Add AnyURIList-type

Author: tvdijen

src/Type/AnyURIListValue.php

@@ -0,0 +1,71 @@
+<?php
+
+declare(strict_types=1);
+
+namespace SimpleSAML\SAML2\Type;
+
+use SimpleSAML\SAML2\Assert\Assert;
+use SimpleSAML\SAML2\Constants as C;
+use SimpleSAML\SAML2\Type\SAMLAnyURIValue;
+use SimpleSAML\XML\Exception\SchemaViolationException;
+use SimpleSAML\XML\Type\ListTypeInterface;
+
+use function array_map;
+use function preg_split;
+use function str_replace;
+use function trim;
+
+/**
+ * @package simplesaml/saml2
+ */
+class AnyURIListValue extends SAMLAnyURIValue implements ListTypeInterface
+{
+    /** @var string */
+    public const SCHEMA_TYPE = 'AnyURIList';
+
+
+    /**
+     * Validate the value.
+     *
+     * @param string $value
+     * @throws \SimpleSAML\XML\Exception\SchemaViolationException on failure
+     * @return void
+     */
+    protected function validateValue(string $value): void
+    {
+        $uris = preg_split('/[\s]+/', $this->sanitizeValue($value), C::UNBOUNDED_LIMIT);
+
+        Assert::allValidAnyURI($uris, SchemaViolationException::class);
+    }
+
+
+    /**
+     * Convert an array of xs:anyURI items into a saml:AnyURIList
+     *
+     * @param string[] $uris
+     * @return static
+     */
+    public static function fromArray(array $uris): static
+    {
+        $str = '';
+        foreach ($uris as $uri) {
+            $str .= str_replace(' ', '+', $uri) . ' ';
+        }
+
+        return new static(trim($str));
+    }
+
+
+    /**
+     * Convert this saml:AnyURIList to an array of xs:anyURI items
+     *
+     * @return array<\SimpleSAML\SAML2\Type\SAMLAnyURIValue>
+     */
+    public function toArray(): array
+    {
+        $uris = preg_split('/[\s]+/', $this->getValue(), C::UNBOUNDED_LIMIT);
+        $uris = str_replace('+', ' ', $uris);
+
+        return array_map([SAMLAnyURIValue::class, 'fromString'], $uris);
+    }
+}

src/XML/md/AbstractRoleDescriptor.php

@@ -7,13 +7,13 @@
 use DOMElement;
 use SimpleSAML\SAML2\Assert\Assert;
 use SimpleSAML\SAML2\Constants as C;
-use SimpleSAML\SAML2\Type\{SAMLAnyURIValue, SAMLDateTimeValue, SAMLStringValue};
+use SimpleSAML\SAML2\Type\{AnyURIListValue, SAMLAnyURIValue, SAMLDateTimeValue};
 use SimpleSAML\SAML2\Utils;
 use SimpleSAML\SAML2\XML\{ExtensionPointInterface, ExtensionPointTrait};
 use SimpleSAML\XML\Chunk;
 use SimpleSAML\XML\Exception\{InvalidDOMElementException, SchemaViolationException, TooManyElementsException};
 use SimpleSAML\XML\{SchemaValidatableElementInterface, SchemaValidatableElementTrait};
-use SimpleSAML\XML\Type\{DurationValue, IDValue, QNameValue, StringValue};
+use SimpleSAML\XML\Type\{DurationValue, IDValue, QNameValue};
 
 use function array_pop;
 
@@ -38,7 +38,8 @@ abstract class AbstractRoleDescriptor extends AbstractRoleDescriptorType impleme
      * Initialize a md:RoleDescriptor from scratch.
      *
      * @param \SimpleSAML\XML\Type\QNameValue $type
-     * @param string[] $protocolSupportEnumeration A set of URI specifying the protocols supported.
+     * @param \SimpleSAML\SAML2\Type\AnyURIListValue $protocolSupportEnumeration
+     *   A set of URI specifying the protocols supported.
      * @param \SimpleSAML\XML\Type\IDValue|null $ID The ID for this document. Defaults to null.
      * @param \SimpleSAML\SAML2\Type\SAMLDateTimeValue|null $validUntil Unix time of validity for this document.
      *   Defaults to null.
@@ -57,7 +58,7 @@ abstract class AbstractRoleDescriptor extends AbstractRoleDescriptorType impleme
      */
     public function __construct(
         protected QNameValue $type,
-        array $protocolSupportEnumeration,
+        AnyURIListValue $protocolSupportEnumeration,
         ?IDValue $ID = null,
         ?SAMLDateTimeValue $validUntil = null,
         ?DurationValue $cacheDuration = null,
@@ -118,8 +119,6 @@ public static function fromXML(DOMElement $xml): static
         $handler = Utils::getContainer()->getExtensionHandler($type);
         if ($handler === null) {
             // we don't have a handler, proceed with unknown RoleDescriptor
-            $protocols = self::getAttribute($xml, 'protocolSupportEnumeration', SAMLStringValue::class);
-
             $orgs = Organization::getChildrenOfClass($xml);
             Assert::maxCount(
                 $orgs,
@@ -139,7 +138,7 @@ public static function fromXML(DOMElement $xml): static
             return new UnknownRoleDescriptor(
                 new Chunk($xml),
                 $type,
-                preg_split('/[\s]+/', trim($protocols->getValue())),
+                self::getAttribute($xml, 'protocolSupportEnumeration', AnyURIListValue::class),
                 self::getOptionalAttribute($xml, 'ID', IDValue::class, null),
                 self::getOptionalAttribute($xml, 'validUntil', SAMLDateTimeValue::class, null),
                 self::getOptionalAttribute($xml, 'cacheDuration', DurationValue::class, null),

src/XML/md/AbstractRoleDescriptorType.php

@@ -6,15 +6,14 @@
 
 use DOMElement;
 use SimpleSAML\SAML2\Assert\Assert;
-use SimpleSAML\SAML2\Assert\Assert as SAMLAssert;
 use SimpleSAML\SAML2\Constants as C;
-use SimpleSAML\SAML2\Type\{SAMLAnyURIValue, SAMLDateTimeValue};
-use SimpleSAML\XML\Exception\SchemaViolationException;
+use SimpleSAML\SAML2\Exception\ProtocolViolationException;
+use SimpleSAML\SAML2\Type\{AnyURIListValue, SAMLAnyURIValue, SAMLDateTimeValue};
 use SimpleSAML\XML\ExtendableAttributesTrait;
 use SimpleSAML\XML\Type\{DurationValue, IDValue};
 use SimpleSAML\XML\XsNamespace as NS;
 
-use function implode;
+use function strval;
 
 /**
  * Class representing SAML2 RoleDescriptorType.
@@ -33,7 +32,8 @@ abstract class AbstractRoleDescriptorType extends AbstractMetadataDocument
     /**
      * Initialize a RoleDescriptor.
      *
-     * @param string[] $protocolSupportEnumeration A set of URI specifying the protocols supported.
+     * @param \SimpleSAML\SAML2\Type\AnyURIListValue $protocolSupportEnumeration
+     *   A set of URI specifying the protocols supported.
      * @param \SimpleSAML\XML\Type\IDValue|null $ID The ID for this document. Defaults to null.
      * @param \SimpleSAML\SAML2\Type\SAMLDateTimeValue|null $validUntil Unix time of validity for this document.
      *   Defaults to null.
@@ -51,7 +51,7 @@ abstract class AbstractRoleDescriptorType extends AbstractMetadataDocument
      * @param list<\SimpleSAML\XML\Attribute> $namespacedAttributes
      */
     public function __construct(
-        protected array $protocolSupportEnumeration,
+        protected AnyURIListValue $protocolSupportEnumeration,
         ?IDValue $ID = null,
         ?SAMLDateTimeValue $validUntil = null,
         ?DurationValue $cacheDuration = null,
@@ -62,13 +62,18 @@ public function __construct(
         protected array $contact = [],
         array $namespacedAttributes = [],
     ) {
-        Assert::maxCount($protocolSupportEnumeration, C::UNBOUNDED_LIMIT);
-        Assert::minCount(
-            $protocolSupportEnumeration,
-            1,
-            'At least one protocol must be supported by this ' . static::NS_PREFIX . ':' . static::getLocalName() . '.',
+        /**
+         * A whitespace-delimited set of URIs that identify the set of protocol specifications supported by the
+         * role element. For SAML V2.0 entities, this set MUST include the SAML protocol namespace URI,
+         * urn:oasis:names:tc:SAML:2.0:protocol.
+         */
+        Assert::contains(
+            strval($protocolSupportEnumeration),
+            C::NS_SAMLP,
+            'SAML v2.0 entities MUST include the SAML protocol namespace URI in their'
+            . ' protocolSupportEnumeration attribute',
+            ProtocolViolationException::class,
         );
-        SAMLAssert::allValidURI($protocolSupportEnumeration, SchemaViolationException::class);
         Assert::maxCount($contact, C::UNBOUNDED_LIMIT);
         Assert::allIsInstanceOf(
             $contact,
@@ -102,9 +107,9 @@ public function getErrorURL(): ?SAMLAnyURIValue
     /**
      * Collect the value of the protocolSupportEnumeration property.
      *
-     * @return string[]
+     * @return \SimpleSAML\SAML2\Type\AnyURIListValue
      */
-    public function getProtocolSupportEnumeration(): array
+    public function getProtocolSupportEnumeration(): AnyURIListValue
     {
         return $this->protocolSupportEnumeration;
     }
@@ -152,10 +157,10 @@ public function getKeyDescriptor(): array
     public function toUnsignedXML(?DOMElement $parent = null): DOMElement
     {
         $e = parent::toUnsignedXML($parent);
-        $e->setAttribute('protocolSupportEnumeration', implode(' ', $this->getProtocolSupportEnumeration()));
+        $e->setAttribute('protocolSupportEnumeration', strval($this->getProtocolSupportEnumeration()));
 
         if ($this->getErrorURL() !== null) {
-            $e->setAttribute('errorURL', $this->getErrorURL()->getValue());
+            $e->setAttribute('errorURL', strval($this->getErrorURL()));
         }
 
         foreach ($this->getKeyDescriptor() as $kd) {

src/XML/md/AbstractSSODescriptor.php

@@ -7,7 +7,7 @@
 use DOMElement;
 use SimpleSAML\SAML2\Assert\Assert;
 use SimpleSAML\SAML2\Exception\ProtocolViolationException;
-use SimpleSAML\SAML2\Type\{SAMLAnyURIValue, SAMLDateTimeValue};
+use SimpleSAML\SAML2\Type\{AnyURIListValue, SAMLAnyURIValue, SAMLDateTimeValue};
 use SimpleSAML\XML\Constants as C;
 use SimpleSAML\XML\Type\{IDValue, DurationValue};
 
@@ -21,7 +21,8 @@ abstract class AbstractSSODescriptor extends AbstractRoleDescriptorType
     /**
      * Initialize a RoleDescriptor.
      *
-     * @param string[] $protocolSupportEnumeration A set of URI specifying the protocols supported.
+     * @param \SimpleSAML\SAML2\Type\AnyURIListValue $protocolSupportEnumeration
+     *   A set of URI specifying the protocols supported.
      * @param \SimpleSAML\XML\Type\IDValue|null $ID The ID for this document. Defaults to null.
      * @param \SimpleSAML\SAML2\Type\SAMLDateTimeValue|null $validUntil Unix time of validity for this document.
      *   Defaults to null.
@@ -46,7 +47,7 @@ abstract class AbstractSSODescriptor extends AbstractRoleDescriptorType
      *   Defaults to an empty array.
      */
     public function __construct(
-        array $protocolSupportEnumeration,
+        AnyURIListValue $protocolSupportEnumeration,
         ?IDValue $ID = null,
         ?SAMLDateTimeValue $validUntil = null,
         ?DurationValue $cacheDuration = null,

src/XML/md/AttributeAuthorityDescriptor.php

@@ -6,16 +6,14 @@
 
 use DOMElement;
 use SimpleSAML\SAML2\Assert\Assert;
-use SimpleSAML\SAML2\Type\{SAMLAnyURIValue, SAMLDateTimeValue, SAMLStringValue};
+use SimpleSAML\SAML2\Type\{AnyURIListValue, SAMLAnyURIValue, SAMLDateTimeValue};
 use SimpleSAML\SAML2\XML\saml\Attribute;
 use SimpleSAML\XML\Constants as C;
 use SimpleSAML\XML\Exception\{InvalidDOMElementException, MissingElementException, TooManyElementsException};
 use SimpleSAML\XML\{SchemaValidatableElementInterface, SchemaValidatableElementTrait};
 use SimpleSAML\XML\Type\{DurationValue, IDValue};
 use SimpleSAML\XMLSecurity\XML\ds\Signature;
 
-use function preg_split;
-
 /**
  * Class representing SAML 2 metadata AttributeAuthorityDescriptor.
  *
@@ -31,7 +29,7 @@ final class AttributeAuthorityDescriptor extends AbstractRoleDescriptorType impl
      * AttributeAuthorityDescriptor constructor.
      *
      * @param \SimpleSAML\SAML2\XML\md\AttributeService[] $attributeService
-     * @param string[] $protocolSupportEnumeration
+     * @param \SimpleSAML\SAML2\Type\AnyURIListValue $protocolSupportEnumeration
      * @param \SimpleSAML\SAML2\XML\md\AssertionIDRequestService[] $assertionIDRequestService
      * @param \SimpleSAML\SAML2\XML\md\NameIDFormat[] $nameIDFormat
      * @param \SimpleSAML\SAML2\XML\md\AttributeProfile[] $attributeProfile
@@ -48,7 +46,7 @@ final class AttributeAuthorityDescriptor extends AbstractRoleDescriptorType impl
      */
     public function __construct(
         protected array $attributeService,
-        array $protocolSupportEnumeration,
+        AnyURIListValue $protocolSupportEnumeration,
         protected array $assertionIDRequestService = [],
         protected array $nameIDFormat = [],
         protected array $attributeProfile = [],
@@ -175,8 +173,6 @@ public static function fromXML(DOMElement $xml): static
         Assert::same($xml->localName, 'AttributeAuthorityDescriptor', InvalidDOMElementException::class);
         Assert::same($xml->namespaceURI, AttributeAuthorityDescriptor::NS, InvalidDOMElementException::class);
 
-        $protocols = self::getAttribute($xml, 'protocolSupportEnumeration', SAMLStringValue::class);
-
         $attrServices = AttributeService::getChildrenOfClass($xml);
         Assert::notEmpty(
             $attrServices,
@@ -215,7 +211,7 @@ public static function fromXML(DOMElement $xml): static
 
         $authority = new static(
             $attrServices,
-            preg_split('/[\s]+/', $protocols->getValue()),
+            self::getAttribute($xml, 'protocolSupportEnumeration', AnyURIListValue::class),
             $assertIDReqServices,
             $nameIDFormats,
             $attrProfiles,

src/XML/md/AuthnAuthorityDescriptor.php

@@ -6,15 +6,13 @@
 
 use DOMElement;
 use SimpleSAML\SAML2\Assert\Assert;
-use SimpleSAML\SAML2\Type\{SAMLAnyURIValue, SAMLDateTimeValue};
+use SimpleSAML\SAML2\Type\{AnyURIListValue, SAMLAnyURIValue, SAMLDateTimeValue};
 use SimpleSAML\XML\Constants as C;
 use SimpleSAML\XML\Exception\{InvalidDOMElementException, TooManyElementsException};
 use SimpleSAML\XML\{SchemaValidatableElementInterface, SchemaValidatableElementTrait};
 use SimpleSAML\XML\Type\{DurationValue, IDValue};
 use SimpleSAML\XMLSecurity\XML\ds\Signature;
 
-use function preg_split;
-
 /**
  * Class representing SAML 2 metadata AuthnAuthorityDescriptor.
  *
@@ -29,7 +27,7 @@ final class AuthnAuthorityDescriptor extends AbstractRoleDescriptorType implemen
      * AuthnAuthorityDescriptor constructor.
      *
      * @param array $authnQueryService
-     * @param array $protocolSupportEnumeration
+     * @param \SimpleSAML\SAML2\Type\AnyURIListValue $protocolSupportEnumeration
      * @param array $assertionIDRequestService
      * @param array $nameIDFormat
      * @param \SimpleSAML\XML\Type\IDValue|null $ID
@@ -44,7 +42,7 @@ final class AuthnAuthorityDescriptor extends AbstractRoleDescriptorType implemen
      */
     public function __construct(
         protected array $authnQueryService,
-        array $protocolSupportEnumeration,
+        AnyURIListValue $protocolSupportEnumeration,
         protected array $assertionIDRequestService = [],
         protected array $nameIDFormat = [],
         ?IDValue $ID = null,
@@ -139,8 +137,6 @@ public static function fromXML(DOMElement $xml): static
         Assert::same($xml->localName, 'AuthnAuthorityDescriptor', InvalidDOMElementException::class);
         Assert::same($xml->namespaceURI, AuthnAuthorityDescriptor::NS, InvalidDOMElementException::class);
 
-        $protocols = self::getAttribute($xml, 'protocolSupportEnumeration');
-
         $authnQueryServices = AuthnQueryService::getChildrenOfClass($xml);
         $assertionIDRequestServices = AssertionIDRequestService::getChildrenOfClass($xml);
         $nameIDFormats = NameIDFormat::getChildrenOfClass($xml);
@@ -171,7 +167,7 @@ public static function fromXML(DOMElement $xml): static
 
         $authority = new static(
             $authnQueryServices,
-            preg_split('/[\s]+/', trim($protocols->getValue())),
+            self::getAttribute($xml, 'protocolSupportEnumeration', AnyURIListValue::class),
             $assertionIDRequestServices,
             $nameIDFormats,
             self::getOptionalAttribute($xml, 'ID', IDValue::class, null),