Add AuthnContextDecision-type

Author: tvdijen

src/Type/AuthnContextComparisonTypeValue.php

@@ -0,0 +1,57 @@
+<?php
+
+declare(strict_types=1);
+
+namespace SimpleSAML\SAML2\Type;
+
+use SimpleSAML\Assert\Assert;
+use SimpleSAML\SAML2\XML\samlp\AuthnContextComparisonTypeEnum;
+use SimpleSAML\XML\Exception\SchemaViolationException;
+use SimpleSAML\XML\Type\StringValue;
+
+use function array_column;
+
+/**
+ * @package simplesamlphp/saml2
+ */
+class AuthnContextComparisonTypeValue extends StringValue
+{
+    /** @var string */
+    public const SCHEMA_TYPE = 'authnContextComparisonType';
+
+
+    /**
+     * Validate the value.
+     *
+     * @param string $value  The value
+     * @throws \Exception on failure
+     * @return void
+     */
+    protected function validateValue(string $value): void
+    {
+        Assert::oneOf(
+            $this->sanitizeValue($value),
+            array_column(AuthnContextComparisonTypeEnum::cases(), 'value'),
+            SchemaViolationException::class,
+        );
+    }
+
+
+    /**
+     * @param \SimpleSAML\SAML2\XML\samlp\AuthnContextComparisonTypeEnum $value
+     * @return static
+     */
+    public static function fromEnum(AuthnContextComparisonTypeEnum $value): static
+    {
+        return new static($value->value);
+    }
+
+
+    /**
+     * @return \SimpleSAML\SAML2\XML\samlp\AuthnContextComparisonTypeEnum $value
+     */
+    public function toEnum(): AuthnContextComparisonTypeEnum
+    {
+        return AuthnContextComparisonTypeEnum::from($this->getValue());
+    }
+}

src/XML/Comparison.php …samlp/AuthnContextComparisonTypeEnum.phpsrc/XML/Comparison.php renamed to src/XML/samlp/AuthnContextComparisonTypeEnum.php src/XML/Comparison.php renamed to src/XML/samlp/AuthnContextComparisonTypeEnum.php

@@ -2,34 +2,34 @@
 
 declare(strict_types=1);
 
-namespace SimpleSAML\SAML2\XML;
+namespace SimpleSAML\SAML2\XML\samlp;
 
-enum Comparison: string
+enum AuthnContextComparisonTypeEnum: string
 {
     /**
      * Request Authentication Context Comparison indicating that  the resulting authentication context in the
      * authentication statement MUST be stronger (as deemed by the responder) than any one of the authentication
      * contexts specified
      */
-    case BETTER = 'better';
+    case Better = 'better';
 
     /**
      * Request Authentication Context Comparison indicating that the resulting authentication context in the
      * authentication statement MUST be the exact match of at least one of the authentication contexts specified
      */
-    case EXACT = 'exact';
+    case Exact = 'exact';
 
     /**
      * Request Authentication Context Comparison indicating that the resulting authentication context in the
      * authentication statement MUST be as strong as possible (as deemed by the responder) without exceeding the
      * strength of at least one of the authentication contexts specified.
      */
-    case MAXIMUM = 'maximum';
+    case Maxmimum = 'maximum';
 
     /**
      * Request Authentication Context Comparison indicating that he resulting authentication context in the
      * authentication statement MUST be at least as strong (as deemed by the responder) as one of the authentication
      * contexts specified.
      */
-    case MINIMUM = 'minimum';
+    case Minimum = 'minimum';
 }

src/XML/samlp/RequestedAuthnContext.php

@@ -7,14 +7,14 @@
 use DOMElement;
 use SimpleSAML\SAML2\Assert\Assert;
 use SimpleSAML\SAML2\Exception\ProtocolViolationException;
-use SimpleSAML\SAML2\Type\SAMLStringValue;
-use SimpleSAML\SAML2\XML\Comparison;
+use SimpleSAML\SAML2\Type\{AuthnContextComparisonTypeValue, SAMLStringValue};
 use SimpleSAML\SAML2\XML\saml\{AuthnContextClassRef, AuthnContextDeclRef};
 use SimpleSAML\XML\Constants as C;
 use SimpleSAML\XML\Exception\{InvalidDOMElementException, SchemaViolationException};
 use SimpleSAML\XML\{SchemaValidatableElementInterface, SchemaValidatableElementTrait};
 
 use function array_merge;
+use function strval;
 
 /**
  * Class representing SAML2 RequestedAuthnContext
@@ -32,11 +32,11 @@ final class RequestedAuthnContext extends AbstractSamlpElement implements Schema
      *    \SimpleSAML\SAML2\XML\saml\AuthnContextClassRef|
      *    \SimpleSAML\SAML2\XML\saml\AuthnContextDeclRef
      * )[] $requestedAuthnContexts
-     * @param \SimpleSAML\SAML2\XML\Comparison $Comparison
+     * @param \SimpleSAML\SAML2\Type\AuthnContextComparisonTypeValue $Comparison
      */
     public function __construct(
         protected array $requestedAuthnContexts = [],
-        protected ?Comparison $Comparison = null,
+        protected ?AuthnContextComparisonTypeValue $Comparison = null,
     ) {
         Assert::maxCount($requestedAuthnContexts, C::UNBOUNDED_LIMIT);
         Assert::minCount($requestedAuthnContexts, 1, SchemaViolationException::class);
@@ -78,9 +78,9 @@ public function getRequestedAuthnContexts(): array
     /**
      * Collect the value of the Comparison-property
      *
-     * @return \SimpleSAML\SAML2\XML\Comparison|null
+     * @return \SimpleSAML\SAML2\Type\AuthnContextComparisonTypeValue|null
      */
-    public function getComparison(): ?Comparison
+    public function getComparison(): ?AuthnContextComparisonTypeValue
     {
         return $this->Comparison;
     }
@@ -100,19 +100,12 @@ public static function fromXML(DOMElement $xml): static
         Assert::same($xml->localName, 'RequestedAuthnContext', InvalidDOMElementException::class);
         Assert::same($xml->namespaceURI, RequestedAuthnContext::NS, InvalidDOMElementException::class);
 
-        $Comparison = self::getOptionalAttribute(
-            $xml,
-            'Comparison',
-            SAMLStringValue::class,
-            SAMLStringValue::fromString('unknown'),
-        );
-
         return new static(
             array_merge(
                 AuthnContextClassRef::getChildrenOfClass($xml),
                 AuthnContextDeclRef::getChildrenOfClass($xml),
             ),
-            Comparison::tryFrom($Comparison->getValue()),
+            self::getOptionalAttribute($xml, 'Comparison', AuthnContextComparisonTypeValue::class, null),
         );
     }
 
@@ -132,7 +125,7 @@ public function toXML(?DOMElement $parent = null): DOMElement
         }
 
         if ($this->getComparison() !== null) {
-            $e->setAttribute('Comparison', $this->getComparison()->value);
+            $e->setAttribute('Comparison', strval($this->getComparison()));
         }
 
         return $e;

tests/SAML2/Type/AuthnContextComparisonTypeValueTest.php

@@ -0,0 +1,64 @@
+<?php
+
+declare(strict_types=1);
+
+namespace SimpleSAML\Test\SAML2\Type;
+
+use PHPUnit\Framework\Attributes\{CoversClass, DataProvider, DependsOnClass};
+use PHPUnit\Framework\TestCase;
+use SimpleSAML\SAML2\Type\AuthnContextComparisonValue;
+use SimpleSAML\SAML2\XML\saml\AuthnContextComparisonEnum;
+use SimpleSAML\XML\Exception\SchemaViolationException;
+
+/**
+ * Class \SimpleSAML\Test\SAML2\Type\AuthnContextComparisonValueTest
+ *
+ * @package simplesamlphp/saml2
+ */
+#[CoversClass(AuthnContextComparisonValue::class)]
+final class AuthnContextComparisonValueTest extends TestCase
+{
+    /**
+     * @param string $AuthnContextComparison
+     * @param bool $shouldPass
+     */
+    #[DataProvider('provideAuthnContextComparison')]
+    public function testAuthnContextComparisonValue(string $authnContextComparison, bool $shouldPass): void
+    {
+        try {
+            AuthnContextComparisonValue::fromString($authnContextComparison);
+            $this->assertTrue($shouldPass);
+        } catch (SchemaViolationException $e) {
+            $this->assertFalse($shouldPass);
+        }
+    }
+
+
+    /**
+     * Test helpers
+     */
+    public function testHelpers(): void
+    {
+        $x = AuthnContextComparisonValue::fromEnum(AuthnContextComparisonEnum::Exact);
+        $this->assertEquals(AuthnContextComparisonEnum::Exact, $x->toEnum());
+
+        $y = AuthnContextComparisonValue::fromString('exact');
+        $this->assertEquals(AuthnContextComparisonEnum::Exact, $y->toEnum());
+    }
+
+
+    /**
+     * @return array<string, array{0: string, 1: bool}>
+     */
+    public static function provideAuthnContextComparison(): array
+    {
+        return [
+            'better' => ['better', true],
+            'exact' => ['exact', true],
+            'maximum' => ['maximum', true],
+            'minimum' => ['minimum', true],
+            'undefined' => ['undefined', false],
+            'empty' => ['', false],
+        ];
+    }
+}

tests/SAML2/XML/samlp/AuthnQueryTest.php

@@ -7,14 +7,14 @@
 use PHPUnit\Framework\Attributes\{CoversClass, Group};
 use PHPUnit\Framework\TestCase;
 use SimpleSAML\SAML2\Constants as C;
-use SimpleSAML\SAML2\Type\{SAMLAnyURIValue, SAMLDateTimeValue, SAMLStringValue};
-use SimpleSAML\SAML2\XML\Comparison;
+use SimpleSAML\SAML2\Type\{AuthnContextComparisonTypeValue, SAMLAnyURIValue, SAMLDateTimeValue, SAMLStringValue};
 use SimpleSAML\SAML2\XML\saml\{AuthnContextDeclRef, Issuer, NameID, Subject};
 use SimpleSAML\SAML2\XML\samlp\{
     AbstractMessage,
     AbstractRequest,
     AbstractSamlpElement,
     AbstractSubjectQuery,
+    AuthnContextComparisonTypeEnum,
     AuthnQuery,
     RequestedAuthnContext,
 };
@@ -67,7 +67,10 @@ public function testMarshalling(): void
         $authnContextDeclRef = new AuthnContextDeclRef(
             SAMLAnyURIValue::fromString('https://example.org/relative/path/to/document.xml'),
         );
-        $requestedAuthnContext = new RequestedAuthnContext([$authnContextDeclRef], Comparison::EXACT);
+        $requestedAuthnContext = new RequestedAuthnContext(
+            [$authnContextDeclRef],
+            AuthnContextComparisonTypeValue::fromEnum(AuthnContextComparisonTypeEnum::Exact),
+        );
 
         $authnQuery = new AuthnQuery(
             id: IDValue::fromString('aaf23196-1773-2113-474a-fe114412ab72'),

tests/SAML2/XML/samlp/AuthnRequestTest.php

@@ -9,10 +9,15 @@
 use Psr\Clock\ClockInterface;
 use SimpleSAML\SAML2\Compat\ContainerSingleton;
 use SimpleSAML\SAML2\Exception\ProtocolViolationException;
-use SimpleSAML\SAML2\Type\{SAMLAnyURIValue, SAMLDateTimeValue, EntityIDValue, SAMLStringValue};
+use SimpleSAML\SAML2\Type\{
+    AuthnContextComparisonTypeValue,
+    SAMLAnyURIValue,
+    SAMLDateTimeValue,
+    EntityIDValue,
+    SAMLStringValue,
+};
 use SimpleSAML\SAML2\Utils;
 use SimpleSAML\SAML2\Utils\XPath;
-use SimpleSAML\SAML2\XML\Comparison;
 use SimpleSAML\SAML2\XML\saml\{
     Audience,
     AudienceRestriction,
@@ -28,6 +33,7 @@
 use SimpleSAML\SAML2\XML\samlp\{
     AbstractMessage,
     AbstractSamlpElement,
+    AuthnContextComparisonTypeEnum,
     AuthnRequest,
     GetComplete,
     IDPEntry,
@@ -122,7 +128,7 @@ public function testMarshallingElementOrdering(): void
                     SAMLAnyURIValue::fromString('urn:test:accr2'),
                 ),
             ],
-            Comparison::BETTER,
+            AuthnContextComparisonTypeValue::fromEnum(AuthnContextComparisonTypeEnum::Better),
         );
 
         // Create Subject

tests/SAML2/XML/samlp/RequestedAuthnContextTest.php

@@ -8,10 +8,9 @@
 use PHPUnit\Framework\TestCase;
 use SimpleSAML\SAML2\Constants as C;
 use SimpleSAML\SAML2\Exception\ProtocolViolationException;
-use SimpleSAML\SAML2\Type\SAMLAnyURIValue;
-use SimpleSAML\SAML2\XML\Comparison;
+use SimpleSAML\SAML2\Type\{AuthnContextComparisonTypeValue, SAMLAnyURIValue};
 use SimpleSAML\SAML2\XML\saml\{AuthnContextClassRef, AuthnContextDeclRef};
-use SimpleSAML\SAML2\XML\samlp\{AbstractSamlpElement, RequestedAuthnContext};
+use SimpleSAML\SAML2\XML\samlp\{AbstractSamlpElement, AuthnContextComparisonTypeEnum, RequestedAuthnContext};
 use SimpleSAML\XML\DOMDocumentFactory;
 use SimpleSAML\XML\Exception\SchemaViolationException;
 use SimpleSAML\XML\TestUtils\{SchemaValidationTestTrait, SerializableElementTestTrait};
@@ -55,7 +54,7 @@ public function testMarshalling(): void
 
         $requestedAuthnContext = new RequestedAuthnContext(
             [$authnContextDeclRef],
-            Comparison::EXACT,
+            AuthnContextComparisonTypeValue::fromEnum(AuthnContextComparisonTypeEnum::Exact),
         );
 
         $this->assertEquals(
@@ -81,7 +80,7 @@ public function testMarshallingWithMixedContextsFails(): void
 
         new RequestedAuthnContext(
             [$authnContextClassRef, $authnContextDeclRef],
-            Comparison::EXACT,
+            AuthnContextComparisonTypeValue::fromEnum(AuthnContextComparisonTypeEnum::Exact),
         );
     }
 
@@ -101,13 +100,13 @@ public function testMarshallingWithInvalidContentFails(): void
         );
 
         /** @psalm-suppress InvalidArgument */
-         new RequestedAuthnContext(
-             [
-                 DOMDocumentFactory::fromString('<root />'),
-                 $authnContextDeclRef,
-             ],
-             Comparison::EXACT,
-         );
+        new RequestedAuthnContext(
+            [
+                DOMDocumentFactory::fromString('<root />'),
+                $authnContextDeclRef,
+            ],
+            AuthnContextComparisonTypeValue::fromEnum(AuthnContextComparisonTypeEnum::Exact),
+        );
     }