Un-nest CanonicalizableElementTrait from Signed/SignableElementTrait

Author: tvdijen

src/XML/CanonicalizableElementTrait.php

@@ -0,0 +1,75 @@
+<?php
+
+declare(strict_types=1);
+
+namespace SimpleSAML\SAML2\XML;
+
+use DOMElement;
+use SimpleSAML\XMLSecurity\Assert\Assert;
+use SimpleSAML\XMLSecurity\Constants as C;
+use SimpleSAML\XMLSecurity\Exception\CanonicalizationFailedException;
+use SimpleSAML\XMLSecurity\Exception\ReferenceValidationFailedException;
+use SimpleSAML\XMLSecurity\XML\CanonicalizableElementTrait as BaseCanonicalizableElementTrait;
+use SimpleSAML\XMLSecurity\XML\ds\Transforms;
+
+/**
+ * A trait implementing the CanonicalizableElementInterface.
+ *
+ * @package simplesamlphp/xml-security
+ */
+trait CanonicalizableElementTrait
+{
+    use BaseCanonicalizableElementTrait;
+
+
+    /**
+     * Process all transforms specified by a given Reference element.
+     *
+     * @param \SimpleSAML\XMLSecurity\XML\ds\Transforms $transforms The transforms to apply.
+     * @param \DOMElement $data The data referenced.
+     *
+     * @return string The canonicalized data after applying all transforms specified by $ref.
+     *
+     * @see http://www.w3.org/TR/xmldsig-core/#sec-ReferenceProcessingModel
+     */
+    public function processTransforms(
+        Transforms $transforms,
+        DOMElement $data,
+    ): string {
+        Assert::maxCount(
+            $transforms->getTransform(),
+            C::MAX_TRANSFORMS,
+            ReferenceValidationFailedException::class,
+            'Too many transforms.',
+        );
+
+        $canonicalMethod = C::C14N_EXCLUSIVE_WITHOUT_COMMENTS;
+        $arXPath = null;
+        $prefixList = null;
+
+        foreach ($transforms->getTransform() as $transform) {
+            $canonicalMethod = $transform->getAlgorithm()->getValue();
+            switch ($canonicalMethod) {
+                case C::XMLDSIG_ENVELOPED:
+                    break;
+                case C::C14N_EXCLUSIVE_WITHOUT_COMMENTS:
+                case C::C14N_EXCLUSIVE_WITH_COMMENTS:
+                    $inclusiveNamespaces = $transform->getInclusiveNamespaces();
+                    if ($inclusiveNamespaces !== null) {
+                        $prefixes = $inclusiveNamespaces->getPrefixes();
+                        if ($prefixes !== null) {
+                            $prefixList = array_map('strval', $prefixes->toArray());
+                        }
+                    }
+                    break;
+                default:
+                    throw new CanonicalizationFailedException(sprintf(
+                        'Message rejected due to unsupported canonicalization transform; %s',
+                        $canonicalMethod,
+                    ));
+            }
+        }
+
+        return $this->canonicalizeData($data, $canonicalMethod, $arXPath, $prefixList);
+    }
+}

src/XML/md/AbstractSignedMdElement.php

@@ -5,8 +5,10 @@
 namespace SimpleSAML\SAML2\XML\md;
 
 use DOMElement;
+use SimpleSAML\SAML2\XML\CanonicalizableElementTrait;
 use SimpleSAML\SAML2\XML\SignableElementTrait;
 use SimpleSAML\SAML2\XML\SignedElementTrait;
+use SimpleSAML\XMLSecurity\XML\CanonicalizableElementInterface;
 use SimpleSAML\XMLSecurity\XML\SignableElementInterface;
 use SimpleSAML\XMLSecurity\XML\SignedElementInterface;
 
@@ -18,9 +20,11 @@
  * @package simplesamlphp/saml2
  */
 abstract class AbstractSignedMdElement extends AbstractMdElement implements
+    CanonicalizableElementInterface,
     SignableElementInterface,
     SignedElementInterface
 {
+    use CanonicalizableElementTrait;
     use SignableElementTrait;
     use SignedElementTrait {
         SignedElementTrait::getBlacklistedAlgorithms insteadof SignableElementTrait;

src/XML/saml/Assertion.php

@@ -13,6 +13,7 @@
 use SimpleSAML\SAML2\Type\SAMLDateTimeValue;
 use SimpleSAML\SAML2\Type\SAMLStringValue;
 use SimpleSAML\SAML2\Utils\XPath;
+use SimpleSAML\SAML2\XML\CanonicalizableElementTrait;
 use SimpleSAML\SAML2\XML\EncryptableElementTrait;
 use SimpleSAML\SAML2\XML\SignableElementTrait;
 use SimpleSAML\SAML2\XML\SignedElementTrait;
@@ -23,6 +24,7 @@
 use SimpleSAML\XMLSchema\Exception\TooManyElementsException;
 use SimpleSAML\XMLSchema\Type\IDValue;
 use SimpleSAML\XMLSecurity\Backend\EncryptionBackend;
+use SimpleSAML\XMLSecurity\XML\CanonicalizableElementInterface;
 use SimpleSAML\XMLSecurity\XML\ds\Signature;
 use SimpleSAML\XMLSecurity\XML\EncryptableElementInterface;
 use SimpleSAML\XMLSecurity\XML\SignableElementInterface;
@@ -41,17 +43,17 @@
  * @package simplesamlphp/saml2
  */
 final class Assertion extends AbstractSamlElement implements
+    CanonicalizableElementInterface,
     EncryptableElementInterface,
     SchemaValidatableElementInterface,
     SignableElementInterface,
     SignedElementInterface
 {
+    use CanonicalizableElementTrait;
     use EncryptableElementTrait {
         EncryptableElementTrait::getBlacklistedAlgorithms insteadof SignedElementTrait;
         EncryptableElementTrait::getBlacklistedAlgorithms insteadof SignableElementTrait;
     }
-
-
     use SchemaValidatableElementTrait;
     use SignableElementTrait;
     use SignedElementTrait;

src/XML/samlp/AbstractMessage.php

@@ -8,11 +8,13 @@
 use SimpleSAML\SAML2\Type\SAMLAnyURIValue;
 use SimpleSAML\SAML2\Type\SAMLDateTimeValue;
 use SimpleSAML\SAML2\Utils\XPath;
+use SimpleSAML\SAML2\XML\CanonicalizableElementTrait;
 use SimpleSAML\SAML2\XML\ExtendableElementTrait;
 use SimpleSAML\SAML2\XML\saml\Issuer;
 use SimpleSAML\SAML2\XML\SignableElementTrait;
 use SimpleSAML\SAML2\XML\SignedElementTrait;
 use SimpleSAML\XMLSchema\Type\IDValue;
+use SimpleSAML\XMLSecurity\XML\CanonicalizableElementInterface;
 use SimpleSAML\XMLSecurity\XML\SignableElementInterface;
 use SimpleSAML\XMLSecurity\XML\SignedElementInterface;
 
@@ -26,8 +28,12 @@
  *
  * @package simplesamlphp/saml2
  */
-abstract class AbstractMessage extends AbstractSamlpElement implements SignableElementInterface, SignedElementInterface
+abstract class AbstractMessage extends AbstractSamlpElement implements
+    CanonicalizableElementInterface,
+    SignableElementInterface,
+    SignedElementInterface
 {
+    use CanonicalizableElementTrait;
     use ExtendableElementTrait;
     use SignableElementTrait;
     use SignedElementTrait {