Esempio n. 1
0
 /**
  * @param \SAML2\EncryptedAssertion $assertion
  *
  * @return \SAML2\Assertion
  */
 public function decrypt(EncryptedAssertion $assertion)
 {
     $decryptionKeys = $this->privateKeyLoader->loadDecryptionKeys($this->identityProvider, $this->serviceProvider);
     $blacklistedKeys = $this->identityProvider->getBlacklistedAlgorithms();
     if (is_null($blacklistedKeys)) {
         $blacklistedKeys = $this->serviceProvider->getBlacklistedAlgorithms();
     }
     // reflects the simplesamlphp behaviour for BC, see
     // https://github.com/simplesamlphp/simplesamlphp/blob/3d735912342767d391297cc5e13272a76730aca0/modules/saml/lib/Message.php#L369
     foreach ($decryptionKeys as $index => $key) {
         try {
             $decryptedAssertion = $assertion->getAssertion($key, $blacklistedKeys);
             $this->logger->debug(sprintf('Decrypted Assertion with key "#%d"', $index));
             return $decryptedAssertion;
         } catch (\Exception $e) {
             $this->logger->debug(sprintf('Could not decrypt assertion with key "#%d", "%s" thrown: "%s"', $index, get_class($e), $e->getMessage()));
         }
     }
     throw new NotDecryptedException(sprintf('Could not decrypt the assertion, tried with "%d" keys. See the debug log for more information', count($decryptionKeys)));
 }
Esempio n. 2
0
 /**
  * Decrypt an assertion.
  *
  * This function takes in a \SAML2\Assertion and decrypts it if it is encrypted.
  * If it is unencrypted, and encryption is enabled in the metadata, an exception
  * will be throws.
  *
  * @param SimpleSAML_Configuration $srcMetadata  The metadata of the sender (IdP).
  * @param SimpleSAML_Configuration $dstMetadata  The metadata of the recipient (SP).
  * @param \SAML2\Assertion|\SAML2\EncryptedAssertion $assertion  The assertion we are decrypting.
  * @return \SAML2\Assertion  The assertion.
  */
 private static function decryptAssertion(SimpleSAML_Configuration $srcMetadata, SimpleSAML_Configuration $dstMetadata, $assertion)
 {
     assert('$assertion instanceof \\SAML2\\Assertion || $assertion instanceof \\SAML2\\EncryptedAssertion');
     if ($assertion instanceof \SAML2\Assertion) {
         $encryptAssertion = $srcMetadata->getBoolean('assertion.encryption', NULL);
         if ($encryptAssertion === NULL) {
             $encryptAssertion = $dstMetadata->getBoolean('assertion.encryption', FALSE);
         }
         if ($encryptAssertion) {
             /* The assertion was unencrypted, but we have encryption enabled. */
             throw new Exception('Received unencrypted assertion, but encryption was enabled.');
         }
         return $assertion;
     }
     try {
         $keys = self::getDecryptionKeys($srcMetadata, $dstMetadata);
     } catch (Exception $e) {
         throw new SimpleSAML_Error_Exception('Error decrypting assertion: ' . $e->getMessage());
     }
     $blacklist = self::getBlacklistedAlgorithms($srcMetadata, $dstMetadata);
     $lastException = NULL;
     foreach ($keys as $i => $key) {
         try {
             $ret = $assertion->getAssertion($key, $blacklist);
             SimpleSAML\Logger::debug('Decryption with key #' . $i . ' succeeded.');
             return $ret;
         } catch (Exception $e) {
             SimpleSAML\Logger::debug('Decryption with key #' . $i . ' failed with exception: ' . $e->getMessage());
             $lastException = $e;
         }
     }
     throw $lastException;
 }