Skip to content
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion .github/workflows/documentation.yml
Original file line number Diff line number Diff line change
Expand Up @@ -19,7 +19,7 @@ jobs:
runs-on: [ubuntu-latest]

steps:
- uses: actions/checkout@v6
- uses: actions/checkout@v7

- name: Lint markdown files
uses: nosborn/github-action-markdown-cli@v3
Expand Down
6 changes: 3 additions & 3 deletions .github/workflows/interoperability.yml
Original file line number Diff line number Diff line change
Expand Up @@ -47,10 +47,10 @@ jobs:
git config --global core.autocrlf false
git config --global core.eol lf

- uses: actions/checkout@v6
- uses: actions/checkout@v7

- name: Cache composer dependencies
uses: actions/cache@v5
uses: actions/cache@v6
with:
path: $(composer config cache-files-dir)
key: ${{ runner.os }}-composer-${{ hashFiles('**/composer.lock') }}
Expand All @@ -69,7 +69,7 @@ jobs:

- name: Cache metadata
id: cache-metadata
uses: actions/cache@v5
uses: actions/cache@v6
with:
path: /tmp/metadata
key: ${{ runner.os }}-metadata-${{ env.date }}
Expand Down
20 changes: 10 additions & 10 deletions .github/workflows/php.yml
Original file line number Diff line number Diff line change
Expand Up @@ -71,7 +71,7 @@ jobs:
git config --global core.autocrlf false
git config --global core.eol lf

- uses: actions/checkout@v6
- uses: actions/checkout@v7

- name: Get composer cache directory
run: echo COMPOSER_CACHE="$(composer config cache-files-dir)" >> "$GITHUB_ENV"
Expand All @@ -86,7 +86,7 @@ jobs:
echo "COMPOSER_ROOT_VERSION=$ROOT_VERSION" >> "$GITHUB_ENV"

- name: Cache composer dependencies
uses: actions/cache@v5
uses: actions/cache@v6
with:
path: ${{ env.COMPOSER_CACHE }}
key: ${{ runner.os }}-composer-${{ hashFiles('**/composer.json') }}
Expand Down Expand Up @@ -143,7 +143,7 @@ jobs:
git config --global core.autocrlf false
git config --global core.eol lf

- uses: actions/checkout@v6
- uses: actions/checkout@v7

- name: Get composer cache directory
run: echo COMPOSER_CACHE="$(composer config cache-files-dir)" >> "$env:GITHUB_ENV"
Expand All @@ -158,7 +158,7 @@ jobs:
echo "COMPOSER_ROOT_VERSION=$ROOT_VERSION" >> "$GITHUB_ENV"

- name: Cache composer dependencies
uses: actions/cache@v5
uses: actions/cache@v6
with:
path: ${{ env.COMPOSER_CACHE }}
key: ${{ runner.os }}-composer-${{ hashFiles('**\composer.json') }}
Expand Down Expand Up @@ -190,7 +190,7 @@ jobs:
- name: Setup problem matchers for PHP
run: echo "::add-matcher::${{ runner.tool_cache }}/php.json"

- uses: actions/checkout@v6
- uses: actions/checkout@v7

- name: Get composer cache directory
run: echo COMPOSER_CACHE="$(composer config cache-files-dir)" >> "$GITHUB_ENV"
Expand All @@ -205,7 +205,7 @@ jobs:
echo "COMPOSER_ROOT_VERSION=$ROOT_VERSION" >> "$GITHUB_ENV"

- name: Cache composer dependencies
uses: actions/cache@v5
uses: actions/cache@v6
with:
path: ${{ env.COMPOSER_CACHE }}
key: ${{ runner.os }}-composer-${{ hashFiles('**/composer.json') }}
Expand Down Expand Up @@ -253,7 +253,7 @@ jobs:
- name: Setup problem matchers for PHP
run: echo "::add-matcher::${{ runner.tool_cache }}/php.json"

- uses: actions/checkout@v6
- uses: actions/checkout@v7

- name: Get composer cache directory
run: echo COMPOSER_CACHE="$(composer config cache-files-dir)" >> "$GITHUB_ENV"
Expand All @@ -268,7 +268,7 @@ jobs:
echo "COMPOSER_ROOT_VERSION=$ROOT_VERSION" >> "$GITHUB_ENV"

- name: Cache composer dependencies
uses: actions/cache@v5
uses: actions/cache@v6
with:
path: ${{ env.COMPOSER_CACHE }}
key: ${{ runner.os }}-composer-${{ hashFiles('**/composer.json') }}
Expand All @@ -291,15 +291,15 @@ jobs:
runs-on: [ubuntu-latest]
needs: [unit-tests-linux]
steps:
- uses: actions/checkout@v6
- uses: actions/checkout@v7

- uses: actions/download-artifact@v8
with:
name: coverage-data
path: ${{ github.workspace }}/build

- name: Codecov
uses: codecov/codecov-action@v6
uses: codecov/codecov-action@v7
with:
token: ${{ secrets.CODECOV_TOKEN }}
fail_ci_if_error: true
Expand Down
3 changes: 1 addition & 2 deletions composer.json
Original file line number Diff line number Diff line change
Expand Up @@ -33,8 +33,7 @@
"simplesamlphp/assert": "~2.0",
"simplesamlphp/xml-common": "~2.8",
"simplesamlphp/xml-security": "~2.3",
"simplesamlphp/xml-soap": "~2.3",
"robrichards/xmlseclibs": "^3.1"
"simplesamlphp/xml-soap": "~2.3"
},
"require-dev": {
"ext-intl": "*",
Expand Down
10 changes: 0 additions & 10 deletions phpstan-baseline.neon
Original file line number Diff line number Diff line change
@@ -1,15 +1,5 @@
parameters:
ignoreErrors:
-
message: '#^Call to an undefined method SimpleSAML\\SAML2\\XML\\samlp\\AbstractMessage\:\:addValidator\(\)\.$#'
identifier: method.notFound
path: src/Binding/HTTPArtifact.php

-
message: '#^Call to an undefined method SimpleSAML\\SAML2\\XML\\samlp\\ArtifactResponse\:\:validate\(\)\.$#'
identifier: method.notFound
path: src/Binding/HTTPArtifact.php

-
message: '#^Call to an undefined method SimpleSAML\\SAML2\\XML\\samlp\\AbstractMessage\:\:addValidator\(\)\.$#'
identifier: method.notFound
Expand Down
38 changes: 19 additions & 19 deletions src/Binding/HTTPArtifact.php
Original file line number Diff line number Diff line change
Expand Up @@ -9,12 +9,12 @@
use Nyholm\Psr7\Response;
use Psr\Http\Message\ResponseInterface;
use Psr\Http\Message\ServerRequestInterface;
use RobRichards\XMLSecLibs\XMLSecurityKey;
use SimpleSAML\Configuration;
use SimpleSAML\Metadata\MetaDataStorageHandler;
use SimpleSAML\Module\saml\Message as MSG;
use SimpleSAML\SAML2\Assert\Assert;
use SimpleSAML\SAML2\Binding;
use SimpleSAML\SAML2\Compat\ContainerSingleton;
use SimpleSAML\SAML2\SOAPClient;
use SimpleSAML\SAML2\Utils;
use SimpleSAML\SAML2\XML\saml\Issuer;
Expand All @@ -24,6 +24,8 @@
use SimpleSAML\SAML2\XML\samlp\ArtifactResponse;
use SimpleSAML\Store\StoreFactory;
use SimpleSAML\Utils\HTTP;
use SimpleSAML\XMLSecurity\Alg\Signature\SignatureAlgorithmFactory;
use SimpleSAML\XMLSecurity\TestUtils\PEMCertificatesMock;

use function array_key_exists;
use function base64_decode;
Expand Down Expand Up @@ -173,8 +175,10 @@ public function receive(ServerRequestInterface $request): AbstractMessage
$soap = new SOAPClient();

// Send message through SoapClient
/** @var \SimpleSAML\SAML2\XML\samlp\ArtifactResponse $artifactResponse */
$artifactResponse = $soap->send($ar, $this->spMetadata, $idpMetadata);
if (!($artifactResponse instanceof ArtifactResponse)) {
throw new Exception('Invalid message received in response to our ArtifactResolve.');
}

if (!$artifactResponse->isSuccess()) {
throw new Exception('Received error from ArtifactResolutionService.');
Expand All @@ -183,18 +187,27 @@ public function receive(ServerRequestInterface $request): AbstractMessage
$samlResponse = $artifactResponse->getMessage();
if ($samlResponse === null) {
/* Empty ArtifactResponse - possibly because of Artifact replay? */

throw new Exception('Empty ArtifactResponse received, maybe a replay?');
}

$samlResponse->addValidator([get_class($this), 'validateSignature'], $artifactResponse);

$query = $request->getQueryParams();
if (isset($query['RelayState'])) {
$this->setRelayState($query['RelayState']);
}

return $samlResponse;
if (!$samlResponse->isSigned()) {
return $samlResponse;
}

$container = ContainerSingleton::getInstance();
$blacklist = $container->getBlacklistedEncryptionAlgorithms();
$verifier = (new SignatureAlgorithmFactory($blacklist))->getAlgorithm(
$samlResponse->getSignature()->getSignedInfo()->getSignatureMethod()->getAlgorithm(),
// TODO: Need to use the key from the metadata
PEMCertificatesMock::getPublicKey(PEMCertificatesMock::SELFSIGNED_PUBLIC_KEY),
);

return $samlResponse->verify($verifier);
}


Expand All @@ -205,17 +218,4 @@ public function setSPMetadata(Configuration $sp): void
{
$this->spMetadata = $sp;
}


/**
* A validator which returns true if the ArtifactResponse was signed with the given key
*
* @param \SimpleSAML\SAML2\XML\samlp\ArtifactResponse $message
* @param \RobRichards\XMLSecLibs\XMLSecurityKey $key
*/
public static function validateSignature(ArtifactResponse $message, XMLSecurityKey $key): bool
{
// @todo verify if this works and/or needs to do anything more. Ref. HTTPRedirect binding
return $message->validate($key);
}
}
4 changes: 2 additions & 2 deletions src/Configuration/IdentityProvider.php
Original file line number Diff line number Diff line change
Expand Up @@ -8,7 +8,7 @@
use SimpleSAML\XMLSecurity\Constants as C;

use function array_filter;
use function array_pop;
use function array_last;
use function count;
use function sprintf;

Expand Down Expand Up @@ -94,7 +94,7 @@ public function getPrivateKey(string $name, ?bool $required = null)
return null;
}

return array_pop($key);
return array_last($key);
}


Expand Down
4 changes: 2 additions & 2 deletions src/Configuration/ServiceProvider.php
Original file line number Diff line number Diff line change
Expand Up @@ -8,7 +8,7 @@
use SimpleSAML\XMLSecurity\Constants as C;

use function array_filter;
use function array_pop;
use function array_last;
use function count;
use function sprintf;

Expand Down Expand Up @@ -102,7 +102,7 @@ public function getPrivateKey(string $name, ?bool $required = null)
return null;
}

return array_pop($key);
return array_last($key);
}


Expand Down
4 changes: 2 additions & 2 deletions src/XML/IdentifierTrait.php
Original file line number Diff line number Diff line change
Expand Up @@ -12,7 +12,7 @@
use SimpleSAML\SAML2\XML\saml\NameID;
use SimpleSAML\XMLSchema\Exception\TooManyElementsException;

use function array_pop;
use function array_last;

/**
* Trait grouping common functionality for elements that can hold identifiers.
Expand Down Expand Up @@ -94,7 +94,7 @@ protected static function getIdentifierFromXML(DOMElement $xml): ?IdentifierInte
TooManyElementsException::class,
);

$identifier = array_pop($identifiers);
$identifier = array_last($identifiers);

return $identifier;
}
Expand Down
4 changes: 3 additions & 1 deletion src/XML/SignedElementTrait.php
Original file line number Diff line number Diff line change
Expand Up @@ -11,6 +11,8 @@
use SimpleSAML\XMLSecurity\XML\ds\Signature;
use SimpleSAML\XMLSecurity\XML\SignedElementTrait as BaseSignedElementTrait;

use function array_last;

/**
* Helper trait for processing signed elements.
*
Expand All @@ -37,7 +39,7 @@ protected function setSignature(Signature $signature): void
$references = $signature->getSignedInfo()->getReferences();
Assert::count($references, 1, "A signature needs to have exactly one Reference, %d found.");

$reference = array_pop($references);
$reference = array_last($references);
Assert::notNull($reference->getURI(), "URI attribute not found.", ReferenceValidationFailedException::class);
Assert::startsWith(
$reference->getURI()->getValue(),
Expand Down
5 changes: 3 additions & 2 deletions src/XML/ecp/Request.php
Original file line number Diff line number Diff line change
Expand Up @@ -19,6 +19,7 @@
use SimpleSAML\XMLSchema\Exception\TooManyElementsException;
use SimpleSAML\XMLSchema\Type\BooleanValue;

use function array_last;
use function intval;
use function strval;

Expand Down Expand Up @@ -140,8 +141,8 @@ public static function fromXML(DOMElement $xml): static
$idpList = IDPList::getChildrenOfClass($xml);

return new static(
array_pop($issuer),
array_pop($idpList),
array_last($issuer),
array_last($idpList),
self::getOptionalAttribute($xml, 'ProviderName', SAMLStringValue::class, null),
self::getOptionalAttribute($xml, 'IsPassive', BooleanValue::class, null),
);
Expand Down
4 changes: 3 additions & 1 deletion src/XML/ecp/SubjectConfirmation.php
Original file line number Diff line number Diff line change
Expand Up @@ -17,6 +17,8 @@
use SimpleSAML\XMLSchema\Exception\MissingAttributeException;
use SimpleSAML\XMLSchema\Exception\TooManyElementsException;

use function array_last;

/**
* Class representing the ECP SubjectConfirmation element.
*
Expand Down Expand Up @@ -113,7 +115,7 @@ public static function fromXML(DOMElement $xml): static

return new static(
self::getAttribute($xml, 'Method', SAMLAnyURIValue::class),
array_pop($subjectConfirmationData),
array_last($subjectConfirmationData),
);
}

Expand Down
4 changes: 2 additions & 2 deletions src/XML/emd/RepublishRequest.php
Original file line number Diff line number Diff line change
Expand Up @@ -14,7 +14,7 @@
use SimpleSAML\XMLSchema\Exception\InvalidDOMElementException;
use SimpleSAML\XMLSchema\Exception\SchemaViolationException;

use function array_pop;
use function array_last;

/**
* Class implementing RepublishRequest.
Expand Down Expand Up @@ -71,7 +71,7 @@ public static function fromXML(DOMElement $xml): static
SchemaViolationException::class,
);

return new static(array_pop($republishTarget));
return new static(array_last($republishTarget));
}


Expand Down
6 changes: 3 additions & 3 deletions src/XML/md/AbstractRoleDescriptor.php
Original file line number Diff line number Diff line change
Expand Up @@ -24,7 +24,7 @@
use SimpleSAML\XMLSchema\Type\IDValue;
use SimpleSAML\XMLSchema\Type\QNameValue;

use function array_pop;
use function array_last;

/**
* Class representing a SAML2 RoleDescriptor element.
Expand Down Expand Up @@ -148,10 +148,10 @@ public static function fromXML(DOMElement $xml): static
self::getOptionalAttribute($xml, 'ID', IDValue::class, null),
self::getOptionalAttribute($xml, 'validUntil', SAMLDateTimeValue::class, null),
self::getOptionalAttribute($xml, 'cacheDuration', DurationValue::class, null),
array_pop($extensions),
array_last($extensions),
self::getOptionalAttribute($xml, 'errorURL', SAMLAnyURIValue::class, null),
KeyDescriptor::getChildrenOfClass($xml),
array_pop($orgs),
array_last($orgs),
ContactPerson::getChildrenOfClass($xml),
self::getAttributesNSFromXML($xml),
);
Expand Down
Loading
Loading