This repository was archived by the owner on Nov 29, 2022. It is now read-only.
This repository was archived by the owner on Nov 29, 2022. It is now read-only.
Encrypted assertions from Response lose reference to parent document #504
Open
Description
During decryption, encrypted assertions lose the context of the parent (root) document. This is problematic if you need to access the parent document for any validation purposes of the authentication, such as to check the InResponseTo identifier.
The offending code:
// Decrypt assertions
if (response.getEncryptedAssertions().size() > 0) {
assertionList = new ArrayList<Assertion>(response.getAssertions().size() + response.getEncryptedAssertions().size());
assertionList.addAll(response.getAssertions());
List<EncryptedAssertion> encryptedAssertionList = response.getEncryptedAssertions();
for (EncryptedAssertion ea : encryptedAssertionList) {
try {
Assert.notNull(context.getLocalDecrypter(), "Can't decrypt Assertion, no decrypter is set in the context");
log.debug("Decrypting assertion");
Assertion decryptedAssertion = context.getLocalDecrypter().decrypt(ea);
assertionList.add(decryptedAssertion);
} catch (DecryptionException e) {
log.debug("Decryption of received assertion failed, assertion will be skipped", e);
}
}
}
After the assertion is decrypted, the parent document reference should be set.