataTypeBuilder : public xmltooling::XMLObjectBuilder { + class SAML_API KeyInfoConfirmationDataTypeBuilder : public xmltooling::ConcreteXMLObjectBuilder { public: virtual ~KeyInfoConfirmationDataTypeBuilder() {} /** Default builder. */ +#ifdef HAVE_COVARIANT_RETURNS virtual KeyInfoConfirmationDataType* buildObject() const { +#else + virtual xmltooling::XMLObject* buildObject() const { +#endif xmltooling::QName schemaType( - SAMLConstants::SAML20_NS,KeyInfoConfirmationDataType::TYPE_NAME,SAMLConstants::SAML20_PREFIX + samlconstants::SAML20_NS,KeyInfoConfirmationDataType::TYPE_NAME,samlconstants::SAML20_PREFIX ); return buildObject( - SAMLConstants::SAML20_NS,KeyInfoConfirmationDataType::LOCAL_NAME,SAMLConstants::SAML20_PREFIX,&schemaType + samlconstants::SAML20_NS,KeyInfoConfirmationDataType::LOCAL_NAME,samlconstants::SAML20_PREFIX,&schemaType ); } /** Builder that allows element/type override. */ +#ifdef HAVE_COVARIANT_RETURNS virtual KeyInfoConfirmationDataType* buildObject( +#else + virtual xmltooling::XMLObject* buildObject( +#endif const XMLCh* nsURI, const XMLCh* localName, const XMLCh* prefix=NULL, const xmltooling::QName* schemaType=NULL ) const; /** Singleton builder. */ static KeyInfoConfirmationDataType* buildKeyInfoConfirmationDataType() { const KeyInfoConfirmationDataTypeBuilder* b = dynamic_cast( - XMLObjectBuilder::getBuilder(xmltooling::QName(SAMLConstants::SAML20_NS,KeyInfoConfirmationDataType::TYPE_NAME)) + XMLObjectBuilder::getBuilder(xmltooling::QName(samlconstants::SAML20_NS,KeyInfoConfirmationDataType::TYPE_NAME)) ); if (b) +#ifdef HAVE_COVARIANT_RETURNS return b->buildObject(); +#else + return dynamic_cast(b->buildObject()); +#endif throw xmltooling::XMLObjectException("Unable to obtain typed builder for KeyInfoConfirmationDataType."); } }; - + /** - * Registers builders and validators for Assertion classes into the runtime. + * Registers builders and validators for SAML 2.0 Assertion classes into the runtime. */ void SAML_API registerAssertionClasses(); };