ILIAS  release_5-4 Revision v5.4.26-12-gabc799a52e6
Decrypter.php
Go to the documentation of this file.
1<?php
2
3namespace SAML2\Assertion;
4
5use Psr\Log\LoggerInterface;
6use SAML2\Assertion\Exception\NotDecryptedException;
7use SAML2\Certificate\PrivateKeyLoader;
8use SAML2\Configuration\IdentityProvider;
9use SAML2\Configuration\ServiceProvider;
10use SAML2\EncryptedAssertion;
11
12class Decrypter
13{
17 private $identityProvider;
18
22 private $serviceProvider;
23
27 private $privateKeyLoader;
28
32 private $logger;
33
34 public function __construct(
35 LoggerInterface $logger,
36 IdentityProvider $identityProvider,
37 ServiceProvider $serviceProvider,
38 PrivateKeyLoader $privateKeyLoader
39 ) {
40 $this->logger = $logger;
41 $this->identityProvider = $identityProvider;
42 $this->serviceProvider = $serviceProvider;
43 $this->privateKeyLoader = $privateKeyLoader;
44 }
45
49 public function isEncryptionRequired()
50 {
51 return $this->identityProvider->isAssertionEncryptionRequired()
52 || $this->serviceProvider->isAssertionEncryptionRequired();
53 }
54
60 public function decrypt(EncryptedAssertion $assertion)
61 {
62 $decryptionKeys = $this->privateKeyLoader->loadDecryptionKeys($this->identityProvider, $this->serviceProvider);
63 $blacklistedKeys = $this->identityProvider->getBlacklistedAlgorithms();
64 if (is_null($blacklistedKeys)) {
65 $blacklistedKeys = $this->serviceProvider->getBlacklistedAlgorithms();
66 }
67
68 // reflects the simplesamlphp behaviour for BC, see
69 // https://github.com/simplesamlphp/simplesamlphp/blob/3d735912342767d391297cc5e13272a76730aca0/modules/saml/lib/Message.php#L369
70 foreach ($decryptionKeys as $index => $key) {
71 try {
72 $decryptedAssertion = $assertion->getAssertion($key, $blacklistedKeys);
73 $this->logger->debug(sprintf('Decrypted Assertion with key "#%d"', $index));
74
75 return $decryptedAssertion;
76 } catch (\Exception $e) {
77 $this->logger->debug(sprintf(
78 'Could not decrypt assertion with key "#%d", "%s" thrown: "%s"',
79 $index,
80 get_class($e),
81 $e->getMessage()
82 ));
83 }
84 }
85
86 throw new NotDecryptedException(sprintf(
87 'Could not decrypt the assertion, tried with "%d" keys. See the debug log for more information',
88 count($decryptionKeys)
89 ));
90 }
91}
php
An exception for terminatinating execution or to throw for unit testing.
SAML2\Assertion\Decrypter\isEncryptionRequired
isEncryptionRequired()
Allows for checking whether either the SP or the IdP requires assertion encryption.
Definition: Decrypter.php:49
SAML2\Assertion\Decrypter\__construct
__construct(LoggerInterface $logger, IdentityProvider $identityProvider, ServiceProvider $serviceProvider, PrivateKeyLoader $privateKeyLoader)
Definition: Decrypter.php:34
SAML2\Assertion\Decrypter\decrypt
decrypt(EncryptedAssertion $assertion)
Definition: Decrypter.php:60
SAML2\Configuration\IdentityProvider
Basic configuration wrapper.
Definition: IdentityProvider.php:12
SAML2\Configuration\ServiceProvider
Basic Configuration Wrapper.
Definition: ServiceProvider.php:14
SAML2\EncryptedAssertion\getAssertion
getAssertion(XMLSecurityKey $inputKey, array $blacklist=array())
Retrieve the assertion.
Definition: EncryptedAssertion.php:91
$key
$key
Definition: croninfo.php:18
Psr\Log\LoggerInterface
Describes a logger instance.
Definition: LoggerInterface.php:21
$index
$index
Definition: metadata.php:60