PHP OneLogin_Saml2_Utils::decryptElement Examples

decryptElement() public static method

Decrypts an encrypted element.

public static decryptElement ( DOMElement $encryptedData, XMLSecurityKey $inputKey ) : DOMElement
$encryptedData	DOMElement	The encrypted data.
$inputKey	XMLSecurityKey	The decryption key.
return	DOMElement	The decrypted element.

Example #1

File: UtilsTest.php Project: jglaine/sugar761-ent

 /**
  * Tests the decryptElement method of the OneLogin_Saml2_Utils
  *
  * @covers OneLogin_Saml2_Utils::decryptElement
  */
 public function testDecryptElement()
 {
     $settingsDir = TEST_ROOT . '/settings/';
     include $settingsDir . 'settings1.php';
     $settings = new OneLogin_Saml2_Settings($settingsInfo);
     $key = $settings->getSPkey();
     $seckey = new XMLSecurityKey(XMLSecurityKey::RSA_1_5, array('type' => 'private'));
     $seckey->loadKey($key);
     $xmlNameIdEnc = base64_decode(file_get_contents(TEST_ROOT . '/data/responses/response_encrypted_nameid.xml.base64'));
     $domNameIdEnc = new DOMDocument();
     $domNameIdEnc->loadXML($xmlNameIdEnc);
     $encryptedNameIDNodes = $domNameIdEnc->getElementsByTagName('EncryptedID');
     $encryptedData = $encryptedNameIDNodes->item(0)->firstChild;
     $decryptedNameId = OneLogin_Saml2_Utils::decryptElement($encryptedData, $seckey);
     $this->assertEquals('saml:NameID', $decryptedNameId->tagName);
     $this->assertEquals('2de11defd199f8d5bb63f9b7deb265ba5c675c10', $decryptedNameId->nodeValue);
     $xmlAsssertionEnc = base64_decode(file_get_contents(TEST_ROOT . '/data/responses/valid_encrypted_assertion.xml.base64'));
     $domAsssertionEnc = new DOMDocument();
     $domAsssertionEnc->loadXML($xmlAsssertionEnc);
     $encryptedAssertionEncNodes = $domAsssertionEnc->getElementsByTagName('EncryptedAssertion');
     $encryptedAssertionEncNode = $encryptedAssertionEncNodes->item(0);
     $encryptedDataAssertNodes = $encryptedAssertionEncNode->getElementsByTagName('EncryptedData');
     $encryptedDataAssert = $encryptedDataAssertNodes->item(0);
     $decryptedAssertion = OneLogin_Saml2_Utils::decryptElement($encryptedDataAssert, $seckey);
     $this->assertEquals('saml:Assertion', $decryptedAssertion->tagName);
     try {
         $res = OneLogin_Saml2_Utils::decryptElement($encryptedNameIDNodes->item(0), $seckey);
         $this->assertTrue(false);
     } catch (Exception $e) {
         $this->assertContains('Algorithm mismatch between input key and key in message', $e->getMessage());
     }
     $key2 = file_get_contents(TEST_ROOT . '/data/misc/sp2.key');
     $seckey2 = new XMLSecurityKey(XMLSecurityKey::RSA_1_5, array('type' => 'private'));
     $seckey2->loadKey($key2);
     $decryptedNameId2 = OneLogin_Saml2_Utils::decryptElement($encryptedData, $seckey2);
     $this->assertEquals('saml:NameID', $decryptedNameId2->tagName);
     $this->assertEquals('2de11defd199f8d5bb63f9b7deb265ba5c675c10', $decryptedNameId2->nodeValue);
     $key3 = file_get_contents(TEST_ROOT . '/data/misc/sp2.key');
     $seckey3 = new XMLSecurityKey(XMLSecurityKey::RSA_SHA512, array('type' => 'private'));
     $seckey3->loadKey($key3);
     try {
         $res = OneLogin_Saml2_Utils::decryptElement($encryptedData, $seckey3);
         $this->assertTrue(false);
     } catch (Exception $e) {
         $this->assertContains('Algorithm mismatch between input key and key used to encrypt  the symmetric key for the message', $e->getMessage());
     }
     $xmlNameIdEnc2 = base64_decode(file_get_contents(TEST_ROOT . '/data/responses/invalids/encrypted_nameID_without_EncMethod.xml.base64'));
     $domNameIdEnc2 = new DOMDocument();
     $domNameIdEnc2->loadXML($xmlNameIdEnc2);
     $encryptedNameIDNodes2 = $domNameIdEnc2->getElementsByTagName('EncryptedID');
     $encryptedData2 = $encryptedNameIDNodes2->item(0)->firstChild;
     try {
         $res = OneLogin_Saml2_Utils::decryptElement($encryptedData2, $seckey);
         $this->assertTrue(false);
     } catch (Exception $e) {
         $this->assertContains('Unable to locate algorithm for this Encrypted Key', $e->getMessage());
     }
     $xmlNameIdEnc3 = base64_decode(file_get_contents(TEST_ROOT . '/data/responses/invalids/encrypted_nameID_without_keyinfo.xml.base64'));
     $domNameIdEnc3 = new DOMDocument();
     $domNameIdEnc3->loadXML($xmlNameIdEnc3);
     $encryptedNameIDNodes3 = $domNameIdEnc3->getElementsByTagName('EncryptedID');
     $encryptedData3 = $encryptedNameIDNodes3->item(0)->firstChild;
     try {
         $res = OneLogin_Saml2_Utils::decryptElement($encryptedData3, $seckey);
         $this->assertTrue(false);
     } catch (Exception $e) {
         $this->assertContains('Algorithm mismatch between input key and key in message', $e->getMessage());
     }
 }

Example #2

File: LogoutRequest.php Project: bessonette/drupal-saml

 /**
  * Gets the NameID Data of the the Logout Request.
  *
  * @param string|DOMDocument $request Logout Request Message
  * @param string             $key     The SP key
  *     
  * @return array Name ID Data (Value, Format, NameQualifier, SPNameQualifier)
  */
 public static function getNameIdData($request, $key = null)
 {
     if ($request instanceof DOMDocument) {
         $dom = $request;
     } else {
         $dom = new DOMDocument();
         $dom = OneLogin_Saml2_Utils::loadXML($dom, $request);
     }
     $encryptedEntries = OneLogin_Saml2_Utils::query($dom, '/samlp:LogoutRequest/saml:EncryptedID');
     if ($encryptedEntries->length == 1) {
         $encryptedDataNodes = $encryptedEntries->item(0)->getElementsByTagName('EncryptedData');
         $encryptedData = $encryptedDataNodes->item(0);
         if (empty($key)) {
             throw new Exception("Key is required in order to decrypt the NameID");
         }
         $seckey = new XMLSecurityKey(XMLSecurityKey::RSA_1_5, array('type' => 'private'));
         $seckey->loadKey($key);
         $nameId = OneLogin_Saml2_Utils::decryptElement($encryptedData, $seckey);
     } else {
         $entries = OneLogin_Saml2_Utils::query($dom, '/samlp:LogoutRequest/saml:NameID');
         if ($entries->length == 1) {
             $nameId = $entries->item(0);
         }
     }
     if (!isset($nameId)) {
         throw new Exception("Not NameID found in the Logout Request");
     }
     $nameIdData = array();
     $nameIdData['Value'] = $nameId->nodeValue;
     foreach (array('Format', 'SPNameQualifier', 'NameQualifier') as $attr) {
         if ($nameId->hasAttribute($attr)) {
             $nameIdData[$attr] = $nameId->getAttribute($attr);
         }
     }
     return $nameIdData;
 }

Example #3

File: Response.php Project: Craxic/onelogin-saml-sso

 /**
  * Gets the NameID Data provided by the SAML response from the IdP.
  *
  * @return array Name ID Data (Value, Format, NameQualifier, SPNameQualifier)
  */
 public function getNameIdData()
 {
     $encryptedIdDataEntries = $this->_queryAssertion('/saml:Subject/saml:EncryptedID/xenc:EncryptedData');
     if ($encryptedIdDataEntries->length == 1) {
         $encryptedData = $encryptedIdDataEntries->item(0);
         $key = $this->_settings->getSPkey();
         $seckey = new XMLSecurityKey(XMLSecurityKey::RSA_1_5, array('type' => 'private'));
         $seckey->loadKey($key);
         $nameId = OneLogin_Saml2_Utils::decryptElement($encryptedData, $seckey);
     } else {
         $entries = $this->_queryAssertion('/saml:Subject/saml:NameID');
         if ($entries->length == 1) {
             $nameId = $entries->item(0);
         }
     }
     if (!isset($nameId)) {
         throw new Exception("Not NameID found in the assertion of the Response");
     }
     $nameIdData = array();
     $nameIdData['Value'] = $nameId->nodeValue;
     foreach (array('Format', 'SPNameQualifier', 'NameQualifier') as $attr) {
         if ($nameId->hasAttribute($attr)) {
             $nameIdData[$attr] = $nameId->getAttribute($attr);
         }
     }
     return $nameIdData;
 }