From b20343458a7b338f19559c130ea945cf48e0666b Mon Sep 17 00:00:00 2001
From: Tim van Dijen <tvdijen@gmail.com>
Date: Mon, 29 Jul 2024 22:39:31 +0200
Subject: [PATCH] Rationalize algorithm blacklist code

---
 src/SAML2/XML/EncryptableElementTrait.php    | 25 ++++++++++++++++++++
 src/SAML2/XML/SignableElementTrait.php       |  7 ++++++
 src/SAML2/XML/SignedElementTrait.php         |  7 ++++++
 src/SAML2/XML/md/AbstractSignedMdElement.php | 14 +++--------
 src/SAML2/XML/saml/AbstractBaseID.php        |  9 +------
 src/SAML2/XML/saml/Assertion.php             | 14 ++++-------
 src/SAML2/XML/saml/Attribute.php             |  9 +------
 src/SAML2/XML/saml/NameID.php                |  9 +------
 src/SAML2/XML/samlp/AbstractMessage.php      | 14 +++--------
 9 files changed, 53 insertions(+), 55 deletions(-)
 create mode 100644 src/SAML2/XML/EncryptableElementTrait.php

diff --git a/src/SAML2/XML/EncryptableElementTrait.php b/src/SAML2/XML/EncryptableElementTrait.php
new file mode 100644
index 000000000..7efbbba42
--- /dev/null
+++ b/src/SAML2/XML/EncryptableElementTrait.php
@@ -0,0 +1,25 @@
+<?php
+
+declare(strict_types=1);
+
+namespace SimpleSAML\SAML2\XML;
+
+use SimpleSAML\SAML2\Compat\ContainerSingleton;
+use SimpleSAML\XMLSecurity\XML\EncryptableElementTrait as ParentEncryptableElementTrait;
+
+/**
+ * Trait aggregating functionality for elements that are encrypted.
+ *
+ * @package simplesamlphp/saml2
+ */
+trait EncryptableElementTrait
+{
+    use ParentEncryptableElementTrait;
+
+
+    public function getBlacklistedAlgorithms(): ?array
+    {
+        $container = ContainerSingleton::getInstance();
+        return $container->getBlacklistedEncryptionAlgorithms();
+    }
+}
diff --git a/src/SAML2/XML/SignableElementTrait.php b/src/SAML2/XML/SignableElementTrait.php
index 9827c2eda..24b97400c 100644
--- a/src/SAML2/XML/SignableElementTrait.php
+++ b/src/SAML2/XML/SignableElementTrait.php
@@ -122,4 +122,11 @@ protected function doSign(DOMElement $xml): DOMElement
         $this->signature = new Signature($signedInfo, new SignatureValue($signedData), $this->keyInfo);
         return DOMDocumentFactory::fromString($canonicalDocument)->documentElement;
     }
+
+
+    public function getBlacklistedAlgorithms(): ?array
+    {
+        $container = ContainerSingleton::getInstance();
+        return $container->getBlacklistedEncryptionAlgorithms();
+    }
 }
diff --git a/src/SAML2/XML/SignedElementTrait.php b/src/SAML2/XML/SignedElementTrait.php
index d0638f08c..10e35b484 100644
--- a/src/SAML2/XML/SignedElementTrait.php
+++ b/src/SAML2/XML/SignedElementTrait.php
@@ -47,4 +47,11 @@ protected function setSignature(Signature $signature): void
 
         $this->signature = $signature;
     }
+
+
+    public function getBlacklistedAlgorithms(): ?array
+    {
+        $container = ContainerSingleton::getInstance();
+        return $container->getBlacklistedEncryptionAlgorithms();
+    }
 }
diff --git a/src/SAML2/XML/md/AbstractSignedMdElement.php b/src/SAML2/XML/md/AbstractSignedMdElement.php
index 2111be47c..15e8c62dc 100644
--- a/src/SAML2/XML/md/AbstractSignedMdElement.php
+++ b/src/SAML2/XML/md/AbstractSignedMdElement.php
@@ -23,7 +23,9 @@ abstract class AbstractSignedMdElement extends AbstractMdElement implements
     SignedElementInterface
 {
     use SignableElementTrait;
-    use SignedElementTrait;
+    use SignedElementTrait {
+        SignedElementTrait::getBlacklistedAlgorithms insteadof SignableElementTrait;
+    }
 
     /**
      * The original signed XML
@@ -55,16 +57,6 @@ protected function setXML(DOMElement $xml): void
     }
 
 
-    /**
-     * @return array|null
-     */
-    public function getBlacklistedAlgorithms(): ?array
-    {
-        $container = ContainerSingleton::getInstance();
-        return $container->getBlacklistedEncryptionAlgorithms();
-    }
-
-
     /**
      * @param \DOMElement|null $parent The EntityDescriptor we should append this SPSSODescriptor to.
      * @return \DOMElement
diff --git a/src/SAML2/XML/saml/AbstractBaseID.php b/src/SAML2/XML/saml/AbstractBaseID.php
index 84a69ea2e..2e48d106f 100644
--- a/src/SAML2/XML/saml/AbstractBaseID.php
+++ b/src/SAML2/XML/saml/AbstractBaseID.php
@@ -9,6 +9,7 @@
 use SimpleSAML\SAML2\Compat\ContainerSingleton;
 use SimpleSAML\SAML2\Constants as C;
 use SimpleSAML\SAML2\Utils;
+use SimpleSAML\SAML2\XML\EncryptableElementTrait;
 use SimpleSAML\SAML2\XML\ExtensionPointInterface;
 use SimpleSAML\SAML2\XML\ExtensionPointTrait;
 use SimpleSAML\XML\Attribute as XMLAttribute;
@@ -17,7 +18,6 @@
 use SimpleSAML\XML\Exception\SchemaViolationException;
 use SimpleSAML\XMLSecurity\Backend\EncryptionBackend;
 use SimpleSAML\XMLSecurity\XML\EncryptableElementInterface;
-use SimpleSAML\XMLSecurity\XML\EncryptableElementTrait;
 
 use function count;
 use function explode;
@@ -147,13 +147,6 @@ public function toXML(DOMElement $parent = null): DOMElement
     }
 
 
-    public function getBlacklistedAlgorithms(): ?array
-    {
-        $container = ContainerSingleton::getInstance();
-        return $container->getBlacklistedEncryptionAlgorithms();
-    }
-
-
     public function getEncryptionBackend(): ?EncryptionBackend
     {
         // return the encryption backend you want to use,
diff --git a/src/SAML2/XML/saml/Assertion.php b/src/SAML2/XML/saml/Assertion.php
index 5b01a0609..3b6be9d10 100644
--- a/src/SAML2/XML/saml/Assertion.php
+++ b/src/SAML2/XML/saml/Assertion.php
@@ -12,6 +12,7 @@
 use SimpleSAML\SAML2\Constants as C;
 use SimpleSAML\SAML2\Exception\ProtocolViolationException;
 use SimpleSAML\SAML2\Utils\XPath;
+use SimpleSAML\SAML2\XML\EncryptableElementTrait;
 use SimpleSAML\SAML2\XML\SignableElementTrait;
 use SimpleSAML\SAML2\XML\SignedElementTrait;
 use SimpleSAML\XML\Exception\InvalidDOMElementException;
@@ -21,7 +22,6 @@
 use SimpleSAML\XMLSecurity\Backend\EncryptionBackend;
 use SimpleSAML\XMLSecurity\XML\ds\Signature;
 use SimpleSAML\XMLSecurity\XML\EncryptableElementInterface;
-use SimpleSAML\XMLSecurity\XML\EncryptableElementTrait;
 use SimpleSAML\XMLSecurity\XML\SignableElementInterface;
 use SimpleSAML\XMLSecurity\XML\SignedElementInterface;
 
@@ -40,7 +40,10 @@ final class Assertion extends AbstractSamlElement implements
     SignableElementInterface,
     SignedElementInterface
 {
-    use EncryptableElementTrait;
+    use EncryptableElementTrait {
+        EncryptableElementTrait::getBlacklistedAlgorithms insteadof SignedElementTrait;
+        EncryptableElementTrait::getBlacklistedAlgorithms insteadof SignableElementTrait;
+    }
     use SignableElementTrait;
     use SignedElementTrait;
 
@@ -220,13 +223,6 @@ protected function getOriginalXML(): DOMElement
     }
 
 
-    public function getBlacklistedAlgorithms(): ?array
-    {
-        $container = ContainerSingleton::getInstance();
-        return $container->getBlacklistedEncryptionAlgorithms();
-    }
-
-
     public function getEncryptionBackend(): ?EncryptionBackend
     {
         // return the encryption backend you want to use,
diff --git a/src/SAML2/XML/saml/Attribute.php b/src/SAML2/XML/saml/Attribute.php
index 14b6990d2..f07d50855 100644
--- a/src/SAML2/XML/saml/Attribute.php
+++ b/src/SAML2/XML/saml/Attribute.php
@@ -9,12 +9,12 @@
 use SimpleSAML\SAML2\Assert\Assert as SAMLAssert;
 use SimpleSAML\SAML2\Compat\ContainerSingleton;
 use SimpleSAML\SAML2\Constants as C;
+use SimpleSAML\SAML2\XML\EncryptableElementTrait;
 use SimpleSAML\XML\Exception\InvalidDOMElementException;
 use SimpleSAML\XML\ExtendableAttributesTrait;
 use SimpleSAML\XML\XsNamespace as NS;
 use SimpleSAML\XMLSecurity\Backend\EncryptionBackend;
 use SimpleSAML\XMLSecurity\XML\EncryptableElementInterface;
-use SimpleSAML\XMLSecurity\XML\EncryptableElementTrait;
 
 /**
  * Class representing SAML 2 Attribute.
@@ -112,13 +112,6 @@ public function getAttributeValues(): array
     }
 
 
-    public function getBlacklistedAlgorithms(): ?array
-    {
-        $container = ContainerSingleton::getInstance();
-        return $container->getBlacklistedEncryptionAlgorithms();
-    }
-
-
     public function getEncryptionBackend(): ?EncryptionBackend
     {
         // return the encryption backend you want to use,
diff --git a/src/SAML2/XML/saml/NameID.php b/src/SAML2/XML/saml/NameID.php
index 830291029..32604dc19 100644
--- a/src/SAML2/XML/saml/NameID.php
+++ b/src/SAML2/XML/saml/NameID.php
@@ -8,9 +8,9 @@
 use SimpleSAML\SAML2\Compat\ContainerSingleton;
 use SimpleSAML\SAML2\Constants as C;
 use SimpleSAML\SAML2\Exception\ArrayValidationException;
+use SimpleSAML\SAML2\XML\EncryptableElementTrait;
 use SimpleSAML\XMLSecurity\Backend\EncryptionBackend;
 use SimpleSAML\XMLSecurity\XML\EncryptableElementInterface;
-use SimpleSAML\XMLSecurity\XML\EncryptableElementTrait;
 
 use function array_change_key_case;
 use function array_filter;
@@ -77,13 +77,6 @@ public function __construct(
     }
 
 
-    public function getBlacklistedAlgorithms(): ?array
-    {
-        $container = ContainerSingleton::getInstance();
-        return $container->getBlacklistedEncryptionAlgorithms();
-    }
-
-
     public function getEncryptionBackend(): ?EncryptionBackend
     {
         // return the encryption backend you want to use,
diff --git a/src/SAML2/XML/samlp/AbstractMessage.php b/src/SAML2/XML/samlp/AbstractMessage.php
index 6d1e613bf..23af47649 100644
--- a/src/SAML2/XML/samlp/AbstractMessage.php
+++ b/src/SAML2/XML/samlp/AbstractMessage.php
@@ -36,7 +36,9 @@ abstract class AbstractMessage extends AbstractSamlpElement implements SignableE
 {
     use ExtendableElementTrait;
     use SignableElementTrait;
-    use SignedElementTrait;
+    use SignedElementTrait {
+        SignedElementTrait::getBlacklistedAlgorithms insteadof SignableElementTrait;
+    }
 
 
     /**
@@ -210,16 +212,6 @@ protected function getOriginalXML(): DOMElement
     }
 
 
-    /**
-     * @return string[]|null
-     */
-    public function getBlacklistedAlgorithms(): ?array
-    {
-        $container = ContainerSingleton::getInstance();
-        return $container->getBlacklistedEncryptionAlgorithms();
-    }
-
-
     /**
      * Convert this message to an unsigned XML document.
      * This method does not sign the resulting XML document.