Add NameIDMappingRequest-element

Author: tvdijen

src/XML/IdentifierTrait.php

@@ -32,7 +32,7 @@ trait IdentifierTrait
     /**
      * Collect the value of the identifier-property
      *
-     * @return \SimpleSAML\SAML2\XML\saml\IdentifierInterface|null
+     * @return (\SimpleSAML\XML\SerializableElementInterface&\SimpleSAML\SAML2\XML\saml\IdentifierInterface)|null
      */
     public function getIdentifier(): ?IdentifierInterface
     {

src/XML/saml/Subject.php

@@ -96,9 +96,7 @@ public function toXML(?DOMElement $parent = null): DOMElement
     {
         $e = $this->instantiateParentElement($parent);
 
-        /** @var \SimpleSAML\XML\SerializableElementInterface&\SimpleSAML\SAML2\XML\saml\IdentifierInterface $identifier */
-        $identifier = $this->getIdentifier();
-        $identifier?->toXML($e);
+        $this->getIdentifier()?->toXML($e);
 
         foreach ($this->getSubjectConfirmation() as $sc) {
             $sc->toXML($e);

src/XML/saml/SubjectConfirmation.php

@@ -103,9 +103,7 @@ public function toXML(?DOMElement $parent = null): DOMElement
         $e = $this->instantiateParentElement($parent);
         $e->setAttribute('Method', $this->getMethod()->getValue());
 
-        /** @var \SimpleSAML\XML\SerializableElementInterface&\SimpleSAML\SAML2\XML\saml\IdentifierInterface $identifier */
-        $identifier = $this->getIdentifier();
-        $identifier?->toXML($e);
+        $this->getIdentifier()?->toXML($e);
 
         if ($this->getSubjectConfirmationData() !== null && !$this->getSubjectConfirmationData()->isEmptyElement()) {
             $this->getSubjectConfirmationData()->toXML($e);

src/XML/samlp/AbstractMessage.php

@@ -5,7 +5,6 @@
 namespace SimpleSAML\SAML2\XML\samlp;
 
 use DOMElement;
-use SimpleSAML\SAML2\Constants as C;
 use SimpleSAML\SAML2\Type\SAMLAnyURIValue;
 use SimpleSAML\SAML2\Type\SAMLDateTimeValue;
 use SimpleSAML\SAML2\Utils\XPath;
@@ -47,8 +46,8 @@ abstract class AbstractMessage extends AbstractSamlpElement implements SignableE
     /**
      * Initialize a message.
      *
-     * @param \SimpleSAML\SAML2\XML\saml\Issuer|null $issuer
      * @param \SimpleSAML\XMLSchema\Type\IDValue $id
+     * @param \SimpleSAML\SAML2\XML\saml\Issuer|null $issuer
      * @param \SimpleSAML\SAML2\Type\SAMLDateTimeValue|null $issueInstant
      * @param \SimpleSAML\SAML2\Type\SAMLAnyURIValue|null $destination
      * @param \SimpleSAML\SAML2\Type\SAMLAnyURIValue|null $consent
@@ -177,7 +176,7 @@ protected function toUnsignedXML(?DOMElement $parent = null): DOMElement
             $root->setAttribute('Destination', $this->getDestination()->getValue());
         }
 
-        if ($this->getConsent() !== null && $this->getConsent()->getValue() !== C::CONSENT_UNSPECIFIED) {
+        if ($this->getConsent() !== null) {
             $root->setAttribute('Consent', $this->getConsent()->getValue());
         }
 

src/XML/samlp/AbstractNameIDMappingRequest.php

@@ -0,0 +1,77 @@
+<?php
+
+declare(strict_types=1);
+
+namespace SimpleSAML\SAML2\XML\samlp;
+
+use DOMElement;
+use SimpleSAML\SAML2\Type\SAMLAnyURIValue;
+use SimpleSAML\SAML2\Type\SAMLDateTimeValue;
+use SimpleSAML\SAML2\XML\IdentifierTrait;
+use SimpleSAML\SAML2\XML\saml\IdentifierInterface;
+use SimpleSAML\SAML2\XML\saml\Issuer;
+use SimpleSAML\SAML2\XML\samlp\NameIDPolicy;
+use SimpleSAML\XMLSchema\Type\IDValue;
+
+/**
+ * Class representing the samlp:NameIDMappingRequestType.
+ *
+ * @package simplesamlphp/saml2
+ */
+abstract class AbstractNameIDMappingRequest extends AbstractRequest
+{
+    use IdentifierTrait;
+
+
+    /**
+     * Initialize a NameIDMappingRequest.
+     *
+     * @param \SimpleSAML\SAML2\XML\saml\IdentifierInterface $identifier
+     * @param \SimpleSAML\SAML2\XML\samlp\NameIDPolicy $nameIdPolicy
+     * @param \SimpleSAML\XMLSchema\Type\IDValue $id
+     * @param \SimpleSAML\SAML2\XML\saml\Issuer|null $issuer
+     * @param \SimpleSAML\SAML2\Type\SAMLDateTimeValue|null $issueInstant
+     * @param \SimpleSAML\SAML2\Type\SAMLAnyURIValue|null $destination
+     * @param \SimpleSAML\SAML2\Type\SAMLAnyURIValue|null $consent
+     * @param \SimpleSAML\SAML2\XML\samlp\Extensions $extensions
+     */
+    final public function __construct(
+        IdentifierInterface $identifier,
+        protected NameIDPolicy $nameIdPolicy,
+        IDValue $id,
+        ?Issuer $issuer = null,
+        ?SAMLDateTimeValue $issueInstant = null,
+        ?SAMLAnyURIValue $destination = null,
+        ?SAMLAnyURIValue $consent = null,
+        ?Extensions $extensions = null,
+    ) {
+        $this->setIdentifier($identifier);
+
+        parent::__construct($id, $issuer, $issueInstant, $destination, $consent, $extensions);
+    }
+
+
+    /**
+     * Retrieve the NameIDPolicy of this element.
+     *
+     * @return \SimpleSAML\SAML2\XML\samlp\NameIDPolicy
+     */
+    public function getNameIDPolicy(): NameIDPolicy
+    {
+        return $this->nameIdPolicy;
+    }
+
+
+    /**
+     * Convert this NameIDMappingRequest to XML
+     */
+    public function toUnsignedXML(?DOMElement $parent = null): DOMElement
+    {
+        $e = parent::toUnsignedXML($parent);
+
+        $this->getIdentifier()->toXML($e);
+        $this->getNameIDPolicy()->toXML($e);
+
+        return $e;
+    }
+}

src/XML/samlp/LogoutRequest.php

@@ -199,9 +199,7 @@ protected function toUnsignedXML(?DOMElement $parent = null): DOMElement
             $e->setAttribute('Reason', $this->getReason()->getValue());
         }
 
-        /** @var \SimpleSAML\XML\SerializableElementInterface&\SimpleSAML\SAML2\XML\saml\IdentifierInterface $identifier */
-        $identifier = $this->getIdentifier();
-        $identifier->toXML($e);
+        $this->getIdentifier()->toXML($e);
 
         foreach ($this->getSessionIndexes() as $sessionIndex) {
             $sessionIndex->toXML($e);

src/XML/samlp/NameIDMappingRequest.php

@@ -0,0 +1,94 @@
+<?php
+
+declare(strict_types=1);
+
+namespace SimpleSAML\SAML2\XML\samlp;
+
+use DOMElement;
+use SimpleSAML\SAML2\Assert\Assert;
+use SimpleSAML\SAML2\Exception\Protocol\RequestVersionTooHighException;
+use SimpleSAML\SAML2\Exception\Protocol\RequestVersionTooLowException;
+use SimpleSAML\SAML2\Type\SAMLAnyURIValue;
+use SimpleSAML\SAML2\Type\SAMLDateTimeValue;
+use SimpleSAML\SAML2\Type\SAMLStringValue;
+use SimpleSAML\SAML2\XML\saml\Issuer;
+use SimpleSAML\XML\SchemaValidatableElementInterface;
+use SimpleSAML\XML\SchemaValidatableElementTrait;
+use SimpleSAML\XMLSchema\Exception\InvalidDOMElementException;
+use SimpleSAML\XMLSchema\Exception\MissingElementException;
+use SimpleSAML\XMLSchema\Exception\TooManyElementsException;
+use SimpleSAML\XMLSchema\Type\IDValue;
+use SimpleSAML\XMLSecurity\XML\ds\Signature;
+
+use function array_pop;
+use function version_compare;
+
+/**
+ * Class for handling SAML2 NameIDMappingRequest.
+ *
+ * @package simplesamlphp/saml2
+ */
+final class NameIDMappingRequest extends AbstractNameIDMappingRequest implements
+    SchemaValidatableElementInterface
+{
+    use SchemaValidatableElementTrait;
+
+
+    /**
+     * Convert XML into a NameIDMappingRequest
+     *
+     * @throws \SimpleSAML\XMLSchema\Exception\InvalidDOMElementException
+     *   if the qualified name of the supplied element is wrong
+     */
+    public static function fromXML(DOMElement $xml): static
+    {
+        Assert::same($xml->localName, static::getLocalName(), InvalidDOMElementException::class);
+        Assert::same($xml->namespaceURI, static::NS, InvalidDOMElementException::class);
+
+        $version = self::getAttribute($xml, 'Version', SAMLStringValue::class);
+        Assert::true(version_compare('2.0', strval($version), '<='), RequestVersionTooLowException::class);
+        Assert::true(version_compare('2.0', strval($version), '>='), RequestVersionTooHighException::class);
+
+        $issuer = Issuer::getChildrenOfClass($xml);
+        Assert::maxCount($issuer, 1, 'Only one <saml:Issuer> element is allowed.', TooManyElementsException::class);
+
+        $extensions = Extensions::getChildrenOfClass($xml);
+        Assert::maxCount(
+            $extensions,
+            1,
+            'Only one <samlp:Extensions> element is allowed.',
+            TooManyElementsException::class,
+        );
+
+        $signature = Signature::getChildrenOfClass($xml);
+        Assert::maxCount(
+            $signature,
+            1,
+            'Only one <ds:Signature> element is allowed.',
+            TooManyElementsException::class,
+        );
+
+        $nameIdPolicy = NameIDPolicy::getChildrenOfClass($xml);
+        Assert::minCount($nameIdPolicy, 1, MissingElementException::class);
+        Assert::maxCount($nameIdPolicy, 1, TooManyElementsException::class);
+
+        $request = new static(
+            self::getIdentifierFromXML($xml),
+            array_pop($nameIdPolicy),
+            self::getAttribute($xml, 'ID', IDValue::class),
+            array_pop($issuer),
+            self::getAttribute($xml, 'IssueInstant', SAMLDateTimeValue::class),
+            self::getOptionalAttribute($xml, 'Destination', SAMLAnyURIValue::class, null),
+            self::getOptionalAttribute($xml, 'Consent', SAMLAnyURIValue::class, null),
+            array_pop($extensions),
+        );
+
+        if (!empty($signature)) {
+            $request->setSignature($signature[0]);
+            $request->messageContainedSignatureUponConstruction = true;
+            $request->setXML($xml);
+        }
+
+        return $request;
+    }
+}

tests/SAML2/XML/samlp/AuthnRequestTest.php

@@ -106,6 +106,7 @@ public function testMarshalling(): void
             issuer: new Issuer(
                 SAMLStringValue::fromString('https://gateway.stepup.org/saml20/sp/metadata'),
             ),
+            consent: SAMLAnyURIValue::fromString(C::CONSENT_UNSPECIFIED),
             id: IDValue::fromString('_2b0226190ca1c22de6f66e85f5c95158'),
             issueInstant: SAMLDateTimeValue::fromString('2014-09-22T13:42:00Z'),
             destination: SAMLAnyURIValue::fromString('https://tiqr.stepup.org/idp/profile/saml2/Redirect/SSO'),

tests/SAML2/XML/samlp/LogoutRequestTest.php

@@ -10,6 +10,7 @@
 use Psr\Clock\ClockInterface;
 use SimpleSAML\SAML2\Compat\ContainerSingleton;
 use SimpleSAML\SAML2\Constants as C;
+use SimpleSAML\SAML2\Type\SAMLAnyURIValue;
 use SimpleSAML\SAML2\Type\SAMLDateTimeValue;
 use SimpleSAML\SAML2\Type\SAMLStringValue;
 use SimpleSAML\SAML2\Utils;
@@ -80,6 +81,7 @@ public function testMarshalling(): void
 
         $logoutRequest = new LogoutRequest(
             id: IDValue::fromString('SomeIDValue'),
+            consent: SAMLAnyURIValue::fromString(C::CONSENT_UNSPECIFIED),
             identifier: $nameId,
             issueInstant: SAMLDateTimeValue::fromDateTime(self::$clock->now()),
             sessionIndexes: [
@@ -106,6 +108,7 @@ public function testMarshalling(): void
         );
         $logoutRequest = new LogoutRequest(
             id: IDValue::fromString('SomeIDValue'),
+            consent: SAMLAnyURIValue::fromString(C::CONSENT_UNSPECIFIED),
             identifier: $nameId,
             issueInstant: SAMLDateTimeValue::fromDateTime(self::$clock->now()),
             sessionIndexes: [
@@ -133,6 +136,7 @@ public function testMarshallingElementOrdering(): void
 
         $logoutRequest = new LogoutRequest(
             id: IDValue::fromString('SomeIDValue'),
+            consent: SAMLAnyURIValue::fromString(C::CONSENT_UNSPECIFIED),
             identifier: $nameId,
             issueInstant: SAMLDateTimeValue::fromDateTime(self::$clock->now()),
             sessionIndexes: [
@@ -201,6 +205,7 @@ public function testEncryptedNameId(): void
 
         $logoutRequest = new LogoutRequest(
             identifier: $eid,
+            consent: SAMLAnyURIValue::fromString(C::CONSENT_UNSPECIFIED),
             id: IDValue::fromString('SomeIDValue'),
             issueInstant: SAMLDateTimeValue::fromDateTime(self::$clock->now()),
         );

tests/SAML2/XML/samlp/NameIDMappingRequestTest.php

@@ -0,0 +1,94 @@
+<?php
+
+declare(strict_types=1);
+
+namespace SimpleSAML\Test\SAML2\XML\samlp;
+
+use PHPUnit\Framework\Attributes\CoversClass;
+use PHPUnit\Framework\Attributes\Group;
+use PHPUnit\Framework\TestCase;
+use SimpleSAML\SAML2\Type\SAMLAnyURIValue;
+use SimpleSAML\SAML2\Type\SAMLDateTimeValue;
+use SimpleSAML\SAML2\Type\SAMLStringValue;
+use SimpleSAML\SAML2\XML\saml\Issuer;
+use SimpleSAML\SAML2\XML\saml\NameID;
+use SimpleSAML\SAML2\XML\samlp\AbstractMessage;
+use SimpleSAML\SAML2\XML\samlp\AbstractRequest;
+use SimpleSAML\SAML2\XML\samlp\AbstractSamlpElement;
+use SimpleSAML\SAML2\XML\samlp\NameIDMappingRequest;
+use SimpleSAML\SAML2\XML\samlp\NameIDPolicy;
+use SimpleSAML\XML\DOMDocumentFactory;
+use SimpleSAML\XML\TestUtils\SchemaValidationTestTrait;
+use SimpleSAML\XML\TestUtils\SerializableElementTestTrait;
+use SimpleSAML\XMLSchema\Type\BooleanValue;
+use SimpleSAML\XMLSchema\Type\IDValue;
+
+use function dirname;
+use function strval;
+
+/**
+ * Class \SimpleSAML\SAML2\XML\samlp\NameIDMappingRequestTest
+ *
+ * @package simplesamlphp/saml2
+ */
+#[Group('saml')]
+#[CoversClass(NameIDMappingRequest::class)]
+#[CoversClass(AbstractRequest::class)]
+#[CoversClass(AbstractMessage::class)]
+#[CoversClass(AbstractSamlpElement::class)]
+final class NameIDMappingRequestTest extends TestCase
+{
+    use SchemaValidationTestTrait;
+    use SerializableElementTestTrait;
+
+
+    /**
+     */
+    public static function setUpBeforeClass(): void
+    {
+        self::$testedClass = NameIDMappingRequest::class;
+
+        self::$xmlRepresentation = DOMDocumentFactory::fromFile(
+            dirname(__FILE__, 4) . '/resources/xml/samlp_NameIDMappingRequest.xml',
+        );
+    }
+
+
+    // marshalling
+
+
+    /**
+     */
+    public function testMarshalling(): void
+    {
+        $nameId = new NameID(
+            SAMLStringValue::fromString('TheNameIDValue'),
+            SAMLStringValue::fromString('urn:x-simplesamlphp:namequalifier'),
+            SAMLStringValue::fromString('urn:x-simplesamlphp:spnamequalifier'),
+            SAMLAnyURIValue::fromString('urn:the:format'),
+            SAMLStringValue::fromString('TheSPProvidedID'),
+        );
+
+        $nameIdPolicy = new NameIDPolicy(
+            SAMLAnyURIValue::fromString('urn:the:format'),
+            SAMLStringValue::fromString('urn:x-simplesamlphp:spnamequalifier'),
+            BooleanValue::fromBoolean(true),
+        );
+
+        $nameIdMappingRequest = new NameIDMappingRequest(
+            identifier: $nameId,
+            nameIdPolicy: $nameIdPolicy,
+            issuer: new Issuer(
+                SAMLStringValue::fromString('https://gateway.stepup.org/saml20/sp/metadata'),
+            ),
+            id: IDValue::fromString('_2b0226190ca1c22de6f66e85f5c95158'),
+            issueInstant: SAMLDateTimeValue::fromString('2014-09-22T13:42:00Z'),
+            destination: SAMLAnyURIValue::fromString('https://tiqr.stepup.org/idp/profile/saml2/Redirect/SSO'),
+        );
+
+        $this->assertEquals(
+            self::$xmlRepresentation->saveXML(self::$xmlRepresentation->documentElement),
+            strval($nameIdMappingRequest),
+        );
+    }
+}