/** * @param AbstractSamlModel $object * @param XMLSecurityKey $key * * @return SerializationContext */ public function encrypt(AbstractSamlModel $object, XMLSecurityKey $key) { $oldKey = $key; $key = new XMLSecurityKey($this->keyTransportEncryption, ['type' => 'public']); $key->loadKey($oldKey->key); $serializationContext = new SerializationContext(); $object->serialize($serializationContext->getDocument(), $serializationContext); $enc = new XMLSecEnc(); $enc->setNode($serializationContext->getDocument()->firstChild); $enc->type = XMLSecEnc::Element; switch ($key->type) { case XMLSecurityKey::TRIPLEDES_CBC: case XMLSecurityKey::AES128_CBC: case XMLSecurityKey::AES192_CBC: case XMLSecurityKey::AES256_CBC: $symmetricKey = $key; break; case XMLSecurityKey::RSA_1_5: case XMLSecurityKey::RSA_SHA1: case XMLSecurityKey::RSA_SHA256: case XMLSecurityKey::RSA_SHA384: case XMLSecurityKey::RSA_SHA512: case XMLSecurityKey::RSA_OAEP_MGF1P: $symmetricKey = new XMLSecurityKey($this->blockEncryptionAlgorithm); $symmetricKey->generateSessionKey(); $enc->encryptKey($key, $symmetricKey); break; default: throw new LightSamlException(sprintf('Unknown key type for encryption: "%s"', $key->type)); } $this->encryptedElement = $enc->encryptNode($symmetricKey); return $serializationContext; }
/** * Set the assertion. * * @param \SAML2\Assertion $assertion The assertion. * @param XMLSecurityKey $key The key we should use to encrypt the assertion. * @throws \Exception */ public function setAssertion(Assertion $assertion, XMLSecurityKey $key) { $xml = $assertion->toXML(); Utils::getContainer()->debugMessage($xml, 'encrypt'); $enc = new XMLSecEnc(); $enc->setNode($xml); $enc->type = XMLSecEnc::Element; switch ($key->type) { case XMLSecurityKey::TRIPLEDES_CBC: case XMLSecurityKey::AES128_CBC: case XMLSecurityKey::AES192_CBC: case XMLSecurityKey::AES256_CBC: $symmetricKey = $key; break; case XMLSecurityKey::RSA_1_5: case XMLSecurityKey::RSA_OAEP_MGF1P: $symmetricKey = new XMLSecurityKey(XMLSecurityKey::AES128_CBC); $symmetricKey->generateSessionKey(); $enc->encryptKey($key, $symmetricKey); break; default: throw new \Exception('Unknown key type for encryption: ' . $key->type); } $this->encryptedData = $enc->encryptNode($symmetricKey); }
/** * Add an EncryptedAttribute Statement-node to the assertion. * * @param \DOMElement $root The assertion element we should add the Encrypted Attribute Statement to. */ private function addEncryptedAttributeStatement(\DOMElement $root) { if ($this->requiredEncAttributes == false) { return; } $document = $root->ownerDocument; $attributeStatement = $document->createElementNS(Constants::NS_SAML, 'saml:AttributeStatement'); $root->appendChild($attributeStatement); foreach ($this->attributes as $name => $values) { $document2 = DOMDocumentFactory::create(); $attribute = $document2->createElementNS(Constants::NS_SAML, 'saml:Attribute'); $attribute->setAttribute('Name', $name); $document2->appendChild($attribute); if ($this->nameFormat !== Constants::NAMEFORMAT_UNSPECIFIED) { $attribute->setAttribute('NameFormat', $this->nameFormat); } foreach ($values as $value) { if (is_string($value)) { $type = 'xs:string'; } elseif (is_int($value)) { $type = 'xs:integer'; } else { $type = null; } $attributeValue = $document2->createElementNS(Constants::NS_SAML, 'saml:AttributeValue'); $attribute->appendChild($attributeValue); if ($type !== null) { $attributeValue->setAttributeNS(Constants::NS_XSI, 'xsi:type', $type); } if ($value instanceof \DOMNodeList) { for ($i = 0; $i < $value->length; $i++) { $node = $document2->importNode($value->item($i), true); $attributeValue->appendChild($node); } } else { $attributeValue->appendChild($document2->createTextNode($value)); } } /*Once the attribute nodes are built, the are encrypted*/ $EncAssert = new XMLSecEnc(); $EncAssert->setNode($document2->documentElement); $EncAssert->type = 'http://www.w3.org/2001/04/xmlenc#Element'; /* * Attributes are encrypted with a session key and this one with * $EncryptionKey */ $symmetricKey = new XMLSecurityKey(XMLSecurityKey::AES256_CBC); $symmetricKey->generateSessionKey(); $EncAssert->encryptKey($this->encryptionKey, $symmetricKey); $EncrNode = $EncAssert->encryptNode($symmetricKey); $EncAttribute = $document->createElementNS(Constants::NS_SAML, 'saml:EncryptedAttribute'); $attributeStatement->appendChild($EncAttribute); $n = $document->importNode($EncrNode, true); $EncAttribute->appendChild($n); } }
public function encryptSoapDoc($siteKey, $objKey, $options = null, $encryptSignature = true) { $enc = new XMLSecEnc(); $xpath = new DOMXPath($this->envelope->ownerDocument); if ($encryptSignature == false) { $nodes = $xpath->query('//*[local-name()="Body"]'); } else { $nodes = $xpath->query('//*[local-name()="Signature"] | //*[local-name()="Body"]'); } foreach ($nodes as $node) { $type = XMLSecEnc::Element; $name = $node->localName; if ($name == 'Body') { $type = XMLSecEnc::Content; } $enc->addReference($name, $node, $type); } $enc->encryptReferences($objKey); $enc->encryptKey($siteKey, $objKey, false); $nodes = $xpath->query('//*[local-name()="Security"]'); $signode = $nodes->item(0); $this->addEncryptedKey($signode, $enc, $siteKey, $options); }
/** * Encrypt the NameID in the AuthnRequest. * * @param XMLSecurityKey $key The encryption key. */ public function encryptNameId(XMLSecurityKey $key) { /* First create a XML representation of the NameID. */ $doc = new \DOMDocument(); $root = $doc->createElement('root'); $doc->appendChild($root); Utils::addNameId($root, $this->nameId); $nameId = $root->firstChild; Utils::getContainer()->debugMessage($nameId, 'encrypt'); /* Encrypt the NameID. */ $enc = new XMLSecEnc(); $enc->setNode($nameId); // @codingStandardsIgnoreStart $enc->type = XMLSecEnc::Element; // @codingStandardsIgnoreEnd $symmetricKey = new XMLSecurityKey(XMLSecurityKey::AES128_CBC); $symmetricKey->generateSessionKey(); $enc->encryptKey($key, $symmetricKey); $this->encryptedNameId = $enc->encryptNode($symmetricKey); $this->nameId = null; }