Ensure encryption type is set to the required value

Author: tvdijen

src/XML/EncryptableElementTrait.php

@@ -5,7 +5,21 @@
 namespace SimpleSAML\SAML2\XML;
 
 use SimpleSAML\SAML2\Compat\ContainerSingleton;
+use SimpleSAML\XMLSchema\Type\AnyURIValue;
+use SimpleSAML\XMLSchema\Type\Base64BinaryValue;
+use SimpleSAML\XMLSecurity\Alg\Encryption\EncryptionAlgorithmFactory;
+use SimpleSAML\XMLSecurity\Alg\Encryption\EncryptionAlgorithmInterface;
+use SimpleSAML\XMLSecurity\Constants as C;
+use SimpleSAML\XMLSecurity\Key\SymmetricKey;
+use SimpleSAML\XMLSecurity\XML\ds\KeyInfo;
 use SimpleSAML\XMLSecurity\XML\EncryptableElementTrait as ParentEncryptableElementTrait;
+use SimpleSAML\XMLSecurity\XML\xenc\CipherData;
+use SimpleSAML\XMLSecurity\XML\xenc\CipherValue;
+use SimpleSAML\XMLSecurity\XML\xenc\EncryptedData;
+use SimpleSAML\XMLSecurity\XML\xenc\EncryptedKey;
+use SimpleSAML\XMLSecurity\XML\xenc\EncryptionMethod;
+
+use function in_array;
 
 /**
  * Trait aggregating functionality for elements that are encrypted.
@@ -17,6 +31,63 @@ trait EncryptableElementTrait
     use ParentEncryptableElementTrait;
 
 
+    /**
+     * Encryt this object.
+     *
+     * @param \SimpleSAML\XMLSecurity\Alg\Encryption\EncryptionAlgorithmInterface $encryptor The encryptor to use,
+     * either to encrypt the object itself, or to encrypt a session key (if the encryptor implements a key transport
+     * algorithm).
+     *
+     * @return \SimpleSAML\XMLSecurity\XML\xenc\EncryptedData
+     */
+    public function encrypt(EncryptionAlgorithmInterface $encryptor): EncryptedData
+    {
+        $keyInfo = null;
+        if (in_array($encryptor->getAlgorithmId(), C::$KEY_TRANSPORT_ALGORITHMS)) {
+            // the encryptor uses a key transport algorithm, use that to generate a session key
+            $sessionKey = SymmetricKey::generate($this->sessionKeyLen);
+
+            $encryptedKey = EncryptedKey::fromKey(
+                $sessionKey,
+                $encryptor,
+                new EncryptionMethod(
+                    AnyURIValue::fromString($encryptor->getAlgorithmId()),
+                ),
+            );
+
+            $keyInfo = new KeyInfo([$encryptedKey]);
+
+            $factory = new EncryptionAlgorithmFactory(
+                $this->getBlacklistedAlgorithms() ?? EncryptionAlgorithmFactory::DEFAULT_BLACKLIST,
+            );
+            $encryptor = $factory->getAlgorithm($this->blockCipherAlgId, $sessionKey);
+            $encryptor->setBackend($this->getEncryptionBackend());
+        }
+
+        $xmlRepresentation = $this->toXML();
+
+        return new EncryptedData(
+            new CipherData(
+                new CipherValue(
+                    Base64BinaryValue::fromString(
+                        base64_encode($encryptor->encrypt(
+                            $xmlRepresentation->ownerDocument->saveXML($xmlRepresentation),
+                        )),
+                    ),
+                ),
+            ),
+            null,
+            AnyURIValue::fromString(C::XMLENC_ELEMENT),
+            null,
+            null,
+            new EncryptionMethod(
+                AnyURIValue::fromString($encryptor->getAlgorithmId()),
+            ),
+            $keyInfo,
+        );
+    }
+
+
     /**
      * @return array|null
      */

src/XML/EncryptedElementTrait.php

@@ -42,7 +42,6 @@ final public function __construct(
         /**
          * 6.2: The <EncryptedData> element's Type attribute SHOULD be used and, if it is
          * present, MUST have the value http://www.w3.org/2001/04/xmlenc#Element.
-         *
          */
         Assert::nullOrSame($encryptedData->getType()->getValue(), C::XMLENC_ELEMENT);
 

src/XML/saml/Attribute.php

@@ -7,6 +7,7 @@
 use DOMElement;
 use SimpleSAML\SAML2\Assert\Assert;
 use SimpleSAML\SAML2\Constants as C;
+use SimpleSAML\SAML2\Exception\ProtocolViolationException;
 use SimpleSAML\SAML2\Type\SAMLAnyURIValue;
 use SimpleSAML\SAML2\Type\SAMLStringValue;
 use SimpleSAML\SAML2\XML\EncryptableElementTrait;
@@ -85,7 +86,7 @@ public function __construct(
         }
 
         $types = array_map(
-            function(AttributeValue $av) {
+            function (AttributeValue $av) {
                 return $av->getXsiType();
             },
             $attributeValue,

tests/SAML2/XML/saml/AttributeTest.php

@@ -21,8 +21,6 @@
 use SimpleSAML\XML\TestUtils\SchemaValidationTestTrait;
 use SimpleSAML\XML\TestUtils\SerializableElementTestTrait;
 use SimpleSAML\XMLSchema\Exception\MissingAttributeException;
-use SimpleSAML\XMLSchema\Type\DateTimeValue;
-use SimpleSAML\XMLSchema\Type\IntegerValue;
 use SimpleSAML\XMLSchema\Type\StringValue;
 use SimpleSAML\XMLSecurity\Alg\KeyTransport\KeyTransportAlgorithmFactory;
 use SimpleSAML\XMLSecurity\TestUtils\PEMCertificatesMock;