/**
* Tests the decryptElement method of the OneLogin_Saml2_Utils
*
* @covers OneLogin_Saml2_Utils::decryptElement
*/
public function testDecryptElement()
{
$settingsDir = TEST_ROOT . '/settings/';
include $settingsDir . 'settings1.php';
$settings = new OneLogin_Saml2_Settings($settingsInfo);
$key = $settings->getSPkey();
$seckey = new XMLSecurityKey(XMLSecurityKey::RSA_1_5, array('type' => 'private'));
$seckey->loadKey($key);
$xmlNameIdEnc = base64_decode(file_get_contents(TEST_ROOT . '/data/responses/response_encrypted_nameid.xml.base64'));
$domNameIdEnc = new DOMDocument();
$domNameIdEnc->loadXML($xmlNameIdEnc);
$encryptedNameIDNodes = $domNameIdEnc->getElementsByTagName('EncryptedID');
$encryptedData = $encryptedNameIDNodes->item(0)->firstChild;
$decryptedNameId = OneLogin_Saml2_Utils::decryptElement($encryptedData, $seckey);
$this->assertEquals('saml:NameID', $decryptedNameId->tagName);
$this->assertEquals('2de11defd199f8d5bb63f9b7deb265ba5c675c10', $decryptedNameId->nodeValue);
$xmlAsssertionEnc = base64_decode(file_get_contents(TEST_ROOT . '/data/responses/valid_encrypted_assertion.xml.base64'));
$domAsssertionEnc = new DOMDocument();
$domAsssertionEnc->loadXML($xmlAsssertionEnc);
$encryptedAssertionEncNodes = $domAsssertionEnc->getElementsByTagName('EncryptedAssertion');
$encryptedAssertionEncNode = $encryptedAssertionEncNodes->item(0);
$encryptedDataAssertNodes = $encryptedAssertionEncNode->getElementsByTagName('EncryptedData');
$encryptedDataAssert = $encryptedDataAssertNodes->item(0);
$decryptedAssertion = OneLogin_Saml2_Utils::decryptElement($encryptedDataAssert, $seckey);
$this->assertEquals('saml:Assertion', $decryptedAssertion->tagName);
try {
$res = OneLogin_Saml2_Utils::decryptElement($encryptedNameIDNodes->item(0), $seckey);
$this->assertTrue(false);
} catch (Exception $e) {
$this->assertContains('Algorithm mismatch between input key and key in message', $e->getMessage());
}
$key2 = file_get_contents(TEST_ROOT . '/data/misc/sp2.key');
$seckey2 = new XMLSecurityKey(XMLSecurityKey::RSA_1_5, array('type' => 'private'));
$seckey2->loadKey($key2);
$decryptedNameId2 = OneLogin_Saml2_Utils::decryptElement($encryptedData, $seckey2);
$this->assertEquals('saml:NameID', $decryptedNameId2->tagName);
$this->assertEquals('2de11defd199f8d5bb63f9b7deb265ba5c675c10', $decryptedNameId2->nodeValue);
$key3 = file_get_contents(TEST_ROOT . '/data/misc/sp2.key');
$seckey3 = new XMLSecurityKey(XMLSecurityKey::RSA_SHA512, array('type' => 'private'));
$seckey3->loadKey($key3);
try {
$res = OneLogin_Saml2_Utils::decryptElement($encryptedData, $seckey3);
$this->assertTrue(false);
} catch (Exception $e) {
$this->assertContains('Algorithm mismatch between input key and key used to encrypt the symmetric key for the message', $e->getMessage());
}
$xmlNameIdEnc2 = base64_decode(file_get_contents(TEST_ROOT . '/data/responses/invalids/encrypted_nameID_without_EncMethod.xml.base64'));
$domNameIdEnc2 = new DOMDocument();
$domNameIdEnc2->loadXML($xmlNameIdEnc2);
$encryptedNameIDNodes2 = $domNameIdEnc2->getElementsByTagName('EncryptedID');
$encryptedData2 = $encryptedNameIDNodes2->item(0)->firstChild;
try {
$res = OneLogin_Saml2_Utils::decryptElement($encryptedData2, $seckey);
$this->assertTrue(false);
} catch (Exception $e) {
$this->assertContains('Unable to locate algorithm for this Encrypted Key', $e->getMessage());
}
$xmlNameIdEnc3 = base64_decode(file_get_contents(TEST_ROOT . '/data/responses/invalids/encrypted_nameID_without_keyinfo.xml.base64'));
$domNameIdEnc3 = new DOMDocument();
$domNameIdEnc3->loadXML($xmlNameIdEnc3);
$encryptedNameIDNodes3 = $domNameIdEnc3->getElementsByTagName('EncryptedID');
$encryptedData3 = $encryptedNameIDNodes3->item(0)->firstChild;
try {
$res = OneLogin_Saml2_Utils::decryptElement($encryptedData3, $seckey);
$this->assertTrue(false);
} catch (Exception $e) {
$this->assertContains('Algorithm mismatch between input key and key in message', $e->getMessage());
}
}