From d85415d5ee3fac83440c7cde7a2fe18972920702 Mon Sep 17 00:00:00 2001 From: Scott Cantor Date: Tue, 7 Apr 2009 17:04:27 +0000 Subject: [PATCH] Enforce single appearance of certain conditions. --- saml/saml1/core/impl/AssertionsSchemaValidators.cpp | 3 +++ saml/saml2/core/impl/Assertions20SchemaValidators.cpp | 6 ++++++ 2 files changed, 9 insertions(+) diff --git a/saml/saml1/core/impl/AssertionsSchemaValidators.cpp b/saml/saml1/core/impl/AssertionsSchemaValidators.cpp index b57fec7..0acf070 100644 --- a/saml/saml1/core/impl/AssertionsSchemaValidators.cpp +++ b/saml/saml1/core/impl/AssertionsSchemaValidators.cpp @@ -49,6 +49,9 @@ namespace opensaml { if (!ptr->hasChildren()) { XMLOBJECTVALIDATOR_ONEOF(Conditions,NotBefore,NotOnOrAfter); } + else if (ptr->getDoNotCacheConditions().size() > 1) { + throw ValidationException("Multiple DoNotCacheCondition elements are not permitted."); + } END_XMLOBJECTVALIDATOR; BEGIN_XMLOBJECTVALIDATOR(SAML_DLLLOCAL,SubjectConfirmation); diff --git a/saml/saml2/core/impl/Assertions20SchemaValidators.cpp b/saml/saml2/core/impl/Assertions20SchemaValidators.cpp index 3b60320..c297764 100644 --- a/saml/saml2/core/impl/Assertions20SchemaValidators.cpp +++ b/saml/saml2/core/impl/Assertions20SchemaValidators.cpp @@ -92,6 +92,12 @@ namespace opensaml { if (!ptr->hasChildren()) { XMLOBJECTVALIDATOR_ONEOF(Conditions,NotBefore,NotOnOrAfter); } + else if (ptr->getOneTimeUses().size() > 1) { + throw ValidationException("Multiple OneTimeUse condition elements are not permitted."); + } + else if (ptr->getProxyRestrictions().size() > 1) { + throw ValidationException("Multiple ProxyRestriction condition elements are not permitted."); + } END_XMLOBJECTVALIDATOR; BEGIN_XMLOBJECTVALIDATOR(SAML_DLLLOCAL,KeyInfoConfirmationDataType); -- 2.1.4