Enforce single appearance of certain conditions.

diff --git a/saml/saml1/core/impl/AssertionsSchemaValidators.cpp b/saml/saml1/core/impl/AssertionsSchemaValidators.cpp
index b57fec7..0acf070 100644 (file)
--- a/saml/saml1/core/impl/AssertionsSchemaValidators.cpp
+++ b/saml/saml1/core/impl/AssertionsSchemaValidators.cpp
@@ -49,6 +49,9 @@ namespace opensaml {
             if (!ptr->hasChildren()) {
                 XMLOBJECTVALIDATOR_ONEOF(Conditions,NotBefore,NotOnOrAfter);
             }
+            else if (ptr->getDoNotCacheConditions().size() > 1) {
+                throw ValidationException("Multiple DoNotCacheCondition elements are not permitted.");
+            }
         END_XMLOBJECTVALIDATOR;
 
         BEGIN_XMLOBJECTVALIDATOR(SAML_DLLLOCAL,SubjectConfirmation);

diff --git a/saml/saml2/core/impl/Assertions20SchemaValidators.cpp b/saml/saml2/core/impl/Assertions20SchemaValidators.cpp
index 3b60320..c297764 100644 (file)
--- a/saml/saml2/core/impl/Assertions20SchemaValidators.cpp
+++ b/saml/saml2/core/impl/Assertions20SchemaValidators.cpp
@@ -92,6 +92,12 @@ namespace opensaml {
             if (!ptr->hasChildren()) {
                 XMLOBJECTVALIDATOR_ONEOF(Conditions,NotBefore,NotOnOrAfter);
             }
+            else if (ptr->getOneTimeUses().size() > 1) {
+                throw ValidationException("Multiple OneTimeUse condition elements are not permitted.");
+            }
+            else if (ptr->getProxyRestrictions().size() > 1) {
+                throw ValidationException("Multiple ProxyRestriction condition elements are not permitted.");
+            }
         END_XMLOBJECTVALIDATOR;
 
         BEGIN_XMLOBJECTVALIDATOR(SAML_DLLLOCAL,KeyInfoConfirmationDataType);