Migrate to xsd-types

Author: tvdijen

.github/workflows/interoperability.yml

@@ -23,7 +23,7 @@ jobs:
       fail-fast: false
       matrix:
         operating-system: [ubuntu-latest]
-        php-versions: ['8.2']
+        php-versions: ['8.4']
 
     steps:
       - name: Setup PHP, with composer and extensions
@@ -80,8 +80,14 @@ jobs:
         run: |
             mkdir -p /tmp/metadata
             wget https://mds.edugain.org/edugain-v2.xml -O /tmp/metadata/edugain.xml
-            wget https://technical.edugain.org/mds-v2.cer -O /tmp/metadataedugain-pub.crt
+            wget https://technical.edugain.org/mds-v2.cer -O /tmp/metadata/edugain-pub.crt
 
+      - name: Download eduID metadata & public key
+        if: steps.cache-metadata.outputs.cache-hit != 'true'
+        run: |
+            mkdir -p /tmp/metadata
+            wget https://metadata.eduid.cz/entities/eduid -O /tmp/metadata/eduid.xml
+            wget https://www.eduid.cz/docs/eduid/metadata/metadata.eduid.cz.crt.pem -O /tmp/metadata/eduid.crt
 
       - name: Download GRNET metadata
         if: steps.cache-metadata.outputs.cache-hit != 'true'

composer.json

@@ -32,9 +32,9 @@
         "psr/http-message": "^2.0",
         "psr/log": "^2.0 || ^3.0",
         "simplesamlphp/assert": "~1.8.0",
-        "simplesamlphp/xml-common": "~1.24.0",
-        "simplesamlphp/xml-security": "~1.13.0",
-        "simplesamlphp/xml-soap": "~1.7.0"
+        "simplesamlphp/xml-common": "dev-feature/xsd-types",
+        "simplesamlphp/xml-security": "dev-feature/xsd-types",
+        "simplesamlphp/xml-soap": "dev-feature/xsd-types"
     },
     "require-dev": {
         "ext-intl": "*",

phpstan-baseline.neon

@@ -2,5 +2,3 @@ parameters:
   level: 1
   paths:
     - src
-includes:
-  - phpstan-baseline.neon

phpstan.neon

@@ -11,21 +11,39 @@
  *
  * @package simplesamlphp/saml2
  *
- * @method static void validDateTime(mixed $value, string $message = '', string $exception = '')
+ * @method static void validCIDR(mixed $value, string $message = '', string $exception = '')
+ * @method static void validDomain(mixed $value, string $message = '', string $exception = '')
  * @method static void validEntityID(mixed $value, string $message = '', string $exception = '')
- * @method static void validURI(mixed $value, string $message = '', string $exception = '')
+ * @method static void validGeolocation(mixed $value, string $message = '', string $exception = '')
  * @method static void validRelayState(mixed $value, string $message = '', string $exception = '')
- * @method static void nullOrValidDateTime(mixed $value, string $message = '', string $exception = '')
+ * @method static void validSAMLAnyURI(mixed $value, string $message = '', string $exception = '')
+ * @method static void validSAMLDateTime(mixed $value, string $message = '', string $exception = '')
+ * @method static void validSAMLString(mixed $value, string $message = '', string $exception = '')
+ * @method static void nullOrValidCIDR(mixed $value, string $message = '', string $exception = '')
+ * @method static void nullOrValidDomain(mixed $value, string $message = '', string $exception = '')
  * @method static void nullOrValidEntityID(mixed $value, string $message = '', string $exception = '')
+ * @method static void nullOrValidGeolocation(mixed $value, string $message = '', string $exception = '')
  * @method static void nullOrValidRelayState(mixed $value, string $message = '', string $exception = '')
- * @method static void nullOrValidURI(mixed $value, string $message = '', string $exception = '')
- * @method static void allValidDateTime(mixed $value, string $message = '', string $exception = '')
+ * @method static void nullOrValidSAMLAnyURI(mixed $value, string $message = '', string $exception = '')
+ * @method static void nullOrValidSAMLDateTime(mixed $value, string $message = '', string $exception = '')
+ * @method static void nullOrValidSAMLString(mixed $value, string $message = '', string $exception = '')
+ * @method static void allValidCIDR(mixed $value, string $message = '', string $exception = '')
+ * @method static void allValidDomain(mixed $value, string $message = '', string $exception = '')
  * @method static void allValidEntityID(mixed $value, string $message = '', string $exception = '')
+ * @method static void allValidGeolocation(mixed $value, string $message = '', string $exception = '')
  * @method static void allValidRelayState(mixed $value, string $message = '', string $exception = '')
- * @method static void allValidURI(mixed $value, string $message = '', string $exception = '')
+ * @method static void allValidSAMLAnyURI(mixed $value, string $message = '', string $exception = '')
+ * @method static void allValidSAMLDateTime(mixed $value, string $message = '', string $exception = '')
+ * @method static void allValidSAMLString(mixed $value, string $message = '', string $exception = '')
  */
 class Assert extends BaseAssert
 {
-    use CustomAssertionTrait;
+    use CIDRTrait;
+    use DomainTrait;
+    use EntityIDTrait;
+    use GeolocationTrait;
     use RelayStateTrait;
+    use SAMLAnyURITrait;
+    use SAMLDateTimeTrait;
+    use SAMLStringTrait;
 }

src/Assert/Assert.php

@@ -0,0 +1,60 @@
+<?php
+
+declare(strict_types=1);
+
+namespace SimpleSAML\SAML2\Assert;
+
+use SimpleSAML\Assert\AssertionFailedException;
+use SimpleSAML\SAML2\Exception\ProtocolViolationException;
+
+/**
+ * @package simplesamlphp/saml2
+ */
+trait CIDRTrait
+{
+    private static string $cidr_regex = '/^
+      (?:
+        (?:
+          (
+            (?:25[0-5]|2[0-4][0-9]|1[0-9][0-9]|[1-9]?[0-9])\.
+            (?:25[0-5]|2[0-4][0-9]|1[0-9][0-9]|[1-9]?[0-9])\.
+            (?:25[0-5]|2[0-4][0-9]|1[0-9][0-9]|[1-9]?[0-9])\.
+            (?:25[0-5]|2[0-4][0-9]|1[0-9][0-9]|[1-9]?[0-9])
+          )
+          [\/](3[0-2]|[1-2]?[0-9])$
+        )
+        |
+        (
+          (?:[0-9a-fA-F]{1,4}:){7,7}[0-9a-fA-F]{1,4}|
+          (?:[0-9a-fA-F]{1,4}:){1,7}:|
+          (?:[0-9a-fA-F]{1,4}:){1,6}:[0-9a-fA-F]{1,4}|
+          (?:[0-9a-fA-F]{1,4}:){1,5}(:[0-9a-fA-F]{1,4}){1,2}|
+          (?:[0-9a-fA-F]{1,4}:){1,4}(:[0-9a-fA-F]{1,4}){1,3}|
+          (?:[0-9a-fA-F]{1,4}:){1,3}(:[0-9a-fA-F]{1,4}){1,4}|
+          (?:[0-9a-fA-F]{1,4}:){1,2}(:[0-9a-fA-F]{1,4}){1,5}|
+          [0-9a-fA-F]{1,4}:((:[0-9a-fA-F]{1,4}){1,6})|
+          :(?:(:[0-9a-fA-F]{1,4}){1,7}|:)|
+          ::
+        )
+        [\/](12[0-8]|1[0-1][0-9]|[1-9]?[0-9])$
+      )
+      $/Dxi';
+
+
+    /**
+     * @param string $value
+     * @param string $message
+     */
+    protected static function validCIDR(string $value, string $message = ''): void
+    {
+        try {
+            parent::regex(
+                $value,
+                self::$cidr_regex,
+                $message ?: '%s is not a valid RFC4632 CIDR-block',
+            );
+        } catch (AssertionFailedException $e) {
+            throw new ProtocolViolationException($e->getMessage());
+        }
+    }
+}