Method: Saml::Util.encrypt_element

Defined in:
lib/saml/util.rb

.encrypt_element(element, target_element, encrypted_key_data, encrypted_data_options) ⇒ Object 



101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
 
# File 'lib/saml/util.rb', line 101

def encrypt_element(element, target_element, encrypted_key_data, encrypted_data_options)
  key_name = encrypted_data_options.fetch(:key_name, Saml.generate_id)

  element.encrypted_data = Xmlenc::Builder::EncryptedData.new(encrypted_data_options)
  element.encrypted_data.set_encryption_method(algorithm: 'http://www.w3.org/2001/04/xmlenc#aes256-cbc')
  element.encrypted_data.set_key_name key_name

  original_encrypted_key = element.encrypted_data.encrypt(Nokogiri::XML(target_element.to_xml).root.to_xml, encrypted_data_options)

  encrypted_key_data.each do |key_descriptor, key_options = {}|
    encrypted_key_options = key_options.merge(id: Saml.generate_id, data: original_encrypted_key.data)

    encrypted_key = Xmlenc::Builder::EncryptedKey.new(encrypted_key_options)
    encrypted_key.add_data_reference(element.encrypted_data.id)
    encrypted_key.set_key_name(key_descriptor.key_info.key_name)
    encrypted_key.carried_key_name = key_name
    encrypted_key.set_encryption_method(algorithm: 'http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p', digest_method_algorithm: 'http://www.w3.org/2000/09/xmldsig#sha1')
    encrypted_key.encrypt(key_descriptor.certificate.public_key)

    element.encrypted_keys ||= []
    element.encrypted_keys << encrypted_key
  end

  element
end