52    const template = 
"<xenc:EncryptedData xmlns:xenc='http://www.w3.org/2001/04/xmlenc#'> 
   54      <xenc:CipherValue></xenc:CipherValue> 
   56</xenc:EncryptedData>";
 
   58    const Element = 
'http://www.w3.org/2001/04/xmlenc#Element';
 
   59    const Content = 
'http://www.w3.org/2001/04/xmlenc#Content';
 
   61    const XMLENCNS = 
'http://www.w3.org/2001/04/xmlenc#';
 
   85        $this->encdoc = 
new DOMDocument();
 
   86        $this->encdoc->loadXML(self::template);
 
   97        if (! $node instanceOf DOMNode) {
 
   98            throw new Exception(
'$node is not of type DOMNode');
 
  103        $this->encdoc = $curencdoc;
 
  105        $element = 
$encdoc->documentElement;
 
  106        $element->setAttribute(
"Id", $refuri);
 
  107        $this->references[
$name] = array(
"node" => $node, 
"type" => 
$type, 
"encnode" => 
$encdoc, 
"refuri" => $refuri);
 
  115        $this->rawNode = $node;
 
  130        if (empty($this->rawNode)) {
 
  131            throw new Exception(
'Node to encrypt has not been set');
 
  134            throw new Exception(
'Invalid Key');
 
  136        $doc = $this->rawNode->ownerDocument;
 
  137        $xPath = 
new DOMXPath($this->encdoc);
 
  138        $objList = $xPath->query(
'/xenc:EncryptedData/xenc:CipherData/xenc:CipherValue');
 
  139        $cipherValue = $objList->item(0);
 
  140        if ($cipherValue == 
null) {
 
  141            throw new Exception(
'Error locating CipherValue element within template');
 
  143        switch ($this->type) {
 
  144            case (self::Element):
 
  145                $data = $doc->saveXML($this->rawNode);
 
  146                $this->encdoc->documentElement->setAttribute(
'Type', self::Element);
 
  148            case (self::Content):
 
  149                $children = $this->rawNode->childNodes;
 
  150                foreach ($children AS $child) {
 
  151                    $data .= $doc->saveXML($child);
 
  153                $this->encdoc->documentElement->setAttribute(
'Type', self::Content);
 
  156                throw new Exception(
'Type is currently not supported');
 
  159        $encMethod = $this->encdoc->documentElement->appendChild($this->encdoc->createElementNS(self::XMLENCNS, 
'xenc:EncryptionMethod'));
 
  160        $encMethod->setAttribute(
'Algorithm', $objKey->getAlgorithm());
 
  161        $cipherValue->parentNode->parentNode->insertBefore($encMethod, $cipherValue->parentNode->parentNode->firstChild);
 
  163        $strEncrypt = base64_encode($objKey->encryptData(
$data));
 
  164        $value = $this->encdoc->createTextNode($strEncrypt);
 
  165        $cipherValue->appendChild($value);
 
  168            switch ($this->type) {
 
  169                case (self::Element):
 
  170                    if ($this->rawNode->nodeType == XML_DOCUMENT_NODE) {
 
  173                    $importEnc = $this->rawNode->ownerDocument->importNode($this->encdoc->documentElement, 
true);
 
  174                    $this->rawNode->parentNode->replaceChild($importEnc, $this->rawNode);
 
  176                case (self::Content):
 
  177                    $importEnc = $this->rawNode->ownerDocument->importNode($this->encdoc->documentElement, 
true);
 
  178                    while ($this->rawNode->firstChild) {
 
  179                        $this->rawNode->removeChild($this->rawNode->firstChild);
 
  181                    $this->rawNode->appendChild($importEnc);
 
  185            return $this->encdoc->documentElement;
 
  197        foreach ($this->references AS 
$name => $reference) {
 
  198            $this->encdoc = $reference[
"encnode"];
 
  199            $this->rawNode = $reference[
"node"];
 
  200            $this->type = $reference[
"type"];
 
  203                $this->references[
$name][
"encnode"] = $encNode;
 
  204            } 
catch (Exception $e) {
 
  205                $this->rawNode = $curRawNode;
 
  206                $this->type = $curType;
 
  210        $this->rawNode = $curRawNode;
 
  211        $this->type = $curType;
 
  222        if (empty($this->rawNode)) {
 
  223            throw new Exception(
'Node to decrypt has not been set');
 
  226        $doc = $this->rawNode->ownerDocument;
 
  227        $xPath = 
new DOMXPath($doc);
 
  228        $xPath->registerNamespace(
'xmlencr', self::XMLENCNS);
 
  230        $query = 
"./xmlencr:CipherData/xmlencr:CipherValue";
 
  231        $nodeset = $xPath->query(
$query, $this->rawNode);
 
  232        $node = $nodeset->item(0);
 
  238        return base64_decode($node->nodeValue);
 
  257            throw new Exception(
'Invalid Key');
 
  261        if ($encryptedData) {
 
  262            $decrypted = $objKey->decryptData($encryptedData);
 
  264                switch ($this->type) {
 
  265                    case (self::Element):
 
  266                        $newdoc = 
new DOMDocument();
 
  267                        $newdoc->loadXML($decrypted);
 
  268                        if ($this->rawNode->nodeType == XML_DOCUMENT_NODE) {
 
  271                        $importEnc = $this->rawNode->ownerDocument->importNode($newdoc->documentElement, 
true);
 
  272                        $this->rawNode->parentNode->replaceChild($importEnc, $this->rawNode);
 
  274                    case (self::Content):
 
  275                        if ($this->rawNode->nodeType == XML_DOCUMENT_NODE) {
 
  278                            $doc = $this->rawNode->ownerDocument;
 
  280                        $newFrag = $doc->createDocumentFragment();
 
  281                        $newFrag->appendXML($decrypted);
 
  282                        $parent = $this->rawNode->parentNode;
 
  283                        $parent->replaceChild($newFrag, $this->rawNode);
 
  292            throw new Exception(
"Cannot locate encrypted data");
 
  307            throw new Exception(
'Invalid Key');
 
  309        $strEncKey = base64_encode($srcKey->encryptData($rawKey->key));
 
  310        $root = $this->encdoc->documentElement;
 
  311        $encKey = $this->encdoc->createElementNS(self::XMLENCNS, 
'xenc:EncryptedKey');
 
  313            $keyInfo = $root->insertBefore($this->encdoc->createElementNS(
'http://www.w3.org/2000/09/xmldsig#', 
'dsig:KeyInfo'), $root->firstChild);
 
  314            $keyInfo->appendChild(
$encKey);
 
  318        $encMethod = 
$encKey->appendChild($this->encdoc->createElementNS(self::XMLENCNS, 
'xenc:EncryptionMethod'));
 
  319        $encMethod->setAttribute(
'Algorithm', $srcKey->getAlgorith());
 
  320        if (! empty($srcKey->name)) {
 
  321            $keyInfo = 
$encKey->appendChild($this->encdoc->createElementNS(
'http://www.w3.org/2000/09/xmldsig#', 
'dsig:KeyInfo'));
 
  322            $keyInfo->appendChild($this->encdoc->createElementNS(
'http://www.w3.org/2000/09/xmldsig#', 
'dsig:KeyName', $srcKey->name));
 
  324        $cipherData = 
$encKey->appendChild($this->encdoc->createElementNS(self::XMLENCNS, 
'xenc:CipherData'));
 
  325        $cipherData->appendChild($this->encdoc->createElementNS(self::XMLENCNS, 
'xenc:CipherValue', $strEncKey));
 
  326        if (is_array($this->references) && count($this->references) > 0) {
 
  327            $refList = 
$encKey->appendChild($this->encdoc->createElementNS(self::XMLENCNS, 
'xenc:ReferenceList'));
 
  328            foreach ($this->references AS 
$name => $reference) {
 
  329                $refuri = $reference[
"refuri"];
 
  330                $dataRef = $refList->appendChild($this->encdoc->createElementNS(self::XMLENCNS, 
'xenc:DataReference'));
 
  331                $dataRef->setAttribute(
"URI", 
'#' . $refuri);
 
  345            throw new Exception(
"Key is not Encrypted");
 
  348            throw new Exception(
"Key is missing data to perform the decryption");
 
  359        if ($element instanceof DOMDocument) {
 
  362            $doc = $element->ownerDocument;
 
  365            $xpath = 
new DOMXPath($doc);
 
  366            $query = 
"//*[local-name()='EncryptedData' and namespace-uri()='".self::XMLENCNS.
"']";
 
  367            $nodeset = $xpath->query(
$query);
 
  368            return $nodeset->item(0);
 
  383        if (! $node instanceof DOMNode) {
 
  386        if ($doc = $node->ownerDocument) {
 
  387            $xpath = 
new DOMXPath($doc);
 
  388            $xpath->registerNamespace(
'xmlsecenc', self::XMLENCNS);
 
  389            $query = 
".//xmlsecenc:EncryptionMethod";
 
  390            $nodeset = $xpath->query(
$query, $node);
 
  391            if ($encmeth = $nodeset->item(0)) {
 
  392                   $attrAlgorithm = $encmeth->getAttribute(
"Algorithm");
 
  394                    $objKey = 
new XMLSecurityKey($attrAlgorithm, array(
'type' => 
'private'));
 
  395                } 
catch (Exception $e) {
 
  412        if (empty($node) || (! $node instanceof DOMNode)) {
 
  415        $doc = $node->ownerDocument;
 
  420        $xpath = 
new DOMXPath($doc);
 
  421        $xpath->registerNamespace(
'xmlsecenc', self::XMLENCNS);
 
  423        $query = 
"./xmlsecdsig:KeyInfo";
 
  424        $nodeset = $xpath->query(
$query, $node);
 
  425        $encmeth = $nodeset->item(0);
 
  431        foreach ($encmeth->childNodes AS $child) {
 
  432            switch ($child->localName) {
 
  434                    if (! empty($objBaseKey)) {
 
  435                        $objBaseKey->name = $child->nodeValue;
 
  439                    foreach ($child->childNodes AS $keyval) {
 
  440                        switch ($keyval->localName) {
 
  442                                throw new Exception(
"DSAKeyValue currently not supported");
 
  446                                if ($modulusNode = $keyval->getElementsByTagName(
'Modulus')->item(0)) {
 
  447                                    $modulus = base64_decode($modulusNode->nodeValue);
 
  449                                if ($exponentNode = $keyval->getElementsByTagName(
'Exponent')->item(0)) {
 
  450                                    $exponent = base64_decode($exponentNode->nodeValue);
 
  452                                if (empty($modulus) || empty($exponent)) {
 
  453                                    throw new Exception(
"Missing Modulus or Exponent");
 
  456                                $objBaseKey->loadKey($publicKey);
 
  461                case 'RetrievalMethod':
 
  462                    $type = $child->getAttribute(
'Type');
 
  463                    if (
$type !== 
'http://www.w3.org/2001/04/xmlenc#EncryptedKey') {
 
  467                    $uri = $child->getAttribute(
'URI');
 
  468                    if ($uri[0] !== 
'#') {
 
  472                    $id = substr($uri, 1);
 
  474                    $query = 
'//xmlsecenc:EncryptedKey[@Id="'.XPath::filterAttrValue(
$id, XPath::DOUBLE_QUOTE).
'"]';
 
  475                    $keyElement = $xpath->query(
$query)->item(0);
 
  477                        throw new Exception(
"Unable to locate EncryptedKey with @Id='$id'.");
 
  484                    if ($x509certNodes = $child->getElementsByTagName(
'X509Certificate')) {
 
  485                        if ($x509certNodes->length > 0) {
 
  486                            $x509cert = $x509certNodes->item(0)->textContent;
 
  487                            $x509cert = str_replace(array(
"\r", 
"\n", 
" "), 
"", $x509cert);
 
  488                            $x509cert = 
"-----BEGIN CERTIFICATE-----\n".chunk_split($x509cert, 64, 
"\n").
"-----END CERTIFICATE-----\n";
 
  489                            $objBaseKey->loadKey($x509cert, 
false, 
true);
 
An exception for terminatinating execution or to throw for unit testing.
addReference($name, $node, $type)
locateKey($node=null)
Returns the key from the DOM.
locateEncryptedData($element)
encryptKey($srcKey, $rawKey, $append=true)
Encrypt the XMLSecurityKey.
static staticLocateKeyInfo($objBaseKey=null, $node=null)
locateKeyInfo($objBaseKey=null, $node=null)
encryptReferences($objKey)
getCipherValue()
Retrieve the CipherValue text from this encrypted node.
decryptNode($objKey, $replace=true)
Decrypt this encrypted node.
encryptNode($objKey, $replace=true)
Encrypt the selected node with the given key.
static generateGUID($prefix='pfx')
Generate guid.
static convertRSA($modulus, $exponent)
Hint: Modulus and Exponent must already be base64 decoded.
static fromEncryptedKeyElement(DOMElement $element)
Create key from an EncryptedKey-element.
if(!array_key_exists('StateId', $_REQUEST)) $id