You are here

private function SAML2_Assertion::addEncryptedAttributeStatement in SAML SP 2.0 Single Sign On (SSO) - SAML Service Provider 7

Add an EncryptedAttribute Statement-node to the assertion.

Parameters

DOMElement $root The assertion element we should add the Encrypted Attribute Statement to.:

1 call to SAML2_Assertion::addEncryptedAttributeStatement()
SAML2_Assertion::toXML in includes/Assertion.php
Convert this assertion to an XML element.

File

includes/Assertion.php, line 1306

Class

SAML2_Assertion

Code

private function addEncryptedAttributeStatement(DOMElement $root) {
  if ($this->requiredEncAttributes == FALSE) {
    return;
  }
  $document = $root->ownerDocument;
  $attributeStatement = $document
    ->createElementNS('urn:oasis:names:tc:SAML:2.0:assertion', 'saml:AttributeStatement');
  $root
    ->appendChild($attributeStatement);
  foreach ($this->attributes as $name => $values) {
    $document2 = new DOMDocument();
    $attribute = $document2
      ->createElementNS('urn:oasis:names:tc:SAML:2.0:assertion', 'saml:Attribute');
    $attribute
      ->setAttribute('Name', $name);
    $document2
      ->appendChild($attribute);
    if ($this->nameFormat !== 'urn:oasis:names:tc:SAML:2.0:attrname-format:unspecified') {
      $attribute
        ->setAttribute('NameFormat', $this->nameFormat);
    }
    foreach ($values as $value) {
      if (is_string($value)) {
        $type = 'xs:string';
      }
      elseif (is_int($value)) {
        $type = 'xs:integer';
      }
      else {
        $type = NULL;
      }
      $attributeValue = $document2
        ->createElementNS('urn:oasis:names:tc:SAML:2.0:assertion', 'saml:AttributeValue');
      $attribute
        ->appendChild($attributeValue);
      if ($type !== NULL) {
        $attributeValue
          ->setAttributeNS('http://www.w3.org/2001/XMLSchema-instance', 'xsi:type', $type);
      }
      if ($value instanceof DOMNodeList) {
        for ($i = 0; $i < $value->length; $i++) {
          $node = $document2
            ->importNode($value
            ->item($i), TRUE);
          $attributeValue
            ->appendChild($node);
        }
      }
      else {
        $attributeValue
          ->appendChild($document2
          ->createTextNode($value));
      }
    }

    /*Once the attribute nodes are built, the are encrypted*/
    $EncAssert = new XMLSecEnc();
    $EncAssert
      ->setNode($document2->documentElement);
    $EncAssert->type = 'http://www.w3.org/2001/04/xmlenc#Element';

    /*
     * Attributes are encrypted with a session key and this one with
     * $EncryptionKey
     */
    $symmetricKey = new XMLSecurityKey(XMLSecurityKey::AES256_CBC);
    $symmetricKey
      ->generateSessionKey();
    $EncAssert
      ->encryptKey($this->encryptionKey, $symmetricKey);
    $EncrNode = $EncAssert
      ->encryptNode($symmetricKey);
    $EncAttribute = $document
      ->createElementNS('urn:oasis:names:tc:SAML:2.0:assertion', 'saml:EncryptedAttribute');
    $attributeStatement
      ->appendChild($EncAttribute);
    $n = $document
      ->importNode($EncrNode, TRUE);
    $EncAttribute
      ->appendChild($n);
  }
}