Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Correct Attribute Value Parsing #60

Merged
merged 5 commits into from
Jan 27, 2016
Merged

Correct Attribute Value Parsing #60

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
5 commits
Select commit Hold shift + click to select a range
37196e3
Correct attribute value parsing
Jan 22, 2016
5467642
Add test that ensures RequesterID is parsed correctly
Jan 22, 2016
dc74049
Correct coding style
Jan 22, 2016
d3b8bb0
Use updated Attribute Value parsing for encrypted attributes
Jan 22, 2016
4fb9d1a
Updated docblock to better indicate how attributes are represented in…
Jan 22, 2016
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
42 changes: 34 additions & 8 deletions src/SAML2/Assertion.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -154,7 +154,8 @@ class Assertion implements SignedElement
/**
* The attributes, as an associative array.
*
* @var \DOMElement[]
* @var array multi-dimensional array, indexed by attribute name with each value representing the attribute value
* of that attribute. This value is an array of \DOMNodeList|string|int
*/
private $attributes;

Expand Down Expand Up @@ -501,9 +502,37 @@ private function parseAttributes(\DOMElement $xml)
$this->attributes[$name] = array();
}

$values = Utils::xpQuery($attribute, './saml_assertion:AttributeValue');
foreach ($values as $value) {
$this->attributes[$name][] = trim($value->textContent);
$this->parseAttributeValue($attribute, $name);
}
}

/**
* @param \DOMNode $attribute
* @param string $attributeName
*/
private function parseAttributeValue($attribute, $attributeName)
{
$values = Utils::xpQuery($attribute, './saml_assertion:AttributeValue');
foreach ($values as $value) {
$hasNonTextChildElements = false;
foreach ($value->childNodes as $childNode) {
/** @var \DOMNode $childNode */
if ($childNode->nodeType !== XML_TEXT_NODE) {
$hasNonTextChildElements = true;
break;
}
}

if ($hasNonTextChildElements) {
$this->attributes[$attributeName][] = $value->childNodes;
continue;
}

$type = $value->getAttribute('xsi:type');
if ($type === 'xs:integer') {
$this->attributes[$attributeName][] = (int)$value->textContent;
} else {
$this->attributes[$attributeName][] = trim($value->textContent);
}
}
}
Expand Down Expand Up @@ -781,10 +810,7 @@ public function decryptAttributes(XMLSecurityKey $key, array $blacklist = array(
$this->attributes[$name] = array();
}

$values = Utils::xpQuery($attribute, './saml_assertion:AttributeValue');
foreach ($values as $value) {
$this->attributes[$name][] = trim($value->textContent);
}
$this->parseAttributeValue($attribute, $name);
}
}

Expand Down
168 changes: 168 additions & 0 deletions tests/SAML2/AssertionTest.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -383,4 +383,172 @@ public function testCorrectSignatureMethodCanBeExtracted()

$this->assertEquals($privateKey->getAlgorith(), $signatureMethod);
}

public function testAttributeValuesWithComplexTypeValuesAreParsedCorrectly()
{
$xml = <<<XML
<saml:Assertion
xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"
xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol"
xmlns:xs="http://www.w3.org/2001/XMLSchema"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
Version="2.0"
ID="_93af655219464fb403b34436cfb0c5cb1d9a5502"
IssueInstant="1970-01-01T01:33:31Z">
<saml:Issuer>Provider</saml:Issuer>
<saml:Conditions/>
<saml:AttributeStatement>
<saml:Attribute Name="urn:oid:1.3.6.1.4.1.5923.1.1.1.10" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
<saml:AttributeValue>
<saml:NameID Format="urn:oasis:names:tc:SAML:2.0:nameid-format:persistent">abcd-some-value-xyz</saml:NameID>
</saml:AttributeValue>
</saml:Attribute>
<saml:Attribute Name="urn:mace:dir:attribute-def:eduPersonTargetedID" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
<saml:AttributeValue>
<saml:NameID Format="urn:oasis:names:tc:SAML:2.0:nameid-format:persistent">abcd-some-value-xyz</saml:NameID>
</saml:AttributeValue>
</saml:Attribute>
<saml:Attribute Name="urn:EntityConcernedSubID" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
<saml:AttributeValue xsi:type="xs:string">string</saml:AttributeValue>
</saml:Attribute>
</saml:AttributeStatement>
</saml:Assertion>
XML;

$assertion = new Assertion(DOMDocumentFactory::fromString($xml)->firstChild);

$attributes = $assertion->getAttributes();
$this->assertInstanceOf(
'\DOMNodeList',
$attributes['urn:mace:dir:attribute-def:eduPersonTargetedID'][0]
);
$this->assertXmlStringEqualsXmlString($xml, $assertion->toXML()->ownerDocument->saveXML());
}

public function testTypedAttributeValuesAreParsedCorrectly()
{
$xml = <<<XML
<saml:Assertion
xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"
xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol"
xmlns:xs="http://www.w3.org/2001/XMLSchema"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
Version="2.0"
ID="_93af655219464fb403b34436cfb0c5cb1d9a5502"
IssueInstant="1970-01-01T01:33:31Z">
<saml:Issuer>Provider</saml:Issuer>
<saml:Conditions/>
<saml:AttributeStatement>
<saml:Attribute Name="urn:some:string">
<saml:AttributeValue xsi:type="xs:string">string</saml:AttributeValue>
</saml:Attribute>
<saml:Attribute Name="urn:some:integer">
<saml:AttributeValue xsi:type="xs:integer">42</saml:AttributeValue>
</saml:Attribute>
</saml:AttributeStatement>
</saml:Assertion>
XML;

$assertion = new Assertion(DOMDocumentFactory::fromString($xml)->firstChild);

$attributes = $assertion->getAttributes();
$this->assertInternalType('int', $attributes['urn:some:integer'][0]);
$this->assertInternalType('string', $attributes['urn:some:string'][0]);
$this->assertXmlStringEqualsXmlString($xml, $assertion->toXML()->ownerDocument->saveXML());
}

public function testEncryptedAttributeValuesWithComplexTypeValuesAreParsedCorrectly()
{
$xml = <<<XML
<saml:Assertion
xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"
xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol"
xmlns:xs="http://www.w3.org/2001/XMLSchema"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
Version="2.0"
ID="_93af655219464fb403b34436cfb0c5cb1d9a5502"
IssueInstant="1970-01-01T01:33:31Z">
<saml:Issuer>Provider</saml:Issuer>
<saml:Conditions/>
<saml:AttributeStatement>
<saml:Attribute Name="urn:oid:1.3.6.1.4.1.5923.1.1.1.10" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
<saml:AttributeValue>
<saml:NameID Format="urn:oasis:names:tc:SAML:2.0:nameid-format:persistent">abcd-some-value-xyz</saml:NameID>
</saml:AttributeValue>
</saml:Attribute>
<saml:Attribute Name="urn:mace:dir:attribute-def:eduPersonTargetedID" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
<saml:AttributeValue>
<saml:NameID Format="urn:oasis:names:tc:SAML:2.0:nameid-format:persistent">abcd-some-value-xyz</saml:NameID>
</saml:AttributeValue>
</saml:Attribute>
<saml:Attribute Name="urn:EntityConcernedSubID" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
<saml:AttributeValue xsi:type="xs:string">string</saml:AttributeValue>
</saml:Attribute>
</saml:AttributeStatement>
</saml:Assertion>
XML;

$privateKey = CertificatesMock::getPublicKey();

$assertion = new Assertion(DOMDocumentFactory::fromString($xml)->firstChild);
$assertion->setEncryptionKey($privateKey);
$assertion->setEncryptedAttributes(true);
$encryptedAssertion = $assertion->toXML()->ownerDocument->saveXML();

$assertionToVerify = new Assertion(DOMDocumentFactory::fromString($encryptedAssertion)->firstChild);

$this->assertTrue($assertionToVerify->hasEncryptedAttributes());

$assertionToVerify->decryptAttributes(CertificatesMock::getPrivateKey());

$attributes = $assertionToVerify->getAttributes();
$this->assertInstanceOf(
'\DOMNodeList',
$attributes['urn:mace:dir:attribute-def:eduPersonTargetedID'][0]
);
$this->assertXmlStringEqualsXmlString($xml, $assertionToVerify->toXML()->ownerDocument->saveXML());
}

public function testTypedEncryptedAttributeValuesAreParsedCorrectly()
{
$xml = <<<XML
<saml:Assertion
xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"
xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol"
xmlns:xs="http://www.w3.org/2001/XMLSchema"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
Version="2.0"
ID="_93af655219464fb403b34436cfb0c5cb1d9a5502"
IssueInstant="1970-01-01T01:33:31Z">
<saml:Issuer>Provider</saml:Issuer>
<saml:Conditions/>
<saml:AttributeStatement>
<saml:Attribute Name="urn:some:string">
<saml:AttributeValue xsi:type="xs:string">string</saml:AttributeValue>
</saml:Attribute>
<saml:Attribute Name="urn:some:integer">
<saml:AttributeValue xsi:type="xs:integer">42</saml:AttributeValue>
</saml:Attribute>
</saml:AttributeStatement>
</saml:Assertion>
XML;

$privateKey = CertificatesMock::getPublicKey();

$assertion = new Assertion(DOMDocumentFactory::fromString($xml)->firstChild);
$assertion->setEncryptionKey($privateKey);
$assertion->setEncryptedAttributes(true);
$encryptedAssertion = $assertion->toXML()->ownerDocument->saveXML();

$assertionToVerify = new Assertion(DOMDocumentFactory::fromString($encryptedAssertion)->firstChild);

$this->assertTrue($assertionToVerify->hasEncryptedAttributes());

$assertionToVerify->decryptAttributes(CertificatesMock::getPrivateKey());
$attributes = $assertionToVerify->getAttributes();

$this->assertInternalType('int', $attributes['urn:some:integer'][0]);
$this->assertInternalType('string', $attributes['urn:some:string'][0]);
$this->assertXmlStringEqualsXmlString($xml, $assertionToVerify->toXML()->ownerDocument->saveXML());
}
}
Loading