From b28a1f7ed59ef896bf9c9887cb4778ae6c252402 Mon Sep 17 00:00:00 2001
From: Olav Morken <olav.morken@uninett.no>
Date: Thu, 27 Oct 2011 09:13:58 +0000
Subject: [PATCH] Do not show detailed exceptions about decryption failures.
git-svn-id: https://simplesamlphp.googlecode.com/svn/trunk@2951 44740490-163a-0410-bde0-09ae8108e29a
---
lib/SAML2/Utils.php | 30 +++++++++++++++++++++++++++++-
1 file changed, 29 insertions(+), 1 deletion(-)
diff --git a/lib/SAML2/Utils.php b/lib/SAML2/Utils.php
index ffc7b9b94..88841143c 100644
--- a/lib/SAML2/Utils.php
+++ b/lib/SAML2/Utils.php
@@ -297,11 +297,13 @@ class SAML2_Utils {
/**
* Decrypt an encrypted element.
*
+ * This is an internal helper function.
+ *
* @param DOMElement $encryptedData The encrypted data.
* @param XMLSecurityKey $inputKey The decryption key.
* @return DOMElement The decrypted element.
*/
- public static function decryptElement(DOMElement $encryptedData, XMLSecurityKey $inputKey) {
+ private static function _decryptElement(DOMElement $encryptedData, XMLSecurityKey $inputKey) {
$enc = new XMLSecEnc();
@@ -372,10 +374,36 @@ class SAML2_Utils {
throw new Exception('Missing encrypted element.');
}
+ if (!($decryptedElement instanceof DOMElement)) {
+ throw new Exception('Decrypted element was not actually a DOMElement.');
+ }
+
return $decryptedElement;
}
+ /**
+ * Decrypt an encrypted element.
+ *
+ * @param DOMElement $encryptedData The encrypted data.
+ * @param XMLSecurityKey $inputKey The decryption key.
+ * @return DOMElement The decrypted element.
+ */
+ public static function decryptElement(DOMElement $encryptedData, XMLSecurityKey $inputKey) {
+
+ try {
+ return self::_decryptElement($encryptedData, $inputKey);
+ } catch (Exception $e) {
+ /*
+ * Something went wrong during decryption, but for security
+ * reasons we cannot tell the user what failed.
+ */
+ SimpleSAML_Logger::error('Decryption failed: ' . $e->getMessage());
+ throw new Exception('Failed to decrypt XML element.');
+ }
+ }
+
+
/**
* Extract localized strings from a set of nodes.
*
--
GitLab