-
Notifications
You must be signed in to change notification settings - Fork 136
Expand file tree
/
Copy pathEncryptedElementTrait.php
More file actions
135 lines (111 loc) · 3.78 KB
/
Copy pathEncryptedElementTrait.php
File metadata and controls
135 lines (111 loc) · 3.78 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
<?php
declare(strict_types=1);
namespace SimpleSAML\SAML2\XML;
use Dom;
use SimpleSAML\SAML2\Assert\Assert;
use SimpleSAML\SAML2\Compat\ContainerSingleton;
use SimpleSAML\SAML2\Exception\ProtocolViolationException;
use SimpleSAML\XML\AbstractElement;
use SimpleSAML\XMLSchema\Exception\InvalidDOMElementException;
use SimpleSAML\XMLSchema\Exception\TooManyElementsException;
use SimpleSAML\XMLSecurity\Backend\EncryptionBackend;
use SimpleSAML\XMLSecurity\Constants as C;
use SimpleSAML\XMLSecurity\XML\EncryptedElementTrait as ParentEncryptedElementTrait;
use SimpleSAML\XMLSecurity\XML\xenc\EncryptedData;
use SimpleSAML\XMLSecurity\XML\xenc\EncryptedKey;
/**
* Trait aggregating functionality for elements that are encrypted.
*
* @package simplesamlphp/saml2
*/
trait EncryptedElementTrait
{
use ParentEncryptedElementTrait;
/**
* Constructor for encrypted elements.
*
* @param \SimpleSAML\XMLSecurity\XML\xenc\EncryptedData $encryptedData The EncryptedData object.
* @param \SimpleSAML\XMLSecurity\XML\xenc\EncryptedKey[] $decryptionKeys The EncryptedKey objects.
*/
final public function __construct(
protected EncryptedData $encryptedData,
protected array $decryptionKeys = [],
) {
Assert::allIsInstanceOf($decryptionKeys, EncryptedKey::class, ProtocolViolationException::class);
/**
* 6.2: The <EncryptedData> element's Type attribute SHOULD be used and, if it is
* present, MUST have the value http://www.w3.org/2001/04/xmlenc#Element.
*/
Assert::nullOrSame($encryptedData->getType()->getValue(), C::XMLENC_ELEMENT);
$keyInfo = $this->encryptedData->getKeyInfo();
if ($keyInfo === null) {
return;
}
foreach ($keyInfo->getInfo() as $info) {
if ($info instanceof EncryptedKey) {
$this->encryptedKey = [$info];
break;
}
}
}
/**
* @return array|null
*/
public function getBlacklistedAlgorithms(): ?array
{
$container = ContainerSingleton::getInstance();
return $container->getBlacklistedEncryptionAlgorithms();
}
/**
* @return \SimpleSAML\XMLSecurity\Backend\EncryptionBackend|null
*/
public function getEncryptionBackend(): ?EncryptionBackend
{
// return the encryption backend you want to use,
// or null if you are fine with the default
return null;
}
public function getDecryptionKeys(): array
{
return $this->decryptionKeys;
}
/**
* @inheritDoc
*
* @throws \SimpleSAML\XMLSchema\Exception\InvalidDOMElementException
* If the qualified name of the supplied element is wrong
*/
public static function fromXML(Dom\Element $xml): static
{
Assert::same(
$xml->localName,
AbstractElement::getClassName(static::class),
InvalidDOMElementException::class,
);
Assert::same($xml->namespaceURI, static::NS, InvalidDOMElementException::class);
$ed = EncryptedData::getChildrenOfClass($xml);
Assert::count(
$ed,
1,
sprintf(
'No more or less than one EncryptedData element allowed in %s.',
AbstractElement::getClassName(static::class),
),
TooManyElementsException::class,
);
$ek = EncryptedKey::getChildrenOfClass($xml);
return new static($ed[0], $ek);
}
/**
* @inheritDoc
*/
public function toXML(?Dom\Element $parent = null): Dom\Element
{
$e = $this->instantiateParentElement($parent);
$this->encryptedData->toXML($e);
foreach ($this->getDecryptionKeys() as $key) {
$key->toXML($e);
}
return $e;
}
}