1 /*
2 * Copyright [2007] [University Corporation for Advanced Internet Development, Inc.]
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 *
8 * http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 */
16
17 package org.opensaml.xml.signature.validator;
18
19 import javax.xml.namespace.QName;
20
21 import org.opensaml.xml.XMLObject;
22 import org.opensaml.xml.signature.SPKIData;
23 import org.opensaml.xml.signature.SPKISexp;
24 import org.opensaml.xml.util.XMLConstants;
25 import org.opensaml.xml.validation.ValidationException;
26 import org.opensaml.xml.validation.Validator;
27
28 /**
29 * Checks {@link org.opensaml.xml.signature.SPKIData} for Schema compliance.
30 */
31 public class SPKIDataSchemaValidator implements Validator<SPKIData> {
32
33 /** {@inheritDoc} */
34 public void validate(SPKIData xmlObject) throws ValidationException {
35 validateChildrenPresence(xmlObject);
36 validateChildrenNamespaces(xmlObject);
37 }
38
39 /**
40 * Validate that at least SPKISexp child is present.
41 *
42 * @param xmlObject the object to validate
43 * @throws ValidationException thrown if the object is invalid
44 */
45 protected void validateChildrenPresence(SPKIData xmlObject) throws ValidationException {
46 if (xmlObject.getSPKISexps().isEmpty()) {
47 throw new ValidationException("SPKIData does not contain at least one SPKISexp child");
48 }
49 }
50
51 /**
52 * Validate that all children are either ones defined within the XML Signature schema,
53 * or are from another namespace.
54 *
55 * @param xmlObject the object to validate
56 * @throws ValidationException thrown if the object is invalid
57 */
58 protected void validateChildrenNamespaces(SPKIData xmlObject) throws ValidationException {
59 // Validate that any children are either the ones from the dsig schema,
60 // or are from another namespace.
61 for (XMLObject child : xmlObject.getXMLObjects()) {
62 QName childName = child.getElementQName();
63 if (! SPKISexp.DEFAULT_ELEMENT_NAME.equals(childName)
64 && XMLConstants.XMLSIG_NS.equals(childName.getNamespaceURI())) {
65 throw new ValidationException("PGPData contains an illegal child extension element: " + childName);
66 }
67 }
68 }
69
70 }