ILIAS  release_5-4 Revision v5.4.26-12-gabc799a52e6
Public Member Functions | Static Public Member Functions | Data Fields | Private Member Functions | Private Attributes
RobRichards\XMLSecLibs\XMLSecurityKey Class Reference

xmlseclibs.php More...

+ Collaboration diagram for RobRichards\XMLSecLibs\XMLSecurityKey:

Public Member Functions

 __construct ($type, $params=null)
 
 getSymmetricKeySize ()
 Retrieve the key size for the symmetric encryption algorithm. More...
 
 generateSessionKey ()
 Generates a session key using the openssl-extension. More...
 
 loadKey ($key, $isFile=false, $isCert=false)
 Loads the given key, or - with isFile set true - the key from the keyfile. More...
 
 encryptData ($data)
 Encrypts the given data (string) using the regarding php-extension, depending on the library assigned to algorithm in the contructor. More...
 
 decryptData ($data)
 Decrypts the given data (string) using the regarding php-extension, depending on the library assigned to algorithm in the contructor. More...
 
 signData ($data)
 Signs the data (string) using the extension assigned to the type in the constructor. More...
 
 verifySignature ($data, $signature)
 Verifies the data (string) against the given signature using the extension assigned to the type in the constructor. More...
 
 getAlgorith ()
 
 getAlgorithm ()
 
 serializeKey ($parent)
 
 getX509Certificate ()
 Retrieve the X509 certificate this key represents. More...
 
 getX509Thumbprint ()
 Get the thumbprint of this X509 certificate. More...
 

Static Public Member Functions

static getRawThumbprint ($cert)
 Get the raw thumbprint of a certificate. More...
 
static makeAsnSegment ($type, $string)
 
static convertRSA ($modulus, $exponent)
 Hint: Modulus and Exponent must already be base64 decoded. More...
 
static fromEncryptedKeyElement (DOMElement $element)
 Create key from an EncryptedKey-element. More...
 

Data Fields

const TRIPLEDES_CBC = 'http://www.w3.org/2001/04/xmlenc#tripledes-cbc'
 
const AES128_CBC = 'http://www.w3.org/2001/04/xmlenc#aes128-cbc'
 
const AES192_CBC = 'http://www.w3.org/2001/04/xmlenc#aes192-cbc'
 
const AES256_CBC = 'http://www.w3.org/2001/04/xmlenc#aes256-cbc'
 
const RSA_1_5 = 'http://www.w3.org/2001/04/xmlenc#rsa-1_5'
 
const RSA_OAEP_MGF1P = 'http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p'
 
const DSA_SHA1 = 'http://www.w3.org/2000/09/xmldsig#dsa-sha1'
 
const RSA_SHA1 = 'http://www.w3.org/2000/09/xmldsig#rsa-sha1'
 
const RSA_SHA256 = 'http://www.w3.org/2001/04/xmldsig-more#rsa-sha256'
 
const RSA_SHA384 = 'http://www.w3.org/2001/04/xmldsig-more#rsa-sha384'
 
const RSA_SHA512 = 'http://www.w3.org/2001/04/xmldsig-more#rsa-sha512'
 
const HMAC_SHA1 = 'http://www.w3.org/2000/09/xmldsig#hmac-sha1'
 
 $type = 0
 
 $key = null
 
 $passphrase = ""
 
 $iv = null
 
 $name = null
 
 $keyChain = null
 
 $isEncrypted = false
 
 $encryptedCtx = null
 
 $guid = null
 

Private Member Functions

 padISO10126 ($data, $blockSize)
 ISO 10126 Padding. More...
 
 unpadISO10126 ($data)
 Remove ISO 10126 Padding. More...
 
 encryptSymmetric ($data)
 Encrypts the given data (string) using the openssl-extension. More...
 
 decryptSymmetric ($data)
 Decrypts the given data (string) using the openssl-extension. More...
 
 encryptPublic ($data)
 Encrypts the given public data (string) using the openssl-extension. More...
 
 decryptPublic ($data)
 Decrypts the given public data (string) using the openssl-extension. More...
 
 encryptPrivate ($data)
 Encrypts the given private data (string) using the openssl-extension. More...
 
 decryptPrivate ($data)
 Decrypts the given private data (string) using the openssl-extension. More...
 
 signOpenSSL ($data)
 Signs the given data (string) using the openssl-extension. More...
 
 verifyOpenSSL ($data, $signature)
 Verifies the given data (string) belonging to the given signature using the openssl-extension. More...
 

Private Attributes

 $cryptParams = array()
 
 $x509Certificate = null
 
 $X509Thumbprint = null
 

Detailed Description

xmlseclibs.php

Copyright (c) 2007-2019, Robert Richards rrich.nosp@m.ards.nosp@m.@cdat.nosp@m.azon.nosp@m.e.org. All rights reserved.

Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met:

  • Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer.
  • Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution.
  • Neither the name of Robert Richards nor the names of his contributors may be used to endorse or promote products derived from this software without specific prior written permission.

THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.

Author
Robert Richards rrich.nosp@m.ards.nosp@m.@cdat.nosp@m.azon.nosp@m.e.org
Copyright
2007-2019 Robert Richards rrich.nosp@m.ards.nosp@m.@cdat.nosp@m.azon.nosp@m.e.org http://www.opensource.org/licenses/bsd-license.php BSD License

Definition at line 47 of file XMLSecurityKey.php.

Constructor & Destructor Documentation

◆ __construct()

RobRichards\XMLSecLibs\XMLSecurityKey::__construct (   $type,
  $params = null 
)
Parameters
string$type
null | array$params
Exceptions
Exception

Definition at line 110 of file XMLSecurityKey.php.

References PHPMailer\PHPMailer\$params, and RobRichards\XMLSecLibs\XMLSecurityKey\$type.

111  {
112  switch ($type) {
113  case (self::TRIPLEDES_CBC):
114  $this->cryptParams['library'] = 'openssl';
115  $this->cryptParams['cipher'] = 'des-ede3-cbc';
116  $this->cryptParams['type'] = 'symmetric';
117  $this->cryptParams['method'] = 'http://www.w3.org/2001/04/xmlenc#tripledes-cbc';
118  $this->cryptParams['keysize'] = 24;
119  $this->cryptParams['blocksize'] = 8;
120  break;
121  case (self::AES128_CBC):
122  $this->cryptParams['library'] = 'openssl';
123  $this->cryptParams['cipher'] = 'aes-128-cbc';
124  $this->cryptParams['type'] = 'symmetric';
125  $this->cryptParams['method'] = 'http://www.w3.org/2001/04/xmlenc#aes128-cbc';
126  $this->cryptParams['keysize'] = 16;
127  $this->cryptParams['blocksize'] = 16;
128  break;
129  case (self::AES192_CBC):
130  $this->cryptParams['library'] = 'openssl';
131  $this->cryptParams['cipher'] = 'aes-192-cbc';
132  $this->cryptParams['type'] = 'symmetric';
133  $this->cryptParams['method'] = 'http://www.w3.org/2001/04/xmlenc#aes192-cbc';
134  $this->cryptParams['keysize'] = 24;
135  $this->cryptParams['blocksize'] = 16;
136  break;
137  case (self::AES256_CBC):
138  $this->cryptParams['library'] = 'openssl';
139  $this->cryptParams['cipher'] = 'aes-256-cbc';
140  $this->cryptParams['type'] = 'symmetric';
141  $this->cryptParams['method'] = 'http://www.w3.org/2001/04/xmlenc#aes256-cbc';
142  $this->cryptParams['keysize'] = 32;
143  $this->cryptParams['blocksize'] = 16;
144  break;
145  case (self::RSA_1_5):
146  $this->cryptParams['library'] = 'openssl';
147  $this->cryptParams['padding'] = OPENSSL_PKCS1_PADDING;
148  $this->cryptParams['method'] = 'http://www.w3.org/2001/04/xmlenc#rsa-1_5';
149  if (is_array($params) && ! empty($params['type'])) {
150  if ($params['type'] == 'public' || $params['type'] == 'private') {
151  $this->cryptParams['type'] = $params['type'];
152  break;
153  }
154  }
155  throw new Exception('Certificate "type" (private/public) must be passed via parameters');
156  case (self::RSA_OAEP_MGF1P):
157  $this->cryptParams['library'] = 'openssl';
158  $this->cryptParams['padding'] = OPENSSL_PKCS1_OAEP_PADDING;
159  $this->cryptParams['method'] = 'http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p';
160  $this->cryptParams['hash'] = null;
161  if (is_array($params) && ! empty($params['type'])) {
162  if ($params['type'] == 'public' || $params['type'] == 'private') {
163  $this->cryptParams['type'] = $params['type'];
164  break;
165  }
166  }
167  throw new Exception('Certificate "type" (private/public) must be passed via parameters');
168  case (self::RSA_SHA1):
169  $this->cryptParams['library'] = 'openssl';
170  $this->cryptParams['method'] = 'http://www.w3.org/2000/09/xmldsig#rsa-sha1';
171  $this->cryptParams['padding'] = OPENSSL_PKCS1_PADDING;
172  if (is_array($params) && ! empty($params['type'])) {
173  if ($params['type'] == 'public' || $params['type'] == 'private') {
174  $this->cryptParams['type'] = $params['type'];
175  break;
176  }
177  }
178  throw new Exception('Certificate "type" (private/public) must be passed via parameters');
179  case (self::RSA_SHA256):
180  $this->cryptParams['library'] = 'openssl';
181  $this->cryptParams['method'] = 'http://www.w3.org/2001/04/xmldsig-more#rsa-sha256';
182  $this->cryptParams['padding'] = OPENSSL_PKCS1_PADDING;
183  $this->cryptParams['digest'] = 'SHA256';
184  if (is_array($params) && ! empty($params['type'])) {
185  if ($params['type'] == 'public' || $params['type'] == 'private') {
186  $this->cryptParams['type'] = $params['type'];
187  break;
188  }
189  }
190  throw new Exception('Certificate "type" (private/public) must be passed via parameters');
191  case (self::RSA_SHA384):
192  $this->cryptParams['library'] = 'openssl';
193  $this->cryptParams['method'] = 'http://www.w3.org/2001/04/xmldsig-more#rsa-sha384';
194  $this->cryptParams['padding'] = OPENSSL_PKCS1_PADDING;
195  $this->cryptParams['digest'] = 'SHA384';
196  if (is_array($params) && ! empty($params['type'])) {
197  if ($params['type'] == 'public' || $params['type'] == 'private') {
198  $this->cryptParams['type'] = $params['type'];
199  break;
200  }
201  }
202  throw new Exception('Certificate "type" (private/public) must be passed via parameters');
203  case (self::RSA_SHA512):
204  $this->cryptParams['library'] = 'openssl';
205  $this->cryptParams['method'] = 'http://www.w3.org/2001/04/xmldsig-more#rsa-sha512';
206  $this->cryptParams['padding'] = OPENSSL_PKCS1_PADDING;
207  $this->cryptParams['digest'] = 'SHA512';
208  if (is_array($params) && ! empty($params['type'])) {
209  if ($params['type'] == 'public' || $params['type'] == 'private') {
210  $this->cryptParams['type'] = $params['type'];
211  break;
212  }
213  }
214  throw new Exception('Certificate "type" (private/public) must be passed via parameters');
215  case (self::HMAC_SHA1):
216  $this->cryptParams['library'] = $type;
217  $this->cryptParams['method'] = 'http://www.w3.org/2000/09/xmldsig#hmac-sha1';
218  break;
219  default:
220  throw new Exception('Invalid Key Type');
221  }
222  $this->type = $type;
223  }

Member Function Documentation

◆ convertRSA()

static RobRichards\XMLSecLibs\XMLSecurityKey::convertRSA (   $modulus,
  $exponent 
)
static

Hint: Modulus and Exponent must already be base64 decoded.

Parameters
string$modulus
string$exponent
Returns
string

Definition at line 670 of file XMLSecurityKey.php.

Referenced by RobRichards\XMLSecLibs\XMLSecEnc\staticLocateKeyInfo().

671  {
672  /* make an ASN publicKeyInfo */
673  $exponentEncoding = self::makeAsnSegment(0x02, $exponent);
674  $modulusEncoding = self::makeAsnSegment(0x02, $modulus);
675  $sequenceEncoding = self::makeAsnSegment(0x30, $modulusEncoding.$exponentEncoding);
676  $bitstringEncoding = self::makeAsnSegment(0x03, $sequenceEncoding);
677  $rsaAlgorithmIdentifier = pack("H*", "300D06092A864886F70D0101010500");
678  $publicKeyInfo = self::makeAsnSegment(0x30, $rsaAlgorithmIdentifier.$bitstringEncoding);
679 
680  /* encode the publicKeyInfo in base64 and add PEM brackets */
681  $publicKeyInfoBase64 = base64_encode($publicKeyInfo);
682  $encoding = "-----BEGIN PUBLIC KEY-----\n";
683  $offset = 0;
684  while ($segment = substr($publicKeyInfoBase64, $offset, 64)) {
685  $encoding = $encoding.$segment."\n";
686  $offset += 64;
687  }
688  return $encoding."-----END PUBLIC KEY-----\n";
689  }
+ Here is the caller graph for this function:

◆ decryptData()

RobRichards\XMLSecLibs\XMLSecurityKey::decryptData (   $data)

Decrypts the given data (string) using the regarding php-extension, depending on the library assigned to algorithm in the contructor.

Parameters
string$data
Returns
mixed|string

Definition at line 556 of file XMLSecurityKey.php.

References $data, RobRichards\XMLSecLibs\XMLSecurityKey\decryptPrivate(), RobRichards\XMLSecLibs\XMLSecurityKey\decryptPublic(), and RobRichards\XMLSecLibs\XMLSecurityKey\decryptSymmetric().

557  {
558  if ($this->cryptParams['library'] === 'openssl') {
559  switch ($this->cryptParams['type']) {
560  case 'symmetric':
561  return $this->decryptSymmetric($data);
562  case 'public':
563  return $this->decryptPublic($data);
564  case 'private':
565  return $this->decryptPrivate($data);
566  }
567  }
568  }
RobRichards\XMLSecLibs\XMLSecurityKey\decryptSymmetric
decryptSymmetric($data)
Decrypts the given data (string) using the openssl-extension.
Definition: XMLSecurityKey.php:414
RobRichards\XMLSecLibs\XMLSecurityKey\decryptPublic
decryptPublic($data)
Decrypts the given public data (string) using the openssl-extension.
Definition: XMLSecurityKey.php:448
RobRichards\XMLSecLibs\XMLSecurityKey\decryptPrivate
decryptPrivate($data)
Decrypts the given private data (string) using the openssl-extension.
Definition: XMLSecurityKey.php:478
$data
$data
Definition: bench.php:6
+ Here is the call graph for this function:

◆ decryptPrivate()

RobRichards\XMLSecLibs\XMLSecurityKey::decryptPrivate (   $data)
private

Decrypts the given private data (string) using the openssl-extension.

Parameters
string$data
Returns
string
Exceptions
Exception

Definition at line 478 of file XMLSecurityKey.php.

References $data.

Referenced by RobRichards\XMLSecLibs\XMLSecurityKey\decryptData().

479  {
480  if (! openssl_private_decrypt($data, $decrypted, $this->key, $this->cryptParams['padding'])) {
481  throw new Exception('Failure decrypting Data (openssl private) - ' . openssl_error_string());
482  }
483  return $decrypted;
484  }
$data
$data
Definition: bench.php:6
+ Here is the caller graph for this function:

◆ decryptPublic()

RobRichards\XMLSecLibs\XMLSecurityKey::decryptPublic (   $data)
private

Decrypts the given public data (string) using the openssl-extension.

Parameters
string$data
Returns
string
Exceptions
Exception

Definition at line 448 of file XMLSecurityKey.php.

References $data.

Referenced by RobRichards\XMLSecLibs\XMLSecurityKey\decryptData().

449  {
450  if (! openssl_public_decrypt($data, $decrypted, $this->key, $this->cryptParams['padding'])) {
451  throw new Exception('Failure decrypting Data (openssl public) - ' . openssl_error_string());
452  }
453  return $decrypted;
454  }
$data
$data
Definition: bench.php:6
+ Here is the caller graph for this function:

◆ decryptSymmetric()

RobRichards\XMLSecLibs\XMLSecurityKey::decryptSymmetric (   $data)
private

Decrypts the given data (string) using the openssl-extension.

Parameters
string$data
Returns
string

Definition at line 414 of file XMLSecurityKey.php.

References $data, and RobRichards\XMLSecLibs\XMLSecurityKey\unpadISO10126().

Referenced by RobRichards\XMLSecLibs\XMLSecurityKey\decryptData().

415  {
416  $iv_length = openssl_cipher_iv_length($this->cryptParams['cipher']);
417  $this->iv = substr($data, 0, $iv_length);
418  $data = substr($data, $iv_length);
419  $decrypted = openssl_decrypt($data, $this->cryptParams['cipher'], $this->key, OPENSSL_RAW_DATA | OPENSSL_ZERO_PADDING, $this->iv);
420  if (false === $decrypted) {
421  throw new Exception('Failure decrypting Data (openssl symmetric) - ' . openssl_error_string());
422  }
423  return $this->unpadISO10126($decrypted);
424  }
RobRichards\XMLSecLibs\XMLSecurityKey\unpadISO10126
unpadISO10126($data)
Remove ISO 10126 Padding.
Definition: XMLSecurityKey.php:384
$data
$data
Definition: bench.php:6
+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ encryptData()

RobRichards\XMLSecLibs\XMLSecurityKey::encryptData (   $data)

Encrypts the given data (string) using the regarding php-extension, depending on the library assigned to algorithm in the contructor.

Parameters
string$data
Returns
mixed|string

Definition at line 536 of file XMLSecurityKey.php.

References $data, RobRichards\XMLSecLibs\XMLSecurityKey\encryptPrivate(), RobRichards\XMLSecLibs\XMLSecurityKey\encryptPublic(), and RobRichards\XMLSecLibs\XMLSecurityKey\encryptSymmetric().

537  {
538  if ($this->cryptParams['library'] === 'openssl') {
539  switch ($this->cryptParams['type']) {
540  case 'symmetric':
541  return $this->encryptSymmetric($data);
542  case 'public':
543  return $this->encryptPublic($data);
544  case 'private':
545  return $this->encryptPrivate($data);
546  }
547  }
548  }
RobRichards\XMLSecLibs\XMLSecurityKey\encryptPublic
encryptPublic($data)
Encrypts the given public data (string) using the openssl-extension.
Definition: XMLSecurityKey.php:433
RobRichards\XMLSecLibs\XMLSecurityKey\encryptSymmetric
encryptSymmetric($data)
Encrypts the given data (string) using the openssl-extension.
Definition: XMLSecurityKey.php:397
RobRichards\XMLSecLibs\XMLSecurityKey\encryptPrivate
encryptPrivate($data)
Encrypts the given private data (string) using the openssl-extension.
Definition: XMLSecurityKey.php:463
$data
$data
Definition: bench.php:6
+ Here is the call graph for this function:

◆ encryptPrivate()

RobRichards\XMLSecLibs\XMLSecurityKey::encryptPrivate (   $data)
private

Encrypts the given private data (string) using the openssl-extension.

Parameters
string$data
Returns
string
Exceptions
Exception

Definition at line 463 of file XMLSecurityKey.php.

References $data.

Referenced by RobRichards\XMLSecLibs\XMLSecurityKey\encryptData().

464  {
465  if (! openssl_private_encrypt($data, $encrypted, $this->key, $this->cryptParams['padding'])) {
466  throw new Exception('Failure encrypting Data (openssl private) - ' . openssl_error_string());
467  }
468  return $encrypted;
469  }
$data
$data
Definition: bench.php:6
+ Here is the caller graph for this function:

◆ encryptPublic()

RobRichards\XMLSecLibs\XMLSecurityKey::encryptPublic (   $data)
private

Encrypts the given public data (string) using the openssl-extension.

Parameters
string$data
Returns
string
Exceptions
Exception

Definition at line 433 of file XMLSecurityKey.php.

References $data.

Referenced by RobRichards\XMLSecLibs\XMLSecurityKey\encryptData().

434  {
435  if (! openssl_public_encrypt($data, $encrypted, $this->key, $this->cryptParams['padding'])) {
436  throw new Exception('Failure encrypting Data (openssl public) - ' . openssl_error_string());
437  }
438  return $encrypted;
439  }
$data
$data
Definition: bench.php:6
+ Here is the caller graph for this function:

◆ encryptSymmetric()

RobRichards\XMLSecLibs\XMLSecurityKey::encryptSymmetric (   $data)
private

Encrypts the given data (string) using the openssl-extension.

Parameters
string$data
Returns
string

Definition at line 397 of file XMLSecurityKey.php.

References $data, and RobRichards\XMLSecLibs\XMLSecurityKey\padISO10126().

Referenced by RobRichards\XMLSecLibs\XMLSecurityKey\encryptData().

398  {
399  $this->iv = openssl_random_pseudo_bytes(openssl_cipher_iv_length($this->cryptParams['cipher']));
400  $data = $this->padISO10126($data, $this->cryptParams['blocksize']);
401  $encrypted = openssl_encrypt($data, $this->cryptParams['cipher'], $this->key, OPENSSL_RAW_DATA | OPENSSL_ZERO_PADDING, $this->iv);
402  if (false === $encrypted) {
403  throw new Exception('Failure encrypting Data (openssl symmetric) - ' . openssl_error_string());
404  }
405  return $this->iv . $encrypted;
406  }
RobRichards\XMLSecLibs\XMLSecurityKey\padISO10126
padISO10126($data, $blockSize)
ISO 10126 Padding.
Definition: XMLSecurityKey.php:368
$data
$data
Definition: bench.php:6
+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ fromEncryptedKeyElement()

static RobRichards\XMLSecLibs\XMLSecurityKey::fromEncryptedKeyElement ( DOMElement  $element)
static

Create key from an EncryptedKey-element.

Parameters
DOMElement$elementThe EncryptedKey-element.
Exceptions
Exception
Returns
XMLSecurityKey The new key.

Definition at line 735 of file XMLSecurityKey.php.

References RobRichards\XMLSecLibs\XMLSecEnc\staticLocateKeyInfo().

Referenced by RobRichards\XMLSecLibs\XMLSecEnc\staticLocateKeyInfo().

736  {
737 
738  $objenc = new XMLSecEnc();
739  $objenc->setNode($element);
740  if (! $objKey = $objenc->locateKey()) {
741  throw new Exception("Unable to locate algorithm for this Encrypted Key");
742  }
743  $objKey->isEncrypted = true;
744  $objKey->encryptedCtx = $objenc;
745  XMLSecEnc::staticLocateKeyInfo($objKey, $element);
746  return $objKey;
747  }
RobRichards\XMLSecLibs\XMLSecEnc\staticLocateKeyInfo
static staticLocateKeyInfo($objBaseKey=null, $node=null)
Definition: XMLSecEnc.php:410
+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ generateSessionKey()

RobRichards\XMLSecLibs\XMLSecurityKey::generateSessionKey ( )

Generates a session key using the openssl-extension.

In case of using DES3-CBC the key is checked for a proper parity bits set.

Returns
string
Exceptions
Exception

Definition at line 247 of file XMLSecurityKey.php.

References $i, and RobRichards\XMLSecLibs\XMLSecurityKey\$key.

248  {
249  if (!isset($this->cryptParams['keysize'])) {
250  throw new Exception('Unknown key size for type "' . $this->type . '".');
251  }
252  $keysize = $this->cryptParams['keysize'];
253 
254  $key = openssl_random_pseudo_bytes($keysize);
255 
256  if ($this->type === self::TRIPLEDES_CBC) {
257  /* Make sure that the generated key has the proper parity bits set.
258  * Mcrypt doesn't care about the parity bits, but others may care.
259  */
260  for ($i = 0; $i < strlen($key); $i++) {
261  $byte = ord($key[$i]) & 0xfe;
262  $parity = 1;
263  for ($j = 1; $j < 8; $j++) {
264  $parity ^= ($byte >> $j) & 1;
265  }
266  $byte |= $parity;
267  $key[$i] = chr($byte);
268  }
269  }
270 
271  $this->key = $key;
272  return $key;
273  }
$i
$i
Definition: disco.tpl.php:19

◆ getAlgorith()

RobRichards\XMLSecLibs\XMLSecurityKey::getAlgorith ( )
Deprecated:
See also
getAlgorithm()
Returns
mixed

Definition at line 618 of file XMLSecurityKey.php.

References RobRichards\XMLSecLibs\XMLSecurityKey\getAlgorithm().

619  {
620  return $this->getAlgorithm();
621  }
+ Here is the call graph for this function:

◆ getAlgorithm()

RobRichards\XMLSecLibs\XMLSecurityKey::getAlgorithm ( )
Returns
mixed

Definition at line 626 of file XMLSecurityKey.php.

Referenced by RobRichards\XMLSecLibs\XMLSecurityKey\getAlgorith(), and SAML2\Utils\insertSignature().

627  {
628  return $this->cryptParams['method'];
629  }
+ Here is the caller graph for this function:

◆ getRawThumbprint()

static RobRichards\XMLSecLibs\XMLSecurityKey::getRawThumbprint (   $cert)
static

Get the raw thumbprint of a certificate.

Parameters
string$cert
Returns
null|string

Definition at line 281 of file XMLSecurityKey.php.

References $data.

282  {
283 
284  $arCert = explode("\n", $cert);
285  $data = '';
286  $inData = false;
287 
288  foreach ($arCert AS $curData) {
289  if (! $inData) {
290  if (strncmp($curData, '-----BEGIN CERTIFICATE', 22) == 0) {
291  $inData = true;
292  }
293  } else {
294  if (strncmp($curData, '-----END CERTIFICATE', 20) == 0) {
295  break;
296  }
297  $data .= trim($curData);
298  }
299  }
300 
301  if (! empty($data)) {
302  return strtolower(sha1(base64_decode($data)));
303  }
304 
305  return null;
306  }
$data
$data
Definition: bench.php:6

◆ getSymmetricKeySize()

RobRichards\XMLSecLibs\XMLSecurityKey::getSymmetricKeySize ( )

Retrieve the key size for the symmetric encryption algorithm.

If the key size is unknown, or this isn't a symmetric encryption algorithm, null is returned.

Returns
int|null The number of bytes in the key.

Definition at line 233 of file XMLSecurityKey.php.

Referenced by SAML2\Utils\insertSignature().

234  {
235  if (! isset($this->cryptParams['keysize'])) {
236  return null;
237  }
238  return $this->cryptParams['keysize'];
239  }
+ Here is the caller graph for this function:

◆ getX509Certificate()

RobRichards\XMLSecLibs\XMLSecurityKey::getX509Certificate ( )

Retrieve the X509 certificate this key represents.

Will return the X509 certificate in PEM-format if this key represents an X509 certificate.

Returns
string The X509 certificate or null if this key doesn't represent an X509-certificate.

Definition at line 707 of file XMLSecurityKey.php.

References RobRichards\XMLSecLibs\XMLSecurityKey\$x509Certificate.

708  {
709  return $this->x509Certificate;
710  }

◆ getX509Thumbprint()

RobRichards\XMLSecLibs\XMLSecurityKey::getX509Thumbprint ( )

Get the thumbprint of this X509 certificate.

Returns: The thumbprint as a lowercase 40-character hexadecimal number, or null if this isn't a X509 certificate.

Returns
string Lowercase 40-character hexadecimal number of thumbprint

Definition at line 721 of file XMLSecurityKey.php.

References RobRichards\XMLSecLibs\XMLSecurityKey\$X509Thumbprint.

722  {
723  return $this->X509Thumbprint;
724  }

◆ loadKey()

RobRichards\XMLSecLibs\XMLSecurityKey::loadKey (   $key,
  $isFile = false,
  $isCert = false 
)

Loads the given key, or - with isFile set true - the key from the keyfile.

Parameters
string$key
bool$isFile
bool$isCert
Exceptions
Exception

Definition at line 316 of file XMLSecurityKey.php.

References RobRichards\XMLSecLibs\XMLSecurityKey\$key.

317  {
318  if ($isFile) {
319  $this->key = file_get_contents($key);
320  } else {
321  $this->key = $key;
322  }
323  if ($isCert) {
324  $this->key = openssl_x509_read($this->key);
325  openssl_x509_export($this->key, $str_cert);
326  $this->x509Certificate = $str_cert;
327  $this->key = $str_cert;
328  } else {
329  $this->x509Certificate = null;
330  }
331  if ($this->cryptParams['library'] == 'openssl') {
332  switch ($this->cryptParams['type']) {
333  case 'public':
334  if ($isCert) {
335  /* Load the thumbprint if this is an X509 certificate. */
336  $this->X509Thumbprint = self::getRawThumbprint($this->key);
337  }
338  $this->key = openssl_get_publickey($this->key);
339  if (! $this->key) {
340  throw new Exception('Unable to extract public key');
341  }
342  break;
343 
344  case 'private':
345  $this->key = openssl_get_privatekey($this->key, $this->passphrase);
346  break;
347 
348  case'symmetric':
349  if (strlen($this->key) < $this->cryptParams['keysize']) {
350  throw new Exception('Key must contain at least 25 characters for this cipher');
351  }
352  break;
353 
354  default:
355  throw new Exception('Unknown type');
356  }
357  }
358  }

◆ makeAsnSegment()

static RobRichards\XMLSecLibs\XMLSecurityKey::makeAsnSegment (   $type,
  $string 
)
static
Parameters
int$type
string$string
Returns
null|string

Definition at line 637 of file XMLSecurityKey.php.

References Sabre\VObject\$output, and RobRichards\XMLSecLibs\XMLSecurityKey\$type.

638  {
639  switch ($type) {
640  case 0x02:
641  if (ord($string) > 0x7f)
642  $string = chr(0).$string;
643  break;
644  case 0x03:
645  $string = chr(0).$string;
646  break;
647  }
648 
649  $length = strlen($string);
650 
651  if ($length < 128) {
652  $output = sprintf("%c%c%s", $type, $length, $string);
653  } else if ($length < 0x0100) {
654  $output = sprintf("%c%c%c%s", $type, 0x81, $length, $string);
655  } else if ($length < 0x010000) {
656  $output = sprintf("%c%c%c%c%s", $type, 0x82, $length / 0x0100, $length % 0x0100, $string);
657  } else {
658  $output = null;
659  }
660  return $output;
661  }

◆ padISO10126()

RobRichards\XMLSecLibs\XMLSecurityKey::padISO10126 (   $data,
  $blockSize 
)
private

ISO 10126 Padding.

Parameters
string$data
integer$blockSize
Exceptions
Exception
Returns
string

Definition at line 368 of file XMLSecurityKey.php.

References $data.

Referenced by RobRichards\XMLSecLibs\XMLSecurityKey\encryptSymmetric().

369  {
370  if ($blockSize > 256) {
371  throw new Exception('Block size higher than 256 not allowed');
372  }
373  $padChr = $blockSize - (strlen($data) % $blockSize);
374  $pattern = chr($padChr);
375  return $data . str_repeat($pattern, $padChr);
376  }
$data
$data
Definition: bench.php:6
+ Here is the caller graph for this function:

◆ serializeKey()

RobRichards\XMLSecLibs\XMLSecurityKey::serializeKey (   $parent)
Parameters
mixed$parent

Definition at line 694 of file XMLSecurityKey.php.

695  {
696 
697  }

◆ signData()

RobRichards\XMLSecLibs\XMLSecurityKey::signData (   $data)

Signs the data (string) using the extension assigned to the type in the constructor.

Parameters
string$data
Returns
mixed|string

Definition at line 576 of file XMLSecurityKey.php.

References $data, and RobRichards\XMLSecLibs\XMLSecurityKey\signOpenSSL().

577  {
578  switch ($this->cryptParams['library']) {
579  case 'openssl':
580  return $this->signOpenSSL($data);
581  case (self::HMAC_SHA1):
582  return hash_hmac("sha1", $data, $this->key, true);
583  }
584  }
RobRichards\XMLSecLibs\XMLSecurityKey\signOpenSSL
signOpenSSL($data)
Signs the given data (string) using the openssl-extension.
Definition: XMLSecurityKey.php:493
$data
$data
Definition: bench.php:6
+ Here is the call graph for this function:

◆ signOpenSSL()

RobRichards\XMLSecLibs\XMLSecurityKey::signOpenSSL (   $data)
private

Signs the given data (string) using the openssl-extension.

Parameters
string$data
Returns
string
Exceptions
Exception

Definition at line 493 of file XMLSecurityKey.php.

References $algo, and $data.

Referenced by RobRichards\XMLSecLibs\XMLSecurityKey\signData().

494  {
495  $algo = OPENSSL_ALGO_SHA1;
496  if (! empty($this->cryptParams['digest'])) {
497  $algo = $this->cryptParams['digest'];
498  }
499  if (! openssl_sign($data, $signature, $this->key, $algo)) {
500  throw new Exception('Failure Signing Data: ' . openssl_error_string() . ' - ' . $algo);
501  }
502  return $signature;
503  }
$algo
$algo
Definition: pwgen.php:34
$data
$data
Definition: bench.php:6
+ Here is the caller graph for this function:

◆ unpadISO10126()

RobRichards\XMLSecLibs\XMLSecurityKey::unpadISO10126 (   $data)
private

Remove ISO 10126 Padding.

Parameters
string$data
Returns
string

Definition at line 384 of file XMLSecurityKey.php.

References $data.

Referenced by RobRichards\XMLSecLibs\XMLSecurityKey\decryptSymmetric().

385  {
386  $padChr = substr($data, -1);
387  $padLen = ord($padChr);
388  return substr($data, 0, -$padLen);
389  }
$data
$data
Definition: bench.php:6
+ Here is the caller graph for this function:

◆ verifyOpenSSL()

RobRichards\XMLSecLibs\XMLSecurityKey::verifyOpenSSL (   $data,
  $signature 
)
private

Verifies the given data (string) belonging to the given signature using the openssl-extension.

Returns: 1 on succesful signature verification, 0 when signature verification failed, -1 if an error occurred during processing.

NOTE: be very careful when checking the return value, because in PHP, -1 will be cast to True when in boolean context. So always check the return value in a strictly typed way, e.g. "$obj->verify(...) === 1".

Parameters
string$data
string$signature
Returns
int

Definition at line 521 of file XMLSecurityKey.php.

References $algo, and $data.

Referenced by RobRichards\XMLSecLibs\XMLSecurityKey\verifySignature().

522  {
523  $algo = OPENSSL_ALGO_SHA1;
524  if (! empty($this->cryptParams['digest'])) {
525  $algo = $this->cryptParams['digest'];
526  }
527  return openssl_verify($data, $signature, $this->key, $algo);
528  }
$algo
$algo
Definition: pwgen.php:34
$data
$data
Definition: bench.php:6
+ Here is the caller graph for this function:

◆ verifySignature()

RobRichards\XMLSecLibs\XMLSecurityKey::verifySignature (   $data,
  $signature 
)

Verifies the data (string) against the given signature using the extension assigned to the type in the constructor.

Returns in case of openSSL: 1 on succesful signature verification, 0 when signature verification failed, -1 if an error occurred during processing.

NOTE: be very careful when checking the return value, because in PHP, -1 will be cast to True when in boolean context. So always check the return value in a strictly typed way, e.g. "$obj->verify(...) === 1".

Parameters
string$data
string$signature
Returns
bool|int

Definition at line 602 of file XMLSecurityKey.php.

References $data, and RobRichards\XMLSecLibs\XMLSecurityKey\verifyOpenSSL().

Referenced by SAML2\HTTPRedirect\validateSignature().

603  {
604  switch ($this->cryptParams['library']) {
605  case 'openssl':
606  return $this->verifyOpenSSL($data, $signature);
607  case (self::HMAC_SHA1):
608  $expectedSignature = hash_hmac("sha1", $data, $this->key, true);
609  return strcmp($signature, $expectedSignature) == 0;
610  }
611  }
RobRichards\XMLSecLibs\XMLSecurityKey\verifyOpenSSL
verifyOpenSSL($data, $signature)
Verifies the given data (string) belonging to the given signature using the openssl-extension.
Definition: XMLSecurityKey.php:521
$data
$data
Definition: bench.php:6
+ Here is the call graph for this function:
+ Here is the caller graph for this function:

Field Documentation

◆ $cryptParams

RobRichards\XMLSecLibs\XMLSecurityKey::$cryptParams = array()
private

Definition at line 63 of file XMLSecurityKey.php.

◆ $encryptedCtx

RobRichards\XMLSecLibs\XMLSecurityKey::$encryptedCtx = null

Definition at line 87 of file XMLSecurityKey.php.

◆ $guid

RobRichards\XMLSecLibs\XMLSecurityKey::$guid = null

Definition at line 90 of file XMLSecurityKey.php.

◆ $isEncrypted

RobRichards\XMLSecLibs\XMLSecurityKey::$isEncrypted = false

Definition at line 84 of file XMLSecurityKey.php.

◆ $iv

RobRichards\XMLSecLibs\XMLSecurityKey::$iv = null

Definition at line 75 of file XMLSecurityKey.php.

◆ $key

RobRichards\XMLSecLibs\XMLSecurityKey::$key = null

Definition at line 69 of file XMLSecurityKey.php.

Referenced by RobRichards\XMLSecLibs\XMLSecurityKey\generateSessionKey(), and RobRichards\XMLSecLibs\XMLSecurityKey\loadKey().

◆ $keyChain

RobRichards\XMLSecLibs\XMLSecurityKey::$keyChain = null

Definition at line 81 of file XMLSecurityKey.php.

◆ $name

RobRichards\XMLSecLibs\XMLSecurityKey::$name = null

Definition at line 78 of file XMLSecurityKey.php.

◆ $passphrase

RobRichards\XMLSecLibs\XMLSecurityKey::$passphrase = ""

Definition at line 72 of file XMLSecurityKey.php.

◆ $type

RobRichards\XMLSecLibs\XMLSecurityKey::$type = 0

Definition at line 66 of file XMLSecurityKey.php.

Referenced by RobRichards\XMLSecLibs\XMLSecurityKey\__construct(), and RobRichards\XMLSecLibs\XMLSecurityKey\makeAsnSegment().

◆ $x509Certificate

RobRichards\XMLSecLibs\XMLSecurityKey::$x509Certificate = null
private

Definition at line 97 of file XMLSecurityKey.php.

Referenced by RobRichards\XMLSecLibs\XMLSecurityKey\getX509Certificate().

◆ $X509Thumbprint

RobRichards\XMLSecLibs\XMLSecurityKey::$X509Thumbprint = null
private

Definition at line 103 of file XMLSecurityKey.php.

Referenced by RobRichards\XMLSecLibs\XMLSecurityKey\getX509Thumbprint().

◆ AES128_CBC

const RobRichards\XMLSecLibs\XMLSecurityKey::AES128_CBC = 'http://www.w3.org/2001/04/xmlenc#aes128-cbc'

Definition at line 50 of file XMLSecurityKey.php.

Referenced by SAML2\Certificate\PrivateKeyLoader\loadDecryptionKeys().

◆ AES192_CBC

const RobRichards\XMLSecLibs\XMLSecurityKey::AES192_CBC = 'http://www.w3.org/2001/04/xmlenc#aes192-cbc'

Definition at line 51 of file XMLSecurityKey.php.

◆ AES256_CBC

const RobRichards\XMLSecLibs\XMLSecurityKey::AES256_CBC = 'http://www.w3.org/2001/04/xmlenc#aes256-cbc'

Definition at line 52 of file XMLSecurityKey.php.

◆ DSA_SHA1

const RobRichards\XMLSecLibs\XMLSecurityKey::DSA_SHA1 = 'http://www.w3.org/2000/09/xmldsig#dsa-sha1'

Definition at line 55 of file XMLSecurityKey.php.

◆ HMAC_SHA1

const RobRichards\XMLSecLibs\XMLSecurityKey::HMAC_SHA1 = 'http://www.w3.org/2000/09/xmldsig#hmac-sha1'

Definition at line 60 of file XMLSecurityKey.php.

◆ RSA_1_5

const RobRichards\XMLSecLibs\XMLSecurityKey::RSA_1_5 = 'http://www.w3.org/2001/04/xmlenc#rsa-1_5'

Definition at line 53 of file XMLSecurityKey.php.

Referenced by SAML2\Certificate\PrivateKeyLoader\convertPrivateKeyToRsaKey(), and SAML2\Configuration\ServiceProvider\getBlacklistedAlgorithms().

◆ RSA_OAEP_MGF1P

const RobRichards\XMLSecLibs\XMLSecurityKey::RSA_OAEP_MGF1P = 'http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p'

Definition at line 54 of file XMLSecurityKey.php.

◆ RSA_SHA1

const RobRichards\XMLSecLibs\XMLSecurityKey::RSA_SHA1 = 'http://www.w3.org/2000/09/xmldsig#rsa-sha1'

Definition at line 56 of file XMLSecurityKey.php.

◆ RSA_SHA256

const RobRichards\XMLSecLibs\XMLSecurityKey::RSA_SHA256 = 'http://www.w3.org/2001/04/xmldsig-more#rsa-sha256'

Definition at line 57 of file XMLSecurityKey.php.

Referenced by SimpleSAML\XML\Signer\loadPrivateKeyArray(), and SAML2\Signature\AbstractChainedValidator\validateElementWithKeys().

◆ RSA_SHA384

const RobRichards\XMLSecLibs\XMLSecurityKey::RSA_SHA384 = 'http://www.w3.org/2001/04/xmldsig-more#rsa-sha384'

Definition at line 58 of file XMLSecurityKey.php.

◆ RSA_SHA512

const RobRichards\XMLSecLibs\XMLSecurityKey::RSA_SHA512 = 'http://www.w3.org/2001/04/xmldsig-more#rsa-sha512'

Definition at line 59 of file XMLSecurityKey.php.

◆ TRIPLEDES_CBC

const RobRichards\XMLSecLibs\XMLSecurityKey::TRIPLEDES_CBC = 'http://www.w3.org/2001/04/xmlenc#tripledes-cbc'

Definition at line 49 of file XMLSecurityKey.php.

The documentation for this class was generated from the following file: