Skip to content

Commit

Permalink
Fix AES decryption (crewjam#142)
Browse files Browse the repository at this point in the history 
Fix AES decryption by decrypting the EncryptedKey from the response, and passing
the decrypted key to the data encryption.
  • Loading branch information
@volkangurel @crewjam
volkangurel authored and crewjam committed Aug 20, 2018
1 parent d9d6848 commit edce2dc
Showing 1 changed file with 11 additions and 1 deletion.
12 changes: 11 additions & 1 deletion service_provider.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -463,8 +463,18 @@ func (sp *ServiceProvider) ParseResponse(req *http.Request, possibleRequestIDs [
retErr.PrivateErr = err
return nil, retErr
}
var key interface{} = sp.Key
keyEl := doc.FindElement("//EncryptedAssertion/EncryptedKey")
if keyEl != nil {
key, err = xmlenc.Decrypt(sp.Key, keyEl)
if err != nil {
retErr.PrivateErr = fmt.Errorf("failed to decrypt key from response: %s", err)
return nil, retErr
}
}

el := doc.FindElement("//EncryptedAssertion/EncryptedData")
plaintextAssertion, err := xmlenc.Decrypt(sp.Key, el)
plaintextAssertion, err := xmlenc.Decrypt(key, el)
if err != nil {
retErr.PrivateErr = fmt.Errorf("failed to decrypt response: %s", err)
return nil, retErr
Expand Down

0 comments on commit edce2dc

Please sign in to comment.