/** * @param AssertionContext $context * * @return void */ protected function doExecute(AssertionContext $context) { $profileContext = $context->getProfileContext(); $trustOptions = $profileContext->getTrustOptions(); if (false === $trustOptions->getEncryptAssertions()) { return; } if (null == ($assertion = $context->getAssertion())) { throw new LightSamlContextException($context, 'Assertion for encryption is not set'); } $context->setAssertion(null); $query = $this->credentialResolver->query(); $query->add(new EntityIdCriteria($profileContext->getPartyEntityDescriptor()->getEntityID()))->add(new MetadataCriteria(ProfileContext::ROLE_IDP === $profileContext->getOwnRole() ? MetadataCriteria::TYPE_SP : MetadataCriteria::TYPE_IDP, SamlConstants::PROTOCOL_SAML2))->add(new UsageCriteria(UsageType::ENCRYPTION)); $query->resolve(); /** @var CredentialInterface $credential */ $credential = $query->firstCredential(); if (null == $credential) { throw new LightSamlContextException($context, 'Unable to resolve encrypting credential'); } if (null == $credential->getPublicKey()) { throw new LightSamlContextException($context, 'Credential resolved for assertion encryption does not have a public key'); } $encryptedAssertionWriter = new EncryptedAssertionWriter($trustOptions->getBlockEncryptionAlgorithm(), $trustOptions->getKeyTransportEncryptionAlgorithm()); $encryptedAssertionWriter->encrypt($assertion, $credential->getPublicKey()); $context->setEncryptedAssertion($encryptedAssertionWriter); }
/** * @param AssertionContext $context * * @return void */ protected function doExecute(AssertionContext $context) { $ownEntityDescriptor = $context->getProfileContext()->getOwnEntityDescriptor(); $issuer = new Issuer($ownEntityDescriptor->getEntityID()); $issuer->setFormat(SamlConstants::NAME_ID_FORMAT_ENTITY); $context->getAssertion()->setIssuer($issuer); $this->logger->debug(sprintf('Assertion Issuer set to "%s"', $ownEntityDescriptor->getEntityID()), LogHelper::getActionContext($context, $this)); }
/** * @param AssertionContext $context * * @return void */ protected function doExecute(AssertionContext $context) { $partyEntityDescriptor = $context->getProfileContext()->getPartyEntityDescriptor(); $conditions = new Conditions(); $conditions->setNotBefore($this->timeProvider->getTimestamp()); $conditions->setNotOnOrAfter($conditions->getNotBeforeTimestamp() + $this->expirationSeconds); $audienceRestriction = new AudienceRestriction(array($partyEntityDescriptor->getEntityID())); $conditions->addItem($audienceRestriction); $context->getAssertion()->setConditions($conditions); }
/** * @param AssertionContext $context * * @return void */ protected function doExecute(AssertionContext $context) { $profileContext = $context->getProfileContext(); $trustOptions = $profileContext->getTrustOptions(); if ($trustOptions->getSignAssertions()) { $signature = $this->signatureResolver->getSignature($profileContext); if ($signature) { $this->logger->debug(sprintf('Signing assertion with fingerprint %s', $signature->getCertificate()->getFingerprint()), LogHelper::getActionContext($context, $this, array('certificate' => $signature->getCertificate()->getInfo()))); $context->getAssertion()->setSignature($signature); } else { $this->logger->critical('Unable to resolve assertion signature, though signing enabled', LogHelper::getActionErrorContext($context, $this)); } } else { $this->logger->debug('Assertion signing disabled', LogHelper::getActionContext($context, $this)); } }
/** * @param AssertionContext $context * * @return void */ protected function doExecute(AssertionContext $context) { $authnContext = new AuthnContext(); $authnContextClassRef = $this->sessionInfoProvider->getAuthnContextClassRef() ?: SamlConstants::AUTHN_CONTEXT_UNSPECIFIED; $authnContext->setAuthnContextClassRef($authnContextClassRef); $authnStatement = new AuthnStatement(); $authnStatement->setAuthnContext($authnContext); $sessionIndex = $this->sessionInfoProvider->getSessionIndex(); if ($sessionIndex) { $authnStatement->setSessionIndex($sessionIndex); } $authnInstant = $this->sessionInfoProvider->getAuthnInstant() ?: new \DateTime(); $authnStatement->setAuthnInstant($authnInstant); $subjectLocality = new SubjectLocality(); $subjectLocality->setAddress($context->getProfileContext()->getHttpRequest()->getClientIp()); $authnStatement->setSubjectLocality($subjectLocality); $context->getAssertion()->addItem($authnStatement); }
/** * @param AssertionContext $context * * @return void */ protected function doExecute(AssertionContext $context) { $profileContext = $context->getProfileContext(); $inboundMessage = $profileContext->getInboundContext()->getMessage(); $endpoint = $profileContext->getEndpoint(); $data = new SubjectConfirmationData(); if ($inboundMessage) { $data->setInResponseTo($inboundMessage->getID()); } $data->setAddress($profileContext->getHttpRequest()->getClientIp()); $data->setNotOnOrAfter($this->timeProvider->getTimestamp() + $this->expirationSeconds); $data->setRecipient($endpoint->getLocation()); $subjectConfirmation = new SubjectConfirmation(); $subjectConfirmation->setMethod(SamlConstants::CONFIRMATION_METHOD_BEARER); $subjectConfirmation->setSubjectConfirmationData($data); if (null === $context->getAssertion()->getSubject()) { $context->getAssertion()->setSubject(new Subject()); } $context->getAssertion()->getSubject()->addSubjectConfirmation($subjectConfirmation); }
/** * @param AssertionContext $context * * @return void */ protected function doExecute(AssertionContext $context) { if ($context->getAssertion()) { $this->sessionProcessor->processAssertions(array($context->getAssertion()), $context->getProfileContext()->getOwnEntityDescriptor()->getEntityID(), $context->getProfileContext()->getPartyEntityDescriptor()->getEntityID()); } }