Rewrite signed elements structure #2

tvdijen · 2021-01-11T16:58:20Z

No description provided.

codecov · 2021-01-11T20:03:49Z

Codecov Report

Merging #2 (32ac524) into master (538c92c) will increase coverage by 7.09%.
The diff coverage is 80.95%.

@@             Coverage Diff              @@
##             master       #2      +/-   ##
============================================
+ Coverage     76.35%   83.45%   +7.09%     
+ Complexity      638      631       -7     
============================================
  Files            54       60       +6     
  Lines          1751     1819      +68     
============================================
+ Hits           1337     1518     +181     
+ Misses          414      301     -113

src/XML/SignableElementTrait.php

jaimeperez · 2021-01-16T18:43:48Z

src/XML/SignedElementInterface.php

+     * @param \SimpleSAML\XMLSecurity\XMLSecurityKey $key The key we should check against.
+     * @return bool True if successful, false if we don't have a signature that can be verified.
+     */
+    public function validate(XMLSecurityKey $key): bool;


I think, in order to encourage good practices, and also to avoid any possible implementation errors (e.g. we have a signed element, and we just call getElement() to get the unsigned element without validating the signature first), the validate() method should return the actual element whose signature has been verified.

That would mean that when the signature validation fails, we should throw an exception (which is a good way to ensure the failure is noticeable, I believe), instead of returning false. It would also prevent us from having any processing security issue. We'll need support from xmlseclibs or our fork though to get this done, since verify should call fromXML() on the target class (the signable element), passing the actual, canonicalised an transformed DOM (not the original), and as far as I recall, that's not possible with xmlseclibs.

jaimeperez · 2021-01-16T18:49:52Z

src/XML/SignedElementTrait.php

+    public function getValidatingCertificates(): array
+    {
+        $ret = [];
+        foreach ($this->signature->getCertificates() as $cert) {


I think this can be quite expensive. Would this be an alternative approach?

Require validate() before calling getValidatingCertificates(). If we call the latter first, raise an exception.

During validate(), if the signature validation succeeds with the given key, check if it corresponds to any of the certificates stored internally. Build a list of validating certificates with all where the passed key corresponds to them.

When calling getValidatingCertificates() after validate(), return the list we just built. If none of the certificates in the signature correspond to the given key, or no certificates where found, we just return an empty list.

tests/XML/CustomSigned.php

tests/XML/CustomSignableTest.php

tests/XML/CustomSigned.php

src/XML/AbstractSignedXMLElement.php

src/XML/SignedElementInterface.php

Signed-off-by: Jaime Pérez <jaimepc@gmail.com>

These new documents can be used in tests to verify different features. Signed-off-by: Jaime Pérez <jaimepc@gmail.com>

We got rid of the initial extra toSignedXML() method. If we want to sign an element, we should just call sign() on it, then get the result with toXML(). This means it will be toXML() the method that actually does the signing, while sign() will simply prepare everything for it and signal that the element should be signed when calling toXML(). Signed-off-by: Jaime Pérez <jaimepc@gmail.com>

Signed-off-by: Jaime Pérez <jaimepc@gmail.com>

This commit adds support for verifying signatures (and renames the API method to verify(), which is the correct term we should us in this context, instead of validate()). It also refactors the way we sign, and adds support for canonicalization algorithms with comments, which were in practice not supported before. Signed-off-by: Jaime Pérez <jaimepc@gmail.com>

tvdijen force-pushed the master branch from f1e2acd to 86de607 Compare January 11, 2021 17:22

tvdijen force-pushed the signedelts branch 5 times, most recently from 07f62c1 to 0fb165d Compare January 11, 2021 20:01

tvdijen force-pushed the signedelts branch 4 times, most recently from 5dae87b to 8aa1aa7 Compare January 11, 2021 21:27

tvdijen force-pushed the master branch 2 times, most recently from a15ece1 to 4f7b889 Compare January 15, 2021 20:02

tvdijen force-pushed the signedelts branch 2 times, most recently from a71fed0 to 86bea89 Compare January 15, 2021 21:34

tvdijen force-pushed the master branch from 4f7b889 to b209756 Compare January 15, 2021 21:37

tvdijen force-pushed the signedelts branch 2 times, most recently from f470290 to bb9c926 Compare January 16, 2021 14:43