Skip to content

Commit e4d6602

Browse files
committed
Refactor decryptNameId
1 parent 72aa4a0 commit e4d6602

File tree

1 file changed

+52
-3
lines changed

1 file changed

+52
-3
lines changed

src/Saml2/Response.php

+52-3
Original file line numberDiff line numberDiff line change
@@ -605,9 +605,16 @@ public function getNameIdData()
605605
if ($encryptedIdDataEntries->length == 1) {
606606
$encryptedData = $encryptedIdDataEntries->item(0);
607607

608-
$key = $this->_settings->getSPkey();
608+
$pem = $this->_settings->getSPkey();
609+
610+
if (empty($pem)) {
611+
throw new Error(
612+
"No private key available, check settings",
613+
Error::PRIVATE_KEY_NOT_FOUND
614+
);
615+
}
609616
$seckey = new XMLSecurityKey(XMLSecurityKey::RSA_1_5, array('type'=>'private'));
610-
$seckey->loadKey($key);
617+
$seckey->loadKey($pem);
611618

612619
$nameId = Utils::decryptElement($encryptedData, $seckey);
613620

@@ -1164,7 +1171,9 @@ protected function decryptAssertion(\DomNode $dom)
11641171
if ($encryptedID) {
11651172
// decrypt the encryptedID
11661173
$this->encryptedNameId = true;
1167-
$this->decryptAssertion($encryptedID);
1174+
$encryptedData = $encryptedID->getElementsByTagName('EncryptedData')->item(0);
1175+
$nameId = $this->decryptNameId($encryptedData, $pem);
1176+
Utils::treeCopyReplace($encryptedID, $nameId);
11681177
}
11691178

11701179
if ($encData->parentNode instanceof DOMDocument) {
@@ -1199,6 +1208,46 @@ protected function decryptAssertion(\DomNode $dom)
11991208
}
12001209
}
12011210

1211+
/**
1212+
* Decrypt EncryptedID element
1213+
*
1214+
* @param \DOMElement $encryptedData The encrypted data.
1215+
* @param string $key The private key
1216+
*
1217+
* @return \DOMElement The decrypted element.
1218+
*/
1219+
private function decryptNameId(\DOMElement $encryptedData, string $pem)
1220+
{
1221+
$objenc = new XMLSecEnc();
1222+
$encData = $objenc->locateEncryptedData($encryptedData);
1223+
$objenc->setNode($encData);
1224+
$objenc->type = $encData->getAttribute("Type");
1225+
if (!$objKey = $objenc->locateKey()) {
1226+
throw new ValidationError(
1227+
"Unknown algorithm",
1228+
ValidationError::KEY_ALGORITHM_ERROR
1229+
);
1230+
}
1231+
1232+
$key = null;
1233+
if ($objKeyInfo = $objenc->locateKeyInfo($objKey)) {
1234+
if ($objKeyInfo->isEncrypted) {
1235+
$objencKey = $objKeyInfo->encryptedCtx;
1236+
$objKeyInfo->loadKey($pem, false, false);
1237+
$key = $objencKey->decryptKey($objKeyInfo);
1238+
} else {
1239+
// symmetric encryption key support
1240+
$objKeyInfo->loadKey($pem, false, false);
1241+
}
1242+
}
1243+
1244+
if (empty($objKey->key)) {
1245+
$objKey->loadKey($key);
1246+
}
1247+
1248+
return Utils::decryptElement($encryptedData, $objKey);
1249+
}
1250+
12021251
/**
12031252
* After execute a validation process, if fails this method returns the cause
12041253
*

0 commit comments

Comments
 (0)