From 1aa64f0a9e0494d9ce9620c73223a9d1f4efe7e9 Mon Sep 17 00:00:00 2001
From: Tim van Dijen <tvdijen@gmail.com>
Date: Sun, 1 Sep 2024 18:13:40 +0200
Subject: [PATCH] Fix inheritance and set xsi:type

---
 .../fed/AbstractSecurityTokenServiceType.php  |  1 +
 .../fed/AbstractWebServiceDescriptorType.php  | 14 ++++-------
 src/XML/fed/SecurityTokenServiceType.php      | 24 +++++++++++--------
 3 files changed, 20 insertions(+), 19 deletions(-)

diff --git a/src/XML/fed/AbstractSecurityTokenServiceType.php b/src/XML/fed/AbstractSecurityTokenServiceType.php
index 7a5e3d13..f77e3e5e 100644
--- a/src/XML/fed/AbstractSecurityTokenServiceType.php
+++ b/src/XML/fed/AbstractSecurityTokenServiceType.php
@@ -97,6 +97,7 @@ final public function __construct(
         );
 
         parent::__construct(
+            static::XSI_TYPE_PREFIX . ':' . static::XSI_TYPE_NAME,
             $protocolSupportEnumeration,
             $ID,
             $validUntil,
diff --git a/src/XML/fed/AbstractWebServiceDescriptorType.php b/src/XML/fed/AbstractWebServiceDescriptorType.php
index ca3a9856..64946ab0 100644
--- a/src/XML/fed/AbstractWebServiceDescriptorType.php
+++ b/src/XML/fed/AbstractWebServiceDescriptorType.php
@@ -6,7 +6,7 @@
 
 use DateTimeImmutable;
 use DOMElement;
-use SimpleSAML\SAML2\XML\md\AbstractRoleDescriptorType;
+use SimpleSAML\SAML2\XML\md\AbstractRoleDescriptor;
 use SimpleSAML\SAML2\XML\md\Extensions;
 use SimpleSAML\SAML2\XML\md\Organization;
 
@@ -15,18 +15,12 @@
  *
  * @package simplesamlphp/ws-security
  */
-abstract class AbstractWebServiceDescriptorType extends AbstractRoleDescriptorType
+abstract class AbstractWebServiceDescriptorType extends AbstractRoleDescriptor
 {
-    /** @var string */
-    public const NS = AbstractFedElement::NS;
-
-    /** @var string */
-    public const NS_PREFIX = AbstractFedElement::NS_PREFIX;
-
-
     /**
      * WebServiceDescriptorType constructor.
      *
+     * @param string $type The xsi-type of the element
      * @param string[] $protocolSupportEnumeration A set of URI specifying the protocols supported.
      * @param string|null $ID The ID for this document. Defaults to null.
      * @param \DateTimeImmutable|null $validUntil Unix time of validity for this document. Defaults to null.
@@ -51,6 +45,7 @@ abstract class AbstractWebServiceDescriptorType extends AbstractRoleDescriptorTy
      * @param string|null $serviceDescription
      */
     protected function __construct(
+        string $type,
         array $protocolSupportEnumeration,
         ?string $ID = null,
         ?DateTimeImmutable $validUntil = null,
@@ -72,6 +67,7 @@ protected function __construct(
         protected ?string $serviceDescription = null,
     ) {
         parent::__construct(
+            $type,
             $protocolSupportEnumeration,
             $ID,
             $validUntil,
diff --git a/src/XML/fed/SecurityTokenServiceType.php b/src/XML/fed/SecurityTokenServiceType.php
index 963c5d58..57c331cb 100644
--- a/src/XML/fed/SecurityTokenServiceType.php
+++ b/src/XML/fed/SecurityTokenServiceType.php
@@ -8,8 +8,8 @@
 use DOMElement;
 use SimpleSAML\Assert\Assert;
 use SimpleSAML\SAML2\Assert\Assert as SAMLAssert;
-use SimpleSAML\SAML2\Constants as C;
 use SimpleSAML\SAML2\XML\md\{ContactPerson, Extensions, KeyDescriptor, Organization};
+use SimpleSAML\WSSecurity\Constants as C;
 use SimpleSAML\XML\Exception\InvalidDOMElementException;
 use SimpleSAML\XML\Exception\TooManyElementsException;
 use SimpleSAML\XMLSecurity\XML\ds\Signature;
@@ -23,15 +23,9 @@
  */
 final class SecurityTokenServiceType extends AbstractSecurityTokenServiceType
 {
-    /** @var string */
-    public const NS = C::NS_MD;
-
-    /** @var string */
-    public const NS_PREFIX = 'md';
-
-    /** @var string */
-    public const LOCALNAME = 'RoleDescriptor';
-
+    public const XSI_TYPE_PREFIX = 'fed';
+    public const XSI_TYPE_NAME = 'SecurityTokenServiceType';
+    public const XSI_TYPE_NAMESPACE = C::NS_FED;
 
     /**
      * Convert XML into a SecurityTokenServiceType RoleDescriptor
@@ -49,6 +43,15 @@ public static function fromXML(DOMElement $xml): static
         Assert::same($xml->localName, 'RoleDescriptor', InvalidDOMElementException::class);
         Assert::same($xml->namespaceURI, static::NS, InvalidDOMElementException::class);
 
+        Assert::true(
+            $xml->hasAttributeNS(C::NS_XSI, 'type'),
+            'Missing required xsi:type in <saml:RoleDescriptor> element.',
+            SchemaViolationException::class,
+        );
+
+        $type = $xml->getAttributeNS(C::NS_XSI, 'type');
+        Assert::validQName($type, SchemaViolationException::class);
+
         $protocols = self::getAttribute($xml, 'protocolSupportEnumeration');
         $validUntil = self::getOptionalAttribute($xml, 'validUntil', null);
         SAMLAssert::nullOrValidDateTime($validUntil);
@@ -134,6 +137,7 @@ public static function fromXML(DOMElement $xml): static
         );
 
         $securityTokenServiceType = new static(
+            $type,
             preg_split('/[\s]+/', trim($protocols)),
             self::getOptionalAttribute($xml, 'ID', null),
             $validUntil !== null ? new DateTimeImmutable($validUntil) : null,