/**
* @param AssertionContext $context
*
* @return void
*/
protected function doExecute(AssertionContext $context)
{
$profileContext = $context->getProfileContext();
$trustOptions = $profileContext->getTrustOptions();
if (false === $trustOptions->getEncryptAssertions()) {
return;
}
if (null == ($assertion = $context->getAssertion())) {
throw new LightSamlContextException($context, 'Assertion for encryption is not set');
}
$context->setAssertion(null);
$query = $this->credentialResolver->query();
$query->add(new EntityIdCriteria($profileContext->getPartyEntityDescriptor()->getEntityID()))->add(new MetadataCriteria(ProfileContext::ROLE_IDP === $profileContext->getOwnRole() ? MetadataCriteria::TYPE_SP : MetadataCriteria::TYPE_IDP, SamlConstants::PROTOCOL_SAML2))->add(new UsageCriteria(UsageType::ENCRYPTION));
$query->resolve();
/** @var CredentialInterface $credential */
$credential = $query->firstCredential();
if (null == $credential) {
throw new LightSamlContextException($context, 'Unable to resolve encrypting credential');
}
if (null == $credential->getPublicKey()) {
throw new LightSamlContextException($context, 'Credential resolved for assertion encryption does not have a public key');
}
$encryptedAssertionWriter = new EncryptedAssertionWriter($trustOptions->getBlockEncryptionAlgorithm(), $trustOptions->getKeyTransportEncryptionAlgorithm());
$encryptedAssertionWriter->encrypt($assertion, $credential->getPublicKey());
$context->setEncryptedAssertion($encryptedAssertionWriter);
}
/**
* @param Assertion $assertion
*
* @return AssertionContext
*/
public static function getAssertionContext(Assertion $assertion)
{
$context = new AssertionContext();
if ($assertion) {
$context->setAssertion($assertion);
}
return $context;
}
/**
* @param AssertionContext $context
*
* @return void
*/
protected function doExecute(AssertionContext $context)
{
$context->setAssertion(new Assertion());
}
