Skip to content
Snippets Groups Projects
Commit 8a2890fa authored by Olav Morken's avatar Olav Morken
Browse files

SAML_Assertion: Support encryption of NameID. 

git-svn-id: https://simplesamlphp.googlecode.com/svn/trunk@2747 44740490-163a-0410-bde0-09ae8108e29a
parent b839cab2
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
Showing
with 38 additions and 2 deletions
lib/SAML2/Assertion.php
+ 38
2
View file @ 8a2890fa
...@@ -611,6 +611,36 @@ class SAML2_Assertion implements SAML2_SignedElement { ...@@ -611,6 +611,36 @@ class SAML2_Assertion implements SAML2_SignedElement {
} }
/**
* Encrypt the NameID in the Assertion.
*
* @param XMLSecurityKey $key The encryption key.
*/
public function encryptNameId(XMLSecurityKey $key) {
/* First create a XML representation of the NameID. */
$doc = new DOMDocument();
$root = $doc->createElement('root');
$doc->appendChild($root);
SAML2_Utils::addNameId($root, $this->nameId);
$nameId = $root->firstChild;
SimpleSAML_Utilities::debugMessage($nameId, 'encrypt');
/* Encrypt the NameID. */
$enc = new XMLSecEnc();
$enc->setNode($nameId);
$enc->type = XMLSecEnc::Element;
$symmetricKey = new XMLSecurityKey(XMLSecurityKey::AES128_CBC);
$symmetricKey->generateSessionKey();
$enc->encryptKey($key, $symmetricKey);
$this->encryptedNameId = $enc->encryptNode($symmetricKey);
$this->nameId = NULL;
}
/** /**
* Decrypt the NameId of the subject in the assertion. * Decrypt the NameId of the subject in the assertion.
* *
...@@ -1082,7 +1112,7 @@ class SAML2_Assertion implements SAML2_SignedElement { ...@@ -1082,7 +1112,7 @@ class SAML2_Assertion implements SAML2_SignedElement {
*/ */
private function addSubject(DOMElement $root) { private function addSubject(DOMElement $root) {
if ($this->nameId === NULL) { if ($this->nameId === NULL && $this->encryptedNameId === NULL) {
/* We don't have anything to create a Subject node for. */ /* We don't have anything to create a Subject node for. */
return; return;
} }
...@@ -1090,7 +1120,13 @@ class SAML2_Assertion implements SAML2_SignedElement { ...@@ -1090,7 +1120,13 @@ class SAML2_Assertion implements SAML2_SignedElement {
$subject = $root->ownerDocument->createElementNS(SAML2_Const::NS_SAML, 'saml:Subject'); $subject = $root->ownerDocument->createElementNS(SAML2_Const::NS_SAML, 'saml:Subject');
$root->appendChild($subject); $root->appendChild($subject);
SAML2_Utils::addNameId($subject, $this->nameId); if ($this->encryptedNameId === NULL) {
SAML2_Utils::addNameId($subject, $this->nameId);
} else {
$eid = $subject->ownerDocument->createElementNS(SAML2_Const::NS_SAML, 'saml:' . 'EncryptedID');
$subject->appendChild($eid);
$eid->appendChild($subject->ownerDocument->importNode($this->encryptedNameId, TRUE));
}
foreach ($this->SubjectConfirmation as $sc) { foreach ($this->SubjectConfirmation as $sc) {
$sc->toXML($subject); $sc->toXML($subject);
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment