blob: 07bf4432cd49507047599cf83d94dd3c2c0c9f8d (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
|
<?php
/**
* Class handling encrypted assertions.
*
* @package simpleSAMLphp
* @version $Id$
*/
class SAML2_EncryptedAssertion {
/**
* The current encrypted assertion.
*
* @var DOMElement
*/
private $encryptedData;
/**
* Constructor for SAML 2 encrypted assertions.
*
* @param DOMElement|NULL $xml The encrypted assertion XML element.
*/
public function __construct(DOMElement $xml = NULL) {
if ($xml === NULL) {
return;
}
$data = SAML2_Utils::xpQuery($xml, './xenc:EncryptedData');
if (count($data) === 0) {
throw new Exception('Missing encrypted data in <saml:EncryptedAssertion>.');
} elseif (count($data) > 1) {
throw new Exception('More than one encrypted data element in <saml:EncryptedAssertion>.');
}
$this->encryptedData = $data[0];
}
/**
* Set the assertion.
*
* @param SAML2_Assertion $assertion The assertion.
* @param XMLSecurityKey $key The key we should use to encrypt the assertion.
*/
public function setAssertion(SAML2_Assertion $assertion, XMLSecurityKey $key) {
$xml = $assertion->toXML();
$enc = new XMLSecEnc();
$enc->setNode($xml);
$enc->type = XMLSecEnc::Element;
switch ($key->type) {
case XMLSecurityKey::TRIPLEDES_CBC:
case XMLSecurityKey::AES128_CBC:
case XMLSecurityKey::AES192_CBC:
case XMLSecurityKey::AES256_CBC:
$symmetricKey = $key;
break;
case XMLSecurityKey::RSA_1_5:
case XMLSecurityKey::RSA_OAEP_MGF1P:
$symmetricKey = new XMLSecurityKey(XMLSecurityKey::AES128_CBC);
$symmetricKey->generateSessionKey();
$enc->encryptKey($key, $symmetricKey);
break;
default:
throw new Exception('Unknown key type for encryption: ' . $key->type);
}
$this->encryptedData = $enc->encryptNode($symmetricKey);
}
/**
* Retrieve the assertion.
*
* @param XMLSecurityKey $key The key we should use to decrypt the assertion.
* @return SAML2_Assertion The decrypted assertion.
*/
public function getAssertion(XMLSecurityKey $inputKey) {
$assertionXML = SAML2_Utils::decryptElement($this->encryptedData, $inputKey);
return new SAML2_Assertion($assertionXML);
}
/**
* Convert this encrypted assertion to an XML element.
*
* @param DOMNode|NULL $parentElement The DOM node the assertion should be created in.
* @return DOMElement This encrypted assertion.
*/
public function toXML(DOMNode $parentElement = NULL) {
if ($parentElement === NULL) {
$document = new DOMDocument();
$parentElement = $document;
} else {
$document = $parentElement->ownerDocument;
}
$root = $document->createElementNS(SAML2_Const::NS_SAML, 'saml:' . 'EncryptedAssertion');
$parentElement->appendChild($root);
$root->appendChild($document->importNode($this->encryptedData, TRUE));
return $root;
}
}
|
