/**
  * @param AbstractSamlModel $object
  * @param XMLSecurityKey    $key
  *
  * @return SerializationContext
  */
 public function encrypt(AbstractSamlModel $object, XMLSecurityKey $key)
 {
     $oldKey = $key;
     $key = new XMLSecurityKey($this->keyTransportEncryption, ['type' => 'public']);
     $key->loadKey($oldKey->key);
     $serializationContext = new SerializationContext();
     $object->serialize($serializationContext->getDocument(), $serializationContext);
     $enc = new XMLSecEnc();
     $enc->setNode($serializationContext->getDocument()->firstChild);
     $enc->type = XMLSecEnc::Element;
     switch ($key->type) {
         case XMLSecurityKey::TRIPLEDES_CBC:
         case XMLSecurityKey::AES128_CBC:
         case XMLSecurityKey::AES192_CBC:
         case XMLSecurityKey::AES256_CBC:
             $symmetricKey = $key;
             break;
         case XMLSecurityKey::RSA_1_5:
         case XMLSecurityKey::RSA_SHA1:
         case XMLSecurityKey::RSA_SHA256:
         case XMLSecurityKey::RSA_SHA384:
         case XMLSecurityKey::RSA_SHA512:
         case XMLSecurityKey::RSA_OAEP_MGF1P:
             $symmetricKey = new XMLSecurityKey($this->blockEncryptionAlgorithm);
             $symmetricKey->generateSessionKey();
             $enc->encryptKey($key, $symmetricKey);
             break;
         default:
             throw new LightSamlException(sprintf('Unknown key type for encryption: "%s"', $key->type));
     }
     $this->encryptedElement = $enc->encryptNode($symmetricKey);
     return $serializationContext;
 }
Пример #2
0
 /**
  * Set the assertion.
  *
  * @param \SAML2\Assertion $assertion The assertion.
  * @param XMLSecurityKey  $key       The key we should use to encrypt the assertion.
  * @throws \Exception
  */
 public function setAssertion(Assertion $assertion, XMLSecurityKey $key)
 {
     $xml = $assertion->toXML();
     Utils::getContainer()->debugMessage($xml, 'encrypt');
     $enc = new XMLSecEnc();
     $enc->setNode($xml);
     $enc->type = XMLSecEnc::Element;
     switch ($key->type) {
         case XMLSecurityKey::TRIPLEDES_CBC:
         case XMLSecurityKey::AES128_CBC:
         case XMLSecurityKey::AES192_CBC:
         case XMLSecurityKey::AES256_CBC:
             $symmetricKey = $key;
             break;
         case XMLSecurityKey::RSA_1_5:
         case XMLSecurityKey::RSA_OAEP_MGF1P:
             $symmetricKey = new XMLSecurityKey(XMLSecurityKey::AES128_CBC);
             $symmetricKey->generateSessionKey();
             $enc->encryptKey($key, $symmetricKey);
             break;
         default:
             throw new \Exception('Unknown key type for encryption: ' . $key->type);
     }
     $this->encryptedData = $enc->encryptNode($symmetricKey);
 }
Пример #3
0
 /**
  * Add an EncryptedAttribute Statement-node to the assertion.
  *
  * @param \DOMElement $root The assertion element we should add the Encrypted Attribute Statement to.
  */
 private function addEncryptedAttributeStatement(\DOMElement $root)
 {
     if ($this->requiredEncAttributes == false) {
         return;
     }
     $document = $root->ownerDocument;
     $attributeStatement = $document->createElementNS(Constants::NS_SAML, 'saml:AttributeStatement');
     $root->appendChild($attributeStatement);
     foreach ($this->attributes as $name => $values) {
         $document2 = DOMDocumentFactory::create();
         $attribute = $document2->createElementNS(Constants::NS_SAML, 'saml:Attribute');
         $attribute->setAttribute('Name', $name);
         $document2->appendChild($attribute);
         if ($this->nameFormat !== Constants::NAMEFORMAT_UNSPECIFIED) {
             $attribute->setAttribute('NameFormat', $this->nameFormat);
         }
         foreach ($values as $value) {
             if (is_string($value)) {
                 $type = 'xs:string';
             } elseif (is_int($value)) {
                 $type = 'xs:integer';
             } else {
                 $type = null;
             }
             $attributeValue = $document2->createElementNS(Constants::NS_SAML, 'saml:AttributeValue');
             $attribute->appendChild($attributeValue);
             if ($type !== null) {
                 $attributeValue->setAttributeNS(Constants::NS_XSI, 'xsi:type', $type);
             }
             if ($value instanceof \DOMNodeList) {
                 for ($i = 0; $i < $value->length; $i++) {
                     $node = $document2->importNode($value->item($i), true);
                     $attributeValue->appendChild($node);
                 }
             } else {
                 $attributeValue->appendChild($document2->createTextNode($value));
             }
         }
         /*Once the attribute nodes are built, the are encrypted*/
         $EncAssert = new XMLSecEnc();
         $EncAssert->setNode($document2->documentElement);
         $EncAssert->type = 'http://www.w3.org/2001/04/xmlenc#Element';
         /*
          * Attributes are encrypted with a session key and this one with
          * $EncryptionKey
          */
         $symmetricKey = new XMLSecurityKey(XMLSecurityKey::AES256_CBC);
         $symmetricKey->generateSessionKey();
         $EncAssert->encryptKey($this->encryptionKey, $symmetricKey);
         $EncrNode = $EncAssert->encryptNode($symmetricKey);
         $EncAttribute = $document->createElementNS(Constants::NS_SAML, 'saml:EncryptedAttribute');
         $attributeStatement->appendChild($EncAttribute);
         $n = $document->importNode($EncrNode, true);
         $EncAttribute->appendChild($n);
     }
 }
Пример #4
0
 public function EncryptBody($siteKey, $objKey, $token)
 {
     $enc = new XMLSecEnc();
     foreach ($this->envelope->childNodes as $node) {
         if ($node->namespaceURI == $this->soapNS && $node->localName == 'Body') {
             break;
         }
     }
     $enc->setNode($node);
     /* encrypt the symmetric key */
     $enc->encryptKey($siteKey, $objKey, false);
     $enc->type = XMLSecEnc::Content;
     /* Using the symmetric key to actually encrypt the data */
     $encNode = $enc->encryptNode($objKey);
     $guid = XMLSecurityDSig::generateGUID();
     $encNode->setAttribute('Id', $guid);
     $refNode = $encNode->firstChild;
     while ($refNode && $refNode->nodeType != XML_ELEMENT_NODE) {
         $refNode = $refNode->nextSibling;
     }
     if ($refNode) {
         $refNode = $refNode->nextSibling;
     }
     if ($this->addEncryptedKey($encNode, $enc, $token)) {
         $this->AddReference($enc->encKey, $guid);
     }
 }
Пример #5
0
 /**
  * Encrypt the NameID in the AuthnRequest.
  *
  * @param XMLSecurityKey $key The encryption key.
  */
 public function encryptNameId(XMLSecurityKey $key)
 {
     /* First create a XML representation of the NameID. */
     $doc = new \DOMDocument();
     $root = $doc->createElement('root');
     $doc->appendChild($root);
     Utils::addNameId($root, $this->nameId);
     $nameId = $root->firstChild;
     Utils::getContainer()->debugMessage($nameId, 'encrypt');
     /* Encrypt the NameID. */
     $enc = new XMLSecEnc();
     $enc->setNode($nameId);
     // @codingStandardsIgnoreStart
     $enc->type = XMLSecEnc::Element;
     // @codingStandardsIgnoreEnd
     $symmetricKey = new XMLSecurityKey(XMLSecurityKey::AES128_CBC);
     $symmetricKey->generateSessionKey();
     $enc->encryptKey($key, $symmetricKey);
     $this->encryptedNameId = $enc->encryptNode($symmetricKey);
     $this->nameId = null;
 }