Skip to content

Commit

Permalink
Merge pull request #143 from simplesamlphp/gettersetter
Browse files Browse the repository at this point in the history 
Add getter/setter methods to replace public properties in the next major
  • Loading branch information
@tvdijen
tvdijen authored Dec 1, 2018
2 parents 63f1480 + 472f27c commit 23823fa
Show file tree
Hide file tree
Showing 102 changed files with 4,261 additions and 1,127 deletions.
155 changes: 114 additions & 41 deletions src/SAML2/Assertion.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -256,16 +256,16 @@ class Assertion implements SignedElement
*/
public function __construct(\DOMElement $xml = null)
{
$this->id = Utils::getContainer()->generateId();
$this->issueInstant = Temporal::getTime();
$this->issuer = '';
$this->authnInstant = Temporal::getTime();
$this->attributes = [];
$this->nameFormat = Constants::NAMEFORMAT_UNSPECIFIED;
$this->certificates = [];
$this->AuthenticatingAuthority = [];
$this->SubjectConfirmation = [];
$this->requiredEncAttributes = false;
$this->setId(Utils::getContainer()->generateId());
$this->setIssueInstant(Temporal::getTime());
$this->setIssuer('');
$this->setAuthnInstant(Temporal::getTime());
$this->setAttributes([]);
$this->setAttributeNameFormat(Constants::NAMEFORMAT_UNSPECIFIED);
$this->setCertificates([]);
$this->setAuthenticatingAuthority([]);
$this->setSubjectConfirmation([]);
$this->setRequiredEncAttributes(false);

if ($xml === null) {
return;
Expand All @@ -278,7 +278,7 @@ public function __construct(\DOMElement $xml = null)

if ($xml->getAttribute('Version') !== '2.0') {
/* Currently a very strict check. */
throw new \Exception('Unsupported version: ' . $xml->getAttribute('Version'));
throw new \Exception('Unsupported version: '.$xml->getAttribute('Version'));
}

$this->issueInstant = Utils::xsDateTimeToTimestamp($xml->getAttribute('IssueInstant'));
Expand Down Expand Up @@ -364,14 +364,14 @@ private function parseConditions(\DOMElement $xml)

if ($conditions->hasAttribute('NotBefore')) {
$notBefore = Utils::xsDateTimeToTimestamp($conditions->getAttribute('NotBefore'));
if ($this->notBefore === null || $this->notBefore < $notBefore) {
$this->notBefore = $notBefore;
if ($this->getNotBefore() === null || $this->getNotBefore() < $notBefore) {
$this->setNotBefore($notBefore);
}
}
if ($conditions->hasAttribute('NotOnOrAfter')) {
$notOnOrAfter = Utils::xsDateTimeToTimestamp($conditions->getAttribute('NotOnOrAfter'));
if ($this->notOnOrAfter === null || $this->notOnOrAfter > $notOnOrAfter) {
$this->notOnOrAfter = $notOnOrAfter;
if ($this->getNotOnOrAfter() === null || $this->getNotOnOrAfter() > $notOnOrAfter) {
$this->setNotOnOrAfter($notOnOrAfter);
}
}

Expand All @@ -380,7 +380,7 @@ private function parseConditions(\DOMElement $xml)
continue;
}
if ($node->namespaceURI !== Constants::NS_SAML) {
throw new \Exception('Unknown namespace of condition: ' . var_export($node->namespaceURI, true));
throw new \Exception('Unknown namespace of condition: '.var_export($node->namespaceURI, true));
}
switch ($node->localName) {
case 'AudienceRestriction':
Expand All @@ -403,7 +403,7 @@ private function parseConditions(\DOMElement $xml)
/* Currently ignored. */
break;
default:
throw new \Exception('Unknown condition: ' . var_export($node->localName, true));
throw new \Exception('Unknown condition: '.var_export($node->localName, true));
}
}
}
Expand Down Expand Up @@ -559,7 +559,9 @@ private function parseAttributeValue($attribute, $attributeName)
} else {
/* Fall back for legacy IdPs sending string value (e.g. SSP < 1.15) */
Utils::getContainer()->getLogger()->warning(sprintf("Attribute %s (EPTI) value %d is not an XML NameId", $attributeName, $index));
$this->attributes[$attributeName][] = XML\saml\NameID::fromArray(['Value' => $eptiAttributeValue->textContent]);
$nameId = new XML\saml\NameID();
$nameId->setValue($eptiAttributeValue->textContent);
$this->attributes[$attributeName][] = $nameId;
}
}

Expand Down Expand Up @@ -588,7 +590,7 @@ private function parseAttributeValue($attribute, $attributeName)
}

if ($type === 'xs:integer') {
$this->attributes[$attributeName][] = (int)$value->textContent;
$this->attributes[$attributeName][] = (int) $value->textContent;
} else {
$this->attributes[$attributeName][] = trim($value->textContent);
}
Expand All @@ -602,10 +604,10 @@ private function parseAttributeValue($attribute, $attributeName)
*/
private function parseEncryptedAttributes(\DOMElement $xml)
{
$this->encryptedAttributes = Utils::xpQuery(
$this->setEncryptedAttributes(Utils::xpQuery(
$xml,
'./saml_assertion:AttributeStatement/saml_assertion:EncryptedAttribute'
);
));
}

/**
Expand All @@ -621,10 +623,10 @@ private function parseSignature(\DOMElement $xml)
/* Validate the signature element of the message. */
$sig = Utils::validateElement($xml);
if ($sig !== false) {
$this->wasSignedAtConstruction = true;
$this->certificates = $sig['Certificates'];
$this->signatureData = $sig;
$this->signatureMethod = $signatureMethod[0]->value;
$this->setWasSignedAtConstruction(true);
$this->setCertificates($sig['Certificates']);
$this->setSignatureData($sig);
$this->setSignatureMethod($signatureMethod[0]->value);
}
}

Expand All @@ -642,11 +644,11 @@ public function validate(XMLSecurityKey $key)
{
assert($key->type === \RobRichards\XMLSecLibs\XMLSecurityKey::RSA_SHA256);

if ($this->signatureData === null) {
if ($this->getSignatureData() === null) {
return false;
}

Utils::validateSignature($this->signatureData, $key);
Utils::validateSignature($this->getSignatureData(), $key);

return true;
}
Expand Down Expand Up @@ -746,6 +748,7 @@ public function setNameId($nameId)
assert(is_array($nameId) || is_null($nameId) || $nameId instanceof XML\saml\NameID);

if (is_array($nameId)) {
// @deprecated behaviour
$nameId = XML\saml\NameID::fromArray($nameId);
}
$this->nameId = $nameId;
Expand Down Expand Up @@ -836,7 +839,7 @@ public function decryptAttributes(XMLSecurityKey $key, array $blacklist = [])
return;
}
$firstAttribute = true;
$attributes = $this->encryptedAttributes;
$attributes = $this->getEncryptedAttributes();
foreach ($attributes as $attributeEnc) {
/*Decrypt node <EncryptedAttribute>*/
$attribute = Utils::decryptElement(
Expand Down Expand Up @@ -928,12 +931,23 @@ public function setNotOnOrAfter($notOnOrAfter)
}

/**
* Set $EncryptedAttributes if attributes will send encrypted
* Retrieve $requiredEncAttributes if attributes will be send encrypted
*
* @return boolean Rrue to encrypt attributes in the assertion.
*/
public function getRequiredEncAttributes()
{
return $this->requiredEncAttributes;
}

/**
* Set $requiredEncAttributes if attributes will be send encrypted
*
* @param boolean $ea true to encrypt attributes in the assertion.
*/
public function setEncryptedAttributes($ea)
public function setRequiredEncAttributes($ea)
{
assert(is_bool($ea));
$this->requiredEncAttributes = $ea;
}

Expand Down Expand Up @@ -1103,6 +1117,28 @@ public function setAuthnContextClassRef($authnContextClassRef)
$this->authnContextClassRef = $authnContextClassRef;
}

/**
* Retrieve the signature method.
*
* @return string|null The signature method.
*/
public function getSignatureMethod()
{
return $this->signatureMethod;
}

/**
* Set the signature method used.
*
* @param string|null $signatureMethod
*/
public function setSignatureMethod($signatureMethod)
{
assert(is_string($signatureMethod) || is_null($signatureMethod));

$this->signatureMethod = $signatureMethod;
}

/**
* Set the authentication context declaration.
*
Expand Down Expand Up @@ -1136,7 +1172,7 @@ public function getAuthnContextDecl()
/**
* Set the authentication context declaration reference.
*
* @param string $authnContextDeclRef
* @param string|\SAML2\XML\Chunk $authnContextDeclRef
* @throws \Exception
*/
public function setAuthnContextDeclRef($authnContextDeclRef)
Expand Down Expand Up @@ -1204,6 +1240,22 @@ public function setAttributes(array $attributes)
$this->attributes = $attributes;
}

/**
* @return array
*/
public function getSignatureData()
{
return $this->signatureData;
}

/**
* @param array|null $signatureData
*/
public function setSignatureData(array $signatureData = null)
{
$this->signatureData = $signatureData;
}

/**
* Retrieve all attributes value types.
*
Expand Down Expand Up @@ -1269,6 +1321,26 @@ public function setSubjectConfirmation(array $SubjectConfirmation)
$this->SubjectConfirmation = $SubjectConfirmation;
}

/**
* Retrieve the encryptedAttributes elements we have.
*
* @return array Array of \DOMElement elements.
*/
public function getEncryptedAttributes()
{
return $this->encryptedAttributes;
}

/**
* Set the encryptedAttributes elements
*
* @param array $encAttrs Array of \DOMElement elements.
*/
public function setEncryptedAttributes(array $encAttrs)
{
$this->encryptedAttributes = $encAttrs;
}

/**
* Retrieve the private key we should use to sign the assertion.
*
Expand Down Expand Up @@ -1337,17 +1409,18 @@ public function getCertificates()
/**
* @return bool
*/
public function getWasSignedAtConstruction()
public function wasSignedAtConstruction()
{
return $this->wasSignedAtConstruction;
}

/**
* @return null|string
* @param bool $flag
*/
public function getSignatureMethod()
public function setWasSignedAtConstruction($flag)
{
return $this->signatureMethod;
assert(is_bool($flag));
$this->wasSignedAtConstruction = $flag;
}

/**
Expand All @@ -1365,7 +1438,7 @@ public function toXML(\DOMNode $parentElement = null)
$document = $parentElement->ownerDocument;
}

$root = $document->createElementNS(Constants::NS_SAML, 'saml:' . 'Assertion');
$root = $document->createElementNS(Constants::NS_SAML, 'saml:'.'Assertion');
$parentElement->appendChild($root);

/* Ugly hack to add another namespace declaration to the root element. */
Expand All @@ -1389,7 +1462,7 @@ public function toXML(\DOMNode $parentElement = null)
$this->addSubject($root);
$this->addConditions($root);
$this->addAuthnStatement($root);
if ($this->requiredEncAttributes === false) {
if ($this->getRequiredEncAttributes() === false) {
$this->addAttributeStatement($root);
} else {
$this->addEncryptedAttributeStatement($root);
Expand Down Expand Up @@ -1421,7 +1494,7 @@ private function addSubject(\DOMElement $root)
if ($this->encryptedNameId === null) {
$this->nameId->toXML($subject);
} else {
$eid = $subject->ownerDocument->createElementNS(Constants::NS_SAML, 'saml:' . 'EncryptedID');
$eid = $subject->ownerDocument->createElementNS(Constants::NS_SAML, 'saml:'.'EncryptedID');
$subject->appendChild($eid);
$eid->appendChild($subject->ownerDocument->importNode($this->encryptedNameId, true));
}
Expand Down Expand Up @@ -1573,7 +1646,7 @@ private function addAttributeStatement(\DOMElement $root)
if (is_array($this->attributesValueTypes) && array_key_exists($name, $this->attributesValueTypes)) {
$valueTypes = $this->attributesValueTypes[$name];
if (is_array($valueTypes) && count($valueTypes) != count($values)) {
throw new \Exception('Array of value types and array of values have different size for attribute '. var_export($name, true));
throw new \Exception('Array of value types and array of values have different size for attribute '.var_export($name, true));
}
} else {
// if no type(s), default behaviour
Expand Down Expand Up @@ -1634,7 +1707,7 @@ private function addAttributeStatement(\DOMElement $root)
*/
private function addEncryptedAttributeStatement(\DOMElement $root)
{
if ($this->requiredEncAttributes === false) {
if ($this->getRequiredEncAttributes() === false) {
return;
}

Expand All @@ -1650,7 +1723,7 @@ private function addEncryptedAttributeStatement(\DOMElement $root)
$document2->appendChild($attribute);

if ($this->nameFormat !== Constants::NAMEFORMAT_UNSPECIFIED) {
$attribute->setAttribute('NameFormat', $this->nameFormat);
$attribute->setAttribute('NameFormat', $this->getAttributeNameFormat());
}

foreach ($values as $value) {
Expand Down
2 changes: 1 addition & 1 deletion src/SAML2/Assertion/Processor.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -97,7 +97,7 @@ public function process($assertion)
{
$assertion = $this->decryptAssertion($assertion);

if (!$assertion->getWasSignedAtConstruction()) {
if (!$assertion->wasSignedAtConstruction()) {
$this->logger->info(sprintf(
'Assertion with id "%s" was not signed at construction, not verifying the signature',
$assertion->getId()
Expand Down
2 changes: 1 addition & 1 deletion src/SAML2/Assertion/Validation/ConstraintValidator/SubjectConfirmationNotBefore.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -14,7 +14,7 @@ public function validate(
SubjectConfirmation $subjectConfirmation,
Result $result
) {
$notBefore = $subjectConfirmation->SubjectConfirmationData->NotBefore;
$notBefore = $subjectConfirmation->getSubjectConfirmationData()->getNotBefore();
if ($notBefore && $notBefore > Temporal::getTime() + 60) {
$result->addError('NotBefore in SubjectConfirmationData is in the future');
}
Expand Down
2 changes: 1 addition & 1 deletion src/SAML2/Assertion/Validation/ConstraintValidator/SubjectConfirmationNotOnOrAfter.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -14,7 +14,7 @@ public function validate(
SubjectConfirmation $subjectConfirmation,
Result $result
) {
$notOnOrAfter = $subjectConfirmation->SubjectConfirmationData->NotOnOrAfter;
$notOnOrAfter = $subjectConfirmation->getSubjectConfirmationData()->getNotOnOrAfter();
if ($notOnOrAfter && $notOnOrAfter <= Temporal::getTime() - 60) {
$result->addError('NotOnOrAfter in SubjectConfirmationData is in the past');
}
Expand Down
2 changes: 1 addition & 1 deletion src/SAML2/Assertion/Validation/ConstraintValidator/SubjectConfirmationRecipientMatches.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -24,7 +24,7 @@ public function validate(
SubjectConfirmation $subjectConfirmation,
Result $result
) {
$recipient = $subjectConfirmation->SubjectConfirmationData->Recipient;
$recipient = $subjectConfirmation->getSubjectConfirmationData()->getRecipient();
if ($recipient && !$this->destination->equals(new Destination($recipient))) {
$result->addError(sprintf(
'Recipient in SubjectConfirmationData ("%s") does not match the current destination ("%s")',
Expand Down
2 changes: 1 addition & 1 deletion src/SAML2/Assertion/Validation/ConstraintValidator/SubjectConfirmationResponseToMatches.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -21,7 +21,7 @@ public function validate(
SubjectConfirmation $subjectConfirmation,
Result $result
) {
$inResponseTo = $subjectConfirmation->SubjectConfirmationData->InResponseTo;
$inResponseTo = $subjectConfirmation->getSubjectConfirmationData()->getInResponseTo();
if ($inResponseTo && ($this->getInResponseTo() !== false) && ($this->getInResponseTo() !== $inResponseTo)) {
$result->addError(sprintf(
'InResponseTo in SubjectConfirmationData ("%s") does not match the Response InResponseTo ("%s")',
Expand Down
2 changes: 1 addition & 1 deletion src/SAML2/AttributeQuery.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -159,7 +159,7 @@ public function toUnsignedXML()
$type = null;
}

$attributeValue = Utils::addString($attribute, Constants::NS_SAML, 'saml:AttributeValue', (string)$value);
$attributeValue = Utils::addString($attribute, Constants::NS_SAML, 'saml:AttributeValue', strval($value));
if ($type !== null) {
$attributeValue->setAttributeNS(Constants::NS_XSI, 'xsi:type', $type);
}
Expand Down
Loading

0 comments on commit 23823fa

Please sign in to comment.