Create ws-federation classes

simplesamlphp · Jan 21, 2024 · 5b27581 · 5b27581
1 parent f09fbc6
commit 5b27581
Show file tree

Hide file tree

Showing 185 changed files with 8,152 additions and 57 deletions.
diff --git a/.github/workflows/autolock-conversations.yml b/.github/workflows/autolock-conversations.yml
@@ -18,7 +18,7 @@ jobs:
   action:
     runs-on: ubuntu-latest
     steps:
-      - uses: dessant/lock-threads@v4
+      - uses: dessant/lock-threads@v5
         with:
           issue-inactive-days: '90'
           pr-inactive-days: '90'

diff --git a/.github/workflows/php.yml b/.github/workflows/php.yml
@@ -201,7 +201,7 @@ jobs:
 
       - name: Save coverage data
         if: ${{ matrix.php-versions == '8.3' }}
-        uses: actions/upload-artifact@v3
+        uses: actions/upload-artifact@v4
         with:
           name: coverage-data
           path: ${{ github.workspace }}/build

diff --git a/resources/schemas/ws-federation.xsd b/resources/schemas/ws-federation.xsd
@@ -182,7 +182,7 @@ MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
   </xs:complexType>  
 
   <!-- Section 3.1.4 -->
-  <xs:element name='PsuedonymServiceEndpoints' type='tns:EndpointType' />
+  <xs:element name='PseudonymServiceEndpoints' type='tns:EndpointType' />
   <xs:complexType name='EndpointType' >
     <xs:sequence>
       <xs:element ref='wsa:EndpointReference' minOccurs='1' maxOccurs='unbounded'/>
@@ -260,7 +260,7 @@ MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
   <!-- <xs:element name='AutomaticPseudonyms' type='xs:boolean' /> -->
 
   <!-- Section 3.1.13 -->
-  <xs:element name='PassiveRequestorEnpoints' type='tns:EndpointType'/>
+  <xs:element name='PassiveRequestorEndpoints' type='tns:EndpointType'/>
 
   <!-- Section 3.1.14 -->
   <!-- Defined above -->

diff --git a/src/XML/auth/AbstractClaimType.php b/src/XML/auth/AbstractClaimType.php
@@ -55,7 +55,7 @@ abstract class AbstractClaimType extends AbstractAuthElement
      * ) $value
      * @param list<\SimpleSAML\XML\Attribute> $namespacedAttributes
      */
-    public function __construct(
+    final public function __construct(
         protected string $uri,
         protected ?bool $optional = null,
         protected ?DisplayName $displayName = null,
@@ -227,7 +227,7 @@ public function toXML(DOMElement $parent = null): DOMElement
         $this->getDisplayName()?->toXML($e);
         $this->getDescription()?->toXML($e);
         $this->getDisplayValue()?->toXML($e);
-        $this->getValue()->toXML($e);
+        $this->getValue()?->toXML($e);
 
         foreach ($this->getAttributesNS() as $attr) {
             $attr->toXML($e);

diff --git a/src/XML/auth/AbstractConstrainedValueType.php b/src/XML/auth/AbstractConstrainedValueType.php
@@ -43,7 +43,7 @@ abstract class AbstractConstrainedValueType extends AbstractAuthElement
      * @param \SimpleSAML\XML\SerializableElementInterface[] $children
      * @param bool|null $assertConstraint
      */
-    public function __construct(
+    final public function __construct(
         protected ValueLessThan|ValueLessThanOrEqual|ValueGreaterThan|ValueGreaterThanOrEqual|ValueInRangen|ValueOneOf $value,
         array $children = [],
         protected ?bool $assertConstraint = null

diff --git a/src/XML/auth/AbstractStructuredValueType.php b/src/XML/auth/AbstractStructuredValueType.php
@@ -35,7 +35,7 @@ abstract class AbstractStructuredValueType extends AbstractAuthElement
      * @param \SimpleSAML\XML\SerializableElementInterface[] $children
      * @param array $namespacedAttributes
      */
-    public function __construct(
+    final public function __construct(
         array $children = [],
         array $namespacedAttributes = []
     ) {

diff --git a/src/XML/fed/AbstractApplicationServiceType.php b/src/XML/fed/AbstractApplicationServiceType.php
@@ -0,0 +1,172 @@
+<?php
+
+declare(strict_types=1);
+
+namespace SimpleSAML\WSSecurity\XML\fed;
+
+use DateTimeImmutable;
+use DOMElement;
+use SimpleSAML\Assert\Assert;
+use SimpleSAML\SAML2\XML\md\Extensions;
+use SimpleSAML\SAML2\XML\md\Organization;
+use SimpleSAML\XML\Exception\MissingElementException;
+use SimpleSAML\XML\Exception\SchemaViolationException;
+
+/**
+ * A ApplicationServiceType
+ *
+ * @package tvdijen/ws-security
+ */
+abstract class AbstractApplicationServiceType extends AbstractWebServiceDescriptorType
+{
+    /**
+     * ApplicationServiceType constructor.
+     *
+     * @param string[] $protocolSupportEnumeration A set of URI specifying the protocols supported.
+     * @param string|null $ID The ID for this document. Defaults to null.
+     * @param \DateTimeImmutable|null $validUntil Unix time of validity for this document. Defaults to null.
+     * @param string|null $cacheDuration Maximum time this document can be cached. Defaults to null.
+     * @param \SimpleSAML\SAML2\XML\md\Extensions|null $extensions An array of extensions. Defaults to an empty array.
+     * @param string|null $errorURL An URI where to redirect users for support. Defaults to null.
+     * @param \SimpleSAML\SAML2\XML\md\KeyDescriptor[] $keyDescriptors An array of KeyDescriptor elements.
+     *   Defaults to an empty array.
+     * @param \SimpleSAML\SAML2\XML\md\Organization|null $organization
+     *   The organization running this entity. Defaults to null.
+     * @param \SimpleSAML\SAML2\XML\md\ContactPerson[] $contacts An array of contacts for this entity.
+     *   Defaults to an empty array.
+     * @param list<\SimpleSAML\XML\Attribute> $namespacedAttributes
+     * @param \SimpleSAML\WSSecurity\XML\fed\LogicalServiceNamesOffered|null $logicalServiceNamesOffered
+     * @param \SimpleSAML\WSSecurity\XML\fed\TokenTypesOffered|null $tokenTypesOffered
+     * @param \SimpleSAML\WSSecurity\XML\fed\ClaimDialectsOffered|null $claimDialectsOffered
+     * @param \SimpleSAML\WSSecurity\XML\fed\ClaimTypesOffered|null $claimTypesOffered
+     * @param \SimpleSAML\WSSecurity\XML\fed\ClaimTypesRequested|null $claimTypesRequested
+     * @param \SimpleSAML\WSSecurity\XML\fed\AutomaticPseudonyms|null $automaticPseudonyms
+     * @param \SimpleSAML\WSSecurity\XML\fed\TargetScopes|null $targetScopes
+     * @param string|null $serviceDisplayName
+     * @param string|null $serviceDescription
+     * @param \SimpleSAML\WSSecurity\XML\fed\ApplicationServiceEndpoint[] $applicationServiceEndpoint
+     * @param \SimpleSAML\WSSecurity\XML\fed\SingleSignOutNotificationEndpoint[] $singleSignOutNotificationEndpoint
+     */
+    final public function __construct(
+        array $protocolSupportEnumeration,
+        ?string $ID = null,
+        ?DateTimeImmutable $validUntil = null,
+        ?string $cacheDuration = null,
+        ?Extensions $extensions = null,
+        ?string $errorURL = null,
+        array $keyDescriptors = [],
+        ?Organization $organization = null,
+        array $contacts = [],
+        array $namespacedAttributes = [],
+        ?LogicalServiceNamesOffered $logicalServiceNamesOffered = null,
+        ?TokenTypesOffered $tokenTypesOffered = null,
+        ?ClaimDialectsOffered $claimDialectsOffered = null,
+        ?ClaimTypesOffered $claimTypesOffered = null,
+        ?ClaimTypesRequested $claimTypesRequested = null,
+        ?AutomaticPseudonyms $automaticPseudonyms = null,
+        ?TargetScopes $targetScopes = null,
+        ?string $serviceDisplayName = null,
+        ?string $serviceDescription = null,
+        protected array $applicationServiceEndpoint = [],
+        protected array $singleSignOutNotificationEndpoint = [],
+        protected array $passiveRequestorEndpoint = [],
+    ) {
+        Assert::minCount($applicationServiceEndpoint, 1, MissingElementException::class);
+        Assert::allIsInstanceOf(
+            $applicationServiceEndpoint,
+            ApplicationServiceEndpoint::class,
+            SchemaViolationException::class,
+        );
+        Assert::allIsInstanceOf(
+            $singleSignOutNotificationEndpoint,
+            SingleSignOutNotificationEndpoint::class,
+            SchemaViolationException::class,
+        );
+        Assert::allIsInstanceOf(
+            $passiveRequestorEndpoint,
+            PassiveRequestorEndpoint::class,
+            SchemaViolationException::class,
+        );
+
+        parent::__construct(
+            $protocolSupportEnumeration,
+            $ID,
+            $validUntil,
+            $cacheDuration,
+            $extensions,
+            $errorURL,
+            $keyDescriptor,
+            $organization,
+            $contact,
+            $namespacedAttributes,
+            $logicalServiceNamesOffered,
+            $tokenTypesOffered,
+            $claimDialectsOffered,
+            $claimTypesOffered,
+            $claimTypesRequested,
+            $automaticPseudonyms,
+            $targetedScopes,
+            $serviceDisplayName,
+            $serviceDescription,
+        );
+    }
+
+
+    /**
+     * Collect the value of the applicationServicEndpoint-property
+     *
+     * @return \SimpleSAML\WSSecurity\XML\fed\ApplicationServiceEndpoint[]
+     */
+    public function getApplicationServiceEndpoint(): array
+    {
+        return $this->applicationServiceEndpoint;
+    }
+
+
+    /**
+     * Collect the value of the singleSignOutNotificationtionEndpoint-property
+     *
+     * @return \SimpleSAML\WSSecurity\XML\fed\SingleSignOutNotificationEndpoint[]
+     */
+    public function getSingleSignOutNotificationEndpoint(): array
+    {
+        return $this->singleSignOutNotificationEndpoint;
+    }
+
+
+    /**
+     * Collect the value of the passiveRequestorEndpoint-property
+     *
+     * @return \SimpleSAML\WSSecurity\XML\fed\PassiveRequestorEndpoint[]
+     */
+    public function getPassiveRequestorEndpoint(): array
+    {
+        return $this->passiveRequestorEndpoint;
+    }
+
+
+    /**
+     * Convert this element to XML.
+     *
+     * @param \DOMElement|null $parent The element we should append this element to.
+     * @return \DOMElement
+     */
+    public function toUnsignedXML(?DOMElement $parent = null): DOMElement
+    {
+        $e = parent::toXML($parent);
+
+        foreach ($this->getApplicationServiceEndpoint() as $ase) {
+            $ase->toXML($e);
+        }
+
+        foreach ($this->getSingleSignOutNotificationEndpoint() as $ssone) {
+            $ssone->toXML($e);
+        }
+
+        foreach ($this->getPassiveRequestorEndpoint() as $pre) {
+            $pre->toXML($e);
+        }
+
+        return $e;
+    }
+}
diff --git a/src/XML/fed/AbstractAssertionType.php b/src/XML/fed/AbstractAssertionType.php
@@ -0,0 +1,112 @@
+<?php
+
+declare(strict_types=1);
+
+namespace SimpleSAML\WSSecurity\XML\fed;
+
+use DOMElement;
+use SimpleSAML\Assert\Assert;
+use SimpleSAML\XML\Chunk;
+use SimpleSAML\XML\ExtendableAttributesTrait;
+use SimpleSAML\XML\ExtendableElementTrait;
+use SimpleSAML\XML\Exception\InvalidDOMElementException;
+use SimpleSAML\XML\XsNamespace as NS;
+
+/**
+ * Class defining the AssertionType element
+ *
+ * @package tvdijen/ws-security
+ */
+abstract class AbstractAssertionType extends AbstractFedElement
+{
+    use ExtendableAttributesTrait;
+    use ExtendableElementTrait;
+
+    /** The namespace-attribute for the xs:anyAttribute element */
+    public const XS_ANY_ATTR_NAMESPACE = NS::OTHER;
+
+    /** The namespace-attribute for the xs:any element */
+    public const XS_ANY_ELT_NAMESPACE = NS::ANY;
+
+
+    /**
+     * AbstractAssertionType constructor
+     *
+     * @param \SimpleSAML\XML\SerializableElementInterface[] $children
+     * @param array $namespacedAttributes
+     */
+    final public function __construct(
+        array $children = [],
+        array $namespacedAttributes = []
+    ) {
+        $this->setElements($children);
+        $this->setAttributesNS($namespacedAttributes);
+    }
+
+
+    /**
+     * Test if an object, at the state it's in, would produce an empty XML-element
+     *
+     * @return bool
+     */
+    public function isEmptyElement(): bool
+    {
+        return empty($this->getElements())
+            && empty($this->getAttributesNS());
+    }
+
+
+    /**
+     * Create an instance of this object from its XML representation.
+     *
+     * @param \DOMElement $xml
+     * @return static
+     *
+     * @throws \SimpleSAML\XML\Exception\InvalidDOMElementException
+     *   if the qualified name of the supplied element is wrong
+     */
+    public static function fromXML(DOMElement $xml): static
+    {
+        Assert::same($xml->localName, static::getLocalName(), InvalidDOMElementException::class);
+        Assert::same($xml->namespaceURI, static::NS, InvalidDOMElementException::class);
+
+        $children = [];
+        foreach ($xml->childNodes as $child) {
+            if (!($child instanceof DOMElement)) {
+                continue;
+            }
+
+            $children[] = new Chunk($child);
+        }
+
+        return new static(
+            $children,
+            self::getAttributesNSFromXML($xml),
+        );
+    }
+
+
+    /**
+     * Add this AssertionType to an XML element.
+     *
+     * @param \DOMElement $parent The element we should append this username token to.
+     * @return \DOMElement
+     */
+    public function toXML(DOMElement $parent = null): DOMElement
+    {
+        $e = parent::instantiateParentElement($parent);
+
+        foreach ($this->getAttributesNS() as $attr) {
+            $attr->toXML($e);
+        }
+
+        /** @psalm-var \SimpleSAML\XML\SerializableElementInterface $child */
+        foreach ($this->getElements() as $child) {
+            if (!$child->isEmptyElement()) {
+                $child->toXML($e);
+            }
+        }
+
+        return $e;
+    }
+}