Example #1
0
 /**
  * @group        certificate
  * @test
  * @dataProvider privateKeyTestProvider
  *
  * @param SAML2_Configuration_PrivateKey $configuredKey
  */
 public function loading_a_configured_private_key_returns_a_certificate_private_key(SAML2_Configuration_PrivateKey $configuredKey)
 {
     $resultingKey = $this->privateKeyLoader->loadPrivateKey($configuredKey);
     $this->assertInstanceOf('SAML2_Certificate_PrivateKey', $resultingKey);
     $this->assertEquals($resultingKey->getKeyAsString(), "This would normally contain the private key data.\n");
     $this->assertEquals($resultingKey->getPassphrase(), $configuredKey->getPassPhrase());
 }
 /**
  * @return Metadata
  */
 public function generate()
 {
     $metadata = $this->getMetadata();
     $keyPair = $this->buildKeyPairFrom($this->metadataConfiguration);
     $metadata->document = SAML2_DOMDocumentFactory::create();
     $metadata->document->loadXML($this->templateEngine->render('SurfnetSamlBundle:Metadata:metadata.xml.twig', ['metadata' => $metadata]));
     $this->signingService->sign($metadata, $keyPair);
     return $metadata;
 }
Example #3
0
 /**
  * @param SAML2_EncryptedAssertion $assertion
  *
  * @return SAML2_Assertion
  */
 public function decrypt(SAML2_EncryptedAssertion $assertion)
 {
     $decryptionKeys = $this->privateKeyLoader->loadDecryptionKeys($this->identityProvider, $this->serviceProvider);
     $blacklistedKeys = $this->identityProvider->getBlacklistedAlgorithms();
     if (is_null($blacklistedKeys)) {
         $blacklistedKeys = $this->serviceProvider->getBlacklistedAlgorithms();
     }
     // reflects the simplesamlphp behaviour for BC, see
     // https://github.com/simplesamlphp/simplesamlphp/blob/3d735912342767d391297cc5e13272a76730aca0/modules/saml/lib/Message.php#L369
     foreach ($decryptionKeys as $index => $key) {
         try {
             $decryptedAssertion = $assertion->getAssertion($key, $blacklistedKeys);
             $this->logger->debug(sprintf('Decrypted Assertion with key "#%d"', $index));
             return $decryptedAssertion;
         } catch (Exception $e) {
             $this->logger->debug(sprintf('Could not decrypt assertion with key "#%d", "%s" thrown: "%s"', $index, get_class($e), $e->getMessage()));
         }
     }
     throw new SAML2_Assertion_Exception_NotDecryptedException(sprintf('Could not decrypt the assertion, tried with "%d" keys. See the debug log for more information', count($decryptionKeys)));
 }
 public function transform(SAML2_Assertion $assertion)
 {
     if (!$assertion->isNameIdEncrypted()) {
         return $assertion;
     }
     $decryptionKeys = $this->privateKeyLoader->loadDecryptionKeys($this->identityProvider, $this->serviceProvider);
     $blacklistedKeys = $this->identityProvider->getBlacklistedAlgorithms();
     if (is_null($blacklistedKeys)) {
         $blacklistedKeys = $this->serviceProvider->getBlacklistedAlgorithms();
     }
     foreach ($decryptionKeys as $index => $key) {
         try {
             $assertion->decryptNameId($key, $blacklistedKeys);
             $this->logger->debug(sprintf('Decrypted assertion NameId with key "#%d"', $index));
         } catch (Exception $e) {
             $this->logger->debug(sprintf('Decrypting assertion NameId with key "#%d" failed, "%s" thrown: "%s"', $index, get_class($e), $e->getMessage()));
         }
     }
     if ($assertion->isNameIdEncrypted()) {
         throw new SAML2_Assertion_Exception_NotDecryptedException('Could not decrypt the assertion NameId with the configured keys, see the debug log for information');
     }
     return $assertion;
 }
 /**
  * @param  string $privateKeyFile /full/path/to/the/private/key
  * @return SAML2_Certificate_PrivateKey
  */
 public function loadPrivateKeyFromFile($privateKeyFile)
 {
     $privateKey = new PrivateKeyFile($privateKeyFile, 'metadata');
     return $this->privateKeyLoader->loadPrivateKey($privateKey);
 }