Merge pull request #2 from simplesamlphp/signedelts

Rewrite signed elements structure

Author: tvdijen

bin/generate_CustomSignable.php

@@ -0,0 +1,15 @@
+<?php
+
+require_once('../vendor/autoload.php');
+
+use SimpleSAML\XML\DOMDocumentFactory;
+use SimpleSAML\XMLSecurity\Test\XML\CustomSignable;
+use SimpleSAML\XMLSecurity\TestUtils\PEMCertificatesMock;
+use SimpleSAML\XMLSecurity\XMLSecurityKey;
+
+$chunk = DOMDocumentFactory::fromString('<ssp:Some>Chunk</ssp:Some>')->documentElement;
+$signable = new CustomSignable($chunk);
+
+$privateKey = PEMCertificatesMock::getPrivateKey(XMLSecurityKey::RSA_SHA256, PEMCertificatesMock::SELFSIGNED_PRIVATE_KEY);
+$x = $signable->sign($privateKey);
+echo $x;

composer.json

@@ -40,7 +40,7 @@
 
         "robrichards/xmlseclibs": "^3.1.1",
         "simplesamlphp/assert": "~0.2.6",
-        "simplesamlphp/xml-common": "^0.7.1"
+        "simplesamlphp/xml-common": "^0.8.0"
     },
     "require-dev": {
         "simplesamlphp/simplesamlphp-test-framework": "^1.0.5"

src/Alg/Signature/AbstractSigner.php

@@ -1,20 +1,24 @@
 <?php
 
+declare(strict_types=1);
+
 namespace SimpleSAML\XMLSecurity\Alg\Signature;
 
+use SimpleSAML\Assert\Assert;
 use SimpleSAML\XMLSecurity\Alg\SignatureAlgorithm;
 use SimpleSAML\XMLSecurity\Backend\SignatureBackend;
+use SimpleSAML\XMLSecurity\Exception\RuntimeException;
 use SimpleSAML\XMLSecurity\Key\AbstractKey;
 
 /**
  * An abstract class that implements a generic digital signature algorithm.
  *
- * @package SimpleSAML\XMLSecurity\\Alg\Signature
+ * @package simplesamlphp/xml-security
  */
 abstract class AbstractSigner implements SignatureAlgorithm
 {
     /** @var \SimpleSAML\XMLSecurity\Key\AbstractKey */
-    protected AbstractKey $key;
+    private AbstractKey $key;
 
     /** @var \SimpleSAML\XMLSecurity\Backend\SignatureBackend */
     protected SignatureBackend $backend;
@@ -25,22 +29,46 @@ abstract class AbstractSigner implements SignatureAlgorithm
     /** @var string */
     protected string $digest;
 
+    /** @var string */
+    protected string $algId;
+
 
     /**
      * Build a signature algorithm.
      *
+     * Extend this class to implement your own signers.
+     *
+     * WARNING: remember to adjust the type of the key to the one that works with your algorithm!
+     *
      * @param \SimpleSAML\XMLSecurity\Key\AbstractKey $key The signing key.
+     * @param string $algId The identifier of this algorithm.
      * @param string $digest The identifier of the digest algorithm to use.
      */
-    public function __construct(AbstractKey $key, string $digest)
+    public function __construct(AbstractKey $key, string $algId, string $digest)
     {
+        Assert::oneOf(
+            $algId,
+            static::getSupportedAlgorithms(),
+            'Unsupported algorithm for ' . static::class,
+            RuntimeException::class
+        );
         $this->key = $key;
+        $this->algId = $algId;
         $this->digest = $digest;
         $this->backend = new $this->default_backend();
         $this->backend->setDigestAlg($digest);
     }
 
 
+    /**
+     * @return string
+     */
+    public function getAlgorithmId(): string
+    {
+        return $this->algId;
+    }
+
+
     /**
      * @return string
      */
@@ -50,6 +78,15 @@ public function getDigest(): string
     }
 
 
+    /**
+     * @return AbstractKey
+     */
+    public function getKey(): AbstractKey
+    {
+        return $this->key;
+    }
+
+
     /**
      * @param \SimpleSAML\XMLSecurity\Backend\SignatureBackend $backend
      */
@@ -67,7 +104,7 @@ public function setBackend(SignatureBackend $backend): void
      *
      * @return string The (binary) signature corresponding to the given plaintext.
      */
-    public function sign(string $plaintext): string
+    final public function sign(string $plaintext): string
     {
         return $this->backend->sign($this->key, $plaintext);
     }
@@ -81,7 +118,7 @@ public function sign(string $plaintext): string
      *
      * @return boolean True if the signature can be verified, false otherwise.
      */
-    public function verify(string $plaintext, string $signature): bool
+    final public function verify(string $plaintext, string $signature): bool
     {
         return $this->backend->verify($this->key, $plaintext, $signature);
     }

src/Alg/Signature/HMAC.php

@@ -1,18 +1,20 @@
 <?php
 
+declare(strict_types=1);
+
 namespace SimpleSAML\XMLSecurity\Alg\Signature;
 
 use SimpleSAML\XMLSecurity\Alg\SignatureAlgorithm;
 use SimpleSAML\XMLSecurity\Backend\HMAC as HMAC_Backend;
-use SimpleSAML\XMLSecurity\Constants;
+use SimpleSAML\XMLSecurity\Constants as C;
 use SimpleSAML\XMLSecurity\Key\SymmetricKey;
 
 /**
  * Class implementing the HMAC signature algorithm
  *
- * @package SimpleSAML\XMLSecurity\Alg\Signature
+ * @package simplesamlphp/xml-security
  */
-class HMAC extends AbstractSigner implements SignatureAlgorithm
+final class HMAC extends AbstractSigner implements SignatureAlgorithm
 {
     /** @var string */
     protected string $default_backend = HMAC_Backend::class;
@@ -22,10 +24,19 @@ class HMAC extends AbstractSigner implements SignatureAlgorithm
      * HMAC constructor.
      *
      * @param \SimpleSAML\XMLSecurity\Key\SymmetricKey $key The symmetric key to use.
-     * @param string $digest The identifier of the digest algorithm to use.
+     * @param string $algId The identifier of this algorithm.
+     */
+    public function __construct(SymmetricKey $key, string $algId = C::SIG_HMAC_SHA256)
+    {
+        parent::__construct($key, $algId, C::$HMAC_DIGESTS[$algId]);
+    }
+
+
+    /**
+     * @inheritDoc
      */
-    public function __construct(SymmetricKey $key, string $digest = Constants::DIGEST_SHA1)
+    public static function getSupportedAlgorithms(): array
     {
-        parent::__construct($key, $digest);
+        return array_keys(C::$HMAC_DIGESTS);
     }
 }

src/Alg/Signature/RSA.php

@@ -1,18 +1,20 @@
 <?php
 
+declare(strict_types=1);
+
 namespace SimpleSAML\XMLSecurity\Alg\Signature;
 
 use SimpleSAML\XMLSecurity\Alg\SignatureAlgorithm;
 use SimpleSAML\XMLSecurity\Backend\OpenSSL;
-use SimpleSAML\XMLSecurity\Constants;
+use SimpleSAML\XMLSecurity\Constants as C;
 use SimpleSAML\XMLSecurity\Key\AsymmetricKey;
 
 /**
  * Class implementing the RSA signature algorithm.
  *
- * @package SimpleSAML\XMLSecurity\Alg\Signature
+ * @package simplesamlphp/xml-security
  */
-class RSA extends AbstractSigner implements SignatureAlgorithm
+final class RSA extends AbstractSigner implements SignatureAlgorithm
 {
     /** @var string */
     protected string $default_backend = OpenSSL::class;
@@ -22,10 +24,19 @@ class RSA extends AbstractSigner implements SignatureAlgorithm
      * RSA constructor.
      *
      * @param \SimpleSAML\XMLSecurity\Key\AsymmetricKey $key The asymmetric key (either public or private) to use.
-     * @param string $digest The identifier of the digest algorithm to use.
+     * @param string $algId The identifier of this algorithm.
+     */
+    public function __construct(AsymmetricKey $key, string $algId = C::SIG_RSA_SHA256)
+    {
+        parent::__construct($key, $algId, C::$RSA_DIGESTS[$algId]);
+    }
+
+
+    /**
+     * @inheritDoc
      */
-    public function __construct(AsymmetricKey $key, string $digest = Constants::DIGEST_SHA1)
+    public static function getSupportedAlgorithms(): array
     {
-        parent::__construct($key, $digest);
+        return array_keys(C::$RSA_DIGESTS);
     }
 }