1 /** 2 * Licensed to the University Corporation for Advanced Internet 3 * Development, Inc. (UCAID) under one or more contributor license 4 * agreements. See the NOTICE file distributed with this work for 5 * additional information regarding copyright ownership. 6 * 7 * UCAID licenses this file to you under the Apache License, 8 * Version 2.0 (the "License"); you may not use this file except 9 * in compliance with the License. You may obtain a copy of the 10 * License at 11 * 12 * http://www.apache.org/licenses/LICENSE-2.0 13 * 14 * Unless required by applicable law or agreed to in writing, 15 * software distributed under the License is distributed on an 16 * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, 17 * either express or implied. See the License for the specific 18 * language governing permissions and limitations under the License. 19 */ 20 21 /** 22 * @file saml/saml1/core/Assertions.h 23 * 24 * XMLObjects representing the SAML 1.x Assertions schema. 25 */ 26 27 #ifndef __saml1_assertions_h__ 28 #define __saml1_assertions_h__ 29 30 #include <saml/Assertion.h> 31 #include <saml/util/SAMLConstants.h> 32 33 #include <xmltooling/ElementProxy.h> 34 #include <xmltooling/ConcreteXMLObjectBuilder.h> 35 36 #include <xercesc/util/XMLDateTime.hpp> 37 38 #define DECL_SAML1OBJECTBUILDER(cname) \ 39 DECL_XMLOBJECTBUILDER(SAML_API,cname,samlconstants::SAML1_NS,samlconstants::SAML1_PREFIX) 40 41 namespace xmlsignature { 42 class XMLTOOL_API KeyInfo; 43 class XMLTOOL_API Signature; 44 }; 45 46 namespace opensaml { 47 48 /** 49 * @namespace opensaml::saml1 50 * SAML 1.x assertion namespace 51 */ 52 namespace saml1 { 53 54 // Forward references 55 class SAML_API Assertion; 56 57 DECL_XMLOBJECT_SIMPLE(SAML_API,AssertionIDReference,AssertionID,SAML 1.x AssertionIDReference element); 58 DECL_XMLOBJECT_SIMPLE(SAML_API,Audience,AudienceURI,SAML 1.x Audience element); 59 DECL_XMLOBJECT_SIMPLE(SAML_API,ConfirmationMethod,Method,SAML 1.x ConfirmationMethod element); 60 61 BEGIN_XMLOBJECT(SAML_API,Condition,xmltooling::XMLObject,SAML 1.x Condition element); 62 END_XMLOBJECT; 63 64 BEGIN_XMLOBJECT(SAML_API,AudienceRestrictionCondition,Condition,SAML 1.x AudienceRestrictionCondition element); 65 DECL_TYPED_CHILDREN(Audience); 66 /** AudienceRestrictionConditionType local name */ 67 static const XMLCh TYPE_NAME[]; 68 END_XMLOBJECT; 69 70 BEGIN_XMLOBJECT(SAML_API,DoNotCacheCondition,Condition,SAML 1.x DoNotCacheCondition element); 71 /** DoNotCacheConditionType local name */ 72 static const XMLCh TYPE_NAME[]; 73 END_XMLOBJECT; 74 75 BEGIN_XMLOBJECT(SAML_API,Conditions,xmltooling::XMLObject,SAML 1.x Conditions element); 76 DECL_DATETIME_ATTRIB(NotBefore,NOTBEFORE); 77 DECL_DATETIME_ATTRIB(NotOnOrAfter,NOTONORAFTER); 78 DECL_TYPED_CHILDREN(AudienceRestrictionCondition); 79 DECL_TYPED_CHILDREN(DoNotCacheCondition); 80 DECL_TYPED_CHILDREN(Condition); 81 /** ConditionsType local name */ 82 static const XMLCh TYPE_NAME[]; 83 END_XMLOBJECT; 84 85 BEGIN_XMLOBJECT(SAML_API,NameIdentifier,xmltooling::XMLObject,SAML 1.x NameIdentifier element); 86 DECL_STRING_ATTRIB(NameQualifier,NAMEQUALIFIER); 87 DECL_STRING_ATTRIB(Format,FORMAT); 88 DECL_SIMPLE_CONTENT(Name); 89 /** NameIdentifierType local name */ 90 static const XMLCh TYPE_NAME[]; 91 /** Unspecified name format ID */ 92 static const XMLCh UNSPECIFIED[]; 93 /** Email address name format ID */ 94 static const XMLCh EMAIL[]; 95 /** X.509 subject name format ID */ 96 static const XMLCh X509_SUBJECT[]; 97 /** Windows domain qualified name format ID */ 98 static const XMLCh WIN_DOMAIN_QUALIFIED[]; 99 END_XMLOBJECT; 100 101 BEGIN_XMLOBJECT(SAML_API,SubjectConfirmationData,xmltooling::ElementProxy,SAML 1.x SubjectConfirmationData element); 102 END_XMLOBJECT; 103 104 BEGIN_XMLOBJECT(SAML_API,SubjectConfirmation,xmltooling::XMLObject,SAML 1.x SubjectConfirmation element); 105 DECL_TYPED_CHILDREN(ConfirmationMethod); 106 DECL_XMLOBJECT_CHILD(SubjectConfirmationData); 107 DECL_TYPED_FOREIGN_CHILD(KeyInfo,xmlsignature); 108 /** SubjectConfirmationType local name */ 109 static const XMLCh TYPE_NAME[]; 110 /** Deprecated SAML 1.0 Artifact confirmation method */ 111 static const XMLCh ARTIFACT01[]; 112 /** Artifact confirmation method */ 113 static const XMLCh ARTIFACT[]; 114 /** Bearer confirmation method */ 115 static const XMLCh BEARER[]; 116 /** Holder of key confirmation method */ 117 static const XMLCh HOLDER_KEY[]; 118 /** Sender vouches confirmation method */ 119 static const XMLCh SENDER_VOUCHES[]; 120 END_XMLOBJECT; 121 122 BEGIN_XMLOBJECT(SAML_API,Subject,xmltooling::XMLObject,SAML 1.x Subject element); 123 DECL_TYPED_CHILD(NameIdentifier); 124 DECL_TYPED_CHILD(SubjectConfirmation); 125 /** SubjectType local name */ 126 static const XMLCh TYPE_NAME[]; 127 END_XMLOBJECT; 128 129 BEGIN_XMLOBJECT(SAML_API,Statement,xmltooling::XMLObject,SAML 1.x Statement element); 130 END_XMLOBJECT; 131 132 BEGIN_XMLOBJECT(SAML_API,SubjectStatement,Statement,SAML 1.x SubjectStatement element); 133 DECL_TYPED_CHILD(Subject); 134 END_XMLOBJECT; 135 136 BEGIN_XMLOBJECT(SAML_API,SubjectLocality,xmltooling::XMLObject,SAML 1.x SubjectLocality element); 137 DECL_STRING_ATTRIB(IPAddress,IPADDRESS); 138 DECL_STRING_ATTRIB(DNSAddress,DNSADDRESS); 139 /** SubjectLocalityType local name */ 140 static const XMLCh TYPE_NAME[]; 141 END_XMLOBJECT; 142 143 BEGIN_XMLOBJECT(SAML_API,AuthorityBinding,xmltooling::XMLObject,SAML 1.x AuthorityBinding element); 144 DECL_XMLOBJECT_ATTRIB(AuthorityKind,AUTHORITYKIND,xmltooling::QName); 145 DECL_STRING_ATTRIB(Location,LOCATION); 146 DECL_STRING_ATTRIB(Binding,BINDING); 147 /** AuthorityBindingType local name */ 148 static const XMLCh TYPE_NAME[]; 149 END_XMLOBJECT; 150 151 BEGIN_XMLOBJECT(SAML_API,AuthenticationStatement,SubjectStatement,SAML 1.x AuthenticationStatement element); 152 DECL_STRING_ATTRIB(AuthenticationMethod,AUTHENTICATIONMETHOD); 153 DECL_DATETIME_ATTRIB(AuthenticationInstant,AUTHENTICATIONINSTANT); 154 DECL_TYPED_CHILD(SubjectLocality); 155 DECL_TYPED_CHILDREN(AuthorityBinding); 156 /** AuthenticationStatementType local name */ 157 static const XMLCh TYPE_NAME[]; 158 END_XMLOBJECT; 159 160 BEGIN_XMLOBJECT(SAML_API,Action,xmltooling::XMLObject,SAML 1.x Action element); 161 DECL_STRING_ATTRIB(Namespace,NAMESPACE); 162 DECL_SIMPLE_CONTENT(Action); 163 /** ActionType local name */ 164 static const XMLCh TYPE_NAME[]; 165 /** Read/Write/Execute/Delete/Control Action Namespace */ 166 static const XMLCh RWEDC_NEG_ACTION_NAMESPACE[]; 167 /** Read/Write/Execute/Delete/Control with Negation Action Namespace */ 168 static const XMLCh RWEDC_ACTION_NAMESPACE[]; 169 /** Get/Head/Put/Post Action Namespace */ 170 static const XMLCh GHPP_ACTION_NAMESPACE[]; 171 /** UNIX File Permissions Action Namespace */ 172 static const XMLCh UNIX_ACTION_NAMESPACE[]; 173 END_XMLOBJECT; 174 175 BEGIN_XMLOBJECT(SAML_API,Evidence,xmltooling::XMLObject,SAML 1.x Evidence element); 176 DECL_TYPED_CHILDREN(AssertionIDReference); 177 DECL_TYPED_CHILDREN(Assertion); 178 /** EvidenceType local name */ 179 static const XMLCh TYPE_NAME[]; 180 END_XMLOBJECT; 181 182 BEGIN_XMLOBJECT(SAML_API,AuthorizationDecisionStatement,SubjectStatement,SAML 1.x AuthorizationDecisionStatement element); 183 DECL_STRING_ATTRIB(Resource,RESOURCE); 184 DECL_STRING_ATTRIB(Decision,DECISION); 185 DECL_TYPED_CHILDREN(Action); 186 DECL_TYPED_CHILD(Evidence); 187 /** AuthorizationDecisionStatementType local name */ 188 static const XMLCh TYPE_NAME[]; 189 /** Permit Decision */ 190 static const XMLCh DECISION_PERMIT[]; 191 /** Deny Decision */ 192 static const XMLCh DECISION_DENY[]; 193 /** Indeterminate Decision */ 194 static const XMLCh DECISION_INDETERMINATE[]; 195 END_XMLOBJECT; 196 197 BEGIN_XMLOBJECT(SAML_API,AttributeDesignator,xmltooling::XMLObject,SAML 1.x AttributeDesignator element); 198 DECL_STRING_ATTRIB(AttributeName,ATTRIBUTENAME); 199 DECL_STRING_ATTRIB(AttributeNamespace,ATTRIBUTENAMESPACE); 200 /** AttributeDesignatorType local name */ 201 static const XMLCh TYPE_NAME[]; 202 END_XMLOBJECT; 203 204 BEGIN_XMLOBJECT(SAML_API,Attribute,AttributeDesignator,SAML 1.x Attribute element); 205 DECL_XMLOBJECT_CHILDREN(AttributeValue); 206 /** AttributeType local name */ 207 static const XMLCh TYPE_NAME[]; 208 END_XMLOBJECT; 209 210 BEGIN_XMLOBJECT(SAML_API,AttributeValue,xmltooling::ElementProxy,SAML 1.x AttributeValue element); 211 END_XMLOBJECT; 212 213 BEGIN_XMLOBJECT(SAML_API,AttributeStatement,SubjectStatement,SAML 1.x AttributeStatement element); 214 DECL_TYPED_CHILDREN(Attribute); 215 /** AttributeStatementType local name */ 216 static const XMLCh TYPE_NAME[]; 217 END_XMLOBJECT; 218 219 BEGIN_XMLOBJECT(SAML_API,Advice,xmltooling::ElementExtensibleXMLObject,SAML 1.x Advice element); 220 DECL_TYPED_CHILDREN(AssertionIDReference); 221 DECL_TYPED_CHILDREN(Assertion); 222 /** AdviceType local name */ 223 static const XMLCh TYPE_NAME[]; 224 END_XMLOBJECT; 225 226 BEGIN_XMLOBJECT(SAML_API,Assertion,opensaml::Assertion,SAML 1.x Assertion element); 227 DECL_INTEGER_ATTRIB(MinorVersion,MINORVERSION); 228 DECL_STRING_ATTRIB(AssertionID,ASSERTIONID); 229 DECL_STRING_ATTRIB(Issuer,ISSUER); 230 DECL_INHERITED_DATETIME_ATTRIB(IssueInstant,ISSUEINSTANT); 231 DECL_TYPED_CHILD(Conditions); 232 DECL_TYPED_CHILD(Advice); 233 DECL_TYPED_CHILDREN(Statement); 234 DECL_TYPED_CHILDREN(SubjectStatement); 235 DECL_TYPED_CHILDREN(AuthenticationStatement); 236 DECL_TYPED_CHILDREN(AttributeStatement); 237 DECL_TYPED_CHILDREN(AuthorizationDecisionStatement); 238 /** AssertionType local name */ 239 static const XMLCh TYPE_NAME[]; 240 END_XMLOBJECT; 241 242 DECL_SAML1OBJECTBUILDER(Action); 243 DECL_SAML1OBJECTBUILDER(Advice); 244 DECL_SAML1OBJECTBUILDER(Assertion); 245 DECL_SAML1OBJECTBUILDER(AssertionIDReference); 246 DECL_SAML1OBJECTBUILDER(Attribute); 247 DECL_SAML1OBJECTBUILDER(AttributeDesignator); 248 DECL_SAML1OBJECTBUILDER(AttributeStatement); 249 DECL_SAML1OBJECTBUILDER(AttributeValue); 250 DECL_SAML1OBJECTBUILDER(Audience); 251 DECL_SAML1OBJECTBUILDER(AudienceRestrictionCondition); 252 DECL_SAML1OBJECTBUILDER(AuthenticationStatement); 253 DECL_SAML1OBJECTBUILDER(AuthorizationDecisionStatement); 254 DECL_SAML1OBJECTBUILDER(AuthorityBinding); 255 DECL_SAML1OBJECTBUILDER(Conditions); 256 DECL_SAML1OBJECTBUILDER(ConfirmationMethod); 257 DECL_SAML1OBJECTBUILDER(DoNotCacheCondition); 258 DECL_SAML1OBJECTBUILDER(Evidence); 259 DECL_SAML1OBJECTBUILDER(NameIdentifier); 260 DECL_SAML1OBJECTBUILDER(Subject); 261 DECL_SAML1OBJECTBUILDER(SubjectConfirmation); 262 DECL_SAML1OBJECTBUILDER(SubjectConfirmationData); 263 DECL_SAML1OBJECTBUILDER(SubjectLocality); 264 265 /** 266 * Builder for Condition extension objects. 267 * 268 * This is customized to force the schema type to be specified. 269 */ 270 class SAML_API ConditionBuilder : public xmltooling::XMLObjectBuilder { 271 public: ~ConditionBuilder()272 virtual ~ConditionBuilder() {} 273 /** Builder that allows element/type override. */ 274 #ifdef HAVE_COVARIANT_RETURNS 275 virtual Condition* buildObject( 276 #else 277 virtual xmltooling::XMLObject* buildObject( 278 #endif 279 const XMLCh* nsURI, const XMLCh* localName, const XMLCh* prefix=nullptr, const xmltooling::QName* schemaType=nullptr 280 ) const; 281 282 /** Singleton builder. */ buildCondition(const xmltooling::QName & schemaType)283 static Condition* buildCondition(const xmltooling::QName& schemaType) { 284 const ConditionBuilder* b = dynamic_cast<const ConditionBuilder*>( 285 XMLObjectBuilder::getBuilder(xmltooling::QName(samlconstants::SAML1_NS,Condition::LOCAL_NAME)) 286 ); 287 if (b) { 288 #ifdef HAVE_COVARIANT_RETURNS 289 return b->buildObject(samlconstants::SAML1_NS, Condition::LOCAL_NAME, samlconstants::SAML1_PREFIX, &schemaType); 290 #else 291 return dynamic_cast<Condition*>(b->buildObject(samlconstants::SAML1_NS, Condition::LOCAL_NAME, samlconstants::SAML1_PREFIX, &schemaType)); 292 #endif 293 } 294 throw xmltooling::XMLObjectException("Unable to obtain typed builder for Condition."); 295 } 296 }; 297 298 /** 299 * Builder for Statement extension objects. 300 * 301 * This is customized to force the schema type to be specified. 302 */ 303 class SAML_API StatementBuilder : public xmltooling::XMLObjectBuilder { 304 public: ~StatementBuilder()305 virtual ~StatementBuilder() {} 306 /** Builder that allows element/type override. */ 307 #ifdef HAVE_COVARIANT_RETURNS 308 virtual Statement* buildObject( 309 #else 310 virtual xmltooling::XMLObject* buildObject( 311 #endif 312 const XMLCh* nsURI, const XMLCh* localName, const XMLCh* prefix=nullptr, const xmltooling::QName* schemaType=nullptr 313 ) const; 314 315 /** Singleton builder. */ buildStatement(const xmltooling::QName & schemaType)316 static Statement* buildStatement(const xmltooling::QName& schemaType) { 317 const StatementBuilder* b = dynamic_cast<const StatementBuilder*>( 318 XMLObjectBuilder::getBuilder(xmltooling::QName(samlconstants::SAML1_NS,Statement::LOCAL_NAME)) 319 ); 320 if (b) { 321 #ifdef HAVE_COVARIANT_RETURNS 322 return b->buildObject(samlconstants::SAML1_NS, Statement::LOCAL_NAME, samlconstants::SAML1_PREFIX, &schemaType); 323 #else 324 return dynamic_cast<Statement*>(b->buildObject(samlconstants::SAML1_NS, Statement::LOCAL_NAME, samlconstants::SAML1_PREFIX, &schemaType)); 325 #endif 326 } 327 throw xmltooling::XMLObjectException("Unable to obtain typed builder for Statement."); 328 } 329 }; 330 331 /** 332 * Registers builders and validators for SAML 1.x Assertion classes into the runtime. 333 */ 334 void SAML_API registerAssertionClasses(); 335 }; 336 }; 337 338 #endif /* __saml1_assertions_h__ */ 339