Introduce a separate class to respresent SAML artifacts

simplesamlphp · Jul 20, 2024 · 57deeaf · 57deeaf
1 parent 21cc660
commit 57deeaf
Show file tree

Hide file tree

Showing 2 changed files with 103 additions and 11 deletions.
diff --git a/src/SAML2/Artifact.php b/src/SAML2/Artifact.php
@@ -0,0 +1,82 @@
+<?php
+
+declare(strict_types=1);
+
+namespace SimpleSAML\SAML2;
+
+use SimpleSAML\Assert\Assert;
+
+use function base64_decode;
+use function bin2hex;
+use function bindec;
+use function substr;
+
+/**
+ * Class for SAML artifacts.
+ *
+ * @package simplesamlphp/saml2
+ */
+final class Artifact
+{
+    /**
+     * Initialize an artifact.
+     *
+     * @param string $artifact
+     * @param int $endpointIndex
+     * @param string $sourceId
+     */
+    public function __construct(
+        protected string $samlArt,
+        protected int $endpointIndex,
+        protected string $sourceId,
+    ) {
+    }
+
+
+    /**
+     * Collect the value of the artifact-property
+     *
+     * @return string
+     */
+    public function getArtifact(): string
+    {
+        return $this->artifact;
+    }
+
+
+    /**
+     * Collect the value of the endpointIndex-property
+     *
+     * @return int
+     */
+    public function getEndpointIndex(): int
+    {
+        return $this->endpointIndex;
+    }
+
+
+    /**
+     * Collect the value of the sourceId-property
+     *
+     * @return string
+     */
+    public function getSourceId(): string
+    {
+        return $this->sourceId;
+    }
+
+
+    /**
+     * Instantiate an Artifact from a SAMLart query parameter
+     */
+    public static function fromQuery(string $samlArt): static
+    {
+        Assert::stringPlausibleBase64($samlArt);
+
+        $artifact = base64_decode($samlArt, true);
+        $endpointIndex = bindec(substr($artifact, 2, 2));
+        $sourceId = bin2hex(substr($artifact, 4, 20));
+
+        return new static($artifact, $endpointIndex, $sourceId);
+    }
+}
diff --git a/src/SAML2/HTTPArtifact.php b/src/SAML2/HTTPArtifact.php
@@ -23,14 +23,12 @@
 use SimpleSAML\XMLSecurity\XMLSecurityKey;
 
 use function array_key_exists;
-use function base64_decode;
 use function base64_encode;
 use function bin2hex;
 use function hexdec;
 use function openssl_random_pseudo_bytes;
 use function pack;
 use function sha1;
-use function substr;
 use function var_export;
 
 /**
@@ -46,6 +44,22 @@ class HTTPArtifact extends Binding
      * @var \SimpleSAML\Configuration
      */
     private Configuration $spMetadata;
+    private Artifact $artifact;
+
+
+    /**
+     * @var \Psr\Http\Message\ServerRequestInterface $request
+     * @return \SimpleSAML\SAML2\Artifact;
+     */
+    private function receiveArtifact(ServerRequestInterface $request): Artifact
+    {
+        $query = $request->getQueryParams();
+        if (array_key_exists('SAMLart', $query)) {
+            return Artifact::fromQuery($query['SAMLart']);
+        }
+
+        throw new Exception('Missing SAMLart parameter.');
+    }
 
 
     /**
@@ -122,14 +136,9 @@ public function send(AbstractMessage $message): ResponseInterface
      */
     public function receive(ServerRequestInterface $request): AbstractMessage
     {
-        $query = $request->getQueryParams();
-        if (array_key_exists('SAMLart', $query)) {
-            $artifact = base64_decode($query['SAMLart'], true);
-            $endpointIndex = bin2hex(substr($artifact, 2, 2));
-            $sourceId = bin2hex(substr($artifact, 4, 20));
-        } else {
-            throw new Exception('Missing SAMLart parameter.');
-        }
+        $this->artifact = $this->receiveArtifact($request);
+        $sourceId = $this->artifact->getSourceId();
+        $endpointIndex = $this->artifact->getEndpointIndex();
 
         /** @psalm-suppress UndefinedClass */
         $metadataHandler = MetaDataStorageHandler::getMetadataHandler(Configuration::getInstance());
@@ -168,7 +177,7 @@ public function receive(ServerRequestInterface $request): AbstractMessage
         $issuer = new Issuer($this->spMetadata->getString('entityid'));
 
         // Construct the ArtifactResolve Request
-        $ar = new ArtifactResolve($query['SAMLart'], null, $issuer, null, '2.0', $endpoint['Location']);
+        $ar = new ArtifactResolve($this->artifact->getArtifact(), null, $issuer, null, '2.0', $endpoint['Location']);
 
         // sign the request
         /** @psalm-suppress UndefinedClass */
@@ -193,6 +202,7 @@ public function receive(ServerRequestInterface $request): AbstractMessage
 
         $samlResponse->addValidator([get_class($this), 'validateSignature'], $artifactResponse);
 
+        $query = $request->getQueryParams();
         if (isset($query['RelayState'])) {
             $this->setRelayState($query['RelayState']);
         }