Use local versions of StringElementTrait and URIElementTrait to comply with stricter SAML 1.1 specs

tvdijen · tvdijen · commit 886e2a52e00e · 2025-01-04T21:58:13.000+01:00
diff --git a/src/SAML11/XML/StringElementTrait.php b/src/SAML11/XML/StringElementTrait.php
@@ -0,0 +1,39 @@
+<?php
+
+declare(strict_types=1);
+
+namespace SimpleSAML\SAML11\XML;
+
+use SimpleSAML\Assert\Assert;
+use SimpleSAML\SAML11\Exception\ProtocolViolationException;
+use SimpleSAML\XML\StringElementTrait as BaseStringElementTrait;
+
+/**
+ * Trait extending the default StringElementTrait to comply with the restrictions added by the SAML 1.1 specifications.
+ *
+ * @package simplesamlphp/saml11
+ */
+trait StringElementTrait
+{
+    use BaseStringElementTrait;
+
+    /**
+     * Validate the content of the element.
+     *
+     * @param string $content  The value to go in the XML textContent
+     * @throws \Exception on failure
+     * @return void
+     */
+    protected function validateContent(/** @scrutinizer ignore-unused */ string $content): void
+    {
+        /**
+         * 1.2.1 String and URI Values
+         *
+         * All SAML string and URI reference values have the types xsd:string and xsd:anyURI respectively, which
+         * are built in to the W3C XML Schema Datatypes specification [Schema2]. All strings in SAML messages
+         * MUST consist of at least one non-whitespace character (whitespace is defined in the XML
+         * Recommendation [XML] §2.3). Empty and whitespace-only values are disallowed.
+         */
+        Assert::notWhitespaceOnly($content, ProtocolViolationException::class);
+    }
+}
diff --git a/src/SAML11/XML/URIElementTrait.php b/src/SAML11/XML/URIElementTrait.php
@@ -0,0 +1,43 @@
+<?php
+
+declare(strict_types=1);
+
+namespace SimpleSAML\SAML11\XML;
+
+use SimpleSAML\Assert\Assert;
+use SimpleSAML\SAML11\Exception\ProtocolViolationException;
+use SimpleSAML\XML\Exception\SchemaViolationException;
+use SimpleSAML\XML\URIElementTrait as BaseURIElementTrait;
+
+/**
+ * Trait extending the default URIElementTrait to comply with the restrictions added by the SAML 1.1 specifications.
+ *
+ * @package simplesamlphp/saml11
+ */
+trait URIElementTrait
+{
+    use BaseURIElementTrait;
+
+    /**
+     * Validate the content of the element.
+     *
+     * @param string $content  The value to go in the XML textContent
+     * @throws \Exception on failure
+     * @return void
+     */
+    protected function validateContent(string $content): void
+    {
+        /**
+         * 1.2.1 String and URI Values
+         *
+         * All SAML string and URI reference values have the types xsd:string and xsd:anyURI respectively, which
+         * are built in to the W3C XML Schema Datatypes specification [Schema2]. All strings in SAML messages
+         * MUST consist of at least one non-whitespace character (whitespace is defined in the XML
+         * Recommendation [XML] §2.3). Empty and whitespace-only values are disallowed. Also, unless otherwise
+         * indicated in this specification, all URI reference values MUST consist of at least one non-whitespace
+         * character, and are strongly RECOMMENDED to be absolute [RFC 2396].
+         */
+        Assert::notWhitespaceOnly($content, ProtocolViolationException::class);
+        Assert::validURI($content, SchemaViolationException::class);
+    }
+}
diff --git a/src/SAML11/XML/saml/AbstractActionType.php b/src/SAML11/XML/saml/AbstractActionType.php
@@ -6,9 +6,9 @@
 
 use DOMElement;
 use SimpleSAML\Assert\Assert;
+use SimpleSAML\SAML11\XML\StringElementTrait;
 use SimpleSAML\XML\Exception\InvalidDOMElementException;
 use SimpleSAML\XML\Exception\SchemaViolationException;
-use SimpleSAML\XML\StringElementTrait;
 
 /**
  * SAML ActionType abstract data type.
diff --git a/src/SAML11/XML/saml/AbstractNameIdentifierType.php b/src/SAML11/XML/saml/AbstractNameIdentifierType.php
@@ -6,8 +6,8 @@
 
 use DOMElement;
 use SimpleSAML\Assert\Assert;
+use SimpleSAML\SAML11\XML\StringElementTrait;
 use SimpleSAML\XML\Exception\InvalidDOMElementException;
-use SimpleSAML\XML\StringElementTrait;
 
 /**
  * SAML NameIdentifierType abstract data type.
diff --git a/src/SAML11/XML/saml/AssertionIDReference.php b/src/SAML11/XML/saml/AssertionIDReference.php
@@ -6,11 +6,11 @@
 
 use DOMElement;
 use SimpleSAML\Assert\Assert;
+use SimpleSAML\SAML11\XML\StringElementTrait;
 use SimpleSAML\XML\Exception\InvalidDOMElementException;
 use SimpleSAML\XML\Exception\SchemaViolationException;
 use SimpleSAML\XML\SchemaValidatableElementInterface;
 use SimpleSAML\XML\SchemaValidatableElementTrait;
-use SimpleSAML\XML\StringElementTrait;
 
 /**
  * Class representing a saml:AssertionIDReference element.
diff --git a/src/SAML11/XML/saml/Audience.php b/src/SAML11/XML/saml/Audience.php
@@ -4,9 +4,9 @@
 
 namespace SimpleSAML\SAML11\XML\saml;
 
+use SimpleSAML\SAML11\XML\URIElementTrait;
 use SimpleSAML\XML\SchemaValidatableElementInterface;
 use SimpleSAML\XML\SchemaValidatableElementTrait;
-use SimpleSAML\XML\StringElementTrait;
 
 /**
  * SAML Audience element.
@@ -16,7 +16,7 @@
 final class Audience extends AbstractSamlElement implements SchemaValidatableElementInterface
 {
     use SchemaValidatableElementTrait;
-    use StringElementTrait;
+    use URIElementTrait;
 
 
     /**
diff --git a/src/SAML11/XML/saml/ConfirmationMethod.php b/src/SAML11/XML/saml/ConfirmationMethod.php
@@ -4,13 +4,9 @@
 
 namespace SimpleSAML\SAML11\XML\saml;
 
-use DOMElement;
-use SimpleSAML\Assert\Assert;
-use SimpleSAML\XML\Exception\InvalidDOMElementException;
-use SimpleSAML\XML\Exception\SchemaViolationException;
+use SimpleSAML\SAML11\XML\URIElementTrait;
 use SimpleSAML\XML\SchemaValidatableElementInterface;
 use SimpleSAML\XML\SchemaValidatableElementTrait;
-use SimpleSAML\XML\StringElementTrait;
 
 /**
  * Class representing a saml:ConfirmationMethod element.
@@ -20,7 +16,7 @@
 final class ConfirmationMethod extends AbstractSamlElement implements SchemaValidatableElementInterface
 {
     use SchemaValidatableElementTrait;
-    use StringElementTrait;
+    use URIElementTrait;
 
 
     /**
@@ -30,50 +26,4 @@ public function __construct(string $content)
     {
         $this->setContent($content);
     }
-
-
-    /**
-     * Validate the content of the element.
-     *
-     * @param string $content  The value to go in the XML textContent
-     * @throws \Exception on failure
-     * @return void
-     */
-    protected function validateContent(string $content): void
-    {
-        Assert::validNCName($content, SchemaViolationException::class); // Covers the empty string
-    }
-
-
-    /**
-     * Convert XML into an ConfirmationMethod
-     *
-     * @param \DOMElement $xml The XML element we should load
-     * @return static
-     *
-     * @throws \SimpleSAML\XML\Exception\InvalidDOMElementException
-     *   If the qualified name of the supplied element is wrong
-     */
-    public static function fromXML(DOMElement $xml): static
-    {
-        Assert::same($xml->localName, static::getLocalName(), InvalidDOMElementException::class);
-        Assert::same($xml->namespaceURI, static::NS, InvalidDOMElementException::class);
-
-        return new static($xml->textContent);
-    }
-
-
-    /**
-     * Convert this ConfirmationMethod to XML.
-     *
-     * @param \DOMElement $parent The element we are converting to XML.
-     * @return \DOMElement The XML element after adding the data corresponding to this ConfirmationMethod.
-     */
-    public function toXML(?DOMElement $parent = null): DOMElement
-    {
-        $element = $this->instantiateParentElement($parent);
-        $element->textContent = $this->getContent();
-
-        return $element;
-    }
 }
diff --git a/src/SAML11/XML/samlp/AssertionArtifact.php b/src/SAML11/XML/samlp/AssertionArtifact.php
@@ -4,9 +4,9 @@
 
 namespace SimpleSAML\SAML11\XML\samlp;
 
+use SimpleSAML\SAML11\XML\StringElementTrait;
 use SimpleSAML\XML\SchemaValidatableElementInterface;
 use SimpleSAML\XML\SchemaValidatableElementTrait;
-use SimpleSAML\XML\StringElementTrait;
 
 /**
  * SAML AssertionArtifact element.
@@ -21,7 +21,7 @@ final class AssertionArtifact extends AbstractSamlpElement implements SchemaVali
 
 
     /**
-     * Initialize a saml:AssertionArtifac from scratch
+     * Initialize a saml:AssertionArtifact from scratch
      *
      * @param string $value
      */
diff --git a/src/SAML11/XML/samlp/StatusMessage.php b/src/SAML11/XML/samlp/StatusMessage.php
@@ -6,10 +6,10 @@
 
 use DOMElement;
 use SimpleSAML\Assert\Assert;
+use SimpleSAML\SAML11\XML\StringElementTrait;
 use SimpleSAML\XML\Exception\InvalidDOMElementException;
 use SimpleSAML\XML\SchemaValidatableElementInterface;
 use SimpleSAML\XML\SchemaValidatableElementTrait;
-use SimpleSAML\XML\StringElementTrait;
 
 /**
  * Class representing a samlp:StatusMessage element.
