You are here

Home » API reference » SAML SP 2.0 Single Sign On (SSO) - SAML Service Provider 7 » Assertion.php » SAML2_Assertion

public function SAML2_Assertion::__construct in SAML SP 2.0 Single Sign On (SSO) - SAML Service Provider 7

File

includes/Assertion.php, line 48

Class

SAML2_Assertion

Code

public function __construct(DOMElement $xml = NULL) {
  $this->id = Utilities::generateId();
  $this->issueInstant = Utilities::generateTimestamp();
  $this->issuer = '';
  $this->authnInstant = Utilities::generateTimestamp();
  $this->attributes = array();
  $this->nameFormat = 'urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified';
  $this->certificates = array();
  $this->AuthenticatingAuthority = array();
  $this->SubjectConfirmation = array();
  if ($xml === NULL) {
    return;
  }
  if ($xml->localName === 'EncryptedAssertion') {
    $data = Utilities::xpQuery($xml, './xenc:EncryptedData');
    $encryptedMethod = Utilities::xpQuery($xml, './xenc:EncryptedData/ds:KeyInfo');
    $method = $encryptedMethod[0]->firstChild->firstChild
      ->getAttribute("Algorithm");
    $algo = Utilities::getEncryptionAlgorithm($method);
    if (count($data) === 0) {
      throw new Exception('Missing encrypted data in <saml:EncryptedAssertion>.');
    }
    elseif (count($data) > 1) {
      throw new Exception('More than one encrypted data element in <saml:EncryptedAssertion>.');
    }
    $key = new XMLSecurityKey($algo, array(
      'type' => 'private',
    ));
    $base_module_path = drupal_get_path("module", "miniorange_saml");
    $url = $base_module_path . '/resources/sp-key.key';
    $key
      ->loadKey($url, TRUE);
    $alternateKey = new XMLSecurityKey($algo, array(
      'type' => 'private',
    ));
    $alternateKeyUrl = $base_module_path . '/resources/miniorange_sp_priv_key.key';
    $alternateKey
      ->loadKey($alternateKeyUrl, TRUE);
    $blacklist = array();
    $xml = Utilities::decryptElement($data[0], $key, $blacklist, $alternateKey);
  }
  if (!$xml
    ->hasAttribute('ID')) {
    throw new Exception('Missing ID attribute on SAML assertion.');
  }
  $this->id = $xml
    ->getAttribute('ID');
  if ($xml
    ->getAttribute('Version') !== '2.0') {

    /* Currently a very strict check. */
    throw new Exception('Unsupported version: ' . $xml
      ->getAttribute('Version'));
  }
  $this->issueInstant = Utilities::xsDateTimeToTimestamp($xml
    ->getAttribute('IssueInstant'));
  $issuer = Utilities::xpQuery($xml, './saml_assertion:Issuer');
  if (empty($issuer)) {
    throw new Exception('Missing <saml:Issuer> in assertion.');
  }
  $this->issuer = trim($issuer[0]->textContent);
  $this
    ->parseConditions($xml);
  $this
    ->parseAuthnStatement($xml);
  $this
    ->parseAttributes($xml);
  $this
    ->parseEncryptedAttributes($xml);
  $this
    ->parseSignature($xml);
  $this
    ->parseSubject($xml);
}