52 const template =
"<xenc:EncryptedData xmlns:xenc='http://www.w3.org/2001/04/xmlenc#'> 54 <xenc:CipherValue></xenc:CipherValue> 56 </xenc:EncryptedData>";
58 const Element =
'http://www.w3.org/2001/04/xmlenc#Element';
59 const Content =
'http://www.w3.org/2001/04/xmlenc#Content';
61 const XMLENCNS =
'http://www.w3.org/2001/04/xmlenc#';
86 $this->encdoc->loadXML(self::template);
97 if (! $node instanceOf
DOMNode) {
98 throw new Exception(
'$node is not of type DOMNode');
103 $this->encdoc = $curencdoc;
105 $element =
$encdoc->documentElement;
106 $element->setAttribute(
"Id", $refuri);
107 $this->references[
$name] = array(
"node" => $node,
"type" =>
$type,
"encnode" =>
$encdoc,
"refuri" => $refuri);
115 $this->rawNode = $node;
130 if (empty($this->rawNode)) {
131 throw new Exception(
'Node to encrypt has not been set');
136 $doc = $this->rawNode->ownerDocument;
137 $xPath =
new DOMXPath($this->encdoc);
138 $objList = $xPath->query(
'/xenc:EncryptedData/xenc:CipherData/xenc:CipherValue');
139 $cipherValue = $objList->item(0);
140 if ($cipherValue == null) {
141 throw new Exception(
'Error locating CipherValue element within template');
143 switch ($this->type) {
144 case (self::Element):
145 $data = $doc->saveXML($this->rawNode);
146 $this->encdoc->documentElement->setAttribute(
'Type', self::Element);
148 case (self::Content):
149 $children = $this->rawNode->childNodes;
150 foreach ($children AS $child) {
151 $data .= $doc->saveXML($child);
153 $this->encdoc->documentElement->setAttribute(
'Type', self::Content);
156 throw new Exception(
'Type is currently not supported');
159 $encMethod = $this->encdoc->documentElement->appendChild($this->encdoc->createElementNS(self::XMLENCNS,
'xenc:EncryptionMethod'));
160 $encMethod->setAttribute(
'Algorithm', $objKey->getAlgorithm());
161 $cipherValue->parentNode->parentNode->insertBefore($encMethod, $cipherValue->parentNode->parentNode->firstChild);
163 $strEncrypt = base64_encode($objKey->encryptData(
$data));
164 $value = $this->encdoc->createTextNode($strEncrypt);
165 $cipherValue->appendChild($value);
168 switch ($this->type) {
169 case (self::Element):
170 if ($this->rawNode->nodeType == XML_DOCUMENT_NODE) {
173 $importEnc = $this->rawNode->ownerDocument->importNode($this->encdoc->documentElement,
true);
174 $this->rawNode->parentNode->replaceChild($importEnc, $this->rawNode);
176 case (self::Content):
177 $importEnc = $this->rawNode->ownerDocument->importNode($this->encdoc->documentElement,
true);
178 while ($this->rawNode->firstChild) {
179 $this->rawNode->removeChild($this->rawNode->firstChild);
181 $this->rawNode->appendChild($importEnc);
185 return $this->encdoc->documentElement;
197 foreach ($this->references AS
$name => $reference) {
198 $this->encdoc = $reference[
"encnode"];
199 $this->rawNode = $reference[
"node"];
200 $this->type = $reference[
"type"];
203 $this->references[
$name][
"encnode"] = $encNode;
205 $this->rawNode = $curRawNode;
206 $this->type = $curType;
210 $this->rawNode = $curRawNode;
211 $this->type = $curType;
222 if (empty($this->rawNode)) {
223 throw new Exception(
'Node to decrypt has not been set');
226 $doc = $this->rawNode->ownerDocument;
228 $xPath->registerNamespace(
'xmlencr', self::XMLENCNS);
230 $query =
"./xmlencr:CipherData/xmlencr:CipherValue";
231 $nodeset = $xPath->query(
$query, $this->rawNode);
232 $node = $nodeset->item(0);
238 return base64_decode($node->nodeValue);
261 if ($encryptedData) {
262 $decrypted = $objKey->decryptData($encryptedData);
264 switch ($this->type) {
265 case (self::Element):
267 $newdoc->loadXML($decrypted);
268 if ($this->rawNode->nodeType == XML_DOCUMENT_NODE) {
271 $importEnc = $this->rawNode->ownerDocument->importNode($newdoc->documentElement,
true);
272 $this->rawNode->parentNode->replaceChild($importEnc, $this->rawNode);
274 case (self::Content):
275 if ($this->rawNode->nodeType == XML_DOCUMENT_NODE) {
278 $doc = $this->rawNode->ownerDocument;
280 $newFrag = $doc->createDocumentFragment();
281 $newFrag->appendXML($decrypted);
282 $parent = $this->rawNode->parentNode;
283 $parent->replaceChild($newFrag, $this->rawNode);
292 throw new Exception(
"Cannot locate encrypted data");
306 if ((! $srcKey instanceof
XMLSecurityKey) || (! $rawKey instanceof XMLSecurityKey)) {
309 $strEncKey = base64_encode($srcKey->encryptData($rawKey->key));
310 $root = $this->encdoc->documentElement;
311 $encKey = $this->encdoc->createElementNS(self::XMLENCNS,
'xenc:EncryptedKey');
313 $keyInfo = $root->insertBefore($this->encdoc->createElementNS(
'http://www.w3.org/2000/09/xmldsig#',
'dsig:KeyInfo'), $root->firstChild);
314 $keyInfo->appendChild(
$encKey);
318 $encMethod =
$encKey->appendChild($this->encdoc->createElementNS(self::XMLENCNS,
'xenc:EncryptionMethod'));
319 $encMethod->setAttribute(
'Algorithm', $srcKey->getAlgorith());
320 if (! empty($srcKey->name)) {
321 $keyInfo =
$encKey->appendChild($this->encdoc->createElementNS(
'http://www.w3.org/2000/09/xmldsig#',
'dsig:KeyInfo'));
322 $keyInfo->appendChild($this->encdoc->createElementNS(
'http://www.w3.org/2000/09/xmldsig#',
'dsig:KeyName', $srcKey->name));
324 $cipherData =
$encKey->appendChild($this->encdoc->createElementNS(self::XMLENCNS,
'xenc:CipherData'));
325 $cipherData->appendChild($this->encdoc->createElementNS(self::XMLENCNS,
'xenc:CipherValue', $strEncKey));
326 if (is_array($this->references) && count($this->references) > 0) {
327 $refList =
$encKey->appendChild($this->encdoc->createElementNS(self::XMLENCNS,
'xenc:ReferenceList'));
328 foreach ($this->references AS
$name => $reference) {
329 $refuri = $reference[
"refuri"];
330 $dataRef = $refList->appendChild($this->encdoc->createElementNS(self::XMLENCNS,
'xenc:DataReference'));
331 $dataRef->setAttribute(
"URI",
'#' . $refuri);
345 throw new Exception(
"Key is not Encrypted");
348 throw new Exception(
"Key is missing data to perform the decryption");
362 $doc = $element->ownerDocument;
366 $query =
"//*[local-name()='EncryptedData' and namespace-uri()='".self::XMLENCNS.
"']";
367 $nodeset = $xpath->query(
$query);
368 return $nodeset->item(0);
383 if (! $node instanceof
DOMNode) {
386 if ($doc = $node->ownerDocument) {
388 $xpath->registerNamespace(
'xmlsecenc', self::XMLENCNS);
389 $query =
".//xmlsecenc:EncryptionMethod";
390 $nodeset = $xpath->query(
$query, $node);
391 if ($encmeth = $nodeset->item(0)) {
392 $attrAlgorithm = $encmeth->getAttribute(
"Algorithm");
394 $objKey =
new XMLSecurityKey($attrAlgorithm, array(
'type' =>
'private'));
412 if (empty($node) || (! $node instanceof
DOMNode)) {
415 $doc = $node->ownerDocument;
421 $xpath->registerNamespace(
'xmlsecenc', self::XMLENCNS);
423 $query =
"./xmlsecdsig:KeyInfo";
424 $nodeset = $xpath->query(
$query, $node);
425 $encmeth = $nodeset->item(0);
431 foreach ($encmeth->childNodes AS $child) {
432 switch ($child->localName) {
434 if (! empty($objBaseKey)) {
435 $objBaseKey->name = $child->nodeValue;
439 foreach ($child->childNodes AS $keyval) {
440 switch ($keyval->localName) {
442 throw new Exception(
"DSAKeyValue currently not supported");
446 if ($modulusNode = $keyval->getElementsByTagName(
'Modulus')->item(0)) {
447 $modulus = base64_decode($modulusNode->nodeValue);
449 if ($exponentNode = $keyval->getElementsByTagName(
'Exponent')->item(0)) {
450 $exponent = base64_decode($exponentNode->nodeValue);
452 if (empty($modulus) || empty($exponent)) {
453 throw new Exception(
"Missing Modulus or Exponent");
456 $objBaseKey->loadKey($publicKey);
461 case 'RetrievalMethod':
462 $type = $child->getAttribute(
'Type');
463 if (
$type !==
'http://www.w3.org/2001/04/xmlenc#EncryptedKey') {
467 $uri = $child->getAttribute(
'URI');
468 if ($uri[0] !==
'#') {
472 $id = substr($uri, 1);
474 $query =
'//xmlsecenc:EncryptedKey[@Id="'.XPath::filterAttrValue(
$id, XPath::DOUBLE_QUOTE).
'"]';
475 $keyElement = $xpath->query(
$query)->item(0);
477 throw new Exception(
"Unable to locate EncryptedKey with @Id='$id'.");
484 if ($x509certNodes = $child->getElementsByTagName(
'X509Certificate')) {
485 if ($x509certNodes->length > 0) {
486 $x509cert = $x509certNodes->item(0)->textContent;
487 $x509cert = str_replace(array(
"\r",
"\n",
" "),
"", $x509cert);
488 $x509cert =
"-----BEGIN CERTIFICATE-----\n".chunk_split($x509cert, 64,
"\n").
"-----END CERTIFICATE-----\n";
489 $objBaseKey->loadKey($x509cert,
false,
true);
508 return self::staticLocateKeyInfo($objBaseKey, $node);
encryptNode($objKey, $replace=true)
Encrypt the selected node with the given key.
static fromEncryptedKeyElement(DOMElement $element)
Create key from an EncryptedKey-element.
if(!array_key_exists('StateId', $_REQUEST)) $id
encryptKey($srcKey, $rawKey, $append=true)
Encrypt the XMLSecurityKey.
static convertRSA($modulus, $exponent)
Hint: Modulus and Exponent must already be base64 decoded.
addReference($name, $node, $type)
encryptReferences($objKey)
static staticLocateKeyInfo($objBaseKey=null, $node=null)
getCipherValue()
Retrieve the CipherValue text from this encrypted node.
locateKeyInfo($objBaseKey=null, $node=null)
locateEncryptedData($element)
locateKey($node=null)
Returns the key from the DOM.
static generateGUID($prefix='pfx')
Generate guid.
decryptNode($objKey, $replace=true)
Decrypt this encrypted node.