SAML2\Assertion::encryptNameId PHP Method

Assertion Class Documentation Usage Examples Of SAML2\Assertion::encryptNameId Datei anzeigen Open project: simplesamlphp/saml2

encryptNameId() public method

Encrypt the NameID in the Assertion.
public encryptNameId ( XMLSecurityKey $key )
$key RobRichards\XMLSecLibs\XMLSecurityKey The encryption key. 
    public function encryptNameId(XMLSecurityKey $key)
    {
        /* First create a XML representation of the NameID. */
        $doc = DOMDocumentFactory::create();
        $root = $doc->createElement('root');
        $doc->appendChild($root);
        Utils::addNameId($root, $this->nameId);
        $nameId = $root->firstChild;
        Utils::getContainer()->debugMessage($nameId, 'encrypt');
        /* Encrypt the NameID. */
        $enc = new XMLSecEnc();
        $enc->setNode($nameId);
        // @codingStandardsIgnoreStart
        $enc->type = XMLSecEnc::Element;
        // @codingStandardsIgnoreEnd
        $symmetricKey = new XMLSecurityKey(XMLSecurityKey::AES128_CBC);
        $symmetricKey->generateSessionKey();
        $enc->encryptKey($key, $symmetricKey);
        $this->encryptedNameId = $enc->encryptNode($symmetricKey);
        $this->nameId = null;
    }

Usage Example

Beispiel #1
0
 /**
  * Test NameID Encryption and Decryption.
  */
 public function testNameIdEncryption()
 {
     // Create an assertion
     $assertion = new Assertion();
     $assertion->setIssuer('testIssuer');
     $assertion->setValidAudiences(array('audience1', 'audience2'));
     $assertion->setAuthnContext('someAuthnContext');
     $assertion->setNameId(array("Value" => "just_a_basic_identifier", "Format" => "urn:oasis:names:tc:SAML:2.0:nameid-format:transient"));
     $this->assertFalse($assertion->isNameIdEncrypted());
     $publicKey = CertificatesMock::getPublicKey();
     $assertion->encryptNameId($publicKey);
     $this->assertTrue($assertion->isNameIdEncrypted());
     // Marshall it to a \DOMElement
     $assertionElement = $assertion->toXML()->ownerDocument->saveXML();
     $assertionToVerify = new Assertion(DOMDocumentFactory::fromString($assertionElement)->firstChild);
     $this->assertTrue($assertionToVerify->isNameIdEncrypted());
     $privateKey = CertificatesMock::getPrivateKey();
     $assertionToVerify->decryptNameId($privateKey);
     $this->assertFalse($assertionToVerify->isNameIdEncrypted());
     $nameID = $assertionToVerify->getNameID();
     $this->assertEquals('just_a_basic_identifier', $nameID['Value']);
     $this->assertEquals('urn:oasis:names:tc:SAML:2.0:nameid-format:transient', $nameID['Format']);
 }
Assertion
__construct
addAttributeStatement
addAuthnStatement
addConditions
addEncryptedAttributeStatement
addSubject
decryptAttributes
decryptNameId
encryptNameId
getAttributeNameFormat
getAttributes
getAuthenticatingAuthority
getAuthnContext
getAuthnContextClassRef
getAuthnContextDecl
getAuthnContextDeclRef
getAuthnInstant
getCertificates
getEncryptionKey
getId
getIssueInstant
getIssuer
getNameId
getNotBefore
getNotOnOrAfter
getSessionIndex
getSessionNotOnOrAfter
getSignatureKey
getSignatureMethod
getSubjectConfirmation
getValidAudiences
getWasSignedAtConstruction
hasEncryptedAttributes
isNameIdEncrypted
parseAttributeValue
parseAttributes
parseAuthnContext
parseAuthnStatement
parseConditions
parseEncryptedAttributes
parseSignature
parseSubject
setAttributeNameFormat
setAttributes
setAuthenticatingAuthority
setAuthnContext
setAuthnContextClassRef
setAuthnContextDecl
setAuthnContextDeclRef
setAuthnInstant
setCertificates
setEncryptedAttributes
setEncryptionKey
setId
setIssueInstant
setIssuer
setNameId
setNotBefore
setNotOnOrAfter
setSessionIndex
setSessionNotOnOrAfter
setSignatureKey
setSubjectConfirmation
setValidAudiences
toXML
validate