WIP: Service Provider; Deal with encrypted elements

Author: tvdijen

src/SAML2/Entity/ServiceProvider.php

@@ -29,6 +29,8 @@
 };
 use SimpleSAML\SAML2\XML\samlp\Response;
 use SimpleSAML\XMLSecurity\Alg\Encryption\EncryptionAlgorithmFactory;
+use SimpleSAML\XMLSecurity\Alg\KeyTransport\KeyTransportAlgorithmFactory;
+use SimpleSAML\XMLSecurity\Alg\Signature\SignatureAlgorithmFactory;
 use SimpleSAML\XMLSecurity\Exception\SignatureVerificationFailedException;
 use SimpleSAML\XMLSecurity\XML\{
     EncryptableElementInterface,
@@ -49,6 +51,9 @@ final class ServiceProvider
     protected ?StateProviderInterface $stateProvider = null;
     protected ?StorageProviderInterface $storageProvider = null;
     protected ?Metadata\IdentityProvider $idpMetadata = null;
+    protected SignatureAlgorithmFactory $signatureAlgorithmFactory;
+    protected EncryptionAlgorithmFactory $encryptionAlgorithmFactory;
+    protected KeyTransportAlgorithmFactory $keyTransportAlgorithmFactory;
 
 
     /**
@@ -75,6 +80,9 @@ public function __construct(
         // Use with caution - will leave any form of constraint validation up to the implementer
         protected readonly bool $bypassConstraintValidation = false,
     ) {
+        $this->signatureAlgorithmFactory = new SignatureAlgorithmFactory();
+        $this->encryptionAlgorithmFactory = new EncryptionAlgorithmFactory();
+        $this->keyTransportAlgorithmFactory = new KeyTransportAlgorithmFactory();
     }
 
 
@@ -205,6 +213,10 @@ public function receiveResponse(ServerRequestInterface $request): Response
         );
         $responseValidator->validate($verifiedResponse);
 
+        if ($this->encryptedAssertions === true) {
+            Assert::allIsInstanceOf($verifiedResponse->getAssertions(), EncryptedAssertion::class);
+        }
+
         // Decrypt and verify assertions, then rebuild the response.
         $verifiedAssertions = $this->decryptAndVerifyAssertions($verifiedResponse->getAssertions());
         $decryptedResponse = new Response(
@@ -241,6 +253,8 @@ public function receiveResponse(ServerRequestInterface $request): Response
      */
     protected function decryptAndVerifyAssertions(array $unverifiedAssertions): array
     {
+        $wantAssertionsSigned = $this->spMetadata->getWantAssertionsSigned();
+
         /**
          * See paragraph 6.2 of the SAML 2.0 core specifications for the applicable processing rules
          *
@@ -254,6 +268,11 @@ protected function decryptAndVerifyAssertions(array $unverifiedAssertions): arra
                 ? $this->decryptElement($assertion)
                 : $assertion;
 
+            // Verify that the request is signed, if we require this by configuration
+            if ($wantAssertionsSigned === true) {
+                Assert::true($decryptedAssertion->isSigned(), RuntimeException::class);
+            }
+
             // Verify the signature on the assertions (if any)
             $verifiedAssertion = $this->verifyElementSignature($decryptedAssertion);
 
@@ -262,7 +281,12 @@ protected function decryptAndVerifyAssertions(array $unverifiedAssertions): arra
 
             if ($nameID instanceof EncryptedID) {
                 $decryptedNameID = $this->decryptElement($nameID);
-                $subject = new Subject($decryptedNameID, $verifiedAssertion->getSubjectConfirmation());
+                // Anything we can't decrypt, we leave up for the application to deal with
+                try {
+                    $subject = new Subject($decryptedNameID, $verifiedAssertion->getSubjectConfirmation());
+                } catch (RuntimeException) {
+                    $subject = $verifiedAssertion->getSubject();
+                }
             } else {
                 $subject = $verifiedAssertion->getSubject();
             }
@@ -274,7 +298,12 @@ protected function decryptAndVerifyAssertions(array $unverifiedAssertions): arra
                     $attributes = $statement->getAttributes();
                     if ($statement->hasEncryptedAttributes()) {
                         foreach ($statement->getEncryptedAttributes() as $encryptedAttribute) {
-                            $attributes[] = $this->decryptElement($encryptedAttribute);
+                            // Anything we can't decrypt, we leave up for the application to deal with
+                            try {
+                                $attributes[] = $this->decryptElement($encryptedAttribute);
+                            } catch (RuntimeException) {
+                                $attributes[] = $encryptedAttribute;
+                            }
                         }
                     }
 
@@ -307,13 +336,26 @@ protected function decryptAndVerifyAssertions(array $unverifiedAssertions): arra
      */
     protected function decryptElement(EncryptedElementInterface $element): EncryptableElementInterface
     {
-        $factory = $this->spMetadata->getEncryptionAlgorithmFactory();
+        // TODO: When CBC-mode encryption is used, the assertion OR the Response must be signed
+        $factory = $this->encryptionAlgorithmFactory;
 
-        $encryptionAlgorithm = ($factory instanceof EncryptionAlgorithmFactory)
-            ? $element->getEncryptedData()->getEncryptionMethod()
-            : $element->getEncryptedKey()->getEncryptionMethod();
+        // If the IDP has a pre-shared key, try decrypting with that
+        $preSharedKey = $this->idpMetadata->getPreSharedKey();
+        if ($preSharedKey !== null) {
+            $encryptionAlgorithm = $element?->getEncryptedKey()?->getEncryptionMethod()
+              ?? $this->idpMetadata->getPreSharedKeyAlgorithm();
+
+            $decryptor = $factory->getAlgorithm($encryptionAlgorithm, $preSharedKey);
+            try {
+                return $element->decrypt($decryptor);
+            } catch (Exception $e) {
+                // Continue to try decrypting with asymmetric keys.
+            }
+        }
 
-        foreach ($this->spMetadata->getDecriptionKeys() as $decryptionKey) {
+        $encryptionAlgorithm = $element->getEncryptedKey()->getEncryptionMethod()->getAlgorithm();
+        foreach ($this->spMetadata->getDecryptionKeys() as $decryptionKey) {
+            $factory = $this->keyTransportAlgorithmFactory;
             $decryptor = $factory->getAlgorithm($encryptionAlgorithm, $decryptionKey);
             try {
                 return $element->decrypt($decryptor);
@@ -339,11 +381,10 @@ protected function decryptElement(EncryptedElementInterface $element): Encryptab
      */
     protected function verifyElementSignature(SignedElementInterface $element): SignableElementInterface
     {
-        $factory = $this->spMetadata->getSignatureAlgorithmFactory();
         $signatureAlgorithm = $element->getSignature()->getSignedInfo()->getSignatureMethod()->getAlgorithm();
 
         foreach ($this->idpMetadata->getValidatingKeys() as $validatingKey) {
-            $verifier = $factory->getAlgorithm($signatureAlgorithm, $validatingKey);
+            $verifier = $this->signatureAlgorithmFactory->getAlgorithm($signatureAlgorithm, $validatingKey);
 
             try {
                 return $element->verify($verifier);

src/SAML2/Metadata/AbstractProvider.php

@@ -5,11 +5,11 @@
 namespace SimpleSAML\SAML2\Metadata;
 
 use SimpleSAML\Assert\Assert;
-use SimpleSAML\XMLSecurity\Alg\Encryption\EncryptionAlgorithmFactory;
-use SimpleSAML\XMLSecurity\Alg\KeyTransport\KeyTransportAlgorithmFactory;
-use SimpleSAML\XMLSecurity\Alg\Signature\SignatureAlgorithmFactory;
+use SimpleSAML\XMLSecurity\Constants as C;
 use SimpleSAML\XMLSecurity\Key\{PrivateKey, PublicKey, SymmetricKey};
 
+use function array_keys;
+
 /**
  * Class holding common configuration for SAML2 entities.
  *
@@ -21,38 +21,23 @@ abstract class AbstractProvider
      */
     protected function __construct(
         protected string $entityId,
-        protected EncryptionAlgorithmFactory|KeyTransportAlgorithmFactory|null $encryptionAlgorithmFactory,
-        protected SignatureAlgorithmFactory|null $signatureAlgorithmFactory,
         protected string $signatureAlgorithm,
         protected array $validatingKeys,
-        protected PrivateKey|null $signingKey,
-        protected PublicKey|SymmetricKey|null $encryptionKey,
+        protected ?PrivateKey $signingKey,
+        protected ?PublicKey $encryptionKey,
         protected array $decryptionKeys,
+        protected ?SymmetricKey $preSharedKey,
+        protected string $preSharedKeyAlgorithm,
         protected array $IDPList,
     ) {
         Assert::validURI($entityId);
         Assert::validURI($signatureAlgorithm);
-        Assert::allIsInstanceOfAny($decryptionKeys, [SymmetricKey::class, PrivateKey::class]);
+        Assert::oneOf($signatureAlgorithm, array_keys(C::$RSA_DIGESTS));
+        Assert::allIsInstanceOf($decryptionKeys, PrivateKey::class);
         Assert::allIsInstanceOf($validatingKeys, PublicKey::class);
         Assert::allValidURI($IDPList);
-    }
-
-
-    /**
-     * Retrieve the SignatureAlgorithmFactory used for signing and verifying messages.
-     */
-    public function getSignatureAlgorithmFactory(): ?SignatureAlgorithmFactory
-    {
-        return $this->signatureAlgorithmFactory;
-    }
-
-
-    /**
-     * Retrieve the EncryptionAlgorithmFactory used for encrypting and decrypting messages.
-     */
-    public function getEncryptionAlgorithmFactory(): EncryptionAlgorithmFactory|KeyTransportAlgorithmFactory|null
-    {
-        return $this->encryptionAlgorithmFactory;
+        Assert::nullOrValidURI($preSharedKeyAlgorithm);
+        Assert::oneOf($preSharedKeyAlgorithm, array_keys(C::$BLOCK_CIPHER_ALGORITHMS));
     }
 
 
@@ -88,20 +73,42 @@ public function getValidatingKeys(): array
 
 
     /**
-     * Get the private key to use for signing messages.
+     * Get the public key to use for encrypting messages.
      *
-     * @return \SimpleSAML\XMLSecurity\Key\PublicKey|\SimpleSAML\XMLSecurity\Key\SymmetricKey|null
+     * @return \SimpleSAML\XMLSecurity\Key\PublicKey|null
      */
-    public function getEncryptionKey(): PublicKey|SymmetricKey|null
+    public function getEncryptionKey(): ?PublicKey
     {
         return $this->encryptionKey;
     }
 
 
+    /**
+     * Get the symmetric key to use for encrypting/decrypting messages.
+     *
+     * @return \SimpleSAML\XMLSecurity\Key\SymmetricKey|null
+     */
+    public function getPreSharedKey(): ?SymmetricKey
+    {
+        return $this->preSharedKey;
+    }
+
+
+    /**
+     * Get the symmetric encrypting/decrypting algorithm to use.
+     *
+     * @return string|null
+     */
+    public function getPreSharedKeyAlgorithm(): ?string
+    {
+        return $this->preSharedKeyAlgorithm;
+    }
+
+
     /**
      * Get the decryption keys to decrypt the assertion with.
      *
-     * @return array<\SimpleSAML\XMLSecurity\Key\PrivateKey|\SimpleSAML\XMLSecurity\Key\SymmetricKey>
+     * @return array<\SimpleSAML\XMLSecurity\Key\PrivateKey>
      */
     public function getDecryptionKeys(): array
     {

src/SAML2/Metadata/IdentityProvider.php

@@ -5,9 +5,6 @@
 namespace SimpleSAML\SAML2\Metadata;
 
 use SimpleSAML\XMLSecurity\Constants as C;
-use SimpleSAML\XMLSecurity\Alg\Encryption\EncryptionAlgorithmFactory;
-use SimpleSAML\XMLSecurity\Alg\KeyTransport\KeyTransportAlgorithmFactory;
-use SimpleSAML\XMLSecurity\Alg\Signature\SignatureAlgorithmFactory;
 use SimpleSAML\XMLSecurity\Key\{PrivateKey, PublicKey, SymmetricKey};
 
 /**
@@ -21,24 +18,24 @@ class IdentityProvider extends AbstractProvider
      */
     public function __construct(
         string $entityId,
-        EncryptionAlgorithmFactory|KeyTransportAlgorithmFactory|null $encryptionAlgorithmFactory = null,
-        SignatureAlgorithmFactory|null $signatureAlgorithmFactory = null,
         string $signatureAlgorithm = C::SIG_RSA_SHA256,
         array $validatingKeys = [],
-        PrivateKey|null $signingKey = null,
-        PublicKey|SymmetricKey|null $encryptionKey = null,
+        ?PrivateKey $signingKey = null,
+        ?PublicKey $encryptionKey = null,
         array $decryptionKeys = [],
+        ?SymmetricKey $preSharedKey = null,
+        string $preSharedKeyAlgorithm = C::BLOCK_ENC_AES256_GCM,
         array $IDPList = [],
     ) {
         parent::__construct(
             $entityId,
-            $encryptionAlgorithmFactory,
-            $signatureAlgorithmFactory,
             $signatureAlgorithm,
             $validatingKeys,
             $signingKey,
             $encryptionKey,
             $decryptionKeys,
+            $preSharedKey,
+            $preSharedKeyAlgorithm,
             $IDPList,
         );
     }

src/SAML2/Metadata/ServiceProvider.php

@@ -7,9 +7,6 @@
 use SimpleSAML\Assert\Assert;
 use SimpleSAML\SAML2\XML\md\AssertionConsumerService;
 use SimpleSAML\XMLSecurity\Constants as C;
-use SimpleSAML\XMLSecurity\Alg\Encryption\EncryptionAlgorithmFactory;
-use SimpleSAML\XMLSecurity\Alg\KeyTransport\KeyTransportAlgorithmFactory;
-use SimpleSAML\XMLSecurity\Alg\Signature\SignatureAlgorithmFactory;
 use SimpleSAML\XMLSecurity\Key\{PrivateKey, PublicKey, SymmetricKey};
 
 /**
@@ -23,27 +20,28 @@ class ServiceProvider extends AbstractProvider
      */
     public function __construct(
         string $entityId,
-        EncryptionAlgorithmFactory|KeyTransportAlgorithmFactory|null $encryptionAlgorithmFactory = null,
-        SignatureAlgorithmFactory|null $signatureAlgorithmFactory = null,
         string $signatureAlgorithm = C::SIG_RSA_SHA256,
         array $validatingKeys = [],
-        PrivateKey|null $signingKey = null,
-        PublicKey|SymmetricKey|null $encryptionKey = null,
+        ?PrivateKey $signingKey = null,
+        ?PublicKey $encryptionKey = null,
         protected array $assertionConsumerService = [],
         array $decryptionKeys = [],
+        ?SymmetricKey $preSharedKey = null,
+        string $preSharedKeyAlgorithm = C::BLOCK_ENC_AES256_GCM,
         array $IDPList = [],
+        protected bool $wantAssertionsSigned = false, // Default false by specification
     ) {
         Assert::allIsInstanceOf($assertionConsumerService, AssertionConsumerService::class);
 
         parent::__construct(
             $entityId,
-            $encryptionAlgorithmFactory,
-            $signatureAlgorithmFactory,
             $signatureAlgorithm,
             $validatingKeys,
             $signingKey,
             $encryptionKey,
             $decryptionKeys,
+            $preSharedKey,
+            $preSharedKeyAlgorithm,
             $IDPList,
         );
     }
@@ -58,4 +56,15 @@ public function getAssertionConsumerService(): array
     {
         return $this->assertionConsumerService;
     }
+
+
+    /**
+     * Retrieve the configured value for whether assertions must be signed.
+     *
+     * @return bool
+     */
+    public function getWantAssertionsSigned(): bool
+    {
+        return $this->wantAssertionsSigned;
+    }
 }