WIP: Create metadata configuration classes

tvdijen · tvdijen · commit ab11e0fdc19d · 2024-07-29T22:47:45.000+02:00
diff --git a/src/SAML2/Metadata/AbstractProvider.php b/src/SAML2/Metadata/AbstractProvider.php
@@ -0,0 +1,130 @@
+<?php
+
+declare(strict_types=1);
+
+namespace SimpleSAML\SAML2\Metadata;
+
+use SimpleSAML\Assert\Assert;
+use SimpleSAML\XMLSecurity\Alg\Encryption\EncryptionAlgorithmFactory;
+use SimpleSAML\XMLSecurity\Alg\KeyTransport\KeyTransportAlgorithmFactory;
+use SimpleSAML\XMLSecurity\Alg\Signature\SignatureAlgorithmFactory;
+use SimpleSAML\XMLSecurity\Key\{PrivateKey, PublicKey, SymmetricKey};
+
+/**
+ * Class holding common configuration for SAML2 entities.
+ *
+ * @package simplesamlphp/saml2
+ */
+abstract class AbstractProvider
+{
+    /**
+     */
+    protected function __construct(
+        protected string $entityId,
+        protected EncryptionAlgorithmFactory|KeyTransportAlgorithmFactory|null $encryptionAlgorithmFactory,
+        protected SignatureAlgorithmFactory|null $signatureAlgorithmFactory,
+        protected string $signatureAlgorithm,
+        protected array $validatingKeys,
+        protected PrivateKey|null $signingKey,
+        protected PublicKey|SymmetricKey|null $encryptionKey,
+        protected array $decryptionKeys,
+        protected array $IDPList,
+    ) {
+        Assert::validURI($entityId);
+        Assert::validURI($signatureAlgorithm);
+        Assert::allIsInstanceOfAny($decryptionKeys, [SymmetricKey::class, PrivateKey::class]);
+        Assert::allIsInstanceOf($validatingKeys, PublicKey::class);
+        Assert::allValidURI($IDPList);
+    }
+
+
+    /**
+     * Retrieve the SignatureAlgorithmFactory used for signing and verifying messages.
+     */
+    public function getSignatureAlgorithmFactory(): ?SignatureAlgorithmFactory
+    {
+        return $this->signatureAlgorithmFactory;
+    }
+
+
+    /**
+     * Retrieve the EncryptionAlgorithmFactory used for encrypting and decrypting messages.
+     */
+    public function getEncryptionAlgorithmFactory(): EncryptionAlgorithmFactory|KeyTransportAlgorithmFactory|null
+    {
+        return $this->encryptionAlgorithmFactory;
+    }
+
+
+    /**
+     * Retrieve the signature slgorithm to be used for signing messages.
+     */
+    public function getSignatureAlgorithm(): string
+    {
+        return $this->signatureAlgorithm;
+    }
+
+
+    /**
+     * Get the private key to use for signing messages.
+     *
+     * @return \SimpleSAML\XMLSecurity\Key\PrivateKey|null
+     */
+    public function getSigningKey(): ?PrivateKey
+    {
+        return $this->signingKey;
+    }
+
+
+    /**
+     * Get the validating keys to verify a message signature with.
+     *
+     * @return array<\SimpleSAML\XMLSecurity\Key\PublicKey>
+     */
+    public function getValidatingKeys(): array
+    {
+        return $this->validatingKeys;
+    }
+
+
+    /**
+     * Get the private key to use for signing messages.
+     *
+     * @return \SimpleSAML\XMLSecurity\Key\PublicKey|\SimpleSAML\XMLSecurity\Key\SymmetricKey|null
+     */
+    public function getEncryptionKey(): PublicKey|SymmetricKey|null
+    {
+        return $this->encryptionKey;
+    }
+
+
+    /**
+     * Get the decryption keys to decrypt the assertion with.
+     *
+     * @return array<\SimpleSAML\XMLSecurity\Key\PrivateKey|\SimpleSAML\XMLSecurity\Key\SymmetricKey>
+     */
+    public function getDecryptionKeys(): array
+    {
+        return $this->decryptionKeys;
+    }
+
+
+    /**
+     * Retrieve the configured entity ID for this entity
+     */
+    public function getEntityId(): string
+    {
+        return $this->entityId;
+    }
+
+
+    /**
+     * Retrieve the configured IDPList for this entity.
+     *
+     * @return string[]
+     */
+    public function getIDPList(): array
+    {
+        return $this->IDPList;
+    }
+}
diff --git a/src/SAML2/Metadata/IdentityProvider.php b/src/SAML2/Metadata/IdentityProvider.php
@@ -0,0 +1,45 @@
+<?php
+
+declare(strict_types=1);
+
+namespace SimpleSAML\SAML2\Metadata;
+
+use SimpleSAML\XMLSecurity\Constants as C;
+use SimpleSAML\XMLSecurity\Alg\Encryption\EncryptionAlgorithmFactory;
+use SimpleSAML\XMLSecurity\Alg\KeyTransport\KeyTransportAlgorithmFactory;
+use SimpleSAML\XMLSecurity\Alg\Signature\SignatureAlgorithmFactory;
+use SimpleSAML\XMLSecurity\Key\{PrivateKey, PublicKey, SymmetricKey};
+
+/**
+ * Class holding configuration for a SAML 2 Identity Provider.
+ *
+ * @package simplesamlphp/saml2
+ */
+class IdentityProvider extends AbstractProvider
+{
+    /**
+     */
+    public function __construct(
+        string $entityId,
+        EncryptionAlgorithmFactory|KeyTransportAlgorithmFactory|null $encryptionAlgorithmFactory = null,
+        SignatureAlgorithmFactory|null $signatureAlgorithmFactory = null,
+        string $signatureAlgorithm = C::SIG_RSA_SHA256,
+        array $validatingKeys = [],
+        PrivateKey|null $signingKey = null,
+        PublicKey|SymmetricKey|null $encryptionKey = null,
+        array $decryptionKeys = [],
+        array $IDPList = [],
+    ) {
+        parent::__construct(
+            $entityId,
+            $encryptionAlgorithmFactory,
+            $signatureAlgorithmFactory,
+            $signatureAlgorithm,
+            $validatingKeys,
+            $signingKey,
+            $encryptionKey,
+            $decryptionKeys,
+            $IDPList,
+        );
+    }
+}
diff --git a/src/SAML2/Metadata/ServiceProvider.php b/src/SAML2/Metadata/ServiceProvider.php
@@ -0,0 +1,61 @@
+<?php
+
+declare(strict_types=1);
+
+namespace SimpleSAML\SAML2\Metadata;
+
+use SimpleSAML\Assert\Assert;
+use SimpleSAML\SAML2\XML\md\AssertionConsumerService;
+use SimpleSAML\XMLSecurity\Constants as C;
+use SimpleSAML\XMLSecurity\Alg\Encryption\EncryptionAlgorithmFactory;
+use SimpleSAML\XMLSecurity\Alg\KeyTransport\KeyTransportAlgorithmFactory;
+use SimpleSAML\XMLSecurity\Alg\Signature\SignatureAlgorithmFactory;
+use SimpleSAML\XMLSecurity\Key\{PrivateKey, PublicKey, SymmetricKey};
+
+/**
+ * Class holding configuration for a SAML 2 Service Provider.
+ *
+ * @package simplesamlphp/saml2
+ */
+class ServiceProvider extends AbstractProvider
+{
+    /**
+     */
+    public function __construct(
+        string $entityId,
+        EncryptionAlgorithmFactory|KeyTransportAlgorithmFactory|null $encryptionAlgorithmFactory = null,
+        SignatureAlgorithmFactory|null $signatureAlgorithmFactory = null,
+        string $signatureAlgorithm = C::SIG_RSA_SHA256,
+        array $validatingKeys = [],
+        PrivateKey|null $signingKey = null,
+        PublicKey|SymmetricKey|null $encryptionKey = null,
+        protected array $assertionConsumerService = [],
+        array $decryptionKeys = [],
+        array $IDPList = [],
+    ) {
+        Assert::allIsInstanceOf($assertionConsumerService, AssertionConsumerService::class);
+
+        parent::__construct(
+            $entityId,
+            $encryptionAlgorithmFactory,
+            $signatureAlgorithmFactory,
+            $signatureAlgorithm,
+            $validatingKeys,
+            $signingKey,
+            $encryptionKey,
+            $decryptionKeys,
+            $IDPList,
+        );
+    }
+
+
+    /**
+     * Retrieve the configured ACS-endpoints for this Service Provider.
+     *
+     * @return array<\SimpleSAML\SAML2\XML\md\AssertionConsumerService>
+     */
+    public function getAssertionConsumerService(): array
+    {
+        return $this->assertionConsumerService;
+    }
+}
