sspmod_saml_Message::getDecryptionKeys PHP Method

sspmod_saml_Message Class Documentation Usage Examples Of sspmod_saml_Message::getDecryptionKeys 显示文件 Open project: simplesamlphp/simplesamlphp

getDecryptionKeys() public static method

Retrieve the decryption keys from metadata.
public static getDecryptionKeys ( SimpleSAML_Configuration $srcMetadata, SimpleSAML_Configuration $dstMetadata ) : array
$srcMetadata SimpleSAML_Configuration The metadata of the sender (IdP).
$dstMetadata SimpleSAML_Configuration The metadata of the recipient (SP).
return array Array of decryption keys. 
    public static function getDecryptionKeys(SimpleSAML_Configuration $srcMetadata, SimpleSAML_Configuration $dstMetadata)
    {
        $sharedKey = $srcMetadata->getString('sharedkey', NULL);
        if ($sharedKey !== NULL) {
            $key = new XMLSecurityKey(XMLSecurityKey::AES128_CBC);
            $key->loadKey($sharedKey);
            return array($key);
        }
        $keys = array();
        /* Load the new private key if it exists. */
        $keyArray = SimpleSAML\Utils\Crypto::loadPrivateKey($dstMetadata, FALSE, 'new_');
        if ($keyArray !== NULL) {
            assert('isset($keyArray["PEM"])');
            $key = new XMLSecurityKey(XMLSecurityKey::RSA_1_5, array('type' => 'private'));
            if (array_key_exists('password', $keyArray)) {
                $key->passphrase = $keyArray['password'];
            }
            $key->loadKey($keyArray['PEM']);
            $keys[] = $key;
        }
        /* Find the existing private key. */
        $keyArray = SimpleSAML\Utils\Crypto::loadPrivateKey($dstMetadata, TRUE);
        assert('isset($keyArray["PEM"])');
        $key = new XMLSecurityKey(XMLSecurityKey::RSA_1_5, array('type' => 'private'));
        if (array_key_exists('password', $keyArray)) {
            $key->passphrase = $keyArray['password'];
        }
        $key->loadKey($keyArray['PEM']);
        $keys[] = $key;
        return $keys;
    }

Usage Example

示例#1
0
    $relayState = $message->getRelayState();
    if ($relayState === NULL) {
        /* Somehow, our RelayState has been lost. */
        throw new SimpleSAML_Error_BadRequest('Missing RelayState in logout response.');
    }
    if (!$message->isSuccess()) {
        SimpleSAML_Logger::warning('Unsuccessful logout. Status was: ' . sspmod_saml_Message::getResponseError($message));
    }
    $state = SimpleSAML_Auth_State::loadState($relayState, 'saml:slosent');
    SimpleSAML_Auth_Source::completeLogout($state);
} elseif ($message instanceof SAML2_LogoutRequest) {
    SimpleSAML_Logger::debug('module/saml2/sp/logout: Request from ' . $idpEntityId);
    SimpleSAML_Logger::stats('saml20-idp-SLO idpinit ' . $spEntityId . ' ' . $idpEntityId);
    if ($message->isNameIdEncrypted()) {
        try {
            $keys = sspmod_saml_Message::getDecryptionKeys($srcMetadata, $dstMetadata);
        } catch (Exception $e) {
            throw new SimpleSAML_Error_Exception('Error decrypting NameID: ' . $e->getMessage());
        }
        $lastException = NULL;
        foreach ($keys as $i => $key) {
            try {
                $message->decryptNameId($key);
                SimpleSAML_Logger::debug('Decryption with key #' . $i . ' succeeded.');
            } catch (Exception $e) {
                SimpleSAML_Logger::debug('Decryption with key #' . $i . ' failed with exception: ' . $e->getMessage());
                $lastException = $e;
            }
        }
        throw $lastException;
    }
All Usage Examples Of sspmod_saml_Message::getDecryptionKeys
sspmod_saml_Message
addRedirectSign
addSign
buildAuthnRequest
buildLogoutRequest
buildLogoutResponse
checkSign
decryptAssertion
findCertificate
getBlacklistedAlgorithms
getDecryptionKeys
getEncryptionKey
getResponseError
processAssertion
processResponse
validateMessage