Skip to content

Commit

Permalink
Backport IDPSSODescriptor + SPSSODescriptor
Browse files Browse the repository at this point in the history
  • Loading branch information
@tvdijen
tvdijen committed Nov 18, 2023
1 parent 7bcc0b4 commit bb0139f
Show file tree
Hide file tree
Showing 9 changed files with 1,723 additions and 668 deletions.
167 changes: 167 additions & 0 deletions src/SAML2/XML/md/AbstractRoleDescriptorType.php
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,167 @@
<?php

declare(strict_types=1);

namespace SimpleSAML\SAML2\XML\md;

use DateTimeImmutable;
use DOMElement;
use SimpleSAML\Assert\Assert;
use SimpleSAML\SAML2\Constants as C;
use SimpleSAML\XML\Exception\SchemaViolationException;
use SimpleSAML\XML\ExtendableAttributesTrait;

use function implode;

/**
* Class representing SAML2 RoleDescriptorType.
*
* @package simplesamlphp/saml2
*/
abstract class AbstractRoleDescriptorType extends AbstractMetadataDocument
{
use ExtendableAttributesTrait;

/** The namespace-attribute for the xs:anyAttribute element */
public const XS_ANY_ATTR_NAMESPACE = C::XS_ANY_NS_OTHER;


/**
* Initialize a RoleDescriptor.
*
* @param string[] $protocolSupportEnumeration A set of URI specifying the protocols supported.
* @param string|null $ID The ID for this document. Defaults to null.
* @param \DateTimeImmutable|null $validUntil Unix time of validity for this document. Defaults to null.
* @param string|null $cacheDuration Maximum time this document can be cached. Defaults to null.
* @param \SimpleSAML\SAML2\XML\md\Extensions|null $extensions An Extensions object. Defaults to null.
* @param string|null $errorURL An URI where to redirect users for support. Defaults to null.
* @param \SimpleSAML\SAML2\XML\md\KeyDescriptor[] $keyDescriptor An array of KeyDescriptor elements.
* Defaults to an empty array.
* @param \SimpleSAML\SAML2\XML\md\Organization|null $organization
* The organization running this entity. Defaults to null.
* @param \SimpleSAML\SAML2\XML\md\ContactPerson[] $contact
* An array of contacts for this entity. Defaults to an empty array.
* @param list<\SimpleSAML\XML\Attribute> $namespacedAttributes
*/
public function __construct(
protected array $protocolSupportEnumeration,
?string $ID = null,
?DateTimeImmutable $validUntil = null,
?string $cacheDuration = null,
?Extensions $extensions = null,
protected ?string $errorURL = null,
protected array $keyDescriptor = [],
protected ?Organization $organization = null,
protected array $contact = [],
array $namespacedAttributes = []
) {
Assert::maxCount($protocolSupportEnumeration, C::UNBOUNDED_LIMIT);
Assert::minCount(
$protocolSupportEnumeration,
1,
'At least one protocol must be supported by this ' . static::NS_PREFIX . ':' . static::getLocalName() . '.',
);
Assert::allValidURI($protocolSupportEnumeration, SchemaViolationException::class);
Assert::nullOrValidURI($errorURL, SchemaViolationException::class); // Covers the empty string
Assert::maxCount($contact, C::UNBOUNDED_LIMIT);
Assert::allIsInstanceOf(
$contact,
ContactPerson::class,
'All contacts must be an instance of md:ContactPerson',
);
Assert::maxCount($keyDescriptor, C::UNBOUNDED_LIMIT);
Assert::allIsInstanceOf(
$keyDescriptor,
KeyDescriptor::class,
'All key descriptors must be an instance of md:KeyDescriptor',
);

parent::__construct($ID, $validUntil, $cacheDuration, $extensions);

$this->setAttributesNS($namespacedAttributes);
}


/**
* Collect the value of the errorURL property.
*
* @return string|null
*/
public function getErrorURL(): ?string
{
return $this->errorURL;
}


/**
* Collect the value of the protocolSupportEnumeration property.
*
* @return string[]
*/
public function getProtocolSupportEnumeration(): array
{
return $this->protocolSupportEnumeration;
}


/**
* Collect the value of the Organization property.
*
* @return \SimpleSAML\SAML2\XML\md\Organization|null
*/
public function getOrganization(): ?Organization
{
return $this->organization;
}


/**
* Collect the value of the ContactPersons property.
*
* @return \SimpleSAML\SAML2\XML\md\ContactPerson[]
*/
public function getContactPerson(): array
{
return $this->contact;
}


/**
* Collect the value of the KeyDescriptors property.
*
* @return \SimpleSAML\SAML2\XML\md\KeyDescriptor[]
*/
public function getKeyDescriptor(): array
{
return $this->keyDescriptor;
}


/**
* Add this RoleDescriptor to an EntityDescriptor.
*
* @param \DOMElement $parent The EntityDescriptor we should append this endpoint to.
* @return \DOMElement
*/
public function toUnsignedXML(?DOMElement $parent = null): DOMElement
{
$e = parent::toUnsignedXML($parent);
$e->setAttribute('protocolSupportEnumeration', implode(' ', $this->getProtocolSupportEnumeration()));

if ($this->getErrorURL() !== null) {
$e->setAttribute('errorURL', $this->getErrorURL());
}

foreach ($this->getKeyDescriptor() as $kd) {
$kd->toXML($e);
}

$this->getOrganization()?->toXML($e);

foreach ($this->getContactPerson() as $cp) {
$cp->toXML($e);
}

return $e;
}
}
166 changes: 166 additions & 0 deletions src/SAML2/XML/md/AbstractSSODescriptor.php
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,166 @@
<?php

declare(strict_types=1);

namespace SimpleSAML\SAML2\XML\md;

use DateTimeImmutable;
use DOMElement;
use SimpleSAML\Assert\Assert;
use SimpleSAML\SAML2\Exception\ProtocolViolationException;
use SimpleSAML\XML\Constants as C;

/**
* Class representing SAML 2 SSODescriptorType.
*
* @package simplesamlphp/saml2
*/
abstract class AbstractSSODescriptor extends AbstractRoleDescriptorType
{
/**
* Initialize a RoleDescriptor.
*
* @param string[] $protocolSupportEnumeration A set of URI specifying the protocols supported.
* @param string|null $ID The ID for this document. Defaults to null.
* @param \DateTimeImmutable|null $validUntil Unix time of validity for this document. Defaults to null.
* @param string|null $cacheDuration Maximum time this document can be cached. Defaults to null.
* @param \SimpleSAML\SAML2\XML\md\Extensions|null $extensions An array of extensions. Defaults to an empty array.
* @param string|null $errorURL An URI where to redirect users for support. Defaults to null.
* @param \SimpleSAML\SAML2\XML\md\KeyDescriptor[] $keyDescriptors An array of KeyDescriptor elements.
* Defaults to an empty array.
* @param \SimpleSAML\SAML2\XML\md\Organization|null $organization
* The organization running this entity. Defaults to null.
* @param \SimpleSAML\SAML2\XML\md\ContactPerson[] $contacts An array of contacts for this entity.
* Defaults to an empty array.
* @param \SimpleSAML\SAML2\XML\md\AbstractIndexedEndpointType[] $artifactResolutionService An array of
* ArtifactResolutionEndpoint. Defaults to an empty array.
* @param \SimpleSAML\SAML2\XML\md\AbstractEndpointType[] $singleLogoutService An array of SingleLogoutEndpoint.
* Defaults to an empty array.
* @param \SimpleSAML\SAML2\XML\md\AbstractEndpointType[] $manageNameIDService An array of ManageNameIDService.
* Defaults to an empty array.
* @param \SimpleSAML\SAML2\XML\md\NameIDFormat[] $nameIDFormat An array of supported NameID formats.
* Defaults to an empty array.
*/
public function __construct(
array $protocolSupportEnumeration,
?string $ID = null,
?DateTimeImmutable $validUntil = null,
?string $cacheDuration = null,
?Extensions $extensions = null,
?string $errorURL = null,
array $keyDescriptors = [],
?Organization $organization = null,
array $contacts = [],
protected array $artifactResolutionService = [],
protected array $singleLogoutService = [],
protected array $manageNameIDService = [],
protected array $nameIDFormat = [],
) {
Assert::maxCount($artifactResolutionService, C::UNBOUNDED_LIMIT);
Assert::allIsInstanceOf(
$artifactResolutionService,
ArtifactResolutionService::class,
'All md:ArtifactResolutionService endpoints must be an instance of ArtifactResolutionService.',
);
Assert::maxCount($singleLogoutService, C::UNBOUNDED_LIMIT);
Assert::allIsInstanceOf(
$singleLogoutService,
SingleLogoutService::class,
'All md:SingleLogoutService endpoints must be an instance of SingleLogoutService.',
);
Assert::maxCount($manageNameIDService, C::UNBOUNDED_LIMIT);
Assert::allIsInstanceOf(
$manageNameIDService,
ManageNameIDService::class,
'All md:ManageNameIDService endpoints must be an instance of ManageNameIDService.',
);
Assert::maxCount($nameIDFormat, C::UNBOUNDED_LIMIT);
Assert::allIsInstanceOf($nameIDFormat, NameIDFormat::class, ProtocolViolationException::class);

parent::__construct(
$protocolSupportEnumeration,
$ID,
$validUntil,
$cacheDuration,
$extensions,
$errorURL,
$keyDescriptors,
$organization,
$contacts,
);
}


/**
* Collect the value of the ArtifactResolutionService-property
*
* @return \SimpleSAML\SAML2\XML\md\AbstractIndexedEndpointType[]
*/
public function getArtifactResolutionService(): array
{
return $this->artifactResolutionService;
}


/**
* Collect the value of the SingleLogoutService-property
*
* @return \SimpleSAML\SAML2\XML\md\AbstractEndpointType[]
*/
public function getSingleLogoutService(): array
{
return $this->singleLogoutService;
}


/**
* Collect the value of the ManageNameIDService-property
*
* @return \SimpleSAML\SAML2\XML\md\AbstractEndpointType[]
*/
public function getManageNameIDService(): array
{
return $this->manageNameIDService;
}


/**
* Collect the value of the NameIDFormat-property
*
* @return \SimpleSAML\SAML2\XML\md\NameIDFormat[]
*/
public function getNameIDFormat(): array
{
return $this->nameIDFormat;
}


/**
* Add this SSODescriptorType to an EntityDescriptor.
*
* @param \DOMElement|null $parent The EntityDescriptor we should append this SSODescriptorType to.
* @return \DOMElement The generated SSODescriptor DOMElement.
*/
public function toUnsignedXML(DOMElement $parent = null): DOMElement
{
$e = parent::toUnsignedXML($parent);

foreach ($this->getArtifactResolutionService() as $ep) {
$ep->toXML($e);
}

foreach ($this->getSingleLogoutService() as $ep) {
$ep->toXML($e);
}

foreach ($this->getManageNameIDService() as $ep) {
$ep->toXML($e);
}

foreach ($this->getNameIDFormat() as $nidFormat) {
$nidFormat->toXML($e);
}

return $e;
}
}
Loading

0 comments on commit bb0139f

Please sign in to comment.