Ejemplo n.º 1
0
 /**
  * Decrypt an assertion.
  *
  * This function takes in a SAML2_Assertion and decrypts it if it is encrypted.
  * If it is unencrypted, and encryption is enabled in the metadata, an exception
  * will be throws.
  *
  * @param SimpleSAML_Configuration $srcMetadata  The metadata of the sender (IdP).
  * @param SimpleSAML_Configuration $dstMetadata  The metadata of the recipient (SP).
  * @param SAML2_Assertion|SAML2_EncryptedAssertion $assertion  The assertion we are decrypting.
  * @return SAML2_Assertion  The assertion.
  */
 private static function decryptAssertion(SimpleSAML_Configuration $srcMetadata, SimpleSAML_Configuration $dstMetadata, $assertion)
 {
     assert('$assertion instanceof SAML2_Assertion || $assertion instanceof SAML2_EncryptedAssertion');
     if ($assertion instanceof SAML2_Assertion) {
         $encryptAssertion = $srcMetadata->getBoolean('assertion.encryption', NULL);
         if ($encryptAssertion === NULL) {
             $encryptAssertion = $dstMetadata->getBoolean('assertion.encryption', FALSE);
         }
         if ($encryptAssertion) {
             /* The assertion was unencrypted, but we have encryption enabled. */
             throw new Exception('Received unencrypted assertion, but encryption was enabled.');
         }
         return $assertion;
     }
     try {
         $keys = self::getDecryptionKeys($srcMetadata, $dstMetadata);
     } catch (Exception $e) {
         throw new SimpleSAML_Error_Exception('Error decrypting assertion: ' . $e->getMessage());
     }
     $blacklist = self::getBlacklistedAlgorithms($srcMetadata, $dstMetadata);
     $lastException = NULL;
     foreach ($keys as $i => $key) {
         try {
             $ret = $assertion->getAssertion($key, $blacklist);
             SimpleSAML_Logger::debug('Decryption with key #' . $i . ' succeeded.');
             return $ret;
         } catch (Exception $e) {
             SimpleSAML_Logger::debug('Decryption with key #' . $i . ' failed with exception: ' . $e->getMessage());
             $lastException = $e;
         }
     }
     throw $lastException;
 }
Ejemplo n.º 2
0
 /**
  * Decrypt an assertion.
  *
  * This function takes in a SAML2_Assertion and decrypts it if it is encrypted.
  * If it is unencrypted, and encryption is enabled in the metadata, an exception
  * will be throws.
  *
  * @param SimpleSAML_Configuration $srcMetadata  The metadata of the sender (IdP).
  * @param SimpleSAML_Configuration $dstMetadata  The metadata of the recipient (SP).
  * @param SAML2_Assertion|SAML2_EncryptedAssertion $assertion  The assertion we are decrypting.
  * @return SAML2_Assertion  The assertion.
  */
 private static function decryptAssertion(SimpleSAML_Configuration $srcMetadata, SimpleSAML_Configuration $dstMetadata, $assertion)
 {
     assert('$assertion instanceof SAML2_Assertion || $assertion instanceof SAML2_EncryptedAssertion');
     if ($assertion instanceof SAML2_Assertion) {
         $encryptAssertion = $srcMetadata->getBoolean('assertion.encryption', NULL);
         if ($encryptAssertion === NULL) {
             $encryptAssertion = $dstMetadata->getBoolean('assertion.encryption', FALSE);
         }
         if ($encryptAssertion) {
             /* The assertion was unencrypted, but we have encryption enabled. */
             throw new Exception('Received unencrypted assertion, but encryption was enabled.');
         }
         return $assertion;
     }
     try {
         $key = self::getDecryptionKey($srcMetadata, $dstMetadata);
     } catch (Exception $e) {
         throw new SimpleSAML_Error_Exception('Error decrypting assertion: ' . $e->getMessage());
     }
     return $assertion->getAssertion($key);
 }