Feature/xsd types

.gitattributes

@@ -5,8 +5,10 @@ codecov.yml export-ignore
 .editorconfig export-ignore
 .gitattributes export-ignore
 .gitignore export-ignore
-psalm.xml export-ignore
-psalm-dev.xml export-ignore
+phpstan-baseline.neon export-ignore
+phpstan-baseline-dev.neon export-ignore
+phpstan.neon export-ignore
+phpstan-dev.neon export-ignore
 phpcs.xml export-ignore
 phpunit.xml export-ignore
 .php_cs.dist export-ignore

.github/workflows/php.yml

@@ -19,7 +19,7 @@ jobs:
     strategy:
       fail-fast: false
       matrix:
-        php-version: ['8.1', '8.2', '8.3', '8.4']
+        php-version: ['8.2', '8.3', '8.4', '8.5']
 
     uses: simplesamlphp/simplesamlphp-test-framework/.github/workflows/reusable_phplinter.yml@v1.10.6
     with:
@@ -45,7 +45,7 @@ jobs:
       fail-fast: false
       matrix:
         operating-system: [ubuntu-latest]
-        php-versions: ['8.1', '8.2', '8.3', '8.4']
+        php-versions: ['8.2', '8.3', '8.4', '8.5']
 
     steps:
       - name: Setup PHP, with composer and extensions
@@ -85,15 +85,15 @@ jobs:
         run: composer install --no-progress --prefer-dist --optimize-autoloader
 
       - name: Run unit tests with coverage
-        if: ${{ matrix.php-versions == '8.4' }}
+        if: ${{ matrix.php-versions == '8.5' }}
         run: vendor/bin/phpunit
 
       - name: Run unit tests (no coverage)
-        if: ${{ matrix.php-versions != '8.4' }}
+        if: ${{ matrix.php-versions != '8.5' }}
         run: vendor/bin/phpunit --no-coverage
 
       - name: Save coverage data
-        if: ${{ matrix.php-versions == '8.4' }}
+        if: ${{ matrix.php-versions == '8.5' }}
         uses: actions/upload-artifact@v5
         with:
           name: coverage-data
@@ -107,7 +107,7 @@ jobs:
       fail-fast: true
       matrix:
         operating-system: [windows-latest]
-        php-versions: ['8.1', '8.2', '8.3', '8.4']
+        php-versions: ['8.2', '8.3', '8.4', '8.5']
 
     steps:
       - name: Setup PHP, with composer and extensions
@@ -151,6 +151,7 @@ jobs:
 
   quality:
     name: Quality control
+    needs: [unit-tests-linux]
     runs-on: [ubuntu-latest]
 
     steps:
@@ -160,7 +161,7 @@ jobs:
         uses: shivammathur/setup-php@v2
         with:
           # Should be the higest supported version, so we can use the newest tools
-          php-version: '8.4'
+          php-version: '8.5'
           tools: composer, composer-require-checker, composer-unused, phpcs
           extensions: ctype, date, dom, filter, pcre, soap, spl, xml
           coverage: none
@@ -193,7 +194,7 @@ jobs:
         run: composer-unused
 
       - name: PHP Code Sniffer
-        run: phpcs
+        run: vendor/bin/phpcs
 
       - name: PHPStan
         run: |
@@ -205,14 +206,16 @@ jobs:
 
   security:
     name: Security checks
+    needs: [unit-tests-linux]
     runs-on: [ubuntu-latest]
+
     steps:
       - name: Setup PHP, with composer and extensions
         # https://github.com/shivammathur/setup-php
         uses: shivammathur/setup-php@v2
         with:
           # Should be the lowest supported version
-          php-version: '8.1'
+          php-version: '8.2'
           extensions: ctype, date, dom, filter, pcre, soap, spl, xml
           tools: composer
           coverage: none

codecov.yml

@@ -17,4 +17,4 @@ comment:
 github_checks:
   annotations: false
 ignore:
-  - 'src/XML/element.registry.php'
+  - 'classes/element.registry.php'

composer.json

@@ -10,17 +10,18 @@
         }
     ],
     "require": {
-        "php": "^8.1",
+        "php": "^8.2",
         "ext-dom": "*",
         "ext-spl": "*",
 
-        "simplesamlphp/assert": "~1.8.1",
-        "simplesamlphp/saml2": "^5.0",
-        "simplesamlphp/xml-security": "~1.13.0",
-        "simplesamlphp/xml-common": "~1.25.0"
+        "simplesamlphp/assert": "~1.9",
+        "simplesamlphp/saml2": "~6.0",
+        "simplesamlphp/xml-common": "~2.4",
+        "simplesamlphp/xml-security": "~2.0",
+        "simplesamlphp/xml-soap": "~2.0"
     },
     "require-dev": {
-        "simplesamlphp/simplesamlphp-test-framework": "~1.9.2"
+        "simplesamlphp/simplesamlphp-test-framework": "~1.10"
     },
     "autoload": {
         "psr-4": {

resources/schemas/ws-authorization.xsd

@@ -45,8 +45,8 @@ MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
       <xs:any namespace='##other' processContents='lax' minOccurs='1' maxOccurs='1' />
     </xs:choice>
     <xs:attribute name='Name' type='xs:anyURI' use='required' />
-	<xs:attribute name='Scope' type='xs:anyURI' use='optional' />
-	<xs:anyAttribute namespace='##other' processContents='lax' />	
+    <xs:attribute name='Scope' type='xs:anyURI' use='optional' />
+    <xs:anyAttribute namespace='##other' processContents='lax' />	
   </xs:complexType>
 
   <!-- Section 9.3 -->
@@ -57,16 +57,16 @@ MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
       <xs:element name="Description" type="tns:DescriptionType" minOccurs="0" maxOccurs="1" />
       <xs:element name="DisplayValue" type="tns:DisplayValueType" minOccurs="0" maxOccurs="1" />
       <xs:choice minOccurs='0'>
-	      <xs:element name='Value' type='xs:string' minOccurs='1' maxOccurs='1' />
+        <xs:element name='Value' type='xs:string' minOccurs='1' maxOccurs='1' />
         <xs:element name='EncryptedValue' type='tns:EncryptedValueType' minOccurs='1' maxOccurs='1' />
         <xs:element name='StructuredValue' type='tns:StructuredValueType' minOccurs='1' maxOccurs='1' />
         <xs:element name='ConstrainedValue' type='tns:ConstrainedValueType' minOccurs='1' maxOccurs='1' />
- 	      <xs:any namespace='##other' processContents='lax' minOccurs='1' maxOccurs='1' />
-	    </xs:choice>
+        <xs:any namespace='##other' processContents='lax' minOccurs='1' maxOccurs='1' />
+      </xs:choice>
     </xs:sequence>
-	<xs:attribute name='Uri' type='xs:anyURI' use='required' />
-	<xs:attribute name='Optional' type='xs:boolean' use='optional' />
-	<xs:anyAttribute namespace='##other' processContents='lax' />	
+    <xs:attribute name='Uri' type='xs:anyURI' use='required' />
+    <xs:attribute name='Optional' type='xs:boolean' use='optional' />
+    <xs:anyAttribute namespace='##other' processContents='lax' />	
   </xs:complexType>
 
   <xs:complexType name="DisplayNameType">

src/Assert/Assert.php

@@ -8,7 +8,12 @@
 
 /**
  * @package simplesamlphp/ws-security
+ *
+ * @method static void validWSUDateTime(mixed $value, string $message = '', string $exception = '')
+ * @method static void allWSUDateTime(mixed $value, string $message = '', string $exception = '')
+ * @method static void nullOrValueWSUDateTime(mixed $value, string $message = '', string $exception = '')
  */
 class Assert extends BaseAssert
 {
+    use WSUDateTimeTrait;
 }

src/Assert/WSUDateTimeTrait.php

@@ -0,0 +1,33 @@
+<?php
+
+declare(strict_types=1);
+
+namespace SimpleSAML\WSSecurity\Assert;
+
+use SimpleSAML\Assert\AssertionFailedException;
+use SimpleSAML\WSSecurity\Exception\ProtocolViolationException;
+
+/**
+ * @package simplesamlphp/ws-security
+ */
+trait WSUDateTimeTrait
+{
+    /**
+     * @param string $value
+     * @param string $message
+     */
+    protected static function validWSUDateTime(string $value, string $message = ''): void
+    {
+        parent::validDateTime($value);
+
+        try {
+            parent::endsWith(
+                $value,
+                'Z',
+                '%s is not a DateTime expressed in the UTC timezone using the \'Z\' timezone identifier.',
+            );
+        } catch (AssertionFailedException $e) {
+            throw new ProtocolViolationException($e->getMessage());
+        }
+    }
+}

src/Constants.php

@@ -16,6 +16,7 @@ class Constants extends \SimpleSAML\SAML2\Constants
      * The namespace for WS-Addressing protocol.
      */
     public const NS_ADDR_200408 = 'http://schemas.xmlsoap.org/ws/2004/08/addressing';
+
     public const NS_ADDR_200508 = 'http://www.w3.org/2005/08/addressing';
 
     /**
@@ -37,6 +38,7 @@ class Constants extends \SimpleSAML\SAML2\Constants
      * The namespace for WS-Trust protocol.
      */
     public const NS_TRUST_200502 = 'http://schemas.xmlsoap.org/ws/2005/02/trust';
+
     public const NS_TRUST_200512 = 'http://docs.oasis-open.org/ws-sx/ws-trust/200512/';
 
     /**
@@ -48,6 +50,7 @@ class Constants extends \SimpleSAML\SAML2\Constants
      * The namespace for the Web Service Security Policy protocol.
      */
     public const NS_SEC_POLICY_11 = 'http://schemas.xmlsoap.org/ws/2005/07/securitypolicy';
+
     public const NS_SEC_POLICY_12 = 'http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702';
 
     /**
@@ -79,15 +82,25 @@ class Constants extends \SimpleSAML\SAML2\Constants
      * The schema-defined wsa fault codes
      */
     public const WSA_FAULT_INVALID_ADDRESSING_HEADER = 'InvalidAddressingHeader';
+
     public const WSA_FAULT_INVALID_ADDRESS = 'InvalidAddress';
+
     public const WSA_FAULT_INVALID_EPR = 'InvalidEPR';
+
     public const WSA_FAULT_INVALID_CARDINALITY = 'InvalidCardinality';
+
     public const WSA_FAULT_MISSING_ADDRESS_IN_EPR = 'MissingAddressInEPR';
+
     public const WSA_FAULT_DUPLICATE_MESSAGEID = 'DupicateMessageID';
+
     public const WSA_FAULT_ACTION_MISMATCH = 'ActionMismatch';
+
     public const WSA_FAULT_MESSAGE_ADDRESSING_HEADER_REQUIRED = 'MessageAddressingHeaderRequired';
+
     public const WSA_FAULT_DESTINATION_UNREACHABLE = 'DestinationUnreachable';
+
     public const WSA_FAULT_ACTION_NOT_SUPPORTED = 'ActionNotSupported';
+
     public const WSA_FAULT_ENDPOINT_UNAVAILABLE = 'EndpointUnavailable';
 
     public const FAULT_CODES = [
@@ -107,6 +120,7 @@ class Constants extends \SimpleSAML\SAML2\Constants
     /**
      */
     public const WST_REFID_PIN = 'http://docs.oasis-open.org/ws-sx/ws-trust/200802/challenge/PIN';
+
     public const WST_REFID_OTP = 'http://docs.oasis-open.org/ws-sx/ws-trust/200802/challenge/OTP';
 
     /**

src/Utils/XPath.php

@@ -19,13 +19,14 @@ class XPath extends \SimpleSAML\XMLSecurity\Utils\XPath
      * Get a DOMXPath object that can be used to search for WS Security elements.
      *
      * @param \DOMNode $node The document to associate to the DOMXPath object.
+     * @param bool $autoregister Whether to auto-register all namespaces used in the document
      *
      * @return \DOMXPath A DOMXPath object ready to use in the given document, with several
      *   ws-related namespaces already registered.
      */
-    public static function getXPath(DOMNode $node): DOMXPath
+    public static function getXPath(DOMNode $node, bool $autoregister = false): DOMXPath
     {
-        $xp = parent::getXPath($node);
+        $xp = parent::getXPath($node, $autoregister);
 
         $xp->registerNamespace('wsa', C::NS_ADDR_200508);
         $xp->registerNamespace('wsa', C::NS_ADDR_200408);

src/XML/ReferenceIdentifierTrait.php

@@ -4,33 +4,33 @@
 
 namespace SimpleSAML\WSSecurity\XML;
 
-use SimpleSAML\WSSecurity\Assert\Assert;
-use SimpleSAML\XML\Exception\SchemaViolationException;
+use SimpleSAML\XMLSchema\Type\AnyURIValue;
 
 /**
  * @package simplesamlphp/ws-security
+ *
+ * @phpstan-ignore trait.unused
  */
 trait ReferenceIdentifierTrait
 {
-    /** @var string */
-    protected string $refId;
+    /** @var \SimpleSAML\XMLSchema\Type\AnyURIValue */
+    protected AnyURIValue $refId;
 
 
     /**
-     * @return string
+     * @return \SimpleSAML\XMLSchema\Type\AnyURIValue
      */
-    public function getRefId(): string
+    public function getRefId(): AnyURIValue
     {
         return $this->refId;
     }
 
 
     /**
-     * @param string $refId
+     * @param \SimpleSAML\XMLSchema\Type\AnyURIValue $refId
      */
-    private function setRefId(string $refId): void
+    private function setRefId(AnyURIValue $refId): void
     {
-        Assert::validURI($refId, SchemaViolationException::class);
         $this->refId = $refId;
     }
 }

src/XML/auth/AbstractAdditionalContextType.php

@@ -7,10 +7,10 @@
 use DOMElement;
 use SimpleSAML\WSSecurity\Assert\Assert;
 use SimpleSAML\WSSecurity\XML\auth\ContextItem;
-use SimpleSAML\XML\Exception\InvalidDOMElementException;
 use SimpleSAML\XML\ExtendableAttributesTrait;
 use SimpleSAML\XML\ExtendableElementTrait;
-use SimpleSAML\XML\XsNamespace as NS;
+use SimpleSAML\XMLSchema\Exception\InvalidDOMElementException;
+use SimpleSAML\XMLSchema\XML\Constants\NS;
 
 /**
  * Class defining the AdditionalContextType element
@@ -22,6 +22,7 @@ abstract class AbstractAdditionalContextType extends AbstractAuthElement
     use ExtendableAttributesTrait;
     use ExtendableElementTrait;
 
+
     /** The namespace-attribute for the xs:anyAttribute */
     public const XS_ANY_ATTR_NAMESPACE = NS::OTHER;
 
@@ -63,7 +64,7 @@ public function getContextItem(): array
      * @param \DOMElement $xml
      * @return static
      *
-     * @throws \SimpleSAML\XML\Exception\InvalidDOMElementException
+     * @throws \SimpleSAML\XMLSchema\Exception\InvalidDOMElementException
      *   if the qualified name of the supplied element is wrong
      */
     public static function fromXML(DOMElement $xml): static