Add missing dsig11-elements

phpstan-baseline.neon

@@ -0,0 +1,11 @@
+parameters:
+	ignoreErrors:
+		-
+			message: "#^Call to an undefined static method SimpleSAML\\\\XML\\\\SerializableElementInterface\\:\\:getNameSpaceURI\\(\\)\\.$#"
+			count: 1
+			path: src/XML/ds/KeyValue.php
+
+		-
+			message: "#^Call to an undefined static method SimpleSAML\\\\XML\\\\SerializableElementInterface\\:\\:getNameSpaceURI\\(\\)\\.$#"
+			count: 1
+			path: src/XML/dsig11/AbstractFieldIDType.php

phpstan.neon

@@ -2,3 +2,5 @@ parameters:
   level: 6
   paths:
     - src
+includes:
+  - phpstan-baseline.neon

src/Constants.php

@@ -144,9 +144,12 @@ class Constants extends \SimpleSAML\XML\Constants
      */
     public const NS_XDSIG = 'http://www.w3.org/2000/09/xmldsig#';
     public const NS_XDSIG11 = 'http://www.w3.org/2009/xmldsig11#';
+
     public const XMLDSIG_ENVELOPED = 'http://www.w3.org/2000/09/xmldsig#enveloped-signature';
     public const XMLDSIG_MANIFEST = 'http://www.w3.org/2000/09/xmldsig#Manifest';
 
+    public const XMLDSIG11_DER_ENCODED_KEY_VALUE = 'https://www.w3.org/2009/xmldsig11#DEREncodedKeyValue';
+
     public const NS_XENC = 'http://www.w3.org/2001/04/xmlenc#';
     public const NS_XENC11 = 'http://www.w3.org/2009/xmlenc11#';
     public const XMLENC_CONTENT = 'http://www.w3.org/2001/04/xmlenc#Content';

src/XML/ds/AbstractKeyInfoType.php

@@ -12,7 +12,8 @@
 use SimpleSAML\XMLSecurity\Assert\Assert;
 use SimpleSAML\XMLSecurity\Constants as C;
 use SimpleSAML\XMLSecurity\Exception\InvalidArgumentException;
-use SimpleSAML\XMLSecurity\XML\ds\AbstractDsElement;
+use SimpleSAML\XMLSecurity\XML\dsig11\AbstractDsig11Element;
+use SimpleSAML\XMLSecurity\XML\dsig11\DEREncodedKeyValue;
 
 /**
  * Abstract class representing the KeyInfoType.
@@ -38,6 +39,7 @@ abstract class AbstractKeyInfoType extends AbstractDsElement
      *     \SimpleSAML\XMLSecurity\XML\ds\PGPData|
      *     \SimpleSAML\XMLSecurity\XML\ds\SPKIData|
      *     \SimpleSAML\XMLSecurity\XML\ds\MgmtData|
+     *     \SimpleSAML\XMLSecurity\XML\dsig11\DEREncodedKeyValue|
      *     \SimpleSAML\XML\SerializableElementInterface
      * )[] $info
      * @param string|null $Id
@@ -78,6 +80,14 @@ final public function __construct(
                     ],
                     SchemaViolationException::class,
                 );
+            } elseif ($item instanceof AbstractDsig11Element) {
+                Assert::isInstanceOfAny(
+                    $item,
+                    [
+                        DEREncodedKeyValue::class,
+                    ],
+                    SchemaViolationException::class,
+                );
             }
         }
     }

src/XML/ds/KeyInfo.php

@@ -7,8 +7,8 @@
 use DOMElement;
 use SimpleSAML\Assert\Assert;
 use SimpleSAML\XML\Exception\InvalidDOMElementException;
-use SimpleSAML\XML\SchemaValidatableElementInterface;
-use SimpleSAML\XML\SchemaValidatableElementTrait;
+use SimpleSAML\XML\{SchemaValidatableElementInterface, SchemaValidatableElementTrait};
+use SimpleSAML\XMLSecurity\XML\dsig11\DEREncodedKeyValue;
 
 use function array_merge;
 
@@ -44,6 +44,7 @@ public static function fromXML(DOMElement $xml): static
         $pgpData = PGPData::getChildrenOfClass($xml);
         $spkiData = SPKIData::getChildrenOfClass($xml);
         $mgmtData = MgmtData::getChildrenOfClass($xml);
+        $derEncodedKeyValue = DEREncodedKeyValue::getChildrenOfClass($xml);
         $other = self::getChildElementsFromXML($xml);
 
         $info = array_merge(
@@ -54,6 +55,7 @@ public static function fromXML(DOMElement $xml): static
             $pgpData,
             $spkiData,
             $mgmtData,
+            $derEncodedKeyValue,
             $other,
         );
 

src/XML/ds/KeyValue.php

@@ -6,14 +6,20 @@
 
 use DOMElement;
 use SimpleSAML\Assert\Assert;
-use SimpleSAML\XML\ElementInterface;
+use SimpleSAML\XML\Chunk;
 use SimpleSAML\XML\Exception\InvalidDOMElementException;
 use SimpleSAML\XML\Exception\SchemaViolationException;
 use SimpleSAML\XML\Exception\TooManyElementsException;
 use SimpleSAML\XML\ExtendableElementTrait;
 use SimpleSAML\XML\SchemaValidatableElementInterface;
 use SimpleSAML\XML\SchemaValidatableElementTrait;
+use SimpleSAML\XML\SerializableElementInterface;
 use SimpleSAML\XML\XsNamespace as NS;
+use SimpleSAML\XMLSecurity\Constants as C;
+use SimpleSAML\XMLSecurity\XML\dsig11\ECKeyValue;
+
+use function array_merge;
+use function array_pop;
 
 /**
  * Class representing a ds:KeyValue element.
@@ -22,7 +28,11 @@
  */
 final class KeyValue extends AbstractDsElement implements SchemaValidatableElementInterface
 {
-    use ExtendableElementTrait;
+    // We use our own getter instead of the trait's one, so we prevent their use by marking them private
+    use ExtendableElementTrait {
+        getElements as private;
+        setElements as private;
+    }
     use SchemaValidatableElementTrait;
 
 
@@ -33,33 +43,38 @@ final class KeyValue extends AbstractDsElement implements SchemaValidatableEleme
     /**
      * Initialize an KeyValue.
      *
-     * @param \SimpleSAML\XMLSecurity\XML\ds\RSAKeyValue|null $RSAKeyValue
-     * @param \SimpleSAML\XML\SerializableElementInterface|null $element
+     * @param \SimpleSAML\XML\SerializableElementInterface $keyValue
      */
     final public function __construct(
-        protected ?RSAKeyValue $RSAKeyValue,
-        ?ElementInterface $element = null,
+        protected RSAKeyValue|DSAKeyValue|ECKeyValue|SerializableElementInterface $keyValue,
     ) {
-        Assert::false(
-            is_null($RSAKeyValue) && is_null($element),
-            'A <ds:KeyValue> requires either a RSAKeyValue or an element in namespace ##other',
-            SchemaViolationException::class,
-        );
-
-        if ($element !== null) {
-            $this->setElements([$element]);
+        if (
+            !($keyValue instanceof RSAKeyValue
+            || $keyValue instanceof DSAKeyValue
+            || $keyValue instanceof ECKeyValue)
+        ) {
+            Assert::true(
+                (($keyValue instanceof Chunk) ? $keyValue->getNamespaceURI() : $keyValue::getNameSpaceURI())
+                !== C::NS_XDSIG,
+                'A <ds:KeyValue> requires either a RSAKeyValue, DSAKeyValue, ECKeyValue '
+                . 'or an element in namespace ##other',
+                SchemaViolationException::class,
+            );
         }
     }
 
 
     /**
      * Collect the value of the RSAKeyValue-property
      *
-     * @return \SimpleSAML\XMLSecurity\XML\ds\RSAKeyValue|null
+     * @return (\SimpleSAML\XMLSecurity\XML\ds\RSAKeyValue|
+     *         \SimpleSAML\XMLSecurity\XML\ds\DSAKeyValue|
+     *         \SimpleSAML\XMLSecurity\XML\dsig11\ECKeyValue|
+     *         \SimpleSAML\XML\SerializableElementInterface)
      */
-    public function getRSAKeyValue(): ?RSAKeyValue
+    public function getKeyValue(): RSAKeyValue|DSAKeyValue|ECKeyValue|SerializableElementInterface
     {
-        return $this->RSAKeyValue;
+        return $this->keyValue;
     }
 
 
@@ -77,23 +92,20 @@ public static function fromXML(DOMElement $xml): static
         Assert::same($xml->localName, 'KeyValue', InvalidDOMElementException::class);
         Assert::same($xml->namespaceURI, KeyValue::NS, InvalidDOMElementException::class);
 
-        $RSAKeyValue = RSAKeyValue::getChildrenOfClass($xml);
-        Assert::maxCount(
-            $RSAKeyValue,
-            1,
-            'A <ds:KeyValue> can contain exactly one <ds:RSAKeyValue>',
-            TooManyElementsException::class,
+        $keyValue = array_merge(
+            RSAKeyValue::getChildrenOfClass($xml),
+            DSAKeyValue::getChildrenOfClass($xml),
+            self::getChildElementsFromXML($xml),
         );
 
-        $elements = self::getChildElementsFromXML($xml);
-        Assert::maxCount(
-            $elements,
+        Assert::count(
+            $keyValue,
             1,
-            'A <ds:KeyValue> can contain exactly one element in namespace ##other',
+            'A <ds:KeyValue> must contain exactly one child element',
             TooManyElementsException::class,
         );
 
-        return new static(array_pop($RSAKeyValue), array_pop($elements));
+        return new static(array_pop($keyValue));
     }
 
 
@@ -107,13 +119,7 @@ public function toXML(?DOMElement $parent = null): DOMElement
     {
         $e = $this->instantiateParentElement($parent);
 
-        $this->getRSAKeyValue()?->toXML($e);
-
-        foreach ($this->elements as $elt) {
-            if (!$elt->isEmptyElement()) {
-                $elt->toXML($e);
-            }
-        }
+        $this->getKeyValue()->toXML($e);
 
         return $e;
     }

src/XML/dsig11/A.php

@@ -0,0 +1,29 @@
+<?php
+
+declare(strict_types=1);
+
+namespace SimpleSAML\XMLSecurity\XML\dsig11;
+
+use SimpleSAML\XML\Base64ElementTrait;
+
+/**
+ * Class representing a dsig11:A element.
+ *
+ * @package simplesaml/xml-security
+ */
+final class A extends AbstractDsig11Element
+{
+    use Base64ElementTrait;
+
+
+    /**
+     * Initialize a A element.
+     *
+     * @param string $value
+     */
+    public function __construct(
+        string $value,
+    ) {
+        $this->setContent($value);
+    }
+}

src/XML/dsig11/AbstractCharTwoFieldParamsType.php

@@ -0,0 +1,51 @@
+<?php
+
+declare(strict_types=1);
+
+namespace SimpleSAML\XMLSecurity\XML\dsig11;
+
+use DOMElement;
+
+/**
+ * Abstract class representing a dsig11:CharTwoFieldParamsType
+ *
+ * @package simplesaml/xml-security
+ */
+abstract class AbstractCharTwoFieldParamsType extends AbstractDsig11Element
+{
+    /**
+     * Initialize a CharTwoFieldParamsType element.
+     *
+     * @param \SimpleSAML\XMLSecurity\XML\dsig11\M $m
+     */
+    public function __construct(
+        protected M $m,
+    ) {
+    }
+
+
+    /**
+     * Collect the value of the m-property
+     *
+     * @return \SimpleSAML\XMLSecurity\XML\dsig11\M
+     */
+    public function getM(): M
+    {
+        return $this->m;
+    }
+
+
+    /**
+     * Convert this CharTwoFieldParamsType element to XML.
+     *
+     * @param \DOMElement|null $parent The element we should append this CharTwoFieldParamsType element to.
+     * @return \DOMElement
+     */
+    public function toXML(?DOMElement $parent = null): DOMElement
+    {
+        $e = $this->instantiateParentElement($parent);
+        $this->getM()->toXML($e);
+
+        return $e;
+    }
+}

src/XML/dsig11/AbstractCurveType.php

@@ -0,0 +1,66 @@
+<?php
+
+declare(strict_types=1);
+
+namespace SimpleSAML\XMLSecurity\XML\dsig11;
+
+use DOMElement;
+
+/**
+ * Abstract class representing a dsig11:CurveType
+ *
+ * @package simplesaml/xml-security
+ */
+abstract class AbstractCurveType extends AbstractDsig11Element
+{
+    /**
+     * Initialize a CurveType element.
+     *
+     * @param \SimpleSAML\XMLSecurity\XML\dsig11\A $a
+     * @param \SimpleSAML\XMLSecurity\XML\dsig11\B $b
+     */
+    public function __construct(
+        protected A $a,
+        protected B $b,
+    ) {
+    }
+
+
+    /**
+     * Collect the value of the a-property
+     *
+     * @return \SimpleSAML\XMLSecurity\XML\dsig11\A
+     */
+    public function getA(): A
+    {
+        return $this->a;
+    }
+
+
+    /**
+     * Collect the value of the b-property
+     *
+     * @return \SimpleSAML\XMLSecurity\XML\dsig11\B
+     */
+    public function getB(): B
+    {
+        return $this->b;
+    }
+
+
+    /**
+     * Convert this CurveType element to XML.
+     *
+     * @param \DOMElement|null $parent The element we should append this CurveType element to.
+     * @return \DOMElement
+     */
+    public function toXML(?DOMElement $parent = null): DOMElement
+    {
+        $e = $this->instantiateParentElement($parent);
+
+        $this->getA()->toXML($e);
+        $this->getB()->toXML($e);
+
+        return $e;
+    }
+}