From 764a2a772194868e7bec3226867b0f6dc2711897 Mon Sep 17 00:00:00 2001 From: Tim van Dijen Date: Mon, 16 Sep 2024 14:11:13 +0200 Subject: [PATCH] Strip element registry of any non top-level elements --- src/XML/element.registry.php | 30 +++++++++++++----------------- tests/XML/ds/KeyValueTest.php | 23 ++++++++++------------- 2 files changed, 23 insertions(+), 30 deletions(-) diff --git a/src/XML/element.registry.php b/src/XML/element.registry.php index d891e6f8..5a371ef8 100644 --- a/src/XML/element.registry.php +++ b/src/XML/element.registry.php @@ -7,54 +7,50 @@ 'CanonicalizationMethod' => '\SimpleSAML\XMLSecurity\XML\ds\CanonicalizationMethod', 'DigestMethod' => '\SimpleSAML\XMLSecurity\XML\ds\DigestMethod', 'DigestValue' => '\SimpleSAML\XMLSecurity\XML\ds\DigestValue', - 'Exponent' => '\SimpleSAML\XMLSecurity\XML\ds\Exponent', +// 'DSAKeyValue' => '\SimpleSAML\XMLSecurity\XML\ds\DSAKeyValue', 'KeyInfo' => '\SimpleSAML\XMLSecurity\XML\ds\KeyInfo', 'KeyName' => '\SimpleSAML\XMLSecurity\XML\ds\KeyName', 'KeyValue' => '\SimpleSAML\XMLSecurity\XML\ds\KeyValue', 'Manifest' => '\SimpleSAML\XMLSecurity\XML\ds\Manifest', - 'Modulus' => '\SimpleSAML\XMLSecurity\XML\ds\Modulus', +// 'MgmtData' => '\SimpleSAML\XMLSecurity\XML\ds\MgmtData', 'Object' => '\SimpleSAML\XMLSecurity\XML\ds\DsObject', - 'RSAKeyValue' => '\SimpleSAML\XMLSecurity\XML\ds\RSAKeyValue', +// 'PGPData' => '\SimpleSAML\XMLSecurity\XML\ds\PGPData', 'Reference' => '\SimpleSAML\XMLSecurity\XML\ds\Reference', 'RetrievalMethod' => '\SimpleSAML\XMLSecurity\XML\ds\RetrievalMethod', + 'RSAKeyValue' => '\SimpleSAML\XMLSecurity\XML\ds\RSAKeyValue', 'Signature' => '\SimpleSAML\XMLSecurity\XML\ds\Signature', 'SignatureMethod' => '\SimpleSAML\XMLSecurity\XML\ds\SignatureMethod', 'SignatureProperties' => '\SimpleSAML\XMLSecurity\XML\ds\SignatureProperties', 'SignatureProperty' => '\SimpleSAML\XMLSecurity\XML\ds\SignatureProperty', 'SignatureValue' => '\SimpleSAML\XMLSecurity\XML\ds\SignatureValue', 'SignedInfo' => '\SimpleSAML\XMLSecurity\XML\ds\SignedInfo', +// 'SPKIData' => '\SimpleSAML\XMLSecurity\XML\ds\SPKIData', 'Transform' => '\SimpleSAML\XMLSecurity\XML\ds\Transform', 'Transforms' => '\SimpleSAML\XMLSecurity\XML\ds\Transforms', - 'X509Certificate' => '\SimpleSAML\XMLSecurity\XML\ds\X509Certificate', 'X509Data' => '\SimpleSAML\XMLSecurity\XML\ds\X509Data', - 'X509IssuerName' => '\SimpleSAML\XMLSecurity\XML\ds\X509IssuerName', - 'X509IssuerSerial' => '\SimpleSAML\XMLSecurity\XML\ds\X509IssuerSerial', - 'X509SerialNumber' => '\SimpleSAML\XMLSecurity\XML\ds\X509SerialNumber', - 'X509SubjectName' => '\SimpleSAML\XMLSecurity\XML\ds\X509SubjectName', - 'XPath' => '\SimpleSAML\XMLSecurity\XML\ds\XPath', ], 'http://www.w3.org/2009/xmldsig11#' => [ +// 'DEREncodedKeyValue' => '\SimpleSAML\XMLSecurity\XML\dsig11\DEREncodedKeyValue', +// 'ECKeyValue' => '\SimpleSAML\XMLSecurity\XML\dsig11\ECKeyValue', +// 'GnB' => '\SimpleSAML\XMLSecurity\XML\dsig11\GnB', 'KeyInfoReference' => '\SimpleSAML\XMLSecurity\XML\dsig11\KeyInfoReference', +// 'PnB' => '\SimpleSAML\XMLSecurity\XML\dsig11\PnB', +// 'Prime' => '\SimpleSAML\XMLSecurity\XML\dsig11\Prime', +// 'TnB' => '\SimpleSAML\XMLSecurity\XML\dsig11\TnB', 'X509Digest' => '\SimpleSAML\XMLSecurity\XML\dsig11\X509Digest', ], 'http://www.w3.org/2001/10/xml-exc-c14n#' => [ 'InclusiveNamespaces' => '\SimpleSAML\XMLSecurity\XML\ec\InclusiveNamespaces', ], 'http://www.w3.org/2001/04/xmlenc#' => [ - 'CarriedKeyName' => '\SimpleSAML\XMLSecurity\XML\xenc\CarriedKeyName', +// 'AgreementMethod' => '\SimpleSAML\XMLSecurity\XML\xenc\AgreementMethod', 'CipherData' => '\SimpleSAML\XMLSecurity\XML\xenc\CipherData', 'CipherReference' => '\SimpleSAML\XMLSecurity\XML\xenc\CipherReference', - 'CipherValue' => '\SimpleSAML\XMLSecurity\XML\xenc\CipherValue', - 'DataReference' => '\SimpleSAML\XMLSecurity\XML\xenc\DataReference', +// 'DHKeyValue' => '\SimpleSAML\XMLSecurity\XML\xenc\DHKeyValue', 'EncryptedData' => '\SimpleSAML\XMLSecurity\XML\xenc\EncryptedData', 'EncryptedKey' => '\SimpleSAML\XMLSecurity\XML\xenc\EncryptedKey', - 'EncryptionMethod' => '\SimpleSAML\XMLSecurity\XML\xenc\EncryptionMethod', 'EncryptionProperties' => '\SimpleSAML\XMLSecurity\XML\xenc\EncryptionProperties', 'EncryptionProperty' => '\SimpleSAML\XMLSecurity\XML\xenc\EncryptionProperty', - 'KeyReference' => '\SimpleSAML\XMLSecurity\XML\xenc\KeyReference', - 'KeySize' => '\SimpleSAML\XMLSecurity\XML\xenc\KeySize', - 'OAEPparams' => '\SimpleSAML\XMLSecurity\XML\xenc\OAEPparams', 'ReferenceList' => '\SimpleSAML\XMLSecurity\XML\xenc\ReferenceList', - 'Transforms' => '\SimpleSAML\XMLSecurity\XML\xenc\Transforms', ], ]; diff --git a/tests/XML/ds/KeyValueTest.php b/tests/XML/ds/KeyValueTest.php index 0ca9f016..82ee0cd7 100644 --- a/tests/XML/ds/KeyValueTest.php +++ b/tests/XML/ds/KeyValueTest.php @@ -7,7 +7,6 @@ use DOMDocument; use PHPUnit\Framework\Attributes\CoversClass; use PHPUnit\Framework\TestCase; -use SimpleSAML\XML\Chunk; use SimpleSAML\XML\DOMDocumentFactory; use SimpleSAML\XML\Exception\SchemaViolationException; use SimpleSAML\XML\TestUtils\SchemaValidationTestTrait; @@ -15,7 +14,7 @@ use SimpleSAML\XMLSecurity\XML\ds\AbstractDsElement; use SimpleSAML\XMLSecurity\XML\ds\KeyValue; use SimpleSAML\XMLSecurity\XML\ds\RSAKeyValue; -use SimpleSAML\XMLSecurity\XML\xenc\CipherValue; +use SimpleSAML\XMLSecurity\XML\xenc\EncryptionProperty; use function dirname; use function strval; @@ -39,8 +38,8 @@ final class KeyValueTest extends TestCase /** @var \DOMDocument $rsaKeyValue */ protected static DOMDocument $rsaKeyValue; - /** @var \DOMDocument $cipherValue */ - protected static DOMDocument $cipherValue; + /** @var \DOMDocument $encryptionProperty */ + protected static DOMDocument $encryptionProperty; /** @@ -61,8 +60,8 @@ protected function setUp(): void dirname(__FILE__, 3) . '/resources/xml/ds_RSAKeyValue.xml', ); - self::$cipherValue = DOMDocumentFactory::fromFile( - dirname(__FILE__, 3) . '/resources/xml/xenc_CipherValue.xml', + self::$encryptionProperty = DOMDocumentFactory::fromFile( + dirname(__FILE__, 3) . '/resources/xml/xenc_EncryptionProperty.xml', ); } @@ -91,18 +90,17 @@ public function testMarshalling(): void */ public function testMarshallingWithOtherElement(): void { - $keyValue = new KeyValue(null, Chunk::fromXML(self::$cipherValue->documentElement)); + $keyValue = new KeyValue(null, EncryptionProperty::fromXML(self::$encryptionProperty->documentElement)); $elements = $keyValue->getElements(); $this->assertEmpty($keyValue->getRSAKeyValue()); $this->assertCount(1, $elements); $element = reset($elements); - $this->assertInstanceOf(Chunk::class, $element); - $this->assertEquals($element->getXML()->textContent, '/CTj03d1DB5e2t7CTo9BEzCf5S9NRzwnBgZRlm32REI='); + $this->assertInstanceOf(EncryptionProperty::class, $element); $document = self::$empty; - $document->documentElement->appendChild($document->importNode(self::$cipherValue->documentElement, true)); + $element->toXML($document->documentElement); $this->assertXmlStringEqualsXmlString($document->saveXML($document->documentElement), strval($keyValue)); } @@ -126,7 +124,7 @@ public function testMarshallingEmpty(): void public function testUnmarshallingWithOtherElement(): void { $document = self::$empty; - $document->documentElement->appendChild($document->importNode(self::$cipherValue->documentElement, true)); + $document->documentElement->appendChild($document->importNode(self::$encryptionProperty->documentElement, true)); $keyValue = KeyValue::fromXML($document->documentElement); @@ -135,8 +133,7 @@ public function testUnmarshallingWithOtherElement(): void $this->assertCount(1, $elements); $element = reset($elements); - $this->assertInstanceOf(CipherValue::class, $element); - $this->assertEquals($element->getContent(), '/CTj03d1DB5e2t7CTo9BEzCf5S9NRzwnBgZRlm32REI='); + $this->assertInstanceOf(EncryptionProperty::class, $element); }