Skip to content

Commit 900cb47

Browse files
committed
Refactor decryptNameId
1 parent f9926f1 commit 900cb47

File tree

1 file changed

+52
-3
lines changed

1 file changed

+52
-3
lines changed

src/Saml2/Response.php

+52-3
Original file line numberDiff line numberDiff line change
@@ -610,9 +610,16 @@ public function getNameIdData()
610610
if ($encryptedIdDataEntries->length == 1) {
611611
$encryptedData = $encryptedIdDataEntries->item(0);
612612

613-
$key = $this->_settings->getSPkey();
613+
$pem = $this->_settings->getSPkey();
614+
615+
if (empty($pem)) {
616+
throw new Error(
617+
"No private key available, check settings",
618+
Error::PRIVATE_KEY_NOT_FOUND
619+
);
620+
}
614621
$seckey = new XMLSecurityKey(XMLSecurityKey::RSA_1_5, array('type'=>'private'));
615-
$seckey->loadKey($key);
622+
$seckey->loadKey($pem);
616623

617624
$nameId = Utils::decryptElement($encryptedData, $seckey);
618625

@@ -1169,7 +1176,9 @@ protected function decryptAssertion(\DomNode $dom)
11691176
if ($encryptedID) {
11701177
// decrypt the encryptedID
11711178
$this->encryptedNameId = true;
1172-
$this->decryptAssertion($encryptedID);
1179+
$encryptedData = $encryptedID->getElementsByTagName('EncryptedData')->item(0);
1180+
$nameId = $this->decryptNameId($encryptedData, $pem);
1181+
Utils::treeCopyReplace($encryptedID, $nameId);
11731182
}
11741183

11751184
if ($encData->parentNode instanceof DOMDocument) {
@@ -1204,6 +1213,46 @@ protected function decryptAssertion(\DomNode $dom)
12041213
}
12051214
}
12061215

1216+
/**
1217+
* Decrypt EncryptedID element
1218+
*
1219+
* @param \DOMElement $encryptedData The encrypted data.
1220+
* @param string $key The private key
1221+
*
1222+
* @return \DOMElement The decrypted element.
1223+
*/
1224+
private function decryptNameId(\DOMElement $encryptedData, string $pem)
1225+
{
1226+
$objenc = new XMLSecEnc();
1227+
$encData = $objenc->locateEncryptedData($encryptedData);
1228+
$objenc->setNode($encData);
1229+
$objenc->type = $encData->getAttribute("Type");
1230+
if (!$objKey = $objenc->locateKey()) {
1231+
throw new ValidationError(
1232+
"Unknown algorithm",
1233+
ValidationError::KEY_ALGORITHM_ERROR
1234+
);
1235+
}
1236+
1237+
$key = null;
1238+
if ($objKeyInfo = $objenc->locateKeyInfo($objKey)) {
1239+
if ($objKeyInfo->isEncrypted) {
1240+
$objencKey = $objKeyInfo->encryptedCtx;
1241+
$objKeyInfo->loadKey($pem, false, false);
1242+
$key = $objencKey->decryptKey($objKeyInfo);
1243+
} else {
1244+
// symmetric encryption key support
1245+
$objKeyInfo->loadKey($pem, false, false);
1246+
}
1247+
}
1248+
1249+
if (empty($objKey->key)) {
1250+
$objKey->loadKey($key);
1251+
}
1252+
1253+
return Utils::decryptElement($encryptedData, $objKey);
1254+
}
1255+
12071256
/**
12081257
* After execute a validation process, if fails this method returns the cause
12091258
*

0 commit comments

Comments
 (0)