/**
* @param AbstractSamlModel $object
* @param XMLSecurityKey $key
*
* @return SerializationContext
*/
public function encrypt(AbstractSamlModel $object, XMLSecurityKey $key)
{
$oldKey = $key;
$key = new XMLSecurityKey($this->keyTransportEncryption, ['type' => 'public']);
$key->loadKey($oldKey->key);
$serializationContext = new SerializationContext();
$object->serialize($serializationContext->getDocument(), $serializationContext);
$enc = new XMLSecEnc();
$enc->setNode($serializationContext->getDocument()->firstChild);
$enc->type = XMLSecEnc::Element;
switch ($key->type) {
case XMLSecurityKey::TRIPLEDES_CBC:
case XMLSecurityKey::AES128_CBC:
case XMLSecurityKey::AES192_CBC:
case XMLSecurityKey::AES256_CBC:
$symmetricKey = $key;
break;
case XMLSecurityKey::RSA_1_5:
case XMLSecurityKey::RSA_SHA1:
case XMLSecurityKey::RSA_SHA256:
case XMLSecurityKey::RSA_SHA384:
case XMLSecurityKey::RSA_SHA512:
case XMLSecurityKey::RSA_OAEP_MGF1P:
$symmetricKey = new XMLSecurityKey($this->blockEncryptionAlgorithm);
$symmetricKey->generateSessionKey();
$enc->encryptKey($key, $symmetricKey);
break;
default:
throw new LightSamlException(sprintf('Unknown key type for encryption: "%s"', $key->type));
}
$this->encryptedElement = $enc->encryptNode($symmetricKey);
return $serializationContext;
}
/**
* Set the assertion.
*
* @param \SAML2\Assertion $assertion The assertion.
* @param XMLSecurityKey $key The key we should use to encrypt the assertion.
* @throws \Exception
*/
public function setAssertion(Assertion $assertion, XMLSecurityKey $key)
{
$xml = $assertion->toXML();
Utils::getContainer()->debugMessage($xml, 'encrypt');
$enc = new XMLSecEnc();
$enc->setNode($xml);
$enc->type = XMLSecEnc::Element;
switch ($key->type) {
case XMLSecurityKey::TRIPLEDES_CBC:
case XMLSecurityKey::AES128_CBC:
case XMLSecurityKey::AES192_CBC:
case XMLSecurityKey::AES256_CBC:
$symmetricKey = $key;
break;
case XMLSecurityKey::RSA_1_5:
case XMLSecurityKey::RSA_OAEP_MGF1P:
$symmetricKey = new XMLSecurityKey(XMLSecurityKey::AES128_CBC);
$symmetricKey->generateSessionKey();
$enc->encryptKey($key, $symmetricKey);
break;
default:
throw new \Exception('Unknown key type for encryption: ' . $key->type);
}
$this->encryptedData = $enc->encryptNode($symmetricKey);
}
/**
* Add an EncryptedAttribute Statement-node to the assertion.
*
* @param \DOMElement $root The assertion element we should add the Encrypted Attribute Statement to.
*/
private function addEncryptedAttributeStatement(\DOMElement $root)
{
if ($this->requiredEncAttributes == false) {
return;
}
$document = $root->ownerDocument;
$attributeStatement = $document->createElementNS(Constants::NS_SAML, 'saml:AttributeStatement');
$root->appendChild($attributeStatement);
foreach ($this->attributes as $name => $values) {
$document2 = DOMDocumentFactory::create();
$attribute = $document2->createElementNS(Constants::NS_SAML, 'saml:Attribute');
$attribute->setAttribute('Name', $name);
$document2->appendChild($attribute);
if ($this->nameFormat !== Constants::NAMEFORMAT_UNSPECIFIED) {
$attribute->setAttribute('NameFormat', $this->nameFormat);
}
foreach ($values as $value) {
if (is_string($value)) {
$type = 'xs:string';
} elseif (is_int($value)) {
$type = 'xs:integer';
} else {
$type = null;
}
$attributeValue = $document2->createElementNS(Constants::NS_SAML, 'saml:AttributeValue');
$attribute->appendChild($attributeValue);
if ($type !== null) {
$attributeValue->setAttributeNS(Constants::NS_XSI, 'xsi:type', $type);
}
if ($value instanceof \DOMNodeList) {
for ($i = 0; $i < $value->length; $i++) {
$node = $document2->importNode($value->item($i), true);
$attributeValue->appendChild($node);
}
} else {
$attributeValue->appendChild($document2->createTextNode($value));
}
}
/*Once the attribute nodes are built, the are encrypted*/
$EncAssert = new XMLSecEnc();
$EncAssert->setNode($document2->documentElement);
$EncAssert->type = 'http://www.w3.org/2001/04/xmlenc#Element';
/*
* Attributes are encrypted with a session key and this one with
* $EncryptionKey
*/
$symmetricKey = new XMLSecurityKey(XMLSecurityKey::AES256_CBC);
$symmetricKey->generateSessionKey();
$EncAssert->encryptKey($this->encryptionKey, $symmetricKey);
$EncrNode = $EncAssert->encryptNode($symmetricKey);
$EncAttribute = $document->createElementNS(Constants::NS_SAML, 'saml:EncryptedAttribute');
$attributeStatement->appendChild($EncAttribute);
$n = $document->importNode($EncrNode, true);
$EncAttribute->appendChild($n);
}
}
public function EncryptBody($siteKey, $objKey, $token)
{
$enc = new XMLSecEnc();
foreach ($this->envelope->childNodes as $node) {
if ($node->namespaceURI == $this->soapNS && $node->localName == 'Body') {
break;
}
}
$enc->setNode($node);
/* encrypt the symmetric key */
$enc->encryptKey($siteKey, $objKey, false);
$enc->type = XMLSecEnc::Content;
/* Using the symmetric key to actually encrypt the data */
$encNode = $enc->encryptNode($objKey);
$guid = XMLSecurityDSig::generateGUID();
$encNode->setAttribute('Id', $guid);
$refNode = $encNode->firstChild;
while ($refNode && $refNode->nodeType != XML_ELEMENT_NODE) {
$refNode = $refNode->nextSibling;
}
if ($refNode) {
$refNode = $refNode->nextSibling;
}
if ($this->addEncryptedKey($encNode, $enc, $token)) {
$this->AddReference($enc->encKey, $guid);
}
}
/**
* Encrypt the NameID in the AuthnRequest.
*
* @param XMLSecurityKey $key The encryption key.
*/
public function encryptNameId(XMLSecurityKey $key)
{
/* First create a XML representation of the NameID. */
$doc = new \DOMDocument();
$root = $doc->createElement('root');
$doc->appendChild($root);
Utils::addNameId($root, $this->nameId);
$nameId = $root->firstChild;
Utils::getContainer()->debugMessage($nameId, 'encrypt');
/* Encrypt the NameID. */
$enc = new XMLSecEnc();
$enc->setNode($nameId);
// @codingStandardsIgnoreStart
$enc->type = XMLSecEnc::Element;
// @codingStandardsIgnoreEnd
$symmetricKey = new XMLSecurityKey(XMLSecurityKey::AES128_CBC);
$symmetricKey->generateSessionKey();
$enc->encryptKey($key, $symmetricKey);
$this->encryptedNameId = $enc->encryptNode($symmetricKey);
$this->nameId = null;
}
