public function testCipherFactory()
{
if (!defined('MCRYPT_RIJNDAEL_128')) {
$this->markTestSkipped('Use of the Zend_InfoCard component requires the mcrypt extension to be enabled in PHP');
}
$this->assertTrue(Zend_InfoCard_Cipher::getInstanceByURI(Zend_InfoCard_Cipher::ENC_AES128CBC) instanceof Zend_InfoCard_Cipher_Symmetric_Adapter_Aes128cbc);
$this->assertTrue(Zend_InfoCard_Cipher::getInstanceByURI(Zend_InfoCard_Cipher::ENC_RSA) instanceof Zend_InfoCard_Cipher_Pki_Adapter_Rsa);
try {
Zend_InfoCard_Cipher::getInstanceByURI("Broken");
$this->fail("Exception not thrown as expected");
} catch (Exception $e) {
/* yay */
}
}
/**
* Extracts the Signed Token from an EncryptedData block
*
* @throws Zend_InfoCard_Exception
* @param string $strXmlToken The EncryptedData XML block
* @return string The XML of the Signed Token inside of the EncryptedData block
*/
protected function _extractSignedToken($strXmlToken)
{
$encryptedData = Zend_InfoCard_Xml_EncryptedData::getInstance($strXmlToken);
// Determine the Encryption Method used to encrypt the token
switch ($encryptedData->getEncryptionMethod()) {
case Zend_InfoCard_Cipher::ENC_AES128CBC:
case Zend_InfoCard_Cipher::ENC_AES256CBC:
break;
default:
require_once 'Zend/InfoCard/Exception.php';
throw new Zend_InfoCard_Exception("Unknown Encryption Method used in the secure token");
}
// Figure out the Key we are using to decrypt the token
$keyinfo = $encryptedData->getKeyInfo();
if (!$keyinfo instanceof Zend_InfoCard_Xml_KeyInfo_XmlDSig) {
require_once 'Zend/InfoCard/Exception.php';
throw new Zend_InfoCard_Exception("Expected a XML digital signature KeyInfo, but was not found");
}
$encryptedKey = $keyinfo->getEncryptedKey();
switch ($encryptedKey->getEncryptionMethod()) {
case Zend_InfoCard_Cipher::ENC_RSA:
case Zend_InfoCard_Cipher::ENC_RSA_OAEP_MGF1P:
break;
default:
require_once 'Zend/InfoCard/Exception.php';
throw new Zend_InfoCard_Exception("Unknown Key Encryption Method used in secure token");
}
$securityTokenRef = $encryptedKey->getKeyInfo()->getSecurityTokenReference();
$key_id = $this->_findCertifiatePairByDigest($securityTokenRef->getKeyReference());
if (!$key_id) {
require_once 'Zend/InfoCard/Exception.php';
throw new Zend_InfoCard_Exception("Unable to find key pair used to encrypt symmetric InfoCard Key");
}
$certificate_pair = $this->getCertificatePair($key_id);
// Santity Check
if ($certificate_pair['type_uri'] != $encryptedKey->getEncryptionMethod()) {
require_once 'Zend/InfoCard/Exception.php';
throw new Zend_InfoCard_Exception("Certificate Pair which matches digest is not of same algorithm type as document, check addCertificate()");
}
$PKcipher = Zend_InfoCard_Cipher::getInstanceByURI($encryptedKey->getEncryptionMethod());
$base64DecodeSupportsStrictParam = version_compare(PHP_VERSION, '5.2.0', '>=');
if ($base64DecodeSupportsStrictParam) {
$keyCipherValueBase64Decoded = base64_decode($encryptedKey->getCipherValue(), true);
} else {
$keyCipherValueBase64Decoded = base64_decode($encryptedKey->getCipherValue());
}
$symmetricKey = $PKcipher->decrypt($keyCipherValueBase64Decoded, file_get_contents($certificate_pair['private']), $certificate_pair['password']);
$symCipher = Zend_InfoCard_Cipher::getInstanceByURI($encryptedData->getEncryptionMethod());
if ($base64DecodeSupportsStrictParam) {
$dataCipherValueBase64Decoded = base64_decode($encryptedData->getCipherValue(), true);
} else {
$dataCipherValueBase64Decoded = base64_decode($encryptedData->getCipherValue());
}
$signedToken = $symCipher->decrypt($dataCipherValueBase64Decoded, $symmetricKey);
return $signedToken;
}
public function testCipherFactory()
{
$this->assertTrue(Zend_InfoCard_Cipher::getInstanceByURI(Zend_InfoCard_Cipher::ENC_AES128CBC)
instanceof Zend_InfoCard_Cipher_Symmetric_Adapter_AES128CBC);
$this->assertTrue(Zend_InfoCard_Cipher::getInstanceByURI(Zend_InfoCard_Cipher::ENC_RSA)
instanceof Zend_InfoCard_Cipher_PKI_Adapter_RSA);
try {
Zend_InfoCard_Cipher::getInstanceByURI("Broken");
$this->fail("Exception not thrown as expected");
} catch(Exception $e) {
/* yay */
}
}
