DecryptAssertionsAction::doExecute()   B
last analyzed

Complexity

Conditions 7
Paths 5

Size

Total Lines 52
Code Lines 37

Duplication

Lines 0
Ratio 0 %

Importance

Changes 1
Bugs 0 Features 0
Metric Value
eloc 37
c 1
b 0
f 0
dl 0
loc 52
rs 8.3946
cc 7
nc 5
nop 1

How to fix   Long Method   

Long Method

Small methods make your code easier to understand, in particular if combined with a good name. Besides, if your method is small, finding a good name is usually much easier.

For example, if you find yourself adding comments to a method's body, this is usually a good sign to extract the commented part to a new method, and use the comment as a starting point when coming up with a good name for this new method.

Commonly applied refactorings include:

1
<?php
2
3
/*
4
 * This file is part of the LightSAML-Core package.
5
 *
6
 * (c) Milos Tomic <[email protected]>
7
 *
8
 * This source file is subject to the MIT license that is bundled
9
 * with this source code in the file LICENSE.
10
 */
11
12
namespace LightSaml\Action\Profile\Inbound\Response;
13
14
use LightSaml\Action\Profile\AbstractProfileAction;
15
use LightSaml\Context\Profile\Helper\LogHelper;
16
use LightSaml\Context\Profile\Helper\MessageContextHelper;
17
use LightSaml\Context\Profile\ProfileContext;
18
use LightSaml\Credential\CredentialInterface;
19
use LightSaml\Credential\Criteria\EntityIdCriteria;
20
use LightSaml\Credential\Criteria\MetadataCriteria;
21
use LightSaml\Credential\Criteria\UsageCriteria;
22
use LightSaml\Credential\UsageType;
23
use LightSaml\Error\LightSamlContextException;
24
use LightSaml\Model\Assertion\EncryptedAssertionReader;
25
use LightSaml\Model\Context\DeserializationContext;
26
use LightSaml\Resolver\Credential\CredentialResolverInterface;
27
use LightSaml\SamlConstants;
28
use Psr\Log\LoggerInterface;
29
30
class DecryptAssertionsAction extends AbstractProfileAction
31
{
32
    /** @var CredentialResolverInterface */
33
    protected $credentialResolver;
34
35
    public function __construct(LoggerInterface $logger, CredentialResolverInterface $credentialResolver)
36
    {
37
        parent::__construct($logger);
38
39
        $this->credentialResolver = $credentialResolver;
40
    }
41
42
    protected function doExecute(ProfileContext $context)
43
    {
44
        $response = MessageContextHelper::asResponse($context->getInboundContext());
45
46
        if (0 === count($response->getAllEncryptedAssertions())) {
47
            $this->logger->debug('Response has no encrypted assertions', LogHelper::getActionContext($context, $this));
48
49
            return;
50
        }
51
52
        $ownEntityDescriptor = $context->getOwnEntityDescriptor();
53
54
        $query = $this->credentialResolver->query();
55
        $query
56
            ->add(new EntityIdCriteria($ownEntityDescriptor->getEntityID()))
57
            ->add(new MetadataCriteria(
58
                ProfileContext::ROLE_IDP === $context->getOwnRole()
59
                ? MetadataCriteria::TYPE_IDP
60
                : MetadataCriteria::TYPE_SP,
61
                SamlConstants::PROTOCOL_SAML2
62
            ))
63
            ->add(new UsageCriteria(UsageType::ENCRYPTION))
64
        ;
65
        $query->resolve();
66
        $privateKeys = $query->getPrivateKeys();
67
        if (empty($privateKeys)) {
68
            $message = 'No credentials resolved for assertion decryption';
69
            $this->logger->emergency($message, LogHelper::getActionErrorContext($context, $this));
70
            throw new LightSamlContextException($context, $message);
71
        }
72
        $this->logger->info('Trusted decryption candidates', LogHelper::getActionContext($context, $this, [
73
            'credentials' => array_map(function (CredentialInterface $credential) {
74
                return sprintf(
75
                    "Entity: '%s'; PK X509 Thumb: '%s'",
76
                    $credential->getEntityId(),
77
                    $credential->getPublicKey() ? $credential->getPublicKey()->getX509Thumbprint() : ''
78
                );
79
            }, $privateKeys),
80
        ]));
81
82
        foreach ($response->getAllEncryptedAssertions() as $index => $encryptedAssertion) {
83
            if ($encryptedAssertion instanceof EncryptedAssertionReader) {
84
                $name = sprintf('assertion_encrypted_%s', $index);
85
                /** @var DeserializationContext $deserializationContext */
86
                $deserializationContext = $context->getInboundContext()->getSubContext($name, DeserializationContext::class);
87
                $assertion = $encryptedAssertion->decryptMultiAssertion($privateKeys, $deserializationContext);
88
                $response->addAssertion($assertion);
89
90
                $this->logger->info(
91
                    'Assertion decrypted',
92
                    LogHelper::getActionContext($context, $this, [
93
                        'assertion' => $deserializationContext->getDocument()->saveXML(),
94
                    ])
95
                );
96
            }
97
        }
98
    }
99
}
100