1 /** 2 * Licensed to the University Corporation for Advanced Internet 3 * Development, Inc. (UCAID) under one or more contributor license 4 * agreements. See the NOTICE file distributed with this work for 5 * additional information regarding copyright ownership. 6 * 7 * UCAID licenses this file to you under the Apache License, 8 * Version 2.0 (the "License"); you may not use this file except 9 * in compliance with the License. You may obtain a copy of the 10 * License at 11 * 12 * http://www.apache.org/licenses/LICENSE-2.0 13 * 14 * Unless required by applicable law or agreed to in writing, 15 * software distributed under the License is distributed on an 16 * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, 17 * either express or implied. See the License for the specific 18 * language governing permissions and limitations under the License. 19 */ 20 21 /** 22 * @file saml/saml2/core/Assertions.h 23 * 24 * XMLObjects representing the SAML 2.0 Assertions schema. 25 */ 26 27 #ifndef __saml2_assertions_h__ 28 #define __saml2_assertions_h__ 29 30 #include <saml/Assertion.h> 31 #include <saml/util/SAMLConstants.h> 32 33 #include <xmltooling/ConcreteXMLObjectBuilder.h> 34 #include <xmltooling/ElementProxy.h> 35 36 #include <xercesc/util/XMLDateTime.hpp> 37 38 #define DECL_SAML2OBJECTBUILDER(cname) \ 39 DECL_XMLOBJECTBUILDER(SAML_API,cname,samlconstants::SAML20_NS,samlconstants::SAML20_PREFIX) 40 41 namespace xmltooling { 42 class XMLTOOL_API CredentialCriteria; 43 class XMLTOOL_API CredentialResolver; 44 }; 45 46 namespace xmlencryption { 47 class XMLTOOL_API EncryptedData; 48 class XMLTOOL_API EncryptedKey; 49 }; 50 51 namespace xmlsignature { 52 class XMLTOOL_API KeyInfo; 53 class XMLTOOL_API Signature; 54 }; 55 56 namespace opensaml { 57 58 namespace saml2md { 59 class SAML_API MetadataProvider; 60 class SAML_API MetadataCredentialCriteria; 61 }; 62 63 /** 64 * @namespace opensaml::saml2 65 * SAML 2.0 assertion namespace 66 */ 67 namespace saml2 { 68 69 // Forward references 70 class SAML_API Assertion; 71 class SAML_API EncryptedAssertion; 72 73 /** 74 * Marker interface for SAML types that can be encrypted. 75 */ 76 class SAML_API EncryptableObject : public virtual xmltooling::XMLObject 77 { 78 protected: EncryptableObject()79 EncryptableObject() {} ~EncryptableObject()80 virtual ~EncryptableObject() {} 81 }; 82 83 DECL_XMLOBJECT_SIMPLE(SAML_API,AssertionIDRef,AssertionID,SAML 2.0 AssertionIDRef element); 84 DECL_XMLOBJECT_SIMPLE(SAML_API,AssertionURIRef,AssertionURI,SAML 2.0 AssertionURIRef element); 85 DECL_XMLOBJECT_SIMPLE(SAML_API,Audience,AudienceURI,SAML 2.0 Audience element); 86 DECL_XMLOBJECT_SIMPLE(SAML_API,AuthnContextClassRef,Reference,SAML 2.0 AuthnContextClassRef element); 87 DECL_XMLOBJECT_SIMPLE(SAML_API,AuthnContextDeclRef,Reference,SAML 2.0 AuthnContextDeclRef element); 88 DECL_XMLOBJECT_SIMPLE(SAML_API,AuthenticatingAuthority,ID,SAML 2.0 AuthenticatingAuthority element); 89 90 BEGIN_XMLOBJECT(SAML_API,EncryptedElementType,xmltooling::XMLObject,SAML 2.0 EncryptedElementType type); 91 DECL_TYPED_FOREIGN_CHILD(EncryptedData,xmlencryption); 92 DECL_TYPED_FOREIGN_CHILDREN(EncryptedKey,xmlencryption); 93 /** EncryptedElementType local name */ 94 static const XMLCh TYPE_NAME[]; 95 96 /** 97 * Encrypts an object to a single recipient using this object as a container. 98 * 99 * @param xmlObject object to encrypt 100 * @param metadataProvider a locked MetadataProvider to supply encryption keys 101 * @param criteria metadata-based CredentialCriteria to use 102 * @param compact true iff compact KeyInfo should be used 103 * @param algorithm optionally specifies data encryption algorithm if none can be determined from metadata 104 * @return the encrypted object 105 */ 106 virtual void encrypt( 107 const EncryptableObject& xmlObject, 108 const saml2md::MetadataProvider& metadataProvider, 109 saml2md::MetadataCredentialCriteria& criteria, 110 bool compact=false, 111 const XMLCh* algorithm=nullptr 112 ); 113 114 /** 115 * Encrypts an object to multiple recipients using this object as a container. 116 * 117 * @param xmlObject object to encrypt 118 * @param recipients pairs containing a locked MetadataProvider to supply encryption keys, 119 * and a metadata-based CredentialCriteria to use 120 * @param compact true iff compact KeyInfo should be used 121 * @param algorithm optionally specifies data encryption algorithm if none can be determined from metadata 122 * @return the encrypted object 123 */ 124 virtual void encrypt( 125 const EncryptableObject& xmlObject, 126 const std::vector< std::pair<const saml2md::MetadataProvider*, saml2md::MetadataCredentialCriteria*> >& recipients, 127 bool compact=false, 128 const XMLCh* algorithm=nullptr 129 ); 130 131 /** 132 * Decrypts the element using the supplied CredentialResolver. 133 * 134 * <p>The object returned will be unmarshalled around the decrypted DOM element in a 135 * new Document owned by the object. 136 * 137 * <p>The final boolean parameter is used to enforce a requirement for an authenticated cipher 138 * suite such as AES-GCM or similar. These ciphers include an HMAC or equivalent step that 139 * prevents tampering. Newer applications should set this parameter to true unless the ciphertext 140 * has been independently authenticated, and even in such a case, it is rarely possible to prevent 141 * chosen ciphertext attacks by trusted signers. 142 * 143 * @param credResolver locked resolver supplying decryption keys 144 * @param recipient identifier naming the recipient (the entity performing the decryption) 145 * @param criteria optional external criteria to use with resolver 146 * @param requireAuthenticatedCipher true iff the bulk data encryption algorithm must be an authenticated cipher 147 * @return the decrypted and unmarshalled object 148 */ 149 virtual xmltooling::XMLObject* decrypt( 150 const xmltooling::CredentialResolver& credResolver, 151 const XMLCh* recipient, 152 xmltooling::CredentialCriteria* criteria=nullptr, 153 bool requireAuthenticatedCipher=false 154 ) const; 155 END_XMLOBJECT; 156 157 BEGIN_XMLOBJECT(SAML_API,EncryptedID,EncryptedElementType,SAML 2.0 EncryptedID element); 158 END_XMLOBJECT; 159 160 BEGIN_XMLOBJECT(SAML_API,BaseID,EncryptableObject,SAML 2.0 BaseID abstract element); 161 DECL_STRING_ATTRIB(NameQualifier,NAMEQUALIFIER); 162 DECL_STRING_ATTRIB(SPNameQualifier,SPNAMEQUALIFIER); 163 END_XMLOBJECT; 164 165 BEGIN_XMLOBJECT(SAML_API,NameIDType,xmltooling::XMLObject,SAML 2.0 NameIDType type); 166 DECL_STRING_ATTRIB(NameQualifier,NAMEQUALIFIER); 167 DECL_STRING_ATTRIB(SPNameQualifier,SPNAMEQUALIFIER); 168 DECL_STRING_ATTRIB(Format,FORMAT); 169 DECL_STRING_ATTRIB(SPProvidedID,SPPROVIDEDID); 170 DECL_SIMPLE_CONTENT(Name); 171 /** NameIDType local name */ 172 static const XMLCh TYPE_NAME[]; 173 /** Unspecified name format ID */ 174 static const XMLCh UNSPECIFIED[]; 175 /** Email address name format ID */ 176 static const XMLCh EMAIL[]; 177 /** X.509 subject name format ID */ 178 static const XMLCh X509_SUBJECT[]; 179 /** Windows domain qualified name format ID */ 180 static const XMLCh WIN_DOMAIN_QUALIFIED[]; 181 /** Kerberos principal name format ID */ 182 static const XMLCh KERBEROS[]; 183 /** Entity identifier name format ID */ 184 static const XMLCh ENTITY[]; 185 /** Persistent identifier name format ID */ 186 static const XMLCh PERSISTENT[]; 187 /** Transient identifier name format ID */ 188 static const XMLCh TRANSIENT[]; 189 END_XMLOBJECT; 190 191 BEGIN_XMLOBJECT2(SAML_API,NameID,NameIDType,EncryptableObject,SAML 2.0 NameID element); 192 END_XMLOBJECT; 193 194 BEGIN_XMLOBJECT(SAML_API,Issuer,NameIDType,SAML 2.0 Issuer element); 195 END_XMLOBJECT; 196 197 BEGIN_XMLOBJECT(SAML_API,Condition,xmltooling::XMLObject,SAML 2.0 Condition element); 198 END_XMLOBJECT; 199 200 BEGIN_XMLOBJECT(SAML_API,AudienceRestriction,Condition,SAML 2.0 AudienceRestriction element); 201 DECL_TYPED_CHILDREN(Audience); 202 /** AudienceRestrictionType local name */ 203 static const XMLCh TYPE_NAME[]; 204 END_XMLOBJECT; 205 206 BEGIN_XMLOBJECT(SAML_API,OneTimeUse,Condition,SAML 2.0 OneTimeUse element); 207 /** OneTimeUseType local name */ 208 static const XMLCh TYPE_NAME[]; 209 END_XMLOBJECT; 210 211 BEGIN_XMLOBJECT(SAML_API,ProxyRestriction,Condition,SAML 2.0 ProxyRestriction element); 212 DECL_INTEGER_ATTRIB(Count,COUNT); 213 DECL_TYPED_CHILDREN(Audience); 214 /** ProxyRestrictionType local name */ 215 static const XMLCh TYPE_NAME[]; 216 END_XMLOBJECT; 217 218 BEGIN_XMLOBJECT(SAML_API,Delegate,xmltooling::XMLObject,SAML 2.0 Delegation Restriction Condition Delegate element); 219 DECL_STRING_ATTRIB(ConfirmationMethod,CONFIRMATIONMETHOD); 220 DECL_DATETIME_ATTRIB(DelegationInstant,DELEGATIONINSTANT); 221 DECL_TYPED_CHILD(BaseID); 222 DECL_TYPED_CHILD(NameID); 223 DECL_TYPED_CHILD(EncryptedID); 224 /** DelegateType local name */ 225 static const XMLCh TYPE_NAME[]; 226 END_XMLOBJECT; 227 228 BEGIN_XMLOBJECT(SAML_API,DelegationRestrictionType,Condition,SAML 2.0 Delegation Restriction Condition type); 229 DECL_TYPED_CHILDREN(Delegate); 230 /** DelegationRestrictionType local name */ 231 static const XMLCh TYPE_NAME[]; 232 END_XMLOBJECT; 233 234 BEGIN_XMLOBJECT(SAML_API,Conditions,xmltooling::XMLObject,SAML 2.0 Conditions element); 235 DECL_DATETIME_ATTRIB(NotBefore,NOTBEFORE); 236 DECL_DATETIME_ATTRIB(NotOnOrAfter,NOTONORAFTER); 237 DECL_TYPED_CHILDREN(AudienceRestriction); 238 DECL_TYPED_CHILDREN(OneTimeUse); 239 DECL_TYPED_CHILDREN(ProxyRestriction); 240 DECL_TYPED_CHILDREN(Condition); 241 /** ConditionsType local name */ 242 static const XMLCh TYPE_NAME[]; 243 END_XMLOBJECT; 244 245 BEGIN_XMLOBJECT(SAML_API,SubjectConfirmationDataType,xmltooling::XMLObject,SAML 2.0 SubjectConfirmationDataType base type); 246 DECL_DATETIME_ATTRIB(NotBefore,NOTBEFORE); 247 DECL_DATETIME_ATTRIB(NotOnOrAfter,NOTONORAFTER); 248 DECL_STRING_ATTRIB(Recipient,RECIPIENT); 249 DECL_STRING_ATTRIB(InResponseTo,INRESPONSETO); 250 DECL_STRING_ATTRIB(Address,ADDRESS); 251 END_XMLOBJECT; 252 253 BEGIN_XMLOBJECT2(SAML_API,SubjectConfirmationData,SubjectConfirmationDataType,xmltooling::ElementProxy,SAML 2.0 SubjectConfirmationData element); 254 DECL_SIMPLE_CONTENT(Data); 255 END_XMLOBJECT; 256 257 BEGIN_XMLOBJECT2(SAML_API,KeyInfoConfirmationDataType,SubjectConfirmationDataType,xmltooling::AttributeExtensibleXMLObject,SAML 2.0 KeyInfoConfirmationDataType type); 258 DECL_TYPED_FOREIGN_CHILDREN(KeyInfo,xmlsignature); 259 /** KeyInfoConfirmationDataType local name */ 260 static const XMLCh TYPE_NAME[]; 261 END_XMLOBJECT; 262 263 BEGIN_XMLOBJECT(SAML_API,SubjectConfirmation,xmltooling::XMLObject,SAML 2.0 SubjectConfirmation element); 264 DECL_STRING_ATTRIB(Method,METHOD); 265 DECL_TYPED_CHILD(BaseID); 266 DECL_TYPED_CHILD(NameID); 267 DECL_TYPED_CHILD(EncryptedID); 268 DECL_XMLOBJECT_CHILD(SubjectConfirmationData); 269 /** SubjectConfirmationType local name */ 270 static const XMLCh TYPE_NAME[]; 271 /** Bearer confirmation method */ 272 static const XMLCh BEARER[]; 273 /** Holder of key confirmation method */ 274 static const XMLCh HOLDER_KEY[]; 275 /** Sender vouches confirmation method */ 276 static const XMLCh SENDER_VOUCHES[]; 277 END_XMLOBJECT; 278 279 BEGIN_XMLOBJECT(SAML_API,Subject,xmltooling::XMLObject,SAML 2.0 Subject element); 280 DECL_TYPED_CHILD(BaseID); 281 DECL_TYPED_CHILD(NameID); 282 DECL_TYPED_CHILD(EncryptedID); 283 DECL_TYPED_CHILDREN(SubjectConfirmation); 284 /** SubjectType local name */ 285 static const XMLCh TYPE_NAME[]; 286 END_XMLOBJECT; 287 288 BEGIN_XMLOBJECT(SAML_API,Statement,xmltooling::XMLObject,SAML 2.0 Statement element); 289 END_XMLOBJECT; 290 291 BEGIN_XMLOBJECT(SAML_API,SubjectLocality,xmltooling::XMLObject,SAML 2.0 SubjectLocality element); 292 DECL_STRING_ATTRIB(Address,ADDRESS); 293 DECL_STRING_ATTRIB(DNSName,DNSNAME); 294 /** SubjectLocalityType local name */ 295 static const XMLCh TYPE_NAME[]; 296 END_XMLOBJECT; 297 298 BEGIN_XMLOBJECT(SAML_API,AuthnContextDecl,xmltooling::ElementProxy,SAML 2.0 AuthnContextDecl element); 299 END_XMLOBJECT; 300 301 BEGIN_XMLOBJECT(SAML_API,AuthnContext,xmltooling::XMLObject,SAML 2.0 AuthnContext element); 302 DECL_TYPED_CHILD(AuthnContextClassRef); 303 DECL_XMLOBJECT_CHILD(AuthnContextDecl); 304 DECL_TYPED_CHILD(AuthnContextDeclRef); 305 DECL_TYPED_CHILDREN(AuthenticatingAuthority); 306 /** AuthnContextType local name */ 307 static const XMLCh TYPE_NAME[]; 308 END_XMLOBJECT; 309 310 BEGIN_XMLOBJECT(SAML_API,AuthnStatement,Statement,SAML 2.0 AuthnStatement element); 311 DECL_DATETIME_ATTRIB(AuthnInstant,AUTHNINSTANT); 312 DECL_STRING_ATTRIB(SessionIndex,SESSIONINDEX); 313 DECL_DATETIME_ATTRIB(SessionNotOnOrAfter,SESSIONNOTONORAFTER); 314 DECL_TYPED_CHILD(SubjectLocality); 315 DECL_TYPED_CHILD(AuthnContext); 316 /** AuthnStatementType local name */ 317 static const XMLCh TYPE_NAME[]; 318 END_XMLOBJECT; 319 320 BEGIN_XMLOBJECT(SAML_API,Action,xmltooling::XMLObject,SAML 2.0 Action element); 321 DECL_STRING_ATTRIB(Namespace,NAMESPACE); 322 DECL_SIMPLE_CONTENT(Action); 323 /** ActionType local name */ 324 static const XMLCh TYPE_NAME[]; 325 /** Read/Write/Execute/Delete/Control Action Namespace */ 326 static const XMLCh RWEDC_NEG_ACTION_NAMESPACE[]; 327 /** Read/Write/Execute/Delete/Control with Negation Action Namespace */ 328 static const XMLCh RWEDC_ACTION_NAMESPACE[]; 329 /** Get/Head/Put/Post Action Namespace */ 330 static const XMLCh GHPP_ACTION_NAMESPACE[]; 331 /** UNIX File Permissions Action Namespace */ 332 static const XMLCh UNIX_ACTION_NAMESPACE[]; 333 END_XMLOBJECT; 334 335 BEGIN_XMLOBJECT(SAML_API,Evidence,xmltooling::XMLObject,SAML 2.0 Evidence element); 336 DECL_TYPED_CHILDREN(AssertionIDRef); 337 DECL_TYPED_CHILDREN(AssertionURIRef); 338 DECL_TYPED_CHILDREN(Assertion); 339 DECL_TYPED_CHILDREN(EncryptedAssertion); 340 /** EvidenceType local name */ 341 static const XMLCh TYPE_NAME[]; 342 END_XMLOBJECT; 343 344 BEGIN_XMLOBJECT(SAML_API,AuthzDecisionStatement,Statement,SAML 2.0 AuthzDecisionStatement element); 345 DECL_STRING_ATTRIB(Resource,RESOURCE); 346 DECL_STRING_ATTRIB(Decision,DECISION); 347 DECL_TYPED_CHILDREN(Action); 348 DECL_TYPED_CHILD(Evidence); 349 /** AuthzDecisionStatementType local name */ 350 static const XMLCh TYPE_NAME[]; 351 /** Permit Decision */ 352 static const XMLCh DECISION_PERMIT[]; 353 /** Deny Decision */ 354 static const XMLCh DECISION_DENY[]; 355 /** Indeterminate Decision */ 356 static const XMLCh DECISION_INDETERMINATE[]; 357 END_XMLOBJECT; 358 359 BEGIN_XMLOBJECT(SAML_API,AttributeValue,xmltooling::ElementProxy,SAML 2.0 AttributeValue element); 360 END_XMLOBJECT; 361 362 BEGIN_XMLOBJECT2(SAML_API,Attribute,xmltooling::AttributeExtensibleXMLObject,EncryptableObject,SAML 2.0 Attribute element); 363 DECL_STRING_ATTRIB(Name,NAME); 364 DECL_STRING_ATTRIB(NameFormat,NAMEFORMAT); 365 DECL_STRING_ATTRIB(FriendlyName,FRIENDLYNAME); 366 DECL_XMLOBJECT_CHILDREN(AttributeValue); 367 /** AttributeType local name */ 368 static const XMLCh TYPE_NAME[]; 369 /** Unspecified attribute name format ID */ 370 static const XMLCh UNSPECIFIED[]; 371 /** URI reference attribute name format ID */ 372 static const XMLCh URI_REFERENCE[]; 373 /** Basic attribute name format ID */ 374 static const XMLCh BASIC[]; 375 END_XMLOBJECT; 376 377 BEGIN_XMLOBJECT(SAML_API,EncryptedAttribute,EncryptedElementType,SAML 2.0 EncryptedAttribute element); 378 END_XMLOBJECT; 379 380 BEGIN_XMLOBJECT(SAML_API,AttributeStatement,Statement,SAML 2.0 AttributeStatement element); 381 DECL_TYPED_CHILDREN(Attribute); 382 DECL_TYPED_CHILDREN(EncryptedAttribute); 383 /** AttributeStatementType local name */ 384 static const XMLCh TYPE_NAME[]; 385 END_XMLOBJECT; 386 387 BEGIN_XMLOBJECT(SAML_API,EncryptedAssertion,EncryptedElementType,SAML 2.0 EncryptedAssertion element); 388 END_XMLOBJECT; 389 390 BEGIN_XMLOBJECT(SAML_API,Advice,xmltooling::ElementExtensibleXMLObject,SAML 2.0 Advice element); 391 DECL_TYPED_CHILDREN(AssertionIDRef); 392 DECL_TYPED_CHILDREN(AssertionURIRef); 393 DECL_TYPED_CHILDREN(Assertion); 394 DECL_TYPED_CHILDREN(EncryptedAssertion); 395 /** AdviceType local name */ 396 static const XMLCh TYPE_NAME[]; 397 END_XMLOBJECT; 398 399 /** 400 * SAML 2.0 assertion or protocol message. 401 */ 402 class SAML_API RootObject : virtual public opensaml::RootObject 403 { 404 protected: RootObject()405 RootObject() {} 406 public: ~RootObject()407 virtual ~RootObject() {} 408 409 /** Gets the Version attribute. */ 410 virtual const XMLCh* getVersion() const=0; 411 412 /** Gets the Issuer. */ 413 virtual Issuer* getIssuer() const=0; 414 }; 415 416 BEGIN_XMLOBJECT3(SAML_API,Assertion,saml2::RootObject,opensaml::Assertion,EncryptableObject,SAML 2.0 Assertion element); 417 DECL_INHERITED_STRING_ATTRIB(Version,VER); 418 DECL_INHERITED_STRING_ATTRIB(ID,ID); 419 DECL_INHERITED_DATETIME_ATTRIB(IssueInstant,ISSUEINSTANT); 420 DECL_INHERITED_TYPED_CHILD(Issuer); 421 DECL_TYPED_CHILD(Subject); 422 DECL_TYPED_CHILD(Conditions); 423 DECL_TYPED_CHILD(Advice); 424 DECL_TYPED_CHILDREN(Statement); 425 DECL_TYPED_CHILDREN(AuthnStatement); 426 DECL_TYPED_CHILDREN(AttributeStatement); 427 DECL_TYPED_CHILDREN(AuthzDecisionStatement); 428 /** AssertionType local name */ 429 static const XMLCh TYPE_NAME[]; 430 END_XMLOBJECT; 431 432 DECL_SAML2OBJECTBUILDER(Action); 433 DECL_SAML2OBJECTBUILDER(Advice); 434 DECL_SAML2OBJECTBUILDER(Assertion); 435 DECL_SAML2OBJECTBUILDER(AssertionIDRef); 436 DECL_SAML2OBJECTBUILDER(AssertionURIRef); 437 DECL_SAML2OBJECTBUILDER(Attribute); 438 DECL_SAML2OBJECTBUILDER(AttributeStatement); 439 DECL_SAML2OBJECTBUILDER(AttributeValue); 440 DECL_SAML2OBJECTBUILDER(Audience); 441 DECL_SAML2OBJECTBUILDER(AudienceRestriction); 442 DECL_SAML2OBJECTBUILDER(AuthenticatingAuthority); 443 DECL_SAML2OBJECTBUILDER(AuthnContext); 444 DECL_SAML2OBJECTBUILDER(AuthnContextClassRef); 445 DECL_SAML2OBJECTBUILDER(AuthnContextDecl); 446 DECL_SAML2OBJECTBUILDER(AuthnContextDeclRef); 447 DECL_SAML2OBJECTBUILDER(AuthnStatement); 448 DECL_SAML2OBJECTBUILDER(AuthzDecisionStatement); 449 DECL_SAML2OBJECTBUILDER(Conditions); 450 DECL_SAML2OBJECTBUILDER(EncryptedAssertion); 451 DECL_SAML2OBJECTBUILDER(EncryptedAttribute); 452 DECL_SAML2OBJECTBUILDER(EncryptedID); 453 DECL_SAML2OBJECTBUILDER(Evidence); 454 DECL_SAML2OBJECTBUILDER(Issuer); 455 DECL_SAML2OBJECTBUILDER(NameID); 456 DECL_SAML2OBJECTBUILDER(OneTimeUse); 457 DECL_SAML2OBJECTBUILDER(ProxyRestriction); 458 DECL_SAML2OBJECTBUILDER(Subject); 459 DECL_SAML2OBJECTBUILDER(SubjectConfirmation); 460 DECL_SAML2OBJECTBUILDER(SubjectConfirmationData); 461 DECL_SAML2OBJECTBUILDER(SubjectLocality); 462 463 DECL_XMLOBJECTBUILDER(SAML_API,Delegate,samlconstants::SAML20_DELEGATION_CONDITION_NS,samlconstants::SAML20_DELEGATION_CONDITION_PREFIX); 464 465 /** 466 * Builder for NameIDType objects. 467 * 468 * This is customized to force the element name to be specified. 469 */ 470 class SAML_API NameIDTypeBuilder : public xmltooling::XMLObjectBuilder { 471 public: ~NameIDTypeBuilder()472 virtual ~NameIDTypeBuilder() {} 473 /** Builder that allows element/type override. */ 474 #ifdef HAVE_COVARIANT_RETURNS 475 virtual NameIDType* buildObject( 476 #else 477 virtual xmltooling::XMLObject* buildObject( 478 #endif 479 const XMLCh* nsURI, const XMLCh* localName, const XMLCh* prefix=nullptr, const xmltooling::QName* schemaType=nullptr 480 ) const; 481 482 /** Singleton builder. */ 483 static NameIDType* buildNameIDType(const XMLCh* nsURI, const XMLCh* localName, const XMLCh* prefix=nullptr) { 484 const NameIDTypeBuilder* b = dynamic_cast<const NameIDTypeBuilder*>( 485 XMLObjectBuilder::getBuilder(xmltooling::QName(samlconstants::SAML20_NS,NameIDType::TYPE_NAME)) 486 ); 487 if (b) { 488 xmltooling::QName schemaType(samlconstants::SAML20_NS,NameIDType::TYPE_NAME,samlconstants::SAML20_PREFIX); 489 #ifdef HAVE_COVARIANT_RETURNS 490 return b->buildObject(nsURI, localName, prefix, &schemaType); 491 #else 492 return dynamic_cast<NameIDType*>(b->buildObject(nsURI, localName, prefix, &schemaType)); 493 #endif 494 } 495 throw xmltooling::XMLObjectException("Unable to obtain typed builder for NameIDType."); 496 } 497 }; 498 499 /** 500 * Builder for Condition extension objects. 501 * 502 * This is customized to force the schema type to be specified. 503 */ 504 class SAML_API ConditionBuilder : public xmltooling::XMLObjectBuilder { 505 public: ~ConditionBuilder()506 virtual ~ConditionBuilder() {} 507 /** Builder that allows element/type override. */ 508 #ifdef HAVE_COVARIANT_RETURNS 509 virtual Condition* buildObject( 510 #else 511 virtual xmltooling::XMLObject* buildObject( 512 #endif 513 const XMLCh* nsURI, const XMLCh* localName, const XMLCh* prefix=nullptr, const xmltooling::QName* schemaType=nullptr 514 ) const; 515 516 /** Singleton builder. */ buildCondition(const xmltooling::QName & schemaType)517 static Condition* buildCondition(const xmltooling::QName& schemaType) { 518 const ConditionBuilder* b = dynamic_cast<const ConditionBuilder*>( 519 XMLObjectBuilder::getBuilder(xmltooling::QName(samlconstants::SAML20_NS,Condition::LOCAL_NAME)) 520 ); 521 if (b) { 522 #ifdef HAVE_COVARIANT_RETURNS 523 return b->buildObject(samlconstants::SAML20_NS, Condition::LOCAL_NAME, samlconstants::SAML20_PREFIX, &schemaType); 524 #else 525 return dynamic_cast<Condition*>(b->buildObject(samlconstants::SAML20_NS, Condition::LOCAL_NAME, samlconstants::SAML20_PREFIX, &schemaType)); 526 #endif 527 } 528 throw xmltooling::XMLObjectException("Unable to obtain typed builder for Condition."); 529 } 530 }; 531 532 /** 533 * Builder for DelegationRestrictionType objects. 534 * 535 * This is customized to return a Condition element with an xsi:type of DelegationRestrictionType. 536 */ 537 class SAML_API DelegationRestrictionTypeBuilder : public xmltooling::ConcreteXMLObjectBuilder { 538 public: ~DelegationRestrictionTypeBuilder()539 virtual ~DelegationRestrictionTypeBuilder() {} 540 /** Default builder. */ 541 #ifdef HAVE_COVARIANT_RETURNS buildObject()542 virtual DelegationRestrictionType* buildObject() const { 543 #else 544 virtual xmltooling::XMLObject* buildObject() const { 545 #endif 546 xmltooling::QName schemaType( 547 samlconstants::SAML20_DELEGATION_CONDITION_NS, 548 DelegationRestrictionType::TYPE_NAME, 549 samlconstants::SAML20_DELEGATION_CONDITION_PREFIX 550 ); 551 return buildObject( 552 samlconstants::SAML20_DELEGATION_CONDITION_NS, 553 DelegationRestrictionType::LOCAL_NAME, 554 samlconstants::SAML20_DELEGATION_CONDITION_PREFIX, 555 &schemaType 556 ); 557 } 558 /** Builder that allows element/type override. */ 559 #ifdef HAVE_COVARIANT_RETURNS 560 virtual DelegationRestrictionType* buildObject( 561 #else 562 virtual xmltooling::XMLObject* buildObject( 563 #endif 564 const XMLCh* nsURI, const XMLCh* localName, const XMLCh* prefix=nullptr, const xmltooling::QName* schemaType=nullptr 565 ) const; 566 567 /** Singleton builder. */ 568 static DelegationRestrictionType* buildDelegationRestrictionType() { 569 const DelegationRestrictionTypeBuilder* b = dynamic_cast<const DelegationRestrictionTypeBuilder*>( 570 XMLObjectBuilder::getBuilder(xmltooling::QName(samlconstants::SAML20_DELEGATION_CONDITION_NS,DelegationRestrictionType::TYPE_NAME)) 571 ); 572 if (b) 573 #ifdef HAVE_COVARIANT_RETURNS 574 return b->buildObject(); 575 #else 576 return dynamic_cast<DelegationRestrictionType*>(b->buildObject()); 577 #endif 578 throw xmltooling::XMLObjectException("Unable to obtain typed builder for DelegationRestrictionType."); 579 } 580 }; 581 582 /** 583 * Builder for KeyInfoConfirmationDataType objects. 584 * 585 * This is customized to return a SubjectConfirmationData element with an 586 * xsi:type of KeyInfoConfirmationDataType. 587 */ 588 class SAML_API KeyInfoConfirmationDataTypeBuilder : public xmltooling::ConcreteXMLObjectBuilder { 589 public: ~KeyInfoConfirmationDataTypeBuilder()590 virtual ~KeyInfoConfirmationDataTypeBuilder() {} 591 /** Default builder. */ 592 #ifdef HAVE_COVARIANT_RETURNS buildObject()593 virtual KeyInfoConfirmationDataType* buildObject() const { 594 #else 595 virtual xmltooling::XMLObject* buildObject() const { 596 #endif 597 xmltooling::QName schemaType( 598 samlconstants::SAML20_NS,KeyInfoConfirmationDataType::TYPE_NAME,samlconstants::SAML20_PREFIX 599 ); 600 return buildObject( 601 samlconstants::SAML20_NS,KeyInfoConfirmationDataType::LOCAL_NAME,samlconstants::SAML20_PREFIX,&schemaType 602 ); 603 } 604 /** Builder that allows element/type override. */ 605 #ifdef HAVE_COVARIANT_RETURNS 606 virtual KeyInfoConfirmationDataType* buildObject( 607 #else 608 virtual xmltooling::XMLObject* buildObject( 609 #endif 610 const XMLCh* nsURI, const XMLCh* localName, const XMLCh* prefix=nullptr, const xmltooling::QName* schemaType=nullptr 611 ) const; 612 613 /** Singleton builder. */ 614 static KeyInfoConfirmationDataType* buildKeyInfoConfirmationDataType() { 615 const KeyInfoConfirmationDataTypeBuilder* b = dynamic_cast<const KeyInfoConfirmationDataTypeBuilder*>( 616 XMLObjectBuilder::getBuilder(xmltooling::QName(samlconstants::SAML20_NS,KeyInfoConfirmationDataType::TYPE_NAME)) 617 ); 618 if (b) 619 #ifdef HAVE_COVARIANT_RETURNS 620 return b->buildObject(); 621 #else 622 return dynamic_cast<KeyInfoConfirmationDataType*>(b->buildObject()); 623 #endif 624 throw xmltooling::XMLObjectException("Unable to obtain typed builder for KeyInfoConfirmationDataType."); 625 } 626 }; 627 628 /** 629 * Builder for Statement extension objects. 630 * 631 * This is customized to force the schema type to be specified. 632 */ 633 class SAML_API StatementBuilder : public xmltooling::XMLObjectBuilder { 634 public: ~StatementBuilder()635 virtual ~StatementBuilder() {} 636 /** Builder that allows element/type override. */ 637 #ifdef HAVE_COVARIANT_RETURNS 638 virtual Statement* buildObject( 639 #else 640 virtual xmltooling::XMLObject* buildObject( 641 #endif 642 const XMLCh* nsURI, const XMLCh* localName, const XMLCh* prefix=nullptr, const xmltooling::QName* schemaType=nullptr 643 ) const; 644 645 /** Singleton builder. */ buildStatement(const xmltooling::QName & schemaType)646 static Statement* buildStatement(const xmltooling::QName& schemaType) { 647 const StatementBuilder* b = dynamic_cast<const StatementBuilder*>( 648 XMLObjectBuilder::getBuilder(xmltooling::QName(samlconstants::SAML20_NS,Statement::LOCAL_NAME)) 649 ); 650 if (b) { 651 #ifdef HAVE_COVARIANT_RETURNS 652 return b->buildObject(samlconstants::SAML20_NS, Statement::LOCAL_NAME, samlconstants::SAML20_PREFIX, &schemaType); 653 #else 654 return dynamic_cast<Statement*>(b->buildObject(samlconstants::SAML20_NS, Statement::LOCAL_NAME, samlconstants::SAML20_PREFIX, &schemaType)); 655 #endif 656 } 657 throw xmltooling::XMLObjectException("Unable to obtain typed builder for Statement."); 658 } 659 }; 660 661 /** 662 * Registers builders and validators for SAML 2.0 Assertion classes into the runtime. 663 */ 664 void SAML_API registerAssertionClasses(); 665 }; 666 }; 667 668 #endif /* __saml2_assertions_h__ */ 669