Log encrypted and decrypted messages.

olavmo-sikt · olavmo-sikt · commit f46e38a6834a · 2010-09-10T13:14:35.000Z
git-svn-id: https://simplesamlphp.googlecode.com/svn/trunk@2544 44740490-163a-0410-bde0-09ae8108e29a
diff --git a/config-templates/config.php b/config-templates/config.php
@@ -28,6 +28,8 @@
 	 * If you enable this option, simpleSAMLphp will log all sent and received messages
 	 * to the log file.
 	 *
+	 * This option also enables logging of the messages that are encrypted and decrypted.
+	 *
 	 * Note: The messages are logged with the DEBUG log level, so you also need to set
 	 * the 'logging.level' option to LOG_DEBUG.
 	 */
diff --git a/lib/SAML2/EncryptedAssertion.php b/lib/SAML2/EncryptedAssertion.php
@@ -46,6 +46,9 @@ public function setAssertion(SAML2_Assertion $assertion, XMLSecurityKey $key) {
 
 		$xml = $assertion->toXML();
 
+		$xmlStr = $xml->ownerDocument->saveXML($xml);
+		SimpleSAML_Utilities::debugMessage($xmlStr, 'encrypt');
+
 		$enc = new XMLSecEnc();
 		$enc->setNode($xml);
 		$enc->type = XMLSecEnc::Element;
@@ -84,6 +87,10 @@ public function setAssertion(SAML2_Assertion $assertion, XMLSecurityKey $key) {
 	public function getAssertion(XMLSecurityKey $inputKey) {
 
 		$assertionXML = SAML2_Utils::decryptElement($this->encryptedData, $inputKey);
+
+		$xmlStr = $assertionXML->ownerDocument->saveXML($assertionXML);
+		SimpleSAML_Utilities::debugMessage($xmlStr, 'decrypt');
+
 		return new SAML2_Assertion($assertionXML);
 	}
 
diff --git a/lib/SimpleSAML/Utilities.php b/lib/SimpleSAML/Utilities.php
@@ -1911,22 +1911,32 @@ public static function checkCookie($retryURL = NULL) {
 	 * Helper function to log messages that we send or receive.
 	 *
 	 * @param string $message  The message, as an XML string.
-	 * @param string $type  Whether this message is sent or received.
+	 * @param string $type  Whether this message is sent or received, encrypted or decrypted.
 	 */
 	public static function debugMessage($message, $type) {
 		assert('is_string($message)');
-		assert('$type === "out" || $type === "in"');
 
 		$globalConfig = SimpleSAML_Configuration::getInstance();
 		if (!$globalConfig->getBoolean('debug', FALSE)) {
 			/* Message debug disabled. */
 			return;
 		}
 
-		if ($type === 'in') {
+		switch ($type) {
+		case 'in':
 			SimpleSAML_Logger::debug('Received message:');
-		} else {
+			break;
+		case 'out':
 			SimpleSAML_Logger::debug('Sending message:');
+			break;
+		case 'decrypt':
+			SimpleSAML_Logger::debug('Decrypted message:');
+			break;
+		case 'encrypt':
+			SimpleSAML_Logger::debug('Encrypted message:');
+			break;
+		default:
+			assert(FALSE);
 		}
 
 		$str = self::formatXMLString($message);

Original file line number	Diff line number	Diff line change
`@@ -28,6 +28,8 @@`
`28`	`28`	`* If you enable this option, simpleSAMLphp will log all sent and received messages`
`29`	`29`	`* to the log file.`
`30`	`30`	`*`
	`31`	`+ * This option also enables logging of the messages that are encrypted and decrypted.`
	`32`	`+ *`
`31`	`33`	`* Note: The messages are logged with the DEBUG log level, so you also need to set`
`32`	`34`	`* the 'logging.level' option to LOG_DEBUG.`
`33`	`35`	`*/`