X-Git-Url: http://www.project-moonshot.org/gitweb/?p=shibboleth%2Fcpp-opensaml.git;a=blobdiff_plain;f=saml%2Fsaml2%2Fmetadata%2FMetadata.h;h=5d16df0bdd50371c847071f3f9d8e0700af4f70d;hp=9fcb4e2b08f1744f9b806f0237d23f6bdbda576e;hb=48857ad9a82c4695800123ecef931e7f8d9de199;hpb=b1614d3c1fc1f4230ab2a123f43994127c25462c diff --git a/saml/saml2/metadata/Metadata.h b/saml/saml2/metadata/Metadata.h index 9fcb4e2..5d16df0 100644 --- a/saml/saml2/metadata/Metadata.h +++ b/saml/saml2/metadata/Metadata.h @@ -1,6 +1,6 @@ /* - * Copyright 2001-2007 Internet2 - * + * Copyright 2001-2009 Internet2 + * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at @@ -16,7 +16,7 @@ /** * @file saml/saml2/metadata/Metadata.h - * + * * XMLObjects representing the SAML 2.0 Metadata schema */ @@ -24,6 +24,7 @@ #define __saml2_metadata_h__ #include +#include #include @@ -37,7 +38,7 @@ namespace opensaml { * SAML 2.0 metadata namespace */ namespace saml2md { - + /** * Base class for metadata objects that feature a cacheDuration attribute. */ @@ -64,6 +65,10 @@ namespace opensaml { bool isValid() const { return time(NULL) <= getValidUntilEpoch(); } + /** Returns true iff the object is valid at the supplied time. */ + bool isValid(time_t t) const { + return t <= getValidUntilEpoch(); + } }; DECL_XMLOBJECT_SIMPLE(SAML_API,AffiliateMember,ID,SAML 2.0 AffiliateMember element); @@ -74,7 +79,7 @@ namespace opensaml { DECL_XMLOBJECT_SIMPLE(SAML_API,NameIDFormat,Format,SAML 2.0 NameIDFormat element); DECL_XMLOBJECT_SIMPLE(SAML_API,SurName,Name,SAML 2.0 SurName element); DECL_XMLOBJECT_SIMPLE(SAML_API,TelephoneNumber,Number,SAML 2.0 TelephoneNumber element); - + DECL_XMLOBJECT_SIMPLE(SAML_API,ActionNamespace,Namespace,SAML 2.0 Metadata Extension ActionNamespace element); DECL_XMLOBJECT_SIMPLE(SAML_API,SourceID,ID,SAML 1.x Metadata Profile SourceID element); @@ -101,7 +106,7 @@ namespace opensaml { BEGIN_XMLOBJECT(SAML_API,OrganizationURL,localizedURIType,SAML 2.0 OrganizationURL element); DECL_SIMPLE_CONTENT(URL); END_XMLOBJECT; - + BEGIN_XMLOBJECT(SAML_API,Extensions,xmltooling::ElementExtensibleXMLObject,SAML 2.0 Extensions element); /** ExtensionsType local name */ static const XMLCh TYPE_NAME[]; @@ -163,6 +168,8 @@ namespace opensaml { DECL_STRING_ATTRIB(ProtocolSupportEnumeration,PROTOCOLSUPPORTENUMERATION); /** Searches the ProtocolSupportEnumeration attribute for the indicated protocol. */ virtual bool hasSupport(const XMLCh* protocol) const=0; + /** Adds the indicated protocol to the ProtocolSupportEnumeration attribute. */ + virtual void addSupport(const XMLCh* protocol)=0; DECL_STRING_ATTRIB(ErrorURL,ERRORURL); DECL_TYPED_CHILD(Extensions); DECL_TYPED_CHILDREN(KeyDescriptor); @@ -170,6 +177,9 @@ namespace opensaml { DECL_TYPED_CHILDREN(ContactPerson); END_XMLOBJECT; + BEGIN_XMLOBJECT2(SAML_API,RoleDescriptorType,RoleDescriptor,xmltooling::ElementExtensibleXMLObject,SAML 2.0 RoleDescriptor extension); + END_XMLOBJECT; + BEGIN_XMLOBJECT(SAML_API,EndpointType,xmltooling::ElementProxy,SAML 2.0 EndpointType type); DECL_STRING_ATTRIB(Binding,BINDING); DECL_STRING_ATTRIB(Location,LOCATION); @@ -221,6 +231,7 @@ namespace opensaml { DECL_TYPED_FOREIGN_CHILDREN(Attribute,saml2); /** IDPSSODescriptorType local name */ static const XMLCh TYPE_NAME[]; + DECL_ELEMENT_QNAME; END_XMLOBJECT; BEGIN_XMLOBJECT(SAML_API,ServiceName,localizedNameType,SAML 2.0 ServiceName element); @@ -257,6 +268,7 @@ namespace opensaml { DECL_TYPED_CHILDREN(AttributeConsumingService); /** SPSSODescriptorType local name */ static const XMLCh TYPE_NAME[]; + DECL_ELEMENT_QNAME; END_XMLOBJECT; BEGIN_XMLOBJECT(SAML_API,AuthnQueryService,EndpointType,SAML 2.0 AuthnQueryService element); @@ -268,6 +280,7 @@ namespace opensaml { DECL_TYPED_CHILDREN(NameIDFormat); /** AuthnAuthorityDescriptorType local name */ static const XMLCh TYPE_NAME[]; + DECL_ELEMENT_QNAME; END_XMLOBJECT; BEGIN_XMLOBJECT(SAML_API,AuthzService,EndpointType,SAML 2.0 AuthzService element); @@ -279,6 +292,7 @@ namespace opensaml { DECL_TYPED_CHILDREN(NameIDFormat); /** PDPDescriptorType local name */ static const XMLCh TYPE_NAME[]; + DECL_ELEMENT_QNAME; END_XMLOBJECT; BEGIN_XMLOBJECT(SAML_API,AttributeService,EndpointType,SAML 2.0 AttributeService element); @@ -292,6 +306,7 @@ namespace opensaml { DECL_TYPED_FOREIGN_CHILDREN(Attribute,saml2); /** AttributeAuthorityDescriptorType local name */ static const XMLCh TYPE_NAME[]; + DECL_ELEMENT_QNAME; END_XMLOBJECT; BEGIN_XMLOBJECT(SAML_API,QueryDescriptorType,RoleDescriptor,SAML 2.0 QueryDescriptorType abstract type); @@ -304,18 +319,21 @@ namespace opensaml { BEGIN_XMLOBJECT(SAML_API,AuthnQueryDescriptorType,QueryDescriptorType,SAML 2.0 AuthnQueryDescriptorType extension type); /** AuthnQueryDescriptorType local name */ static const XMLCh TYPE_NAME[]; + DECL_TYPE_QNAME; END_XMLOBJECT; BEGIN_XMLOBJECT(SAML_API,AttributeQueryDescriptorType,QueryDescriptorType,SAML 2.0 AttributeQueryDescriptorType extension type); DECL_TYPED_CHILDREN(AttributeConsumingService); /** AttributeQueryDescriptorType local name */ static const XMLCh TYPE_NAME[]; + DECL_TYPE_QNAME; END_XMLOBJECT; BEGIN_XMLOBJECT(SAML_API,AuthzDecisionQueryDescriptorType,QueryDescriptorType,SAML 2.0 AuthzDecisionQueryDescriptorType extension type); DECL_TYPED_CHILDREN(ActionNamespace); /** AuthzDecisionQueryDescriptorType local name */ static const XMLCh TYPE_NAME[]; + DECL_TYPE_QNAME; END_XMLOBJECT; BEGIN_XMLOBJECT4(SAML_API,AffiliationDescriptor,xmltooling::AttributeExtensibleXMLObject,SignableObject, @@ -347,23 +365,7 @@ namespace opensaml { DECL_TYPED_CHILD(Organization); DECL_TYPED_CHILDREN(ContactPerson); DECL_TYPED_CHILDREN(AdditionalMetadataLocation); - /** Finds an IDP role supporting a given protocol. */ - virtual const IDPSSODescriptor* getIDPSSODescriptor(const XMLCh* protocol) const=0; - /** Finds an SP role supporting a given protocol. */ - virtual const SPSSODescriptor* getSPSSODescriptor(const XMLCh* protocol) const=0; - /** Finds an Authn Authority role supporting a given protocol. */ - virtual const AuthnAuthorityDescriptor* getAuthnAuthorityDescriptor(const XMLCh* protocol) const=0; - /** Finds an Attribute Authority role supporting a given protocol. */ - virtual const AttributeAuthorityDescriptor* getAttributeAuthorityDescriptor(const XMLCh* protocol) const=0; - /** Finds a PDP role supporting a given protocol. */ - virtual const PDPDescriptor* getPDPDescriptor(const XMLCh* protocol) const=0; - /** Finds an AuthnQuery role supporting a given protocol. */ - virtual const AuthnQueryDescriptorType* getAuthnQueryDescriptorType(const XMLCh* protocol) const=0; - /** Finds an AttributeQuery role supporting a given protocol. */ - virtual const AttributeQueryDescriptorType* getAttributeQueryDescriptorType(const XMLCh* protocol) const=0; - /** Finds an AuthzDecisionQuery role supporting a given protocol. */ - virtual const AuthzDecisionQueryDescriptorType* getAuthzDecisionQueryDescriptorType(const XMLCh* protocol) const=0; - /** Finds an extension role supporting a given protocol. */ + /** Finds an arbitrary role type supporting a given protocol. */ virtual const RoleDescriptor* getRoleDescriptor(const xmltooling::QName& qname, const XMLCh* protocol) const=0; /** EntityDescriptorType local name */ static const XMLCh TYPE_NAME[]; @@ -380,6 +382,69 @@ namespace opensaml { static const XMLCh TYPE_NAME[]; END_XMLOBJECT; + BEGIN_XMLOBJECT(SAML_API,EntityAttributes,xmltooling::XMLObject,SAML Metadata Extension for Entity Attributes element); + DECL_TYPED_FOREIGN_CHILDREN(Attribute,saml2); + DECL_TYPED_FOREIGN_CHILDREN(Assertion,saml2); + /** EntityAttributesType local name */ + static const XMLCh TYPE_NAME[]; + END_XMLOBJECT; + + /** + * Predicate to test a role for validity and protocol support. + */ + class isValidForProtocol + { + public: + /** + * Constructor. + * + * @param protocol support constant to test for + */ + isValidForProtocol(const XMLCh* protocol) : m_time(time(NULL)), m_protocol(protocol) { + } + + /** + * Returns true iff the supplied role is valid now and supports the right protocol. + * + * @param role role to test + * @return result of predicate + */ + bool operator()(const RoleDescriptor* role) const { + return role ? (role->isValid(m_time) && role->hasSupport(m_protocol)) : false; + } + + private: + time_t m_time; + const XMLCh* m_protocol; + }; + + /** + * Predicate to test a role for type equivalence, validity, and protocol support. + */ + class ofTypeValidForProtocol : public isValidForProtocol, public xmltooling::hasSchemaType + { + public: + /** + * Constructor. + * + * @param q schema type to test for + * @param protocol support constant to test for + */ + ofTypeValidForProtocol(const xmltooling::QName& q, const XMLCh* protocol) + : isValidForProtocol(protocol), xmltooling::hasSchemaType(q) { + } + + /** + * Returns true iff the supplied role is of the right type, valid now, and supports the right protocol. + * + * @param role role to test + * @return result of predicate + */ + bool operator()(const RoleDescriptor* role) const { + return xmltooling::hasSchemaType::operator()(role) && isValidForProtocol::operator()(role); + } + }; + DECL_SAML2MDOBJECTBUILDER(AdditionalMetadataLocation); DECL_SAML2MDOBJECTBUILDER(AffiliateMember); DECL_SAML2MDOBJECTBUILDER(AffiliationDescriptor); @@ -418,13 +483,14 @@ namespace opensaml { DECL_SAML2MDOBJECTBUILDER(SPSSODescriptor); DECL_SAML2MDOBJECTBUILDER(SurName); DECL_SAML2MDOBJECTBUILDER(TelephoneNumber); - + DECL_XMLOBJECTBUILDER(SAML_API,ActionNamespace,samlconstants::SAML20MD_QUERY_EXT_NS,samlconstants::SAML20MD_QUERY_EXT_PREFIX); DECL_XMLOBJECTBUILDER(SAML_API,SourceID,samlconstants::SAML1MD_NS,samlconstants::SAML1MD_PREFIX); + DECL_XMLOBJECTBUILDER(SAML_API,EntityAttributes,samlconstants::SAML20MD_ENTITY_ATTRIBUTE_NS,samlconstants::SAML20MD_ENTITY_ATTRIBUTE_PREFIX); /** * Builder for localizedNameType objects. - * + * * This is customized to force the element name to be specified. */ class SAML_API localizedNameTypeBuilder : public xmltooling::XMLObjectBuilder { @@ -438,7 +504,7 @@ namespace opensaml { #endif const XMLCh* nsURI, const XMLCh* localName, const XMLCh* prefix=NULL, const xmltooling::QName* schemaType=NULL ) const; - + /** Singleton builder. */ static localizedNameType* buildlocalizedNameType(const XMLCh* nsURI, const XMLCh* localName, const XMLCh* prefix=NULL) { const localizedNameTypeBuilder* b = dynamic_cast( @@ -458,7 +524,7 @@ namespace opensaml { /** * Builder for localizedURIType objects. - * + * * This is customized to force the element name to be specified. */ class SAML_API localizedURITypeBuilder : public xmltooling::XMLObjectBuilder { @@ -472,7 +538,7 @@ namespace opensaml { #endif const XMLCh* nsURI, const XMLCh* localName, const XMLCh* prefix=NULL, const xmltooling::QName* schemaType=NULL ) const; - + /** Singleton builder. */ static localizedURIType* buildlocalizedURIType(const XMLCh* nsURI, const XMLCh* localName, const XMLCh* prefix=NULL) { const localizedURITypeBuilder* b = dynamic_cast( @@ -492,7 +558,7 @@ namespace opensaml { /** * Builder for EndpointType objects. - * + * * This is customized to force the element name to be specified. */ class SAML_API EndpointTypeBuilder : public xmltooling::XMLObjectBuilder { @@ -506,7 +572,7 @@ namespace opensaml { #endif const XMLCh* nsURI, const XMLCh* localName, const XMLCh* prefix=NULL, const xmltooling::QName* schemaType=NULL ) const; - + /** Singleton builder. */ static EndpointType* buildEndpointType(const XMLCh* nsURI, const XMLCh* localName, const XMLCh* prefix=NULL) { const EndpointTypeBuilder* b = dynamic_cast( @@ -526,7 +592,7 @@ namespace opensaml { /** * Builder for IndexedEndpointType objects. - * + * * This is customized to force the element name to be specified. */ class SAML_API IndexedEndpointTypeBuilder : public xmltooling::XMLObjectBuilder { @@ -540,7 +606,7 @@ namespace opensaml { #endif const XMLCh* nsURI, const XMLCh* localName, const XMLCh* prefix=NULL, const xmltooling::QName* schemaType=NULL ) const; - + /** Singleton builder. */ static IndexedEndpointType* buildIndexedEndpointType(const XMLCh* nsURI, const XMLCh* localName, const XMLCh* prefix=NULL) { const IndexedEndpointTypeBuilder* b = dynamic_cast( @@ -559,12 +625,45 @@ namespace opensaml { }; /** + * Builder for RoleDescriptor extension objects. + * + * This is customized to force the schema type to be specified. + */ + class SAML_API RoleDescriptorBuilder : public xmltooling::XMLObjectBuilder { + public: + virtual ~RoleDescriptorBuilder() {} + /** Builder that allows element/type override. */ +#ifdef HAVE_COVARIANT_RETURNS + virtual RoleDescriptor* buildObject( +#else + virtual xmltooling::XMLObject* buildObject( +#endif + const XMLCh* nsURI, const XMLCh* localName, const XMLCh* prefix=NULL, const xmltooling::QName* schemaType=NULL + ) const; + + /** Singleton builder. */ + static RoleDescriptor* buildRoleDescriptor(const xmltooling::QName& schemaType) { + const RoleDescriptorBuilder* b = dynamic_cast( + XMLObjectBuilder::getBuilder(xmltooling::QName(samlconstants::SAML20MD_NS,RoleDescriptor::LOCAL_NAME)) + ); + if (b) { +#ifdef HAVE_COVARIANT_RETURNS + return b->buildObject(samlconstants::SAML20MD_NS, RoleDescriptor::LOCAL_NAME, samlconstants::SAML20MD_PREFIX, &schemaType); +#else + return dynamic_cast(b->buildObject(samlconstants::SAML20MD_NS, RoleDescriptor::LOCAL_NAME, samlconstants::SAML20MD_PREFIX, &schemaType)); +#endif + } + throw xmltooling::XMLObjectException("Unable to obtain typed builder for RoleDescriptor."); + } + }; + + /** * Builder for AuthnQueryDescriptorType objects. - * + * * This is customized to return a RoleDescriptor element with an * xsi:type of AuthnQueryDescriptorType. */ - class SAML_API AuthnQueryDescriptorTypeBuilder : public xmltooling::XMLObjectBuilder { + class SAML_API AuthnQueryDescriptorTypeBuilder : public xmltooling::ConcreteXMLObjectBuilder { public: virtual ~AuthnQueryDescriptorTypeBuilder() {} /** Default builder. */ @@ -574,10 +673,10 @@ namespace opensaml { virtual xmltooling::XMLObject* buildObject() const { #endif xmltooling::QName schemaType( - samlconstants::SAML20_NS,AuthnQueryDescriptorType::TYPE_NAME,samlconstants::SAML20MD_QUERY_EXT_PREFIX + samlconstants::SAML20MD_QUERY_EXT_NS,AuthnQueryDescriptorType::TYPE_NAME,samlconstants::SAML20MD_QUERY_EXT_PREFIX ); return buildObject( - samlconstants::SAML20_NS,AuthnQueryDescriptorType::LOCAL_NAME,samlconstants::SAML20_PREFIX,&schemaType + samlconstants::SAML20MD_NS,AuthnQueryDescriptorType::LOCAL_NAME,samlconstants::SAML20MD_PREFIX,&schemaType ); } /** Builder that allows element/type override. */ @@ -588,7 +687,7 @@ namespace opensaml { #endif const XMLCh* nsURI, const XMLCh* localName, const XMLCh* prefix=NULL, const xmltooling::QName* schemaType=NULL ) const; - + /** Singleton builder. */ static AuthnQueryDescriptorType* buildAuthnQueryDescriptorType() { const AuthnQueryDescriptorTypeBuilder* b = dynamic_cast( @@ -607,11 +706,11 @@ namespace opensaml { /** * Builder for AttributeQueryDescriptorType objects. - * + * * This is customized to return a RoleDescriptor element with an * xsi:type of AttributeQueryDescriptorType. */ - class SAML_API AttributeQueryDescriptorTypeBuilder : public xmltooling::XMLObjectBuilder { + class SAML_API AttributeQueryDescriptorTypeBuilder : public xmltooling::ConcreteXMLObjectBuilder { public: virtual ~AttributeQueryDescriptorTypeBuilder() {} /** Default builder. */ @@ -621,10 +720,10 @@ namespace opensaml { virtual xmltooling::XMLObject* buildObject() const { #endif xmltooling::QName schemaType( - samlconstants::SAML20_NS,AttributeQueryDescriptorType::TYPE_NAME,samlconstants::SAML20MD_QUERY_EXT_PREFIX + samlconstants::SAML20MD_QUERY_EXT_NS,AttributeQueryDescriptorType::TYPE_NAME,samlconstants::SAML20MD_QUERY_EXT_PREFIX ); return buildObject( - samlconstants::SAML20_NS,AttributeQueryDescriptorType::LOCAL_NAME,samlconstants::SAML20_PREFIX,&schemaType + samlconstants::SAML20MD_NS,AttributeQueryDescriptorType::LOCAL_NAME,samlconstants::SAML20MD_PREFIX,&schemaType ); } /** Builder that allows element/type override. */ @@ -635,7 +734,7 @@ namespace opensaml { #endif const XMLCh* nsURI, const XMLCh* localName, const XMLCh* prefix=NULL, const xmltooling::QName* schemaType=NULL ) const; - + /** Singleton builder. */ static AttributeQueryDescriptorType* buildAttributeQueryDescriptorType() { const AttributeQueryDescriptorTypeBuilder* b = dynamic_cast( @@ -654,11 +753,11 @@ namespace opensaml { /** * Builder for AuthzDecisionQueryDescriptorType objects. - * + * * This is customized to return a RoleDescriptor element with an * xsi:type of AuthzDecisionQueryDescriptorType. */ - class SAML_API AuthzDecisionQueryDescriptorTypeBuilder : public xmltooling::XMLObjectBuilder { + class SAML_API AuthzDecisionQueryDescriptorTypeBuilder : public xmltooling::ConcreteXMLObjectBuilder { public: virtual ~AuthzDecisionQueryDescriptorTypeBuilder() {} /** Default builder. */ @@ -668,10 +767,10 @@ namespace opensaml { virtual xmltooling::XMLObject* buildObject() const { #endif xmltooling::QName schemaType( - samlconstants::SAML20_NS,AuthzDecisionQueryDescriptorType::TYPE_NAME,samlconstants::SAML20MD_QUERY_EXT_PREFIX + samlconstants::SAML20MD_QUERY_EXT_NS,AuthzDecisionQueryDescriptorType::TYPE_NAME,samlconstants::SAML20MD_QUERY_EXT_PREFIX ); return buildObject( - samlconstants::SAML20_NS,AuthzDecisionQueryDescriptorType::LOCAL_NAME,samlconstants::SAML20_PREFIX,&schemaType + samlconstants::SAML20MD_NS,AuthzDecisionQueryDescriptorType::LOCAL_NAME,samlconstants::SAML20MD_PREFIX,&schemaType ); } /** Builder that allows element/type override. */ @@ -682,7 +781,7 @@ namespace opensaml { #endif const XMLCh* nsURI, const XMLCh* localName, const XMLCh* prefix=NULL, const xmltooling::QName* schemaType=NULL ) const; - + /** Singleton builder. */ static AuthzDecisionQueryDescriptorType* buildAuthzDecisionQueryDescriptorType() { const AuthzDecisionQueryDescriptorTypeBuilder* b = dynamic_cast(