Fix possibility to add namespaced attributes to md:RoleDescriptorType

simplesamlphp · Jan 3, 2024 · dca6336 · dca6336
1 parent 698d02b
commit dca6336
Show file tree

Hide file tree

Showing 7 changed files with 23 additions and 3 deletions.
diff --git a/src/SAML2/XML/md/AbstractRoleDescriptor.php b/src/SAML2/XML/md/AbstractRoleDescriptor.php
@@ -75,7 +75,7 @@ public function __construct(
             $keyDescriptor,
             $organization,
             $contactPerson,
-            $namespacedAttributes
+            $namespacedAttributes,
         );
     }
 
@@ -160,6 +160,7 @@ public static function fromXML(DOMElement $xml): static
                 KeyDescriptor::getChildrenOfClass($xml),
                 array_pop($orgs),
                 ContactPerson::getChildrenOfClass($xml),
+                self::getAttributesNSFromXML($xml),
             );
         }
 

diff --git a/src/SAML2/XML/md/AbstractRoleDescriptorType.php b/src/SAML2/XML/md/AbstractRoleDescriptorType.php
@@ -163,6 +163,10 @@ public function toUnsignedXML(?DOMElement $parent = null): DOMElement
             $cp->toXML($e);
         }
 
+        foreach ($this->getAttributesNS() as $attr) {
+            $attr->toXML($e);
+        }
+
         return $e;
     }
 }
diff --git a/src/SAML2/XML/md/AttributeAuthorityDescriptor.php b/src/SAML2/XML/md/AttributeAuthorityDescriptor.php
@@ -40,6 +40,7 @@ final class AttributeAuthorityDescriptor extends AbstractRoleDescriptorType
      * @param \SimpleSAML\SAML2\XML\md\Organization|null $organization
      * @param \SimpleSAML\SAML2\XML\md\KeyDescriptor[] $keyDescriptor
      * @param \SimpleSAML\SAML2\XML\md\ContactPerson[] $contact
+     * @param list<\SimpleSAML\XML\Attribute> $namespacedAttributes
      */
     public function __construct(
         protected array $attributeService,
@@ -56,6 +57,7 @@ public function __construct(
         ?Organization $organization = null,
         array $keyDescriptor = [],
         array $contact = [],
+        array $namespacedAttributes = []
     ) {
         Assert::maxCount($attributeService, C::UNBOUNDED_LIMIT);
         Assert::minCount(
@@ -89,6 +91,7 @@ public function __construct(
             $keyDescriptor,
             $organization,
             $contact,
+            $namespacedAttributes
         );
     }
 
@@ -223,6 +226,7 @@ public static function fromXML(DOMElement $xml): static
             !empty($orgs) ? $orgs[0] : null,
             KeyDescriptor::getChildrenOfClass($xml),
             ContactPerson::getChildrenOfClass($xml),
+            self::getAttributesNSFromXML($xml),
         );
 
         if (!empty($signature)) {

diff --git a/src/SAML2/XML/md/AuthnAuthorityDescriptor.php b/src/SAML2/XML/md/AuthnAuthorityDescriptor.php
@@ -36,6 +36,7 @@ final class AuthnAuthorityDescriptor extends AbstractRoleDescriptorType
      * @param \SimpleSAML\SAML2\XML\md\Organization|null $organization
      * @param array $keyDescriptor
      * @param array $contact
+     * @param list<\SimpleSAML\XML\Attribute>
      */
     public function __construct(
         protected array $authnQueryService,
@@ -50,6 +51,7 @@ public function __construct(
         ?Organization $organization = null,
         array $keyDescriptor = [],
         array $contact = [],
+        array $namespacedAttributes = [],
     ) {
         Assert::maxCount($authnQueryService, C::UNBOUNDED_LIMIT);
         Assert::minCount($authnQueryService, 1, 'Missing at least one AuthnQueryService in AuthnAuthorityDescriptor.');
@@ -77,6 +79,7 @@ public function __construct(
             $keyDescriptor,
             $organization,
             $contact,
+            $namespacedAttributes,
         );
     }
 
@@ -178,11 +181,14 @@ public static function fromXML(DOMElement $xml): static
             !empty($orgs) ? $orgs[0] : null,
             KeyDescriptor::getChildrenOfClass($xml),
             ContactPerson::getChildrenOfClass($xml),
+            self::getAttributesNSFromXML($xml),
         );
+
         if (!empty($signature)) {
             $authority->setSignature($signature[0]);
             $authority->setXML($xml);
         }
+
         return $authority;
     }
 

diff --git a/src/SAML2/XML/md/PDPDescriptor.php b/src/SAML2/XML/md/PDPDescriptor.php
@@ -36,6 +36,7 @@ final class PDPDescriptor extends AbstractRoleDescriptorType
      * @param \SimpleSAML\SAML2\XML\md\Organization|null $organization
      * @param \SimpleSAML\SAML2\XML\md\KeyDescriptor[] $keyDescriptors
      * @param \SimpleSAML\SAML2\XML\md\ContactPerson[] $contacts
+     * @param list<\SimpleSAML\XML\Attribute>
      */
     public function __construct(
         protected array $authzService,
@@ -50,6 +51,7 @@ public function __construct(
         ?Organization $organization = null,
         array $keyDescriptors = [],
         array $contacts = [],
+        array $namespacedAttributes = [],
     ) {
         Assert::maxCount($authzService, C::UNBOUNDED_LIMIT);
         Assert::minCount($authzService, 1, 'At least one md:AuthzService endpoint must be present.');
@@ -77,6 +79,7 @@ public function __construct(
             $keyDescriptors,
             $organization,
             $contacts,
+            $namespacedAttributes,
         );
     }
 
@@ -168,6 +171,7 @@ public static function fromXML(DOMElement $xml): static
             !empty($orgs) ? $orgs[0] : null,
             KeyDescriptor::getChildrenOfClass($xml),
             ContactPerson::getChildrenOfClass($xml),
+            self::getAttributesNSFromXML($xml),
         );
 
         if (!empty($signature)) {

diff --git a/tests/SAML2/CustomRoleDescriptor.php b/tests/SAML2/CustomRoleDescriptor.php
@@ -161,7 +161,8 @@ public static function fromXML(DOMElement $xml): static
             self::getOptionalAttribute($xml, 'errorURL', null),
             KeyDescriptor::getChildrenOfClass($xml),
             !empty($orgs) ? $orgs[0] : null,
-            ContactPerson::getChildrenOfClass($xml)
+            ContactPerson::getChildrenOfClass($xml),
+            self::getAttributesNSFromXML($xml),
         );
     }
 

diff --git a/tests/resources/xml/md_RoleDescriptor.xml b/tests/resources/xml/md_RoleDescriptor.xml
@@ -1,4 +1,4 @@
-<md:RoleDescriptor xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:ssp="urn:x-simplesamlphp:namespace" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" xmlns:test="urn:test:something" ID="TheID" validUntil="2009-02-13T23:31:30Z" cacheDuration="PT5000S" protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol urn:x-simplesamlphp:protocol" errorURL="https://error.reporting/" xsi:type="ssp:CustomRoleDescriptorType">
+<md:RoleDescriptor xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata" xmlns:ssp="urn:x-simplesamlphp:namespace" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" xmlns:test="urn:test:something" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" ID="TheID" validUntil="2009-02-13T23:31:30Z" cacheDuration="PT5000S" protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol urn:x-simplesamlphp:protocol" errorURL="https://error.reporting/" ssp:phpunit="test" xsi:type="ssp:CustomRoleDescriptorType">
   <md:Extensions xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata">
     <ssp:Chunk>Some</ssp:Chunk>
   </md:Extensions>