Add NameIDMappingResponse-element

Author: tvdijen

src/XML/samlp/NameIDMappingResponse.php

@@ -0,0 +1,154 @@
+<?php
+
+declare(strict_types=1);
+
+namespace SimpleSAML\SAML2\XML\samlp;
+
+use DOMElement;
+use SimpleSAML\SAML2\Assert\Assert;
+use SimpleSAML\SAML2\Constants as C;
+use SimpleSAML\SAML2\Exception\Protocol\RequestVersionTooHighException;
+use SimpleSAML\SAML2\Exception\Protocol\RequestVersionTooLowException;
+use SimpleSAML\SAML2\Type\SAMLAnyURIValue;
+use SimpleSAML\SAML2\Type\SAMLDateTimeValue;
+use SimpleSAML\SAML2\Type\SAMLStringValue;
+use SimpleSAML\SAML2\XML\IdentifierTrait;
+use SimpleSAML\SAML2\XML\saml\Assertion;
+use SimpleSAML\SAML2\XML\saml\EncryptedAssertion;
+use SimpleSAML\SAML2\XML\saml\EncryptedID;
+use SimpleSAML\SAML2\XML\saml\Issuer;
+use SimpleSAML\SAML2\XML\saml\NameID;
+use SimpleSAML\XML\SchemaValidatableElementInterface;
+use SimpleSAML\XML\SchemaValidatableElementTrait;
+use SimpleSAML\XMLSchema\Exception\InvalidDOMElementException;
+use SimpleSAML\XMLSchema\Exception\MissingElementException;
+use SimpleSAML\XMLSchema\Exception\TooManyElementsException;
+use SimpleSAML\XMLSchema\Type\IDValue;
+use SimpleSAML\XMLSchema\Type\NCNameValue;
+use SimpleSAML\XMLSecurity\XML\ds\Signature;
+
+use function array_merge;
+use function array_pop;
+use function strval;
+
+/**
+ * Class for SAML 2 NameIDMappingResponse messages.
+ *
+ * @package simplesamlphp/saml2
+ */
+class NameIDMappingResponse extends AbstractStatusResponse implements SchemaValidatableElementInterface
+{
+    use IdentifierTrait;
+    use SchemaValidatableElementTrait;
+
+
+    /**
+     * Constructor for SAML 2 response messages.
+     *
+     * @param \SimpleSAML\SAML2\XML\saml\NameID|\SimpleSAML\SAML2\XML\saml\EncryptedID $identifier
+     * @param \SimpleSAML\XMLSchema\Type\IDValue $id
+     * @param \SimpleSAML\SAML2\XML\samlp\Status $status
+     * @param \SimpleSAML\SAML2\Type\SAMLDateTimeValue $issueInstant
+     * @param \SimpleSAML\SAML2\XML\saml\Issuer|null $issuer
+     * @param \SimpleSAML\XMLSchema\Type\NCNameValue|null $inResponseTo
+     * @param \SimpleSAML\SAML2\Type\SAMLAnyURIValue|null $destination
+     * @param \SimpleSAML\SAML2\Type\SAMLAnyURIValue|null $consent
+     * @param \SimpleSAML\SAML2\XML\samlp\Extensions $extensions
+     */
+    final public function __construct(
+        NameID|EncryptedID $identifier,
+        IDValue $id,
+        Status $status,
+        SAMLDateTimeValue $issueInstant,
+        ?Issuer $issuer = null,
+        ?NCNameValue $inResponseTo = null,
+        ?SAMLAnyURIValue $destination = null,
+        ?SAMLAnyURIValue $consent = null,
+        ?Extensions $extensions = null,
+    ) {
+        $this->setIdentifier($identifier);
+
+        parent::__construct(
+            $id,
+            $status,
+            $issueInstant,
+            $issuer,
+            $inResponseTo,
+            $destination,
+            $consent,
+            $extensions,
+        );
+    }
+
+
+    /**
+     * Convert XML into a Response element.
+     *
+     * @throws \SimpleSAML\XMLSchema\Exception\InvalidDOMElementException
+     *   if the qualified name of the supplied element is wrong
+     * @throws \SimpleSAML\XMLSchema\Exception\MissingAttributeException
+     *   if the supplied element is missing one of the mandatory attributes
+     * @throws \SimpleSAML\XMLSchema\Exception\MissingElementException
+     *   if one of the mandatory child-elements is missing
+     */
+    public static function fromXML(DOMElement $xml): static
+    {
+        Assert::same($xml->localName, static::getLocalName(), InvalidDOMElementException::class);
+        Assert::same($xml->namespaceURI, static::NS, InvalidDOMElementException::class);
+
+        $version = self::getAttribute($xml, 'Version', SAMLStringValue::class);
+        Assert::true(version_compare('2.0', strval($version), '<='), RequestVersionTooLowException::class);
+        Assert::true(version_compare('2.0', strval($version), '>='), RequestVersionTooHighException::class);
+
+        $signature = Signature::getChildrenOfClass($xml);
+        Assert::maxCount($signature, 1, 'Only one ds:Signature element is allowed.', TooManyElementsException::class);
+
+        $issuer = Issuer::getChildrenOfClass($xml);
+        Assert::countBetween($issuer, 0, 1);
+
+        $status = Status::getChildrenOfClass($xml);
+        Assert::minCount($status, 1, MissingElementException::class);
+        Assert::maxCount($status, 1, TooManyElementsException::class);
+
+        $extensions = Extensions::getChildrenOfClass($xml);
+        Assert::maxCount(
+            $extensions,
+            1,
+            'Only one saml:Extensions element is allowed.',
+            TooManyElementsException::class,
+        );
+
+        $response = new static(
+            self::getIdentifierFromXML($xml),
+            self::getAttribute($xml, 'ID', IDValue::class),
+            array_pop($status),
+            self::getAttribute($xml, 'IssueInstant', SAMLDateTimeValue::class),
+            empty($issuer) ? null : array_pop($issuer),
+            self::getOptionalAttribute($xml, 'InResponseTo', NCNameValue::class, null),
+            self::getOptionalAttribute($xml, 'Destination', SAMLAnyURIValue::class, null),
+            self::getOptionalAttribute($xml, 'Consent', SAMLAnyURIValue::class, null),
+            empty($extensions) ? null : array_pop($extensions),
+        );
+
+        if (!empty($signature)) {
+            $response->setSignature($signature[0]);
+            $response->messageContainedSignatureUponConstruction = true;
+            $response->setXML($xml);
+        }
+
+        return $response;
+    }
+
+
+    /**
+     * Convert the response message to an XML element.
+     */
+    protected function toUnsignedXML(?DOMElement $parent = null): DOMElement
+    {
+        $e = parent::toUnsignedXML($parent);
+
+        $this->getIdentifier()->toXML($e);
+
+        return $e;
+    }
+}

tests/SAML2/XML/samlp/NameIDMappingResponseTest.php

@@ -0,0 +1,98 @@
+<?php
+
+declare(strict_types=1);
+
+namespace SimpleSAML\Test\SAML2\XML\samlp;
+
+use PHPUnit\Framework\Attributes\CoversClass;
+use PHPUnit\Framework\Attributes\Group;
+use PHPUnit\Framework\TestCase;
+use SimpleSAML\SAML2\Constants as C;
+use SimpleSAML\SAML2\Type\SAMLAnyURIValue;
+use SimpleSAML\SAML2\Type\SAMLDateTimeValue;
+use SimpleSAML\SAML2\Type\SAMLStringValue;
+use SimpleSAML\SAML2\XML\saml\Issuer;
+use SimpleSAML\SAML2\XML\saml\NameID;
+use SimpleSAML\SAML2\XML\samlp\AbstractMessage;
+use SimpleSAML\SAML2\XML\samlp\AbstractSamlpElement;
+use SimpleSAML\SAML2\XML\samlp\AbstractStatusResponse;
+use SimpleSAML\SAML2\XML\samlp\NameIDMappingResponse;
+use SimpleSAML\SAML2\XML\samlp\Status;
+use SimpleSAML\SAML2\XML\samlp\StatusCode;
+use SimpleSAML\XML\DOMDocumentFactory;
+use SimpleSAML\XML\TestUtils\SchemaValidationTestTrait;
+use SimpleSAML\XML\TestUtils\SerializableElementTestTrait;
+use SimpleSAML\XMLSchema\Type\IDValue;
+use SimpleSAML\XMLSchema\Type\NCNameValue;
+use SimpleSAML\XMLSecurity\TestUtils\SignedElementTestTrait;
+
+use function dirname;
+use function strval;
+
+/**
+ * Class \SimpleSAML\SAML2\XML\samlp\NameIDMappingResponseTest
+ *
+ * @package simplesamlphp/saml2
+ */
+#[Group('samlp')]
+#[CoversClass(NameIDMappingResponse::class)]
+#[CoversClass(AbstractStatusResponse::class)]
+#[CoversClass(AbstractMessage::class)]
+#[CoversClass(AbstractSamlpElement::class)]
+final class NameIDMappingResponseTest extends TestCase
+{
+    use SchemaValidationTestTrait;
+    use SerializableElementTestTrait;
+    use SignedElementTestTrait;
+
+
+    /**
+     */
+    public static function setUpBeforeClass(): void
+    {
+        self::$testedClass = NameIDMappingResponse::class;
+
+        self::$xmlRepresentation = DOMDocumentFactory::fromFile(
+            dirname(__FILE__, 4) . '/resources/xml/samlp_NameIDMappingResponse.xml',
+        );
+    }
+
+
+    /**
+     */
+    public function testMarshalling(): void
+    {
+        $status = new Status(
+            new StatusCode(
+                SAMLAnyURIValue::fromString(C::STATUS_SUCCESS),
+            ),
+        );
+        $issuer = new Issuer(
+            SAMLStringValue::fromString('https://IdentityProvider.com'),
+        );
+
+        $nameId = new NameID(
+            SAMLStringValue::fromString('TheNameIDValue'),
+            SAMLStringValue::fromString('urn:x-simplesamlphp:namequalifier'),
+            SAMLStringValue::fromString('urn:x-simplesamlphp:spnamequalifier'),
+            SAMLAnyURIValue::fromString('urn:the:format'),
+            SAMLStringValue::fromString('TheSPProvidedID'),
+        );
+
+        $nameIdMappingResponse = new NameIDMappingResponse(
+            id: IDValue::fromString('abc123'),
+            status: $status,
+            issuer: $issuer,
+            destination: SAMLAnyURIValue::fromString('https://example.org/metadata'),
+            consent: SAMLAnyURIValue::fromString(C::CONSENT_EXPLICIT),
+            inResponseTo: NCNameValue::fromString('PHPUnit'),
+            issueInstant: SAMLDateTimeValue::fromString('2021-03-25T16:53:26Z'),
+            identifier: $nameId,
+        );
+
+        $this->assertEquals(
+            self::$xmlRepresentation->saveXML(self::$xmlRepresentation->documentElement),
+            strval($nameIdMappingResponse),
+        );
+    }
+}

tests/resources/xml/samlp_NameIDMappingResponse.xml

@@ -0,0 +1,7 @@
+<samlp:NameIDMappingResponse xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" Version="2.0" ID="abc123" IssueInstant="2021-03-25T16:53:26Z" Destination="https://example.org/metadata" Consent="urn:oasis:names:tc:SAML:2.0:consent:current-explicit" InResponseTo="PHPUnit">
+  <saml:Issuer>https://IdentityProvider.com</saml:Issuer>
+  <samlp:Status>
+    <samlp:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
+  </samlp:Status>
+  <saml:NameID NameQualifier="urn:x-simplesamlphp:namequalifier" SPNameQualifier="urn:x-simplesamlphp:spnamequalifier" Format="urn:the:format" SPProvidedID="TheSPProvidedID">TheNameIDValue</saml:NameID>
+</samlp:NameIDMappingResponse>