/**
* @param ProfileContext $context
*/
protected function doExecute(ProfileContext $context)
{
$response = MessageContextHelper::asResponse($context->getInboundContext());
if (count($response->getAllEncryptedAssertions()) === 0) {
$this->logger->debug('Response has no encrypted assertions', LogHelper::getActionContext($context, $this));
return;
}
$ownEntityDescriptor = $context->getOwnEntityDescriptor();
$query = $this->credentialResolver->query();
$query->add(new EntityIdCriteria($ownEntityDescriptor->getEntityID()))->add(new MetadataCriteria(ProfileContext::ROLE_IDP === $context->getOwnRole() ? MetadataCriteria::TYPE_IDP : MetadataCriteria::TYPE_SP, SamlConstants::PROTOCOL_SAML2))->add(new UsageCriteria(UsageType::ENCRYPTION));
$query->resolve();
$privateKeys = $query->getPrivateKeys();
if (empty($privateKeys)) {
$message = 'No credentials resolved for assertion decryption';
$this->logger->emergency($message, LogHelper::getActionErrorContext($context, $this));
throw new LightSamlContextException($context, $message);
}
$this->logger->info('Trusted decryption candidates', LogHelper::getActionContext($context, $this, array('credentials' => array_map(function (CredentialInterface $credential) {
return sprintf("Entity: '%s'; PK X509 Thumb: '%s'", $credential->getEntityId(), $credential->getPublicKey() ? $credential->getPublicKey()->getX509Thumbprint() : '');
}, $privateKeys))));
foreach ($response->getAllEncryptedAssertions() as $index => $encryptedAssertion) {
if ($encryptedAssertion instanceof EncryptedAssertionReader) {
$name = sprintf('assertion_encrypted_%s', $index);
/** @var DeserializationContext $deserializationContext */
$deserializationContext = $context->getInboundContext()->getSubContext($name, DeserializationContext::class);
$assertion = $encryptedAssertion->decryptMultiAssertion($privateKeys, $deserializationContext);
$response->addAssertion($assertion);
$this->logger->info('Assertion decrypted', LogHelper::getActionContext($context, $this, array('assertion' => $deserializationContext->getDocument()->saveXML())));
}
}
}
protected function doExecute(ProfileContext $context)
{
$response = MessageContextHelper::asResponse($context->getInboundContext());
if ($response->getBearerAssertions()) {
return;
}
$message = 'Response must contain at least one bearer assertion';
$this->logger->error($message, LogHelper::getActionErrorContext($context, $this));
throw new LightSamlContextException($context, $message);
}
/**
* @param ProfileContext $context
*/
protected function doExecute(ProfileContext $context)
{
$response = MessageContextHelper::asResponse($context->getInboundContext());
foreach ($response->getAllAssertions() as $index => $assertion) {
$name = sprintf('assertion_%s', $index);
/** @var AssertionContext $assertionContext */
$assertionContext = $context->getSubContext($name, AssertionContext::class);
$assertionContext->setAssertion($assertion)->setId($name);
$this->assertionAction->execute($assertionContext);
}
}
protected function doExecute(ProfileContext $context)
{
$response = MessageContextHelper::asResponse($context->getInboundContext());
foreach ($response->getAllAssertions() as $assertion) {
if ($assertion->getAllAuthnStatements()) {
return;
}
}
$message = 'Response must have at least one Assertion containing AuthnStatement element';
$this->logger->error($message, LogHelper::getActionErrorContext($context, $this));
throw new LightSamlContextException($context, $message);
}
/**
* @param ProfileContext $context
*
* @return void
*/
protected function doExecute(ProfileContext $context)
{
$response = MessageContextHelper::asResponse($context->getOutboundContext());
foreach ($this->assertionActions as $index => $action) {
$name = sprintf('assertion_%s', $index);
/** @var AssertionContext $assertionContext */
$assertionContext = $context->getSubContext($name, AssertionContext::class);
$assertionContext->setId($index);
$action->execute($assertionContext);
if ($assertionContext->getEncryptedAssertion()) {
$response->addEncryptedAssertion($assertionContext->getEncryptedAssertion());
} elseif ($assertionContext->getAssertion()) {
$response->addAssertion($assertionContext->getAssertion());
} else {
$this->logger->warning('No assertion was built', LogHelper::getActionContext($context, $this));
}
}
}
/**
* @param ProfileContext $context
*/
protected function doExecute(ProfileContext $context)
{
$response = MessageContextHelper::asResponse($context->getInboundContext());
$this->sessionProcessor->processAssertions($response->getAllAssertions(), $context->getOwnEntityDescriptor()->getEntityID(), $context->getPartyEntityDescriptor()->getEntityID());
}
$context = $builder->buildContext();
$action = $builder->buildAction();
if (SpConfig::current()->debug) {
var_dump('ACTION TREE');
var_dump($action->__toString());
}
try {
$action->execute($context);
} catch (\Exception $ex) {
var_dump('CONTEXT TREE');
var_dump($context->__toString());
throw new \RuntimeException('Error', 0, $ex);
}
var_dump('CONTEXT TREE');
var_dump($context->__toString());
$response = \LightSaml\Context\Profile\Helper\MessageContextHelper::asResponse($context->getInboundContext());
var_dump('RELAY STATE');
var_dump($response->getRelayState());
var_dump('ATTRIBUTES');
foreach ($response->getAllAssertions() as $assertion) {
foreach ($assertion->getAllAttributeStatements() as $attributeStatement) {
foreach ($attributeStatement->getAllAttributes() as $attribute) {
var_dump($attribute);
}
}
}
/** @var \LightSaml\Model\Context\DeserializationContext $inboundMessageDeserializationContext */
$inboundMessageDeserializationContext = $context->getPath('inbound_message/deserialization');
$inboundMessageDeserializationContext->getDocument()->formatOutput = true;
var_dump('RECEIVED MESSAGE');
var_dump($inboundMessageDeserializationContext->getDocument()->saveXML());
