Break parentage of AssertionFailedException for SchemaViolationException

Author: tvdijen

src/Assert/HMACOutputLengthTrait.php

@@ -4,7 +4,10 @@
 
 namespace SimpleSAML\XMLSecurity\Assert;
 
-use InvalidArgumentException;
+use SimpleSAML\XML\Exception\SchemaViolationException;
+use SimpleSAML\XMLSecurity\Exception\ProtocolViolationException;
+
+use function intval;
 
 /**
  * @package simplesamlphp/xml-security
@@ -27,11 +30,24 @@ trait HMACOutputLengthTrait
      */
     protected static function validHMACOutputLength(string $value, string $message = ''): void
     {
-        parent::regex(
-            $value,
-            self::$HMACOutputLength_regex,
-            $message ?: '%s is not a valid ds:HMACOutputLengthType',
-            InvalidArgumentException::class,
-        );
+        try {
+            parent::regex(
+                $value,
+                self::$HMACOutputLength_regex,
+                $message ?: '%s is not a valid ds:HMACOutputLengthType',
+            );
+        } catch (AssertionFailedException $e) {
+            throw new SchemaViolationException($e->getMessage());
+        }
+
+        try {
+            parent::true(
+                intval($value) % 8 === 0,
+                '%s is not devisible by 8 and therefore not a valid ds:HMACOutputLengthType',
+            );
+        } catch (AssertionFailedException $e) {
+            throw new ProtocolViolationException($e->getMessage());
+        }
+
     }
 }

src/Type/HMACOutputLengthValue.php

@@ -19,18 +19,12 @@ class HMACOutputLengthValue extends IntegerValue
      *
      * @param string $value
      * @throws \SimpleSAML\XML\Exception\SchemaViolationException on failure
+     * @throws \SimpleSAML\XMLSecurity\Exception\ProtocolViolationException when not devisible by 8
      * @return void
      */
     protected function validateValue(string $value): void
     {
         // Note: value must already be sanitized before validating
-        $value = $this->sanitizeValue($value);
-
-        Assert::validHMACOutputLength($value, SchemaViolationException::class);
-        Assert::true(
-            intval($value) % 8 === 0,
-            '%s is not devisible by 8 and therefore not a valid ds:HMACOutputLengthType',
-            ProtocolViolationException::class,
-        );
+        Assert::validHMACOutputLength($this->sanitizeValue($value));
     }
 }

tests/Assert/HMACOutputLengthTest.php

@@ -8,6 +8,7 @@
 use PHPUnit\Framework\TestCase;
 use SimpleSAML\Assert\AssertionFailedException;
 use SimpleSAML\XMLSecurity\Assert\Assert;
+use SimpleSAML\XMLSecurity\Exception\ProtocolViolationException;
 
 /**
  * Class \SimpleSAML\Test\XMLSecurity\Assert\HMACOutputLengthTest
@@ -27,7 +28,7 @@ public function testValidHMACOutputLength(bool $shouldPass, string $HMACOutputLe
         try {
             Assert::validHMACOutputLength($HMACOutputLength);
             $this->assertTrue($shouldPass);
-        } catch (AssertionFailedException $e) {
+        } catch (AssertionFailedException|ProtocolViolationException $e) {
             $this->assertFalse($shouldPass);
         }
     }
@@ -41,8 +42,7 @@ public static function provideHMACOutputLength(): array
         return [
             'empty' => [false, ''],
             'valid positive integer' => [true, '128'],
-            // Indivisible by 8 is caught by the type-class, because schema-wise it's perfectly valid
-            'valid indivisible by 8' => [true, '4'],
+            'invalid indivisible by 8' => [false, '4'],
             'invalid signed positive integer' => [false, '+128'],
             'invalid zero' => [false, '0'],
             'invalid leading zeros' => [false, '0000000000000000000128'],