@@ -610,9 +610,16 @@ public function getNameIdData()
610
610
if ($ encryptedIdDataEntries ->length == 1 ) {
611
611
$ encryptedData = $ encryptedIdDataEntries ->item (0 );
612
612
613
- $ key = $ this ->_settings ->getSPkey ();
613
+ $ pem = $ this ->_settings ->getSPkey ();
614
+
615
+ if (empty ($ pem )) {
616
+ throw new Error (
617
+ "No private key available, check settings " ,
618
+ Error::PRIVATE_KEY_NOT_FOUND
619
+ );
620
+ }
614
621
$ seckey = new XMLSecurityKey (XMLSecurityKey::RSA_1_5 , array ('type ' =>'private ' ));
615
- $ seckey ->loadKey ($ key );
622
+ $ seckey ->loadKey ($ pem );
616
623
617
624
$ nameId = Utils::decryptElement ($ encryptedData , $ seckey );
618
625
@@ -1169,7 +1176,9 @@ protected function decryptAssertion(\DomNode $dom)
1169
1176
if ($ encryptedID ) {
1170
1177
// decrypt the encryptedID
1171
1178
$ this ->encryptedNameId = true ;
1172
- $ this ->decryptAssertion ($ encryptedID );
1179
+ $ encryptedData = $ encryptedID ->getElementsByTagName ('EncryptedData ' )->item (0 );
1180
+ $ nameId = $ this ->decryptNameId ($ encryptedData , $ pem );
1181
+ Utils::treeCopyReplace ($ encryptedID , $ nameId );
1173
1182
}
1174
1183
1175
1184
if ($ encData ->parentNode instanceof DOMDocument) {
@@ -1204,6 +1213,46 @@ protected function decryptAssertion(\DomNode $dom)
1204
1213
}
1205
1214
}
1206
1215
1216
+ /**
1217
+ * Decrypt EncryptedID element
1218
+ *
1219
+ * @param \DOMElement $encryptedData The encrypted data.
1220
+ * @param string $key The private key
1221
+ *
1222
+ * @return \DOMElement The decrypted element.
1223
+ */
1224
+ private function decryptNameId (\DOMElement $ encryptedData , string $ pem )
1225
+ {
1226
+ $ objenc = new XMLSecEnc ();
1227
+ $ encData = $ objenc ->locateEncryptedData ($ encryptedData );
1228
+ $ objenc ->setNode ($ encData );
1229
+ $ objenc ->type = $ encData ->getAttribute ("Type " );
1230
+ if (!$ objKey = $ objenc ->locateKey ()) {
1231
+ throw new ValidationError (
1232
+ "Unknown algorithm " ,
1233
+ ValidationError::KEY_ALGORITHM_ERROR
1234
+ );
1235
+ }
1236
+
1237
+ $ key = null ;
1238
+ if ($ objKeyInfo = $ objenc ->locateKeyInfo ($ objKey )) {
1239
+ if ($ objKeyInfo ->isEncrypted ) {
1240
+ $ objencKey = $ objKeyInfo ->encryptedCtx ;
1241
+ $ objKeyInfo ->loadKey ($ pem , false , false );
1242
+ $ key = $ objencKey ->decryptKey ($ objKeyInfo );
1243
+ } else {
1244
+ // symmetric encryption key support
1245
+ $ objKeyInfo ->loadKey ($ pem , false , false );
1246
+ }
1247
+ }
1248
+
1249
+ if (empty ($ objKey ->key )) {
1250
+ $ objKey ->loadKey ($ key );
1251
+ }
1252
+
1253
+ return Utils::decryptElement ($ encryptedData , $ objKey );
1254
+ }
1255
+
1207
1256
/**
1208
1257
* After execute a validation process, if fails this method returns the cause
1209
1258
*
0 commit comments