#include <xmltooling/ElementProxy.h>
#include <xmltooling/SimpleElement.h>
#include <xmltooling/XMLObjectBuilder.h>
-#include <xmltooling/signature/KeyInfo.h>
+#include <xmltooling/encryption/Encryption.h>
+#include <xmltooling/signature/KeyResolver.h>
#include <xmltooling/signature/Signature.h>
#include <xmltooling/util/DateTime.h>
#include <xmltooling/validation/ValidatingXMLObject.h>
DECL_XMLOBJECT_SIMPLE(SAML_API,AuthnContextDeclRef,Reference,SAML 2.0 AuthnContextDeclRef element);
DECL_XMLOBJECT_SIMPLE(SAML_API,AuthenticatingAuthority,ID,SAML 2.0 AuthenticatingAuthority element);
+ BEGIN_XMLOBJECT(SAML_API,EncryptedElementType,xmltooling::XMLObject,SAML 2.0 EncryptedElementType type);
+ DECL_TYPED_FOREIGN_CHILD(EncryptedData,xmlencryption);
+ DECL_TYPED_FOREIGN_CHILDREN(EncryptedKey,xmlencryption);
+ /** EncryptedElementType local name */
+ static const XMLCh TYPE_NAME[];
+
+ /**
+ * Decrypts the element using a standard approach based on a wrapped decryption key
+ * inside the message. The key decryption key should be supplied using the provided
+ * resolver. The recipient name may be used when multiple encrypted keys are found.
+ * The object returned will be unmarshalled around the decrypted DOM element, but the
+ * DOM itself will be released.
+ *
+ * @param KEKresolver resolver supplying key decryption key
+ * @param recipient identifier naming the recipient (the entity performing the decryption)
+ * @return the decrypted and unmarshalled object
+ */
+ virtual xmltooling::XMLObject* decrypt(xmlsignature::KeyResolver* KEKresolver, const XMLCh* recipient) const=0;
+ END_XMLOBJECT;
+
+ BEGIN_XMLOBJECT(SAML_API,EncryptedID,EncryptedElementType,SAML 2.0 EncryptedID element);
+ END_XMLOBJECT;
+
BEGIN_XMLOBJECT(SAML_API,BaseID,xmltooling::XMLObject,SAML 2.0 BaseIDAbstractType abstract type);
DECL_STRING_ATTRIB(NameQualifier,NAMEQUALIFIER);
DECL_STRING_ATTRIB(SPNameQualifier,SPNAMEQUALIFIER);
DECL_STRING_ATTRIB(Method,METHOD);
DECL_TYPED_CHILD(BaseID);
DECL_TYPED_CHILD(NameID);
- //DECL_TYPED_CHILD(EncryptedID);
+ DECL_TYPED_CHILD(EncryptedID);
DECL_XMLOBJECT_CHILD(SubjectConfirmationData);
DECL_TYPED_CHILD(KeyInfoConfirmationDataType);
/** SubjectConfirmationType local name */
BEGIN_XMLOBJECT(SAML_API,Subject,xmltooling::XMLObject,SAML 2.0 Subject element);
DECL_TYPED_CHILD(BaseID);
DECL_TYPED_CHILD(NameID);
- //DECL_TYPED_CHILD(EncryptedID);
+ DECL_TYPED_CHILD(EncryptedID);
DECL_TYPED_CHILDREN(SubjectConfirmation);
/** SubjectType local name */
static const XMLCh TYPE_NAME[];
static const XMLCh TYPE_NAME[];
END_XMLOBJECT;
+ BEGIN_XMLOBJECT(SAML_API,EncryptedAttribute,EncryptedElementType,SAML 2.0 EncryptedAttribute element);
+ END_XMLOBJECT;
+
BEGIN_XMLOBJECT(SAML_API,AttributeStatement,Statement,SAML 2.0 AttributeStatement element);
DECL_TYPED_CHILDREN(Attribute);
- //DECL_TYPED_CHILDREN(EncryptedAttribute);
+ DECL_TYPED_CHILDREN(EncryptedAttribute);
/** AttributeStatementType local name */
static const XMLCh TYPE_NAME[];
END_XMLOBJECT;
+ BEGIN_XMLOBJECT(SAML_API,EncryptedAssertion,EncryptedElementType,SAML 2.0 EncryptedAssertion element);
+ END_XMLOBJECT;
+
BEGIN_XMLOBJECT(SAML_API,Advice,xmltooling::XMLObject,SAML 2.0 Advice element);
DECL_TYPED_CHILDREN(AssertionIDRef);
DECL_TYPED_CHILDREN(AssertionURIRef);
DECL_TYPED_CHILDREN(Assertion);
- //DECL_TYPED_CHILDREN(EncryptedAssertion);
+ DECL_TYPED_CHILDREN(EncryptedAssertion);
DECL_XMLOBJECT_CHILDREN(Other);
/** AdviceType local name */
static const XMLCh TYPE_NAME[];
DECL_SAML2OBJECTBUILDER(AuthnStatement);
DECL_SAML2OBJECTBUILDER(AuthzDecisionStatement);
DECL_SAML2OBJECTBUILDER(Conditions);
+ DECL_SAML2OBJECTBUILDER(EncryptedAssertion);
+ DECL_SAML2OBJECTBUILDER(EncryptedAttribute);
+ DECL_SAML2OBJECTBUILDER(EncryptedID);
DECL_SAML2OBJECTBUILDER(Evidence);
DECL_SAML2OBJECTBUILDER(Issuer);
DECL_SAML2OBJECTBUILDER(NameID);
#include "internal.h"
#include "exceptions.h"
+#include "saml/encryption/EncryptedKeyResolver.h"
#include "saml2/core/Assertions.h"
#include <xmltooling/AbstractChildlessElement.h>
#include <xmltooling/AbstractComplexElement.h>
#include <xmltooling/AbstractElementProxy.h>
#include <xmltooling/AbstractSimpleElement.h>
+#include <xmltooling/encryption/Decrypter.h>
#include <xmltooling/impl/AnyElement.h>
#include <xmltooling/io/AbstractXMLObjectMarshaller.h>
#include <xmltooling/io/AbstractXMLObjectUnmarshaller.h>
using namespace opensaml::saml2;
using namespace opensaml;
+using namespace xmlencryption;
using namespace xmlsignature;
using namespace xmltooling;
using namespace std;
PROC_STRING_ATTRIB(SPNameQualifier,SPNAMEQUALIFIER,NULL);
PROC_STRING_ATTRIB(Format,FORMAT,NULL);
PROC_STRING_ATTRIB(SPProvidedID,SPPROVIDEDID,NULL);
+ AbstractXMLObjectUnmarshaller::processAttribute(attribute);
}
};
}
};
+ class SAML_DLLLOCAL EncryptedElementTypeImpl : public virtual EncryptedElementType,
+ public AbstractComplexElement,
+ public AbstractDOMCachingXMLObject,
+ public AbstractValidatingXMLObject,
+ public AbstractXMLObjectMarshaller,
+ public AbstractXMLObjectUnmarshaller
+ {
+ void init() {
+ m_EncryptedData=NULL;
+ m_children.push_back(NULL);
+ m_pos_EncryptedData=m_children.begin();
+ }
+
+ protected:
+ EncryptedElementTypeImpl() {
+ init();
+ }
+
+ public:
+ virtual ~EncryptedElementTypeImpl() {}
+
+ EncryptedElementTypeImpl(const XMLCh* nsURI, const XMLCh* localName, const XMLCh* prefix, const QName* schemaType)
+ : AbstractXMLObject(nsURI, localName, prefix, schemaType) {
+ init();
+ }
+
+ EncryptedElementTypeImpl(const EncryptedElementTypeImpl& src)
+ : AbstractXMLObject(src), AbstractDOMCachingXMLObject(src), AbstractValidatingXMLObject(src) {
+ init();
+ if (src.getEncryptedData())
+ setEncryptedData(src.getEncryptedData()->cloneEncryptedData());
+ VectorOf(EncryptedKey) v=getEncryptedKeys();
+ for (vector<EncryptedKey*>::const_iterator i=src.m_EncryptedKeys.begin(); i!=src.m_EncryptedKeys.end(); i++) {
+ if (*i) {
+ v.push_back((*i)->cloneEncryptedKey());
+ }
+ }
+ }
+
+ XMLObject* decrypt(KeyResolver* KEKresolver, const XMLCh* recipient) const
+ {
+ if (!m_EncryptedData)
+ throw DecryptionException("No encrypted data present.");
+ Decrypter decrypter(KEKresolver, new EncryptedKeyResolver(*this, recipient));
+ DOMDocumentFragment* frag = decrypter.decryptData(m_EncryptedData);
+ if (frag->hasChildNodes() && frag->getFirstChild()==frag->getLastChild()) {
+ DOMNode* plaintext=frag->getFirstChild();
+ if (plaintext->getNodeType()==DOMNode::ELEMENT_NODE) {
+ auto_ptr<XMLObject> ret(XMLObjectBuilder::buildOneFromElement(static_cast<DOMElement*>(plaintext)));
+ ret->releaseThisAndChildrenDOM();
+ return ret.release();
+ }
+ }
+ frag->release();
+ throw DecryptionException("Decryption did not result in a single element.");
+ }
+
+ IMPL_XMLOBJECT_CLONE(EncryptedElementType);
+ IMPL_TYPED_FOREIGN_CHILD(EncryptedData,xmlencryption);
+ IMPL_TYPED_FOREIGN_CHILDREN(EncryptedKey,xmlencryption,m_children.end());
+
+ protected:
+ void processChildElement(XMLObject* childXMLObject, const DOMElement* root) {
+ PROC_TYPED_FOREIGN_CHILD(EncryptedData,xmlencryption,XMLConstants::XMLENC_NS,false);
+ PROC_TYPED_FOREIGN_CHILDREN(EncryptedKey,xmlencryption,XMLConstants::XMLENC_NS,false);
+ AbstractXMLObjectUnmarshaller::processChildElement(childXMLObject,root);
+ }
+ };
+
+ class SAML_DLLLOCAL EncryptedIDImpl : public virtual EncryptedID, public EncryptedElementTypeImpl
+ {
+ public:
+ virtual ~EncryptedIDImpl() {}
+
+ EncryptedIDImpl(const XMLCh* nsURI, const XMLCh* localName, const XMLCh* prefix, const QName* schemaType)
+ : AbstractXMLObject(nsURI, localName, prefix, schemaType) {}
+
+ EncryptedIDImpl(const EncryptedIDImpl& src) : AbstractXMLObject(src), EncryptedElementTypeImpl(src) {}
+
+ IMPL_XMLOBJECT_CLONE(EncryptedID);
+ EncryptedElementType* cloneEncryptedElementType() const {
+ return new EncryptedIDImpl(*this);
+ }
+ };
+
class SAML_DLLLOCAL AudienceRestrictionImpl : public virtual AudienceRestriction,
public AbstractComplexElement,
public AbstractDOMCachingXMLObject,
void processAttribute(const DOMAttr* attribute) {
PROC_INTEGER_ATTRIB(Count,COUNT,NULL);
+ AbstractXMLObjectUnmarshaller::processAttribute(attribute);
}
};
void processAttribute(const DOMAttr* attribute) {
PROC_DATETIME_ATTRIB(NotBefore,NOTBEFORE,NULL);
PROC_DATETIME_ATTRIB(NotOnOrAfter,NOTONORAFTER,NULL);
+ AbstractXMLObjectUnmarshaller::processAttribute(attribute);
}
};
m_Method=NULL;
m_BaseID=NULL;
m_NameID=NULL;
- //m_EncryptedID=NULL;
+ m_EncryptedID=NULL;
m_SubjectConfirmationData=NULL;
m_KeyInfoConfirmationDataType=NULL;
m_children.push_back(NULL);
m_pos_BaseID=m_children.begin();
m_pos_NameID=m_pos_BaseID;
++m_pos_NameID;
- m_pos_SubjectConfirmationData=m_pos_NameID;
+ m_pos_EncryptedID=m_pos_NameID;
+ ++m_pos_EncryptedID;
+ m_pos_SubjectConfirmationData=m_pos_EncryptedID;
++m_pos_SubjectConfirmationData;
m_pos_KeyInfoConfirmationDataType=m_pos_SubjectConfirmationData;
++m_pos_KeyInfoConfirmationDataType;
setBaseID(src.getBaseID()->cloneBaseID());
if (src.getNameID())
setNameID(src.getNameID()->cloneNameID());
- //if (src.getEncryptedID())
- //setEncryptedID(src.getEncryptedID()->cloneEncryptedID());
+ if (src.getEncryptedID())
+ setEncryptedID(src.getEncryptedID()->cloneEncryptedID());
if (src.getSubjectConfirmationData())
setSubjectConfirmationData(src.getSubjectConfirmationData()->clone());
if (src.getKeyInfoConfirmationDataType())
IMPL_STRING_ATTRIB(Method);
IMPL_TYPED_CHILD(BaseID);
IMPL_TYPED_CHILD(NameID);
- //IMPL_TYPED_CHILD(EncryptedID);
+ IMPL_TYPED_CHILD(EncryptedID);
IMPL_XMLOBJECT_CHILD(SubjectConfirmationData);
IMPL_TYPED_CHILD(KeyInfoConfirmationDataType);
void processChildElement(XMLObject* childXMLObject, const DOMElement* root) {
PROC_TYPED_CHILD(BaseID,SAMLConstants::SAML20_NS,false);
PROC_TYPED_CHILD(NameID,SAMLConstants::SAML20_NS,false);
- //PROC_TYPED_CHILD(EncryptedID,SAMLConstants::SAML20_NS,false);
+ PROC_TYPED_CHILD(EncryptedID,SAMLConstants::SAML20_NS,false);
PROC_XMLOBJECT_CHILD(SubjectConfirmationData,SAMLConstants::SAML20_NS);
PROC_TYPED_CHILD(KeyInfoConfirmationDataType,SAMLConstants::SAML20_NS,false);
AbstractXMLObjectUnmarshaller::processChildElement(childXMLObject,root);
void processAttribute(const DOMAttr* attribute) {
PROC_STRING_ATTRIB(Method,METHOD,NULL);
+ AbstractXMLObjectUnmarshaller::processAttribute(attribute);
}
};
m_pos_BaseID=m_children.begin();
m_pos_NameID=m_pos_BaseID;
++m_pos_NameID;
- //m_pos_EncryptedID=m_pos_NameID;
- //++m_pos_EncryptedID;
+ m_pos_EncryptedID=m_pos_NameID;
+ ++m_pos_EncryptedID;
}
public:
virtual ~SubjectImpl() {}
setBaseID(src.getBaseID()->cloneBaseID());
if (src.getNameID())
setNameID(src.getNameID()->cloneNameID());
- //if (src.getEncryptedID())
- //setEncryptedID(src.getEncryptedID()->cloneEncryptedID());
+ if (src.getEncryptedID())
+ setEncryptedID(src.getEncryptedID()->cloneEncryptedID());
VectorOf(SubjectConfirmation) v=getSubjectConfirmations();
for (vector<SubjectConfirmation*>::const_iterator i=src.m_SubjectConfirmations.begin(); i!=src.m_SubjectConfirmations.end(); i++) {
if (*i) {
IMPL_XMLOBJECT_CLONE(Subject);
IMPL_TYPED_CHILD(NameID);
IMPL_TYPED_CHILD(BaseID);
- //IMPL_TYPED_CHILD(EncryptedID);
+ IMPL_TYPED_CHILD(EncryptedID);
IMPL_TYPED_CHILDREN(SubjectConfirmation,m_children.end());
protected:
void processChildElement(XMLObject* childXMLObject, const DOMElement* root) {
PROC_TYPED_CHILD(BaseID,SAMLConstants::SAML20_NS,false);
PROC_TYPED_CHILD(NameID,SAMLConstants::SAML20_NS,false);
- //PROC_TYPED_CHILD(EncryptedID,SAMLConstants::SAML20_NS,false);
+ PROC_TYPED_CHILD(EncryptedID,SAMLConstants::SAML20_NS,false);
PROC_TYPED_CHILDREN(SubjectConfirmation,SAMLConstants::SAML20_NS,false);
AbstractXMLObjectUnmarshaller::processChildElement(childXMLObject,root);
}
void processAttribute(const DOMAttr* attribute) {
PROC_STRING_ATTRIB(Address,ADDRESS,NULL);
PROC_STRING_ATTRIB(DNSName,DNSNAME,NULL);
+ AbstractXMLObjectUnmarshaller::processAttribute(attribute);
}
};
PROC_DATETIME_ATTRIB(AuthnInstant,AUTHNINSTANT,NULL);
PROC_STRING_ATTRIB(SessionIndex,SESSIONINDEX,NULL);
PROC_DATETIME_ATTRIB(SessionNotOnOrAfter,SESSIONNOTONORAFTER,NULL);
+ AbstractXMLObjectUnmarshaller::processAttribute(attribute);
}
};
void processAttribute(const DOMAttr* attribute) {
PROC_STRING_ATTRIB(Namespace,NAMESPACE,NULL);
+ AbstractXMLObjectUnmarshaller::processAttribute(attribute);
}
};
void processAttribute(const DOMAttr* attribute) {
PROC_STRING_ATTRIB(Resource,RESOURCE,NULL);
PROC_STRING_ATTRIB(Decision,DECISION,NULL);
+ AbstractXMLObjectUnmarshaller::processAttribute(attribute);
}
};
}
};
+ class SAML_DLLLOCAL EncryptedAttributeImpl : public virtual EncryptedAttribute, public EncryptedElementTypeImpl
+ {
+ public:
+ virtual ~EncryptedAttributeImpl() {}
+
+ EncryptedAttributeImpl(const XMLCh* nsURI, const XMLCh* localName, const XMLCh* prefix, const QName* schemaType)
+ : AbstractXMLObject(nsURI, localName, prefix, schemaType) {}
+
+ EncryptedAttributeImpl(const EncryptedAttributeImpl& src) : AbstractXMLObject(src), EncryptedElementTypeImpl(src) {}
+
+ IMPL_XMLOBJECT_CLONE(EncryptedAttribute);
+ EncryptedElementType* cloneEncryptedElementType() const {
+ return new EncryptedAttributeImpl(*this);
+ }
+ };
+
class SAML_DLLLOCAL AttributeStatementImpl : public virtual AttributeStatement,
public AbstractComplexElement,
public AbstractDOMCachingXMLObject,
continue;
}
- /*
EncryptedAttribute* enc=dynamic_cast<EncryptedAttribute*>(*i);
if (enc) {
getEncryptedAttributes().push_back(enc->cloneEncryptedAttribute());
continue;
}
- */
}
}
}
return cloneAttributeStatement();
}
IMPL_TYPED_CHILDREN(Attribute, m_children.end());
- //IMPL_TYPED_CHILDREN(EncryptedAttribute, m_children.end());
+ IMPL_TYPED_CHILDREN(EncryptedAttribute, m_children.end());
protected:
void processChildElement(XMLObject* childXMLObject, const DOMElement* root) {
PROC_TYPED_CHILDREN(Attribute,SAMLConstants::SAML20_NS,false);
- //PROC_TYPED_CHILDREN(EncryptedAttribute,SAMLConstants::SAML20_NS,false);
+ PROC_TYPED_CHILDREN(EncryptedAttribute,SAMLConstants::SAML20_NS,false);
AbstractXMLObjectUnmarshaller::processChildElement(childXMLObject,root);
}
};
continue;
}
- /*
EncryptedAssertion* enc=dynamic_cast<EncryptedAssertion*>(*i);
if (enc) {
getEncryptedAssertions().push_back(enc->cloneEncryptedAssertion());
continue;
}
- */
+
getOthers().push_back((*i)->clone());
}
}
IMPL_TYPED_CHILDREN(AssertionIDRef,m_children.end());
IMPL_TYPED_CHILDREN(AssertionURIRef,m_children.end());
IMPL_TYPED_CHILDREN(Assertion,m_children.end());
- //IMPL_TYPED_CHILDREN(EncryptedAssertion,m_children.end());
+ IMPL_TYPED_CHILDREN(EncryptedAssertion,m_children.end());
IMPL_XMLOBJECT_CHILDREN(Other,m_children.end());
protected:
PROC_TYPED_CHILDREN(AssertionIDRef,SAMLConstants::SAML20_NS,false);
PROC_TYPED_CHILDREN(AssertionURIRef,SAMLConstants::SAML20_NS,false);
PROC_TYPED_CHILDREN(Assertion,SAMLConstants::SAML20_NS,false);
- //PROC_TYPED_CHILDREN(EncryptedAssertion,SAMLConstants::SAML20_NS,false);
+ PROC_TYPED_CHILDREN(EncryptedAssertion,SAMLConstants::SAML20_NS,false);
// Unknown child.
const XMLCh* nsURI=root->getNamespaceURI();
- if (!XMLString::equals(nsURI,SAMLConstants::SAML20_NS) && nsURI && *nsURI)
+ if (!XMLString::equals(nsURI,SAMLConstants::SAML20_NS) && nsURI && *nsURI) {
getOthers().push_back(childXMLObject);
+ return;
+ }
AbstractXMLObjectUnmarshaller::processChildElement(childXMLObject,root);
}
};
+ class SAML_DLLLOCAL EncryptedAssertionImpl : public virtual EncryptedAssertion, public EncryptedElementTypeImpl
+ {
+ public:
+ virtual ~EncryptedAssertionImpl() {}
+
+ EncryptedAssertionImpl(const XMLCh* nsURI, const XMLCh* localName, const XMLCh* prefix, const QName* schemaType)
+ : AbstractXMLObject(nsURI, localName, prefix, schemaType) {}
+
+ EncryptedAssertionImpl(const EncryptedAssertionImpl& src) : AbstractXMLObject(src), EncryptedElementTypeImpl(src) {}
+
+ IMPL_XMLOBJECT_CLONE(EncryptedAssertion);
+ EncryptedElementType* cloneEncryptedElementType() const {
+ return new EncryptedAssertionImpl(*this);
+ }
+ };
+
class SAML_DLLLOCAL AssertionImpl : public virtual Assertion,
public AbstractComplexElement,
public AbstractDOMCachingXMLObject,
PROC_STRING_ATTRIB(Version,VER,NULL);
PROC_ID_ATTRIB(ID,ID,NULL);
PROC_DATETIME_ATTRIB(IssueInstant,ISSUEINSTANT,NULL);
+ AbstractXMLObjectUnmarshaller::processAttribute(attribute);
}
};
IMPL_XMLOBJECTBUILDER(AuthnStatement);
IMPL_XMLOBJECTBUILDER(AuthzDecisionStatement);
IMPL_XMLOBJECTBUILDER(Conditions);
+IMPL_XMLOBJECTBUILDER(EncryptedAssertion);
+IMPL_XMLOBJECTBUILDER(EncryptedAttribute);
+IMPL_XMLOBJECTBUILDER(EncryptedID);
IMPL_XMLOBJECTBUILDER(Evidence);
IMPL_XMLOBJECTBUILDER(Issuer);
IMPL_XMLOBJECTBUILDER(KeyInfoConfirmationDataType);
const XMLCh Conditions::TYPE_NAME[] = UNICODE_LITERAL_14(C,o,n,d,i,t,i,o,n,s,T,y,p,e);
const XMLCh Conditions::NOTBEFORE_ATTRIB_NAME[] = UNICODE_LITERAL_9(N,o,t,B,e,f,o,r,e);
const XMLCh Conditions::NOTONORAFTER_ATTRIB_NAME[] =UNICODE_LITERAL_12(N,o,t,O,n,O,r,A,f,t,e,r);
+const XMLCh EncryptedAssertion::LOCAL_NAME[] = UNICODE_LITERAL_18(E,n,c,r,y,p,t,e,d,A,s,s,e,r,t,i,o,n);
+const XMLCh EncryptedAttribute::LOCAL_NAME[] = UNICODE_LITERAL_18(E,n,c,r,y,p,t,e,d,A,t,t,r,i,b,u,t,e);
+const XMLCh EncryptedElementType::LOCAL_NAME[] = {chNull};
+const XMLCh EncryptedElementType::TYPE_NAME[] = UNICODE_LITERAL_20(E,n,c,r,y,p,t,e,d,E,l,e,m,e,n,t,T,y,p,e);
+const XMLCh EncryptedID::LOCAL_NAME[] = UNICODE_LITERAL_11(E,n,c,r,y,p,t,e,d,I,d);
const XMLCh Evidence::LOCAL_NAME[] = UNICODE_LITERAL_8(E,v,i,d,e,n,c,e);
const XMLCh Evidence::TYPE_NAME[] = UNICODE_LITERAL_12(E,v,i,d,e,n,c,e,T,y,p,e);
const XMLCh Issuer::LOCAL_NAME[] = UNICODE_LITERAL_6(I,s,s,u,e,r);