de/d30/Assertion_2Processor_8php_source.html

<?php


namespace SAML2\Assertion;


use Psr\Log\LoggerInterface;

use SAML2\Assertion;

use SAML2\Assertion\Exception\InvalidAssertionException;

use SAML2\Assertion\Exception\InvalidSubjectConfirmationException;

use SAML2\Assertion\Transformer\Transformer;

use SAML2\Assertion\Validation\AssertionValidator;

use SAML2\Assertion\Validation\SubjectConfirmationValidator;

use SAML2\Configuration\IdentityProvider;

use SAML2\Response\Exception\InvalidSignatureException;

use SAML2\Response\Exception\UnencryptedAssertionFoundException;

use SAML2\Signature\Validator;

use SAML2\Utilities\ArrayCollection;


class Processor

{

    private $decrypter;


    private $assertionValidator;


    private $subjectConfirmationValidator;


    private $transformer;


    private $signatureValidator;


    private $identityProviderConfiguration;


    private $logger;


    public function __construct(

        Decrypter $decrypter,

        Validator $signatureValidator,

        AssertionValidator $assertionValidator,

        SubjectConfirmationValidator $subjectConfirmationValidator,

        Transformer $transformer,

        IdentityProvider $identityProviderConfiguration,

        LoggerInterface $logger

    ) {

        $this->assertionValidator            = $assertionValidator;

        $this->signatureValidator            = $signatureValidator;

        $this->decrypter                     = $decrypter;

        $this->subjectConfirmationValidator  = $subjectConfirmationValidator;

        $this->transformer                   = $transformer;

        $this->identityProviderConfiguration = $identityProviderConfiguration;

        $this->logger                        = $logger;

    }


    public function processAssertions($assertions)

    {

        $processed = new ArrayCollection();

        foreach ($assertions as $assertion) {

            $processed->add($this->process($assertion));

        }


        return $processed;

    }


    public function process($assertion)

    {

        $assertion = $this->decryptAssertion($assertion);


        if (!$assertion->getWasSignedAtConstruction()) {

            $this->logger->info(sprintf(

                'Assertion with id "%s" was not signed at construction, not verifying the signature',

                $assertion->getId()

            ));

        } else {

            $this->logger->info(sprintf('Verifying signature of Assertion with id "%s"', $assertion->getId()));


            if (!$this->signatureValidator->hasValidSignature($assertion, $this->identityProviderConfiguration)) {

                throw new InvalidSignatureException();

            }

        }


        $this->validateAssertion($assertion);


        $assertion = $this->transformAssertion($assertion);


        return $assertion;

    }


    private function decryptAssertion($assertion)

    {

        if ($this->decrypter->isEncryptionRequired() && $assertion instanceof Assertion) {

            throw new UnencryptedAssertionFoundException();

        }


        if ($assertion instanceof Assertion) {

            return $assertion;

        }


        return $this->decrypter->decrypt($assertion);

    }


    public function validateAssertion(Assertion $assertion)

    {

        $assertionValidationResult = $this->assertionValidator->validate($assertion);

        if (!$assertionValidationResult->isValid()) {

            throw new InvalidAssertionException(sprintf(

                'Invalid Assertion in SAML Response, erorrs: "%s"',

                implode('", "', $assertionValidationResult->getErrors())

            ));

        }


        foreach ($assertion->getSubjectConfirmation() as $subjectConfirmation) {

            $subjectConfirmationValidationResult = $this->subjectConfirmationValidator->validate(

                $subjectConfirmation

            );

            if (!$subjectConfirmationValidationResult->isValid()) {

                throw new InvalidSubjectConfirmationException(sprintf(

                    'Invalid SubjectConfirmation in Assertion, errors: "%s"',

                    implode('", "', $subjectConfirmationValidationResult->getErrors())

                ));

            }

        }

    }


    private function transformAssertion(Assertion $assertion)

    {

        return $this->transformer->transform($assertion);

    }

}

sprintf
sprintf('%.4f', $callTime)
Definition: 01pharSimple.php:87

php
An exception for terminatinating execution or to throw for unit testing.

SAML2\Assertion\Decrypter
Definition: Decrypter.php:13

SAML2\Assertion\Exception\InvalidAssertionException
Definition: InvalidAssertionException.php:8

SAML2\Assertion\Exception\InvalidSubjectConfirmationException
Definition: InvalidSubjectConfirmationException.php:8

SAML2\Assertion\Processor
@SuppressWarnings(PHPMD.CouplingBetweenObjects) - due to all the named exceptions
Definition: Processor.php:22

SAML2\Assertion\Processor\$decrypter
$decrypter
Definition: Processor.php:26

SAML2\Assertion\Processor\$transformer
$transformer
Definition: Processor.php:41

SAML2\Assertion\Processor\$identityProviderConfiguration
$identityProviderConfiguration
Definition: Processor.php:51

SAML2\Assertion\Processor\$logger
$logger
Definition: Processor.php:56

SAML2\Assertion\Processor\__construct
__construct(Decrypter $decrypter, Validator $signatureValidator, AssertionValidator $assertionValidator, SubjectConfirmationValidator $subjectConfirmationValidator, Transformer $transformer, IdentityProvider $identityProviderConfiguration, LoggerInterface $logger)
Definition: Processor.php:58

SAML2\Assertion\Processor\$assertionValidator
$assertionValidator
Definition: Processor.php:31

SAML2\Assertion\Processor\validateAssertion
validateAssertion(Assertion $assertion)
Definition: Processor.php:141

SAML2\Assertion\Processor\$subjectConfirmationValidator
$subjectConfirmationValidator
Definition: Processor.php:36

SAML2\Assertion\Processor\processAssertions
processAssertions($assertions)
Definition: Processor.php:81

SAML2\Assertion\Processor\$signatureValidator
$signatureValidator
Definition: Processor.php:46

SAML2\Assertion\Processor\decryptAssertion
decryptAssertion($assertion)
Definition: Processor.php:125

SAML2\Assertion\Processor\transformAssertion
transformAssertion(Assertion $assertion)
Definition: Processor.php:169

SAML2\Assertion\Processor\process
process($assertion)
Definition: Processor.php:96

SAML2\Assertion\Validation\AssertionValidator
Definition: AssertionValidator.php:12

SAML2\Assertion\Validation\SubjectConfirmationValidator
Definition: SubjectConfirmationValidator.php:12

SAML2\Assertion
Definition: Assertion.php:18

SAML2\Assertion\getSubjectConfirmation
getSubjectConfirmation()
Retrieve the SubjectConfirmation elements we have in our Subject element.
Definition: Assertion.php:1260

SAML2\Configuration\IdentityProvider
Basic configuration wrapper.
Definition: IdentityProvider.php:12

SAML2\Response\Exception\InvalidSignatureException
Definition: InvalidSignatureException.php:6

SAML2\Response\Exception\UnencryptedAssertionFoundException
Definition: UnencryptedAssertionFoundException.php:9

SAML2\Signature\Validator
Signature Validator.
Definition: Validator.php:15

SAML2\Utilities\ArrayCollection
Simple Array implementation of Collection.
Definition: ArrayCollection.php:13

Psr\Log\LoggerInterface
Describes a logger instance.
Definition: LoggerInterface.php:21

SAML2\Assertion\Transformer\Transformer
Definition: Transformer.php:8

SAML2\Assertion
Definition: Decrypter.php:3