Move SimpleSAML_Utilities::validateXMLDocument() to SimpleSAML\Utils\XML::checkSAMLMessage().

bde2b257 · Jaime Perez Crespo · ce445821 · bde2b257 · bde2b257 · bde2b257
Commit bde2b257 authored 9 years ago by Jaime Perez Crespo
--- a/lib/SimpleSAML/Bindings/Shib13/HTTPPost.php
+++ b/lib/SimpleSAML/Bindings/Shib13/HTTPPost.php
@@ -27,7 +27,7 @@ class SimpleSAML_Bindings_Shib13_HTTPPost {
 	 */
 	public function sendResponse($response, SimpleSAML_Configuration $idpmd, SimpleSAML_Configuration $spmd, $relayState, $shire) {

-		SimpleSAML_Utilities::validateXMLDocument($response, 'saml11');
+		\SimpleSAML\Utils\XML::checkSAMLMessage($response, 'saml11');

 		$privatekey = SimpleSAML\Utils\Crypto::loadPrivateKey($idpmd, TRUE);
 		$publickey = SimpleSAML\Utils\Crypto::loadPublicKey($idpmd, TRUE);
@@ -105,7 +105,7 @@ class SimpleSAML_Bindings_Shib13_HTTPPost {

 		\SimpleSAML\Utils\XML::debugSAMLMessage($samlResponseXML, 'in');

-		SimpleSAML_Utilities::validateXMLDocument($samlResponseXML, 'saml11');
+		\SimpleSAML\Utils\XML::checkSAMLMessage($samlResponseXML, 'saml11');

 		$samlResponse = new SimpleSAML_XML_Shib13_AuthnResponse();
 		$samlResponse->setXML($samlResponseXML);

--- a/lib/SimpleSAML/Utilities.php
+++ b/lib/SimpleSAML/Utilities.php
@@ -320,53 +320,10 @@ class SimpleSAML_Utilities {


 	/**
-	 * This function performs some sanity checks on XML documents, and optionally validates them
-	 * against their schema. A warning will be printed to the log if validation fails.
-	 *
-	 * @param $message  The message which should be validated, as a string.
-	 * @param $type     The type of document - can be either 'saml20', 'saml11' or 'saml-meta'.
-	 * @deprecated
+	 * @deprecated This method will be removed in SSP 2.0. Please use SimpleSAML\Utils\XML::checkSAMLMessage() instead.
 	 */
 	public static function validateXMLDocument($message, $type) {
-		assert('is_string($message)');
-		assert($type === 'saml11' || $type === 'saml20' || $type === 'saml-meta');
-
-		/* A SAML message should not contain a doctype-declaration. */
-		if(strpos($message, '<!DOCTYPE') !== FALSE) {
-			throw new Exception('XML contained a doctype declaration.');
-		}
-
-		$enabled = SimpleSAML_Configuration::getInstance()->getBoolean('debug.validatexml', NULL);
-		if($enabled === NULL) {
-			/* Fall back to old configuration option. */
-			$enabled = SimpleSAML_Configuration::getInstance()->getBoolean('debug.validatesamlmessages', NULL);
-			if($enabled === NULL) {
-				/* Fall back to even older configuration option. */
-				$enabled = SimpleSAML_Configuration::getInstance()->getBoolean('debug.validatesaml2messages', FALSE);
-			}
-		}
-
-		if(!$enabled) {
-			return;
-		}
-
-		switch($type) {
-		case 'saml11':
-			$result = self::validateXML($message, 'oasis-sstc-saml-schema-protocol-1.1.xsd');
-			break;
-		case 'saml20':
-			$result = self::validateXML($message, 'saml-schema-protocol-2.0.xsd');
-			break;
-		case 'saml-meta':
-			$result = self::validateXML($message, 'saml-schema-metadata-2.0.xsd');
-			break;
-		default:
-			throw new Exception('Invalid message type.');
-		}
-
-		if($result !== '') {
-			SimpleSAML_Logger::warning($result);
-		}
+		\SimpleSAML\Utils\XML::checkSAMLMessage($message, $type);
 	}



--- a/lib/SimpleSAML/Utils/XML.php
+++ b/lib/SimpleSAML/Utils/XML.php
@@ -11,11 +11,62 @@ namespace SimpleSAML\Utils;
 class XML
 {

+    /**
+     * This function performs some sanity checks on XML documents, and optionally validates them against their schema
+     * if the 'debug.validatexml' option is enabled. A warning will be printed to the log if validation fails.
+     *
+     * @param string $message The SAML document we want to check.
+     * @param string $type The type of document. Can be one of:
+     * - 'saml20'
+     * - 'saml11'
+     * - 'saml-meta'
+     *
+     * @throws \InvalidArgumentException If $message is not a string or $type is not a string containing one of the
+     *     values allowed.
+     * @throws \SimpleSAML_Error_Exception If $message contains a doctype declaration.
+     *
+     * @author Olav Morken, UNINETT AS <olav.morken@uninett.no>
+     * @author Jaime Perez, UNINETT AS <jaime.perez@uninett.no>
+     */
+    public static function checkSAMLMessage($message, $type)
+    {
+        $allowed_types = array('saml20', 'saml11', 'saml-meta');
+        if (!(is_string($message) && in_array($type, $allowed_types))) {
+            throw new \InvalidArgumentException('Invalid input parameters.');
+        }
+
+        // a SAML message should not contain a doctype-declaration
+        if (strpos($message, '<!DOCTYPE') !== false) {
+            throw new \SimpleSAML_Error_Exception('XML contained a doctype declaration.');
+        }
+
+        $enabled = \SimpleSAML_Configuration::getInstance()->getBoolean('debug.validatexml', null);
+        if (!$enabled) {
+            return;
+        }
+
+        $result = true;
+        switch ($type) {
+            case 'saml11':
+                $result = self::isValid($message, 'oasis-sstc-saml-schema-protocol-1.1.xsd');
+                break;
+            case 'saml20':
+                $result = self::isValid($message, 'saml-schema-protocol-2.0.xsd');
+                break;
+            case 'saml-meta':
+                $result = self::isValid($message, 'saml-schema-metadata-2.0.xsd');
+        }
+        if ($result !== true) {
+            \SimpleSAML_Logger::warning($result);
+        }
+    }
+
+
    /**
     * Helper function to log SAML messages that we send or receive.
     *
     * @param string|\DOMElement $message The message, as an string containing the XML or an XML element.
-     * @param string            $type Whether this message is sent or received, encrypted or decrypted. The following
+     * @param string             $type Whether this message is sent or received, encrypted or decrypted. The following
     *     values are supported:
     *      - 'in': for messages received.
     *      - 'out': for outgoing messages.
@@ -322,7 +373,7 @@ class XML
     * it doesn't. Please use strict comparisons to check the values returned.
     *
     * @param string|\DOMDocument $xml The XML string or document which should be validated.
-     * @param string $schema The filename of the schema that should be used to validate the document.
+     * @param string              $schema The filename of the schema that should be used to validate the document.
     *
     * @return boolean|string Returns a string with errors found if validation fails. True if validation passes ok.
     * @throws \InvalidArgumentException If $schema is not a string, or $xml is neither a string nor a \DOMDocument.

--- a/modules/metaedit/www/edit.php
+++ b/modules/metaedit/www/edit.php
@@ -31,7 +31,7 @@ if (array_key_exists('entityid', $_REQUEST)) {
 } elseif(array_key_exists('xmlmetadata', $_REQUEST)) {

 	$xmldata = $_REQUEST['xmlmetadata'];
-	SimpleSAML_Utilities::validateXMLDocument($xmldata, 'saml-meta');
+	\SimpleSAML\Utils\XML::checkSAMLMessage($xmldata, 'saml-meta');
 	$entities = SimpleSAML_Metadata_SAMLParser::parseDescriptorsString($xmldata);
 	$entity = array_pop($entities);
 	$metadata =  $entity->getMetadata20SP();

--- a/www/admin/metadata-converter.php
+++ b/www/admin/metadata-converter.php
@@ -10,7 +10,7 @@ $config = SimpleSAML_Configuration::getInstance();
 if(array_key_exists('xmldata', $_POST)) {
 	$xmldata = $_POST['xmldata'];

-	SimpleSAML_Utilities::validateXMLDocument($xmldata, 'saml-meta');
+	\SimpleSAML\Utils\XML::checkSAMLMessage($xmldata, 'saml-meta');
 	$entities = SimpleSAML_Metadata_SAMLParser::parseDescriptorsString($xmldata);

 	/* Get all metadata for the entities. */