Merge pull request #121 from jbaron-gingco/master

Fix method "hasEncryptedAttributes" of class "Assertion".

src/SAML2/Assertion.php

@@ -61,9 +61,9 @@ class Assertion implements SignedElement
     /**
      * The encrypted Attributes.
      *
-     * If this is not null, these Attributes need decryption before they can be accessed.
+     * If this is not an empty array, these Attributes need decryption before they can be used.
      *
-     * @var \DOMElement[]|null
+     * @var \DOMElement[]
      */
     private $encryptedAttributes;
 
@@ -822,7 +822,7 @@ public function decryptNameId(XMLSecurityKey $key, array $blacklist = array())
      */
     public function hasEncryptedAttributes()
     {
-        return $this->encryptedAttributes !== null;
+        return $this->encryptedAttributes !== [];
     }
 
     /**
@@ -834,7 +834,7 @@ public function hasEncryptedAttributes()
      */
     public function decryptAttributes(XMLSecurityKey $key, array $blacklist = array())
     {
-        if ($this->encryptedAttributes === null) {
+        if (!$this->hasEncryptedAttributes()) {
             return;
         }
         $firstAttribute = true;

tests/SAML2/AssertionTest.php

@@ -526,6 +526,50 @@ public function testHasEncryptedAttributes()
         $this->assertTrue($assertion->hasEncryptedAttributes());
     }
 
+    public function testHasEncryptedAttributes2()
+    {
+        $document = new \DOMDocument();
+        $document->loadXML(<<<XML
+    <saml:Assertion xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"
+                    Version="2.0"
+                    ID="_93af655219464fb403b34436cfb0c5cb1d9a5502"
+                    IssueInstant="1970-01-01T01:33:31Z">
+      <saml:Issuer>Provider</saml:Issuer>
+      <saml:Subject>
+        <saml:NameID Format="urn:oasis:names:tc:SAML:2.0:nameid-format:persistent">s00000000:123456789</saml:NameID>
+        <saml:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer">
+          <saml:SubjectConfirmationData NotOnOrAfter="2011-08-31T08:51:05Z" Recipient="https://sp.example.com/assertion_consumer" InResponseTo="_13603a6565a69297e9809175b052d115965121c8" />
+        </saml:SubjectConfirmation>
+      </saml:Subject>
+      <saml:Conditions NotOnOrAfter="2011-08-31T08:51:05Z" NotBefore="2011-08-31T08:51:05Z">
+        <saml:AudienceRestriction>
+          <saml:Audience>ServiceProvider</saml:Audience>
+        </saml:AudienceRestriction>
+      </saml:Conditions>
+      <saml:AuthnStatement AuthnInstant="2011-08-31T08:51:05Z" SessionIndex="_93af655219464fb403b34436cfb0c5cb1d9a5502">
+        <saml:AuthnContext>
+          <saml:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</saml:AuthnContextClassRef>
+        </saml:AuthnContext>
+        <saml:SubjectLocality Address="127.0.0.1"/>
+      </saml:AuthnStatement>
+      <saml:AttributeStatement>
+        <saml:Attribute Name="urn:ServiceID">
+          <saml:AttributeValue xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:string">1</saml:AttributeValue>
+        </saml:Attribute>
+        <saml:Attribute Name="urn:EntityConcernedID">
+          <saml:AttributeValue xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:string">1</saml:AttributeValue>
+        </saml:Attribute>
+        <saml:Attribute Name="urn:EntityConcernedSubID">
+          <saml:AttributeValue xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:string">1</saml:AttributeValue>
+        </saml:Attribute>
+      </saml:AttributeStatement>
+    </saml:Assertion>
+XML
+        );
+        $assertion = new Assertion($document->firstChild);
+        $this->assertFalse($assertion->hasEncryptedAttributes());
+    }
+
     /**
      * @group Assertion
      */