View Javadoc

1   /*
2    * Copyright [2007] [University Corporation for Advanced Internet Development, Inc.]
3    *
4    * Licensed under the Apache License, Version 2.0 (the "License");
5    * you may not use this file except in compliance with the License.
6    * You may obtain a copy of the License at
7    *
8    * http://www.apache.org/licenses/LICENSE-2.0
9    *
10   * Unless required by applicable law or agreed to in writing, software
11   * distributed under the License is distributed on an "AS IS" BASIS,
12   * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13   * See the License for the specific language governing permissions and
14   * limitations under the License.
15   */
16  
17  package org.opensaml.xml.signature.validator;
18  
19  import java.util.List;
20  
21  import javax.xml.namespace.QName;
22  
23  import org.opensaml.xml.XMLObject;
24  import org.opensaml.xml.signature.KeyValue;
25  import org.opensaml.xml.util.XMLConstants;
26  import org.opensaml.xml.validation.ValidationException;
27  import org.opensaml.xml.validation.Validator;
28  
29  /**
30   * Checks {@link org.opensaml.xml.signature.KeyValue} for Schema compliance. 
31   */
32  public class KeyValueSchemaValidator implements Validator<KeyValue> {
33  
34      /** {@inheritDoc} */
35      public void validate(KeyValue xmlObject) throws ValidationException {
36          validateChildrenPresence(xmlObject);
37          validateExtensionChildNamespace(xmlObject);
38      }
39  
40      /**
41       * Validate that exactly one child is present.
42       * 
43       * @param xmlObject the object to validate
44       * @throws ValidationException  thrown if the object is invalid
45       */
46      protected void validateChildrenPresence(KeyValue xmlObject) throws ValidationException {
47          List<XMLObject> children = xmlObject.getOrderedChildren();
48          if (children == null || children.isEmpty()) {
49              throw new ValidationException("No children were present in the KeyValue object");
50          }
51          if (children.size() > 1) {
52              throw new ValidationException("Invalid number of children were present in the KeyValue object");
53          }
54      }
55      
56      /**
57       * Validate that the extension child, if present, is from another namespace.
58       * 
59       * @param xmlObject the object to validate
60       * @throws ValidationException thrown if the object is invalid
61       */
62      protected void validateExtensionChildNamespace(KeyValue xmlObject) throws ValidationException {
63          // Validate that the unknown child is not from the dsig namespace
64          // or are from another namespace.
65          XMLObject unknownChild = xmlObject.getUnknownXMLObject();
66          if (unknownChild == null) {
67              return;
68          }
69          QName childName = unknownChild.getElementQName();
70          if (XMLConstants.XMLSIG_NS.equals(childName.getNamespaceURI())) {
71              throw new ValidationException("KeyValue contains an illegal child extension element: " + childName);
72          }
73      }
74  }