/**
* @param AssertionContext $context
*
* @return void
*/
protected function doExecute(AssertionContext $context)
{
$profileContext = $context->getProfileContext();
$trustOptions = $profileContext->getTrustOptions();
if (false === $trustOptions->getEncryptAssertions()) {
return;
}
if (null == ($assertion = $context->getAssertion())) {
throw new LightSamlContextException($context, 'Assertion for encryption is not set');
}
$context->setAssertion(null);
$query = $this->credentialResolver->query();
$query->add(new EntityIdCriteria($profileContext->getPartyEntityDescriptor()->getEntityID()))->add(new MetadataCriteria(ProfileContext::ROLE_IDP === $profileContext->getOwnRole() ? MetadataCriteria::TYPE_SP : MetadataCriteria::TYPE_IDP, SamlConstants::PROTOCOL_SAML2))->add(new UsageCriteria(UsageType::ENCRYPTION));
$query->resolve();
/** @var CredentialInterface $credential */
$credential = $query->firstCredential();
if (null == $credential) {
throw new LightSamlContextException($context, 'Unable to resolve encrypting credential');
}
if (null == $credential->getPublicKey()) {
throw new LightSamlContextException($context, 'Credential resolved for assertion encryption does not have a public key');
}
$encryptedAssertionWriter = new EncryptedAssertionWriter($trustOptions->getBlockEncryptionAlgorithm(), $trustOptions->getKeyTransportEncryptionAlgorithm());
$encryptedAssertionWriter->encrypt($assertion, $credential->getPublicKey());
$context->setEncryptedAssertion($encryptedAssertionWriter);
}
/**
* @param AssertionContext $context
*
* @return void
*/
protected function doExecute(AssertionContext $context)
{
$ownEntityDescriptor = $context->getProfileContext()->getOwnEntityDescriptor();
$issuer = new Issuer($ownEntityDescriptor->getEntityID());
$issuer->setFormat(SamlConstants::NAME_ID_FORMAT_ENTITY);
$context->getAssertion()->setIssuer($issuer);
$this->logger->debug(sprintf('Assertion Issuer set to "%s"', $ownEntityDescriptor->getEntityID()), LogHelper::getActionContext($context, $this));
}
/**
* @param AssertionContext $context
*
* @return void
*/
protected function doExecute(AssertionContext $context)
{
$partyEntityDescriptor = $context->getProfileContext()->getPartyEntityDescriptor();
$conditions = new Conditions();
$conditions->setNotBefore($this->timeProvider->getTimestamp());
$conditions->setNotOnOrAfter($conditions->getNotBeforeTimestamp() + $this->expirationSeconds);
$audienceRestriction = new AudienceRestriction(array($partyEntityDescriptor->getEntityID()));
$conditions->addItem($audienceRestriction);
$context->getAssertion()->setConditions($conditions);
}
/**
* @param AssertionContext $context
*
* @return void
*/
protected function doExecute(AssertionContext $context)
{
$profileContext = $context->getProfileContext();
$trustOptions = $profileContext->getTrustOptions();
if ($trustOptions->getSignAssertions()) {
$signature = $this->signatureResolver->getSignature($profileContext);
if ($signature) {
$this->logger->debug(sprintf('Signing assertion with fingerprint %s', $signature->getCertificate()->getFingerprint()), LogHelper::getActionContext($context, $this, array('certificate' => $signature->getCertificate()->getInfo())));
$context->getAssertion()->setSignature($signature);
} else {
$this->logger->critical('Unable to resolve assertion signature, though signing enabled', LogHelper::getActionErrorContext($context, $this));
}
} else {
$this->logger->debug('Assertion signing disabled', LogHelper::getActionContext($context, $this));
}
}
/**
* @param AssertionContext $context
*
* @return void
*/
protected function doExecute(AssertionContext $context)
{
$authnContext = new AuthnContext();
$authnContextClassRef = $this->sessionInfoProvider->getAuthnContextClassRef() ?: SamlConstants::AUTHN_CONTEXT_UNSPECIFIED;
$authnContext->setAuthnContextClassRef($authnContextClassRef);
$authnStatement = new AuthnStatement();
$authnStatement->setAuthnContext($authnContext);
$sessionIndex = $this->sessionInfoProvider->getSessionIndex();
if ($sessionIndex) {
$authnStatement->setSessionIndex($sessionIndex);
}
$authnInstant = $this->sessionInfoProvider->getAuthnInstant() ?: new \DateTime();
$authnStatement->setAuthnInstant($authnInstant);
$subjectLocality = new SubjectLocality();
$subjectLocality->setAddress($context->getProfileContext()->getHttpRequest()->getClientIp());
$authnStatement->setSubjectLocality($subjectLocality);
$context->getAssertion()->addItem($authnStatement);
}
/**
* @param AssertionContext $context
*
* @return void
*/
protected function doExecute(AssertionContext $context)
{
$profileContext = $context->getProfileContext();
$inboundMessage = $profileContext->getInboundContext()->getMessage();
$endpoint = $profileContext->getEndpoint();
$data = new SubjectConfirmationData();
if ($inboundMessage) {
$data->setInResponseTo($inboundMessage->getID());
}
$data->setAddress($profileContext->getHttpRequest()->getClientIp());
$data->setNotOnOrAfter($this->timeProvider->getTimestamp() + $this->expirationSeconds);
$data->setRecipient($endpoint->getLocation());
$subjectConfirmation = new SubjectConfirmation();
$subjectConfirmation->setMethod(SamlConstants::CONFIRMATION_METHOD_BEARER);
$subjectConfirmation->setSubjectConfirmationData($data);
if (null === $context->getAssertion()->getSubject()) {
$context->getAssertion()->setSubject(new Subject());
}
$context->getAssertion()->getSubject()->addSubjectConfirmation($subjectConfirmation);
}
/**
* @param AssertionContext $context
*
* @return void
*/
protected function doExecute(AssertionContext $context)
{
if ($context->getAssertion()) {
$this->sessionProcessor->processAssertions(array($context->getAssertion()), $context->getProfileContext()->getOwnEntityDescriptor()->getEntityID(), $context->getProfileContext()->getPartyEntityDescriptor()->getEntityID());
}
}
