From c4a1e67e92f906fc341dfe9b375591f8d8c00261 Mon Sep 17 00:00:00 2001
From: Tim van Dijen <tvdijen@gmail.com>
Date: Sat, 27 Jan 2024 14:07:14 +0100
Subject: [PATCH] Add wst classes

---
 src/XML/wst/AbstractBinarySecretType.php      | 116 ++++++++++++++++++
 .../AbstractBinarySecretTypeOpenEnumType.php  |  60 ---------
 ...ractRequestSecurityTokenCollectionType.php |  82 +++++++++++++
 ...estSecurityTokenResponseCollectionType.php |  99 +++++++++++++++
 src/XML/wst/BinarySecret.php                  |  14 +++
 src/XML/wst/IssuedTokens.php                  |  14 +++
 src/XML/wst/Issuer.php                        |  22 ++++
 .../wst/RequestSecurityTokenCollection.php    |  14 +++
 ...RequestSecurityTokenResponseCollection.php |  14 +++
 tests/WSSecurity/XML/wst/BinarySecretTest.php |  68 ++++++++++
 tests/WSSecurity/XML/wst/IssuedTokensTest.php |  74 +++++++++++
 tests/WSSecurity/XML/wst/IssuerTest.php       |  97 +++++++++++++++
 .../RequestSecurityTokenCollectionTest.php    |  76 ++++++++++++
 ...estSecurityTokenResponseCollectionTest.php |  74 +++++++++++
 tests/resources/xml/IssuedTokens.php          |   5 +
 tests/resources/xml/wst_BinarySecret.xml      |   1 +
 tests/resources/xml/wst_IssuedTokens.xml      |   5 +
 tests/resources/xml/wst_Issuer.xml            |  14 +++
 .../wst_RequestSecurityTokenCollection.xml    |   8 ++
 ...RequestSecurityTokenResponseCollection.xml |   5 +
 20 files changed, 802 insertions(+), 60 deletions(-)
 create mode 100644 src/XML/wst/AbstractBinarySecretType.php
 delete mode 100644 src/XML/wst/AbstractBinarySecretTypeOpenEnumType.php
 create mode 100644 src/XML/wst/AbstractRequestSecurityTokenCollectionType.php
 create mode 100644 src/XML/wst/AbstractRequestSecurityTokenResponseCollectionType.php
 create mode 100644 src/XML/wst/BinarySecret.php
 create mode 100644 src/XML/wst/IssuedTokens.php
 create mode 100644 src/XML/wst/Issuer.php
 create mode 100644 src/XML/wst/RequestSecurityTokenCollection.php
 create mode 100644 src/XML/wst/RequestSecurityTokenResponseCollection.php
 create mode 100644 tests/WSSecurity/XML/wst/BinarySecretTest.php
 create mode 100644 tests/WSSecurity/XML/wst/IssuedTokensTest.php
 create mode 100644 tests/WSSecurity/XML/wst/IssuerTest.php
 create mode 100644 tests/WSSecurity/XML/wst/RequestSecurityTokenCollectionTest.php
 create mode 100644 tests/WSSecurity/XML/wst/RequestSecurityTokenResponseCollectionTest.php
 create mode 100644 tests/resources/xml/IssuedTokens.php
 create mode 100644 tests/resources/xml/wst_BinarySecret.xml
 create mode 100644 tests/resources/xml/wst_IssuedTokens.xml
 create mode 100644 tests/resources/xml/wst_Issuer.xml
 create mode 100644 tests/resources/xml/wst_RequestSecurityTokenCollection.xml
 create mode 100644 tests/resources/xml/wst_RequestSecurityTokenResponseCollection.xml

diff --git a/src/XML/wst/AbstractBinarySecretType.php b/src/XML/wst/AbstractBinarySecretType.php
new file mode 100644
index 00000000..f5c9c8c0
--- /dev/null
+++ b/src/XML/wst/AbstractBinarySecretType.php
@@ -0,0 +1,116 @@
+<?php
+
+declare(strict_types=1);
+
+namespace SimpleSAML\WSSecurity\XML\wst;
+
+use DOMElement;
+use SimpleSAML\Assert\Assert;
+use SimpleSAML\XML\Base64ElementTrait;
+use SimpleSAML\XML\Exception\InvalidDOMElementException;
+use SimpleSAML\XML\Exception\SchemaViolationException;
+use SimpleSAML\XML\ExtendableAttributesTrait;
+use SimpleSAML\XML\XsNamespace as NS;
+
+use function array_map;
+use function explode;
+use function implode;
+
+/**
+ * A BinarySecertType element
+ *
+ * @package tvdijen/ws-security
+ */
+abstract class AbstractBinarySecretType extends AbstractWstElement
+{
+    use Base64ElementTrait;
+    use ExtendableAttributesTrait;
+
+    /** @var string|\SimpleSAML\XML\XsNamespace */
+    public const XS_ANY_ATTR_NAMESPACE = NS::OTHER;
+
+    /** @var string[]|null */
+    protected ?array $Type;
+
+
+    /**
+     * @param string $content
+     * @param (\SimpleSAML\WSSecurity\XML\wst\BinarySecretTypeEnum|string)[]|null $Type
+     * @param \SimpleSAML\XML\Attribute[] $namespacedAttributes
+     */
+    final public function __construct(
+        string $content,
+        ?array $Type = null,
+        array $namespacedAttributes = []
+    ) {
+        if ($Type !== null) {
+            $Type = array_map(
+                function (BinarySecretTypeEnum|string $v): string {
+                    return ($v instanceof BinarySecretTypeEnum) ? $v->value : $v;
+                },
+                $Type,
+            );
+            Assert::allValidURI($Type, SchemaViolationException::class);
+            $this->Type = $Type;
+        }
+
+        $this->setContent($content);
+        $this->setAttributesNS($namespacedAttributes);
+    }
+
+
+    /**
+     * Get the Type property.
+     *
+     * @return string[]|null
+     */
+    public function getType(): ?array
+    {
+        return $this->Type;
+    }
+
+
+    /**
+     * Convert XML into a class instance
+     *
+     * @param \DOMElement $xml The XML element we should load
+     * @return static
+     *
+     * @throws \SimpleSAML\XML\Exception\InvalidDOMElementException
+     *   If the qualified name of the supplied element is wrong
+     */
+    public static function fromXML(DOMElement $xml): static
+    {
+        Assert::same($xml->localName, static::getLocalName(), InvalidDOMElementException::class);
+        Assert::same($xml->namespaceURI, static::NS, InvalidDOMElementException::class);
+
+        return new static(
+            $xml->textContent,
+            explode(' ', self::getAttribute($xml, 'Type')),
+            self::getAttributesNSFromXML($xml),
+        );
+    }
+
+
+    /**
+     * Convert this element to XML.
+     *
+     * @param \DOMElement|null $parent The element we should append this element to.
+     * @return \DOMElement
+     */
+    public function toXML(DOMElement $parent = null): DOMElement
+    {
+        $e = $this->instantiateParentElement($parent);
+        $e->textContent = $this->getContent();
+
+        if ($this->getType() !== null) {
+            $e->setAttribute('Type', implode(' ', $this->getType()));
+        }
+
+        foreach ($this->getAttributesNS() as $attr) {
+            $attr->toXML($e);
+        }
+
+        return $e;
+    }
+}
diff --git a/src/XML/wst/AbstractBinarySecretTypeOpenEnumType.php b/src/XML/wst/AbstractBinarySecretTypeOpenEnumType.php
deleted file mode 100644
index 0a3ca4d3..00000000
--- a/src/XML/wst/AbstractBinarySecretTypeOpenEnumType.php
+++ /dev/null
@@ -1,60 +0,0 @@
-<?php
-
-declare(strict_types=1);
-
-namespace SimpleSAML\WSSecurity\XML\wst;
-
-use DOMElement;
-use SimpleSAML\Assert\Assert;
-use SimpleSAML\XML\Exception\InvalidDOMElementException;
-use SimpleSAML\XML\Exception\SchemaViolationException;
-use SimpleSAML\XML\StringElementTrait;
-
-use function array_map;
-use function explode;
-use function implode;
-
-/**
- * A BinarySecretTypeOpenEnum element
- *
- * @package tvdijen/ws-security
- */
-abstract class AbstractBinarySecretTypeOpenEnum extends AbstractWstElement
-{
-    use StringElementTrait;
-
-
-    /**
-     * @param (\SimpleSAML\WSSecurity\XML\wst\BinarySecretTypeEnum|string)[] $values
-     */
-    public function __construct(array $values)
-    {
-        $values = array_map(
-            function (BinarySecretTypeEnum|string $v): string {
-                return ($v instanceof BinarySecretTypeEnum) ? $v->value : $v;
-            },
-            $values,
-        );
-        Assert::allValidURI($values, SchemaViolationException::class);
-
-        $this->setContent(implode(' ', $values));
-    }
-
-
-    /**
-     * Convert XML into a class instance
-     *
-     * @param \DOMElement $xml The XML element we should load
-     * @return static
-     *
-     * @throws \SimpleSAML\XML\Exception\InvalidDOMElementException
-     *   If the qualified name of the supplied element is wrong
-     */
-    public static function fromXML(DOMElement $xml): static
-    {
-        Assert::same($xml->localName, static::getLocalName(), InvalidDOMElementException::class);
-        Assert::same($xml->namespaceURI, static::NS, InvalidDOMElementException::class);
-
-        return new static(explode(' ', $xml->textContent));
-    }
-}
diff --git a/src/XML/wst/AbstractRequestSecurityTokenCollectionType.php b/src/XML/wst/AbstractRequestSecurityTokenCollectionType.php
new file mode 100644
index 00000000..816244c0
--- /dev/null
+++ b/src/XML/wst/AbstractRequestSecurityTokenCollectionType.php
@@ -0,0 +1,82 @@
+<?php
+
+declare(strict_types=1);
+
+namespace SimpleSAML\WSSecurity\XML\wst;
+
+use DOMElement;
+use SimpleSAML\Assert\Assert;
+use SimpleSAML\XML\Exception\InvalidDOMElementException;
+use SimpleSAML\XML\Exception\MissingElementException;
+use SimpleSAML\XML\Exception\SchemaViolationException;
+
+/**
+ * A RequestSecurityTokenCollectionType element
+ *
+ * @package tvdijen/ws-security
+ */
+abstract class AbstractRequestSecurityTokenCollectionType extends AbstractWstElement
+{
+    /**
+     * @param \SimpleSAML\WSSecurity\XML\wst\RequestSecurityToken[] $requestSecurityToken
+     */
+    final public function __construct(
+        protected array $requestSecurityToken
+    ) {
+        Assert::minCount($requestSecurityToken, 2, MissingElementException::class);
+        Assert::allIsInstanceOf(
+            $requestSecurityToken,
+            RequestSecurityToken::class,
+            SchemaViolationException::class,
+        );
+    }
+
+
+    /**
+     * Get the requestSecurityToken property.
+     *
+     * @return \SimpleSAML\WSSecurity\XML\wst\RequestSecurityToken[]
+     */
+    public function getRequestSecurityToken(): array
+    {
+        return $this->requestSecurityToken;
+    }
+
+
+    /**
+     * Convert XML into a class instance
+     *
+     * @param \DOMElement $xml The XML element we should load
+     * @return static
+     *
+     * @throws \SimpleSAML\XML\Exception\InvalidDOMElementException
+     *   If the qualified name of the supplied element is wrong
+     */
+    public static function fromXML(DOMElement $xml): static
+    {
+        Assert::same($xml->localName, static::getLocalName(), InvalidDOMElementException::class);
+        Assert::same($xml->namespaceURI, static::NS, InvalidDOMElementException::class);
+
+        return new static(
+            RequestSecurityToken::getChildrenOfClass($xml),
+        );
+    }
+
+
+    /**
+     * Convert this element to XML.
+     *
+     * @param \DOMElement|null $parent The element we should append this element to.
+     * @return \DOMElement
+     */
+    public function toXML(DOMElement $parent = null): DOMElement
+    {
+        $e = $this->instantiateParentElement($parent);
+
+        foreach ($this->getRequestSecurityToken() as $r) {
+            $r->toXML($e);
+        }
+
+        return $e;
+    }
+}
diff --git a/src/XML/wst/AbstractRequestSecurityTokenResponseCollectionType.php b/src/XML/wst/AbstractRequestSecurityTokenResponseCollectionType.php
new file mode 100644
index 00000000..c06c3cb9
--- /dev/null
+++ b/src/XML/wst/AbstractRequestSecurityTokenResponseCollectionType.php
@@ -0,0 +1,99 @@
+<?php
+
+declare(strict_types=1);
+
+namespace SimpleSAML\WSSecurity\XML\wst;
+
+use DOMElement;
+use SimpleSAML\Assert\Assert;
+use SimpleSAML\XML\Exception\InvalidDOMElementException;
+use SimpleSAML\XML\Exception\MissingElementException;
+use SimpleSAML\XML\Exception\SchemaViolationException;
+use SimpleSAML\XML\ExtendableAttributesTrait;
+use SimpleSAML\XML\XsNamespace as NS;
+
+/**
+ * A RequestSecurityTokenResponseCollectionType element
+ *
+ * @package tvdijen/ws-security
+ */
+abstract class AbstractRequestSecurityTokenResponseCollectionType extends AbstractWstElement
+{
+    use ExtendableAttributesTrait;
+
+    /** @var string|\SimpleSAML\XML\XsNamespace */
+    public const XS_ANY_ATTR_NAMESPACE = NS::OTHER;
+
+
+    /**
+     * @param \SimpleSAML\WSSecurity\XML\wst\RequestSecurityTokenResponse[] $requestSecurityTokenResponse
+     * @param \SimpleSAML\XML\Attribute[] $namespacedAttributes
+     */
+    final public function __construct(
+        protected array $requestSecurityTokenResponse,
+        array $namespacedAttributes
+    ) {
+        Assert::minCount($requestSecurityTokenResponse, 1, MissingElementException::class);
+        Assert::allIsInstanceOf(
+            $requestSecurityTokenResponse,
+            RequestSecurityTokenResponse::class,
+            SchemaViolationException::class,
+        );
+
+        $this->setAttributesNS($namespacedAttributes);
+    }
+
+
+    /**
+     * Get the requestSecurityTokenResponse property.
+     *
+     * @return \SimpleSAML\WSSecurity\XML\wst\RequestSecurityTokenResponse[]
+     */
+    public function getRequestSecurityTokenResponse(): array
+    {
+        return $this->requestSecurityTokenResponse;
+    }
+
+
+    /**
+     * Convert XML into a class instance
+     *
+     * @param \DOMElement $xml The XML element we should load
+     * @return static
+     *
+     * @throws \SimpleSAML\XML\Exception\InvalidDOMElementException
+     *   If the qualified name of the supplied element is wrong
+     */
+    public static function fromXML(DOMElement $xml): static
+    {
+        Assert::same($xml->localName, static::getLocalName(), InvalidDOMElementException::class);
+        Assert::same($xml->namespaceURI, static::NS, InvalidDOMElementException::class);
+
+        return new static(
+            RequestSecurityTokenResponse::getChildrenOfClass($xml),
+            self::getAttributesNSFromXML($xml),
+        );
+    }
+
+
+    /**
+     * Convert this element to XML.
+     *
+     * @param \DOMElement|null $parent The element we should append this element to.
+     * @return \DOMElement
+     */
+    public function toXML(DOMElement $parent = null): DOMElement
+    {
+        $e = $this->instantiateParentElement($parent);
+
+        foreach ($this->getRequestSecurityTokenResponse() as $r) {
+            $r->toXML($e);
+        }
+
+        foreach ($this->getAttributesNS() as $attr) {
+            $attr->toXML($e);
+        }
+
+        return $e;
+    }
+}
diff --git a/src/XML/wst/BinarySecret.php b/src/XML/wst/BinarySecret.php
new file mode 100644
index 00000000..40a8f2ed
--- /dev/null
+++ b/src/XML/wst/BinarySecret.php
@@ -0,0 +1,14 @@
+<?php
+
+declare(strict_types=1);
+
+namespace SimpleSAML\WSSecurity\XML\wst;
+
+/**
+ * A BinarySecret element
+ *
+ * @package tvdijen/ws-security
+ */
+final class BinarySecret extends AbstractBinarySecretType
+{
+}
diff --git a/src/XML/wst/IssuedTokens.php b/src/XML/wst/IssuedTokens.php
new file mode 100644
index 00000000..c9066743
--- /dev/null
+++ b/src/XML/wst/IssuedTokens.php
@@ -0,0 +1,14 @@
+<?php
+
+declare(strict_types=1);
+
+namespace SimpleSAML\WSSecurity\XML\wst;
+
+/**
+ * A IssuedTokens element
+ *
+ * @package tvdijen/ws-security
+ */
+final class IssuedTokens extends AbstractRequestSecurityTokenResponseCollectionType
+{
+}
diff --git a/src/XML/wst/Issuer.php b/src/XML/wst/Issuer.php
new file mode 100644
index 00000000..a1cfbe82
--- /dev/null
+++ b/src/XML/wst/Issuer.php
@@ -0,0 +1,22 @@
+<?php
+
+declare(strict_types=1);
+
+namespace SimpleSAML\WSSecurity\XML\wst;
+
+use SimpleSAML\WSSecurity\Constants as C;
+use SimpleSAML\WSSecurity\XML\wsa\AbstractEndpointReferenceType;
+
+/**
+ * An Issuer element
+ *
+ * @package tvdijen/ws-security
+ */
+final class Issuer extends AbstractEndpointReferenceType
+{
+    /** @var string */
+    public const NS = C::NS_TRUST;
+
+    /** @var string */
+    public const NS_PREFIX = 'wst';
+}
diff --git a/src/XML/wst/RequestSecurityTokenCollection.php b/src/XML/wst/RequestSecurityTokenCollection.php
new file mode 100644
index 00000000..92cac6dd
--- /dev/null
+++ b/src/XML/wst/RequestSecurityTokenCollection.php
@@ -0,0 +1,14 @@
+<?php
+
+declare(strict_types=1);
+
+namespace SimpleSAML\WSSecurity\XML\wst;
+
+/**
+ * A RequestSecurityTokenCollection element
+ *
+ * @package tvdijen/ws-security
+ */
+final class RequestSecurityTokenCollection extends AbstractRequestSecurityTokenCollectionType
+{
+}
diff --git a/src/XML/wst/RequestSecurityTokenResponseCollection.php b/src/XML/wst/RequestSecurityTokenResponseCollection.php
new file mode 100644
index 00000000..62d8923b
--- /dev/null
+++ b/src/XML/wst/RequestSecurityTokenResponseCollection.php
@@ -0,0 +1,14 @@
+<?php
+
+declare(strict_types=1);
+
+namespace SimpleSAML\WSSecurity\XML\wst;
+
+/**
+ * A RequestSecurityTokenResponseCollection element
+ *
+ * @package tvdijen/ws-security
+ */
+final class RequestSecurityTokenResponseCollection extends AbstractRequestSecurityTokenResponseCollectionType
+{
+}
diff --git a/tests/WSSecurity/XML/wst/BinarySecretTest.php b/tests/WSSecurity/XML/wst/BinarySecretTest.php
new file mode 100644
index 00000000..f1551809
--- /dev/null
+++ b/tests/WSSecurity/XML/wst/BinarySecretTest.php
@@ -0,0 +1,68 @@
+<?php
+
+declare(strict_types=1);
+
+namespace SimpleSAML\Test\WSSecurity\XML\wst;
+
+use PHPUnit\Framework\TestCase;
+use SimpleSAML\Test\WSSecurity\Constants as C;
+use SimpleSAML\WSSecurity\XML\wst\BinarySecret;
+use SimpleSAML\WSSecurity\XML\wst\BinarySecretTypeEnum;
+use SimpleSAML\XML\Attribute as XMLAttribute;
+use SimpleSAML\XML\DOMDocumentFactory;
+use SimpleSAML\XML\TestUtils\SchemaValidationTestTrait;
+use SimpleSAML\XML\TestUtils\SerializableElementTestTrait;
+
+use function dirname;
+
+/**
+ * Class \SimpleSAML\WSSecurity\XML\wst\BinarySecretTest
+ *
+ * @covers \SimpleSAML\WSSecurity\XML\wst\BinarySecret
+ * @covers \SimpleSAML\WSSecurity\XML\wst\AbstractBinarySecretType
+ * @covers \SimpleSAML\WSSecurity\XML\wst\AbstractWstElement
+ *
+ * @package tvdijen/ws-security
+ */
+final class BinarySecretTest extends TestCase
+{
+    use SchemaValidationTestTrait;
+    use SerializableElementTestTrait;
+
+
+    /**
+     */
+    public static function setUpBeforeClass(): void
+    {
+        self::$schemaFile = dirname(__FILE__, 5) . '/resources/schemas/ws-trust.xsd';
+
+        self::$testedClass = BinarySecret::class;
+
+        self::$xmlRepresentation = DOMDocumentFactory::fromFile(
+            dirname(__FILE__, 4) . '/resources/xml/wst_BinarySecret.xml',
+        );
+    }
+
+
+    // test marshalling
+
+
+    /**
+     * Test creating a BinarySecret object from scratch.
+     */
+    public function testMarshalling(): void
+    {
+        $attr1 = new XMLAttribute(C::NAMESPACE, 'ssp', 'attr1', 'testval1');
+
+        $binarySecret = new BinarySecret(
+            '/CTj03d1DB5e2t7CTo9BEzCf5S9NRzwnBgZRlm32REI=',
+            [BinarySecretTypeEnum::Nonce],
+            [$attr1],
+        );
+
+        $this->assertEquals(
+            self::$xmlRepresentation->saveXML(self::$xmlRepresentation->documentElement),
+            strval($binarySecret),
+        );
+    }
+}
diff --git a/tests/WSSecurity/XML/wst/IssuedTokensTest.php b/tests/WSSecurity/XML/wst/IssuedTokensTest.php
new file mode 100644
index 00000000..b64ea5d6
--- /dev/null
+++ b/tests/WSSecurity/XML/wst/IssuedTokensTest.php
@@ -0,0 +1,74 @@
+<?php
+
+declare(strict_types=1);
+
+namespace SimpleSAML\Test\WSSecurity\XML\wst;
+
+use PHPUnit\Framework\TestCase;
+use SimpleSAML\SOAP\Constants as SOAP;
+use SimpleSAML\Test\WSSecurity\Constants as C;
+use SimpleSAML\WSSecurity\XML\wsa\MessageID;
+use SimpleSAML\WSSecurity\XML\wst\IssuedTokens;
+use SimpleSAML\WSSecurity\XML\wst\RequestSecurityTokenResponse;
+use SimpleSAML\XML\Attribute as XMLAttribute;
+use SimpleSAML\XML\DOMDocumentFactory;
+use SimpleSAML\XML\TestUtils\SchemaValidationTestTrait;
+use SimpleSAML\XML\TestUtils\SerializableElementTestTrait;
+
+use function dirname;
+
+/**
+ * Class \SimpleSAML\WSSecurity\XML\wst\IssuedTokensTest
+ *
+ * @covers \SimpleSAML\WSSecurity\XML\wst\IssuedTokens
+ * @covers \SimpleSAML\WSSecurity\XML\wsa\AbstractEndpointReferenceType
+ * @covers \SimpleSAML\WSSecurity\XML\wsa\AbstractWsaElement
+ *
+ * @package tvdijen/ws-security
+ */
+final class IssuedTokensTest extends TestCase
+{
+    use SchemaValidationTestTrait;
+    use SerializableElementTestTrait;
+
+
+    /**
+     */
+    public static function setUpBeforeClass(): void
+    {
+        self::$schemaFile = dirname(__FILE__, 5) . '/resources/schemas/ws-trust.xsd';
+
+        self::$testedClass = IssuedTokens::class;
+
+        self::$xmlRepresentation = DOMDocumentFactory::fromFile(
+            dirname(__FILE__, 4) . '/resources/xml/wst_IssuedTokens.xml',
+        );
+    }
+
+
+    // test marshalling
+
+
+    /**
+     * Test creating a IssuedTokens object from scratch.
+     */
+    public function testMarshalling(): void
+    {
+        $attr1 = new XMLAttribute(SOAP::NS_SOAP_ENV_11, 'soapenv', 'mustUnderstand', '1');
+        $attr2 = new XMLAttribute(C::NAMESPACE, 'ssp', 'attr1', 'testval1');
+        $attr3 = new XMLAttribute(C::NAMESPACE, 'ssp', 'attr2', 'testval2');
+        $msgId = new MessageID('uuid:d0ccf3cd-2dce-4c1a-a5d6-be8912ecd7de', [$attr1]);
+
+        $requestSecurityTokenResponse = new RequestSecurityTokenResponse(C::NAMESPACE, [$msgId], [$attr2]);
+
+        $issuedTokens = new IssuedTokens(
+            [$requestSecurityTokenResponse],
+            [$attr3],
+        );
+
+        $this->assertEquals(
+            self::$xmlRepresentation->saveXML(self::$xmlRepresentation->documentElement),
+            strval($issuedTokens),
+        );
+    }
+}
diff --git a/tests/WSSecurity/XML/wst/IssuerTest.php b/tests/WSSecurity/XML/wst/IssuerTest.php
new file mode 100644
index 00000000..56a9e2a9
--- /dev/null
+++ b/tests/WSSecurity/XML/wst/IssuerTest.php
@@ -0,0 +1,97 @@
+<?php
+
+declare(strict_types=1);
+
+namespace SimpleSAML\Test\WSSecurity\XML\wst;
+
+use DOMElement;
+use PHPUnit\Framework\TestCase;
+use SimpleSAML\WSSecurity\XML\wsa\Address;
+use SimpleSAML\WSSecurity\XML\wsa\Metadata;
+use SimpleSAML\WSSecurity\XML\wsa\ReferenceParameters;
+use SimpleSAML\WSSecurity\XML\wst\Issuer;
+use SimpleSAML\XML\Attribute;
+use SimpleSAML\XML\Chunk;
+use SimpleSAML\XML\DOMDocumentFactory;
+use SimpleSAML\XML\TestUtils\SerializableElementTestTrait;
+
+use function dirname;
+use function strval;
+
+/**
+ * Tests for wst:Issuer.
+ *
+ * @covers \SimpleSAML\WSSecurity\XML\wst\Issuer
+ * @covers \SimpleSAML\WSSecurity\XML\wsa\AbstractEndpointReferenceType
+ * @covers \SimpleSAML\WSSecurity\XML\wsa\AbstractWsaElement
+ * @package tvdijen/ws-security
+ */
+final class IssuerTest extends TestCase
+{
+    use SerializableElementTestTrait;
+
+    /** @var \DOMElement $referenceParametersContent */
+    protected static DOMElement $referenceParametersContent;
+
+    /** @var \DOMElement $metadataContent */
+    protected static DOMElement $metadataContent;
+
+    /** @var \DOMElement $customContent */
+    protected static DOMElement $customContent;
+
+
+    /**
+     */
+    public static function setUpBeforeClass(): void
+    {
+        self::$testedClass = Issuer::class;
+
+        self::$xmlRepresentation = DOMDocumentFactory::FromFile(
+            dirname(__FILE__, 4) . '/resources/xml/wst_Issuer.xml'
+        );
+
+        self::$referenceParametersContent = DOMDocumentFactory::fromString(
+            '<m:GetPrice xmlns:m="https://www.w3schools.com/prices"><m:Item>Pears</m:Item></m:GetPrice>'
+        )->documentElement;
+
+        self::$metadataContent = DOMDocumentFactory::fromString(
+            '<m:GetPrice xmlns:m="https://www.w3schools.com/prices"><m:Item>Apples</m:Item></m:GetPrice>'
+        )->documentElement;
+
+        self::$customContent = DOMDocumentFactory::fromString(
+            '<ssp:Chunk xmlns:ssp="urn:x-simplesamlphp:namespace">SomeChunk</ssp:Chunk>'
+        )->documentElement;
+    }
+
+
+    // test marshalling
+
+
+    /**
+     * Test creating an Issuer object from scratch.
+     */
+    public function testMarshalling(): void
+    {
+        $attr1 = new Attribute('urn:x-simplesamlphp:namespace', 'ssp', 'test1', 'value1');
+        $attr2 = new Attribute('urn:x-simplesamlphp:namespace', 'ssp', 'test2', 'value2');
+        $attr3 = new Attribute('urn:x-simplesamlphp:namespace', 'ssp', 'test3', 'value3');
+        $attr4 = new Attribute('urn:x-simplesamlphp:namespace', 'ssp', 'test4', 'value4');
+
+        $referenceParameters = new ReferenceParameters([new Chunk(self::$referenceParametersContent)], [$attr4]);
+        $metadata = new Metadata([new Chunk(self::$metadataContent)], [$attr3]);
+        $chunk = new Chunk(self::$customContent);
+
+        $issuer = new Issuer(
+            new Address('https://login.microsoftonline.com/login.srf', [$attr2]),
+            [$referenceParameters],
+            [$metadata],
+            [$chunk],
+            [$attr1],
+        );
+
+        $this->assertEquals(
+            self::$xmlRepresentation->saveXML(self::$xmlRepresentation->documentElement),
+            strval($issuer)
+        );
+    }
+}
diff --git a/tests/WSSecurity/XML/wst/RequestSecurityTokenCollectionTest.php b/tests/WSSecurity/XML/wst/RequestSecurityTokenCollectionTest.php
new file mode 100644
index 00000000..944a9809
--- /dev/null
+++ b/tests/WSSecurity/XML/wst/RequestSecurityTokenCollectionTest.php
@@ -0,0 +1,76 @@
+<?php
+
+declare(strict_types=1);
+
+namespace SimpleSAML\Test\WSSecurity\XML\wst;
+
+use PHPUnit\Framework\TestCase;
+use SimpleSAML\SOAP\Constants as SOAP;
+use SimpleSAML\Test\WSSecurity\Constants as C;
+use SimpleSAML\WSSecurity\XML\wsa\MessageID;
+use SimpleSAML\WSSecurity\XML\wst\RequestSecurityToken;
+use SimpleSAML\WSSecurity\XML\wst\RequestSecurityTokenCollection;
+use SimpleSAML\XML\Attribute as XMLAttribute;
+use SimpleSAML\XML\DOMDocumentFactory;
+use SimpleSAML\XML\TestUtils\SchemaValidationTestTrait;
+use SimpleSAML\XML\TestUtils\SerializableElementTestTrait;
+
+use function dirname;
+
+/**
+ * Class \SimpleSAML\WSSecurity\XML\wst\RequestSecurityTokenCollectionTest
+ *
+ * @covers \SimpleSAML\WSSecurity\XML\wst\RequestSecurityTokenCollection
+ * @covers \SimpleSAML\WSSecurity\XML\wst\AbstractRequestSecurityTokenCollectionType
+ * @covers \SimpleSAML\WSSecurity\XML\wst\AbstractWstElement
+ *
+ * @package tvdijen/ws-security
+ */
+final class RequestSecurityTokenCollectionTest extends TestCase
+{
+    use SchemaValidationTestTrait;
+    use SerializableElementTestTrait;
+
+
+    /**
+     */
+    public static function setUpBeforeClass(): void
+    {
+        self::$schemaFile = dirname(__FILE__, 5) . '/resources/schemas/ws-trust.xsd';
+
+        self::$testedClass = RequestSecurityTokenCollection::class;
+
+        self::$xmlRepresentation = DOMDocumentFactory::fromFile(
+            dirname(__FILE__, 4) . '/resources/xml/wst_RequestSecurityTokenCollection.xml',
+        );
+    }
+
+
+    // test marshalling
+
+
+    /**
+     * Test creating a RequestSecurityTokenCollection object from scratch.
+     */
+    public function testMarshalling(): void
+    {
+        $attr1 = new XMLAttribute(SOAP::NS_SOAP_ENV_11, 'soapenv', 'mustUnderstand', '1');
+        $attr2 = new XMLAttribute(C::NAMESPACE, 'ssp', 'attr1', 'testval1');
+        $attr3 = new XMLAttribute(C::NAMESPACE, 'ssp', 'attr2', 'testval2');
+        $msgId1 = new MessageID('uuid:d0ccf3cd-2dce-4c1a-a5d6-be8912ecd7de', [$attr1]);
+        $msgId2 = new MessageID('uuid:d0ccf3cd-2dce-4c1a-a5d6-be8912ecd7df', [$attr1]);
+
+        $requestSecurityToken1 = new RequestSecurityToken(C::NAMESPACE, [$msgId1], [$attr2]);
+        $requestSecurityToken2 = new RequestSecurityToken(C::NAMESPACE, [$msgId2], [$attr3]);
+
+        $requestSecurityTokenCollection = new RequestSecurityTokenCollection([
+            $requestSecurityToken1,
+            $requestSecurityToken2,
+        ]);
+
+        $this->assertEquals(
+            self::$xmlRepresentation->saveXML(self::$xmlRepresentation->documentElement),
+            strval($requestSecurityTokenCollection),
+        );
+    }
+}
diff --git a/tests/WSSecurity/XML/wst/RequestSecurityTokenResponseCollectionTest.php b/tests/WSSecurity/XML/wst/RequestSecurityTokenResponseCollectionTest.php
new file mode 100644
index 00000000..575f5693
--- /dev/null
+++ b/tests/WSSecurity/XML/wst/RequestSecurityTokenResponseCollectionTest.php
@@ -0,0 +1,74 @@
+<?php
+
+declare(strict_types=1);
+
+namespace SimpleSAML\Test\WSSecurity\XML\wst;
+
+use PHPUnit\Framework\TestCase;
+use SimpleSAML\SOAP\Constants as SOAP;
+use SimpleSAML\Test\WSSecurity\Constants as C;
+use SimpleSAML\WSSecurity\XML\wsa\MessageID;
+use SimpleSAML\WSSecurity\XML\wst\RequestSecurityTokenResponse;
+use SimpleSAML\WSSecurity\XML\wst\RequestSecurityTokenResponseCollection;
+use SimpleSAML\XML\Attribute as XMLAttribute;
+use SimpleSAML\XML\DOMDocumentFactory;
+use SimpleSAML\XML\TestUtils\SchemaValidationTestTrait;
+use SimpleSAML\XML\TestUtils\SerializableElementTestTrait;
+
+use function dirname;
+
+/**
+ * Class \SimpleSAML\WSSecurity\XML\wst\RequestSecurityTokenResponseCollectionTest
+ *
+ * @covers \SimpleSAML\WSSecurity\XML\wst\RequestSecurityTokenResponseCollection
+ * @covers \SimpleSAML\WSSecurity\XML\wst\AbstractRequestSecurityTokenResponseCollectionType
+ * @covers \SimpleSAML\WSSecurity\XML\wst\AbstractWstElement
+ *
+ * @package tvdijen/ws-security
+ */
+final class RequestSecurityTokenResponseCollectionTest extends TestCase
+{
+    use SchemaValidationTestTrait;
+    use SerializableElementTestTrait;
+
+
+    /**
+     */
+    public static function setUpBeforeClass(): void
+    {
+        self::$schemaFile = dirname(__FILE__, 5) . '/resources/schemas/ws-trust.xsd';
+
+        self::$testedClass = RequestSecurityTokenResponseCollection::class;
+
+        self::$xmlRepresentation = DOMDocumentFactory::fromFile(
+            dirname(__FILE__, 4) . '/resources/xml/wst_RequestSecurityTokenResponseCollection.xml',
+        );
+    }
+
+
+    // test marshalling
+
+
+    /**
+     * Test creating a RequestSecurityTokenResponseCollection object from scratch.
+     */
+    public function testMarshalling(): void
+    {
+        $attr1 = new XMLAttribute(SOAP::NS_SOAP_ENV_11, 'soapenv', 'mustUnderstand', '1');
+        $attr2 = new XMLAttribute(C::NAMESPACE, 'ssp', 'attr1', 'testval1');
+        $attr3 = new XMLAttribute(C::NAMESPACE, 'ssp', 'attr2', 'testval2');
+        $msgId = new MessageID('uuid:d0ccf3cd-2dce-4c1a-a5d6-be8912ecd7de', [$attr1]);
+
+        $requestSecurityTokenResponse = new RequestSecurityTokenResponse(C::NAMESPACE, [$msgId], [$attr2]);
+
+        $requestSecurityTokenResponseCollection = new RequestSecurityTokenResponseCollection(
+            [$requestSecurityTokenResponse],
+            [$attr3],
+        );
+
+        $this->assertEquals(
+            self::$xmlRepresentation->saveXML(self::$xmlRepresentation->documentElement),
+            strval($requestSecurityTokenResponseCollection),
+        );
+    }
+}
diff --git a/tests/resources/xml/IssuedTokens.php b/tests/resources/xml/IssuedTokens.php
new file mode 100644
index 00000000..0010356c
--- /dev/null
+++ b/tests/resources/xml/IssuedTokens.php
@@ -0,0 +1,5 @@
+<wst:IssuedTokens xmlns:wst="http://docs.oasis-open.org/ws-sx/ws-trust/200512/" xmlns:ssp="urn:x-simplesamlphp:namespace" xmlns:wsa="http://www.w3.org/2005/08/addressing" xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" ssp:attr2="testval2">
+  <wst:RequestSecurityTokenResponse Context="urn:x-simplesamlphp:namespace" ssp:attr1="testval1">
+    <wsa:MessageID soapenv:mustUnderstand="1">uuid:d0ccf3cd-2dce-4c1a-a5d6-be8912ecd7de</wsa:MessageID>
+  </wst:RequestSecurityTokenResponse>
+</wst:IssuedTokens>
diff --git a/tests/resources/xml/wst_BinarySecret.xml b/tests/resources/xml/wst_BinarySecret.xml
new file mode 100644
index 00000000..a2acf4d7
--- /dev/null
+++ b/tests/resources/xml/wst_BinarySecret.xml
@@ -0,0 +1 @@
+<wst:BinarySecret xmlns:wst="http://docs.oasis-open.org/ws-sx/ws-trust/200512/" xmlns:ssp="urn:x-simplesamlphp:namespace" Type="http://docs.oasis-open.org/ws-sx/ws-trust/200512/Nonce" ssp:attr1="testval1">/CTj03d1DB5e2t7CTo9BEzCf5S9NRzwnBgZRlm32REI=</wst:BinarySecret>
diff --git a/tests/resources/xml/wst_IssuedTokens.xml b/tests/resources/xml/wst_IssuedTokens.xml
new file mode 100644
index 00000000..0010356c
--- /dev/null
+++ b/tests/resources/xml/wst_IssuedTokens.xml
@@ -0,0 +1,5 @@
+<wst:IssuedTokens xmlns:wst="http://docs.oasis-open.org/ws-sx/ws-trust/200512/" xmlns:ssp="urn:x-simplesamlphp:namespace" xmlns:wsa="http://www.w3.org/2005/08/addressing" xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" ssp:attr2="testval2">
+  <wst:RequestSecurityTokenResponse Context="urn:x-simplesamlphp:namespace" ssp:attr1="testval1">
+    <wsa:MessageID soapenv:mustUnderstand="1">uuid:d0ccf3cd-2dce-4c1a-a5d6-be8912ecd7de</wsa:MessageID>
+  </wst:RequestSecurityTokenResponse>
+</wst:IssuedTokens>
diff --git a/tests/resources/xml/wst_Issuer.xml b/tests/resources/xml/wst_Issuer.xml
new file mode 100644
index 00000000..dc57ede4
--- /dev/null
+++ b/tests/resources/xml/wst_Issuer.xml
@@ -0,0 +1,14 @@
+<wst:Issuer xmlns:wst="http://docs.oasis-open.org/ws-sx/ws-trust/200512/" xmlns:ssp="urn:x-simplesamlphp:namespace" ssp:test1="value1">
+  <wsa:Address xmlns:wsa="http://www.w3.org/2005/08/addressing" ssp:test2="value2">https://login.microsoftonline.com/login.srf</wsa:Address>
+  <wsa:ReferenceParameters xmlns:wsa="http://www.w3.org/2005/08/addressing" ssp:test4="value4">
+    <m:GetPrice xmlns:m="https://www.w3schools.com/prices">
+      <m:Item>Pears</m:Item>
+    </m:GetPrice>
+  </wsa:ReferenceParameters>
+  <wsa:Metadata xmlns:wsa="http://www.w3.org/2005/08/addressing" ssp:test3="value3">
+    <m:GetPrice xmlns:m="https://www.w3schools.com/prices">
+      <m:Item>Apples</m:Item>
+    </m:GetPrice>
+  </wsa:Metadata>
+  <ssp:Chunk>SomeChunk</ssp:Chunk>
+</wst:Issuer>
diff --git a/tests/resources/xml/wst_RequestSecurityTokenCollection.xml b/tests/resources/xml/wst_RequestSecurityTokenCollection.xml
new file mode 100644
index 00000000..fd884825
--- /dev/null
+++ b/tests/resources/xml/wst_RequestSecurityTokenCollection.xml
@@ -0,0 +1,8 @@
+<wst:RequestSecurityTokenCollection xmlns:wst="http://docs.oasis-open.org/ws-sx/ws-trust/200512/">
+  <wst:RequestSecurityToken xmlns:ssp="urn:x-simplesamlphp:namespace" Context="urn:x-simplesamlphp:namespace" ssp:attr1="testval1">
+    <wsa:MessageID xmlns:wsa="http://www.w3.org/2005/08/addressing" xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" soapenv:mustUnderstand="1">uuid:d0ccf3cd-2dce-4c1a-a5d6-be8912ecd7de</wsa:MessageID>
+  </wst:RequestSecurityToken>
+  <wst:RequestSecurityToken xmlns:ssp="urn:x-simplesamlphp:namespace" Context="urn:x-simplesamlphp:namespace" ssp:attr2="testval2">
+    <wsa:MessageID xmlns:wsa="http://www.w3.org/2005/08/addressing" xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" soapenv:mustUnderstand="1">uuid:d0ccf3cd-2dce-4c1a-a5d6-be8912ecd7df</wsa:MessageID>
+  </wst:RequestSecurityToken>
+</wst:RequestSecurityTokenCollection>
diff --git a/tests/resources/xml/wst_RequestSecurityTokenResponseCollection.xml b/tests/resources/xml/wst_RequestSecurityTokenResponseCollection.xml
new file mode 100644
index 00000000..ce482f44
--- /dev/null
+++ b/tests/resources/xml/wst_RequestSecurityTokenResponseCollection.xml
@@ -0,0 +1,5 @@
+<wst:RequestSecurityTokenResponseCollection xmlns:wst="http://docs.oasis-open.org/ws-sx/ws-trust/200512/" xmlns:ssp="urn:x-simplesamlphp:namespace" xmlns:wsa="http://www.w3.org/2005/08/addressing" xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" ssp:attr2="testval2">
+  <wst:RequestSecurityTokenResponse Context="urn:x-simplesamlphp:namespace" ssp:attr1="testval1">
+    <wsa:MessageID soapenv:mustUnderstand="1">uuid:d0ccf3cd-2dce-4c1a-a5d6-be8912ecd7de</wsa:MessageID>
+  </wst:RequestSecurityTokenResponse>
+</wst:RequestSecurityTokenResponseCollection>