Merge pull request #143 from simplesamlphp/gettersetter

Add getter/setter methods to replace public properties in the next major

src/SAML2/Assertion.php

@@ -256,16 +256,16 @@ class Assertion implements SignedElement
  */
  public function __construct(\DOMElement $xml = null)
  {
- $this->id = Utils::getContainer()->generateId();
- $this->issueInstant = Temporal::getTime();
- $this->issuer = '';
- $this->authnInstant = Temporal::getTime();
- $this->attributes = [];
- $this->nameFormat = Constants::NAMEFORMAT_UNSPECIFIED;
- $this->certificates = [];
- $this->AuthenticatingAuthority = [];
- $this->SubjectConfirmation = [];
- $this->requiredEncAttributes = false;
+ $this->setId(Utils::getContainer()->generateId());
+ $this->setIssueInstant(Temporal::getTime());
+ $this->setIssuer('');
+ $this->setAuthnInstant(Temporal::getTime());
+ $this->setAttributes([]);
+ $this->setAttributeNameFormat(Constants::NAMEFORMAT_UNSPECIFIED);
+ $this->setCertificates([]);
+ $this->setAuthenticatingAuthority([]);
+ $this->setSubjectConfirmation([]);
+ $this->setRequiredEncAttributes(false);
 
  if ($xml === null) {
  return;
@@ -278,7 +278,7 @@ public function __construct(\DOMElement $xml = null)
 
  if ($xml->getAttribute('Version') !== '2.0') {
  /* Currently a very strict check. */
- throw new \Exception('Unsupported version: ' . $xml->getAttribute('Version'));
+ throw new \Exception('Unsupported version: '.$xml->getAttribute('Version'));
  }
 
  $this->issueInstant = Utils::xsDateTimeToTimestamp($xml->getAttribute('IssueInstant'));
@@ -364,14 +364,14 @@ private function parseConditions(\DOMElement $xml)
 
  if ($conditions->hasAttribute('NotBefore')) {
  $notBefore = Utils::xsDateTimeToTimestamp($conditions->getAttribute('NotBefore'));
- if ($this->notBefore === null || $this->notBefore < $notBefore) {
- $this->notBefore = $notBefore;
+ if ($this->getNotBefore() === null || $this->getNotBefore() < $notBefore) {
+ $this->setNotBefore($notBefore);
  }
  }
  if ($conditions->hasAttribute('NotOnOrAfter')) {
  $notOnOrAfter = Utils::xsDateTimeToTimestamp($conditions->getAttribute('NotOnOrAfter'));
- if ($this->notOnOrAfter === null || $this->notOnOrAfter > $notOnOrAfter) {
- $this->notOnOrAfter = $notOnOrAfter;
+ if ($this->getNotOnOrAfter() === null || $this->getNotOnOrAfter() > $notOnOrAfter) {
+ $this->setNotOnOrAfter($notOnOrAfter);
  }
  }
 
@@ -380,7 +380,7 @@ private function parseConditions(\DOMElement $xml)
  continue;
  }
  if ($node->namespaceURI !== Constants::NS_SAML) {
- throw new \Exception('Unknown namespace of condition: ' . var_export($node->namespaceURI, true));
+ throw new \Exception('Unknown namespace of condition: '.var_export($node->namespaceURI, true));
  }
  switch ($node->localName) {
  case 'AudienceRestriction':
@@ -403,7 +403,7 @@ private function parseConditions(\DOMElement $xml)
  /* Currently ignored. */
  break;
  default:
- throw new \Exception('Unknown condition: ' . var_export($node->localName, true));
+ throw new \Exception('Unknown condition: '.var_export($node->localName, true));
  }
  }
  }
@@ -559,7 +559,9 @@ private function parseAttributeValue($attribute, $attributeName)
  } else {
  /* Fall back for legacy IdPs sending string value (e.g. SSP < 1.15) */
  Utils::getContainer()->getLogger()->warning(sprintf("Attribute %s (EPTI) value %d is not an XML NameId", $attributeName, $index));
- $this->attributes[$attributeName][] = XML\saml\NameID::fromArray(['Value' => $eptiAttributeValue->textContent]);
+ $nameId = new XML\saml\NameID();
+ $nameId->setValue($eptiAttributeValue->textContent);
+ $this->attributes[$attributeName][] = $nameId;
  }
  }
 
@@ -588,7 +590,7 @@ private function parseAttributeValue($attribute, $attributeName)
  }
 
  if ($type === 'xs:integer') {
- $this->attributes[$attributeName][] = (int)$value->textContent;
+ $this->attributes[$attributeName][] = (int) $value->textContent;
  } else {
  $this->attributes[$attributeName][] = trim($value->textContent);
  }
@@ -602,10 +604,10 @@ private function parseAttributeValue($attribute, $attributeName)
  */
  private function parseEncryptedAttributes(\DOMElement $xml)
  {
- $this->encryptedAttributes = Utils::xpQuery(
+ $this->setEncryptedAttributes(Utils::xpQuery(
  $xml,
  './saml_assertion:AttributeStatement/saml_assertion:EncryptedAttribute'
- );
+ ));
  }
 
  /**
@@ -621,10 +623,10 @@ private function parseSignature(\DOMElement $xml)
  /* Validate the signature element of the message. */
  $sig = Utils::validateElement($xml);
  if ($sig !== false) {
- $this->wasSignedAtConstruction = true;
- $this->certificates = $sig['Certificates'];
- $this->signatureData = $sig;
- $this->signatureMethod = $signatureMethod[0]->value;
+ $this->setWasSignedAtConstruction(true);
+ $this->setCertificates($sig['Certificates']);
+ $this->setSignatureData($sig);
+ $this->setSignatureMethod($signatureMethod[0]->value);
  }
  }
 
@@ -642,11 +644,11 @@ public function validate(XMLSecurityKey $key)
  {
  assert($key->type === \RobRichards\XMLSecLibs\XMLSecurityKey::RSA_SHA256);
 
- if ($this->signatureData === null) {
+ if ($this->getSignatureData() === null) {
  return false;
  }
 
- Utils::validateSignature($this->signatureData, $key);
+ Utils::validateSignature($this->getSignatureData(), $key);
 
  return true;
  }
@@ -746,6 +748,7 @@ public function setNameId($nameId)
  assert(is_array($nameId) || is_null($nameId) || $nameId instanceof XML\saml\NameID);
 
  if (is_array($nameId)) {
+ // @deprecated behaviour
  $nameId = XML\saml\NameID::fromArray($nameId);
  }
  $this->nameId = $nameId;
@@ -836,7 +839,7 @@ public function decryptAttributes(XMLSecurityKey $key, array $blacklist = [])
  return;
  }
  $firstAttribute = true;
- $attributes = $this->encryptedAttributes;
+ $attributes = $this->getEncryptedAttributes();
  foreach ($attributes as $attributeEnc) {
  /*Decrypt node <EncryptedAttribute>*/
  $attribute = Utils::decryptElement(
@@ -928,12 +931,23 @@ public function setNotOnOrAfter($notOnOrAfter)
  }
 
  /**
- * Set $EncryptedAttributes if attributes will send encrypted
+ * Retrieve $requiredEncAttributes if attributes will be send encrypted
+ *
+ * @return boolean Rrue to encrypt attributes in the assertion.
+ */
+ public function getRequiredEncAttributes()
+ {
+ return $this->requiredEncAttributes;
+ }
+
+ /**
+ * Set $requiredEncAttributes if attributes will be send encrypted
  *
  * @param boolean $ea true to encrypt attributes in the assertion.
  */
- public function setEncryptedAttributes($ea)
+ public function setRequiredEncAttributes($ea)
  {
+ assert(is_bool($ea));
  $this->requiredEncAttributes = $ea;
  }
 
@@ -1103,6 +1117,28 @@ public function setAuthnContextClassRef($authnContextClassRef)
  $this->authnContextClassRef = $authnContextClassRef;
  }
 
+ /**
+ * Retrieve the signature method.
+ *
+ * @return string|null The signature method.
+ */
+ public function getSignatureMethod()
+ {
+ return $this->signatureMethod;
+ }
+
+ /**
+ * Set the signature method used.
+ *
+ * @param string|null $signatureMethod
+ */
+ public function setSignatureMethod($signatureMethod)
+ {
+ assert(is_string($signatureMethod) || is_null($signatureMethod));
+
+ $this->signatureMethod = $signatureMethod;
+ }
+
  /**
  * Set the authentication context declaration.
  *
@@ -1136,7 +1172,7 @@ public function getAuthnContextDecl()
  /**
  * Set the authentication context declaration reference.
  *
- * @param string $authnContextDeclRef
+ * @param string|\SAML2\XML\Chunk $authnContextDeclRef
  * @throws \Exception
  */
  public function setAuthnContextDeclRef($authnContextDeclRef)
@@ -1204,6 +1240,22 @@ public function setAttributes(array $attributes)
  $this->attributes = $attributes;
  }
 
+ /**
+ * @return array
+ */
+ public function getSignatureData()
+ {
+ return $this->signatureData;
+ }
+
+ /**
+ * @param array|null $signatureData
+ */
+ public function setSignatureData(array $signatureData = null)
+ {
+ $this->signatureData = $signatureData;
+ }
+
  /**
  * Retrieve all attributes value types.
  *
@@ -1269,6 +1321,26 @@ public function setSubjectConfirmation(array $SubjectConfirmation)
  $this->SubjectConfirmation = $SubjectConfirmation;
  }
 
+ /**
+ * Retrieve the encryptedAttributes elements we have.
+ *
+ * @return array Array of \DOMElement elements.
+ */
+ public function getEncryptedAttributes()
+ {
+ return $this->encryptedAttributes;
+ }
+
+ /**
+ * Set the encryptedAttributes elements
+ *
+ * @param array $encAttrs Array of \DOMElement elements.
+ */
+ public function setEncryptedAttributes(array $encAttrs)
+ {
+ $this->encryptedAttributes = $encAttrs;
+ }
+
  /**
  * Retrieve the private key we should use to sign the assertion.
  *
@@ -1337,17 +1409,18 @@ public function getCertificates()
  /**
  * @return bool
  */
- public function getWasSignedAtConstruction()
+ public function wasSignedAtConstruction()
  {
  return $this->wasSignedAtConstruction;
  }
 
  /**
- * @return null|string
+ * @param bool $flag
  */
- public function getSignatureMethod()
+ public function setWasSignedAtConstruction($flag)
  {
- return $this->signatureMethod;
+ assert(is_bool($flag));
+ $this->wasSignedAtConstruction = $flag;
  }
 
  /**
@@ -1365,7 +1438,7 @@ public function toXML(\DOMNode $parentElement = null)
  $document = $parentElement->ownerDocument;
  }
 
- $root = $document->createElementNS(Constants::NS_SAML, 'saml:' . 'Assertion');
+ $root = $document->createElementNS(Constants::NS_SAML, 'saml:'.'Assertion');
  $parentElement->appendChild($root);
 
  /* Ugly hack to add another namespace declaration to the root element. */
@@ -1389,7 +1462,7 @@ public function toXML(\DOMNode $parentElement = null)
  $this->addSubject($root);
  $this->addConditions($root);
  $this->addAuthnStatement($root);
- if ($this->requiredEncAttributes === false) {
+ if ($this->getRequiredEncAttributes() === false) {
  $this->addAttributeStatement($root);
  } else {
  $this->addEncryptedAttributeStatement($root);
@@ -1421,7 +1494,7 @@ private function addSubject(\DOMElement $root)
  if ($this->encryptedNameId === null) {
  $this->nameId->toXML($subject);
  } else {
- $eid = $subject->ownerDocument->createElementNS(Constants::NS_SAML, 'saml:' . 'EncryptedID');
+ $eid = $subject->ownerDocument->createElementNS(Constants::NS_SAML, 'saml:'.'EncryptedID');
  $subject->appendChild($eid);
  $eid->appendChild($subject->ownerDocument->importNode($this->encryptedNameId, true));
  }
@@ -1573,7 +1646,7 @@ private function addAttributeStatement(\DOMElement $root)
  if (is_array($this->attributesValueTypes) && array_key_exists($name, $this->attributesValueTypes)) {
  $valueTypes = $this->attributesValueTypes[$name];
  if (is_array($valueTypes) && count($valueTypes) != count($values)) {
- throw new \Exception('Array of value types and array of values have different size for attribute '. var_export($name, true));
+ throw new \Exception('Array of value types and array of values have different size for attribute '.var_export($name, true));
  }
  } else {
  // if no type(s), default behaviour
@@ -1634,7 +1707,7 @@ private function addAttributeStatement(\DOMElement $root)
  */
  private function addEncryptedAttributeStatement(\DOMElement $root)
  {
- if ($this->requiredEncAttributes === false) {
+ if ($this->getRequiredEncAttributes() === false) {
  return;
  }
 
@@ -1650,7 +1723,7 @@ private function addEncryptedAttributeStatement(\DOMElement $root)
  $document2->appendChild($attribute);
 
  if ($this->nameFormat !== Constants::NAMEFORMAT_UNSPECIFIED) {
- $attribute->setAttribute('NameFormat', $this->nameFormat);
+ $attribute->setAttribute('NameFormat', $this->getAttributeNameFormat());
  }
 
  foreach ($values as $value) {

src/SAML2/Assertion/Processor.php

@@ -97,7 +97,7 @@ public function process($assertion)
  {
  $assertion = $this->decryptAssertion($assertion);
 
- if (!$assertion->getWasSignedAtConstruction()) {
+ if (!$assertion->wasSignedAtConstruction()) {
  $this->logger->info(sprintf(
  'Assertion with id "%s" was not signed at construction, not verifying the signature',
  $assertion->getId()

src/SAML2/Assertion/Validation/ConstraintValidator/SubjectConfirmationNotBefore.php

@@ -14,7 +14,7 @@ public function validate(
  SubjectConfirmation $subjectConfirmation,
  Result $result
  ) {
- $notBefore = $subjectConfirmation->SubjectConfirmationData->NotBefore;
+ $notBefore = $subjectConfirmation->getSubjectConfirmationData()->getNotBefore();
  if ($notBefore && $notBefore > Temporal::getTime() + 60) {
  $result->addError('NotBefore in SubjectConfirmationData is in the future');
  }

src/SAML2/Assertion/Validation/ConstraintValidator/SubjectConfirmationNotOnOrAfter.php

@@ -14,7 +14,7 @@ public function validate(
  SubjectConfirmation $subjectConfirmation,
  Result $result
  ) {
- $notOnOrAfter = $subjectConfirmation->SubjectConfirmationData->NotOnOrAfter;
+ $notOnOrAfter = $subjectConfirmation->getSubjectConfirmationData()->getNotOnOrAfter();
  if ($notOnOrAfter && $notOnOrAfter <= Temporal::getTime() - 60) {
  $result->addError('NotOnOrAfter in SubjectConfirmationData is in the past');
  }

src/SAML2/Assertion/Validation/ConstraintValidator/SubjectConfirmationRecipientMatches.php

@@ -24,7 +24,7 @@ public function validate(
  SubjectConfirmation $subjectConfirmation,
  Result $result
  ) {
- $recipient = $subjectConfirmation->SubjectConfirmationData->Recipient;
+ $recipient = $subjectConfirmation->getSubjectConfirmationData()->getRecipient();
  if ($recipient && !$this->destination->equals(new Destination($recipient))) {
  $result->addError(sprintf(
  'Recipient in SubjectConfirmationData ("%s") does not match the current destination ("%s")',

src/SAML2/Assertion/Validation/ConstraintValidator/SubjectConfirmationResponseToMatches.php

@@ -21,7 +21,7 @@ public function validate(
  SubjectConfirmation $subjectConfirmation,
  Result $result
  ) {
- $inResponseTo = $subjectConfirmation->SubjectConfirmationData->InResponseTo;
+ $inResponseTo = $subjectConfirmation->getSubjectConfirmationData()->getInResponseTo();
  if ($inResponseTo && ($this->getInResponseTo() !== false) && ($this->getInResponseTo() !== $inResponseTo)) {
  $result->addError(sprintf(
  'InResponseTo in SubjectConfirmationData ("%s") does not match the Response InResponseTo ("%s")',

src/SAML2/AttributeQuery.php

@@ -159,7 +159,7 @@ public function toUnsignedXML()
  $type = null;
  }
 
- $attributeValue = Utils::addString($attribute, Constants::NS_SAML, 'saml:AttributeValue', (string)$value);
+ $attributeValue = Utils::addString($attribute, Constants::NS_SAML, 'saml:AttributeValue', strval($value));
  if ($type !== null) {
  $attributeValue->setAttributeNS(Constants::NS_XSI, 'xsi:type', $type);
  }