@@ -605,9 +605,16 @@ public function getNameIdData()
605
605
if ($ encryptedIdDataEntries ->length == 1 ) {
606
606
$ encryptedData = $ encryptedIdDataEntries ->item (0 );
607
607
608
- $ key = $ this ->_settings ->getSPkey ();
608
+ $ pem = $ this ->_settings ->getSPkey ();
609
+
610
+ if (empty ($ pem )) {
611
+ throw new Error (
612
+ "No private key available, check settings " ,
613
+ Error::PRIVATE_KEY_NOT_FOUND
614
+ );
615
+ }
609
616
$ seckey = new XMLSecurityKey (XMLSecurityKey::RSA_1_5 , array ('type ' =>'private ' ));
610
- $ seckey ->loadKey ($ key );
617
+ $ seckey ->loadKey ($ pem );
611
618
612
619
$ nameId = Utils::decryptElement ($ encryptedData , $ seckey );
613
620
@@ -1164,7 +1171,9 @@ protected function decryptAssertion(\DomNode $dom)
1164
1171
if ($ encryptedID ) {
1165
1172
// decrypt the encryptedID
1166
1173
$ this ->encryptedNameId = true ;
1167
- $ this ->decryptAssertion ($ encryptedID );
1174
+ $ encryptedData = $ encryptedID ->getElementsByTagName ('EncryptedData ' )->item (0 );
1175
+ $ nameId = $ this ->decryptNameId ($ encryptedData , $ pem );
1176
+ Utils::treeCopyReplace ($ encryptedID , $ nameId );
1168
1177
}
1169
1178
1170
1179
if ($ encData ->parentNode instanceof DOMDocument) {
@@ -1199,6 +1208,46 @@ protected function decryptAssertion(\DomNode $dom)
1199
1208
}
1200
1209
}
1201
1210
1211
+ /**
1212
+ * Decrypt EncryptedID element
1213
+ *
1214
+ * @param \DOMElement $encryptedData The encrypted data.
1215
+ * @param string $key The private key
1216
+ *
1217
+ * @return \DOMElement The decrypted element.
1218
+ */
1219
+ private function decryptNameId (\DOMElement $ encryptedData , string $ pem )
1220
+ {
1221
+ $ objenc = new XMLSecEnc ();
1222
+ $ encData = $ objenc ->locateEncryptedData ($ encryptedData );
1223
+ $ objenc ->setNode ($ encData );
1224
+ $ objenc ->type = $ encData ->getAttribute ("Type " );
1225
+ if (!$ objKey = $ objenc ->locateKey ()) {
1226
+ throw new ValidationError (
1227
+ "Unknown algorithm " ,
1228
+ ValidationError::KEY_ALGORITHM_ERROR
1229
+ );
1230
+ }
1231
+
1232
+ $ key = null ;
1233
+ if ($ objKeyInfo = $ objenc ->locateKeyInfo ($ objKey )) {
1234
+ if ($ objKeyInfo ->isEncrypted ) {
1235
+ $ objencKey = $ objKeyInfo ->encryptedCtx ;
1236
+ $ objKeyInfo ->loadKey ($ pem , false , false );
1237
+ $ key = $ objencKey ->decryptKey ($ objKeyInfo );
1238
+ } else {
1239
+ // symmetric encryption key support
1240
+ $ objKeyInfo ->loadKey ($ pem , false , false );
1241
+ }
1242
+ }
1243
+
1244
+ if (empty ($ objKey ->key )) {
1245
+ $ objKey ->loadKey ($ key );
1246
+ }
1247
+
1248
+ return Utils::decryptElement ($ encryptedData , $ objKey );
1249
+ }
1250
+
1202
1251
/**
1203
1252
* After execute a validation process, if fails this method returns the cause
1204
1253
*
0 commit comments