From d7fa94f0ce0ecc8f8502d70748eb72b552a9e60c Mon Sep 17 00:00:00 2001
From: Olav Morken <olav.morken@uninett.no>
Date: Thu, 1 Oct 2009 11:45:18 +0000
Subject: [PATCH] saml2_Message: Separate out getDecryptionKey() from
 decryptAssertion().

git-svn-id: https://simplesamlphp.googlecode.com/svn/trunk@1810 44740490-163a-0410-bde0-09ae8108e29a
---
 modules/saml2/lib/Message.php | 55 +++++++++++++++++++++++------------
 1 file changed, 37 insertions(+), 18 deletions(-)

diff --git a/modules/saml2/lib/Message.php b/modules/saml2/lib/Message.php
index 15a4c2a04..c49f5ce34 100644
--- a/modules/saml2/lib/Message.php
+++ b/modules/saml2/lib/Message.php
@@ -222,6 +222,39 @@ class sspmod_saml2_Message {
 	}
 
 
+	/**
+	 * Retrieve the decryption key from metadata.
+	 *
+	 * @param SimpleSAML_Configuration $srcMetadata  The metadata of the sender (IdP).
+	 * @param SimpleSAML_Configuration $dstMetadata  The metadata of the recipient (SP).
+	 * @return XMLSecurityKey  The decryption key.
+	 */
+	private static function getDecryptionKey(SimpleSAML_Configuration $srcMetadata,
+		SimpleSAML_Configuration $dstMetadata) {
+
+		$sharedKey = $srcMetadata->getString('sharedkey', NULL);
+		if ($sharedKey !== NULL) {
+			$key = new XMLSecurityKey(XMLSecurityKey::AES128_CBC);
+			$key->loadKey($sharedKey);
+		} else {
+			/* Find the private key we should use to decrypt messages to this SP. */
+			$keyArray = SimpleSAML_Utilities::loadPrivateKey($dstMetadata->toArray(), TRUE);
+			if (!array_key_exists('PEM', $keyArray)) {
+				throw new Exception('Unable to locate key we should use to decrypt the message.');
+			}
+
+			/* Extract the public key from the certificate for encryption. */
+			$key = new XMLSecurityKey(XMLSecurityKey::RSA_1_5, array('type'=>'private'));
+			if (array_key_exists('password', $keyArray)) {
+				$key->passphrase = $keyArray['password'];
+			}
+			$key->loadKey($keyArray['PEM']);
+		}
+
+		return $key;
+	}
+
+
 	/**
 	 * Encrypt an assertion.
 	 *
@@ -300,24 +333,10 @@ class sspmod_saml2_Message {
 			return $assertion;
 		}
 
-
-		$sharedKey = $srcMetadata->getString('sharedkey', NULL);
-		if ($sharedKey !== NULL) {
-			$key = new XMLSecurityKey(XMLSecurityKey::AES128_CBC);
-			$key->loadKey($sharedKey);
-		} else {
-			/* Find the private key we should use to decrypt messages to this SP. */
-			$keyArray = SimpleSAML_Utilities::loadPrivateKey($dstMetadata->toArray(), TRUE);
-			if (!array_key_exists('PEM', $keyArray)) {
-				throw new Exception('Unable to locate key we should use to decrypt the assertion.');
-			}
-
-			/* Extract the public key from the certificate for encryption. */
-			$key = new XMLSecurityKey(XMLSecurityKey::RSA_1_5, array('type'=>'private'));
-			if (array_key_exists('password', $keyArray)) {
-				$key->passphrase = $keyArray['password'];
-			}
-			$key->loadKey($keyArray['PEM']);
+		try {
+			$key = self::getDecryptionKey($srcMetadata, $dstMetadata);
+		} catch (Exception $e) {
+			throw new SimpleSAML_Error_Exception('Error decrypting assertion: ' . $e->getMessage());
 		}
 
 		return $assertion->getAssertion($key);
-- 
GitLab