sspmod_saml_Message::getEncryptionKey PHP Méthode

getEncryptionKey() public static méthode

Retrieve the encryption key for the given entity.
public static getEncryptionKey ( SimpleSAML_Configuration $metadata ) : XMLSecurityKey
$metadata SimpleSAML_Configuration The metadata of the entity.
Résultat XMLSecurityKey The encryption key.
    public static function getEncryptionKey(SimpleSAML_Configuration $metadata)
    {
        $sharedKey = $metadata->getString('sharedkey', NULL);
        if ($sharedKey !== NULL) {
            $key = new XMLSecurityKey(XMLSecurityKey::AES128_CBC);
            $key->loadKey($sharedKey);
            return $key;
        }
        $keys = $metadata->getPublicKeys('encryption', TRUE);
        foreach ($keys as $key) {
            switch ($key['type']) {
                case 'X509Certificate':
                    $pemKey = "-----BEGIN CERTIFICATE-----\n" . chunk_split($key['X509Certificate'], 64) . "-----END CERTIFICATE-----\n";
                    $key = new XMLSecurityKey(XMLSecurityKey::RSA_OAEP_MGF1P, array('type' => 'public'));
                    $key->loadKey($pemKey);
                    return $key;
            }
        }
        throw new SimpleSAML_Error_Exception('No supported encryption key in ' . var_export($metadata->getString('entityid'), TRUE));
    }

Usage Example

Exemple #1
0
 /**
  * Build a logout request based on information in the metadata.
  *
  * @param SimpleSAML_Configuration idpMetadata  The metadata of the IdP.
  * @param SimpleSAML_Configuration spMetadata  The metadata of the SP.
  * @param array $association  The SP association.
  * @param string|NULL $relayState  An id that should be carried across the logout.
  */
 private static function buildLogoutRequest(SimpleSAML_Configuration $idpMetadata, SimpleSAML_Configuration $spMetadata, array $association, $relayState)
 {
     $lr = sspmod_saml_Message::buildLogoutRequest($idpMetadata, $spMetadata);
     $lr->setRelayState($relayState);
     $lr->setSessionIndex($association['saml:SessionIndex']);
     $lr->setNameId($association['saml:NameID']);
     $assertionLifetime = $spMetadata->getInteger('assertion.lifetime', NULL);
     if ($assertionLifetime === NULL) {
         $assertionLifetime = $idpMetadata->getInteger('assertion.lifetime', 300);
     }
     $lr->setNotOnOrAfter(time() + $assertionLifetime);
     $encryptNameId = $spMetadata->getBoolean('nameid.encryption', NULL);
     if ($encryptNameId === NULL) {
         $encryptNameId = $idpMetadata->getBoolean('nameid.encryption', FALSE);
     }
     if ($encryptNameId) {
         $lr->encryptNameId(sspmod_saml_Message::getEncryptionKey($spMetadata));
     }
     return $lr;
 }
All Usage Examples Of sspmod_saml_Message::getEncryptionKey