Add ManageNameIDRequest-element

Author: tvdijen

src/XML/samlp/AbstractManageNameIDRequest.php

@@ -0,0 +1,88 @@
+<?php
+
+declare(strict_types=1);
+
+namespace SimpleSAML\SAML2\XML\samlp;
+
+use DOMElement;
+use SimpleSAML\SAML2\Type\SAMLAnyURIValue;
+use SimpleSAML\SAML2\Type\SAMLDateTimeValue;
+use SimpleSAML\SAML2\XML\IdentifierTrait;
+use SimpleSAML\SAML2\XML\saml\EncryptedID;
+use SimpleSAML\SAML2\XML\saml\Issuer;
+use SimpleSAML\SAML2\XML\saml\NameID;
+use SimpleSAML\SAML2\XML\samlp\NewEncryptedID;
+use SimpleSAML\SAML2\XML\samlp\NewID;
+use SimpleSAML\SAML2\XML\samlp\Terminate;
+use SimpleSAML\XMLSchema\Type\IDValue;
+
+/**
+ * Class representing the samlp:ManageNameIDRequestType.
+ *
+ * @package simplesamlphp/saml2
+ */
+abstract class AbstractManageNameIDRequest extends AbstractRequest
+{
+    use IdentifierTrait;
+
+
+    /**
+     * Initialize a ManageNameIDRequest.
+     *
+     * @param \SimpleSAML\SAML2\XML\saml\NameID|\SimpleSAML\SAML2\XML\saml\EncryptedID $identifier
+     * @param (
+     *   \SimpleSAML\SAML2\XML\samlp\NewID|
+     *   \SimpleSAML\SAML2\XML\samlp\NewEncryptedID|
+     *   \SimpleSAML\SAML2\XML\samlp\Terminate
+     * ) $newIdentifier
+     * @param \SimpleSAML\XMLSchema\Type\IDValue $id
+     * @param \SimpleSAML\SAML2\XML\saml\Issuer|null $issuer
+     * @param \SimpleSAML\SAML2\Type\SAMLDateTimeValue|null $issueInstant
+     * @param \SimpleSAML\SAML2\Type\SAMLAnyURIValue|null $destination
+     * @param \SimpleSAML\SAML2\Type\SAMLAnyURIValue|null $consent
+     * @param \SimpleSAML\SAML2\XML\samlp\Extensions $extensions
+     */
+    final public function __construct(
+        NameID|EncryptedID $identifier,
+        protected NewID|NewEncryptedID|Terminate $newIdentifier,
+        IDValue $id,
+        ?Issuer $issuer = null,
+        ?SAMLDateTimeValue $issueInstant = null,
+        ?SAMLAnyURIValue $destination = null,
+        ?SAMLAnyURIValue $consent = null,
+        ?Extensions $extensions = null,
+    ) {
+        $this->setIdentifier($identifier);
+
+        parent::__construct($id, $issuer, $issueInstant, $destination, $consent, $extensions);
+    }
+
+
+    /**
+     * Retrieve the new identifier.
+     *
+     * @return (
+     *   \SimpleSAML\SAML2\XML\samlp\NewID|
+     *   \SimpleSAML\SAML2\XML\samlp\NewEncryptedID|
+     *   \SimpleSAML\SAML2\XML\samlp\Terminate
+     * )
+     */
+    public function getNewIdentifier(): NewID|NewEncryptedID|Terminate
+    {
+        return $this->newIdentifier;
+    }
+
+
+    /**
+     * Convert this ManageNameIDRequest to XML
+     */
+    public function toUnsignedXML(?DOMElement $parent = null): DOMElement
+    {
+        $e = parent::toUnsignedXML($parent);
+
+        $this->getIdentifier()->toXML($e);
+        $this->getNewIdentifier()->toXML($e);
+
+        return $e;
+    }
+}

src/XML/samlp/ManageNameIDRequest.php

@@ -0,0 +1,107 @@
+<?php
+
+declare(strict_types=1);
+
+namespace SimpleSAML\SAML2\XML\samlp;
+
+use DOMElement;
+use SimpleSAML\SAML2\Assert\Assert;
+use SimpleSAML\SAML2\Exception\Protocol\RequestVersionTooHighException;
+use SimpleSAML\SAML2\Exception\Protocol\RequestVersionTooLowException;
+use SimpleSAML\SAML2\Type\SAMLAnyURIValue;
+use SimpleSAML\SAML2\Type\SAMLDateTimeValue;
+use SimpleSAML\SAML2\Type\SAMLStringValue;
+use SimpleSAML\SAML2\XML\saml\Issuer;
+use SimpleSAML\SAML2\XML\samlp\NewEncryptedID;
+use SimpleSAML\SAML2\XML\samlp\NewID;
+use SimpleSAML\SAML2\XML\samlp\Terminate;
+use SimpleSAML\XML\SchemaValidatableElementInterface;
+use SimpleSAML\XML\SchemaValidatableElementTrait;
+use SimpleSAML\XMLSchema\Exception\InvalidDOMElementException;
+use SimpleSAML\XMLSchema\Exception\MissingElementException;
+use SimpleSAML\XMLSchema\Exception\TooManyElementsException;
+use SimpleSAML\XMLSchema\Type\IDValue;
+use SimpleSAML\XMLSecurity\XML\ds\Signature;
+
+use function array_merge;
+use function array_pop;
+use function version_compare;
+
+/**
+ * Class for handling SAML2 ManageNameIDRequest.
+ *
+ * @package simplesamlphp/saml2
+ */
+final class ManageNameIDRequest extends AbstractManageNameIDRequest implements
+    SchemaValidatableElementInterface
+{
+    use SchemaValidatableElementTrait;
+
+
+    /**
+     * Convert XML into a ManageNameIDRequest
+     *
+     * @throws \SimpleSAML\XMLSchema\Exception\InvalidDOMElementException
+     *   if the qualified name of the supplied element is wrong
+     */
+    public static function fromXML(DOMElement $xml): static
+    {
+        Assert::same($xml->localName, static::getLocalName(), InvalidDOMElementException::class);
+        Assert::same($xml->namespaceURI, static::NS, InvalidDOMElementException::class);
+
+        $version = self::getAttribute($xml, 'Version', SAMLStringValue::class);
+        Assert::true(version_compare('2.0', strval($version), '<='), RequestVersionTooLowException::class);
+        Assert::true(version_compare('2.0', strval($version), '>='), RequestVersionTooHighException::class);
+
+        $issuer = Issuer::getChildrenOfClass($xml);
+        Assert::maxCount($issuer, 1, 'Only one <saml:Issuer> element is allowed.', TooManyElementsException::class);
+
+        $extensions = Extensions::getChildrenOfClass($xml);
+        Assert::maxCount(
+            $extensions,
+            1,
+            'Only one <samlp:Extensions> element is allowed.',
+            TooManyElementsException::class,
+        );
+
+        $signature = Signature::getChildrenOfClass($xml);
+        Assert::maxCount(
+            $signature,
+            1,
+            'Only one <ds:Signature> element is allowed.',
+            TooManyElementsException::class,
+        );
+
+        $newId = NewID::getChildrenOfClass($xml);
+        Assert::maxCount($newId, 1, TooManyElementsException::class);
+
+        $newEncryptedId = NewEncryptedID::getChildrenOfClass($xml);
+        Assert::maxCount($newEncryptedId, 1, TooManyElementsException::class);
+
+        $terminate = Terminate::getChildrenOfClass($xml);
+        Assert::maxCount($terminate, 1, TooManyElementsException::class);
+
+        $newIdentifier = array_merge($newId, $newEncryptedId, $terminate);
+        Assert::minCount($newIdentifier, 1, MissingElementException::class);
+        Assert::maxCount($newIdentifier, 1, TooManyElementsException::class);
+
+        $request = new static(
+            self::getIdentifierFromXML($xml),
+            array_pop($newIdentifier),
+            self::getAttribute($xml, 'ID', IDValue::class),
+            array_pop($issuer),
+            self::getAttribute($xml, 'IssueInstant', SAMLDateTimeValue::class),
+            self::getOptionalAttribute($xml, 'Destination', SAMLAnyURIValue::class, null),
+            self::getOptionalAttribute($xml, 'Consent', SAMLAnyURIValue::class, null),
+            array_pop($extensions),
+        );
+
+        if (!empty($signature)) {
+            $request->setSignature($signature[0]);
+            $request->messageContainedSignatureUponConstruction = true;
+            $request->setXML($xml);
+        }
+
+        return $request;
+    }
+}

src/XML/samlp/NewEncryptedID.php

@@ -8,7 +8,6 @@
 use SimpleSAML\SAML2\Constants as C;
 use SimpleSAML\SAML2\XML\saml\AbstractBaseID;
 use SimpleSAML\SAML2\XML\saml\AbstractEncryptedElement;
-use SimpleSAML\SAML2\XML\saml\IdentifierInterface;
 use SimpleSAML\SAML2\XML\saml\NameID;
 use SimpleSAML\XML\DOMDocumentFactory;
 use SimpleSAML\XML\SchemaValidatableElementInterface;
@@ -23,9 +22,7 @@
  *
  * @package simplesamlphp/saml2
  */
-final class NewEncryptedID extends AbstractEncryptedElement implements
-    IdentifierInterface,
-    SchemaValidatableElementInterface
+final class NewEncryptedID extends AbstractEncryptedElement implements SchemaValidatableElementInterface
 {
     use SchemaValidatableElementTrait;
 

tests/SAML2/XML/samlp/ManageNameIDRequestTest.php

@@ -0,0 +1,87 @@
+<?php
+
+declare(strict_types=1);
+
+namespace SimpleSAML\Test\SAML2\XML\samlp;
+
+use PHPUnit\Framework\Attributes\CoversClass;
+use PHPUnit\Framework\Attributes\Group;
+use PHPUnit\Framework\TestCase;
+use SimpleSAML\SAML2\Type\SAMLAnyURIValue;
+use SimpleSAML\SAML2\Type\SAMLDateTimeValue;
+use SimpleSAML\SAML2\Type\SAMLStringValue;
+use SimpleSAML\SAML2\XML\saml\Issuer;
+use SimpleSAML\SAML2\XML\saml\NameID;
+use SimpleSAML\SAML2\XML\samlp\AbstractMessage;
+use SimpleSAML\SAML2\XML\samlp\AbstractRequest;
+use SimpleSAML\SAML2\XML\samlp\AbstractSamlpElement;
+use SimpleSAML\SAML2\XML\samlp\ManageNameIDRequest;
+use SimpleSAML\SAML2\XML\samlp\Terminate;
+use SimpleSAML\XML\DOMDocumentFactory;
+use SimpleSAML\XML\TestUtils\SchemaValidationTestTrait;
+use SimpleSAML\XML\TestUtils\SerializableElementTestTrait;
+use SimpleSAML\XMLSchema\Type\IDValue;
+
+use function dirname;
+use function strval;
+
+/**
+ * Class \SimpleSAML\SAML2\XML\samlp\ManageNameIDRequestTest
+ *
+ * @package simplesamlphp/saml2
+ */
+#[Group('saml')]
+#[CoversClass(ManageNameIDRequest::class)]
+#[CoversClass(AbstractRequest::class)]
+#[CoversClass(AbstractMessage::class)]
+#[CoversClass(AbstractSamlpElement::class)]
+final class ManageNameIDRequestTest extends TestCase
+{
+    use SchemaValidationTestTrait;
+    use SerializableElementTestTrait;
+
+
+    /**
+     */
+    public static function setUpBeforeClass(): void
+    {
+        self::$testedClass = ManageNameIDRequest::class;
+
+        self::$xmlRepresentation = DOMDocumentFactory::fromFile(
+            dirname(__FILE__, 4) . '/resources/xml/samlp_ManageNameIDRequest.xml',
+        );
+    }
+
+
+    // marshalling
+
+
+    /**
+     */
+    public function testMarshalling(): void
+    {
+        $nameId = new NameID(
+            SAMLStringValue::fromString('TheNameIDValue'),
+            SAMLStringValue::fromString('urn:x-simplesamlphp:namequalifier'),
+            SAMLStringValue::fromString('urn:x-simplesamlphp:spnamequalifier'),
+            SAMLAnyURIValue::fromString('urn:the:format'),
+            SAMLStringValue::fromString('TheSPProvidedID'),
+        );
+
+        $manageNameIdRequest = new ManageNameIDRequest(
+            identifier: $nameId,
+            newIdentifier: new Terminate(),
+            issuer: new Issuer(
+                SAMLStringValue::fromString('https://gateway.stepup.org/saml20/sp/metadata'),
+            ),
+            id: IDValue::fromString('_2b0226190ca1c22de6f66e85f5c95158'),
+            issueInstant: SAMLDateTimeValue::fromString('2014-09-22T13:42:00Z'),
+            destination: SAMLAnyURIValue::fromString('https://tiqr.stepup.org/idp/profile/saml2/Redirect/SSO'),
+        );
+
+        $this->assertEquals(
+            self::$xmlRepresentation->saveXML(self::$xmlRepresentation->documentElement),
+            strval($manageNameIdRequest),
+        );
+    }
+}

tests/resources/xml/samlp_ManageNameIDRequest.xml

@@ -0,0 +1,5 @@
+<samlp:ManageNameIDRequest xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" Version="2.0" ID="_2b0226190ca1c22de6f66e85f5c95158" IssueInstant="2014-09-22T13:42:00Z" Destination="https://tiqr.stepup.org/idp/profile/saml2/Redirect/SSO">
+  <saml:Issuer>https://gateway.stepup.org/saml20/sp/metadata</saml:Issuer>
+  <saml:NameID NameQualifier="urn:x-simplesamlphp:namequalifier" SPNameQualifier="urn:x-simplesamlphp:spnamequalifier" Format="urn:the:format" SPProvidedID="TheSPProvidedID">TheNameIDValue</saml:NameID>
+  <samlp:Terminate />
+</samlp:ManageNameIDRequest>