ILIAS  release_5-3 Revision v5.3.23-19-g915713cf615
Processor.php
Go to the documentation of this file.
1 <?php
2 
3 namespace SAML2\Assertion;
4 
5 use Psr\Log\LoggerInterface;
6 use SAML2\Assertion;
7 use SAML2\Assertion\Exception\InvalidAssertionException;
8 use SAML2\Assertion\Exception\InvalidSubjectConfirmationException;
9 use SAML2\Assertion\Transformer\Transformer;
10 use SAML2\Assertion\Validation\AssertionValidator;
11 use SAML2\Assertion\Validation\SubjectConfirmationValidator;
12 use SAML2\Configuration\IdentityProvider;
13 use SAML2\Response\Exception\InvalidSignatureException;
14 use SAML2\Response\Exception\UnencryptedAssertionFoundException;
15 use SAML2\Signature\Validator;
16 use SAML2\Utilities\ArrayCollection;
17 
21 class Processor
22 {
26  private $decrypter;
27 
31  private $assertionValidator;
32 
36  private $subjectConfirmationValidator;
37 
41  private $transformer;
42 
46  private $signatureValidator;
47 
51  private $identityProviderConfiguration;
52 
56  private $logger;
57 
58  public function __construct(
59  Decrypter $decrypter,
60  Validator $signatureValidator,
61  AssertionValidator $assertionValidator,
62  SubjectConfirmationValidator $subjectConfirmationValidator,
63  Transformer $transformer,
64  IdentityProvider $identityProviderConfiguration,
65  LoggerInterface $logger
66  ) {
67  $this->assertionValidator = $assertionValidator;
68  $this->signatureValidator = $signatureValidator;
69  $this->decrypter = $decrypter;
70  $this->subjectConfirmationValidator = $subjectConfirmationValidator;
71  $this->transformer = $transformer;
72  $this->identityProviderConfiguration = $identityProviderConfiguration;
73  $this->logger = $logger;
74  }
75 
81  public function processAssertions($assertions)
82  {
83  $processed = new ArrayCollection();
84  foreach ($assertions as $assertion) {
85  $processed->add($this->process($assertion));
86  }
87 
88  return $processed;
89  }
90 
96  public function process($assertion)
97  {
98  $assertion = $this->decryptAssertion($assertion);
99 
100  if (!$assertion->getWasSignedAtConstruction()) {
101  $this->logger->info(sprintf(
102  'Assertion with id "%s" was not signed at construction, not verifying the signature',
103  $assertion->getId()
104  ));
105  } else {
106  $this->logger->info(sprintf('Verifying signature of Assertion with id "%s"', $assertion->getId()));
107 
108  if (!$this->signatureValidator->hasValidSignature($assertion, $this->identityProviderConfiguration)) {
109  throw new InvalidSignatureException();
110  }
111  }
112 
113  $this->validateAssertion($assertion);
114 
115  $assertion = $this->transformAssertion($assertion);
116 
117  return $assertion;
118  }
119 
125  private function decryptAssertion($assertion)
126  {
127  if ($this->decrypter->isEncryptionRequired() && $assertion instanceof Assertion) {
128  throw new UnencryptedAssertionFoundException();
129  }
130 
131  if ($assertion instanceof Assertion) {
132  return $assertion;
133  }
134 
135  return $this->decrypter->decrypt($assertion);
136  }
137 
141  public function validateAssertion(Assertion $assertion)
142  {
143  $assertionValidationResult = $this->assertionValidator->validate($assertion);
144  if (!$assertionValidationResult->isValid()) {
145  throw new InvalidAssertionException(sprintf(
146  'Invalid Assertion in SAML Response, erorrs: "%s"',
147  implode('", "', $assertionValidationResult->getErrors())
148  ));
149  }
150 
151  foreach ($assertion->getSubjectConfirmation() as $subjectConfirmation) {
152  $subjectConfirmationValidationResult = $this->subjectConfirmationValidator->validate(
153  $subjectConfirmation
154  );
155  if (!$subjectConfirmationValidationResult->isValid()) {
156  throw new InvalidSubjectConfirmationException(sprintf(
157  'Invalid SubjectConfirmation in Assertion, errors: "%s"',
158  implode('", "', $subjectConfirmationValidationResult->getErrors())
159  ));
160  }
161  }
162  }
163 
169  private function transformAssertion(Assertion $assertion)
170  {
171  return $this->transformer->transform($assertion);
172  }
173 }
SAML2\Assertion\Processor
(PHPMD.CouplingBetweenObjects) - due to all the named exceptions
Definition: Processor.php:21
SAML2\Configuration\IdentityProvider
Basic configuration wrapper.
Definition: IdentityProvider.php:8
SAML2\Assertion\Processor\transformAssertion
transformAssertion(Assertion $assertion)
Definition: Processor.php:169
SAML2\Assertion\Processor\validateAssertion
validateAssertion(Assertion $assertion)
Definition: Processor.php:141
SAML2\Utilities\ArrayCollection
Simple Array implementation of Collection.
Definition: ArrayCollection.php:12
SAML2\Assertion\Processor\processAssertions
processAssertions($assertions)
Definition: Processor.php:81
Psr\Log\LoggerInterface
Describes a logger instance.
Definition: LoggerInterface.php:20
SAML2\Assertion\Processor\__construct
__construct(Decrypter $decrypter, Validator $signatureValidator, AssertionValidator $assertionValidator, SubjectConfirmationValidator $subjectConfirmationValidator, Transformer $transformer, IdentityProvider $identityProviderConfiguration, LoggerInterface $logger)
Definition: Processor.php:58
SAML2\Assertion\getSubjectConfirmation
getSubjectConfirmation()
Retrieve the SubjectConfirmation elements we have in our Subject element.
Definition: Assertion.php:1260
SAML2\Assertion\Processor\decryptAssertion
decryptAssertion($assertion)
Definition: Processor.php:125
SAML2\Signature\Validator
Signature Validator.
Definition: Validator.php:14