/** * Extracts the Signed Token from an EncryptedData block * * @throws \Zend\InfoCard\Exception * @param string $strXmlToken The EncryptedData XML block * @return string The XML of the Signed Token inside of the EncryptedData block */ protected function _extractSignedToken($strXmlToken) { $encryptedData = XML\EncryptedData\Factory::getInstance($strXmlToken); // Determine the Encryption Method used to encrypt the token switch ($encryptedData->getEncryptionMethod()) { case Cipher::ENC_AES128CBC: case Cipher::ENC_AES256CBC: break; default: throw new Exception\RuntimeException("Unknown Encryption Method used in the secure token"); } // Figure out the Key we are using to decrypt the token $keyinfo = $encryptedData->getKeyInfo(); if (!$keyinfo instanceof XML\KeyInfo\XMLDSig) { throw new Exception\RuntimeException("Expected a XML digital signature KeyInfo, but was not found"); } $encryptedKey = $keyinfo->getEncryptedKey(); switch ($encryptedKey->getEncryptionMethod()) { case Cipher::ENC_RSA: case Cipher::ENC_RSA_OAEP_MGF1P: break; default: throw new Exception\RuntimeException("Unknown Key Encryption Method used in secure token"); } $securityTokenRef = $encryptedKey->getKeyInfo()->getSecurityTokenReference(); $key_id = $this->_findCertifiatePairByDigest($securityTokenRef->getKeyReference()); if (!$key_id) { throw new Exception\RuntimeException("Unable to find key pair used to encrypt symmetric InfoCard Key"); } $certificate_pair = $this->getCertificatePair($key_id); // Santity Check if ($certificate_pair['type_uri'] != $encryptedKey->getEncryptionMethod()) { throw new Exception\RuntimeException("Certificate Pair which matches digest is not of same algorithm type as document, check addCertificate()"); } $PKcipher = Cipher::getInstanceByURI($encryptedKey->getEncryptionMethod()); $keyCipherValueBase64Decoded = base64_decode($encryptedKey->getCipherValue(), true); $symmetricKey = $PKcipher->decrypt($keyCipherValueBase64Decoded, file_get_contents($certificate_pair['private']), $certificate_pair['password']); $symCipher = Cipher::getInstanceByURI($encryptedData->getEncryptionMethod()); $dataCipherValueBase64Decoded = base64_decode($encryptedData->getCipherValue(), true); $signedToken = $symCipher->decrypt($dataCipherValueBase64Decoded, $symmetricKey); return $signedToken; }