sspmod_saml_Message::decryptAssertion PHP Method

sspmod_saml_Message Class Documentation Mostrar archivo Open project: simplesamlphp/simplesamlphp

decryptAssertion() private static method

This function takes in a \SAML2\Assertion and decrypts it if it is encrypted. If it is unencrypted, and encryption is enabled in the metadata, an exception will be throws.

private static decryptAssertion ( SimpleSAML_Configuration $srcMetadata, SimpleSAML_Configuration $dstMetadata, Assertion \| SAML2\EncryptedAssertion $assertion ) : Assertion
$srcMetadata	SimpleSAML_Configuration	The metadata of the sender (IdP).
$dstMetadata	SimpleSAML_Configuration	The metadata of the recipient (SP).
$assertion	SAML2\Assertion \| SAML2\EncryptedAssertion	The assertion we are decrypting.
return	SAML2\Assertion	The assertion.

    private static function decryptAssertion(SimpleSAML_Configuration $srcMetadata, SimpleSAML_Configuration $dstMetadata, $assertion)
    {
        assert('$assertion instanceof \\SAML2\\Assertion || $assertion instanceof \\SAML2\\EncryptedAssertion');
        if ($assertion instanceof \SAML2\Assertion) {
            $encryptAssertion = $srcMetadata->getBoolean('assertion.encryption', NULL);
            if ($encryptAssertion === NULL) {
                $encryptAssertion = $dstMetadata->getBoolean('assertion.encryption', FALSE);
            }
            if ($encryptAssertion) {
                /* The assertion was unencrypted, but we have encryption enabled. */
                throw new Exception('Received unencrypted assertion, but encryption was enabled.');
            }
            return $assertion;
        }
        try {
            $keys = self::getDecryptionKeys($srcMetadata, $dstMetadata);
        } catch (Exception $e) {
            throw new SimpleSAML_Error_Exception('Error decrypting assertion: ' . $e->getMessage());
        }
        $blacklist = self::getBlacklistedAlgorithms($srcMetadata, $dstMetadata);
        $lastException = NULL;
        foreach ($keys as $i => $key) {
            try {
                $ret = $assertion->getAssertion($key, $blacklist);
                SimpleSAML\Logger::debug('Decryption with key #' . $i . ' succeeded.');
                return $ret;
            } catch (Exception $e) {
                SimpleSAML\Logger::debug('Decryption with key #' . $i . ' failed with exception: ' . $e->getMessage());
                $lastException = $e;
            }
        }
        throw $lastException;
    }

sspmod_saml_Message

addRedirectSign

addSign

buildAuthnRequest

buildLogoutRequest

buildLogoutResponse

checkSign

decryptAssertion

findCertificate

getBlacklistedAlgorithms

getDecryptionKeys

getEncryptionKey

getResponseError

processAssertion

processResponse

validateMessage