/** * @param AssertionContext $context * * @return void */ protected function doExecute(AssertionContext $context) { $profileContext = $context->getProfileContext(); $trustOptions = $profileContext->getTrustOptions(); if (false === $trustOptions->getEncryptAssertions()) { return; } if (null == ($assertion = $context->getAssertion())) { throw new LightSamlContextException($context, 'Assertion for encryption is not set'); } $context->setAssertion(null); $query = $this->credentialResolver->query(); $query->add(new EntityIdCriteria($profileContext->getPartyEntityDescriptor()->getEntityID()))->add(new MetadataCriteria(ProfileContext::ROLE_IDP === $profileContext->getOwnRole() ? MetadataCriteria::TYPE_SP : MetadataCriteria::TYPE_IDP, SamlConstants::PROTOCOL_SAML2))->add(new UsageCriteria(UsageType::ENCRYPTION)); $query->resolve(); /** @var CredentialInterface $credential */ $credential = $query->firstCredential(); if (null == $credential) { throw new LightSamlContextException($context, 'Unable to resolve encrypting credential'); } if (null == $credential->getPublicKey()) { throw new LightSamlContextException($context, 'Credential resolved for assertion encryption does not have a public key'); } $encryptedAssertionWriter = new EncryptedAssertionWriter($trustOptions->getBlockEncryptionAlgorithm(), $trustOptions->getKeyTransportEncryptionAlgorithm()); $encryptedAssertionWriter->encrypt($assertion, $credential->getPublicKey()); $context->setEncryptedAssertion($encryptedAssertionWriter); }
/** * @param Assertion $assertion * * @return AssertionContext */ public static function getAssertionContext(Assertion $assertion) { $context = new AssertionContext(); if ($assertion) { $context->setAssertion($assertion); } return $context; }
/** * @param AssertionContext $context * * @return void */ protected function doExecute(AssertionContext $context) { $context->setAssertion(new Assertion()); }