Add toUnsignedXML to the SignableElementTrait

Author: tvdijen

src/XML/SignableElementInterface.php

@@ -2,6 +2,7 @@
 
 namespace SimpleSAML\SAML2\XML;
 
+use SimpleSAML\XMLSecurity\SignedElementInterface;
 use SimpleSAML\XMLSecurity\XMLSecurityKey;
 
 /**
@@ -12,38 +13,11 @@
 interface SignableElementInterface
 {
     /**
-     * Retrieve the certificates that are included in the message.
+     * Sign the 'Element' and return a 'SignedElement'
      *
-     * @return string[] An array of certificates
+     * @param \SimpleSAML\XMLSecurity\XMLSecurityKey $signingKey  The private key we should use to sign the message
+     * @param string[] $certificates  The certificates should be strings with the PEM encoded data
+     * @return \SimpleSAML\XMLSecurity\SignedElementInterface
      */
-    public function getCertificates(): array;
-
-
-    /**
-     * Set the certificates that should be included in the element.
-     * The certificates should be strings with the PEM encoded data.
-     *
-     * @param string[] $certificates An array of certificates.
-     */
-    public function setCertificates(array $certificates): void;
-
-
-    /**
-     * Get the private key we should use to sign the message.
-     *
-     * If the key is null, the message will be sent unsigned.
-     *
-     * @return \SimpleSAML\XMLSecurity\XMLSecurityKey|null
-     */
-    public function getSigningKey(): ?XMLSecurityKey;
-
-
-    /**
-     * Set the private key we should use to sign the message.
-     *
-     * If the key is null, the message will be sent unsigned.
-     *
-     * @param \SimpleSAML\XMLSecurity\XMLSecurityKey|null $signingKey
-     */
-    public function setSigningKey(XMLSecurityKey $signingKey = null): void;
+    public function sign(XMLSecurityKey $signingKey, array $certificates): SignedElementInterface;
 }

src/XML/SignableElementTrait.php

@@ -4,11 +4,10 @@
 
 namespace SimpleSAML\XMLSecurity\XML;
 
-//use DOMElement;
-//use DOMNode;
-//use Exception;
+use DOMElement;
+use DOMNode;
 use SimpleSAML\Assert\Assert;
-//use SimpleSAML\XMLSecurity\Utils\Security as XMLSecurityUtils;
+use SimpleSAML\XMLSecurity\Utils\Security as XMLSecurityUtils;
 use SimpleSAML\XMLSecurity\XML\ds\Signature;
 use SimpleSAML\XMLSecurity\XMLSecurityKey;
 use SimpleSAML\XML\Utils as XMLUtils;
@@ -20,94 +19,27 @@
  */
 trait SignableElementTrait
 {
-    /**
-     * List of certificates that should be included in the message.
-     *
-     * @var string[]
-     */
-    protected array $certificates = [];
-
-    /**
-     * The private key we should use to sign an unsigned message.
-     *
-     * The private key can be null, in which case we can only validate an already signed message.
-     *
-     * @var \SimpleSAML\XMLSecurity\XMLSecurityKey|null
-     */
-    protected ?XMLSecurityKey $signingKey = null;
-
-
-    /**
-     * Retrieve the certificates that are included in the message.
-     *
-     * @return string[] An array of certificates
-     */
-    public function getCertificates(): array
-    {
-        return $this->certificates;
-    }
-
-
-    /**
-     * Set the certificates that should be included in the element.
-     * The certificates should be strings with the PEM encoded data.
-     *
-     * @param string[] $certificates An array of certificates.
-     */
-    public function setCertificates(array $certificates): void
-    {
-        Assert::allStringNotEmpty($certificates);
-
-        $this->certificates = $certificates;
-    }
-
-
-    /**
-     * Get the private key we should use to sign the message.
-     *
-     * If the key is null, the message will be sent unsigned.
-     *
-     * @return \SimpleSAML\XMLSecurity\XMLSecurityKey|null
-     */
-    public function getSigningKey(): ?XMLSecurityKey
-    {
-        return $this->signingKey;
-    }
-
-
-    /**
-     * Set the private key we should use to sign the message.
-     *
-     * If the key is null, the message will be sent unsigned.
-     *
-     * @param \SimpleSAML\XMLSecurity\XMLSecurityKey|null $signingKey
-     */
-    public function setSigningKey(XMLSecurityKey $signingKey = null): void
-    {
-        $this->signingKey = $signingKey;
-    }
-
-
     /**
      * Sign the given XML element.
      *
-     * @param \DOMElement $root The element we should sign.
+     * @param \SimpleSAML\XMLSecurity\XMLSecurityKey $signKey The private key used for signing.
+     * @param array $certificates  Any public key to be added to the ds:Signature
+     * @param \DOMNode|null $insertBefore  A specific node in the DOM structure where the ds:Signature should be put in front.
      * @return \DOMElement The signed element.
      * @throws \Exception If an error occurs while trying to sign.
-    protected function signElement(DOMElement $root, DOMNode $insertBefore = null): DOMElement
+     */
+    private function toSignedXML(XMLSecurityKey $signKey, array $certificates, DOMNode $insertBefore = null): DOMElement
     {
-        if ($this->signingKey instanceof XMLSecurityKey) {
-            if ($insertBefore !== null) {
-                XMLSecurityUtils::insertSignature($this->signingKey, $this->certificates, $root, $insertBefore);
-
-                $doc = clone $root->ownerDocument;
-                $this->signature = Signature::fromXML(XMLUtils::xpQuery($doc->documentElement, './ds:Signature')[0]);
-            } else {
-                $this->signature = new Signature($this->signingKey->getAlgorithm(), $this->certificates, $this->signingKey);
-                $this->signature->toXML($root);
-            }
+        $root = $this->toXML();
+
+        if ($insertBefore !== null) {
+            XMLSecurityUtils::insertSignature($this->signingKey, $this->certificates, $root, $insertBefore);
+            $doc = clone $root->ownerDocument;
+        } else {
+            $signature = new Signature($this->signingKey->getAlgorithm(), $this->certificates, $this->signingKey);
+            $signature->toXML($root);
         }
+
         return $root;
     }
-     */
 }