Restore backwards compatibility

Author: tvdijen

src/SAML2/DOMDocumentFactory.php

@@ -0,0 +1,53 @@
+<?php
+
+declare(strict_types=1);
+
+namespace SAML2;
+
+use SimpleSAML\XML\DOMDocumentFactory as BaseDOMDocumentFactory;
+
+/**
+ * @package SimpleSAMLphp
+ * @deprecated Use \SimpleSAML\XML\DOMDocumentFactory instead (simplesamlphp/xml-common)
+ */
+class DOMDocumentFactory extends BaseDOMDocumentFactory
+{
+    /**
+     * Constructor for DOMDocumentFactory.
+     * This class should never be instantiated
+     */
+    private function __construct()
+    {
+    }
+
+
+    /**
+     * @param string $xml
+     *
+     * @return \DOMDocument
+     */
+    public static function fromString(string $xml): DOMDocument
+    {
+        return BaseDOMDocumentFactory::fromString($xml);
+    }
+
+
+    /**
+     * @param string $file
+     *
+     * @return \DOMDocument
+     */
+    public static function fromFile(string $file): DOMDocument
+    {
+        return BaseDOMDocumentFactory::fromFile($file);
+    }
+
+
+    /**
+     * @return \DOMDocument
+     */
+    public static function create() : DOMDocument
+    {
+        return BaseDOMDocumentFactory::create('1.0', 'UTF-8');
+    }
+}

src/SAML2/XML/Chunk.php

@@ -0,0 +1,204 @@
+<?php
+
+declare(strict_types=1);
+
+namespace SAML2\XML;
+
+use DOMElement;
+use SimpleSAML\XML\Assert\Assert;
+use SimpleSAML\XML\DOMDocumentFactory;
+use SimpleSAML\XML\SerializableElementTrait;
+use SimpleSAML\XMLSchema\Exception\MissingAttributeException;
+use SimpleSAML\XMLSchema\Exception\SchemaViolationException;
+use SimpleSAML\XMLSchema\Type\Interface\ValueTypeInterface;
+use SimpleSAML\XMLSchema\Type\StringValue;
+
+/**
+ * Serializable class used to hold an XML element.
+ *
+ * @package simplesamlphp/xml-common
+ * @deprecated Use \SimpleSAML\XML\Chunk instead (simplesamlphp/xml-common)
+ */
+final class Chunk implements
+    SerializableElementInterface,
+    ElementInterface
+{
+    use SerializableElementTrait;
+
+
+    /**
+     * Whether the element may be normalized
+     *
+     * @var bool $normalization
+     */
+    protected bool $normalization = true;
+
+    /**
+     * The localName of the element.
+     *
+     * @var string
+     */
+    protected string $localName;
+
+    /**
+     * The namespaceURI of this element.
+     *
+     * @var string|null
+     */
+    protected ?string $namespaceURI;
+
+    /**
+     * The prefix of this element.
+     *
+     * @var string
+     */
+    protected string $prefix;
+
+
+    /**
+     * Create an XML Chunk from a copy of the given \DOMElement.
+     *
+     * @param \DOMElement $xml The element we should copy.
+     */
+    public function __construct(
+        protected DOMElement $xml,
+    ) {
+        $this->setLocalName($xml->localName);
+        $this->setNamespaceURI($xml->namespaceURI);
+        $this->setPrefix($xml->prefix);
+    }
+
+
+    /**
+     * Get this \DOMElement.
+     *
+     * @return \DOMElement This element.
+     */
+    public function getXML() : DOMElement
+    {
+        return $this->xml;
+    }
+
+
+    /**
+     * Append this XML element to a different XML element.
+     *
+     * @param  \DOMElement $parent The element we should append this element to.
+     * @return \DOMElement The new element.
+     */
+    public function toXML(DOMElement $parent) : DOMElement
+    {
+        return Utils::copyElement($this->xml, $parent);
+    }
+
+
+    /**
+     * Collect the value of the localName-property
+     *
+     * @return string
+     */
+    public function getLocalName() : string
+    {
+        return $this->localName;
+    }
+
+
+    /**
+     * Set the value of the localName-property
+     *
+     * @param string $localName
+     * @return void
+     */
+    public function setLocalName(string $localName) : void
+    {
+        $this->localName = $localName;
+    }
+
+
+    /**
+     * Collect the value of the namespaceURI-property
+     *
+     * @return string|null
+     */
+    public function getNamespaceURI() : ?string
+    {
+        return $this->namespaceURI;
+    }
+
+
+    /**
+     * Set the value of the namespaceURI-property
+     *
+     * @param string|null $namespaceURI
+     * @return void
+     */
+    public function setNamespaceURI(?string $namespaceURI = null) : void
+    {
+        $this->namespaceURI = $namespaceURI;
+    }
+
+
+    /**
+     * Serialize this XML chunk.
+     *
+     * @return string The serialized chunk.
+     */
+    public function serialize() : string
+    {
+        return serialize($this->xml->ownerDocument->saveXML($this->xml));
+    }
+
+
+    /**
+     * Un-serialize this XML chunk.
+     *
+     * @param string $serialized The serialized chunk.
+     * @return void
+     *
+     * Type hint not possible due to upstream method signature
+     */
+    public function unserialize($serialized) : void
+    {
+        $doc = DOMDocumentFactory::fromString(unserialize($serialized));
+        $this->xml = $doc->documentElement;
+        $this->setLocalName($this->xml->localName);
+        $this->setNamespaceURI($this->xml->namespaceURI);
+    }
+
+
+
+    /**
+     * Serialize this XML chunk.
+     *
+     * This method will be invoked by any calls to serialize().
+     *
+     * @return array The serialized representation of this XML object.
+     */
+    public function __serialize(): array
+    {
+        $xml = $this->getXML();
+        /** @psalm-var \DOMDocument $xml->ownerDocument */
+        return [$xml->ownerDocument->saveXML($xml)];
+    }
+
+
+    /**
+     * Unserialize an XML object and load it..
+     *
+     * This method will be invoked by any calls to unserialize(), allowing us to restore any data that might not
+     * be serializable in its original form (e.g.: DOM objects).
+     *
+     * @param array $vars The XML object that we want to restore.
+     */
+    public function __unserialize(array $serialized): void
+    {
+        $xml = new self(
+            DOMDocumentFactory::fromString(array_pop($serialized))->documentElement
+        );
+
+        $vars = get_object_vars($xml);
+        foreach ($vars as $k => $v) {
+            $this->$k = $v;
+        }
+    }
+}

tests/SAML2/DOMDocumentFactoryTest.php

@@ -0,0 +1,140 @@
+<?php
+
+declare(strict_types=1);
+
+namespace SAML2;
+
+use SAML2\DOMDocumentFactory;
+use SAML2\Exception\UnparseableXmlException;
+use SAML2\Exception\InvalidArgumentException;
+use SAML2\Exception\RuntimeException;
+
+class DOMDocumentFactoryTest extends \PHPUnit\Framework\TestCase
+{
+    /**
+     * @group domdocument
+     * @return void
+     */
+    public function testNotXmlStringRaisesAnException() : void
+    {
+        $this->expectException(UnparseableXmlException::class);
+        DOMDocumentFactory::fromString('this is not xml');
+    }
+
+
+    /**
+     * @group domdocument
+     * @return void
+     */
+    public function testXmlStringIsCorrectlyLoaded() : void
+    {
+        $xml = '<root/>';
+
+        $document = DOMDocumentFactory::fromString($xml);
+
+        $this->assertXmlStringEqualsXmlString($xml, $document->saveXML());
+    }
+
+
+    /**
+     * @return void
+     */
+    public function testFileThatDoesNotExistIsNotAccepted() : void
+    {
+        $this->expectException(InvalidArgumentException::class);
+        $filename = 'DoesNotExist.ext';
+        DOMDocumentFactory::fromFile($filename);
+    }
+
+
+    /**
+     * @group domdocument
+     * @return void
+     */
+    public function testFileThatDoesNotContainXMLCannotBeLoaded() : void
+    {
+        $this->expectException(RuntimeException::class);
+        $file = realpath(dirname(__FILE__)) . DIRECTORY_SEPARATOR . 'domdocument_invalid_xml.xml';
+        DOMDocumentFactory::fromFile($file);
+    }
+
+
+    /**
+     * @group domdocument
+     * @return void
+     */
+    public function testFileWithValidXMLCanBeLoaded() : void
+    {
+        $file = realpath(dirname(__FILE__)) . DIRECTORY_SEPARATOR . 'domdocument_valid_xml.xml';
+
+        $document = DOMDocumentFactory::fromFile($file);
+
+        $this->assertXmlStringEqualsXmlFile($file, $document->saveXML());
+    }
+
+
+    /**
+     * @group                    domdocument
+     * @return void
+     */
+    public function testFileThatContainsDocTypeIsNotAccepted() : void
+    {
+        $this->expectException(RuntimeException::class, 'Dangerous XML detected, DOCTYPE nodes are not allowed in the XML body');
+        $file = realpath(dirname(__FILE__)) . DIRECTORY_SEPARATOR . 'domdocument_doctype.xml';
+        $this->expectException(Exception\RuntimeException::class, 'Dangerous XML detected, DOCTYPE nodes are not allowed in the XML body');
+        DOMDocumentFactory::fromFile($file);
+    }
+
+
+    /**
+     * @group                    domdocument
+     * @return void
+     */
+    public function testStringThatContainsDocTypeIsNotAccepted() : void
+    {
+        $this->expectException(RuntimeException::class, 'Dangerous XML detected, DOCTYPE nodes are not allowed in the XML body');
+        $xml = '<!DOCTYPE foo [<!ELEMENT foo ANY > <!ENTITY xxe SYSTEM "file:///dev/random" >]><foo />';
+        $this->expectException(Exception\RuntimeException::class, 'Dangerous XML detected, DOCTYPE nodes are not allowed in the XML body');
+        DOMDocumentFactory::fromString($xml);
+    }
+
+
+    /**
+     * @group                    domdocument
+     * @return void
+     */
+    public function testStringThatContainsDocTypeIsNotAccepted2(): void
+    {
+        $xml = '<?xml version="1.0" encoding="ISO-8859-1"?>
+               <!DOCTYPE foo [<!ENTITY % exfiltrate SYSTEM "file://dev/random">%exfiltrate;]>
+               <foo>y</foo>';
+        $this->expectException(RuntimeException::class);
+        $this->expectExceptionMessage(
+            'Dangerous XML detected, DOCTYPE nodes are not allowed in the XML body'
+        );
+        DOMDocumentFactory::fromString($xml);
+    }
+
+    /**
+     * @group                    domdocument
+     * @return void
+     */
+    public function testEmptyFileIsNotValid() : void
+    {
+        $this->expectException(RuntimeException::class, 'does not have content');
+        $file = realpath(dirname(__FILE__)) . DIRECTORY_SEPARATOR . 'domdocument_empty.xml';
+        $this->expectException(Exception\RuntimeException::class, 'does not have content');
+        DOMDocumentFactory::fromFile($file);
+    }
+
+
+    /**
+     * @group                    domdocument
+     * @return void
+     */
+    public function testEmptyStringIsNotValid() : void
+    {
+        $this->expectException(InvalidArgumentException::class, 'Invalid Argument type: "non-empty string" expected, "string" given');
+        DOMDocumentFactory::fromString("");
+    }
+}