ILIAS  release_5-3 Revision v5.3.23-19-g915713cf615
Public Member Functions | Static Public Member Functions | Data Fields | Private Member Functions | Private Attributes
RobRichards\XMLSecLibs\XMLSecurityKey Class Reference

xmlseclibs.php More...

+ Collaboration diagram for RobRichards\XMLSecLibs\XMLSecurityKey:

Public Member Functions

 __construct ($type, $params=null)
 
 getSymmetricKeySize ()
 Retrieve the key size for the symmetric encryption algorithm. More...
 
 generateSessionKey ()
 Generates a session key using the openssl-extension. More...
 
 loadKey ($key, $isFile=false, $isCert=false)
 Loads the given key, or - with isFile set true - the key from the keyfile. More...
 
 encryptData ($data)
 Encrypts the given data (string) using the regarding php-extension, depending on the library assigned to algorithm in the contructor. More...
 
 decryptData ($data)
 Decrypts the given data (string) using the regarding php-extension, depending on the library assigned to algorithm in the contructor. More...
 
 signData ($data)
 Signs the data (string) using the extension assigned to the type in the constructor. More...
 
 verifySignature ($data, $signature)
 Verifies the data (string) against the given signature using the extension assigned to the type in the constructor. More...
 
 getAlgorith ()
 
 getAlgorithm ()
 
 serializeKey ($parent)
 
 getX509Certificate ()
 Retrieve the X509 certificate this key represents. More...
 
 getX509Thumbprint ()
 Get the thumbprint of this X509 certificate. More...
 

Static Public Member Functions

static getRawThumbprint ($cert)
 Get the raw thumbprint of a certificate. More...
 
static makeAsnSegment ($type, $string)
 
static convertRSA ($modulus, $exponent)
 Hint: Modulus and Exponent must already be base64 decoded. More...
 
static fromEncryptedKeyElement (DOMElement $element)
 Create key from an EncryptedKey-element. More...
 

Data Fields

const TRIPLEDES_CBC = 'http://www.w3.org/2001/04/xmlenc#tripledes-cbc'
 
const AES128_CBC = 'http://www.w3.org/2001/04/xmlenc#aes128-cbc'
 
const AES192_CBC = 'http://www.w3.org/2001/04/xmlenc#aes192-cbc'
 
const AES256_CBC = 'http://www.w3.org/2001/04/xmlenc#aes256-cbc'
 
const RSA_1_5 = 'http://www.w3.org/2001/04/xmlenc#rsa-1_5'
 
const RSA_OAEP_MGF1P = 'http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p'
 
const DSA_SHA1 = 'http://www.w3.org/2000/09/xmldsig#dsa-sha1'
 
const RSA_SHA1 = 'http://www.w3.org/2000/09/xmldsig#rsa-sha1'
 
const RSA_SHA256 = 'http://www.w3.org/2001/04/xmldsig-more#rsa-sha256'
 
const RSA_SHA384 = 'http://www.w3.org/2001/04/xmldsig-more#rsa-sha384'
 
const RSA_SHA512 = 'http://www.w3.org/2001/04/xmldsig-more#rsa-sha512'
 
const HMAC_SHA1 = 'http://www.w3.org/2000/09/xmldsig#hmac-sha1'
 
 $type = 0
 
 $key = null
 
 $passphrase = ""
 
 $iv = null
 
 $name = null
 
 $keyChain = null
 
 $isEncrypted = false
 
 $encryptedCtx = null
 
 $guid = null
 

Private Member Functions

 padISO10126 ($data, $blockSize)
 ISO 10126 Padding. More...
 
 unpadISO10126 ($data)
 Remove ISO 10126 Padding. More...
 
 encryptSymmetric ($data)
 Encrypts the given data (string) using the openssl-extension. More...
 
 decryptSymmetric ($data)
 Decrypts the given data (string) using the openssl-extension. More...
 
 encryptPublic ($data)
 Encrypts the given public data (string) using the openssl-extension. More...
 
 decryptPublic ($data)
 Decrypts the given public data (string) using the openssl-extension. More...
 
 encryptPrivate ($data)
 Encrypts the given private data (string) using the openssl-extension. More...
 
 decryptPrivate ($data)
 Decrypts the given private data (string) using the openssl-extension. More...
 
 signOpenSSL ($data)
 Signs the given data (string) using the openssl-extension. More...
 
 verifyOpenSSL ($data, $signature)
 Verifies the given data (string) belonging to the given signature using the openssl-extension. More...
 

Private Attributes

 $cryptParams = array()
 
 $x509Certificate = null
 
 $X509Thumbprint = null
 

Detailed Description

xmlseclibs.php

Copyright (c) 2007-2019, Robert Richards rrich.nosp@m.ards.nosp@m.@cdat.nosp@m.azon.nosp@m.e.org. All rights reserved.

Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met:

  • Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer.
  • Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution.
  • Neither the name of Robert Richards nor the names of his contributors may be used to endorse or promote products derived from this software without specific prior written permission.

THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.

Author
Robert Richards rrich.nosp@m.ards.nosp@m.@cdat.nosp@m.azon.nosp@m.e.org
Copyright
2007-2019 Robert Richards rrich.nosp@m.ards.nosp@m.@cdat.nosp@m.azon.nosp@m.e.org @license http://www.opensource.org/licenses/bsd-license.php BSD License

Definition at line 47 of file XMLSecurityKey.php.

Constructor & Destructor Documentation

◆ __construct()

RobRichards\XMLSecLibs\XMLSecurityKey::__construct (   $type,
  $params = null 
)
Parameters
string$type
null | array$params
Exceptions
Exception

Definition at line 110 of file XMLSecurityKey.php.

111 {
112 switch ($type) {
113 case (self::TRIPLEDES_CBC):
114 $this->cryptParams['library'] = 'openssl';
115 $this->cryptParams['cipher'] = 'des-ede3-cbc';
116 $this->cryptParams['type'] = 'symmetric';
117 $this->cryptParams['method'] = 'http://www.w3.org/2001/04/xmlenc#tripledes-cbc';
118 $this->cryptParams['keysize'] = 24;
119 $this->cryptParams['blocksize'] = 8;
120 break;
121 case (self::AES128_CBC):
122 $this->cryptParams['library'] = 'openssl';
123 $this->cryptParams['cipher'] = 'aes-128-cbc';
124 $this->cryptParams['type'] = 'symmetric';
125 $this->cryptParams['method'] = 'http://www.w3.org/2001/04/xmlenc#aes128-cbc';
126 $this->cryptParams['keysize'] = 16;
127 $this->cryptParams['blocksize'] = 16;
128 break;
129 case (self::AES192_CBC):
130 $this->cryptParams['library'] = 'openssl';
131 $this->cryptParams['cipher'] = 'aes-192-cbc';
132 $this->cryptParams['type'] = 'symmetric';
133 $this->cryptParams['method'] = 'http://www.w3.org/2001/04/xmlenc#aes192-cbc';
134 $this->cryptParams['keysize'] = 24;
135 $this->cryptParams['blocksize'] = 16;
136 break;
137 case (self::AES256_CBC):
138 $this->cryptParams['library'] = 'openssl';
139 $this->cryptParams['cipher'] = 'aes-256-cbc';
140 $this->cryptParams['type'] = 'symmetric';
141 $this->cryptParams['method'] = 'http://www.w3.org/2001/04/xmlenc#aes256-cbc';
142 $this->cryptParams['keysize'] = 32;
143 $this->cryptParams['blocksize'] = 16;
144 break;
145 case (self::RSA_1_5):
146 $this->cryptParams['library'] = 'openssl';
147 $this->cryptParams['padding'] = OPENSSL_PKCS1_PADDING;
148 $this->cryptParams['method'] = 'http://www.w3.org/2001/04/xmlenc#rsa-1_5';
149 if (is_array($params) && ! empty($params['type'])) {
150 if ($params['type'] == 'public' || $params['type'] == 'private') {
151 $this->cryptParams['type'] = $params['type'];
152 break;
153 }
154 }
155 throw new Exception('Certificate "type" (private/public) must be passed via parameters');
156 case (self::RSA_OAEP_MGF1P):
157 $this->cryptParams['library'] = 'openssl';
158 $this->cryptParams['padding'] = OPENSSL_PKCS1_OAEP_PADDING;
159 $this->cryptParams['method'] = 'http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p';
160 $this->cryptParams['hash'] = null;
161 if (is_array($params) && ! empty($params['type'])) {
162 if ($params['type'] == 'public' || $params['type'] == 'private') {
163 $this->cryptParams['type'] = $params['type'];
164 break;
165 }
166 }
167 throw new Exception('Certificate "type" (private/public) must be passed via parameters');
168 case (self::RSA_SHA1):
169 $this->cryptParams['library'] = 'openssl';
170 $this->cryptParams['method'] = 'http://www.w3.org/2000/09/xmldsig#rsa-sha1';
171 $this->cryptParams['padding'] = OPENSSL_PKCS1_PADDING;
172 if (is_array($params) && ! empty($params['type'])) {
173 if ($params['type'] == 'public' || $params['type'] == 'private') {
174 $this->cryptParams['type'] = $params['type'];
175 break;
176 }
177 }
178 throw new Exception('Certificate "type" (private/public) must be passed via parameters');
179 case (self::RSA_SHA256):
180 $this->cryptParams['library'] = 'openssl';
181 $this->cryptParams['method'] = 'http://www.w3.org/2001/04/xmldsig-more#rsa-sha256';
182 $this->cryptParams['padding'] = OPENSSL_PKCS1_PADDING;
183 $this->cryptParams['digest'] = 'SHA256';
184 if (is_array($params) && ! empty($params['type'])) {
185 if ($params['type'] == 'public' || $params['type'] == 'private') {
186 $this->cryptParams['type'] = $params['type'];
187 break;
188 }
189 }
190 throw new Exception('Certificate "type" (private/public) must be passed via parameters');
191 case (self::RSA_SHA384):
192 $this->cryptParams['library'] = 'openssl';
193 $this->cryptParams['method'] = 'http://www.w3.org/2001/04/xmldsig-more#rsa-sha384';
194 $this->cryptParams['padding'] = OPENSSL_PKCS1_PADDING;
195 $this->cryptParams['digest'] = 'SHA384';
196 if (is_array($params) && ! empty($params['type'])) {
197 if ($params['type'] == 'public' || $params['type'] == 'private') {
198 $this->cryptParams['type'] = $params['type'];
199 break;
200 }
201 }
202 throw new Exception('Certificate "type" (private/public) must be passed via parameters');
203 case (self::RSA_SHA512):
204 $this->cryptParams['library'] = 'openssl';
205 $this->cryptParams['method'] = 'http://www.w3.org/2001/04/xmldsig-more#rsa-sha512';
206 $this->cryptParams['padding'] = OPENSSL_PKCS1_PADDING;
207 $this->cryptParams['digest'] = 'SHA512';
208 if (is_array($params) && ! empty($params['type'])) {
209 if ($params['type'] == 'public' || $params['type'] == 'private') {
210 $this->cryptParams['type'] = $params['type'];
211 break;
212 }
213 }
214 throw new Exception('Certificate "type" (private/public) must be passed via parameters');
215 case (self::HMAC_SHA1):
216 $this->cryptParams['library'] = $type;
217 $this->cryptParams['method'] = 'http://www.w3.org/2000/09/xmldsig#hmac-sha1';
218 break;
219 default:
220 throw new Exception('Invalid Key Type');
221 }
222 $this->type = $type;
223 }
$params
$params
Definition: disable.php:11

References $params, and RobRichards\XMLSecLibs\XMLSecurityKey\$type.

Member Function Documentation

◆ convertRSA()

static RobRichards\XMLSecLibs\XMLSecurityKey::convertRSA (   $modulus,
  $exponent 
)
static

Hint: Modulus and Exponent must already be base64 decoded.

Parameters
string$modulus
string$exponent
Returns
string

Definition at line 670 of file XMLSecurityKey.php.

671 {
672 /* make an ASN publicKeyInfo */
673 $exponentEncoding = self::makeAsnSegment(0x02, $exponent);
674 $modulusEncoding = self::makeAsnSegment(0x02, $modulus);
675 $sequenceEncoding = self::makeAsnSegment(0x30, $modulusEncoding.$exponentEncoding);
676 $bitstringEncoding = self::makeAsnSegment(0x03, $sequenceEncoding);
677 $rsaAlgorithmIdentifier = pack("H*", "300D06092A864886F70D0101010500");
678 $publicKeyInfo = self::makeAsnSegment(0x30, $rsaAlgorithmIdentifier.$bitstringEncoding);
679
680 /* encode the publicKeyInfo in base64 and add PEM brackets */
681 $publicKeyInfoBase64 = base64_encode($publicKeyInfo);
682 $encoding = "-----BEGIN PUBLIC KEY-----\n";
683 $offset = 0;
684 while ($segment = substr($publicKeyInfoBase64, $offset, 64)) {
685 $encoding = $encoding.$segment."\n";
686 $offset += 64;
687 }
688 return $encoding."-----END PUBLIC KEY-----\n";
689 }

References RobRichards\XMLSecLibs\XMLSecurityKey\makeAsnSegment().

Referenced by RobRichards\XMLSecLibs\XMLSecEnc\staticLocateKeyInfo().

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ decryptData()

RobRichards\XMLSecLibs\XMLSecurityKey::decryptData (   $data)

Decrypts the given data (string) using the regarding php-extension, depending on the library assigned to algorithm in the contructor.

Parameters
string$data
Returns
mixed|string

Definition at line 556 of file XMLSecurityKey.php.

557 {
558 if ($this->cryptParams['library'] === 'openssl') {
559 switch ($this->cryptParams['type']) {
560 case 'symmetric':
561 return $this->decryptSymmetric($data);
562 case 'public':
563 return $this->decryptPublic($data);
564 case 'private':
565 return $this->decryptPrivate($data);
566 }
567 }
568 }
RobRichards\XMLSecLibs\XMLSecurityKey\decryptPrivate
decryptPrivate($data)
Decrypts the given private data (string) using the openssl-extension.
Definition: XMLSecurityKey.php:478
RobRichards\XMLSecLibs\XMLSecurityKey\decryptPublic
decryptPublic($data)
Decrypts the given public data (string) using the openssl-extension.
Definition: XMLSecurityKey.php:448
RobRichards\XMLSecLibs\XMLSecurityKey\decryptSymmetric
decryptSymmetric($data)
Decrypts the given data (string) using the openssl-extension.
Definition: XMLSecurityKey.php:414

References $data, RobRichards\XMLSecLibs\XMLSecurityKey\decryptPrivate(), RobRichards\XMLSecLibs\XMLSecurityKey\decryptPublic(), and RobRichards\XMLSecLibs\XMLSecurityKey\decryptSymmetric().

+ Here is the call graph for this function:

◆ decryptPrivate()

RobRichards\XMLSecLibs\XMLSecurityKey::decryptPrivate (   $data)
private

Decrypts the given private data (string) using the openssl-extension.

Parameters
string$data
Returns
string
Exceptions
Exception

Definition at line 478 of file XMLSecurityKey.php.

479 {
480 if (! openssl_private_decrypt($data, $decrypted, $this->key, $this->cryptParams['padding'])) {
481 throw new Exception('Failure decrypting Data (openssl private) - ' . openssl_error_string());
482 }
483 return $decrypted;
484 }

References $data.

Referenced by RobRichards\XMLSecLibs\XMLSecurityKey\decryptData().

+ Here is the caller graph for this function:

◆ decryptPublic()

RobRichards\XMLSecLibs\XMLSecurityKey::decryptPublic (   $data)
private

Decrypts the given public data (string) using the openssl-extension.

Parameters
string$data
Returns
string
Exceptions
Exception

Definition at line 448 of file XMLSecurityKey.php.

449 {
450 if (! openssl_public_decrypt($data, $decrypted, $this->key, $this->cryptParams['padding'])) {
451 throw new Exception('Failure decrypting Data (openssl public) - ' . openssl_error_string());
452 }
453 return $decrypted;
454 }

References $data.

Referenced by RobRichards\XMLSecLibs\XMLSecurityKey\decryptData().

+ Here is the caller graph for this function:

◆ decryptSymmetric()

RobRichards\XMLSecLibs\XMLSecurityKey::decryptSymmetric (   $data)
private

Decrypts the given data (string) using the openssl-extension.

Parameters
string$data
Returns
string

Definition at line 414 of file XMLSecurityKey.php.

415 {
416 $iv_length = openssl_cipher_iv_length($this->cryptParams['cipher']);
417 $this->iv = substr($data, 0, $iv_length);
418 $data = substr($data, $iv_length);
419 $decrypted = openssl_decrypt($data, $this->cryptParams['cipher'], $this->key, OPENSSL_RAW_DATA | OPENSSL_ZERO_PADDING, $this->iv);
420 if (false === $decrypted) {
421 throw new Exception('Failure decrypting Data (openssl symmetric) - ' . openssl_error_string());
422 }
423 return $this->unpadISO10126($decrypted);
424 }
RobRichards\XMLSecLibs\XMLSecurityKey\unpadISO10126
unpadISO10126($data)
Remove ISO 10126 Padding.
Definition: XMLSecurityKey.php:384

References $data, and RobRichards\XMLSecLibs\XMLSecurityKey\unpadISO10126().

Referenced by RobRichards\XMLSecLibs\XMLSecurityKey\decryptData().

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ encryptData()

RobRichards\XMLSecLibs\XMLSecurityKey::encryptData (   $data)

Encrypts the given data (string) using the regarding php-extension, depending on the library assigned to algorithm in the contructor.

Parameters
string$data
Returns
mixed|string

Definition at line 536 of file XMLSecurityKey.php.

537 {
538 if ($this->cryptParams['library'] === 'openssl') {
539 switch ($this->cryptParams['type']) {
540 case 'symmetric':
541 return $this->encryptSymmetric($data);
542 case 'public':
543 return $this->encryptPublic($data);
544 case 'private':
545 return $this->encryptPrivate($data);
546 }
547 }
548 }
RobRichards\XMLSecLibs\XMLSecurityKey\encryptSymmetric
encryptSymmetric($data)
Encrypts the given data (string) using the openssl-extension.
Definition: XMLSecurityKey.php:397
RobRichards\XMLSecLibs\XMLSecurityKey\encryptPublic
encryptPublic($data)
Encrypts the given public data (string) using the openssl-extension.
Definition: XMLSecurityKey.php:433
RobRichards\XMLSecLibs\XMLSecurityKey\encryptPrivate
encryptPrivate($data)
Encrypts the given private data (string) using the openssl-extension.
Definition: XMLSecurityKey.php:463

References $data, RobRichards\XMLSecLibs\XMLSecurityKey\encryptPrivate(), RobRichards\XMLSecLibs\XMLSecurityKey\encryptPublic(), and RobRichards\XMLSecLibs\XMLSecurityKey\encryptSymmetric().

+ Here is the call graph for this function:

◆ encryptPrivate()

RobRichards\XMLSecLibs\XMLSecurityKey::encryptPrivate (   $data)
private

Encrypts the given private data (string) using the openssl-extension.

Parameters
string$data
Returns
string
Exceptions
Exception

Definition at line 463 of file XMLSecurityKey.php.

464 {
465 if (! openssl_private_encrypt($data, $encrypted, $this->key, $this->cryptParams['padding'])) {
466 throw new Exception('Failure encrypting Data (openssl private) - ' . openssl_error_string());
467 }
468 return $encrypted;
469 }

References $data.

Referenced by RobRichards\XMLSecLibs\XMLSecurityKey\encryptData().

+ Here is the caller graph for this function:

◆ encryptPublic()

RobRichards\XMLSecLibs\XMLSecurityKey::encryptPublic (   $data)
private

Encrypts the given public data (string) using the openssl-extension.

Parameters
string$data
Returns
string
Exceptions
Exception

Definition at line 433 of file XMLSecurityKey.php.

434 {
435 if (! openssl_public_encrypt($data, $encrypted, $this->key, $this->cryptParams['padding'])) {
436 throw new Exception('Failure encrypting Data (openssl public) - ' . openssl_error_string());
437 }
438 return $encrypted;
439 }

References $data.

Referenced by RobRichards\XMLSecLibs\XMLSecurityKey\encryptData().

+ Here is the caller graph for this function:

◆ encryptSymmetric()

RobRichards\XMLSecLibs\XMLSecurityKey::encryptSymmetric (   $data)
private

Encrypts the given data (string) using the openssl-extension.

Parameters
string$data
Returns
string

Definition at line 397 of file XMLSecurityKey.php.

398 {
399 $this->iv = openssl_random_pseudo_bytes(openssl_cipher_iv_length($this->cryptParams['cipher']));
400 $data = $this->padISO10126($data, $this->cryptParams['blocksize']);
401 $encrypted = openssl_encrypt($data, $this->cryptParams['cipher'], $this->key, OPENSSL_RAW_DATA | OPENSSL_ZERO_PADDING, $this->iv);
402 if (false === $encrypted) {
403 throw new Exception('Failure encrypting Data (openssl symmetric) - ' . openssl_error_string());
404 }
405 return $this->iv . $encrypted;
406 }
RobRichards\XMLSecLibs\XMLSecurityKey\padISO10126
padISO10126($data, $blockSize)
ISO 10126 Padding.
Definition: XMLSecurityKey.php:368

References $data, and RobRichards\XMLSecLibs\XMLSecurityKey\padISO10126().

Referenced by RobRichards\XMLSecLibs\XMLSecurityKey\encryptData().

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ fromEncryptedKeyElement()

static RobRichards\XMLSecLibs\XMLSecurityKey::fromEncryptedKeyElement ( DOMElement  $element)
static

Create key from an EncryptedKey-element.

Parameters
DOMElement$elementThe EncryptedKey-element.
Exceptions
Exception
Returns
XMLSecurityKey The new key.

Definition at line 735 of file XMLSecurityKey.php.

736 {
737
738 $objenc = new XMLSecEnc();
739 $objenc->setNode($element);
740 if (! $objKey = $objenc->locateKey()) {
741 throw new Exception("Unable to locate algorithm for this Encrypted Key");
742 }
743 $objKey->isEncrypted = true;
744 $objKey->encryptedCtx = $objenc;
745 XMLSecEnc::staticLocateKeyInfo($objKey, $element);
746 return $objKey;
747 }
RobRichards\XMLSecLibs\XMLSecEnc\staticLocateKeyInfo
static staticLocateKeyInfo($objBaseKey=null, $node=null)
Definition: XMLSecEnc.php:410

References RobRichards\XMLSecLibs\XMLSecEnc\staticLocateKeyInfo().

Referenced by RobRichards\XMLSecLibs\XMLSecEnc\staticLocateKeyInfo().

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ generateSessionKey()

RobRichards\XMLSecLibs\XMLSecurityKey::generateSessionKey ( )

Generates a session key using the openssl-extension.

In case of using DES3-CBC the key is checked for a proper parity bits set.

Returns
string
Exceptions
Exception

Definition at line 247 of file XMLSecurityKey.php.

248 {
249 if (!isset($this->cryptParams['keysize'])) {
250 throw new Exception('Unknown key size for type "' . $this->type . '".');
251 }
252 $keysize = $this->cryptParams['keysize'];
253
254 $key = openssl_random_pseudo_bytes($keysize);
255
256 if ($this->type === self::TRIPLEDES_CBC) {
257 /* Make sure that the generated key has the proper parity bits set.
258 * Mcrypt doesn't care about the parity bits, but others may care.
259 */
260 for ($i = 0; $i < strlen($key); $i++) {
261 $byte = ord($key[$i]) & 0xfe;
262 $parity = 1;
263 for ($j = 1; $j < 8; $j++) {
264 $parity ^= ($byte >> $j) & 1;
265 }
266 $byte |= $parity;
267 $key[$i] = chr($byte);
268 }
269 }
270
271 $this->key = $key;
272 return $key;
273 }
$i
$i
Definition: disco.tpl.php:19

References $i, and RobRichards\XMLSecLibs\XMLSecurityKey\$key.

◆ getAlgorith()

RobRichards\XMLSecLibs\XMLSecurityKey::getAlgorith ( )
Deprecated:
See also
getAlgorithm()
Returns
mixed

Definition at line 618 of file XMLSecurityKey.php.

619 {
620 return $this->getAlgorithm();
621 }

References RobRichards\XMLSecLibs\XMLSecurityKey\getAlgorithm().

+ Here is the call graph for this function:

◆ getAlgorithm()

RobRichards\XMLSecLibs\XMLSecurityKey::getAlgorithm ( )
Returns
mixed

Definition at line 626 of file XMLSecurityKey.php.

627 {
628 return $this->cryptParams['method'];
629 }

Referenced by RobRichards\XMLSecLibs\XMLSecurityKey\getAlgorith().

+ Here is the caller graph for this function:

◆ getRawThumbprint()

static RobRichards\XMLSecLibs\XMLSecurityKey::getRawThumbprint (   $cert)
static

Get the raw thumbprint of a certificate.

Parameters
string$cert
Returns
null|string

Definition at line 281 of file XMLSecurityKey.php.

282 {
283
284 $arCert = explode("\n", $cert);
285 $data = '';
286 $inData = false;
287
288 foreach ($arCert AS $curData) {
289 if (! $inData) {
290 if (strncmp($curData, '-----BEGIN CERTIFICATE', 22) == 0) {
291 $inData = true;
292 }
293 } else {
294 if (strncmp($curData, '-----END CERTIFICATE', 20) == 0) {
295 break;
296 }
297 $data .= trim($curData);
298 }
299 }
300
301 if (! empty($data)) {
302 return strtolower(sha1(base64_decode($data)));
303 }
304
305 return null;
306 }

References $data.

Referenced by RobRichards\XMLSecLibs\XMLSecurityKey\loadKey().

+ Here is the caller graph for this function:

◆ getSymmetricKeySize()

RobRichards\XMLSecLibs\XMLSecurityKey::getSymmetricKeySize ( )

Retrieve the key size for the symmetric encryption algorithm.

If the key size is unknown, or this isn't a symmetric encryption algorithm, null is returned.

Returns
int|null The number of bytes in the key.

Definition at line 233 of file XMLSecurityKey.php.

234 {
235 if (! isset($this->cryptParams['keysize'])) {
236 return null;
237 }
238 return $this->cryptParams['keysize'];
239 }

◆ getX509Certificate()

RobRichards\XMLSecLibs\XMLSecurityKey::getX509Certificate ( )

Retrieve the X509 certificate this key represents.

Will return the X509 certificate in PEM-format if this key represents an X509 certificate.

Returns
string The X509 certificate or null if this key doesn't represent an X509-certificate.

Definition at line 707 of file XMLSecurityKey.php.

708 {
709 return $this->x509Certificate;
710 }

References RobRichards\XMLSecLibs\XMLSecurityKey\$x509Certificate.

◆ getX509Thumbprint()

RobRichards\XMLSecLibs\XMLSecurityKey::getX509Thumbprint ( )

Get the thumbprint of this X509 certificate.

Returns: The thumbprint as a lowercase 40-character hexadecimal number, or null if this isn't a X509 certificate.

Returns
string Lowercase 40-character hexadecimal number of thumbprint

Definition at line 721 of file XMLSecurityKey.php.

722 {
723 return $this->X509Thumbprint;
724 }

References RobRichards\XMLSecLibs\XMLSecurityKey\$X509Thumbprint.

◆ loadKey()

RobRichards\XMLSecLibs\XMLSecurityKey::loadKey (   $key,
  $isFile = false,
  $isCert = false 
)

Loads the given key, or - with isFile set true - the key from the keyfile.

Parameters
string$key
bool$isFile
bool$isCert
Exceptions
Exception

Definition at line 316 of file XMLSecurityKey.php.

317 {
318 if ($isFile) {
319 $this->key = file_get_contents($key);
320 } else {
321 $this->key = $key;
322 }
323 if ($isCert) {
324 $this->key = openssl_x509_read($this->key);
325 openssl_x509_export($this->key, $str_cert);
326 $this->x509Certificate = $str_cert;
327 $this->key = $str_cert;
328 } else {
329 $this->x509Certificate = null;
330 }
331 if ($this->cryptParams['library'] == 'openssl') {
332 switch ($this->cryptParams['type']) {
333 case 'public':
334 if ($isCert) {
335 /* Load the thumbprint if this is an X509 certificate. */
336 $this->X509Thumbprint = self::getRawThumbprint($this->key);
337 }
338 $this->key = openssl_get_publickey($this->key);
339 if (! $this->key) {
340 throw new Exception('Unable to extract public key');
341 }
342 break;
343
344 case 'private':
345 $this->key = openssl_get_privatekey($this->key, $this->passphrase);
346 break;
347
348 case'symmetric':
349 if (strlen($this->key) < $this->cryptParams['keysize']) {
350 throw new Exception('Key must contain at least 25 characters for this cipher');
351 }
352 break;
353
354 default:
355 throw new Exception('Unknown type');
356 }
357 }
358 }
RobRichards\XMLSecLibs\XMLSecurityKey\getRawThumbprint
static getRawThumbprint($cert)
Get the raw thumbprint of a certificate.
Definition: XMLSecurityKey.php:281

References RobRichards\XMLSecLibs\XMLSecurityKey\$key, and RobRichards\XMLSecLibs\XMLSecurityKey\getRawThumbprint().

+ Here is the call graph for this function:

◆ makeAsnSegment()

static RobRichards\XMLSecLibs\XMLSecurityKey::makeAsnSegment (   $type,
  $string 
)
static
Parameters
int$type
string$string
Returns
null|string

Definition at line 637 of file XMLSecurityKey.php.

638 {
639 switch ($type) {
640 case 0x02:
641 if (ord($string) > 0x7f)
642 $string = chr(0).$string;
643 break;
644 case 0x03:
645 $string = chr(0).$string;
646 break;
647 }
648
649 $length = strlen($string);
650
651 if ($length < 128) {
652 $output = sprintf("%c%c%s", $type, $length, $string);
653 } else if ($length < 0x0100) {
654 $output = sprintf("%c%c%c%s", $type, 0x81, $length, $string);
655 } else if ($length < 0x010000) {
656 $output = sprintf("%c%c%c%c%s", $type, 0x82, $length / 0x0100, $length % 0x0100, $string);
657 } else {
658 $output = null;
659 }
660 return $output;
661 }
sprintf
sprintf('%.4f', $callTime)
Definition: 01pharSimple.php:87
$output
if(!is_dir( $entity_dir)) exit("Fatal Error ([A-Za-z0-9]+)\s+" &#(? foreach( $entity_files as $file) $output
Definition: generate-entity-file.php:67

References $output, RobRichards\XMLSecLibs\XMLSecurityKey\$type, and sprintf.

Referenced by RobRichards\XMLSecLibs\XMLSecurityKey\convertRSA().

+ Here is the caller graph for this function:

◆ padISO10126()

RobRichards\XMLSecLibs\XMLSecurityKey::padISO10126 (   $data,
  $blockSize 
)
private

ISO 10126 Padding.

Parameters
string$data
integer$blockSize
Exceptions
Exception
Returns
string

Definition at line 368 of file XMLSecurityKey.php.

369 {
370 if ($blockSize > 256) {
371 throw new Exception('Block size higher than 256 not allowed');
372 }
373 $padChr = $blockSize - (strlen($data) % $blockSize);
374 $pattern = chr($padChr);
375 return $data . str_repeat($pattern, $padChr);
376 }

References $data.

Referenced by RobRichards\XMLSecLibs\XMLSecurityKey\encryptSymmetric().

+ Here is the caller graph for this function:

◆ serializeKey()

RobRichards\XMLSecLibs\XMLSecurityKey::serializeKey (   $parent)
Parameters
mixed$parent

Definition at line 694 of file XMLSecurityKey.php.

695 {
696
697 }

◆ signData()

RobRichards\XMLSecLibs\XMLSecurityKey::signData (   $data)

Signs the data (string) using the extension assigned to the type in the constructor.

Parameters
string$data
Returns
mixed|string

Definition at line 576 of file XMLSecurityKey.php.

577 {
578 switch ($this->cryptParams['library']) {
579 case 'openssl':
580 return $this->signOpenSSL($data);
581 case (self::HMAC_SHA1):
582 return hash_hmac("sha1", $data, $this->key, true);
583 }
584 }
RobRichards\XMLSecLibs\XMLSecurityKey\signOpenSSL
signOpenSSL($data)
Signs the given data (string) using the openssl-extension.
Definition: XMLSecurityKey.php:493

References $data, and RobRichards\XMLSecLibs\XMLSecurityKey\signOpenSSL().

+ Here is the call graph for this function:

◆ signOpenSSL()

RobRichards\XMLSecLibs\XMLSecurityKey::signOpenSSL (   $data)
private

Signs the given data (string) using the openssl-extension.

Parameters
string$data
Returns
string
Exceptions
Exception

Definition at line 493 of file XMLSecurityKey.php.

494 {
495 $algo = OPENSSL_ALGO_SHA1;
496 if (! empty($this->cryptParams['digest'])) {
497 $algo = $this->cryptParams['digest'];
498 }
499 if (! openssl_sign($data, $signature, $this->key, $algo)) {
500 throw new Exception('Failure Signing Data: ' . openssl_error_string() . ' - ' . $algo);
501 }
502 return $signature;
503 }
$algo
$algo
Definition: pwgen.php:34

References $algo, and $data.

Referenced by RobRichards\XMLSecLibs\XMLSecurityKey\signData().

+ Here is the caller graph for this function:

◆ unpadISO10126()

RobRichards\XMLSecLibs\XMLSecurityKey::unpadISO10126 (   $data)
private

Remove ISO 10126 Padding.

Parameters
string$data
Returns
string

Definition at line 384 of file XMLSecurityKey.php.

385 {
386 $padChr = substr($data, -1);
387 $padLen = ord($padChr);
388 return substr($data, 0, -$padLen);
389 }

References $data.

Referenced by RobRichards\XMLSecLibs\XMLSecurityKey\decryptSymmetric().

+ Here is the caller graph for this function:

◆ verifyOpenSSL()

RobRichards\XMLSecLibs\XMLSecurityKey::verifyOpenSSL (   $data,
  $signature 
)
private

Verifies the given data (string) belonging to the given signature using the openssl-extension.

Returns: 1 on succesful signature verification, 0 when signature verification failed, -1 if an error occurred during processing.

NOTE: be very careful when checking the return value, because in PHP, -1 will be cast to True when in boolean context. So always check the return value in a strictly typed way, e.g. "$obj->verify(...) === 1".

Parameters
string$data
string$signature
Returns
int

Definition at line 521 of file XMLSecurityKey.php.

522 {
523 $algo = OPENSSL_ALGO_SHA1;
524 if (! empty($this->cryptParams['digest'])) {
525 $algo = $this->cryptParams['digest'];
526 }
527 return openssl_verify($data, $signature, $this->key, $algo);
528 }

References $algo, and $data.

Referenced by RobRichards\XMLSecLibs\XMLSecurityKey\verifySignature().

+ Here is the caller graph for this function:

◆ verifySignature()

RobRichards\XMLSecLibs\XMLSecurityKey::verifySignature (   $data,
  $signature 
)

Verifies the data (string) against the given signature using the extension assigned to the type in the constructor.

Returns in case of openSSL: 1 on succesful signature verification, 0 when signature verification failed, -1 if an error occurred during processing.

NOTE: be very careful when checking the return value, because in PHP, -1 will be cast to True when in boolean context. So always check the return value in a strictly typed way, e.g. "$obj->verify(...) === 1".

Parameters
string$data
string$signature
Returns
bool|int

Definition at line 602 of file XMLSecurityKey.php.

603 {
604 switch ($this->cryptParams['library']) {
605 case 'openssl':
606 return $this->verifyOpenSSL($data, $signature);
607 case (self::HMAC_SHA1):
608 $expectedSignature = hash_hmac("sha1", $data, $this->key, true);
609 return strcmp($signature, $expectedSignature) == 0;
610 }
611 }
RobRichards\XMLSecLibs\XMLSecurityKey\verifyOpenSSL
verifyOpenSSL($data, $signature)
Verifies the given data (string) belonging to the given signature using the openssl-extension.
Definition: XMLSecurityKey.php:521

References $data, and RobRichards\XMLSecLibs\XMLSecurityKey\verifyOpenSSL().

+ Here is the call graph for this function:

Field Documentation

◆ $cryptParams

RobRichards\XMLSecLibs\XMLSecurityKey::$cryptParams = array()
private

Definition at line 63 of file XMLSecurityKey.php.

◆ $encryptedCtx

RobRichards\XMLSecLibs\XMLSecurityKey::$encryptedCtx = null

Definition at line 87 of file XMLSecurityKey.php.

◆ $guid

RobRichards\XMLSecLibs\XMLSecurityKey::$guid = null

Definition at line 90 of file XMLSecurityKey.php.

◆ $isEncrypted

RobRichards\XMLSecLibs\XMLSecurityKey::$isEncrypted = false

Definition at line 84 of file XMLSecurityKey.php.

◆ $iv

RobRichards\XMLSecLibs\XMLSecurityKey::$iv = null

Definition at line 75 of file XMLSecurityKey.php.

◆ $key

RobRichards\XMLSecLibs\XMLSecurityKey::$key = null

Definition at line 69 of file XMLSecurityKey.php.

Referenced by RobRichards\XMLSecLibs\XMLSecurityKey\generateSessionKey(), and RobRichards\XMLSecLibs\XMLSecurityKey\loadKey().

◆ $keyChain

RobRichards\XMLSecLibs\XMLSecurityKey::$keyChain = null

Definition at line 81 of file XMLSecurityKey.php.

◆ $name

RobRichards\XMLSecLibs\XMLSecurityKey::$name = null

Definition at line 78 of file XMLSecurityKey.php.

◆ $passphrase

RobRichards\XMLSecLibs\XMLSecurityKey::$passphrase = ""

Definition at line 72 of file XMLSecurityKey.php.

◆ $type

RobRichards\XMLSecLibs\XMLSecurityKey::$type = 0

Definition at line 66 of file XMLSecurityKey.php.

Referenced by RobRichards\XMLSecLibs\XMLSecurityKey\__construct(), and RobRichards\XMLSecLibs\XMLSecurityKey\makeAsnSegment().

◆ $x509Certificate

RobRichards\XMLSecLibs\XMLSecurityKey::$x509Certificate = null
private

Definition at line 97 of file XMLSecurityKey.php.

Referenced by RobRichards\XMLSecLibs\XMLSecurityKey\getX509Certificate().

◆ $X509Thumbprint

RobRichards\XMLSecLibs\XMLSecurityKey::$X509Thumbprint = null
private

Definition at line 103 of file XMLSecurityKey.php.

Referenced by RobRichards\XMLSecLibs\XMLSecurityKey\getX509Thumbprint().

◆ AES128_CBC

const RobRichards\XMLSecLibs\XMLSecurityKey::AES128_CBC = 'http://www.w3.org/2001/04/xmlenc#aes128-cbc'

Definition at line 50 of file XMLSecurityKey.php.

Referenced by SAML2\Certificate\PrivateKeyLoader\loadDecryptionKeys().

◆ AES192_CBC

const RobRichards\XMLSecLibs\XMLSecurityKey::AES192_CBC = 'http://www.w3.org/2001/04/xmlenc#aes192-cbc'

Definition at line 51 of file XMLSecurityKey.php.

◆ AES256_CBC

const RobRichards\XMLSecLibs\XMLSecurityKey::AES256_CBC = 'http://www.w3.org/2001/04/xmlenc#aes256-cbc'

Definition at line 52 of file XMLSecurityKey.php.

◆ DSA_SHA1

const RobRichards\XMLSecLibs\XMLSecurityKey::DSA_SHA1 = 'http://www.w3.org/2000/09/xmldsig#dsa-sha1'

Definition at line 55 of file XMLSecurityKey.php.

◆ HMAC_SHA1

const RobRichards\XMLSecLibs\XMLSecurityKey::HMAC_SHA1 = 'http://www.w3.org/2000/09/xmldsig#hmac-sha1'

Definition at line 60 of file XMLSecurityKey.php.

◆ RSA_1_5

const RobRichards\XMLSecLibs\XMLSecurityKey::RSA_1_5 = 'http://www.w3.org/2001/04/xmlenc#rsa-1_5'

Definition at line 53 of file XMLSecurityKey.php.

Referenced by SAML2\Certificate\PrivateKeyLoader\convertPrivateKeyToRsaKey(), and SAML2\Configuration\ServiceProvider\getBlacklistedAlgorithms().

◆ RSA_OAEP_MGF1P

const RobRichards\XMLSecLibs\XMLSecurityKey::RSA_OAEP_MGF1P = 'http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p'

Definition at line 54 of file XMLSecurityKey.php.

◆ RSA_SHA1

const RobRichards\XMLSecLibs\XMLSecurityKey::RSA_SHA1 = 'http://www.w3.org/2000/09/xmldsig#rsa-sha1'

Definition at line 56 of file XMLSecurityKey.php.

Referenced by SimpleSAML\XML\Signer\loadPrivateKeyArray(), and SAML2\Signature\AbstractChainedValidator\validateElementWithKeys().

◆ RSA_SHA256

const RobRichards\XMLSecLibs\XMLSecurityKey::RSA_SHA256 = 'http://www.w3.org/2001/04/xmldsig-more#rsa-sha256'

Definition at line 57 of file XMLSecurityKey.php.

◆ RSA_SHA384

const RobRichards\XMLSecLibs\XMLSecurityKey::RSA_SHA384 = 'http://www.w3.org/2001/04/xmldsig-more#rsa-sha384'

Definition at line 58 of file XMLSecurityKey.php.

◆ RSA_SHA512

const RobRichards\XMLSecLibs\XMLSecurityKey::RSA_SHA512 = 'http://www.w3.org/2001/04/xmldsig-more#rsa-sha512'

Definition at line 59 of file XMLSecurityKey.php.

◆ TRIPLEDES_CBC

const RobRichards\XMLSecLibs\XMLSecurityKey::TRIPLEDES_CBC = 'http://www.w3.org/2001/04/xmlenc#tripledes-cbc'

Definition at line 49 of file XMLSecurityKey.php.

The documentation for this class was generated from the following file: