/** * @param ProfileContext $context */ protected function doExecute(ProfileContext $context) { $response = MessageContextHelper::asResponse($context->getInboundContext()); if (count($response->getAllEncryptedAssertions()) === 0) { $this->logger->debug('Response has no encrypted assertions', LogHelper::getActionContext($context, $this)); return; } $ownEntityDescriptor = $context->getOwnEntityDescriptor(); $query = $this->credentialResolver->query(); $query->add(new EntityIdCriteria($ownEntityDescriptor->getEntityID()))->add(new MetadataCriteria(ProfileContext::ROLE_IDP === $context->getOwnRole() ? MetadataCriteria::TYPE_IDP : MetadataCriteria::TYPE_SP, SamlConstants::PROTOCOL_SAML2))->add(new UsageCriteria(UsageType::ENCRYPTION)); $query->resolve(); $privateKeys = $query->getPrivateKeys(); if (empty($privateKeys)) { $message = 'No credentials resolved for assertion decryption'; $this->logger->emergency($message, LogHelper::getActionErrorContext($context, $this)); throw new LightSamlContextException($context, $message); } $this->logger->info('Trusted decryption candidates', LogHelper::getActionContext($context, $this, array('credentials' => array_map(function (CredentialInterface $credential) { return sprintf("Entity: '%s'; PK X509 Thumb: '%s'", $credential->getEntityId(), $credential->getPublicKey() ? $credential->getPublicKey()->getX509Thumbprint() : ''); }, $privateKeys)))); foreach ($response->getAllEncryptedAssertions() as $index => $encryptedAssertion) { if ($encryptedAssertion instanceof EncryptedAssertionReader) { $name = sprintf('assertion_encrypted_%s', $index); /** @var DeserializationContext $deserializationContext */ $deserializationContext = $context->getInboundContext()->getSubContext($name, DeserializationContext::class); $assertion = $encryptedAssertion->decryptMultiAssertion($privateKeys, $deserializationContext); $response->addAssertion($assertion); $this->logger->info('Assertion decrypted', LogHelper::getActionContext($context, $this, array('assertion' => $deserializationContext->getDocument()->saveXML()))); } } }
protected function doExecute(ProfileContext $context) { $response = MessageContextHelper::asResponse($context->getInboundContext()); if ($response->getBearerAssertions()) { return; } $message = 'Response must contain at least one bearer assertion'; $this->logger->error($message, LogHelper::getActionErrorContext($context, $this)); throw new LightSamlContextException($context, $message); }
/** * @param ProfileContext $context */ protected function doExecute(ProfileContext $context) { $response = MessageContextHelper::asResponse($context->getInboundContext()); foreach ($response->getAllAssertions() as $index => $assertion) { $name = sprintf('assertion_%s', $index); /** @var AssertionContext $assertionContext */ $assertionContext = $context->getSubContext($name, AssertionContext::class); $assertionContext->setAssertion($assertion)->setId($name); $this->assertionAction->execute($assertionContext); } }
protected function doExecute(ProfileContext $context) { $response = MessageContextHelper::asResponse($context->getInboundContext()); foreach ($response->getAllAssertions() as $assertion) { if ($assertion->getAllAuthnStatements()) { return; } } $message = 'Response must have at least one Assertion containing AuthnStatement element'; $this->logger->error($message, LogHelper::getActionErrorContext($context, $this)); throw new LightSamlContextException($context, $message); }
/** * @param ProfileContext $context * * @return void */ protected function doExecute(ProfileContext $context) { $response = MessageContextHelper::asResponse($context->getOutboundContext()); foreach ($this->assertionActions as $index => $action) { $name = sprintf('assertion_%s', $index); /** @var AssertionContext $assertionContext */ $assertionContext = $context->getSubContext($name, AssertionContext::class); $assertionContext->setId($index); $action->execute($assertionContext); if ($assertionContext->getEncryptedAssertion()) { $response->addEncryptedAssertion($assertionContext->getEncryptedAssertion()); } elseif ($assertionContext->getAssertion()) { $response->addAssertion($assertionContext->getAssertion()); } else { $this->logger->warning('No assertion was built', LogHelper::getActionContext($context, $this)); } } }
/** * @param ProfileContext $context */ protected function doExecute(ProfileContext $context) { $response = MessageContextHelper::asResponse($context->getInboundContext()); $this->sessionProcessor->processAssertions($response->getAllAssertions(), $context->getOwnEntityDescriptor()->getEntityID(), $context->getPartyEntityDescriptor()->getEntityID()); }
$context = $builder->buildContext(); $action = $builder->buildAction(); if (SpConfig::current()->debug) { var_dump('ACTION TREE'); var_dump($action->__toString()); } try { $action->execute($context); } catch (\Exception $ex) { var_dump('CONTEXT TREE'); var_dump($context->__toString()); throw new \RuntimeException('Error', 0, $ex); } var_dump('CONTEXT TREE'); var_dump($context->__toString()); $response = \LightSaml\Context\Profile\Helper\MessageContextHelper::asResponse($context->getInboundContext()); var_dump('RELAY STATE'); var_dump($response->getRelayState()); var_dump('ATTRIBUTES'); foreach ($response->getAllAssertions() as $assertion) { foreach ($assertion->getAllAttributeStatements() as $attributeStatement) { foreach ($attributeStatement->getAllAttributes() as $attribute) { var_dump($attribute); } } } /** @var \LightSaml\Model\Context\DeserializationContext $inboundMessageDeserializationContext */ $inboundMessageDeserializationContext = $context->getPath('inbound_message/deserialization'); $inboundMessageDeserializationContext->getDocument()->formatOutput = true; var_dump('RECEIVED MESSAGE'); var_dump($inboundMessageDeserializationContext->getDocument()->saveXML());