ILIAS  release_5-4 Revision v5.4.26-12-gabc799a52e6
NameIdDecryptionTransformer.php
Go to the documentation of this file.
1<?php
2
4
13
18{
23
28
33
37 private $logger;
38
39 public function __construct(
42 ) {
43 $this->logger = $logger;
44 $this->privateKeyLoader = $privateKeyLoader;
45 }
46
47 public function transform(Assertion $assertion)
48 {
49 if (!$assertion->isNameIdEncrypted()) {
50 return $assertion;
51 }
52
53 $decryptionKeys = $this->privateKeyLoader->loadDecryptionKeys($this->identityProvider, $this->serviceProvider);
54 $blacklistedKeys = $this->identityProvider->getBlacklistedAlgorithms();
55 if (is_null($blacklistedKeys)) {
56 $blacklistedKeys = $this->serviceProvider->getBlacklistedAlgorithms();
57 }
58
59 foreach ($decryptionKeys as $index => $key) {
60 try {
61 $assertion->decryptNameId($key, $blacklistedKeys);
62 $this->logger->debug(sprintf('Decrypted assertion NameId with key "#%d"', $index));
63 } catch (\Exception $e) {
64 $this->logger->debug(sprintf(
65 'Decrypting assertion NameId with key "#%d" failed, "%s" thrown: "%s"',
66 $index,
67 get_class($e),
68 $e->getMessage()
69 ));
70 }
71 }
72
73 if ($assertion->isNameIdEncrypted()) {
74 throw new NotDecryptedException(
75 'Could not decrypt the assertion NameId with the configured keys, see the debug log for information'
76 );
77 }
78
79 return $assertion;
80 }
81
83 {
84 $this->identityProvider = $identityProvider;
85 }
86
88 {
89 $this->serviceProvider = $serviceProvider;
90 }
91}
An exception for terminatinating execution or to throw for unit testing.
__construct(LoggerInterface $logger, PrivateKeyLoader $privateKeyLoader)
isNameIdEncrypted()
Check whether the NameId is encrypted.
Definition: Assertion.php:761
decryptNameId(XMLSecurityKey $key, array $blacklist=array())
Decrypt the NameId of the subject in the assertion.
Definition: Assertion.php:803
Basic configuration wrapper.
Basic Configuration Wrapper.
$key
Definition: croninfo.php:18
Describes a logger instance.
Interface for triggering setter injection.
Interface for triggering setter injection.
$index
Definition: metadata.php:60