ILIAS  release_5-4 Revision v5.4.26-12-gabc799a52e6
NameIdDecryptionTransformer.php
Go to the documentation of this file.
1<?php
2
3namespace SAML2\Assertion\Transformer;
4
5use Psr\Log\LoggerInterface;
6use SAML2\Assertion;
7use SAML2\Assertion\Exception\NotDecryptedException;
8use SAML2\Certificate\PrivateKeyLoader;
9use SAML2\Configuration\IdentityProvider;
10use SAML2\Configuration\IdentityProviderAware;
11use SAML2\Configuration\ServiceProvider;
12use SAML2\Configuration\ServiceProviderAware;
13
14class NameIdDecryptionTransformer implements
15 Transformer,
16 IdentityProviderAware,
17 ServiceProviderAware
18{
22 private $privateKeyLoader;
23
27 private $identityProvider;
28
32 private $serviceProvider;
33
37 private $logger;
38
39 public function __construct(
40 LoggerInterface $logger,
41 PrivateKeyLoader $privateKeyLoader
42 ) {
43 $this->logger = $logger;
44 $this->privateKeyLoader = $privateKeyLoader;
45 }
46
47 public function transform(Assertion $assertion)
48 {
49 if (!$assertion->isNameIdEncrypted()) {
50 return $assertion;
51 }
52
53 $decryptionKeys = $this->privateKeyLoader->loadDecryptionKeys($this->identityProvider, $this->serviceProvider);
54 $blacklistedKeys = $this->identityProvider->getBlacklistedAlgorithms();
55 if (is_null($blacklistedKeys)) {
56 $blacklistedKeys = $this->serviceProvider->getBlacklistedAlgorithms();
57 }
58
59 foreach ($decryptionKeys as $index => $key) {
60 try {
61 $assertion->decryptNameId($key, $blacklistedKeys);
62 $this->logger->debug(sprintf('Decrypted assertion NameId with key "#%d"', $index));
63 } catch (\Exception $e) {
64 $this->logger->debug(sprintf(
65 'Decrypting assertion NameId with key "#%d" failed, "%s" thrown: "%s"',
66 $index,
67 get_class($e),
68 $e->getMessage()
69 ));
70 }
71 }
72
73 if ($assertion->isNameIdEncrypted()) {
74 throw new NotDecryptedException(
75 'Could not decrypt the assertion NameId with the configured keys, see the debug log for information'
76 );
77 }
78
79 return $assertion;
80 }
81
82 public function setIdentityProvider(IdentityProvider $identityProvider)
83 {
84 $this->identityProvider = $identityProvider;
85 }
86
87 public function setServiceProvider(ServiceProvider $serviceProvider)
88 {
89 $this->serviceProvider = $serviceProvider;
90 }
91}
php
An exception for terminatinating execution or to throw for unit testing.
SAML2\Assertion\Transformer\NameIdDecryptionTransformer\__construct
__construct(LoggerInterface $logger, PrivateKeyLoader $privateKeyLoader)
Definition: NameIdDecryptionTransformer.php:39
SAML2\Assertion\isNameIdEncrypted
isNameIdEncrypted()
Check whether the NameId is encrypted.
Definition: Assertion.php:761
SAML2\Assertion\decryptNameId
decryptNameId(XMLSecurityKey $key, array $blacklist=array())
Decrypt the NameId of the subject in the assertion.
Definition: Assertion.php:803
SAML2\Configuration\IdentityProvider
Basic configuration wrapper.
Definition: IdentityProvider.php:12
SAML2\Configuration\ServiceProvider
Basic Configuration Wrapper.
Definition: ServiceProvider.php:14
$key
$key
Definition: croninfo.php:18
Psr\Log\LoggerInterface
Describes a logger instance.
Definition: LoggerInterface.php:21
SAML2\Configuration\IdentityProviderAware
Interface for triggering setter injection.
Definition: IdentityProviderAware.php:9
SAML2\Configuration\ServiceProviderAware
Interface for triggering setter injection.
Definition: ServiceProviderAware.php:9
$index
$index
Definition: metadata.php:60