From 5e92f288f9e25b711a5d5820ae5e7e27271391ea Mon Sep 17 00:00:00 2001
From: Olav Morken <olav.morken@uninett.no>
Date: Mon, 7 Mar 2011 13:24:37 +0000
Subject: [PATCH] saml:sp: Fix decryption of NameID.

git-svn-id: https://simplesamlphp.googlecode.com/svn/trunk@2748 44740490-163a-0410-bde0-09ae8108e29a
---
 modules/saml/www/sp/saml2-logout.php | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/modules/saml/www/sp/saml2-logout.php b/modules/saml/www/sp/saml2-logout.php
index 2d7d69c10..99f605569 100644
--- a/modules/saml/www/sp/saml2-logout.php
+++ b/modules/saml/www/sp/saml2-logout.php
@@ -64,7 +64,7 @@ if ($message instanceof SAML2_LogoutResponse) {
 
 	if ($message->isNameIdEncrypted()) {
 		try {
-			$keys = sspmod_saml_Message::getDecryptionKeys($srcMetadata, $dstMetadata);
+			$keys = sspmod_saml_Message::getDecryptionKeys($idpMetadata, $spMetadata);
 		} catch (Exception $e) {
 			throw new SimpleSAML_Error_Exception('Error decrypting NameID: ' . $e->getMessage());
 		}
@@ -74,12 +74,16 @@ if ($message instanceof SAML2_LogoutResponse) {
 			try {
 				$message->decryptNameId($key);
 				SimpleSAML_Logger::debug('Decryption with key #' . $i . ' succeeded.');
+				$lastException = NULL;
+				break;
 			} catch (Exception $e) {
 				SimpleSAML_Logger::debug('Decryption with key #' . $i . ' failed with exception: ' . $e->getMessage());
 				$lastException = $e;
 			}
 		}
-		throw $lastException;
+		if ($lastException !== NULL) {
+			throw $lastException;
+		}
 	}
 
 	$nameId = $message->getNameId();
-- 
GitLab