/** * @param XMLSecurityKey $inputKey * * @throws \Exception */ protected function decryptSymmetricKey(XMLSecurityKey $inputKey) { /** @var XMLSecEnc $encKey */ $encKey = $this->symmetricKeyInfo->encryptedCtx; $this->symmetricKeyInfo->key = $inputKey->key; $keySize = $this->symmetricKey->getSymmetricKeySize(); if ($keySize === null) { // To protect against "key oracle" attacks, we need to be able to create a // symmetric key, and for that we need to know the key size. throw new LightSamlSecurityException(sprintf("Unknown key size for encryption algorithm: '%s'", $this->symmetricKey->type)); } /** @var string $key */ $key = $encKey->decryptKey($this->symmetricKeyInfo); if (false == is_string($key)) { throw new \LogicException('Expected string'); } if (strlen($key) != $keySize) { throw new LightSamlSecurityException(sprintf("Unexpected key size of '%s' bits for encryption algorithm '%s', expected '%s' bits size", strlen($key) * 8, $this->symmetricKey->type, $keySize)); } $this->symmetricKey->loadkey($key); }