Add ManageNameIDResponse-element

tvdijen · tvdijen · commit 78e48b6aebfb · 2025-12-22T23:19:09.000+01:00
diff --git a/src/XML/samlp/ManageNameIDResponse.php b/src/XML/samlp/ManageNameIDResponse.php
@@ -0,0 +1,128 @@
+<?php
+
+declare(strict_types=1);
+
+namespace SimpleSAML\SAML2\XML\samlp;
+
+use DOMElement;
+use SimpleSAML\SAML2\Assert\Assert;
+use SimpleSAML\SAML2\Exception\Protocol\RequestVersionTooHighException;
+use SimpleSAML\SAML2\Exception\Protocol\RequestVersionTooLowException;
+use SimpleSAML\SAML2\Type\SAMLAnyURIValue;
+use SimpleSAML\SAML2\Type\SAMLDateTimeValue;
+use SimpleSAML\SAML2\Type\SAMLStringValue;
+use SimpleSAML\SAML2\XML\saml\Issuer;
+use SimpleSAML\XML\SchemaValidatableElementInterface;
+use SimpleSAML\XML\SchemaValidatableElementTrait;
+use SimpleSAML\XMLSchema\Exception\InvalidDOMElementException;
+use SimpleSAML\XMLSchema\Exception\MissingElementException;
+use SimpleSAML\XMLSchema\Exception\TooManyElementsException;
+use SimpleSAML\XMLSchema\Type\IDValue;
+use SimpleSAML\XMLSchema\Type\NCNameValue;
+use SimpleSAML\XMLSecurity\XML\ds\Signature;
+
+use function array_pop;
+use function strval;
+
+/**
+ * Class for SAML 2 ManageNameIDResponse messages.
+ *
+ * @package simplesamlphp/saml2
+ */
+class ManageNameIDResponse extends AbstractStatusResponse implements SchemaValidatableElementInterface
+{
+    use SchemaValidatableElementTrait;
+
+
+    /**
+     * Constructor for SAML 2 response messages.
+     *
+     * @param \SimpleSAML\XMLSchema\Type\IDValue $id
+     * @param \SimpleSAML\SAML2\XML\samlp\Status $status
+     * @param \SimpleSAML\SAML2\Type\SAMLDateTimeValue $issueInstant
+     * @param \SimpleSAML\SAML2\XML\saml\Issuer|null $issuer
+     * @param \SimpleSAML\XMLSchema\Type\NCNameValue|null $inResponseTo
+     * @param \SimpleSAML\SAML2\Type\SAMLAnyURIValue|null $destination
+     * @param \SimpleSAML\SAML2\Type\SAMLAnyURIValue|null $consent
+     * @param \SimpleSAML\SAML2\XML\samlp\Extensions $extensions
+     */
+    final public function __construct(
+        IDValue $id,
+        Status $status,
+        SAMLDateTimeValue $issueInstant,
+        ?Issuer $issuer = null,
+        ?NCNameValue $inResponseTo = null,
+        ?SAMLAnyURIValue $destination = null,
+        ?SAMLAnyURIValue $consent = null,
+        ?Extensions $extensions = null,
+    ) {
+        parent::__construct(
+            $id,
+            $status,
+            $issueInstant,
+            $issuer,
+            $inResponseTo,
+            $destination,
+            $consent,
+            $extensions,
+        );
+    }
+
+
+    /**
+     * Convert XML into a ManageNameIDResponse element.
+     *
+     * @throws \SimpleSAML\XMLSchema\Exception\InvalidDOMElementException
+     *   if the qualified name of the supplied element is wrong
+     * @throws \SimpleSAML\XMLSchema\Exception\MissingAttributeException
+     *   if the supplied element is missing one of the mandatory attributes
+     * @throws \SimpleSAML\XMLSchema\Exception\MissingElementException
+     *   if one of the mandatory child-elements is missing
+     */
+    public static function fromXML(DOMElement $xml): static
+    {
+        Assert::same($xml->localName, static::getLocalName(), InvalidDOMElementException::class);
+        Assert::same($xml->namespaceURI, static::NS, InvalidDOMElementException::class);
+
+        $version = self::getAttribute($xml, 'Version', SAMLStringValue::class);
+        Assert::true(version_compare('2.0', strval($version), '<='), RequestVersionTooLowException::class);
+        Assert::true(version_compare('2.0', strval($version), '>='), RequestVersionTooHighException::class);
+
+        $signature = Signature::getChildrenOfClass($xml);
+        Assert::maxCount($signature, 1, 'Only one ds:Signature element is allowed.', TooManyElementsException::class);
+
+        $issuer = Issuer::getChildrenOfClass($xml);
+        Assert::countBetween($issuer, 0, 1);
+
+        $status = Status::getChildrenOfClass($xml);
+        Assert::minCount($status, 1, MissingElementException::class);
+        Assert::maxCount($status, 1, TooManyElementsException::class);
+
+        $extensions = Extensions::getChildrenOfClass($xml);
+        Assert::maxCount(
+            $extensions,
+            1,
+            'Only one saml:Extensions element is allowed.',
+            TooManyElementsException::class,
+        );
+
+        $response = new static(
+            self::getAttribute($xml, 'ID', IDValue::class),
+            array_pop($status),
+            self::getAttribute($xml, 'IssueInstant', SAMLDateTimeValue::class),
+            empty($issuer) ? null : array_pop($issuer),
+            self::getOptionalAttribute($xml, 'InResponseTo', NCNameValue::class, null),
+            self::getOptionalAttribute($xml, 'Destination', SAMLAnyURIValue::class, null),
+            self::getOptionalAttribute($xml, 'Consent', SAMLAnyURIValue::class, null),
+            empty($extensions) ? null : array_pop($extensions),
+        );
+
+        if (!empty($signature)) {
+            $response->setSignature($signature[0]);
+            $response->messageContainedSignatureUponConstruction = true;
+            $response->setXML($xml);
+        }
+
+        return $response;
+    }
+}
diff --git a/src/XML/samlp/NameIDMappingResponse.php b/src/XML/samlp/NameIDMappingResponse.php
@@ -6,15 +6,12 @@
 
 use DOMElement;
 use SimpleSAML\SAML2\Assert\Assert;
-use SimpleSAML\SAML2\Constants as C;
 use SimpleSAML\SAML2\Exception\Protocol\RequestVersionTooHighException;
 use SimpleSAML\SAML2\Exception\Protocol\RequestVersionTooLowException;
 use SimpleSAML\SAML2\Type\SAMLAnyURIValue;
 use SimpleSAML\SAML2\Type\SAMLDateTimeValue;
 use SimpleSAML\SAML2\Type\SAMLStringValue;
 use SimpleSAML\SAML2\XML\IdentifierTrait;
-use SimpleSAML\SAML2\XML\saml\Assertion;
-use SimpleSAML\SAML2\XML\saml\EncryptedAssertion;
 use SimpleSAML\SAML2\XML\saml\EncryptedID;
 use SimpleSAML\SAML2\XML\saml\Issuer;
 use SimpleSAML\SAML2\XML\saml\NameID;
@@ -27,7 +24,6 @@
 use SimpleSAML\XMLSchema\Type\NCNameValue;
 use SimpleSAML\XMLSecurity\XML\ds\Signature;
 
-use function array_merge;
 use function array_pop;
 use function strval;
 
@@ -82,7 +78,7 @@ final public function __construct(
 
 
     /**
-     * Convert XML into a Response element.
+     * Convert XML into a NameIDMappingResponse element.
      *
      * @throws \SimpleSAML\XMLSchema\Exception\InvalidDOMElementException
      *   if the qualified name of the supplied element is wrong
diff --git a/tests/SAML2/XML/samlp/ManageNameIDResponseTest.php b/tests/SAML2/XML/samlp/ManageNameIDResponseTest.php
@@ -0,0 +1,88 @@
+<?php
+
+declare(strict_types=1);
+
+namespace SimpleSAML\Test\SAML2\XML\samlp;
+
+use PHPUnit\Framework\Attributes\CoversClass;
+use PHPUnit\Framework\Attributes\Group;
+use PHPUnit\Framework\TestCase;
+use SimpleSAML\SAML2\Constants as C;
+use SimpleSAML\SAML2\Type\SAMLAnyURIValue;
+use SimpleSAML\SAML2\Type\SAMLDateTimeValue;
+use SimpleSAML\SAML2\Type\SAMLStringValue;
+use SimpleSAML\SAML2\XML\saml\Issuer;
+use SimpleSAML\SAML2\XML\samlp\AbstractMessage;
+use SimpleSAML\SAML2\XML\samlp\AbstractSamlpElement;
+use SimpleSAML\SAML2\XML\samlp\AbstractStatusResponse;
+use SimpleSAML\SAML2\XML\samlp\ManageNameIDResponse;
+use SimpleSAML\SAML2\XML\samlp\Status;
+use SimpleSAML\SAML2\XML\samlp\StatusCode;
+use SimpleSAML\XML\DOMDocumentFactory;
+use SimpleSAML\XML\TestUtils\SchemaValidationTestTrait;
+use SimpleSAML\XML\TestUtils\SerializableElementTestTrait;
+use SimpleSAML\XMLSchema\Type\IDValue;
+use SimpleSAML\XMLSchema\Type\NCNameValue;
+use SimpleSAML\XMLSecurity\TestUtils\SignedElementTestTrait;
+
+use function dirname;
+use function strval;
+
+/**
+ * Class \SimpleSAML\SAML2\XML\samlp\ManageNameIDResponseTest
+ *
+ * @package simplesamlphp/saml2
+ */
+#[Group('samlp')]
+#[CoversClass(ManageNameIDResponse::class)]
+#[CoversClass(AbstractStatusResponse::class)]
+#[CoversClass(AbstractMessage::class)]
+#[CoversClass(AbstractSamlpElement::class)]
+final class ManageNameIDResponseTest extends TestCase
+{
+    use SchemaValidationTestTrait;
+    use SerializableElementTestTrait;
+    use SignedElementTestTrait;
+
+
+    /**
+     */
+    public static function setUpBeforeClass(): void
+    {
+        self::$testedClass = ManageNameIDResponse::class;
+
+        self::$xmlRepresentation = DOMDocumentFactory::fromFile(
+            dirname(__FILE__, 4) . '/resources/xml/samlp_ManageNameIDResponse.xml',
+        );
+    }
+
+
+    /**
+     */
+    public function testMarshalling(): void
+    {
+        $status = new Status(
+            new StatusCode(
+                SAMLAnyURIValue::fromString(C::STATUS_SUCCESS),
+            ),
+        );
+        $issuer = new Issuer(
+            SAMLStringValue::fromString('https://IdentityProvider.com'),
+        );
+
+        $manageNameIdResponse = new ManageNameIDResponse(
+            id: IDValue::fromString('abc123'),
+            status: $status,
+            issuer: $issuer,
+            destination: SAMLAnyURIValue::fromString('https://example.org/metadata'),
+            consent: SAMLAnyURIValue::fromString(C::CONSENT_EXPLICIT),
+            inResponseTo: NCNameValue::fromString('PHPUnit'),
+            issueInstant: SAMLDateTimeValue::fromString('2021-03-25T16:53:26Z'),
+        );
+
+        $this->assertEquals(
+            self::$xmlRepresentation->saveXML(self::$xmlRepresentation->documentElement),
+            strval($manageNameIdResponse),
+        );
+    }
+}
diff --git a/tests/resources/xml/samlp_ManageNameIDResponse.xml b/tests/resources/xml/samlp_ManageNameIDResponse.xml
@@ -0,0 +1,6 @@
+<samlp:ManageNameIDResponse xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" Version="2.0" ID="abc123" IssueInstant="2021-03-25T16:53:26Z" Destination="https://example.org/metadata" Consent="urn:oasis:names:tc:SAML:2.0:consent:current-explicit" InResponseTo="PHPUnit">
+  <saml:Issuer>https://IdentityProvider.com</saml:Issuer>
+  <samlp:Status>
+    <samlp:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
+  </samlp:Status>
+</samlp:ManageNameIDResponse>
