/** * @group certificate * @test * @dataProvider privateKeyTestProvider * * @param SAML2_Configuration_PrivateKey $configuredKey */ public function loading_a_configured_private_key_returns_a_certificate_private_key(SAML2_Configuration_PrivateKey $configuredKey) { $resultingKey = $this->privateKeyLoader->loadPrivateKey($configuredKey); $this->assertInstanceOf('SAML2_Certificate_PrivateKey', $resultingKey); $this->assertEquals($resultingKey->getKeyAsString(), "This would normally contain the private key data.\n"); $this->assertEquals($resultingKey->getPassphrase(), $configuredKey->getPassPhrase()); }
/** * @return Metadata */ public function generate() { $metadata = $this->getMetadata(); $keyPair = $this->buildKeyPairFrom($this->metadataConfiguration); $metadata->document = SAML2_DOMDocumentFactory::create(); $metadata->document->loadXML($this->templateEngine->render('SurfnetSamlBundle:Metadata:metadata.xml.twig', ['metadata' => $metadata])); $this->signingService->sign($metadata, $keyPair); return $metadata; }
/** * @param SAML2_EncryptedAssertion $assertion * * @return SAML2_Assertion */ public function decrypt(SAML2_EncryptedAssertion $assertion) { $decryptionKeys = $this->privateKeyLoader->loadDecryptionKeys($this->identityProvider, $this->serviceProvider); $blacklistedKeys = $this->identityProvider->getBlacklistedAlgorithms(); if (is_null($blacklistedKeys)) { $blacklistedKeys = $this->serviceProvider->getBlacklistedAlgorithms(); } // reflects the simplesamlphp behaviour for BC, see // https://github.com/simplesamlphp/simplesamlphp/blob/3d735912342767d391297cc5e13272a76730aca0/modules/saml/lib/Message.php#L369 foreach ($decryptionKeys as $index => $key) { try { $decryptedAssertion = $assertion->getAssertion($key, $blacklistedKeys); $this->logger->debug(sprintf('Decrypted Assertion with key "#%d"', $index)); return $decryptedAssertion; } catch (Exception $e) { $this->logger->debug(sprintf('Could not decrypt assertion with key "#%d", "%s" thrown: "%s"', $index, get_class($e), $e->getMessage())); } } throw new SAML2_Assertion_Exception_NotDecryptedException(sprintf('Could not decrypt the assertion, tried with "%d" keys. See the debug log for more information', count($decryptionKeys))); }
public function transform(SAML2_Assertion $assertion) { if (!$assertion->isNameIdEncrypted()) { return $assertion; } $decryptionKeys = $this->privateKeyLoader->loadDecryptionKeys($this->identityProvider, $this->serviceProvider); $blacklistedKeys = $this->identityProvider->getBlacklistedAlgorithms(); if (is_null($blacklistedKeys)) { $blacklistedKeys = $this->serviceProvider->getBlacklistedAlgorithms(); } foreach ($decryptionKeys as $index => $key) { try { $assertion->decryptNameId($key, $blacklistedKeys); $this->logger->debug(sprintf('Decrypted assertion NameId with key "#%d"', $index)); } catch (Exception $e) { $this->logger->debug(sprintf('Decrypting assertion NameId with key "#%d" failed, "%s" thrown: "%s"', $index, get_class($e), $e->getMessage())); } } if ($assertion->isNameIdEncrypted()) { throw new SAML2_Assertion_Exception_NotDecryptedException('Could not decrypt the assertion NameId with the configured keys, see the debug log for information'); } return $assertion; }
/** * @param string $privateKeyFile /full/path/to/the/private/key * @return SAML2_Certificate_PrivateKey */ public function loadPrivateKeyFromFile($privateKeyFile) { $privateKey = new PrivateKeyFile($privateKeyFile, 'metadata'); return $this->privateKeyLoader->loadPrivateKey($privateKey); }