XMLSecurityKey
in package
xmlseclibs.php
Copyright (c) 2007-2017, Robert Richards rrichards@cdatazone.org. All rights reserved.
Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met:
-
Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer.
-
Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution.
-
Neither the name of Robert Richards nor the names of his contributors may be used to endorse or promote products derived from this software without specific prior written permission.
THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
Tags
Table of Contents
- AES128_CBC = 'http://www.w3.org/2001/04/xmlenc#aes128-cbc'
- AES192_CBC = 'http://www.w3.org/2001/04/xmlenc#aes192-cbc'
- AES256_CBC = 'http://www.w3.org/2001/04/xmlenc#aes256-cbc'
- DSA_SHA1 = 'http://www.w3.org/2000/09/xmldsig#dsa-sha1'
- HMAC_SHA1 = 'http://www.w3.org/2000/09/xmldsig#hmac-sha1'
- RSA_1_5 = 'http://www.w3.org/2001/04/xmlenc#rsa-1_5'
- RSA_OAEP_MGF1P = 'http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p'
- RSA_SHA1 = 'http://www.w3.org/2000/09/xmldsig#rsa-sha1'
- RSA_SHA256 = 'http://www.w3.org/2001/04/xmldsig-more#rsa-sha256'
- RSA_SHA384 = 'http://www.w3.org/2001/04/xmldsig-more#rsa-sha384'
- RSA_SHA512 = 'http://www.w3.org/2001/04/xmldsig-more#rsa-sha512'
- TRIPLEDES_CBC = 'http://www.w3.org/2001/04/xmlenc#tripledes-cbc'
- $encryptedCtx : XMLSecEnc|null
- $guid : mixed|null
- $isEncrypted : bool
- $iv : string|null
- $key : mixed|null
- $keyChain : mixed|null
- $name : string|null
- $passphrase : string
- $type : int|string
- $cryptParams : array<string|int, mixed>
- $x509Certificate : string|null
- This variable contains the certificate as a string if this key represents an X509-certificate.
- $X509Thumbprint : string|null
- This variable contains the certificate thumbprint if we have loaded an X509-certificate.
- __construct() : mixed
- convertRSA() : string
- Hint: Modulus and Exponent must already be base64 decoded
- decryptData() : mixed|string
- Decrypts the given data (string) using the regarding php-extension, depending on the library assigned to algorithm in the contructor.
- encryptData() : mixed|string
- Encrypts the given data (string) using the regarding php-extension, depending on the library assigned to algorithm in the contructor.
- fromEncryptedKeyElement() : XMLSecurityKey
- Create key from an EncryptedKey-element.
- generateSessionKey() : string
- Generates a session key using the openssl-extension.
- getAlgorith() : mixed
- getAlgorithm() : mixed
- getRawThumbprint() : null|string
- Get the raw thumbprint of a certificate
- getSymmetricKeySize() : int|null
- Retrieve the key size for the symmetric encryption algorithm.. If the key size is unknown, or this isn't a symmetric encryption algorithm, null is returned.
- getX509Certificate() : string
- Retrieve the X509 certificate this key represents.
- getX509Thumbprint() : string
- Get the thumbprint of this X509 certificate.
- loadKey() : mixed
- Loads the given key, or - with isFile set true - the key from the keyfile.
- makeAsnSegment() : null|string
- serializeKey() : mixed
- signData() : mixed|string
- Signs the data (string) using the extension assigned to the type in the constructor.
- verifySignature() : bool|int
- Verifies the data (string) against the given signature using the extension assigned to the type in the constructor.
- decryptPrivate() : string
- Decrypts the given private data (string) using the openssl-extension
- decryptPublic() : string
- Decrypts the given public data (string) using the openssl-extension
- decryptSymmetric() : string
- Decrypts the given data (string) using the openssl-extension
- encryptPrivate() : string
- Encrypts the given private data (string) using the openssl-extension
- encryptPublic() : string
- Encrypts the given public data (string) using the openssl-extension
- encryptSymmetric() : string
- Encrypts the given data (string) using the openssl-extension
- padISO10126() : string
- ISO 10126 Padding
- signOpenSSL() : string
- Signs the given data (string) using the openssl-extension
- unpadISO10126() : string
- Remove ISO 10126 Padding
- verifyOpenSSL() : int
- Verifies the given data (string) belonging to the given signature using the openssl-extension
Constants
AES128_CBC
public
mixed
AES128_CBC
= 'http://www.w3.org/2001/04/xmlenc#aes128-cbc'
AES192_CBC
public
mixed
AES192_CBC
= 'http://www.w3.org/2001/04/xmlenc#aes192-cbc'
AES256_CBC
public
mixed
AES256_CBC
= 'http://www.w3.org/2001/04/xmlenc#aes256-cbc'
DSA_SHA1
public
mixed
DSA_SHA1
= 'http://www.w3.org/2000/09/xmldsig#dsa-sha1'
HMAC_SHA1
public
mixed
HMAC_SHA1
= 'http://www.w3.org/2000/09/xmldsig#hmac-sha1'
RSA_1_5
public
mixed
RSA_1_5
= 'http://www.w3.org/2001/04/xmlenc#rsa-1_5'
RSA_OAEP_MGF1P
public
mixed
RSA_OAEP_MGF1P
= 'http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p'
RSA_SHA1
public
mixed
RSA_SHA1
= 'http://www.w3.org/2000/09/xmldsig#rsa-sha1'
RSA_SHA256
public
mixed
RSA_SHA256
= 'http://www.w3.org/2001/04/xmldsig-more#rsa-sha256'
RSA_SHA384
public
mixed
RSA_SHA384
= 'http://www.w3.org/2001/04/xmldsig-more#rsa-sha384'
RSA_SHA512
public
mixed
RSA_SHA512
= 'http://www.w3.org/2001/04/xmldsig-more#rsa-sha512'
TRIPLEDES_CBC
public
mixed
TRIPLEDES_CBC
= 'http://www.w3.org/2001/04/xmlenc#tripledes-cbc'
Properties
$encryptedCtx
public
XMLSecEnc|null
$encryptedCtx
= null
$guid
public
mixed|null
$guid
= null
$isEncrypted
public
bool
$isEncrypted
= false
$iv
public
string|null
$iv
= null
$key
public
mixed|null
$key
= null
$keyChain
public
mixed|null
$keyChain
= null
$name
public
string|null
$name
= null
$passphrase
public
string
$passphrase
= ""
$type
public
int|string
$type
= 0
$cryptParams
private
array<string|int, mixed>
$cryptParams
= array()
$x509Certificate
This variable contains the certificate as a string if this key represents an X509-certificate.
private
string|null
$x509Certificate
= null
If this key doesn't represent a certificate, this will be null.
$X509Thumbprint
This variable contains the certificate thumbprint if we have loaded an X509-certificate.
private
string|null
$X509Thumbprint
= null
Methods
__construct()
public
__construct(string $type[, null|array<string|int, mixed> $params = null ]) : mixed
Parameters
- $type : string
- $params : null|array<string|int, mixed> = null
Tags
Return values
mixed —convertRSA()
Hint: Modulus and Exponent must already be base64 decoded
public
static convertRSA(string $modulus, string $exponent) : string
Parameters
- $modulus : string
- $exponent : string
Return values
string —decryptData()
Decrypts the given data (string) using the regarding php-extension, depending on the library assigned to algorithm in the contructor.
public
decryptData(string $data) : mixed|string
Parameters
- $data : string
Return values
mixed|string —encryptData()
Encrypts the given data (string) using the regarding php-extension, depending on the library assigned to algorithm in the contructor.
public
encryptData(string $data) : mixed|string
Parameters
- $data : string
Return values
mixed|string —fromEncryptedKeyElement()
Create key from an EncryptedKey-element.
public
static fromEncryptedKeyElement(DOMElement $element) : XMLSecurityKey
Parameters
- $element : DOMElement
-
The EncryptedKey-element.
Tags
Return values
XMLSecurityKey —The new key.
generateSessionKey()
Generates a session key using the openssl-extension.
public
generateSessionKey() : string
In case of using DES3-CBC the key is checked for a proper parity bits set.
Tags
Return values
string —getAlgorith()
public
getAlgorith() : mixed
Tags
Return values
mixed —getAlgorithm()
public
getAlgorithm() : mixed
Return values
mixed —getRawThumbprint()
Get the raw thumbprint of a certificate
public
static getRawThumbprint(string $cert) : null|string
Parameters
- $cert : string
Return values
null|string —getSymmetricKeySize()
Retrieve the key size for the symmetric encryption algorithm.. If the key size is unknown, or this isn't a symmetric encryption algorithm, null is returned.
public
getSymmetricKeySize() : int|null
Return values
int|null —The number of bytes in the key.
getX509Certificate()
Retrieve the X509 certificate this key represents.
public
getX509Certificate() : string
Will return the X509 certificate in PEM-format if this key represents an X509 certificate.
Return values
string —The X509 certificate or null if this key doesn't represent an X509-certificate.
getX509Thumbprint()
Get the thumbprint of this X509 certificate.
public
getX509Thumbprint() : string
Returns: The thumbprint as a lowercase 40-character hexadecimal number, or null if this isn't a X509 certificate.
Return values
string —Lowercase 40-character hexadecimal number of thumbprint
loadKey()
Loads the given key, or - with isFile set true - the key from the keyfile.
public
loadKey(string $key[, bool $isFile = false ][, bool $isCert = false ]) : mixed
Parameters
- $key : string
- $isFile : bool = false
- $isCert : bool = false
Tags
Return values
mixed —makeAsnSegment()
public
static makeAsnSegment(int $type, string $string) : null|string
Parameters
- $type : int
- $string : string
Return values
null|string —serializeKey()
public
serializeKey(mixed $parent) : mixed
Parameters
- $parent : mixed
Return values
mixed —signData()
Signs the data (string) using the extension assigned to the type in the constructor.
public
signData(string $data) : mixed|string
Parameters
- $data : string
Return values
mixed|string —verifySignature()
Verifies the data (string) against the given signature using the extension assigned to the type in the constructor.
public
verifySignature(string $data, string $signature) : bool|int
Parameters
- $data : string
- $signature : string
Return values
bool|int —decryptPrivate()
Decrypts the given private data (string) using the openssl-extension
private
decryptPrivate(string $data) : string
Parameters
- $data : string
Tags
Return values
string —decryptPublic()
Decrypts the given public data (string) using the openssl-extension
private
decryptPublic(string $data) : string
Parameters
- $data : string
Tags
Return values
string —decryptSymmetric()
Decrypts the given data (string) using the openssl-extension
private
decryptSymmetric(string $data) : string
Parameters
- $data : string
Return values
string —encryptPrivate()
Encrypts the given private data (string) using the openssl-extension
private
encryptPrivate(string $data) : string
Parameters
- $data : string
Tags
Return values
string —encryptPublic()
Encrypts the given public data (string) using the openssl-extension
private
encryptPublic(string $data) : string
Parameters
- $data : string
Tags
Return values
string —encryptSymmetric()
Encrypts the given data (string) using the openssl-extension
private
encryptSymmetric(string $data) : string
Parameters
- $data : string
Return values
string —padISO10126()
ISO 10126 Padding
private
padISO10126(string $data, int $blockSize) : string
Parameters
- $data : string
- $blockSize : int
Tags
Return values
string —signOpenSSL()
Signs the given data (string) using the openssl-extension
private
signOpenSSL(string $data) : string
Parameters
- $data : string
Tags
Return values
string —unpadISO10126()
Remove ISO 10126 Padding
private
unpadISO10126(string $data) : string
Parameters
- $data : string
Return values
string —verifyOpenSSL()
Verifies the given data (string) belonging to the given signature using the openssl-extension
private
verifyOpenSSL(string $data, string $signature) : int
Returns: 1 on succesful signature verification, 0 when signature verification failed, -1 if an error occurred during processing.
NOTE: be very careful when checking the return value, because in PHP, -1 will be cast to True when in boolean context. So always check the return value in a strictly typed way, e.g. "$obj->verify(...) === 1".
Parameters
- $data : string
- $signature : string