Skip to content

Commit 80e5347

Browse files
committed
Remove last case of XMLSeclibs
1 parent 06d51e4 commit 80e5347

3 files changed

Lines changed: 20 additions & 31 deletions

File tree

composer.json

Lines changed: 1 addition & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -33,8 +33,7 @@
3333
"simplesamlphp/assert": "~2.0",
3434
"simplesamlphp/xml-common": "~2.8",
3535
"simplesamlphp/xml-security": "~2.3",
36-
"simplesamlphp/xml-soap": "~2.3",
37-
"robrichards/xmlseclibs": "^3.1"
36+
"simplesamlphp/xml-soap": "~2.3"
3837
},
3938
"require-dev": {
4039
"ext-intl": "*",

phpstan-baseline.neon

Lines changed: 0 additions & 10 deletions
Original file line numberDiff line numberDiff line change
@@ -1,15 +1,5 @@
11
parameters:
22
ignoreErrors:
3-
-
4-
message: '#^Call to an undefined method SimpleSAML\\SAML2\\XML\\samlp\\AbstractMessage\:\:addValidator\(\)\.$#'
5-
identifier: method.notFound
6-
path: src/Binding/HTTPArtifact.php
7-
8-
-
9-
message: '#^Call to an undefined method SimpleSAML\\SAML2\\XML\\samlp\\ArtifactResponse\:\:validate\(\)\.$#'
10-
identifier: method.notFound
11-
path: src/Binding/HTTPArtifact.php
12-
133
-
144
message: '#^Call to an undefined method SimpleSAML\\SAML2\\XML\\samlp\\AbstractMessage\:\:addValidator\(\)\.$#'
155
identifier: method.notFound

src/Binding/HTTPArtifact.php

Lines changed: 19 additions & 19 deletions
Original file line numberDiff line numberDiff line change
@@ -9,12 +9,12 @@
99
use Nyholm\Psr7\Response;
1010
use Psr\Http\Message\ResponseInterface;
1111
use Psr\Http\Message\ServerRequestInterface;
12-
use RobRichards\XMLSecLibs\XMLSecurityKey;
1312
use SimpleSAML\Configuration;
1413
use SimpleSAML\Metadata\MetaDataStorageHandler;
1514
use SimpleSAML\Module\saml\Message as MSG;
1615
use SimpleSAML\SAML2\Assert\Assert;
1716
use SimpleSAML\SAML2\Binding;
17+
use SimpleSAML\SAML2\Compat\ContainerSingleton;
1818
use SimpleSAML\SAML2\SOAPClient;
1919
use SimpleSAML\SAML2\Utils;
2020
use SimpleSAML\SAML2\XML\saml\Issuer;
@@ -24,6 +24,8 @@
2424
use SimpleSAML\SAML2\XML\samlp\ArtifactResponse;
2525
use SimpleSAML\Store\StoreFactory;
2626
use SimpleSAML\Utils\HTTP;
27+
use SimpleSAML\XMLSecurity\Alg\Signature\SignatureAlgorithmFactory;
28+
use SimpleSAML\XMLSecurity\TestUtils\PEMCertificatesMock;
2729

2830
use function array_key_exists;
2931
use function base64_decode;
@@ -173,8 +175,10 @@ public function receive(ServerRequestInterface $request): AbstractMessage
173175
$soap = new SOAPClient();
174176

175177
// Send message through SoapClient
176-
/** @var \SimpleSAML\SAML2\XML\samlp\ArtifactResponse $artifactResponse */
177178
$artifactResponse = $soap->send($ar, $this->spMetadata, $idpMetadata);
179+
if (!($artifactResponse instanceof ArtifactResponse)) {
180+
throw new Exception('Invalid message received in response to our ArtifactResolve.');
181+
}
178182

179183
if (!$artifactResponse->isSuccess()) {
180184
throw new Exception('Received error from ArtifactResolutionService.');
@@ -183,18 +187,27 @@ public function receive(ServerRequestInterface $request): AbstractMessage
183187
$samlResponse = $artifactResponse->getMessage();
184188
if ($samlResponse === null) {
185189
/* Empty ArtifactResponse - possibly because of Artifact replay? */
186-
187190
throw new Exception('Empty ArtifactResponse received, maybe a replay?');
188191
}
189192

190-
$samlResponse->addValidator([get_class($this), 'validateSignature'], $artifactResponse);
191-
192193
$query = $request->getQueryParams();
193194
if (isset($query['RelayState'])) {
194195
$this->setRelayState($query['RelayState']);
195196
}
196197

197-
return $samlResponse;
198+
if (!$samlResponse->isSigned()) {
199+
return $samlResponse;
200+
}
201+
202+
$container = ContainerSingleton::getInstance();
203+
$blacklist = $container->getBlacklistedEncryptionAlgorithms();
204+
$verifier = (new SignatureAlgorithmFactory($blacklist))->getAlgorithm(
205+
$samlResponse->getSignature()->getSignedInfo()->getSignatureMethod()->getAlgorithm(),
206+
// TODO: Need to use the key from the metadata
207+
PEMCertificatesMock::getPublicKey(PEMCertificatesMock::SELFSIGNED_PUBLIC_KEY),
208+
);
209+
210+
return $samlResponse->verify($verifier);
198211
}
199212

200213

@@ -205,17 +218,4 @@ public function setSPMetadata(Configuration $sp): void
205218
{
206219
$this->spMetadata = $sp;
207220
}
208-
209-
210-
/**
211-
* A validator which returns true if the ArtifactResponse was signed with the given key
212-
*
213-
* @param \SimpleSAML\SAML2\XML\samlp\ArtifactResponse $message
214-
* @param \RobRichards\XMLSecLibs\XMLSecurityKey $key
215-
*/
216-
public static function validateSignature(ArtifactResponse $message, XMLSecurityKey $key): bool
217-
{
218-
// @todo verify if this works and/or needs to do anything more. Ref. HTTPRedirect binding
219-
return $message->validate($key);
220-
}
221221
}

0 commit comments

Comments
 (0)