SAML: Work around namespace prefix limitation/bug in DOMXPath.

If a message contains a namespace prefix on the root node that conflicts
with the prefix used by simpleSAMLphp, XPath will use the original prefix.

This can be a problem if we receive a message with a namespace prefix
of 'saml' instead of 'samlp'.

See: http://bugs.php.net/bug.php?id=49490

git-svn-id: https://simplesamlphp.googlecode.com/svn/trunk@1747 44740490-163a-0410-bde0-09ae8108e29a

8 files changed, 28 insertions, 28 deletions

diff --git a/lib/SAML2/Assertion.php b/lib/SAML2/Assertion.php
index 43c6f31..076000f 100644
--- a/lib/SAML2/Assertion.php
+++ b/lib/SAML2/Assertion.php
@@ -190,7 +190,7 @@ class SAML2_Assertion implements SAML2_SignedElement {
 
 		$this->issueInstant = SimpleSAML_Utilities::parseSAML2Time($xml->getAttribute('IssueInstant'));
 
-		$issuer = SAML2_Utils::xpQuery($xml, './saml:Issuer');
+		$issuer = SAML2_Utils::xpQuery($xml, './saml_assertion:Issuer');
 		if (empty($issuer)) {
 			throw new Exception('Missing <saml:Issuer> in assertion.');
 		}
@@ -211,7 +211,7 @@ class SAML2_Assertion implements SAML2_SignedElement {
 	 */
 	private function parseSubject(DOMElement $xml) {
 
-		$subject = SAML2_Utils::xpQuery($xml, './saml:Subject');
+		$subject = SAML2_Utils::xpQuery($xml, './saml_assertion:Subject');
 		if (empty($subject)) {
 			/* No Subject node. */
 			return;
@@ -220,7 +220,7 @@ class SAML2_Assertion implements SAML2_SignedElement {
 		}
 		$subject = $subject[0];
 
-		$nameId = SAML2_Utils::xpQuery($subject, './saml:NameID');
+		$nameId = SAML2_Utils::xpQuery($subject, './saml_assertion:NameID');
 		if (empty($nameId)) {
 			throw new Exception('Missing <saml:NameID> in <saml:Subject>.');
 		} elseif (count($nameId) > 1) {
@@ -229,7 +229,7 @@ class SAML2_Assertion implements SAML2_SignedElement {
 		$nameId = $nameId[0];
 		$this->nameId = SAML2_Utils::parseNameId($nameId);
 
-		$subjectConfirmation = SAML2_Utils::xpQuery($subject, './saml:SubjectConfirmation');
+		$subjectConfirmation = SAML2_Utils::xpQuery($subject, './saml_assertion:SubjectConfirmation');
 		if (empty($subjectConfirmation)) {
 			throw new Exception('Missing <saml:SubjectConfirmation> in <saml:Subject>.');
 		} elseif (count($subjectConfirmation) > 1) {
@@ -246,7 +246,7 @@ class SAML2_Assertion implements SAML2_SignedElement {
 			throw new Exception('Unsupported subject confirmation method: ' . var_export($method, TRUE));
 		}
 
-		$confirmationData = SAML2_Utils::xpQuery($subjectConfirmation, './saml:SubjectConfirmationData');
+		$confirmationData = SAML2_Utils::xpQuery($subjectConfirmation, './saml_assertion:SubjectConfirmationData');
 		if (empty($confirmationData)) {
 			return;
 		} elseif (count($confirmationData) > 1) {
@@ -282,7 +282,7 @@ class SAML2_Assertion implements SAML2_SignedElement {
 	 */
 	private function parseConditions(DOMElement $xml) {
 
-		$conditions = SAML2_Utils::xpQuery($xml, './saml:Conditions');
+		$conditions = SAML2_Utils::xpQuery($xml, './saml_assertion:Conditions');
 		if (empty($conditions)) {
 			/* No <saml:Conditions> node. */
 			return;
@@ -314,7 +314,7 @@ class SAML2_Assertion implements SAML2_SignedElement {
 			}
 			switch ($node->localName) {
 			case 'AudienceRestriction':
-				$audiences = SAML2_Utils::xpQuery($node, './saml:Audience');
+				$audiences = SAML2_Utils::xpQuery($node, './saml_assertion:Audience');
 				foreach ($audiences as &$audience) {
 					$audience = trim($audience->textContent);
 				}
@@ -351,7 +351,7 @@ class SAML2_Assertion implements SAML2_SignedElement {
 	 */
 	private function parseAuthnStatement(DOMElement $xml) {
 
-		$as = SAML2_Utils::xpQuery($xml, './saml:AuthnStatement');
+		$as = SAML2_Utils::xpQuery($xml, './saml_assertion:AuthnStatement');
 		if (empty($as)) {
 			return;
 		} elseif (count($as) > 1) {
@@ -372,7 +372,7 @@ class SAML2_Assertion implements SAML2_SignedElement {
 			$this->sessionIndex = $as->getAttribute('SessionIndex');
 		}
 
-		$ac = SAML2_Utils::xpQuery($as, './saml:AuthnContext');
+		$ac = SAML2_Utils::xpQuery($as, './saml_assertion:AuthnContext');
 		if (empty($ac)) {
 			throw new Exception('Missing required <saml:AuthnContext> in <saml:AuthnStatement>.');
 		} elseif (count($ac) > 1) {
@@ -380,9 +380,9 @@ class SAML2_Assertion implements SAML2_SignedElement {
 		}
 		$ac = $ac[0];
 
-		$accr = SAML2_Utils::xpQuery($ac, './saml:AuthnContextClassRef');
+		$accr = SAML2_Utils::xpQuery($ac, './saml_assertion:AuthnContextClassRef');
 		if (empty($accr)) {
-			$acdr = SAML2_Utils::xpQuery($ac, './saml:AuthnContextDeclRef');
+			$acdr = SAML2_Utils::xpQuery($ac, './saml_assertion:AuthnContextDeclRef');
 			if (empty($acdr)) {
 				throw new Exception('Neither <saml:AuthnContextClassRef> nor <saml:AuthnContextDeclRef> found in <saml:AuthnContext>.');
 			} elseif (count($accr) > 1) {
@@ -405,7 +405,7 @@ class SAML2_Assertion implements SAML2_SignedElement {
 	private function parseAttributes(DOMElement $xml) {
 
 		$firstAttribute = TRUE;
-		$attributes = SAML2_Utils::xpQuery($xml, './saml:AttributeStatement/saml:Attribute');
+		$attributes = SAML2_Utils::xpQuery($xml, './saml_assertion:AttributeStatement/saml_assertion:Attribute');
 		foreach ($attributes as $attribute) {
 			if (!$attribute->hasAttribute('Name')) {
 				throw new Exception('Missing name on <saml:Attribute> element.');
@@ -431,7 +431,7 @@ class SAML2_Assertion implements SAML2_SignedElement {
 				$this->attributes[$name] = array();
 			}
 
-			$values = SAML2_Utils::xpQuery($attribute, './saml:AttributeValue');
+			$values = SAML2_Utils::xpQuery($attribute, './saml_assertion:AttributeValue');
 			foreach ($values as $value) {
 				$this->attributes[$name][] = trim($value->textContent);
 			}
diff --git a/lib/SAML2/AttributeQuery.php b/lib/SAML2/AttributeQuery.php
index 3be052b..85e6174 100644
--- a/lib/SAML2/AttributeQuery.php
+++ b/lib/SAML2/AttributeQuery.php
@@ -54,7 +54,7 @@ class SAML2_AttributeQuery extends SAML2_SubjectQuery {
 		}
 
 		$firstAttribute = TRUE;
-		$attributes = SAML2_Utils::xpQuery($xml, './saml:Attribute');
+		$attributes = SAML2_Utils::xpQuery($xml, './saml_assertion:Attribute');
 		foreach ($attributes as $attribute) {
 			if (!$attribute->hasAttribute('Name')) {
 				throw new Exception('Missing name on <saml:Attribute> element.');
@@ -80,7 +80,7 @@ class SAML2_AttributeQuery extends SAML2_SubjectQuery {
 				$this->attributes[$name] = array();
 			}
 
-			$values = SAML2_Utils::xpQuery($attribute, './saml:AttributeValue');
+			$values = SAML2_Utils::xpQuery($attribute, './saml_assertion:AttributeValue');
 			foreach ($values as $value) {
 				$this->attributes[$name][] = trim($value->textContent);
 			}
diff --git a/lib/SAML2/AuthnRequest.php b/lib/SAML2/AuthnRequest.php
index ca7bf9d..897b08e 100644
--- a/lib/SAML2/AuthnRequest.php
+++ b/lib/SAML2/AuthnRequest.php
@@ -74,7 +74,7 @@ class SAML2_AuthnRequest extends SAML2_Request {
 			$this->protocolBinding = $xml->getAttribute('ProtocolBinding');
 		}
 
-		$nameIdPolicy = SAML2_Utils::xpQuery($xml, './samlp:NameIDPolicy');
+		$nameIdPolicy = SAML2_Utils::xpQuery($xml, './saml_protocol:NameIDPolicy');
 		if (!empty($nameIdPolicy)) {
 			$nameIdPolicy = $nameIdPolicy[0];
 			if ($nameIdPolicy->hasAttribute('Format')) {
diff --git a/lib/SAML2/LogoutRequest.php b/lib/SAML2/LogoutRequest.php
index c0718e4..7cfc720 100644
--- a/lib/SAML2/LogoutRequest.php
+++ b/lib/SAML2/LogoutRequest.php
@@ -37,13 +37,13 @@ class SAML2_LogoutRequest extends SAML2_Request {
 			return;
 		}
 
-		$nameId = SAML2_Utils::xpQuery($xml, './saml:NameID');
+		$nameId = SAML2_Utils::xpQuery($xml, './saml_assertion:NameID');
 		if (empty($nameId)) {
 			throw new Exception('Missing NameID in logout request.');
 		}
 		$this->nameId = SAML2_Utils::parseNameId($nameId[0]);
 
-		$sessionIndex = SAML2_Utils::xpQuery($xml, './samlp:SessionIndex');
+		$sessionIndex = SAML2_Utils::xpQuery($xml, './saml_protocol:SessionIndex');
 		if (!empty($sessionIndex)) {
 			$this->sessionIndex = trim($sessionIndex[0]->textContent);
 		}
diff --git a/lib/SAML2/Message.php b/lib/SAML2/Message.php
index b135eca..b54087e 100644
--- a/lib/SAML2/Message.php
+++ b/lib/SAML2/Message.php
@@ -140,7 +140,7 @@ abstract class SAML2_Message implements SAML2_SignedElement {
 			$this->destination = $xml->getAttribute('Destination');
 		}
 
-		$issuer = SAML2_Utils::xpQuery($xml, './saml:Issuer');
+		$issuer = SAML2_Utils::xpQuery($xml, './saml_assertion:Issuer');
 		if (!empty($issuer)) {
 			$this->issuer = trim($issuer[0]->textContent);
 		}
diff --git a/lib/SAML2/StatusResponse.php b/lib/SAML2/StatusResponse.php
index cb74221..6b9f7c7 100644
--- a/lib/SAML2/StatusResponse.php
+++ b/lib/SAML2/StatusResponse.php
@@ -62,13 +62,13 @@ abstract class SAML2_StatusResponse extends SAML2_Message {
 			$this->inResponseTo = $xml->getAttribute('InResponseTo');
 		}
 
-		$status = SAML2_Utils::xpQuery($xml, './samlp:Status');
+		$status = SAML2_Utils::xpQuery($xml, './saml_protocol:Status');
 		if (empty($status)) {
 			throw new Exception('Missing status code on response.');
 		}
 		$status = $status[0];
 
-		$statusCode = SAML2_Utils::xpQuery($status, './samlp:StatusCode');
+		$statusCode = SAML2_Utils::xpQuery($status, './saml_protocol:StatusCode');
 		if (empty($statusCode)) {
 			throw new Exception('Missing status code in status element.');
 		}
@@ -76,12 +76,12 @@ abstract class SAML2_StatusResponse extends SAML2_Message {
 
 		$this->status['Code'] = $statusCode->getAttribute('Value');
 
-		$subCode = SAML2_Utils::xpQuery($statusCode, './samlp:StatusCode');
+		$subCode = SAML2_Utils::xpQuery($statusCode, './saml_protocol:StatusCode');
 		if (!empty($subCode)) {
 			$this->status['SubCode'] = $subCode[0]->getAttribute('Value');
 		}
 
-		$message = SAML2_Utils::xpQuery($status, './samlp:StatusMessage');
+		$message = SAML2_Utils::xpQuery($status, './saml_protocol:StatusMessage');
 		if (!empty($message)) {
 			$this->status['Message'] = trim($message[0]->textContent);
 		}
diff --git a/lib/SAML2/SubjectQuery.php b/lib/SAML2/SubjectQuery.php
index 1dab65b..6591f7f 100644
--- a/lib/SAML2/SubjectQuery.php
+++ b/lib/SAML2/SubjectQuery.php
@@ -48,7 +48,7 @@ abstract class SAML2_SubjectQuery extends SAML2_Request {
 	 */
 	private function parseSubject(DOMElement $xml) {
 
-		$subject = SAML2_Utils::xpQuery($xml, './saml:Subject');
+		$subject = SAML2_Utils::xpQuery($xml, './saml_assertion:Subject');
 		if (empty($subject)) {
 			/* No Subject node. */
 			throw new Exception('Missing subject in subject query.');
@@ -57,7 +57,7 @@ abstract class SAML2_SubjectQuery extends SAML2_Request {
 		}
 		$subject = $subject[0];
 
-		$nameId = SAML2_Utils::xpQuery($subject, './saml:NameID');
+		$nameId = SAML2_Utils::xpQuery($subject, './saml_assertion:NameID');
 		if (empty($nameId)) {
 			throw new Exception('Missing <saml:NameID> in <saml:Subject>.');
 		} elseif (count($nameId) > 1) {
diff --git a/lib/SAML2/Utils.php b/lib/SAML2/Utils.php
index f62a060..fe83f12 100644
--- a/lib/SAML2/Utils.php
+++ b/lib/SAML2/Utils.php
@@ -115,8 +115,8 @@ class SAML2_Utils {
 
 		if ($xpCache === NULL || !$xpCache->document->isSameNode($node->ownerDocument)) {
 			$xpCache = new DOMXPath($node->ownerDocument);
-			$xpCache->registerNamespace('samlp', SAML2_Const::NS_SAMLP);
-			$xpCache->registerNamespace('saml', SAML2_Const::NS_SAML);
+			$xpCache->registerNamespace('saml_protocol', SAML2_Const::NS_SAMLP);
+			$xpCache->registerNamespace('saml_assertion', SAML2_Const::NS_SAML);
 			$xpCache->registerNamespace('ds', XMLSecurityDSig::XMLDSIGNS);
 			$xpCache->registerNamespace('xenc', XMLSecEnc::XMLENCNS);
 		}
@@ -173,7 +173,7 @@ class SAML2_Utils {
 	public static function addNameId(DOMElement $node, array $nameId) {
 		assert('array_key_exists("Value", $nameId)');
 
-		$xml = $node->ownerDocument->createElementNS(SAML2_Const::NS_SAML, 'saml:NameID');
+		$xml = $node->ownerDocument->createElementNS(SAML2_Const::NS_SAML, 'saml_assertion:NameID');
 		$node->appendChild($xml);
 
 		if (array_key_exists('NameQualifier', $nameId) && $nameId['NameQualifier'] !== NULL) {