diff --git a/lib/SimpleSAML/Bindings/Shib13/HTTPPost.php b/lib/SimpleSAML/Bindings/Shib13/HTTPPost.php
index 9b39623a4ab6f15cf6c262eac9253eb304fb548a..c97cf899e801cc54c4faedd7060655bc60fb71c1 100644
--- a/lib/SimpleSAML/Bindings/Shib13/HTTPPost.php
+++ b/lib/SimpleSAML/Bindings/Shib13/HTTPPost.php
@@ -27,7 +27,7 @@ class SimpleSAML_Bindings_Shib13_HTTPPost {
*/
public function sendResponse($response, SimpleSAML_Configuration $idpmd, SimpleSAML_Configuration $spmd, $relayState, $shire) {
- SimpleSAML_Utilities::validateXMLDocument($response, 'saml11');
+ \SimpleSAML\Utils\XML::checkSAMLMessage($response, 'saml11');
$privatekey = SimpleSAML\Utils\Crypto::loadPrivateKey($idpmd, TRUE);
$publickey = SimpleSAML\Utils\Crypto::loadPublicKey($idpmd, TRUE);
@@ -105,7 +105,7 @@ class SimpleSAML_Bindings_Shib13_HTTPPost {
\SimpleSAML\Utils\XML::debugSAMLMessage($samlResponseXML, 'in');
- SimpleSAML_Utilities::validateXMLDocument($samlResponseXML, 'saml11');
+ \SimpleSAML\Utils\XML::checkSAMLMessage($samlResponseXML, 'saml11');
$samlResponse = new SimpleSAML_XML_Shib13_AuthnResponse();
$samlResponse->setXML($samlResponseXML);
diff --git a/lib/SimpleSAML/Utilities.php b/lib/SimpleSAML/Utilities.php
index 0dc6bdf3b042d9e0bc7c195bc362f2338ea4b810..3f74486314dc1333d3baa1e94b57d35b2606dd61 100644
--- a/lib/SimpleSAML/Utilities.php
+++ b/lib/SimpleSAML/Utilities.php
@@ -320,53 +320,10 @@ class SimpleSAML_Utilities {
/**
- * This function performs some sanity checks on XML documents, and optionally validates them
- * against their schema. A warning will be printed to the log if validation fails.
- *
- * @param $message The message which should be validated, as a string.
- * @param $type The type of document - can be either 'saml20', 'saml11' or 'saml-meta'.
- * @deprecated
+ * @deprecated This method will be removed in SSP 2.0. Please use SimpleSAML\Utils\XML::checkSAMLMessage() instead.
*/
public static function validateXMLDocument($message, $type) {
- assert('is_string($message)');
- assert($type === 'saml11' || $type === 'saml20' || $type === 'saml-meta');
-
- /* A SAML message should not contain a doctype-declaration. */
- if(strpos($message, '<!DOCTYPE') !== FALSE) {
- throw new Exception('XML contained a doctype declaration.');
- }
-
- $enabled = SimpleSAML_Configuration::getInstance()->getBoolean('debug.validatexml', NULL);
- if($enabled === NULL) {
- /* Fall back to old configuration option. */
- $enabled = SimpleSAML_Configuration::getInstance()->getBoolean('debug.validatesamlmessages', NULL);
- if($enabled === NULL) {
- /* Fall back to even older configuration option. */
- $enabled = SimpleSAML_Configuration::getInstance()->getBoolean('debug.validatesaml2messages', FALSE);
- }
- }
-
- if(!$enabled) {
- return;
- }
-
- switch($type) {
- case 'saml11':
- $result = self::validateXML($message, 'oasis-sstc-saml-schema-protocol-1.1.xsd');
- break;
- case 'saml20':
- $result = self::validateXML($message, 'saml-schema-protocol-2.0.xsd');
- break;
- case 'saml-meta':
- $result = self::validateXML($message, 'saml-schema-metadata-2.0.xsd');
- break;
- default:
- throw new Exception('Invalid message type.');
- }
-
- if($result !== '') {
- SimpleSAML_Logger::warning($result);
- }
+ \SimpleSAML\Utils\XML::checkSAMLMessage($message, $type);
}
diff --git a/lib/SimpleSAML/Utils/XML.php b/lib/SimpleSAML/Utils/XML.php
index 72ddbcf853404f3155552b7a36810187b4223b6f..1483a7136aac4049c77f58cee9c6c22933954b8d 100644
--- a/lib/SimpleSAML/Utils/XML.php
+++ b/lib/SimpleSAML/Utils/XML.php
@@ -11,11 +11,62 @@ namespace SimpleSAML\Utils;
class XML
{
+ /**
+ * This function performs some sanity checks on XML documents, and optionally validates them against their schema
+ * if the 'debug.validatexml' option is enabled. A warning will be printed to the log if validation fails.
+ *
+ * @param string $message The SAML document we want to check.
+ * @param string $type The type of document. Can be one of:
+ * - 'saml20'
+ * - 'saml11'
+ * - 'saml-meta'
+ *
+ * @throws \InvalidArgumentException If $message is not a string or $type is not a string containing one of the
+ * values allowed.
+ * @throws \SimpleSAML_Error_Exception If $message contains a doctype declaration.
+ *
+ * @author Olav Morken, UNINETT AS <olav.morken@uninett.no>
+ * @author Jaime Perez, UNINETT AS <jaime.perez@uninett.no>
+ */
+ public static function checkSAMLMessage($message, $type)
+ {
+ $allowed_types = array('saml20', 'saml11', 'saml-meta');
+ if (!(is_string($message) && in_array($type, $allowed_types))) {
+ throw new \InvalidArgumentException('Invalid input parameters.');
+ }
+
+ // a SAML message should not contain a doctype-declaration
+ if (strpos($message, '<!DOCTYPE') !== false) {
+ throw new \SimpleSAML_Error_Exception('XML contained a doctype declaration.');
+ }
+
+ $enabled = \SimpleSAML_Configuration::getInstance()->getBoolean('debug.validatexml', null);
+ if (!$enabled) {
+ return;
+ }
+
+ $result = true;
+ switch ($type) {
+ case 'saml11':
+ $result = self::isValid($message, 'oasis-sstc-saml-schema-protocol-1.1.xsd');
+ break;
+ case 'saml20':
+ $result = self::isValid($message, 'saml-schema-protocol-2.0.xsd');
+ break;
+ case 'saml-meta':
+ $result = self::isValid($message, 'saml-schema-metadata-2.0.xsd');
+ }
+ if ($result !== true) {
+ \SimpleSAML_Logger::warning($result);
+ }
+ }
+
+
/**
* Helper function to log SAML messages that we send or receive.
*
* @param string|\DOMElement $message The message, as an string containing the XML or an XML element.
- * @param string $type Whether this message is sent or received, encrypted or decrypted. The following
+ * @param string $type Whether this message is sent or received, encrypted or decrypted. The following
* values are supported:
* - 'in': for messages received.
* - 'out': for outgoing messages.
@@ -322,7 +373,7 @@ class XML
* it doesn't. Please use strict comparisons to check the values returned.
*
* @param string|\DOMDocument $xml The XML string or document which should be validated.
- * @param string $schema The filename of the schema that should be used to validate the document.
+ * @param string $schema The filename of the schema that should be used to validate the document.
*
* @return boolean|string Returns a string with errors found if validation fails. True if validation passes ok.
* @throws \InvalidArgumentException If $schema is not a string, or $xml is neither a string nor a \DOMDocument.
diff --git a/modules/metaedit/www/edit.php b/modules/metaedit/www/edit.php
index a2851b16ea6acf302e0ef8c08a6ee55c95c07fba..8a89c2b11023a1b3d7ce02e51f72556d2fac830e 100644
--- a/modules/metaedit/www/edit.php
+++ b/modules/metaedit/www/edit.php
@@ -31,7 +31,7 @@ if (array_key_exists('entityid', $_REQUEST)) {
} elseif(array_key_exists('xmlmetadata', $_REQUEST)) {
$xmldata = $_REQUEST['xmlmetadata'];
- SimpleSAML_Utilities::validateXMLDocument($xmldata, 'saml-meta');
+ \SimpleSAML\Utils\XML::checkSAMLMessage($xmldata, 'saml-meta');
$entities = SimpleSAML_Metadata_SAMLParser::parseDescriptorsString($xmldata);
$entity = array_pop($entities);
$metadata = $entity->getMetadata20SP();
diff --git a/www/admin/metadata-converter.php b/www/admin/metadata-converter.php
index 3cea4c6290f582064e59ad3b3e86e11878ea684d..828d2ce8db106960e8fba621415c5723ff0e842a 100644
--- a/www/admin/metadata-converter.php
+++ b/www/admin/metadata-converter.php
@@ -10,7 +10,7 @@ $config = SimpleSAML_Configuration::getInstance();
if(array_key_exists('xmldata', $_POST)) {
$xmldata = $_POST['xmldata'];
- SimpleSAML_Utilities::validateXMLDocument($xmldata, 'saml-meta');
+ \SimpleSAML\Utils\XML::checkSAMLMessage($xmldata, 'saml-meta');
$entities = SimpleSAML_Metadata_SAMLParser::parseDescriptorsString($xmldata);
/* Get all metadata for the entities. */