ILIAS  release_5-4 Revision v5.4.26-12-gabc799a52e6
Decrypter.php
Go to the documentation of this file.
1 <?php
2 
3 namespace SAML2\Assertion;
4 
5 use Psr\Log\LoggerInterface;
6 use SAML2\Assertion\Exception\NotDecryptedException;
7 use SAML2\Certificate\PrivateKeyLoader;
8 use SAML2\Configuration\IdentityProvider;
9 use SAML2\Configuration\ServiceProvider;
10 use SAML2\EncryptedAssertion;
11 
12 class Decrypter
13 {
17  private $identityProvider;
18 
22  private $serviceProvider;
23 
27  private $privateKeyLoader;
28 
32  private $logger;
33 
34  public function __construct(
35  LoggerInterface $logger,
36  IdentityProvider $identityProvider,
37  ServiceProvider $serviceProvider,
38  PrivateKeyLoader $privateKeyLoader
39  ) {
40  $this->logger = $logger;
41  $this->identityProvider = $identityProvider;
42  $this->serviceProvider = $serviceProvider;
43  $this->privateKeyLoader = $privateKeyLoader;
44  }
45 
49  public function isEncryptionRequired()
50  {
51  return $this->identityProvider->isAssertionEncryptionRequired()
52  || $this->serviceProvider->isAssertionEncryptionRequired();
53  }
54 
60  public function decrypt(EncryptedAssertion $assertion)
61  {
62  $decryptionKeys = $this->privateKeyLoader->loadDecryptionKeys($this->identityProvider, $this->serviceProvider);
63  $blacklistedKeys = $this->identityProvider->getBlacklistedAlgorithms();
64  if (is_null($blacklistedKeys)) {
65  $blacklistedKeys = $this->serviceProvider->getBlacklistedAlgorithms();
66  }
67 
68  // reflects the simplesamlphp behaviour for BC, see
69  // https://github.com/simplesamlphp/simplesamlphp/blob/3d735912342767d391297cc5e13272a76730aca0/modules/saml/lib/Message.php#L369
70  foreach ($decryptionKeys as $index => $key) {
71  try {
72  $decryptedAssertion = $assertion->getAssertion($key, $blacklistedKeys);
73  $this->logger->debug(sprintf('Decrypted Assertion with key "#%d"', $index));
74 
75  return $decryptedAssertion;
76  } catch (\Exception $e) {
77  $this->logger->debug(sprintf(
78  'Could not decrypt assertion with key "#%d", "%s" thrown: "%s"',
79  $index,
80  get_class($e),
81  $e->getMessage()
82  ));
83  }
84  }
85 
86  throw new NotDecryptedException(sprintf(
87  'Could not decrypt the assertion, tried with "%d" keys. See the debug log for more information',
88  count($decryptionKeys)
89  ));
90  }
91 }
SAML2\Assertion\Decrypter\decrypt
decrypt(EncryptedAssertion $assertion)
Definition: Decrypter.php:60
SAML2\Configuration\IdentityProvider
Basic configuration wrapper.
Definition: IdentityProvider.php:8
SAML2\Configuration\ServiceProvider
Basic Configuration Wrapper.
Definition: ServiceProvider.php:10
SAML2\Assertion\Decrypter\isEncryptionRequired
isEncryptionRequired()
Allows for checking whether either the SP or the IdP requires assertion encryption.
Definition: Decrypter.php:49
$index
$index
Definition: metadata.php:60
SAML2\Assertion\Decrypter\__construct
__construct(LoggerInterface $logger, IdentityProvider $identityProvider, ServiceProvider $serviceProvider, PrivateKeyLoader $privateKeyLoader)
Definition: Decrypter.php:34
SAML2\EncryptedAssertion\getAssertion
getAssertion(XMLSecurityKey $inputKey, array $blacklist=array())
Retrieve the assertion.
Definition: EncryptedAssertion.php:91
Psr\Log\LoggerInterface
Describes a logger instance.
Definition: LoggerInterface.php:20
$key
$key
Definition: croninfo.php:18