/** * Encrypt an assertion. * * This function takes in a SAML2_Assertion and encrypts it if encryption of * assertions are enabled in the metadata. * * @param SimpleSAML_Configuration $srcMetadata The metadata of the sender (IdP). * @param SimpleSAML_Configuration $dstMetadata The metadata of the recipient (SP). * @param SAML2_Assertion $assertion The assertion we are encrypting. * @return SAML2_Assertion|SAML2_EncryptedAssertion The assertion. */ public static function encryptAssertion(SimpleSAML_Configuration $srcMetadata, SimpleSAML_Configuration $dstMetadata, SAML2_Assertion $assertion) { $encryptAssertion = $dstMetadata->getBoolean('assertion.encryption', NULL); if ($encryptAssertion === NULL) { $encryptAssertion = $srcMetadata->getBoolean('assertion.encryption', FALSE); } if (!$encryptAssertion) { /* We are _not_ encrypting this assertion, and are therefore done. */ return $assertion; } $sharedKey = $dstMetadata->getString('sharedkey', NULL); if ($sharedKey !== NULL) { $key = new XMLSecurityKey(XMLSecurityKey::AES128_CBC); $key->loadKey($sharedKey); } else { /* Find the certificate that we should use to encrypt messages to this SP. */ $certArray = SimpleSAML_Utilities::loadPublicKey($dstMetadata->toArray(), TRUE); if (!array_key_exists('PEM', $certArray)) { throw new Exception('Unable to locate key we should use to encrypt the assertionst ' . 'to the SP: ' . var_export($dstMetadata->getString('entityid'), TRUE) . '.'); } $pemCert = $certArray['PEM']; /* Extract the public key from the certificate for encryption. */ $key = new XMLSecurityKey(XMLSecurityKey::RSA_1_5, array('type' => 'public')); $key->loadKey($pemCert); } $ea = new SAML2_EncryptedAssertion(); $ea->setAssertion($assertion, $key); return $ea; }
/** * This function receives a SAML 1.1 artifact. * * @param SimpleSAML_Configuration $spMetadata The metadata of the SP. * @param SimpleSAML_Configuration $idpMetadata The metadata of the IdP. * @return string The <saml1p:Response> element, as an XML string. */ public static function receive(SimpleSAML_Configuration $spMetadata, SimpleSAML_Configuration $idpMetadata) { $artifacts = self::getArtifacts(); $request = self::buildRequest($artifacts); $url = 'https://skjak.uninett.no:1245/test...'; $url = $idpMetadata->getString('ArtifactResolutionService'); $certData = SimpleSAML_Utilities::loadPublicKey($idpMetadata->toArray(), TRUE); if (!array_key_exists('PEM', $certData)) { throw new SimpleSAML_Error_Exception('Missing one of certData or certificate in metadata for ' . var_export($idpMetadata->getString('entityid'), TRUE)); } $certData = $certData['PEM']; $file = SimpleSAML_Utilities::getTempDir() . '/' . sha1($certData) . '.crt'; if (!file_exists($file)) { SimpleSAML_Utilities::writeFile($file, $certData); } $globalConfig = SimpleSAML_Configuration::getInstance(); $spKeyCertFile = $globalConfig->getPathValue('certdir', 'cert/') . $spMetadata->getString('privatekey'); $opts = array('ssl' => array('verify_peer' => TRUE, 'cafile' => $file, 'local_cert' => $spKeyCertFile, 'capture_peer_cert' => TRUE, 'capture_peer_chain' => TRUE), 'http' => array('method' => 'POST', 'content' => $request, 'header' => 'SOAPAction: http://www.oasis-open.org/committees/security' . "\r\n" . 'Content-Type: text/xml')); $context = stream_context_create($opts); /* Fetch the artifact. */ $response = file_get_contents($url, FALSE, $context); if ($response === FALSE) { throw new SimpleSAML_Error_Exception('Failed to retrieve assertion from IdP.'); } /* Find the response in the SOAP message. */ $response = self::extractResponse($response); return $response; }