From 0547a02ac67aeb6607ac96dadb25aae560aecf20 Mon Sep 17 00:00:00 2001
From: Scott Cantor <cantor.2@osu.edu>
Date: Wed, 1 Sep 2010 16:34:43 +0000
Subject: [PATCH] https://issues.shibboleth.net/jira/browse/SSPCPP-304

---
 saml/saml2/metadata/Metadata.h                     |  30 +++
 saml/saml2/metadata/MetadataCredentialCriteria.h   |   1 +
 .../metadata/impl/MetadataCredentialCriteria.cpp   |  10 +
 saml/saml2/metadata/impl/MetadataImpl.cpp          | 209 +++++++++++++++++++++
 .../metadata/impl/MetadataSchemaValidators.cpp     |  24 +++
 saml/util/SAMLConstants.cpp                        |  20 ++
 saml/util/SAMLConstants.h                          |  12 ++
 7 files changed, 306 insertions(+)

diff --git a/saml/saml2/metadata/Metadata.h b/saml/saml2/metadata/Metadata.h
index e609f66..a213434 100644
--- a/saml/saml2/metadata/Metadata.h
+++ b/saml/saml2/metadata/Metadata.h
@@ -33,6 +33,11 @@
 #define DECL_SAML2MDOBJECTBUILDER(cname) \
     DECL_XMLOBJECTBUILDER(SAML_API,cname,samlconstants::SAML20MD_NS,samlconstants::SAML20MD_PREFIX)
 
+namespace xmltooling {
+    class XMLTOOL_API Credential;
+    class XMLTOOL_API CredentialResolver;
+}
+
 namespace xmlencryption {
     class XMLTOOL_API EncryptionMethod;
 };
@@ -45,6 +50,9 @@ namespace opensaml {
      */
     namespace saml2md {
 
+        class SAML_API DigestMethod;
+        class SAML_API SigningMethod;
+
         /**
          * Base class for metadata objects that feature a cacheDuration attribute.
          */
@@ -181,6 +189,12 @@ namespace opensaml {
             DECL_TYPED_CHILDREN(KeyDescriptor);
             DECL_TYPED_CHILD(Organization);
             DECL_TYPED_CHILDREN(ContactPerson);
+            /** Returns the first digest method supported by the role and the underlying implementation, if any. */
+            virtual const DigestMethod* getDigestMethod() const;
+            /** Returns the first signing method supported by the role and the underlying implementation, if any, along with a matching credential. */
+            virtual std::pair<const SigningMethod*,const xmltooling::Credential*> getSigningMethod(
+                const xmltooling::CredentialResolver& resolver, xmltooling::CredentialCriteria& cc
+                ) const;
         END_XMLOBJECT;
 
         BEGIN_XMLOBJECT2(SAML_API,RoleDescriptorType,RoleDescriptor,xmltooling::ElementExtensibleXMLObject,SAML 2.0 RoleDescriptor extension);
@@ -395,6 +409,20 @@ namespace opensaml {
             static const XMLCh TYPE_NAME[];
         END_XMLOBJECT;
 
+        BEGIN_XMLOBJECT(SAML_API,DigestMethod,xmltooling::ElementExtensibleXMLObject,SAML Metadata Extension for Algorithm Support DigestMethod element);
+            DECL_STRING_ATTRIB(Algorithm,ALGORITHM);
+            /** DigestMethodType local name */
+            static const XMLCh TYPE_NAME[];
+        END_XMLOBJECT;
+
+        BEGIN_XMLOBJECT(SAML_API,SigningMethod,xmltooling::ElementExtensibleXMLObject,SAML Metadata Extension for Algorithm Support SigningMethod element);
+            DECL_STRING_ATTRIB(Algorithm,ALGORITHM);
+            DECL_INTEGER_ATTRIB(MinKeySize,MINKEYSIZE);
+            DECL_INTEGER_ATTRIB(MaxKeySize,MAXKEYSIZE);
+            /** SigningMethodType local name */
+            static const XMLCh TYPE_NAME[];
+        END_XMLOBJECT;
+
         /**
          * Predicate to test a role for validity and protocol support.
          */
@@ -493,6 +521,8 @@ namespace opensaml {
         DECL_XMLOBJECTBUILDER(SAML_API,ActionNamespace,samlconstants::SAML20MD_QUERY_EXT_NS,samlconstants::SAML20MD_QUERY_EXT_PREFIX);
         DECL_XMLOBJECTBUILDER(SAML_API,SourceID,samlconstants::SAML1MD_NS,samlconstants::SAML1MD_PREFIX);
         DECL_XMLOBJECTBUILDER(SAML_API,EntityAttributes,samlconstants::SAML20MD_ENTITY_ATTRIBUTE_NS,samlconstants::SAML20MD_ENTITY_ATTRIBUTE_PREFIX);
+        DECL_XMLOBJECTBUILDER(SAML_API,DigestMethod,samlconstants::SAML20MD_ALGSUPPORT_NS,samlconstants::SAML20MD_ALGSUPPORT_PREFIX);
+        DECL_XMLOBJECTBUILDER(SAML_API,SigningMethod,samlconstants::SAML20MD_ALGSUPPORT_NS,samlconstants::SAML20MD_ALGSUPPORT_PREFIX);
 
         /**
          * Builder for localizedNameType objects.
diff --git a/saml/saml2/metadata/MetadataCredentialCriteria.h b/saml/saml2/metadata/MetadataCredentialCriteria.h
index aac4d85..901b3c6 100644
--- a/saml/saml2/metadata/MetadataCredentialCriteria.h
+++ b/saml/saml2/metadata/MetadataCredentialCriteria.h
@@ -53,6 +53,7 @@ namespace opensaml {
                 return m_role;
             }
 
+            void reset();
             bool matches(const xmltooling::Credential& credential) const;
 
         private:
diff --git a/saml/saml2/metadata/impl/MetadataCredentialCriteria.cpp b/saml/saml2/metadata/impl/MetadataCredentialCriteria.cpp
index b42d5c1..de96305 100644
--- a/saml/saml2/metadata/impl/MetadataCredentialCriteria.cpp
+++ b/saml/saml2/metadata/impl/MetadataCredentialCriteria.cpp
@@ -39,6 +39,16 @@ MetadataCredentialCriteria::MetadataCredentialCriteria(const RoleDescriptor& rol
     }
 }
 
+void MetadataCredentialCriteria::reset()
+{
+    CredentialCriteria::reset();
+    const EntityDescriptor* entity = dynamic_cast<const EntityDescriptor*>(m_role.getParent());
+    if (entity) {
+        auto_ptr_char name(entity->getEntityID());
+        setPeerName(name.get());
+    }
+}
+
 bool MetadataCredentialCriteria::matches(const Credential& credential) const
 {
     const MetadataCredentialContext* context = dynamic_cast<const MetadataCredentialContext*>(credential.getCredentalContext());
diff --git a/saml/saml2/metadata/impl/MetadataImpl.cpp b/saml/saml2/metadata/impl/MetadataImpl.cpp
index 958094a..0f99b22 100644
--- a/saml/saml2/metadata/impl/MetadataImpl.cpp
+++ b/saml/saml2/metadata/impl/MetadataImpl.cpp
@@ -27,10 +27,13 @@
 
 #include <xmltooling/AbstractComplexElement.h>
 #include <xmltooling/AbstractSimpleElement.h>
+#include <xmltooling/XMLToolingConfig.h>
 #include <xmltooling/encryption/Encryption.h>
 #include <xmltooling/impl/AnyElement.h>
 #include <xmltooling/io/AbstractXMLObjectMarshaller.h>
 #include <xmltooling/io/AbstractXMLObjectUnmarshaller.h>
+#include <xmltooling/security/CredentialCriteria.h>
+#include <xmltooling/security/CredentialResolver.h>
 #include <xmltooling/signature/KeyInfo.h>
 #include <xmltooling/signature/Signature.h>
 #include <xmltooling/util/DateTime.h>
@@ -2501,6 +2504,107 @@ namespace opensaml {
                 AbstractXMLObjectUnmarshaller::processChildElement(childXMLObject,root);
             }
         };
+
+        class SAML_DLLLOCAL DigestMethodImpl : public virtual DigestMethod,
+            public AbstractComplexElement,
+            public AbstractDOMCachingXMLObject,
+            public AbstractXMLObjectMarshaller,
+            public AbstractXMLObjectUnmarshaller
+        {
+        public:
+            virtual ~DigestMethodImpl() {
+                XMLString::release(&m_Algorithm);
+            }
+
+            DigestMethodImpl(const XMLCh* nsURI, const XMLCh* localName, const XMLCh* prefix, const xmltooling::QName* schemaType)
+                : AbstractXMLObject(nsURI, localName, prefix, schemaType) {
+                m_Algorithm = nullptr;
+            }
+
+            DigestMethodImpl(const DigestMethodImpl& src)
+                    : AbstractXMLObject(src), AbstractComplexElement(src), AbstractDOMCachingXMLObject(src) {
+                setAlgorithm(src.getAlgorithm());
+                VectorOf(XMLObject) v=getUnknownXMLObjects();
+                for (vector<XMLObject*>::const_iterator i=src.m_UnknownXMLObjects.begin(); i!=src.m_UnknownXMLObjects.end(); ++i)
+                    v.push_back((*i)->clone());
+            }
+
+            IMPL_STRING_ATTRIB(Algorithm);
+
+            IMPL_XMLOBJECT_CLONE(DigestMethod);
+            IMPL_XMLOBJECT_CHILDREN(UnknownXMLObject,m_children.end());
+
+        protected:
+            void marshallAttributes(DOMElement* domElement) const {
+                MARSHALL_STRING_ATTRIB(Algorithm,ALGORITHM,nullptr);
+            }
+
+            void processChildElement(XMLObject* childXMLObject, const DOMElement* root) {
+                // Unknown child.
+                getUnknownXMLObjects().push_back(childXMLObject);
+            }
+
+            void processAttribute(const DOMAttr* attribute) {
+                PROC_STRING_ATTRIB(Algorithm,ALGORITHM,nullptr);
+            }
+        };
+
+        class SAML_DLLLOCAL SigningMethodImpl : public virtual SigningMethod,
+            public AbstractComplexElement,
+            public AbstractDOMCachingXMLObject,
+            public AbstractXMLObjectMarshaller,
+            public AbstractXMLObjectUnmarshaller
+        {
+        public:
+            virtual ~SigningMethodImpl() {
+                XMLString::release(&m_Algorithm);
+                XMLString::release(&m_MinKeySize);
+                XMLString::release(&m_MaxKeySize);
+            }
+
+            SigningMethodImpl(const XMLCh* nsURI, const XMLCh* localName, const XMLCh* prefix, const xmltooling::QName* schemaType)
+                : AbstractXMLObject(nsURI, localName, prefix, schemaType) {
+                m_Algorithm = nullptr;
+                m_MinKeySize = nullptr;
+                m_MaxKeySize = nullptr;
+            }
+
+            SigningMethodImpl(const SigningMethodImpl& src)
+                    : AbstractXMLObject(src), AbstractComplexElement(src), AbstractDOMCachingXMLObject(src) {
+                setAlgorithm(src.getAlgorithm());
+                setMinKeySize(src.m_MinKeySize);
+                setMaxKeySize(src.m_MaxKeySize);
+                VectorOf(XMLObject) v=getUnknownXMLObjects();
+                for (vector<XMLObject*>::const_iterator i=src.m_UnknownXMLObjects.begin(); i!=src.m_UnknownXMLObjects.end(); ++i)
+                    v.push_back((*i)->clone());
+            }
+
+            IMPL_XMLOBJECT_CLONE(SigningMethod);
+            IMPL_XMLOBJECT_CHILDREN(UnknownXMLObject,m_children.end());
+
+            IMPL_STRING_ATTRIB(Algorithm);
+            IMPL_INTEGER_ATTRIB(MinKeySize);
+            IMPL_INTEGER_ATTRIB(MaxKeySize);
+
+        protected:
+            void marshallAttributes(DOMElement* domElement) const {
+                MARSHALL_STRING_ATTRIB(Algorithm,ALGORITHM,nullptr);
+                MARSHALL_INTEGER_ATTRIB(MinKeySize,MINKEYSIZE,nullptr);
+                MARSHALL_INTEGER_ATTRIB(MaxKeySize,MAXKEYSIZE,nullptr);
+            }
+
+            void processChildElement(XMLObject* childXMLObject, const DOMElement* root) {
+                // Unknown child.
+                getUnknownXMLObjects().push_back(childXMLObject);
+            }
+
+            void processAttribute(const DOMAttr* attribute) {
+                PROC_STRING_ATTRIB(Algorithm,ALGORITHM,nullptr);
+                PROC_INTEGER_ATTRIB(MinKeySize,MINKEYSIZE,nullptr);
+                PROC_INTEGER_ATTRIB(MaxKeySize,MAXKEYSIZE,nullptr);
+            }
+        };
+
     };
 };
 
@@ -2568,6 +2672,8 @@ IMPL_XMLOBJECTBUILDER(TelephoneNumber);
 IMPL_XMLOBJECTBUILDER(ActionNamespace);
 IMPL_XMLOBJECTBUILDER(SourceID);
 IMPL_XMLOBJECTBUILDER(EntityAttributes);
+IMPL_XMLOBJECTBUILDER(DigestMethod);
+IMPL_XMLOBJECTBUILDER(SigningMethod);
 
 #ifdef HAVE_COVARIANT_RETURNS
 RoleDescriptor* RoleDescriptorBuilder::buildObject(
@@ -2580,6 +2686,101 @@ xmltooling::XMLObject* RoleDescriptorBuilder::buildObject(
     return new RoleDescriptorTypeImpl(nsURI,localName,prefix,schemaType);
 }
 
+const DigestMethod* RoleDescriptor::getDigestMethod() const
+{
+    bool roleLevel = false;
+    XMLToolingConfig& conf = XMLToolingConfig::getConfig();
+
+    if (getExtensions()) {
+        const vector<XMLObject*>& exts = const_cast<const Extensions*>(getExtensions())->getUnknownXMLObjects();
+        for (vector<XMLObject*>::const_iterator i = exts.begin(); i != exts.end(); ++i) {
+            const opensaml::saml2md::DigestMethod* dm = dynamic_cast<opensaml::saml2md::DigestMethod*>(*i);
+            if (dm) {
+                if (dm->getAlgorithm() && conf.isXMLAlgorithmSupported(dm->getAlgorithm()))
+                    return dm;
+                roleLevel = true;
+            }
+        }
+    }
+
+    if (!roleLevel) {
+        const EntityDescriptor* entity = dynamic_cast<EntityDescriptor*>(getParent());
+        if (entity && entity->getExtensions()) {
+            const vector<XMLObject*>& exts = const_cast<const Extensions*>(entity->getExtensions())->getUnknownXMLObjects();
+            for (vector<XMLObject*>::const_iterator i = exts.begin(); i != exts.end(); ++i) {
+                const opensaml::saml2md::DigestMethod* dm = dynamic_cast<opensaml::saml2md::DigestMethod*>(*i);
+                if (dm && dm->getAlgorithm() && conf.isXMLAlgorithmSupported(dm->getAlgorithm()))
+                    return dm;
+            }
+        }
+    }
+
+    return nullptr;
+}
+
+pair<const SigningMethod*,const Credential*> RoleDescriptor::getSigningMethod(const CredentialResolver& resolver, CredentialCriteria& cc) const
+{
+    bool roleLevel = false;
+    XMLToolingConfig& conf = XMLToolingConfig::getConfig();
+
+    if (getExtensions()) {
+        const vector<XMLObject*>& exts = const_cast<const Extensions*>(getExtensions())->getUnknownXMLObjects();
+        for (vector<XMLObject*>::const_iterator i = exts.begin(); i != exts.end(); ++i) {
+            const SigningMethod* sm = dynamic_cast<SigningMethod*>(*i);
+            if (sm) {
+                roleLevel = true;
+                if (sm->getAlgorithm() && conf.isXMLAlgorithmSupported(sm->getAlgorithm())) {
+                    cc.setXMLAlgorithm(sm->getAlgorithm());
+                    pair<bool,int> minsize = sm->getMinKeySize(), maxsize = sm->getMaxKeySize();
+                    if (minsize.first || maxsize.first) {
+                        cc.setKeySize(minsize.first ? minsize.second : 0);
+                        cc.setMaxKeySize(maxsize.first ? maxsize.second : UINT_MAX);
+                    }
+                    else {
+                        cc.setKeySize(0);
+                        cc.setMaxKeySize(0);
+                    }
+                    const Credential* cred = resolver.resolve(&cc);
+                    if (cred)
+                        return make_pair(sm, cred);
+                }
+            }
+        }
+    }
+
+    if (!roleLevel) {
+        const EntityDescriptor* entity = dynamic_cast<EntityDescriptor*>(getParent());
+        if (entity && entity->getExtensions()) {
+            const vector<XMLObject*>& exts = const_cast<const Extensions*>(entity->getExtensions())->getUnknownXMLObjects();
+            for (vector<XMLObject*>::const_iterator i = exts.begin(); i != exts.end(); ++i) {
+                const SigningMethod* sm = dynamic_cast<SigningMethod*>(*i);
+                if (sm) {
+                    if (sm->getAlgorithm() && conf.isXMLAlgorithmSupported(sm->getAlgorithm())) {
+                        cc.setXMLAlgorithm(sm->getAlgorithm());
+                        pair<bool,int> minsize = sm->getMinKeySize(), maxsize = sm->getMaxKeySize();
+                        if (minsize.first || maxsize.first) {
+                            cc.setKeySize(minsize.first ? minsize.second : 0);
+                            cc.setMaxKeySize(maxsize.first ? maxsize.second : UINT_MAX);
+                        }
+                        else {
+                            cc.setKeySize(0);
+                            cc.setMaxKeySize(0);
+                        }
+                        const Credential* cred = resolver.resolve(&cc);
+                        if (cred)
+                            return make_pair(sm, cred);
+                    }
+                }
+            }
+        }
+    }
+
+    cc.setKeySize(0);
+    cc.setMaxKeySize(0);
+    cc.setXMLAlgorithm(nullptr);
+    return pair<const SigningMethod*,const Credential*>(nullptr, resolver.resolve(&cc));
+}
+
 const XMLCh ActionNamespace::LOCAL_NAME[] =             UNICODE_LITERAL_15(A,c,t,i,o,n,N,a,m,e,s,p,a,c,e);
 const XMLCh AdditionalMetadataLocation::LOCAL_NAME[] =  UNICODE_LITERAL_26(A,d,d,i,t,i,o,n,a,l,M,e,t,a,d,a,t,a,L,o,c,a,t,i,o,n);
 const XMLCh AdditionalMetadataLocation::TYPE_NAME[] =   UNICODE_LITERAL_30(A,d,d,i,t,i,o,n,a,l,M,e,t,a,d,a,t,a,L,o,c,a,t,i,o,n,T,y,p,e);
@@ -2620,6 +2821,9 @@ const XMLCh ContactPerson::CONTACT_SUPPORT[] =          UNICODE_LITERAL_7(s,u,p,
 const XMLCh ContactPerson::CONTACT_ADMINISTRATIVE[] =   UNICODE_LITERAL_14(a,d,m,i,n,i,s,t,r,a,t,i,v,e);
 const XMLCh ContactPerson::CONTACT_BILLING[] =          UNICODE_LITERAL_7(b,i,l,l,i,n,g);
 const XMLCh ContactPerson::CONTACT_OTHER[] =            UNICODE_LITERAL_5(o,t,h,e,r);
+const XMLCh DigestMethod::LOCAL_NAME[] =                UNICODE_LITERAL_12(D,i,g,e,s,t,M,e,t,h,o,d);
+const XMLCh DigestMethod::TYPE_NAME[] =                 UNICODE_LITERAL_16(D,i,g,e,s,t,M,e,t,h,o,d,T,y,p,e);
+const XMLCh DigestMethod::ALGORITHM_ATTRIB_NAME[] =     UNICODE_LITERAL_9(A,l,g,o,r,i,t,h,m);
 const XMLCh EmailAddress::LOCAL_NAME[] =                UNICODE_LITERAL_12(E,m,a,i,l,A,d,d,r,e,s,s);
 const XMLCh EndpointType::LOCAL_NAME[] =                {chNull};
 const XMLCh EndpointType::TYPE_NAME[] =                 UNICODE_LITERAL_12(E,n,d,p,o,i,n,t,T,y,p,e);
@@ -2679,6 +2883,11 @@ const XMLCh RoleDescriptor::PROTOCOLSUPPORTENUMERATION_ATTRIB_NAME[] =  UNICODE_
 const XMLCh RoleDescriptor::ERRORURL_ATTRIB_NAME[] =    UNICODE_LITERAL_8(e,r,r,o,r,U,R,L);
 const XMLCh ServiceDescription::LOCAL_NAME[] =          UNICODE_LITERAL_18(S,e,r,v,i,c,e,D,e,s,c,r,i,p,t,i,o,n);
 const XMLCh ServiceName::LOCAL_NAME[] =                 UNICODE_LITERAL_11(S,e,r,v,i,c,e,N,a,m,e);
+const XMLCh SigningMethod::LOCAL_NAME[] =               UNICODE_LITERAL_13(S,i,g,n,i,n,g,M,e,t,h,o,d);
+const XMLCh SigningMethod::TYPE_NAME[] =                UNICODE_LITERAL_17(S,i,g,n,i,n,g,M,e,t,h,o,d,T,y,p,e);
+const XMLCh SigningMethod::ALGORITHM_ATTRIB_NAME[] =    UNICODE_LITERAL_9(A,l,g,o,r,i,t,h,m);
+const XMLCh SigningMethod::MINKEYSIZE_ATTRIB_NAME[] =   UNICODE_LITERAL_10(M,i,n,K,e,y,S,i,z,e);
+const XMLCh SigningMethod::MAXKEYSIZE_ATTRIB_NAME[] =   UNICODE_LITERAL_10(M,a,x,K,e,y,S,i,z,e);
 const XMLCh SingleLogoutService::LOCAL_NAME[] =         UNICODE_LITERAL_19(S,i,n,g,l,e,L,o,g,o,u,t,S,e,r,v,i,c,e);
 const XMLCh SingleSignOnService::LOCAL_NAME[] =         UNICODE_LITERAL_19(S,i,n,g,l,e,S,i,g,n,O,n,S,e,r,v,i,c,e);
 const XMLCh SourceID::LOCAL_NAME[] =                    UNICODE_LITERAL_8(S,o,u,r,c,e,I,D);
diff --git a/saml/saml2/metadata/impl/MetadataSchemaValidators.cpp b/saml/saml2/metadata/impl/MetadataSchemaValidators.cpp
index e46f443..45c337e 100644
--- a/saml/saml2/metadata/impl/MetadataSchemaValidators.cpp
+++ b/saml/saml2/metadata/impl/MetadataSchemaValidators.cpp
@@ -35,6 +35,7 @@ using namespace xmltooling;
 using namespace std;
 using samlconstants::SAML20MD_NS;
 using samlconstants::SAML20MD_QUERY_EXT_NS;
+using samlconstants::SAML20MD_ALGSUPPORT_NS;
 using samlconstants::SAML20MD_ENTITY_ATTRIBUTE_NS;
 
 namespace opensaml {
@@ -256,6 +257,13 @@ namespace opensaml {
                 throw ValidationException("EntityAttributes must contain at least one child element.");
         END_XMLOBJECTVALIDATOR;
 
+        BEGIN_XMLOBJECTVALIDATOR(SAML_DLLLOCAL,DigestMethod);
+            XMLOBJECTVALIDATOR_REQUIRE(DigestMethod,Algorithm);
+        END_XMLOBJECTVALIDATOR;
+
+        BEGIN_XMLOBJECTVALIDATOR(SAML_DLLLOCAL,SigningMethod);
+            XMLOBJECTVALIDATOR_REQUIRE(SigningMethod,Algorithm);
+        END_XMLOBJECTVALIDATOR;
     };
 };
 
@@ -368,4 +376,20 @@ void opensaml::saml2md::registerMetadataClasses() {
     q=xmltooling::QName(SAML20MD_ENTITY_ATTRIBUTE_NS,EntityAttributes::TYPE_NAME);
     XMLObjectBuilder::registerBuilder(q,new EntityAttributesBuilder());
     SchemaValidators.registerValidator(q,new EntityAttributesSchemaValidator());
+
+    q=xmltooling::QName(SAML20MD_ALGSUPPORT_NS,DigestMethod::LOCAL_NAME);
+    XMLObjectBuilder::registerBuilder(q,new DigestMethodBuilder());
+    SchemaValidators.registerValidator(q,new DigestMethodSchemaValidator());
+
+    q=xmltooling::QName(SAML20MD_ALGSUPPORT_NS,DigestMethod::TYPE_NAME);
+    XMLObjectBuilder::registerBuilder(q,new DigestMethodBuilder());
+    SchemaValidators.registerValidator(q,new DigestMethodSchemaValidator());
+
+    q=xmltooling::QName(SAML20MD_ALGSUPPORT_NS,SigningMethod::LOCAL_NAME);
+    XMLObjectBuilder::registerBuilder(q,new SigningMethodBuilder());
+    SchemaValidators.registerValidator(q,new SigningMethodSchemaValidator());
+
+    q=xmltooling::QName(SAML20MD_ALGSUPPORT_NS,SigningMethod::TYPE_NAME);
+    XMLObjectBuilder::registerBuilder(q,new SigningMethodBuilder());
+    SchemaValidators.registerValidator(q,new SigningMethodSchemaValidator());
 }
diff --git a/saml/util/SAMLConstants.cpp b/saml/util/SAMLConstants.cpp
index 2f3b332..ba18faa 100644
--- a/saml/util/SAMLConstants.cpp
+++ b/saml/util/SAMLConstants.cpp
@@ -194,6 +194,16 @@ const XMLCh samlconstants::SAML20_ATTRIBUTE_EXT_NS[] = // urn:oasis:names:tc:SAM
 
 const XMLCh samlconstants::SAML20_ATTRIBUTE_EXT_PREFIX[] = UNICODE_LITERAL_3(e,x,t);
 
+const XMLCh samlconstants::SAML20MD_ALGSUPPORT_NS[] = // urn:oasis:names:tc:SAML:metadata:algsupport
+{ chLatin_u, chLatin_r, chLatin_n, chColon, chLatin_o, chLatin_a, chLatin_s, chLatin_i, chLatin_s, chColon,
+  chLatin_n, chLatin_a, chLatin_m, chLatin_e, chLatin_s, chColon, chLatin_t, chLatin_c, chColon,
+  chLatin_S, chLatin_A, chLatin_M, chLatin_L, chColon,
+  chLatin_m, chLatin_e, chLatin_t, chLatin_a, chLatin_d, chLatin_a, chLatin_t, chLatin_a, chColon,
+  chLatin_a, chLatin_l, chLatin_g, chLatin_s, chLatin_u, chLatin_p, chLatin_p, chLatin_o, chLatin_r, chLatin_t, chNull
+};
+
+const XMLCh samlconstants::SAML20MD_ALGSUPPORT_PREFIX[] = UNICODE_LITERAL_3(a,l,g);
+
 const XMLCh samlconstants::SAML20MD_ENTITY_ATTRIBUTE_NS[] = // urn:oasis:names:tc:SAML:metadata:attribute
 { chLatin_u, chLatin_r, chLatin_n, chColon, chLatin_o, chLatin_a, chLatin_s, chLatin_i, chLatin_s, chColon,
   chLatin_n, chLatin_a, chLatin_m, chLatin_e, chLatin_s, chColon, chLatin_t, chLatin_c, chColon,
@@ -204,6 +214,16 @@ const XMLCh samlconstants::SAML20MD_ENTITY_ATTRIBUTE_NS[] = // urn:oasis:names:t
 
 const XMLCh samlconstants::SAML20MD_ENTITY_ATTRIBUTE_PREFIX[] = UNICODE_LITERAL_6(m,d,a,t,t,r);
 
+const XMLCh samlconstants::SAML20MD_UI_NS[] = // urn:oasis:names:tc:SAML:metadata:ui
+{ chLatin_u, chLatin_r, chLatin_n, chColon, chLatin_o, chLatin_a, chLatin_s, chLatin_i, chLatin_s, chColon,
+  chLatin_n, chLatin_a, chLatin_m, chLatin_e, chLatin_s, chColon, chLatin_t, chLatin_c, chColon,
+  chLatin_S, chLatin_A, chLatin_M, chLatin_L, chColon,
+  chLatin_m, chLatin_e, chLatin_t, chLatin_a, chLatin_d, chLatin_a, chLatin_t, chLatin_a, chColon,
+  chLatin_u, chLatin_i, chNull
+};
+
+const XMLCh samlconstants::SAML20MD_UI_PREFIX[] = UNICODE_LITERAL_4(m,d,u,i);
+
 const XMLCh samlconstants::SAML20_DELEGATION_CONDITION_NS[] = // urn:oasis:names:tc:SAML:2.0:conditions:delegation
 { chLatin_u, chLatin_r, chLatin_n, chColon, chLatin_o, chLatin_a, chLatin_s, chLatin_i, chLatin_s, chColon,
   chLatin_n, chLatin_a, chLatin_m, chLatin_e, chLatin_s, chColon, chLatin_t, chLatin_c, chColon,
diff --git a/saml/util/SAMLConstants.h b/saml/util/SAMLConstants.h
index 50f1778..11b0470 100644
--- a/saml/util/SAMLConstants.h
+++ b/saml/util/SAMLConstants.h
@@ -130,12 +130,24 @@ namespace samlconstants {
     /** SAML Attribute Extension QName prefix ("ext") */
     extern SAML_API const XMLCh SAML20_ATTRIBUTE_EXT_PREFIX[];
 
+    /** SAML Metadata Extension for Algorithm Support XML Namespace ("urn:oasis:names:tc:SAML:metadata:algsupport") */
+    extern SAML_API const XMLCh SAML20MD_ALGSUPPORT_NS[];
+
+    /** SAML Metadata Extension for Algorithm Support QName prefix ("alg") */
+    extern SAML_API const XMLCh SAML20MD_ALGSUPPORT_PREFIX[];
+
     /** SAML Metadata Extension for Entity Attributes XML Namespace ("urn:oasis:names:tc:SAML:metadata:attribute") */
     extern SAML_API const XMLCh SAML20MD_ENTITY_ATTRIBUTE_NS[];
 
     /** SAML Metadata Extension for Entity Attributes QName prefix ("mdattr") */
     extern SAML_API const XMLCh SAML20MD_ENTITY_ATTRIBUTE_PREFIX[];
 
+    /** SAML Metadata Extension for Discovery and Login UI XML Namespace ("urn:oasis:names:tc:SAML:metadata:ui") */
+    extern SAML_API const XMLCh SAML20MD_UI_NS[];
+
+    /** SAML Metadata Extension for Discovery and Login UI QName prefix ("mdui") */
+    extern SAML_API const XMLCh SAML20MD_UI_PREFIX[];
+
     /** SAML Condition for Delegation Restriction XML Namespace ("urn:oasis:names:tc:SAML:2.0:conditions:delegation") */
     extern SAML_API const XMLCh SAML20_DELEGATION_CONDITION_NS[];
 
-- 
2.1.4