Make processor aware of assertion types

Both the Encrypted and regular Assertion classes should be passable in the decryptAssertion method. If not, you would never be able to process a SAML Response consisting of regular Assertion objects. The test merely verifies the behaviour that was changed in this commit. No additional processor tests where added. But that should be simple enough in the future.
simplesamlphp · Aug 18, 2020 · 473b420 · 473b420
1 parent 51562b0
commit 473b420
Show file tree

Hide file tree

Showing 2 changed files with 97 additions and 2 deletions.
diff --git a/src/SAML2/Assertion/Processor.php b/src/SAML2/Assertion/Processor.php
@@ -4,6 +4,7 @@
 
 namespace SAML2\Assertion;
 
+use Assert\Assert;
 use Psr\Log\LoggerInterface;
 
 use SAML2\Assertion;
@@ -15,7 +16,6 @@
 use SAML2\Configuration\IdentityProvider;
 use SAML2\EncryptedAssertion;
 use SAML2\Response\Exception\InvalidSignatureException;
-use SAML2\Response\Exception\UnencryptedAssertionFoundException;
 use SAML2\Signature\Validator;
 use SAML2\Utilities\ArrayCollection;
 
@@ -95,7 +95,13 @@ public function decryptAssertions(ArrayCollection $assertions)
     {
         $decrypted = new ArrayCollection();
         foreach ($assertions->getIterator() as $assertion) {
-            $decrypted->add($this->decryptAssertion($assertion));
+            if ($assertion instanceof EncryptedAssertion) {
+                $decrypted->add($this->decryptAssertion($assertion));
+            } elseif ($assertion instanceof Assertion) {
+                $decrypted->add($assertion);
+            } else {
+                throw new InvalidAssertionException('The assertion must be of type: EncryptedAssertion or Assertion');
+            }
         }
 
         return $decrypted;

diff --git a/tests/SAML2/Assertion/ProcessorTest.php b/tests/SAML2/Assertion/ProcessorTest.php
@@ -0,0 +1,89 @@
+<?php
+
+declare(strict_types=1);
+
+namespace SAML2\Assertion;
+
+use Mockery as m;
+use Mockery\Adapter\Phpunit\MockeryTestCase;
+use Psr\Log\LoggerInterface;
+use SAML2\Assertion;
+use SAML2\Assertion\Exception\InvalidAssertionException;
+use SAML2\Assertion\Transformer\Transformer;
+use SAML2\Assertion\Validation\AssertionValidator;
+use SAML2\Assertion\Validation\SubjectConfirmationValidator;
+use SAML2\Configuration\IdentityProvider;
+use SAML2\EncryptedAssertion;
+use SAML2\Signature\Validator;
+use SAML2\Utilities\ArrayCollection;
+use stdClass;
+
+class ProcessorTest extends MockeryTestCase
+{
+    /**
+     * @var Processor
+     */
+    private $processor;
+
+    /**
+     * @var m\MockInterface&Decrypter
+     */
+    private $decrypter;
+
+    protected function setUp(): void
+    {
+        $this->decrypter = m::mock(Decrypter::class);
+        $validator = m::mock(Validator::class);
+        $assertionValidator = m::mock(AssertionValidator::class);
+        $subjectConfirmationValidator = m::mock(SubjectConfirmationValidator::class);
+        $transformer = m::mock(Transformer::class);
+        $identityProvider = new IdentityProvider([]);
+        $logger = m::mock(LoggerInterface::class);
+
+        $this->processor = new Processor(
+            $this->decrypter,
+            $validator,
+            $assertionValidator,
+            $subjectConfirmationValidator,
+            $transformer,
+            $identityProvider,
+            $logger
+        );
+    }
+
+    /**
+     * @test
+     * @dataProvider provideValidAssertions
+     */
+    public function processor_correctly_encrypts_assertions(array $assertions)
+    {
+        $this->decrypter
+            ->shouldReceive('decrypt')
+            ->andReturn(new Assertion());
+
+        $collection = new ArrayCollection($assertions);
+        $result = $this->processor->decryptAssertions($collection);
+        self::assertInstanceOf(ArrayCollection::class, $result);
+        foreach ($result as $assertion) {
+            self::assertInstanceOf(Assertion::class, $assertion);
+        }
+    }
+
+    /**
+     * @test
+     */
+    public function unsuported_assertions_are_rejected()
+    {
+        self::expectException(InvalidAssertionException::class);
+        self::expectExceptionMessage('The assertion must be of type: EncryptedAssertion or Assertion');
+        $this->processor->decryptAssertions(new ArrayCollection([new stdClass()]));
+    }
+
+    public function provideValidAssertions()
+    {
+        yield [[new Assertion()]];
+        yield [[new EncryptedAssertion()]];
+        yield [[new Assertion(), new EncryptedAssertion(), new Assertion()]];
+        yield [[new EncryptedAssertion(), new EncryptedAssertion(), new EncryptedAssertion()]];
+   }
+}