Fix several issues

tvdijen · tvdijen · commit 6f79cbc80a35 · 2025-10-10T21:53:19.000+02:00
diff --git a/src/Type/AnyURIListValue.php b/src/Type/AnyURIListValue.php
@@ -6,6 +6,7 @@
 
 use SimpleSAML\SAML2\Assert\Assert;
 use SimpleSAML\SAML2\Constants as C;
+use SimpleSAML\SAML2\Exception\ProtocolViolationException;
 use SimpleSAML\SAML2\Type\SAMLAnyURIValue;
 use SimpleSAML\XMLSchema\Exception\SchemaViolationException;
 use SimpleSAML\XMLSchema\Type\Interface\ListTypeInterface;
@@ -33,8 +34,10 @@ class AnyURIListValue extends SAMLAnyURIValue implements ListTypeInterface
      */
     protected function validateValue(string $value): void
     {
-        $uris = preg_split('/[\s]+/', $this->sanitizeValue($value), C::UNBOUNDED_LIMIT);
+        $sanitized = $this->sanitizeValue($value);
+        Assert::stringNotEmpty($sanitized, ProtocolViolationException::class);
 
+        $uris = preg_split('/[\s]+/', $sanitized, C::UNBOUNDED_LIMIT);
         Assert::allValidAnyURI($uris, SchemaViolationException::class);
     }
 
diff --git a/src/XML/EncryptedElementTrait.php b/src/XML/EncryptedElementTrait.php
@@ -31,13 +31,14 @@ trait EncryptedElementTrait
      * Constructor for encrypted elements.
      *
      * @param \SimpleSAML\XMLSecurity\XML\xenc\EncryptedData $encryptedData The EncryptedData object.
-     * @param \SimpleSAML\XMLSecurity\XML\xenc\EncryptedKey[] $decryptionKeys The EncryptedKey objects.
+     * @param \SimpleSAML\XMLSecurity\XML\xenc\EncryptedKey[] $encryptedKey The EncryptedKey objects.
      */
     final public function __construct(
         protected EncryptedData $encryptedData,
-        protected array $decryptionKeys = [],
+        array $encryptedKey = [],
     ) {
-        Assert::allIsInstanceOf($decryptionKeys, EncryptedKey::class, ProtocolViolationException::class);
+        Assert::allIsInstanceOf($encryptedKey, EncryptedKey::class, ProtocolViolationException::class);
+        $this->encryptedKey = $encryptedKey;
 
         /**
          * 6.2: The <EncryptedData> element's Type attribute SHOULD be used and, if it is
@@ -74,9 +75,9 @@ public function getEncryptionBackend(): ?EncryptionBackend
     }
 
 
-    public function getDecryptionKeys(): array
+    public function getEncryptedKeys(): array
     {
-        return $this->decryptionKeys;
+        return $this->encryptedKey;
     }
 
 
@@ -118,7 +119,7 @@ public function toXML(?DOMElement $parent = null): DOMElement
     {
         $e = $this->instantiateParentElement($parent);
         $this->encryptedData->toXML($e);
-        foreach ($this->getDecryptionKeys() as $key) {
+        foreach ($this->getEncryptedKeys() as $key) {
             $key->toXML($e);
         }
         return $e;
diff --git a/tests/SAML2/Type/AnyURIListValueTest.php b/tests/SAML2/Type/AnyURIListValueTest.php
@@ -8,6 +8,7 @@
 use PHPUnit\Framework\Attributes\DataProvider;
 use PHPUnit\Framework\Attributes\Group;
 use PHPUnit\Framework\TestCase;
+use SimpleSAML\SAML2\Exception\ProtocolViolationException;
 use SimpleSAML\SAML2\Type\AnyURIListValue;
 use SimpleSAML\XMLSchema\Exception\SchemaViolationException;
 
@@ -30,7 +31,7 @@ public function testAnyURIList(bool $shouldPass, string $anyURIList): void
         try {
             AnyURIListValue::fromString($anyURIList);
             $this->assertTrue($shouldPass);
-        } catch (SchemaViolationException $e) {
+        } catch (ProtocolViolationException|SchemaViolationException $e) {
             $this->assertFalse($shouldPass);
         }
     }
@@ -55,7 +56,7 @@ public static function provideAnyURIList(): array
             'single' => [true, "urn:x-simplesamlphp:namespace"],
             'multiple' => [true, 'urn:x-simplesamlphp:namespace urn:x-ssp:ns'],
             'normalization' => [true, "urn:x-simplesamlphp:namespace \n   urn:x-ssp:ns"],
-            'empty' => [true, ''],
+            'empty' => [false, ''],
         ];
     }
 }
diff --git a/tests/SAML2/XML/md/IDPSSODescriptorTest.php b/tests/SAML2/XML/md/IDPSSODescriptorTest.php
@@ -217,10 +217,6 @@ public function testMarshallingWithEmptySingleSignOnService(): void
     public function testMarshallingWithoutProtocolSupportThrowsException(): void
     {
         $this->expectException(ProtocolViolationException::class);
-        $this->expectExceptionMessage(
-            'SAML v2.0 entities MUST include the SAML protocol namespace URI '
-            . 'in their protocolSupportEnumeration attribute',
-        );
 
         new IDPSSODescriptor(
             [
diff --git a/tests/resources/xml/saml_EncryptedID.xml b/tests/resources/xml/saml_EncryptedID.xml
@@ -18,9 +18,5 @@
     <xenc:CipherData>
       <xenc:CipherValue>he5ZBjtfp/1/Y3PgE/CWspDPADig9vuZ7yZyYXDQ1wA/HBTPCldtL/p6UT5RCAFYUwN6kp3jnHkhK1yMjrI1SMw0n5NEc2wO9N5inQIeQOZ8XD9yD9M5fHvWz2ByNMGlB35RWMnBRHzDi1PRV7Irwcs9WoiODh3i6j2vYXP7cAo=</xenc:CipherValue>
     </xenc:CipherData>
-    <xenc:ReferenceList>
-      <xenc:DataReference URI="#Encrypted_DATA_ID"/>
-    </xenc:ReferenceList>
-    <xenc:CarriedKeyName>Name of the key</xenc:CarriedKeyName>
   </xenc:EncryptedKey>
 </saml:EncryptedID>

Original file line number	Diff line number	Diff line change
`@@ -31,13 +31,14 @@ trait EncryptedElementTrait`
`31`	`31`	`* Constructor for encrypted elements.`
`32`	`32`	`*`
`33`	`33`	`* @param \SimpleSAML\XMLSecurity\XML\xenc\EncryptedData $encryptedData The EncryptedData object.`
`34`		`- * @param \SimpleSAML\XMLSecurity\XML\xenc\EncryptedKey[] $decryptionKeys The EncryptedKey objects.`
	`34`	`+ * @param \SimpleSAML\XMLSecurity\XML\xenc\EncryptedKey[] $encryptedKey The EncryptedKey objects.`
`35`	`35`	`*/`
`36`	`36`	`final public function __construct(`
`37`	`37`	`protected EncryptedData $encryptedData,`
`38`		`- protected array $decryptionKeys = [],`
	`38`	`+ array $encryptedKey = [],`
`39`	`39`	`) {`
`40`		`- Assert::allIsInstanceOf($decryptionKeys, EncryptedKey::class, ProtocolViolationException::class);`
	`40`	`+ Assert::allIsInstanceOf($encryptedKey, EncryptedKey::class, ProtocolViolationException::class);`
	`41`	`+ $this->encryptedKey = $encryptedKey;`
`41`	`42`
`42`	`43`	`/**`
`43`	`44`	`* 6.2: The <EncryptedData> element's Type attribute SHOULD be used and, if it is`
`@@ -74,9 +75,9 @@ public function getEncryptionBackend(): ?EncryptionBackend`
`74`	`75`	`}`
`75`	`76`
`76`	`77`
`77`		`- public function getDecryptionKeys(): array`
	`78`	`+ public function getEncryptedKeys(): array`
`78`	`79`	`{`
`79`		`- return $this->decryptionKeys;`
	`80`	`+ return $this->encryptedKey;`
`80`	`81`	`}`
`81`	`82`
`82`	`83`
`@@ -118,7 +119,7 @@ public function toXML(?DOMElement $parent = null): DOMElement`
`118`	`119`	`{`
`119`	`120`	`$e = $this->instantiateParentElement($parent);`
`120`	`121`	`$this->encryptedData->toXML($e);`
`121`		`- foreach ($this->getDecryptionKeys() as $key) {`
	`122`	`+ foreach ($this->getEncryptedKeys() as $key) {`
`122`	`123`	`$key->toXML($e);`
`123`	`124`	`}`
`124`	`125`	`return $e;`
Original file line number	Diff line number	Diff line change
`@@ -8,6 +8,7 @@`
`8`	`8`	`use PHPUnit\Framework\Attributes\DataProvider;`
`9`	`9`	`use PHPUnit\Framework\Attributes\Group;`
`10`	`10`	`use PHPUnit\Framework\TestCase;`
	`11`	`+use SimpleSAML\SAML2\Exception\ProtocolViolationException;`
`11`	`12`	`use SimpleSAML\SAML2\Type\AnyURIListValue;`
`12`	`13`	`use SimpleSAML\XMLSchema\Exception\SchemaViolationException;`
`13`	`14`
`@@ -30,7 +31,7 @@ public function testAnyURIList(bool $shouldPass, string $anyURIList): void`
`30`	`31`	`try {`
`31`	`32`	`AnyURIListValue::fromString($anyURIList);`
`32`	`33`	`$this->assertTrue($shouldPass);`
`33`		`- } catch (SchemaViolationException $e) {`
	`34`	`+ } catch (ProtocolViolationException\|SchemaViolationException $e) {`
`34`	`35`	`$this->assertFalse($shouldPass);`
`35`	`36`	`}`
`36`	`37`	`}`
`@@ -55,7 +56,7 @@ public static function provideAnyURIList(): array`
`55`	`56`	`'single' => [true, "urn:x-simplesamlphp:namespace"],`
`56`	`57`	`'multiple' => [true, 'urn:x-simplesamlphp:namespace urn:x-ssp:ns'],`
`57`	`58`	`'normalization' => [true, "urn:x-simplesamlphp:namespace \n urn:x-ssp:ns"],`
`58`		`- 'empty' => [true, ''],`
	`59`	`+ 'empty' => [false, ''],`
`59`	`60`	`];`
`60`	`61`	`}`
`61`	`62`	`}`
Original file line number	Diff line number	Diff line change
`@@ -217,10 +217,6 @@ public function testMarshallingWithEmptySingleSignOnService(): void`
`217`	`217`	`public function testMarshallingWithoutProtocolSupportThrowsException(): void`
`218`	`218`	`{`
`219`	`219`	`$this->expectException(ProtocolViolationException::class);`
`220`		`- $this->expectExceptionMessage(`
`221`		`- 'SAML v2.0 entities MUST include the SAML protocol namespace URI '`
`222`		`- . 'in their protocolSupportEnumeration attribute',`
`223`		`- );`
`224`	`220`
`225`	`221`	`new IDPSSODescriptor(`
`226`	`222`	`[`