View Javadoc

1   /*
2    * Copyright [2007] [University Corporation for Advanced Internet Development, Inc.]
3    *
4    * Licensed under the Apache License, Version 2.0 (the "License");
5    * you may not use this file except in compliance with the License.
6    * You may obtain a copy of the License at
7    *
8    * http://www.apache.org/licenses/LICENSE-2.0
9    *
10   * Unless required by applicable law or agreed to in writing, software
11   * distributed under the License is distributed on an "AS IS" BASIS,
12   * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13   * See the License for the specific language governing permissions and
14   * limitations under the License.
15   */
16  
17  package org.opensaml.xml.signature.validator;
18  
19  import java.util.HashSet;
20  import java.util.Set;
21  
22  import javax.xml.namespace.QName;
23  
24  import org.opensaml.xml.XMLObject;
25  import org.opensaml.xml.signature.KeyInfoType;
26  import org.opensaml.xml.signature.KeyName;
27  import org.opensaml.xml.signature.KeyValue;
28  import org.opensaml.xml.signature.MgmtData;
29  import org.opensaml.xml.signature.PGPData;
30  import org.opensaml.xml.signature.RetrievalMethod;
31  import org.opensaml.xml.signature.SPKIData;
32  import org.opensaml.xml.signature.X509Data;
33  import org.opensaml.xml.util.XMLConstants;
34  import org.opensaml.xml.validation.ValidationException;
35  import org.opensaml.xml.validation.Validator;
36  
37  /**
38   * Checks {@link org.opensaml.xml.signature.KeyInfoType} for Schema compliance. 
39   */
40  public class KeyInfoTypeSchemaValidator implements Validator<KeyInfoType> {
41      
42      /** QNames corresponding to the valid KeyInfo children. */
43      private static final Set<QName> VALID_DS_CHILD_NAMES;
44  
45      /** {@inheritDoc} */
46      public void validate(KeyInfoType xmlObject) throws ValidationException {
47          validateChildrenPresence(xmlObject);
48          validateChildrenNamespaces(xmlObject);
49      }
50      
51      /**
52       * Get the QNames corresponding to the valid KeyInfo children
53       * defined in the XML Signature namespace.
54       * 
55       * @return list of valid child QNames
56       */
57      protected static Set<QName> getValidDSChildNames() {
58          return VALID_DS_CHILD_NAMES;
59      }
60  
61      /**
62       * Validate that at least child is present.
63       * 
64       * @param xmlObject the object to validate
65       * @throws ValidationException  thrown if the object is invalid
66       */
67      protected void validateChildrenPresence(KeyInfoType xmlObject) throws ValidationException {
68          if (xmlObject.getXMLObjects().isEmpty()) {
69              throw new ValidationException("No children were present in the KeyInfoType object");
70          }
71      }
72      
73      /**
74       * Validate that all children are either ones defined within the XML Signature schema,
75       * or are from another namespace.
76       * 
77       * @param xmlObject the object to validate
78       * @throws ValidationException thrown if the object is invalid
79       */
80      protected void validateChildrenNamespaces(KeyInfoType xmlObject) throws ValidationException {
81          // Validate that any children are either the ones from the dsig schema,
82          // or are from another namespace.
83          for (XMLObject child : xmlObject.getXMLObjects()) {
84              QName childName = child.getElementQName();
85              if (! getValidDSChildNames().contains(childName) 
86                      && XMLConstants.XMLSIG_NS.equals(childName.getNamespaceURI())) {
87                  throw new ValidationException("KeyInfoType contains an illegal child extension element: " + childName);
88              }
89          }
90      }
91      
92      static {
93          VALID_DS_CHILD_NAMES = new HashSet<QName>(10);
94          VALID_DS_CHILD_NAMES.add(KeyName.DEFAULT_ELEMENT_NAME);
95          VALID_DS_CHILD_NAMES.add(KeyValue.DEFAULT_ELEMENT_NAME);
96          VALID_DS_CHILD_NAMES.add(RetrievalMethod.DEFAULT_ELEMENT_NAME);
97          VALID_DS_CHILD_NAMES.add(X509Data.DEFAULT_ELEMENT_NAME);
98          VALID_DS_CHILD_NAMES.add(PGPData.DEFAULT_ELEMENT_NAME);
99          VALID_DS_CHILD_NAMES.add(SPKIData.DEFAULT_ELEMENT_NAME);
100         VALID_DS_CHILD_NAMES.add(MgmtData.DEFAULT_ELEMENT_NAME);
101     }
102 }