class Saml::Elements::EncryptedID

Attributes

xml_node[RW]

Public Class Methods

new(*args) click to toggle source
Calls superclass method
# File lib/saml/elements/encrypted_id.rb, line 21
def initialize(*args)
  options = args.extract_options!
  super(*(args << options))
end

Public Instance Methods

encrypt(key_descriptors, key_options = {}) click to toggle source
# File lib/saml/elements/encrypted_id.rb, line 26
def encrypt(key_descriptors, key_options = {})
  key_descriptors = Array(key_descriptors)

  if key_descriptors.any?
    if key_descriptors.one?
      encrypt_for_one_key_descriptor(key_descriptors.first, key_options)
    else
      encrypt_for_multiple_key_descriptors(key_descriptors, key_options)
    end
  end
end

Private Instance Methods

encrypt_for_multiple_key_descriptors(encrypted_key_data, encrypted_data_options = {}) click to toggle source
# File lib/saml/elements/encrypted_id.rb, line 63
def encrypt_for_multiple_key_descriptors(encrypted_key_data, encrypted_data_options = {})
  if encrypted_data_options[:recipient].present? && encrypted_key_data.first.is_a?(Saml::Elements::KeyDescriptor)
    encrypted_key_data.map! do |key_descriptor|
      [ key_descriptor, { recipient: encrypted_data_options[:recipient] } ]
    end
  end

  Saml::Util.encrypt_element(self, name_id, encrypted_key_data, encrypted_data_options)

  self.name_id = nil
end
encrypt_for_one_key_descriptor(key_descriptor, key_options = {}) click to toggle source
# File lib/saml/elements/encrypted_id.rb, line 40
def encrypt_for_one_key_descriptor(key_descriptor, key_options = {})
  self.encrypted_data = Xmlenc::Builder::EncryptedData.new

  self.encrypted_data.set_key_retrieval_method Xmlenc::Builder::RetrievalMethod.new(
    uri: "##{key_options[:id]}"
  )
  self.encrypted_data.set_encryption_method(
    algorithm: 'http://www.w3.org/2001/04/xmlenc#aes256-cbc'
  )

  encrypted_key = self.encrypted_data.encrypt(Nokogiri::XML(name_id.to_xml).root.to_xml, key_options)
  encrypted_key.set_encryption_method(
    algorithm: 'http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p',
    digest_method_algorithm: 'http://www.w3.org/2000/09/xmldsig#sha1'
  )

  encrypted_key.set_key_name(key_descriptor.key_info.key_name)
  encrypted_key.encrypt(key_descriptor.certificate.public_key)

  self.encrypted_keys = [ encrypted_key ]
  self.name_id = nil
end