EncryptedElementTrait::decryptData() - Code Metrics - simplesamlphp/xml-security - Measure and Improve Code Quality continuously with Scrutinizer

EncryptedElementTrait::decryptData() B
last analyzed 2025-06-09 18:03 UTC

↳ Parent: EncryptedElementTrait

Complexity

Conditions	7
Paths	13

Size

Total Lines	38
Code Lines	21

Duplication

Lines	0
Ratio	0 %

Importance

Changes

Metric	Value
cc	7
eloc	21
c	0
b	0
f	0
nc	13
nop	1
dl	0
loc	38
rs	8.6506

<?php

declare(strict_types=1);

namespace SimpleSAML\XMLSecurity\XML;

use DOMElement;
use SimpleSAML\Assert\Assert;
use SimpleSAML\XML\AbstractElement;
use SimpleSAML\XML\Exception\InvalidDOMElementException;
use SimpleSAML\XML\Exception\TooManyElementsException;
use SimpleSAML\XMLSecurity\Alg\Encryption\EncryptionAlgorithmFactory;
use SimpleSAML\XMLSecurity\Alg\Encryption\EncryptionAlgorithmInterface;
use SimpleSAML\XMLSecurity\Backend\EncryptionBackend;
use SimpleSAML\XMLSecurity\Constants as C;
use SimpleSAML\XMLSecurity\Exception\InvalidArgumentException;
use SimpleSAML\XMLSecurity\Exception\NoEncryptedDataException;
use SimpleSAML\XMLSecurity\Exception\RuntimeException;
use SimpleSAML\XMLSecurity\Key\SymmetricKey;
use SimpleSAML\XMLSecurity\XML\xenc\EncryptedData;
use SimpleSAML\XMLSecurity\XML\xenc\EncryptedKey;

/**
 * Trait aggregating functionality for encrypted elements.
 *
 * @package simplesamlphp/xml-security
 */
trait EncryptedElementTrait
{
    /** @var \SimpleSAML\XMLSecurity\XML\xenc\EncryptedKey|null */
    protected ?EncryptedKey $encryptedKey = null;


    /**
     * Constructor for encrypted elements.
     *
     * @param \SimpleSAML\XMLSecurity\XML\xenc\EncryptedData $encryptedData The EncryptedData object.
     */
    public function __construct(
        protected EncryptedData $encryptedData,
    ) {
        $keyInfo = $this->encryptedData->getKeyInfo();
        if ($keyInfo === null) {
            return;
        }

        foreach ($keyInfo->getInfo() as $info) {
            if ($info instanceof EncryptedKey) {
                $this->encryptedKey = $info;
                break;
            }
        }
    }


    /**
     * Whether the encrypted object is accompanied by the decryption key or not.
     *
     * @return bool
     */
    public function hasDecryptionKey(): bool
    {
        return $this->encryptedKey !== null;
    }


    /**
     * Get the encrypted key used to encrypt the current element.
     *
     * @return \SimpleSAML\XMLSecurity\XML\xenc\EncryptedKey
     */
    public function getEncryptedKey(): EncryptedKey
    {
        return $this->encryptedKey;

    }


    /**
     * Get the EncryptedData object.
     *
     * @return \SimpleSAML\XMLSecurity\XML\xenc\EncryptedData
     */
    public function getEncryptedData(): EncryptedData
    {
        return $this->encryptedData;
    }


    /**
     * Decrypt the data in any given element.
     *
     * Use this method to decrypt an EncryptedData XML elemento into a string. If the resulting plaintext represents
     * an XML document which has a corresponding implementation extending \SimpleSAML\XML\ElementInterface, you
     * can call this method to build an object from the resulting plaintext:
     *
     *     $data = $this->decryptData($decryptor);
     *     $xml = \SimpleSAML\XML\DOMDocumentFactory::fromString($data);
     *     $object = MyObject::fromXML($xml->documentElement);
     *
     * If the class using this trait implements \SimpleSAML\XMLSecurity\XML\EncryptedElementInterface, then the
     * decrypt() method will only need the proposed code and return the object.
     *
     * @param \SimpleSAML\XMLSecurity\Alg\Encryption\EncryptionAlgorithmInterface $decryptor The decryptor to use to
     * decrypt the object.
     *
     * @return string The decrypted data.
     */
    protected function decryptData(EncryptionAlgorithmInterface $decryptor): string
    {
        $encData = $this->getEncryptedData();
        if (!$encData instanceof EncryptedData) {

            throw new NoEncryptedDataException();
        }

        $algId = $decryptor->getAlgorithmId();
        $encMethod = $this->getEncryptedData()->getEncryptionMethod();
        if ($encMethod !== null) {
            $algId = $encMethod->getAlgorithm();
        }

        if (in_array($decryptor->getAlgorithmId(), C::$KEY_TRANSPORT_ALGORITHMS)) {
            // the decryptor uses a key transport algorithm, check if we have a session key
            if ($this->hasDecryptionKey() === null) {

                throw new RuntimeException('Cannot use a key transport algorithm to decrypt an object.');
            }

            if ($encMethod === null) {
                throw new RuntimeException('Cannot decrypt data with a session key and no EncryptionMethod.');
            }

            $encryptedKey = $this->getEncryptedKey();
            $decryptionKey = $encryptedKey->decrypt($decryptor);

            $factory = new EncryptionAlgorithmFactory(
                $this->getBlacklistedAlgorithms() ?? EncryptionAlgorithmFactory::DEFAULT_BLACKLIST,
            );
            $decryptor = $factory->getAlgorithm($encMethod->getAlgorithm(), new SymmetricKey($decryptionKey));
            $decryptor->setBackend($this->getEncryptionBackend());
        }

        if ($algId !== $decryptor->getAlgorithmId()) {
            throw new InvalidArgumentException('Decryption algorithm does not match EncryptionMethod.');
        }

        return $decryptor->decrypt(base64_decode($encData->getCipherData()->getCipherValue()->getContent(), true));
    }


    /**
     * @inheritDoc
     *
     * @throws \SimpleSAML\XML\Exception\InvalidDOMElementException
     *   If the qualified name of the supplied element is wrong
     */
    public static function fromXML(DOMElement $xml): static
    {
        Assert::same(
            $xml->localName,
            AbstractElement::getClassName(static::class),
            InvalidDOMElementException::class,
        );
        Assert::same($xml->namespaceURI, static::NS, InvalidDOMElementException::class);


        $ed = EncryptedData::getChildrenOfClass($xml);
        Assert::count(
            $ed,
            1,
            sprintf(
                'No more or less than one EncryptedData element allowed in %s.',
                AbstractElement::getClassName(static::class),
            ),
            TooManyElementsException::class,
        );

        return new static($ed[0]);
    }


    /**
     * @inheritDoc
     */
    public function toXML(?DOMElement $parent = null): DOMElement
    {
        $e = $this->instantiateParentElement($parent);
        $this->encryptedData->toXML($e);
        return $e;
    }


    /**
     * Create a document structure for this element.
     *
     * The AbstractElement class implements this method. If your object inherits from that class, you will already
     * have this method out of the box.
     *
     * @param \DOMElement|null $parent The element we should append to.
     * @return \DOMElement
     */
    abstract public function instantiateParentElement(?DOMElement $parent = null): DOMElement;


    /**
     * Get the encryption backend to use for any encryption operation.
     *
     * @return \SimpleSAML\XMLSecurity\Backend\EncryptionBackend|null The encryption backend to use, or null if we
     * want to use the default.
     */
    abstract public function getEncryptionBackend(): ?EncryptionBackend;


    /**
     * Get the list of algorithms that are blacklisted for any encryption operation.
     *
     * @return string[]|null An array with all algorithm identifiers that are blacklisted, or null to use this
     * libraries default.
     */
    abstract public function getBlacklistedAlgorithms(): ?array;
}


1			<?php
2
3			declare(strict_types=1);
4
5			namespace SimpleSAML\XMLSecurity\XML;
6
7			use DOMElement;
8			use SimpleSAML\Assert\Assert;
9			use SimpleSAML\XML\AbstractElement;
10			use SimpleSAML\XML\Exception\InvalidDOMElementException;
11			use SimpleSAML\XML\Exception\TooManyElementsException;
12			use SimpleSAML\XMLSecurity\Alg\Encryption\EncryptionAlgorithmFactory;
13			use SimpleSAML\XMLSecurity\Alg\Encryption\EncryptionAlgorithmInterface;
14			use SimpleSAML\XMLSecurity\Backend\EncryptionBackend;
15			use SimpleSAML\XMLSecurity\Constants as C;
16			use SimpleSAML\XMLSecurity\Exception\InvalidArgumentException;
17			use SimpleSAML\XMLSecurity\Exception\NoEncryptedDataException;
18			use SimpleSAML\XMLSecurity\Exception\RuntimeException;
19			use SimpleSAML\XMLSecurity\Key\SymmetricKey;
20			use SimpleSAML\XMLSecurity\XML\xenc\EncryptedData;
21			use SimpleSAML\XMLSecurity\XML\xenc\EncryptedKey;
22
23			/**
24			* Trait aggregating functionality for encrypted elements.
25			*
26			* @package simplesamlphp/xml-security
27			*/
28			trait EncryptedElementTrait
29			{
30			/** @var \SimpleSAML\XMLSecurity\XML\xenc\EncryptedKey\|null */
31			protected ?EncryptedKey $encryptedKey = null;
32
33
34			/**
35			* Constructor for encrypted elements.
36			*
37			* @param \SimpleSAML\XMLSecurity\XML\xenc\EncryptedData $encryptedData The EncryptedData object.
38			*/
39			public function __construct(
40			protected EncryptedData $encryptedData,
41			) {
42			$keyInfo = $this->encryptedData->getKeyInfo();
43			if ($keyInfo === null) {
44			return;
45			}
46
47			foreach ($keyInfo->getInfo() as $info) {
48			if ($info instanceof EncryptedKey) {
49			$this->encryptedKey = $info;
50			break;
51			}
52			}
53			}
54
55
56			/**
57			* Whether the encrypted object is accompanied by the decryption key or not.
58			*
59			* @return bool
60			*/
61			public function hasDecryptionKey(): bool
62			{
63			return $this->encryptedKey !== null;
64			}
65
66
67			/**
68			* Get the encrypted key used to encrypt the current element.
69			*
70			* @return \SimpleSAML\XMLSecurity\XML\xenc\EncryptedKey
71			*/
72			public function getEncryptedKey(): EncryptedKey
73			{
74			return $this->encryptedKey;
			0 ignored issues – show Bug Best Practice introduced 2023-06-02 10:07 UTC by Report Bug Copy Issue Report The expression `return $this->encryptedKey` could return the type `null` which is incompatible with the type-hinted return `SimpleSAML\XMLSecurity\XML\xenc\EncryptedKey`. Consider adding an additional type-check to rule them out. Loading history...
75			}
76
77
78			/**
79			* Get the EncryptedData object.
80			*
81			* @return \SimpleSAML\XMLSecurity\XML\xenc\EncryptedData
82			*/
83			public function getEncryptedData(): EncryptedData
84			{
85			return $this->encryptedData;
86			}
87
88
89			/**
90			* Decrypt the data in any given element.
91			*
92			* Use this method to decrypt an EncryptedData XML elemento into a string. If the resulting plaintext represents
93			* an XML document which has a corresponding implementation extending \SimpleSAML\XML\ElementInterface, you
94			* can call this method to build an object from the resulting plaintext:
95			*
96			* $data = $this->decryptData($decryptor);
97			* $xml = \SimpleSAML\XML\DOMDocumentFactory::fromString($data);
98			* $object = MyObject::fromXML($xml->documentElement);
99			*
100			* If the class using this trait implements \SimpleSAML\XMLSecurity\XML\EncryptedElementInterface, then the
101			* decrypt() method will only need the proposed code and return the object.
102			*
103			* @param \SimpleSAML\XMLSecurity\Alg\Encryption\EncryptionAlgorithmInterface $decryptor The decryptor to use to
104			* decrypt the object.
105			*
106			* @return string The decrypted data.
107			*/
108			protected function decryptData(EncryptionAlgorithmInterface $decryptor): string
109			{
110			$encData = $this->getEncryptedData();
111			if (!$encData instanceof EncryptedData) {
			0 ignored issues – show introduced 2022-01-01 21:52 UTC by Report Bug Copy Issue Report `$encData` is always a sub-type of `SimpleSAML\XMLSecurity\XML\xenc\EncryptedData`. Loading history...
112			throw new NoEncryptedDataException();
113			}
114
115			$algId = $decryptor->getAlgorithmId();
116			$encMethod = $this->getEncryptedData()->getEncryptionMethod();
117			if ($encMethod !== null) {
118			$algId = $encMethod->getAlgorithm();
119			}
120
121			if (in_array($decryptor->getAlgorithmId(), C::$KEY_TRANSPORT_ALGORITHMS)) {
122			// the decryptor uses a key transport algorithm, check if we have a session key
123			if ($this->hasDecryptionKey() === null) {
			0 ignored issues – show introduced 2022-01-01 21:52 UTC by Report Bug Copy Issue Report The condition `$this->hasDecryptionKey() === null` is always `false`. Loading history...
124			throw new RuntimeException('Cannot use a key transport algorithm to decrypt an object.');
125			}
126
127			if ($encMethod === null) {
128			throw new RuntimeException('Cannot decrypt data with a session key and no EncryptionMethod.');
129			}
130
131			$encryptedKey = $this->getEncryptedKey();
132			$decryptionKey = $encryptedKey->decrypt($decryptor);
133
134			$factory = new EncryptionAlgorithmFactory(
135			$this->getBlacklistedAlgorithms() ?? EncryptionAlgorithmFactory::DEFAULT_BLACKLIST,
136			);
137			$decryptor = $factory->getAlgorithm($encMethod->getAlgorithm(), new SymmetricKey($decryptionKey));
138			$decryptor->setBackend($this->getEncryptionBackend());
139			}
140
141			if ($algId !== $decryptor->getAlgorithmId()) {
142			throw new InvalidArgumentException('Decryption algorithm does not match EncryptionMethod.');
143			}
144
145			return $decryptor->decrypt(base64_decode($encData->getCipherData()->getCipherValue()->getContent(), true));
146			}
147
148
149			/**
150			* @inheritDoc
151			*
152			* @throws \SimpleSAML\XML\Exception\InvalidDOMElementException
153			* If the qualified name of the supplied element is wrong
154			*/
155			public static function fromXML(DOMElement $xml): static
156			{
157			Assert::same(
158			$xml->localName,
159			AbstractElement::getClassName(static::class),
160			InvalidDOMElementException::class,
161			);
162			Assert::same($xml->namespaceURI, static::NS, InvalidDOMElementException::class);
			0 ignored issues – show Bug introduced 2021-01-11 13:33 UTC by Report Bug Copy Issue Report The constant `SimpleSAML\XMLSecurity\X...cryptedElementTrait::NS` was not found. Maybe you did not declare it correctly or list all dependencies? Loading history...
163
164			$ed = EncryptedData::getChildrenOfClass($xml);
165			Assert::count(
166			$ed,
167			1,
168			sprintf(
169			'No more or less than one EncryptedData element allowed in %s.',
170			AbstractElement::getClassName(static::class),
171			),
172			TooManyElementsException::class,
173			);
174
175			return new static($ed[0]);
176			}
177
178
179			/**
180			* @inheritDoc
181			*/
182			public function toXML(?DOMElement $parent = null): DOMElement
183			{
184			$e = $this->instantiateParentElement($parent);
185			$this->encryptedData->toXML($e);
186			return $e;
187			}
188
189
190			/**
191			* Create a document structure for this element.
192			*
193			* The AbstractElement class implements this method. If your object inherits from that class, you will already
194			* have this method out of the box.
195			*
196			* @param \DOMElement\|null $parent The element we should append to.
197			* @return \DOMElement
198			*/
199			abstract public function instantiateParentElement(?DOMElement $parent = null): DOMElement;
200
201
202			/**
203			* Get the encryption backend to use for any encryption operation.
204			*
205			* @return \SimpleSAML\XMLSecurity\Backend\EncryptionBackend\|null The encryption backend to use, or null if we
206			* want to use the default.
207			*/
208			abstract public function getEncryptionBackend(): ?EncryptionBackend;
209
210
211			/**
212			* Get the list of algorithms that are blacklisted for any encryption operation.
213			*
214			* @return string[]\|null An array with all algorithm identifiers that are blacklisted, or null to use this
215			* libraries default.
216			*/
217			abstract public function getBlacklistedAlgorithms(): ?array;
218			}
219

simplesamlphp / xml-security

EncryptedElementTrait::decryptData() B last analyzed 2025-06-09 18:03 UTC

Complexity

Size

Duplication

Importance

Duplication Side-by-Side

Filter issues like

EncryptedElementTrait::decryptData() B
last analyzed 2025-06-09 18:03 UTC