コード例 #1
1
ファイル: client.php プロジェクト: Deeplace/mpay_integration
 function __doRequest($request, $location, $saction, $version)
 {
     $dom = new DOMDocument();
     $dom->loadXML($request);
     $objWSSE = new WSSESoap($dom);
     /* Sign all headers to include signing the WS-Addressing headers */
     $objWSSE->signAllHeaders = TRUE;
     $objWSSE->addTimestamp();
     /* create new XMLSec Key using RSA SHA-1 and type is private key */
     $objKey = new XMLSecurityKey(XMLSecurityKey::RSA_SHA1, array('type' => 'private'));
     /* load the private key from file - last arg is bool if key in file (TRUE) or is string (FALSE) */
     $objKey->loadKey(PRIVATE_KEY, TRUE);
     // Sign the message - also signs appropraite WS-Security items
     $objWSSE->signSoapDoc($objKey);
     /* Add certificate (BinarySecurityToken) to the message and attach pointer to Signature */
     $token = $objWSSE->addBinaryToken(file_get_contents(CERT_FILE));
     $objWSSE->attachTokentoSig($token);
     $request = $objWSSE->saveXML();
     $dom = new DOMDocument();
     $dom->loadXML($request);
     $objWSA = new WSASoap($dom);
     $objWSA->addAction($saction);
     $objWSA->addTo($location);
     $objWSA->addMessageID();
     $objWSA->addReplyTo();
     $request = $objWSA->getDoc()->saveXML();
     return parent::__doRequest($request, $location, $saction, $version);
 }
コード例 #2
0
 /**
  * BC compatible version of the signature check
  *
  * @param SAML2_SignedElement      $element
  * @param SAML2_Certificate_X509[] $pemCandidates
  *
  * @throws Exception
  *
  * @return bool
  */
 protected function validateElementWithKeys(SAML2_SignedElement $element, $pemCandidates)
 {
     $lastException = NULL;
     foreach ($pemCandidates as $index => $candidateKey) {
         $key = new XMLSecurityKey(XMLSecurityKey::RSA_SHA1, array('type' => 'public'));
         $key->loadKey($candidateKey->getCertificate());
         try {
             /*
              * Make sure that we have a valid signature on either the response or the assertion.
              */
             $result = $element->validate($key);
             if ($result) {
                 $this->logger->debug(sprintf('Validation with key "#%d" succeeded', $index));
                 return TRUE;
             }
             $this->logger->debug(sprintf('Validation with key "#%d" failed without exception.', $index));
         } catch (Exception $e) {
             $this->logger->debug(sprintf('Validation with key "#%d" failed with exception: %s', $index, $e->getMessage()));
             $lastException = $e;
         }
     }
     if ($lastException !== NULL) {
         throw $lastException;
     } else {
         return FALSE;
     }
 }
コード例 #3
0
 public function __doRequest($request, $location, $saction, $version)
 {
     $doc = new DOMDocument('1.0');
     $doc->loadXML($request);
     $objWSSE = new WSSESoap($doc);
     /* add Timestamp with no expiration timestamp */
     $objWSSE->addTimestamp();
     /* create new XMLSec Key using AES256_CBC and type is private key */
     $objKey = new XMLSecurityKey(XMLSecurityKey::RSA_SHA1, array('type' => 'private'));
     /* load the private key from file - last arg is bool if key in file (true) or is string (false) */
     $objKey->loadKey(PRIVATE_KEY, true);
     /* Sign the message - also signs appropiate WS-Security items */
     $options = array("insertBefore" => false);
     $objWSSE->signSoapDoc($objKey, $options);
     /* Add certificate (BinarySecurityToken) to the message */
     $token = $objWSSE->addBinaryToken(file_get_contents(CERT_FILE));
     /* Attach pointer to Signature */
     $objWSSE->attachTokentoSig($token);
     $objKey = new XMLSecurityKey(XMLSecurityKey::AES256_CBC);
     $objKey->generateSessionKey();
     $siteKey = new XMLSecurityKey(XMLSecurityKey::RSA_OAEP_MGF1P, array('type' => 'public'));
     $siteKey->loadKey(SERVICE_CERT, true, true);
     $options = array("KeyInfo" => array("X509SubjectKeyIdentifier" => true));
     $objWSSE->encryptSoapDoc($siteKey, $objKey, $options);
     $retVal = parent::__doRequest($objWSSE->saveXML(), $location, $saction, $version);
     $doc = new DOMDocument();
     $doc->loadXML($retVal);
     $options = array("keys" => array("private" => array("key" => PRIVATE_KEY, "isFile" => true, "isCert" => false)));
     $objWSSE->decryptSoapDoc($doc, $options);
     return $doc->saveXML();
 }
コード例 #4
0
 /**
  * Set the assertion.
  *
  * @param SAML2_Assertion $assertion The assertion.
  * @param XMLSecurityKey  $key       The key we should use to encrypt the assertion.
  * @throws Exception
  */
 public function setAssertion(SAML2_Assertion $assertion, XMLSecurityKey $key)
 {
     $xml = $assertion->toXML();
     SAML2_Utils::getContainer()->debugMessage($xml, 'encrypt');
     $enc = new XMLSecEnc();
     $enc->setNode($xml);
     $enc->type = XMLSecEnc::Element;
     switch ($key->type) {
         case XMLSecurityKey::TRIPLEDES_CBC:
         case XMLSecurityKey::AES128_CBC:
         case XMLSecurityKey::AES192_CBC:
         case XMLSecurityKey::AES256_CBC:
             $symmetricKey = $key;
             break;
         case XMLSecurityKey::RSA_1_5:
         case XMLSecurityKey::RSA_OAEP_MGF1P:
             $symmetricKey = new XMLSecurityKey(XMLSecurityKey::AES128_CBC);
             $symmetricKey->generateSessionKey();
             $enc->encryptKey($key, $symmetricKey);
             break;
         default:
             throw new Exception('Unknown key type for encryption: ' . $key->type);
     }
     $this->encryptedData = $enc->encryptNode($symmetricKey);
 }
コード例 #5
0
 public function addUserToken($userName, $password = NULL, $passwordDigest = FALSE)
 {
     if ($passwordDigest && empty($password)) {
         throw new Exception("Cannot calculate the digest without a password");
     }
     $security = $this->locateSecurityHeader();
     $token = $this->SOAPDoc->createElementNS(WSSESoap::WSUNS, WSSESoap::WSUPFX . ':UsernameToken');
     $security->insertBefore($token, $security->firstChild);
     $username = $this->SOAPDoc->createElementNS(WSSESoap::WSUNS, WSSESoap::WSUPFX . ':Username', $userName);
     $token->appendChild($username);
     /* Generate nonce - create a 256 bit session key to be used */
     $objKey = new XMLSecurityKey(XMLSecurityKey::AES256_CBC);
     $nonce = $objKey->generateSessionKey();
     unset($objKey);
     $createdate = gmdate("Y-m-d\\TH:i:s") . 'Z';
     if ($password) {
         $passType = '#PasswordText';
         if ($passwordDigest) {
             $password = base64_encode(sha1($nonce . $createdate . $password, true));
             $passType = '#PasswordDigest';
         }
         $passwordNode = $this->SOAPDoc->createElementNS(WSSESoap::WSUNS, WSSESoap::WSUPFX . ':Password', $userName);
         $token->appendChild($passwordNode);
         $passwordNode->setAttribute('Type', $passType);
     }
     $nonceNode = $this->SOAPDoc->createElementNS(WSSESoap::WSUNS, WSSESoap::WSUPFX . ':Nonce', base64_encode($nonce));
     $token->appendChild($nonceNode);
     $created = $this->SOAPDoc->createElementNS(WSSESoap::WSUNS, WSSESoap::WSUPFX . ':Created', $createdate);
     $token->appendChild($created);
     return $token;
 }
コード例 #6
0
ファイル: SLOTest.php プロジェクト: filonuse/fedlab
 protected function createLogoutResponse($testrun, $logoutRequest, $logoutRelayState)
 {
     $this->log($testrun, 'Creating response with relaystate [' . $logoutRelayState . ']');
     $idpMetadata = SimpleSAML_Configuration::loadFromArray($this->idpmetadata);
     $spMetadata = SimpleSAML_Configuration::loadFromArray($this->metadata);
     // Get SingleLogoutService URL
     $consumerURLf = $spMetadata->getDefaultEndpoint('SingleLogoutService', array('urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect'));
     $consumerURL = $consumerURLf['Location'];
     /* Create an send response. */
     $response = sspmod_saml2_Message::buildLogoutResponse($idpMetadata, $spMetadata);
     $response->setRelayState($logoutRequest->getRelayState());
     $response->setInResponseTo($logoutRequest->getId());
     $keyArray = SimpleSAML_Utilities::loadPrivateKey($idpMetadata, TRUE);
     $certArray = SimpleSAML_Utilities::loadPublicKey($idpMetadata, FALSE);
     $privateKey = new XMLSecurityKey(XMLSecurityKey::RSA_SHA1, array('type' => 'private'));
     $privateKey->loadKey($keyArray['PEM'], FALSE);
     $response->setSignatureKey($privateKey);
     if ($certArray === NULL) {
         throw new Exception('No certificates found. [1]');
     }
     if (!array_key_exists('PEM', $certArray)) {
         throw new Exception('No certificates found. [2]');
     }
     $response->setCertificates(array($certArray['PEM']));
     #$this->tweakResponse($testrun, $response);
     $msgStr = $response->toUnsignedXML();
     #$this->tweakResponseDOM($testrun, $msgStr);
     $msgStr = $msgStr->ownerDocument->saveXML($msgStr);
     #	echo '<pre>'; echo(htmlspecialchars($msgStr)); exit;
     #		$msgStr = base64_encode($msgStr);
     #		$msgStr = htmlspecialchars($msgStr);
     return array('url' => $consumerURL, 'Response' => $msgStr, 'ResponseObj' => $response, 'RelayState' => $logoutRelayState);
 }
 public static function setUpBeforeClass()
 {
     $cert = "-----BEGIN CERTIFICATE-----\n" . "MIIDfjCCAmagAwIBAQICJxAwDQYJKoZIhvcNAQEFBQAwgYExCzAJBgNVBAYTAlVT\r\n" . "MRIwEAYDVQQIEwlMYXMgVmVnYXMxEjAQBgNVBAcTCUxhcyBWZWdhczEYMBYGA1UE\r\n" . "ChMPTGF1bmNoS2V5LCBJbmMuMRgwFgYDVQQLEw9MYXVuY2hLZXksIEluYy4xFjAU\r\n" . "BgNVBAMTDWxhdW5jaGtleS5jb20wHhcNMTUxMTAyMjMyNzQ5WhcNMTYxMTAxMjMy\r\n" . "NzQ5WjCBgTELMAkGA1UEBhMCVVMxEjAQBgNVBAgTCUxhcyBWZWdhczESMBAGA1UE\r\n" . "BxMJTGFzIFZlZ2FzMRgwFgYDVQQKEw9MYXVuY2hLZXksIEluYy4xGDAWBgNVBAsT\r\n" . "D0xhdW5jaEtleSwgSW5jLjEWMBQGA1UEAxMNbGF1bmNoa2V5LmNvbTCCASIwDQYJ\r\n" . "KoZIhvcNAQEBBQADggEPADCCAQoCggEBAN1Q3Og6izyf35UaeivS88Wlzjdz2yPm\r\n" . "juOge/awYJa8V2dED0oCjdAxex9Ak8lEE9naD6ZcuA0Kta5mHKk1ho5Z4aq1493w\r\n" . "HFbPbzVFldBAzFqig7m5/k1B/QY8w7CP1QG5aM9ebQeCJwdhz7UBmNQL2r2K02zn\r\n" . "2DFhEuus1YKM+pfSO2I+yTd/AyBtq4zu+LusibNoU9ADKQ3IoJtzyZ+CUuuOG3jz\r\n" . "Z+zwuzH/0hpuTs6TnBSAGYD1Xow2X7lULLzXwZ4R3SopTesncIbXLa2luTLQIody\r\n" . "uA/gSirbW7g02zQ8G3JcO+ce6UnusklzvdBPoJ2vttpDEsWlNqbSTWcCAwEAATAN\r\n" . "BgkqhkiG9w0BAQUFAAOCAQEARz9V7cBG2et/741mdtbspQTN4HF0hUp3NEJzBrP/\r\n" . "YtdMYIVAUh2sc3sf/oiakLgqYBA78rSk9CbNlv4EJ/FEC/5X3l1o9h5dFLXt40LL\r\n" . "4I+ijYY3BlsgRL9K2CNYRCq1bJX8xlcY0hVqqsZipzR4zeyqQVMLXH/zSScTrF5j\r\n" . "b5KQcYFiRP7AF30OtGoZxhnsDUcErhdWY5lGvaSex6LsOC2UGtmwK3FWu+NMDzL0\r\n" . "+ovdBGpsmDp3IN1AKwd9/6EQ3XbQPyXoXpW0TCBzs/OxGqnhiJD9rROCtVl1SJze\r\n" . "LWllWSmosQFhsXwSO5ZlnechO+SMaxN7OrV7POOv8aRcpQ==\r\n" . "-----END CERTIFICATE-----\n";
     static::$key = new XMLSecurityKey(XMLSecurityKey::RSA_SHA1, array('type' => 'public'));
     static::$key->loadKey($cert, false, true);
     static::$response_data = "PG5zMDpSZXNwb25zZSB4bWxuczpuczA9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDpwcm90b2Nv" . "bCIgeG1sbnM6bnMxPSJ1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6YXNzZXJ0aW9uIiB4bWxuczp" . "uczI9Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvMDkveG1sZHNpZyMiIHhtbG5zOnhzaT0iaHR0cDovL3" . "d3dy53My5vcmcvMjAwMS9YTUxTY2hlbWEtaW5zdGFuY2UiIERlc3RpbmF0aW9uPSJodHRwOi8vMTI3L" . "jAuMC4xOjgwODAvYWNzL3Bvc3QiIElEPSJpZC0yZmRhNGZmOTlmZjBkMjZhNDg3MjI1OGY0ODk1ZDU4" . "NSIgSXNzdWVJbnN0YW50PSIyMDE1LTExLTAzVDIyOjQyOjI0WiIgVmVyc2lvbj0iMi4wIj48bnMxOkl" . "zc3VlciBGb3JtYXQ9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDpuYW1laWQtZm9ybWF0OmVudG" . "l0eSI+bGF1bmNoa2V5LmNvbTwvbnMxOklzc3Vlcj48bnMyOlNpZ25hdHVyZSB4bWxuczpuczI9Imh0d" . "HA6Ly93d3cudzMub3JnLzIwMDAvMDkveG1sZHNpZyMiPjxuczI6U2lnbmVkSW5mbz48bnMyOkNhbm9u" . "aWNhbGl6YXRpb25NZXRob2QgQWxnb3JpdGhtPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxLzEwL3htbC1" . "leGMtYzE0biMiLz48bnMyOlNpZ25hdHVyZU1ldGhvZCBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3" . "JnLzIwMDAvMDkveG1sZHNpZyNyc2Etc2hhMSIvPjxuczI6UmVmZXJlbmNlIFVSST0iI2lkLTJmZGE0Z" . "mY5OWZmMGQyNmE0ODcyMjU4ZjQ4OTVkNTg1Ij48bnMyOlRyYW5zZm9ybXM+PG5zMjpUcmFuc2Zvcm0g" . "QWxnb3JpdGhtPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwLzA5L3htbGRzaWcjZW52ZWxvcGVkLXNpZ25" . "hdHVyZSIvPjxuczI6VHJhbnNmb3JtIEFsZ29yaXRobT0iaHR0cDovL3d3dy53My5vcmcvMjAwMS8xMC" . "94bWwtZXhjLWMxNG4jIi8+PC9uczI6VHJhbnNmb3Jtcz48bnMyOkRpZ2VzdE1ldGhvZCBBbGdvcml0a" . "G09Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvMDkveG1sZHNpZyNzaGExIi8+PG5zMjpEaWdlc3RWYWx1" . "ZT5qb1dqNDRmMUZUN3Jwd1p3enBJbjE2RjMzdk09PC9uczI6RGlnZXN0VmFsdWU+PC9uczI6UmVmZXJ" . "lbmNlPjwvbnMyOlNpZ25lZEluZm8+PG5zMjpTaWduYXR1cmVWYWx1ZT5SUm5Jc091UFlDenVxcG9tMl" . "BsZjVGRG1tKzlDc1gxY2FUK0JUN01KVzRnMW1idU1sN0VMRyt4d0hmS21YMUpNCndoRnFwYUU0Snd1a" . "GhQK0Z5OE5ob3E4cWZjekNBU05STnovMHVsYk9KMlZUcmhubXI0TFExUnNuaHMwL2hGckcKKzVxaVl1" . "b0NVbmhHRlcwL1l3emF5VXlKS3pkOU0yNkhmR0pzUkNOS0tDM3dxTVhlWGNXRTB0MkxTeEdvQXNocAp" . "FYzhLMzRHK21IWWRDYUgxQnNpMldma3BpWWo0WE12RUFtSEVtUE1WSmRzc21LUmhWYmVqVnNobW53SX" . "Izck5LCmJXZW9naHc1cnNkN0NXZjVTL1FiVlUvbmtyMVBjeUozR292NUpQRkpjS2xpMDZBQTViWlVBS" . "GU1YkxvTTNnc2oKMEZNVDV0SnhQU1hRbFlJcU4yRldiUT09PC9uczI6U2lnbmF0dXJlVmFsdWU+PG5z" . "MjpLZXlJbmZvPjxuczI6WDUwOURhdGE+PG5zMjpYNTA5Q2VydGlmaWNhdGU+TUlJRGZqQ0NBbWFnQXd" . "JQkFRSUNKeEF3RFFZSktvWklodmNOQVFFRkJRQXdnWUV4Q3pBSkJnTlZCQVlUQWxWVE1SSXdFQVlEVl" . "FRSUV3bE1ZWE1nVm1WbllYTXhFakFRQmdOVkJBY1RDVXhoY3lCV1pXZGhjekVZTUJZR0ExVUVDaE1QV" . "EdGMWJtTm9TMlY1TENCSmJtTXVNUmd3RmdZRFZRUUxFdzlNWVhWdVkyaExaWGtzSUVsdVl5NHhGakFV" . "QmdOVkJBTVREV3hoZFc1amFHdGxlUzVqYjIwd0hoY05NVFV4TVRBeU1qTXlOelE1V2hjTk1UWXhNVEF" . "4TWpNeU56UTVXakNCZ1RFTE1Ba0dBMVVFQmhNQ1ZWTXhFakFRQmdOVkJBZ1RDVXhoY3lCV1pXZGhjek" . "VTTUJBR0ExVUVCeE1KVEdGeklGWmxaMkZ6TVJnd0ZnWURWUVFLRXc5TVlYVnVZMmhMWlhrc0lFbHVZe" . "TR4R0RBV0JnTlZCQXNURDB4aGRXNWphRXRsZVN3Z1NXNWpMakVXTUJRR0ExVUVBeE1OYkdGMWJtTm9h" . "MlY1TG1OdmJUQ0NBU0l3RFFZSktvWklodmNOQVFFQkJRQURnZ0VQQURDQ0FRb0NnZ0VCQU4xUTNPZzZ" . "penlmMzVVYWVpdlM4OFdsempkejJ5UG1qdU9nZS9hd1lKYThWMmRFRDBvQ2pkQXhleDlBazhsRUU5bm" . "FENlpjdUEwS3RhNW1IS2sxaG81WjRhcTE0OTN3SEZiUGJ6VkZsZEJBekZxaWc3bTUvazFCL1FZOHc3Q" . "1AxUUc1YU05ZWJRZUNKd2RoejdVQm1OUUwycjJLMDJ6bjJERmhFdXVzMVlLTStwZlNPMkkreVRkL0F5" . "QnRxNHp1K0x1c2liTm9VOUFES1EzSW9KdHp5WitDVXV1T0czanpaK3p3dXpILzBocHVUczZUbkJTQUd" . "ZRDFYb3cyWDdsVUxMelh3WjRSM1NvcFRlc25jSWJYTGEybHVUTFFJb2R5dUEvZ1NpcmJXN2cwMnpROE" . "czSmNPK2NlNlVudXNrbHp2ZEJQb0oydnR0cERFc1dsTnFiU1RXY0NBd0VBQVRBTkJna3Foa2lHOXcwQ" . "kFRVUZBQU9DQVFFQVJ6OVY3Y0JHMmV0Lzc0MW1kdGJzcFFUTjRIRjBoVXAzTkVKekJyUC9ZdGRNWUlW" . "QVVoMnNjM3NmL29pYWtMZ3FZQkE3OHJTazlDYk5sdjRFSi9GRUMvNVgzbDFvOWg1ZEZMWHQ0MExMNEk" . "raWpZWTNCbHNnUkw5SzJDTllSQ3ExYkpYOHhsY1kwaFZxcXNaaXB6UjR6ZXlxUVZNTFhIL3pTU2NUck" . "Y1amI1S1FjWUZpUlA3QUYzME90R29aeGhuc0RVY0VyaGRXWTVsR3ZhU2V4NkxzT0MyVUd0bXdLM0ZXd" . "StOTUR6TDArb3ZkQkdwc21EcDNJTjFBS3dkOS82RVEzWGJRUHlYb1hwVzBUQ0J6cy9PeEdxbmhpSkQ5" . "clJPQ3RWbDFTSnplTFdsbFdTbW9zUUZoc1h3U081WmxuZWNoTytTTWF4TjdPclY3UE9PdjhhUmNwUT0" . "9PC9uczI6WDUwOUNlcnRpZmljYXRlPjwvbnMyOlg1MDlEYXRhPjwvbnMyOktleUluZm8+PC9uczI6U2" . "lnbmF0dXJlPjxuczA6U3RhdHVzPjxuczA6U3RhdHVzQ29kZSBWYWx1ZT0idXJuOm9hc2lzOm5hbWVzO" . "nRjOlNBTUw6Mi4wOnN0YXR1czpTdWNjZXNzIi8+PC9uczA6U3RhdHVzPjxuczE6QXNzZXJ0aW9uIElE" . "PSJpZC05NmJhMjg4MTYxNmM5ODEyNGY2MmZhMWJjM2ExNGM0ZCIgSXNzdWVJbnN0YW50PSIyMDE1LTE" . "xLTAzVDIyOjQyOjI0WiIgVmVyc2lvbj0iMi4wIj48bnMxOklzc3VlciBGb3JtYXQ9InVybjpvYXNpcz" . "puYW1lczp0YzpTQU1MOjIuMDpuYW1laWQtZm9ybWF0OmVudGl0eSI+bGF1bmNoa2V5LmNvbTwvbnMxO" . "klzc3Vlcj48bnMyOlNpZ25hdHVyZSB4bWxuczpuczI9Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvMDkv" . "eG1sZHNpZyMiPjxuczI6U2lnbmVkSW5mbz48bnMyOkNhbm9uaWNhbGl6YXRpb25NZXRob2QgQWxnb3J" . "pdGhtPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxLzEwL3htbC1leGMtYzE0biMiLz48bnMyOlNpZ25hdH" . "VyZU1ldGhvZCBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvMDkveG1sZHNpZyNyc2Etc" . "2hhMSIvPjxuczI6UmVmZXJlbmNlIFVSST0iI2lkLTk2YmEyODgxNjE2Yzk4MTI0ZjYyZmExYmMzYTE0" . "YzRkIj48bnMyOlRyYW5zZm9ybXM+PG5zMjpUcmFuc2Zvcm0gQWxnb3JpdGhtPSJodHRwOi8vd3d3Lnc" . "zLm9yZy8yMDAwLzA5L3htbGRzaWcjZW52ZWxvcGVkLXNpZ25hdHVyZSIvPjxuczI6VHJhbnNmb3JtIE" . "FsZ29yaXRobT0iaHR0cDovL3d3dy53My5vcmcvMjAwMS8xMC94bWwtZXhjLWMxNG4jIi8+PC9uczI6V" . "HJhbnNmb3Jtcz48bnMyOkRpZ2VzdE1ldGhvZCBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnLzIw" . "MDAvMDkveG1sZHNpZyNzaGExIi8+PG5zMjpEaWdlc3RWYWx1ZT5MK1NJN0VvMklaanZrMElYQnFvbXh" . "ieEx5Yk09PC9uczI6RGlnZXN0VmFsdWU+PC9uczI6UmVmZXJlbmNlPjwvbnMyOlNpZ25lZEluZm8+PG" . "5zMjpTaWduYXR1cmVWYWx1ZT5wa25paTA3NGdBWlZnbG1MMk1ZbEEyZ2lyOGZzdzBIbWtyWXlUVFNmM" . "0dzRUZqRmhiby9BK0piM2dHQS9vRjY5CmxSWHgzU29MeklHdlo1c0lMaVR3aW1qek1ETmEzMWJpb2NF" . "ckpqajFzMURKVDJTeHNMdFd2L0JKd1JmeE1Rb3AKeHMyZ1JWcmhNTmlWTEtwcytFTit4Sk54MGVrTDh" . "Bc1YwYWdrZ0Z0dStQY294N0tRbnBIRmhyM0FuaVN1NExNWApWVVk3S001bkhjUksyK0lFckRVelB2Ri" . "8yQkQ0ZFFad0MzTUlWUjM3R0laU1l4d1hrWXZ3amhVcWZ3YlRRQ0VBCkxKTEp2WFVNdWtkQnhOOEorN" . "mRxZDN6L0dHRFpZaHRLS21vVUNHSVpQUzZIUEVrZUZCbkRrVkxGZEVlMEY1a1QKMDRjb2ZqZHZ4NTha" . "SEhBMzhmbjhTUT09PC9uczI6U2lnbmF0dXJlVmFsdWU+PG5zMjpLZXlJbmZvPjxuczI6WDUwOURhdGE" . "+PG5zMjpYNTA5Q2VydGlmaWNhdGU+TUlJRGZqQ0NBbWFnQXdJQkFRSUNKeEF3RFFZSktvWklodmNOQV" . "FFRkJRQXdnWUV4Q3pBSkJnTlZCQVlUQWxWVE1SSXdFQVlEVlFRSUV3bE1ZWE1nVm1WbllYTXhFakFRQ" . "mdOVkJBY1RDVXhoY3lCV1pXZGhjekVZTUJZR0ExVUVDaE1QVEdGMWJtTm9TMlY1TENCSmJtTXVNUmd3" . "RmdZRFZRUUxFdzlNWVhWdVkyaExaWGtzSUVsdVl5NHhGakFVQmdOVkJBTVREV3hoZFc1amFHdGxlUzV" . "qYjIwd0hoY05NVFV4TVRBeU1qTXlOelE1V2hjTk1UWXhNVEF4TWpNeU56UTVXakNCZ1RFTE1Ba0dBMV" . "VFQmhNQ1ZWTXhFakFRQmdOVkJBZ1RDVXhoY3lCV1pXZGhjekVTTUJBR0ExVUVCeE1KVEdGeklGWmxaM" . "kZ6TVJnd0ZnWURWUVFLRXc5TVlYVnVZMmhMWlhrc0lFbHVZeTR4R0RBV0JnTlZCQXNURDB4aGRXNWph" . "RXRsZVN3Z1NXNWpMakVXTUJRR0ExVUVBeE1OYkdGMWJtTm9hMlY1TG1OdmJUQ0NBU0l3RFFZSktvWkl" . "odmNOQVFFQkJRQURnZ0VQQURDQ0FRb0NnZ0VCQU4xUTNPZzZpenlmMzVVYWVpdlM4OFdsempkejJ5UG" . "1qdU9nZS9hd1lKYThWMmRFRDBvQ2pkQXhleDlBazhsRUU5bmFENlpjdUEwS3RhNW1IS2sxaG81WjRhc" . "TE0OTN3SEZiUGJ6VkZsZEJBekZxaWc3bTUvazFCL1FZOHc3Q1AxUUc1YU05ZWJRZUNKd2RoejdVQm1O" . "UUwycjJLMDJ6bjJERmhFdXVzMVlLTStwZlNPMkkreVRkL0F5QnRxNHp1K0x1c2liTm9VOUFES1EzSW9" . "KdHp5WitDVXV1T0czanpaK3p3dXpILzBocHVUczZUbkJTQUdZRDFYb3cyWDdsVUxMelh3WjRSM1NvcF" . "Rlc25jSWJYTGEybHVUTFFJb2R5dUEvZ1NpcmJXN2cwMnpROEczSmNPK2NlNlVudXNrbHp2ZEJQb0oyd" . "nR0cERFc1dsTnFiU1RXY0NBd0VBQVRBTkJna3Foa2lHOXcwQkFRVUZBQU9DQVFFQVJ6OVY3Y0JHMmV0" . "Lzc0MW1kdGJzcFFUTjRIRjBoVXAzTkVKekJyUC9ZdGRNWUlWQVVoMnNjM3NmL29pYWtMZ3FZQkE3OHJ" . "TazlDYk5sdjRFSi9GRUMvNVgzbDFvOWg1ZEZMWHQ0MExMNEkraWpZWTNCbHNnUkw5SzJDTllSQ3ExYk" . "pYOHhsY1kwaFZxcXNaaXB6UjR6ZXlxUVZNTFhIL3pTU2NUckY1amI1S1FjWUZpUlA3QUYzME90R29ae" . "Ghuc0RVY0VyaGRXWTVsR3ZhU2V4NkxzT0MyVUd0bXdLM0ZXdStOTUR6TDArb3ZkQkdwc21EcDNJTjFB" . "S3dkOS82RVEzWGJRUHlYb1hwVzBUQ0J6cy9PeEdxbmhpSkQ5clJPQ3RWbDFTSnplTFdsbFdTbW9zUUZ" . "oc1h3U081WmxuZWNoTytTTWF4TjdPclY3UE9PdjhhUmNwUT09PC9uczI6WDUwOUNlcnRpZmljYXRlPj" . "wvbnMyOlg1MDlEYXRhPjwvbnMyOktleUluZm8+PC9uczI6U2lnbmF0dXJlPjxuczE6U3ViamVjdD48b" . "nMxOk5hbWVJRCBGb3JtYXQ9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjEuMTpuYW1laWQtZm9ybWF0" . "OmVtYWlsQWRkcmVzcyI+dGVzdGVtYWlsQHRlc3RtZS5vcmc8L25zMTpOYW1lSUQ+PG5zMTpTdWJqZWN" . "0Q29uZmlybWF0aW9uIE1ldGhvZD0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOmNtOmJlYXJlci" . "I+PG5zMTpTdWJqZWN0Q29uZmlybWF0aW9uRGF0YSBOb3RPbk9yQWZ0ZXI9IjIwMTUtMTEtMDNUMjI6N" . "Tc6MjRaIiBSZWNpcGllbnQ9Imh0dHA6Ly8xMjcuMC4wLjE6ODA4MC9hY3MvcG9zdCIvPjwvbnMxOlN1" . "YmplY3RDb25maXJtYXRpb24+PC9uczE6U3ViamVjdD48bnMxOkNvbmRpdGlvbnMgTm90QmVmb3JlPSI" . "yMDE1LTExLTAzVDIyOjQyOjI0WiIgTm90T25PckFmdGVyPSIyMDE1LTExLTAzVDIyOjU3OjI0WiI+PG" . "5zMTpBdWRpZW5jZVJlc3RyaWN0aW9uPjxuczE6QXVkaWVuY2U+dGVzdC1zc288L25zMTpBdWRpZW5jZ" . "T48L25zMTpBdWRpZW5jZVJlc3RyaWN0aW9uPjwvbnMxOkNvbmRpdGlvbnM+PG5zMTpBdXRoblN0YXRl" . "bWVudCBBdXRobkluc3RhbnQ9IjIwMTUtMTEtMDNUMjI6NDI6MjRaIiBTZXNzaW9uSW5kZXg9ImlkLWI" . "0MzczYzg3YTZmMThmOTc4NjJjOTMxNzQ0ZmQ3OTlmIj48bnMxOkF1dGhuQ29udGV4dD48bnMxOkF1dG" . "huQ29udGV4dENsYXNzUmVmPnVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDphYzpjbGFzc2VzOnVuc" . "3BlY2lmaWVkPC9uczE6QXV0aG5Db250ZXh0Q2xhc3NSZWY+PG5zMTpBdXRoZW50aWNhdGluZ0F1dGhv" . "cml0eT5odHRwczovL3NhbWwubGF1bmNoa2V5LmNvbS9pZHAueG1sPC9uczE6QXV0aGVudGljYXRpbmd" . "BdXRob3JpdHk+PC9uczE6QXV0aG5Db250ZXh0PjwvbnMxOkF1dGhuU3RhdGVtZW50PjxuczE6QXR0cm" . "lidXRlU3RhdGVtZW50PjxuczE6QXR0cmlidXRlIE5hbWU9ImFrZXkiIE5hbWVGb3JtYXQ9InVybjpvY" . "XNpczpuYW1lczp0YzpTQU1MOjIuMDphdHRybmFtZS1mb3JtYXQ6dXJpIj48bnMxOkF0dHJpYnV0ZVZh" . "bHVlIHhzaTp0eXBlPSJ4czpzdHJpbmciPmF2YWx1ZTwvbnMxOkF0dHJpYnV0ZVZhbHVlPjwvbnMxOkF" . "0dHJpYnV0ZT48L25zMTpBdHRyaWJ1dGVTdGF0ZW1lbnQ+PC9uczE6QXNzZXJ0aW9uPjwvbnMwOlJlc3" . "BvbnNlPg==";
 }
 public static function setUpBeforeClass()
 {
     $cert = "-----BEGIN CERTIFICATE-----\n" . "MIIDfjCCAmagAwIBAQICJxAwDQYJKoZIhvcNAQEFBQAwgYExCzAJBgNVBAYTAlVT\r\n" . "MRIwEAYDVQQIEwlMYXMgVmVnYXMxEjAQBgNVBAcTCUxhcyBWZWdhczEYMBYGA1UE\r\n" . "ChMPTGF1bmNoS2V5LCBJbmMuMRgwFgYDVQQLEw9MYXVuY2hLZXksIEluYy4xFjAU\r\n" . "BgNVBAMTDWxhdW5jaGtleS5jb20wHhcNMTUxMTAyMjMyNzQ5WhcNMTYxMTAxMjMy\r\n" . "NzQ5WjCBgTELMAkGA1UEBhMCVVMxEjAQBgNVBAgTCUxhcyBWZWdhczESMBAGA1UE\r\n" . "BxMJTGFzIFZlZ2FzMRgwFgYDVQQKEw9MYXVuY2hLZXksIEluYy4xGDAWBgNVBAsT\r\n" . "D0xhdW5jaEtleSwgSW5jLjEWMBQGA1UEAxMNbGF1bmNoa2V5LmNvbTCCASIwDQYJ\r\n" . "KoZIhvcNAQEBBQADggEPADCCAQoCggEBAN1Q3Og6izyf35UaeivS88Wlzjdz2yPm\r\n" . "juOge/awYJa8V2dED0oCjdAxex9Ak8lEE9naD6ZcuA0Kta5mHKk1ho5Z4aq1493w\r\n" . "HFbPbzVFldBAzFqig7m5/k1B/QY8w7CP1QG5aM9ebQeCJwdhz7UBmNQL2r2K02zn\r\n" . "2DFhEuus1YKM+pfSO2I+yTd/AyBtq4zu+LusibNoU9ADKQ3IoJtzyZ+CUuuOG3jz\r\n" . "Z+zwuzH/0hpuTs6TnBSAGYD1Xow2X7lULLzXwZ4R3SopTesncIbXLa2luTLQIody\r\n" . "uA/gSirbW7g02zQ8G3JcO+ce6UnusklzvdBPoJ2vttpDEsWlNqbSTWcCAwEAATAN\r\n" . "BgkqhkiG9w0BAQUFAAOCAQEARz9V7cBG2et/741mdtbspQTN4HF0hUp3NEJzBrP/\r\n" . "YtdMYIVAUh2sc3sf/oiakLgqYBA78rSk9CbNlv4EJ/FEC/5X3l1o9h5dFLXt40LL\r\n" . "4I+ijYY3BlsgRL9K2CNYRCq1bJX8xlcY0hVqqsZipzR4zeyqQVMLXH/zSScTrF5j\r\n" . "b5KQcYFiRP7AF30OtGoZxhnsDUcErhdWY5lGvaSex6LsOC2UGtmwK3FWu+NMDzL0\r\n" . "+ovdBGpsmDp3IN1AKwd9/6EQ3XbQPyXoXpW0TCBzs/OxGqnhiJD9rROCtVl1SJze\r\n" . "LWllWSmosQFhsXwSO5ZlnechO+SMaxN7OrV7POOv8aRcpQ==\r\n" . "-----END CERTIFICATE-----\n";
     static::$key = new XMLSecurityKey(XMLSecurityKey::RSA_SHA1, array('type' => 'public'));
     static::$key->loadKey($cert, false, true);
     static::$request_data = "PG5zMDpMb2dvdXRSZXF1ZXN0IHhtbG5zOm5zMD0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOnByb3R" . "vY29sIiB4bWxuczpuczE9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDphc3NlcnRpb24iIHhtbG5zOm" . "5zMj0iaHR0cDovL3d3dy53My5vcmcvMjAwMC8wOS94bWxkc2lnIyIgRGVzdGluYXRpb249Imh0dHA6Ly8xO" . "TIuMTY4LjIuOTU6ODA4MC9zbG8vcG9zdCIgSUQ9ImlkLThjMjg1MjJiZDRhMDA0ZjBlOGUxODMyYjQwNThk" . "NjJjIiBJc3N1ZUluc3RhbnQ9IjIwMTUtMTEtMTNUMjI6MzI6MjdaIiBOb3RPbk9yQWZ0ZXI9IjIwMTUtMTE" . "tMTNUMjI6NDc6MjdaIiBWZXJzaW9uPSIyLjAiPjxuczE6SXNzdWVyIEZvcm1hdD0idXJuOm9hc2lzOm5hbW" . "VzOnRjOlNBTUw6Mi4wOm5hbWVpZC1mb3JtYXQ6ZW50aXR5Ij5sYXVuY2hrZXkuY29tPC9uczE6SXNzdWVyP" . "jxuczI6U2lnbmF0dXJlIHhtbG5zOm5zMj0iaHR0cDovL3d3dy53My5vcmcvMjAwMC8wOS94bWxkc2lnIyI+" . "PG5zMjpTaWduZWRJbmZvPjxuczI6Q2Fub25pY2FsaXphdGlvbk1ldGhvZCBBbGdvcml0aG09Imh0dHA6Ly9" . "3d3cudzMub3JnLzIwMDEvMTAveG1sLWV4Yy1jMTRuIyIvPjxuczI6U2lnbmF0dXJlTWV0aG9kIEFsZ29yaX" . "RobT0iaHR0cDovL3d3dy53My5vcmcvMjAwMC8wOS94bWxkc2lnI3JzYS1zaGExIi8+PG5zMjpSZWZlcmVuY" . "2UgVVJJPSIjaWQtOGMyODUyMmJkNGEwMDRmMGU4ZTE4MzJiNDA1OGQ2MmMiPjxuczI6VHJhbnNmb3Jtcz48" . "bnMyOlRyYW5zZm9ybSBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvMDkveG1sZHNpZyNlbnZ" . "lbG9wZWQtc2lnbmF0dXJlIi8+PG5zMjpUcmFuc2Zvcm0gQWxnb3JpdGhtPSJodHRwOi8vd3d3LnczLm9yZy" . "8yMDAxLzEwL3htbC1leGMtYzE0biMiLz48L25zMjpUcmFuc2Zvcm1zPjxuczI6RGlnZXN0TWV0aG9kIEFsZ" . "29yaXRobT0iaHR0cDovL3d3dy53My5vcmcvMjAwMC8wOS94bWxkc2lnI3NoYTEiLz48bnMyOkRpZ2VzdFZh" . "bHVlPjR0S01BRHZtYTJ6a0dpa3FraHVnZzNnU00ydz08L25zMjpEaWdlc3RWYWx1ZT48L25zMjpSZWZlcmV" . "uY2U+PC9uczI6U2lnbmVkSW5mbz48bnMyOlNpZ25hdHVyZVZhbHVlPll4cmZtdG9YNHFRNktZeG5NQnVwWV" . "V1ejNmNyt2VDR0SVlWQmg5MUFhbFN5MkxVeDZsZ2R1RGVlTVpJbmJWeU8KdjV4aHRVWGtLaXB5eVlDTDBvV" . "E1RcTZUMkxMdHA0cDNhc0ZmbVhST05OUXZrbVlqVUNHZnI3Q2FubWVIZmJTegpnR3M3MVBVaUZWY2RuQWdn" . "QzU0MzZHeTV2TEZtQWRUNTB4Qkw4KzJ0dzNXbjVzcHlSczlMK2s3eEltSGdsU1NrCkRkSzBFYnl3V09TVWQ" . "zVVdHMnFvcVlldm5tZjJ3cVk3eEw3bmtxQ00rbVQ4TnRqY2dVTkRnTHpxMDV1TzVtZ00Kc2pNZTdqMzVhNn" . "lFSksrNE10ck1LYmp1RVRmRTFOMHRhaWplRVVjMEozenpoNEFnQUlwL0xzeXYzUklxTWhhSQowRFNIYk9qb" . "nRGeGJ0azFodWs4QVV3PT08L25zMjpTaWduYXR1cmVWYWx1ZT48bnMyOktleUluZm8+PG5zMjpYNTA5RGF0" . "YT48bnMyOlg1MDlDZXJ0aWZpY2F0ZT5NSUlEZmpDQ0FtYWdBd0lCQVFJQ0p4QXdEUVlKS29aSWh2Y05BUUV" . "GQlFBd2dZRXhDekFKQmdOVkJBWVRBbFZUTVJJd0VBWURWUVFJRXdsTVlYTWdWbVZuWVhNeEVqQVFCZ05WQk" . "FjVENVeGhjeUJXWldkaGN6RVlNQllHQTFVRUNoTVBUR0YxYm1Ob1MyVjVMQ0JKYm1NdU1SZ3dGZ1lEVlFRT" . "EV3OU1ZWFZ1WTJoTFpYa3NJRWx1WXk0eEZqQVVCZ05WQkFNVERXeGhkVzVqYUd0bGVTNWpiMjB3SGhjTk1U" . "VXhNVEF5TWpNeU56UTVXaGNOTVRZeE1UQXhNak15TnpRNVdqQ0JnVEVMTUFrR0ExVUVCaE1DVlZNeEVqQVF" . "CZ05WQkFnVENVeGhjeUJXWldkaGN6RVNNQkFHQTFVRUJ4TUpUR0Z6SUZabFoyRnpNUmd3RmdZRFZRUUtFdz" . "lNWVhWdVkyaExaWGtzSUVsdVl5NHhHREFXQmdOVkJBc1REMHhoZFc1amFFdGxlU3dnU1c1akxqRVdNQlFHQ" . "TFVRUF4TU5iR0YxYm1Ob2EyVjVMbU52YlRDQ0FTSXdEUVlKS29aSWh2Y05BUUVCQlFBRGdnRVBBRENDQVFv" . "Q2dnRUJBTjFRM09nNml6eWYzNVVhZWl2Uzg4V2x6amR6MnlQbWp1T2dlL2F3WUphOFYyZEVEMG9DamRBeGV" . "4OUFrOGxFRTluYUQ2WmN1QTBLdGE1bUhLazFobzVaNGFxMTQ5M3dIRmJQYnpWRmxkQkF6RnFpZzdtNS9rMU" . "IvUVk4dzdDUDFRRzVhTTllYlFlQ0p3ZGh6N1VCbU5RTDJyMkswMnpuMkRGaEV1dXMxWUtNK3BmU08ySSt5V" . "GQvQXlCdHE0enUrTHVzaWJOb1U5QURLUTNJb0p0enlaK0NVdXVPRzNqelorend1ekgvMGhwdVRzNlRuQlNB" . "R1lEMVhvdzJYN2xVTEx6WHdaNFIzU29wVGVzbmNJYlhMYTJsdVRMUUlvZHl1QS9nU2lyYlc3ZzAyelE4RzN" . "KY08rY2U2VW51c2tsenZkQlBvSjJ2dHRwREVzV2xOcWJTVFdjQ0F3RUFBVEFOQmdrcWhraUc5dzBCQVFVRk" . "FBT0NBUUVBUno5VjdjQkcyZXQvNzQxbWR0YnNwUVRONEhGMGhVcDNORUp6QnJQL1l0ZE1ZSVZBVWgyc2Mzc" . "2Yvb2lha0xncVlCQTc4clNrOUNiTmx2NEVKL0ZFQy81WDNsMW85aDVkRkxYdDQwTEw0SStpallZM0Jsc2dS" . "TDlLMkNOWVJDcTFiSlg4eGxjWTBoVnFxc1ppcHpSNHpleXFRVk1MWEgvelNTY1RyRjVqYjVLUWNZRmlSUDd" . "BRjMwT3RHb1p4aG5zRFVjRXJoZFdZNWxHdmFTZXg2THNPQzJVR3Rtd0szRld1K05NRHpMMCtvdmRCR3BzbU" . "RwM0lOMUFLd2Q5LzZFUTNYYlFQeVhvWHBXMFRDQnpzL094R3FuaGlKRDlyUk9DdFZsMVNKemVMV2xsV1Ntb" . "3NRRmhzWHdTTzVabG5lY2hPK1NNYXhON09yVjdQT092OGFSY3BRPT08L25zMjpYNTA5Q2VydGlmaWNhdGU+" . "PC9uczI6WDUwOURhdGE+PC9uczI6S2V5SW5mbz48L25zMjpTaWduYXR1cmU+PG5zMTpOYW1lSUQ+dGVzdGV" . "tYWlsQHRlc3RtZS5vcmc8L25zMTpOYW1lSUQ+PG5zMDpTZXNzaW9uSW5kZXg+aWQtMDcyNjAyMjVmZTdkMW" . "UyZWU4Zjg4Njg0NmNjNDBhZmE8L25zMDpTZXNzaW9uSW5kZXg+PC9uczA6TG9nb3V0UmVxdWVzdD4=";
 }
コード例 #9
0
ファイル: index.php プロジェクト: Esleelkartea/legedia-ESLE
function processDocument()
{
    global $src_file, $target_file, $user_pubkey_file_path, $user_cert_file_path;
    require dirname(__FILE__) . '/xmlseclibs.php';
    if (file_exists($target_file)) {
        unlink($target_file);
    }
    $doc = new DOMDocument();
    $doc->load($src_file);
    $objDSig = new XMLSecurityDSig();
    $objDSig->setCanonicalMethod(XMLSecurityDSig::EXC_C14N);
    $objDSig->addReference($doc, XMLSecurityDSig::SHA1, array('http://www.w3.org/2000/09/xmldsig#enveloped-signature'));
    /* gako pribatu bat behar dugu prozesua burutzeko. orain edozein erabiliko dugu. gero txartelekoarekin ordezkatzeko */
    $objKey = new XMLSecurityKey(XMLSecurityKey::RSA_SHA1, array('type' => 'private'));
    /* if key has Passphrase, set it using $objKey->passphrase = <passphrase> " */
    $objKey->loadKey(dirname(__FILE__) . '/privkey.pem', TRUE);
    $objDSig->sign($objKey);
    /* Add associated public key */
    // $objDSig->add509Cert(file_get_contents(dirname(__FILE__) . '/mycert.pem'));
    // $objDSig->add509Cert(file_get_contents($user_cert_file_path));
    if (!file_exists($user_cert_file_path)) {
        debug('File not found', $user_cert_file_path);
    } else {
        $objDSig->add509Cert($user_cert_file_path);
    }
    $objDSig->appendSignature($doc->documentElement);
    $doc->save($target_file);
}
コード例 #10
0
 public function testThumbPrint()
 {
     $siteKey = new XMLSecurityKey(XMLSecurityKey::RSA_OAEP_MGF1P, array('type' => 'public'));
     $siteKey->loadKey(dirname(__FILE__) . '/../mycert.pem', true, true);
     $thumbprint = $siteKey->getX509Thumbprint();
     $this->assertEquals('8b600d9155e8e8dfa3c10998f736be086e83ef3b', $thumbprint, "Thumbprint doesn't match");
     $this->assertEquals('OGI2MDBkOTE1NWU4ZThkZmEzYzEwOTk4ZjczNmJlMDg2ZTgzZWYzYg==', base64_encode($thumbprint), "Base64 Thumbprint doesn't match");
 }
コード例 #11
0
ファイル: PrivateKeyLoader.php プロジェクト: Shalmezad/saml2
 /**
  * @param SAML2_Certificate_PrivateKey $privateKey
  *
  * @return XMLSecurityKey
  * @throws Exception
  */
 private function convertPrivateKeyToRsaKey(SAML2_Certificate_PrivateKey $privateKey)
 {
     $key = new XMLSecurityKey(XMLSecurityKey::RSA_1_5, array('type' => 'private'));
     $passphrase = $privateKey->getPassphrase();
     if ($passphrase) {
         $key->passphrase = $passphrase;
     }
     $key->loadKey($privateKey->getKeyAsString());
     return $key;
 }
コード例 #12
0
 function __doRequest($request, $location, $saction, $version)
 {
     $doc = new DOMDocument('1.0');
     $doc->loadXML($request);
     $objWSSE = new WSSESoap($doc);
     $objKey = new XMLSecurityKey(XMLSecurityKey::RSA_SHA1, array('type' => 'private'));
     $objKey->loadKey(PRIVATE_KEY, TRUE);
     $options = array("insertBefore" => TRUE);
     $objWSSE->signSoapDoc($objKey, $options);
     $objWSSE->addIssuerSerial(CERT_FILE);
     $objKey = new XMLSecurityKey(XMLSecurityKey::AES256_CBC);
     $objKey->generateSessionKey();
     #está wea está rara, no pasa el wsdl y cambía el puerto o.O
     $location = "https://201.238.207.130:7200/WSWebpayTransaction/cxf/WSWebpayService?wsdl";
     #die($location);
     #die(CERT_FILE." ".PRIVATE_KEY);
     $retVal = parent::__doRequest($objWSSE->saveXML(), $location, $saction, $version);
     $doc = new DOMDocument();
     $doc->loadXML($retVal);
     return $doc->saveXML();
     /*
     if ($this->useSSL){ 
             $locationparts = parse_url($location); 
             $location = 'https://'; 
             if(isset($locationparts['host']))  $location .= $locationparts['host']; 
             if(isset($locationparts['port']))  $location .= ':'.$locationparts['port']; 
             if(isset($locationparts['path']))  $location .= $locationparts['path']; 
             if(isset($locationparts['query'])) $location .= '?'.$locationparts['query']; 
     }
     
     $doc = new DOMDocument('1.0'); 
     $doc->loadXML($request); 
     
     $objWSSE = new WSSESoap($doc); 
     $objKey = new XMLSecurityKey(XMLSecurityKey::RSA_SHA1,array('type' => 'private')); 
     $objKey->loadKey(PRIVATE_KEY, TRUE);
     
     $options = array("insertBefore" => TRUE); 
     
     $objWSSE->signSoapDoc($objKey, $options); 
     $objWSSE->addIssuerSerial(CERT_FILE);
     
     $objKey = new XMLSecurityKey(XMLSecurityKey::AES256_CBC); 
     $objKey->generateSessionKey(); 
     
     $retVal = parent::__doRequest($objWSSE->saveXML(), $location, $saction, $version); 
     
     $doc = new DOMDocument(); 
     $doc->loadXML($retVal); 
     return $doc->saveXML(); 
     */
 }
コード例 #13
0
ファイル: Base.php プロジェクト: LearnerNation/lightsaml
 /**
  * @return \AerialShip\LightSaml\Model\Protocol\AuthnRequest
  */
 protected function getRequest()
 {
     $request = CommonHelper::buildAuthnRequestFromEntityDescriptors(__DIR__ . '/../../../../../resources/sample/EntityDescriptor/sp-ed2.xml', __DIR__ . '/../../../../../resources/sample/EntityDescriptor/idp2-ed.xml');
     $certificate = new X509Certificate();
     $certificate->loadFromFile(__DIR__ . '/../../../../../resources/sample/Certificate/saml.crt');
     $key = new \XMLSecurityKey(\XMLSecurityKey::RSA_SHA1, array('type' => 'private'));
     $key->loadKey(__DIR__ . '/../../../../../resources/sample/Certificate/saml.pem', true, false);
     $signature = new SignatureCreator();
     $signature->setCertificate($certificate);
     $signature->setXmlSecurityKey($key);
     $request->setSignature($signature);
     $request->setRelayState($this->relayState);
     return $request;
 }
コード例 #14
0
ファイル: saml-lib.php プロジェクト: GajendraNaidu/openam
function signXML($token, $privkey)
{
    $sigdoc = new DOMDocument();
    if (!$sigdoc->loadXML($token)) {
        throw new Exception("Invalid XML!");
    }
    $sigNode = $sigdoc->firstChild;
    $enc = new XMLSecurityDSig();
    $enc->idKeys[] = 'ID';
    $enc->setCanonicalMethod(XMLSecurityDSig::EXC_C14N);
    $enc->addReference($sigNode, XMLSecurityDSig::SHA1, array('http://www.w3.org/2000/09/xmldsig#enveloped-signature', XMLSecurityDSig::EXC_C14N));
    $key = new XMLSecurityKey(XMLSecurityKey::RSA_SHA1, array('type' => 'private', 'library' => 'openssl'));
    $key->loadKey($privkey, false, false);
    $enc->sign($key);
    $enc->appendSignature($sigNode);
    return $sigdoc->saveXML();
}
コード例 #15
0
 /**
  * @dataProvider provider
  */
 public function testAuthnRequestBuilder($name, array $idpData, array $spData, array $spMetaData, $expectedSendUrl, $expectedResponseType, $expectedReceiveUrl, $expectedReceiveBinding, $expectedException = null, $expectedExceptionMessage = '')
 {
     if ($expectedException) {
         $this->setExpectedException($expectedException, $expectedExceptionMessage);
     }
     $idp = new IdpSsoDescriptor();
     foreach ($idpData as $data) {
         $idp->addService(new SingleSignOnService($data['binding'], $data['url']));
     }
     $edIDP = new EntityDescriptor('idp');
     $edIDP->addItem($idp);
     $sp = new SpSsoDescriptor();
     foreach ($spData as $data) {
         $sp->addService(new AssertionConsumerService($data['binding'], $data['url']));
     }
     $edSP = new EntityDescriptor('sp');
     $edSP->addItem($sp);
     $spMeta = new SpMeta();
     foreach ($spMetaData as $name => $value) {
         $spMeta->{$name}($value);
     }
     // without signing
     $builder = new AuthnRequestBuilder($edSP, $edIDP, $spMeta);
     $message = $builder->build();
     $response = $builder->send($message);
     $this->assertStringStartsWith($expectedSendUrl, $response->getDestination(), $name);
     $this->assertInstanceOf($expectedResponseType, $response, $name);
     $this->assertEquals($expectedReceiveUrl, $message->getAssertionConsumerServiceURL(), $name);
     $this->assertEquals($expectedReceiveBinding, $message->getProtocolBinding(), $name);
     // with signing
     $signature = new SignatureCreator();
     $certificate = new X509Certificate();
     $certificate->loadFromFile(__DIR__ . '/../../../../../resources/sample/Certificate/saml.crt');
     $key = new \XMLSecurityKey(\XMLSecurityKey::RSA_SHA1, array('type' => 'private'));
     $key->loadKey(__DIR__ . '/../../../../../resources/sample/Certificate/saml.pem', true);
     $signature->setCertificate($certificate);
     $signature->setXmlSecurityKey($key);
     $builder = new AuthnRequestBuilder($edSP, $edIDP, $spMeta, $signature);
     $message = $builder->build();
     $response = $builder->send($message);
     $this->assertStringStartsWith($expectedSendUrl, $response->getDestination(), $name);
     $this->assertInstanceOf($expectedResponseType, $response, $name);
     $this->assertEquals($expectedReceiveUrl, $message->getAssertionConsumerServiceURL(), $name);
     $this->assertEquals($expectedReceiveBinding, $message->getProtocolBinding(), $name);
 }
コード例 #16
0
ファイル: ws-amazon.php プロジェクト: leoclaro/wse-php
 public function __doRequest($request, $location, $saction, $version)
 {
     $doc = new DOMDocument('1.0');
     $doc->loadXML($request);
     $objWSSE = new WSSESoap($doc);
     /* add Timestamp with no expiration timestamp */
     $objWSSE->addTimestamp();
     /* create new XMLSec Key using RSA SHA-1 and type is private key */
     $objKey = new XMLSecurityKey(XMLSecurityKey::RSA_SHA1, array('type' => 'private'));
     /* load the private key from file - last arg is bool if key in file (true) or is string (FALSE) */
     $objKey->loadKey(PRIVATE_KEY, true);
     /* Sign the message - also signs appropraite WS-Security items */
     $objWSSE->signSoapDoc($objKey);
     /* Add certificate (BinarySecurityToken) to the message and attach pointer to Signature */
     $token = $objWSSE->addBinaryToken(file_get_contents(CERT_FILE));
     $objWSSE->attachTokentoSig($token);
     return parent::__doRequest($objWSSE->saveXML(), $location, $saction, $version);
 }
コード例 #17
0
ファイル: KeyHelper.php プロジェクト: LearnerNation/lightsaml
 /**
  * @param \XMLSecurityKey $key
  * @param string $algorithm
  * @throws \AerialShip\LightSaml\Error\SecurityException
  * @throws \InvalidArgumentException
  * @return \XMLSecurityKey
  */
 static function castKey(\XMLSecurityKey $key, $algorithm)
 {
     if (!is_string($algorithm)) {
         throw new \InvalidArgumentException('Algorithm must be string');
     }
     // do nothing if algorithm is already the type of the key
     if ($key->type === $algorithm) {
         return $key;
     }
     $keyInfo = openssl_pkey_get_details($key->key);
     if ($keyInfo === FALSE) {
         throw new SecurityException('Unable to get key details from XMLSecurityKey.');
     }
     if (!isset($keyInfo['key'])) {
         throw new SecurityException('Missing key in public key details.');
     }
     $newKey = new \XMLSecurityKey($algorithm, array('type' => 'public'));
     $newKey->loadKey($keyInfo['key']);
     return $newKey;
 }
コード例 #18
0
		function __doRequest($request, $location, $saction, $version) 
		{		    
		    $doc = new DOMDocument('1.0');
			$doc->loadXML($request);
			
			$objWSSE = new WSSESoap($doc);
			#echo "<pre>"; var_dump($request); #die();
			/* add Timestamp with no expiration timestamp */
		 	$objWSSE->addTimestamp();
		
			/* create new XMLSec Key using RSA SHA-1 and type is private key */
			$objKey = new XMLSecurityKey(XMLSecurityKey::RSA_SHA1, array('type'=>'private'));
		
			/* load the private key from file - last arg is bool if key in file (TRUE) or is string (FALSE) */
			$objKey->loadKey($this->KeyPath, TRUE);
		
			try
			{
                /* Sign the message - also signs appropraite WS-Security items */
                $objWSSE->signSoapDoc($objKey);
			}
			catch (Exception $e)
			{
			    Core::RaiseError("[".__METHOD__."] ".$e->getMessage(), E_ERROR);
			}
		
			/* Add certificate (BinarySecurityToken) to the message and attach pointer to Signature */
			$token = $objWSSE->addBinaryToken(file_get_contents($this->CertPath));
			$objWSSE->attachTokentoSig($token);
					
			try
			{
				return parent::__doRequest($objWSSE->saveXML(), $location, $saction, $version);
			}
			catch (Exception $e)
			{
				Core::RaiseError("[".__METHOD__."] ".$e->__toString(), E_ERROR);
			}
		}
 private function getSignedXml()
 {
     $doc = new \DOMDocument();
     $doc->appendChild($doc->createElement('root'));
     /** @var $root \DOMElement */
     $root = $doc->firstChild;
     $root->setAttribute('foo', 'bar');
     $other = $doc->createElement('other');
     $root->appendChild($other);
     $child = $doc->createElement('child', 'something');
     $other->appendChild($child);
     $certificate = new X509Certificate();
     $certificate->loadFromFile(__DIR__ . '/../../../../../../../resources/sample/Certificate/saml.crt');
     $key = new \XMLSecurityKey(\XMLSecurityKey::RSA_SHA1, array('type' => 'private'));
     $key->loadKey(__DIR__ . '/../../../../../../../resources/sample/Certificate/saml.pem', true);
     $signatureCreator = new SignatureCreator();
     $signatureCreator->setCertificate($certificate);
     $signatureCreator->setXmlSecurityKey($key);
     $context = new SerializationContext($doc);
     $signatureCreator->getXml($root, $context);
     $xml = $doc->saveXML();
     return $xml;
 }
コード例 #20
0
function x509_from_rsa($key)
{
    $result = FALSE;
    if (class_exists('XMLSecurityKey')) {
        $parts = explode(' ', $key);
        $bytes = $parts[1];
        $bytes = base64_decode($bytes);
        $offset = 0;
        $encoding = read_rsa_bytes($bytes, $offset);
        $exponent = read_rsa_bytes($bytes, $offset);
        $modulus = read_rsa_bytes($bytes, $offset);
        $result = XMLSecurityKey::convertRSA($modulus, $exponent);
    }
    return $result;
}
コード例 #21
0
ファイル: prp.php プロジェクト: hukumonline/yii
function ADFS_SignResponse($response, $key, $cert)
{
    $objXMLSecDSig = new XMLSecurityDSig();
    $objXMLSecDSig->idKeys = array('AssertionID');
    $objXMLSecDSig->setCanonicalMethod(XMLSecurityDSig::EXC_C14N);
    $responsedom = new DOMDocument();
    $responsedom->loadXML(str_replace("\r", "", $response));
    $firstassertionroot = $responsedom->getElementsByTagName('Assertion')->item(0);
    $objXMLSecDSig->addReferenceList(array($firstassertionroot), XMLSecurityDSig::SHA1, array('http://www.w3.org/2000/09/xmldsig#enveloped-signature', XMLSecurityDSig::EXC_C14N), array('id_name' => 'AssertionID'));
    $objKey = new XMLSecurityKey(XMLSecurityKey::RSA_SHA1, array('type' => 'private'));
    $objKey->loadKey($key, TRUE);
    $objXMLSecDSig->sign($objKey);
    if ($cert) {
        $public_cert = file_get_contents($cert);
        $objXMLSecDSig->add509Cert($public_cert, TRUE);
    }
    $newSig = $responsedom->importNode($objXMLSecDSig->sigNode, TRUE);
    $firstassertionroot->appendChild($newSig);
    return $responsedom->saveXML();
}
コード例 #22
0
ファイル: Assertion.php プロジェクト: emma5021/toba
 /**
  * Add an EncryptedAttribute Statement-node to the assertion.
  *
  * @param DOMElement $root  The assertion element we should add the Encrypted Attribute Statement to.
  */
 private function addEncryptedAttributeStatement(DOMElement $root)
 {
     if ($this->requiredEncAttributes == FALSE) {
         return;
     }
     $document = $root->ownerDocument;
     $attributeStatement = $document->createElementNS(SAML2_Const::NS_SAML, 'saml:AttributeStatement');
     $root->appendChild($attributeStatement);
     foreach ($this->attributes as $name => $values) {
         $document2 = new DOMDocument();
         $attribute = $document2->createElementNS(SAML2_Const::NS_SAML, 'saml:Attribute');
         $attribute->setAttribute('Name', $name);
         $document2->appendChild($attribute);
         if ($this->nameFormat !== SAML2_Const::NAMEFORMAT_UNSPECIFIED) {
             $attribute->setAttribute('NameFormat', $this->nameFormat);
         }
         foreach ($values as $value) {
             if (is_string($value)) {
                 $type = 'xs:string';
             } elseif (is_int($value)) {
                 $type = 'xs:integer';
             } else {
                 $type = NULL;
             }
             $attributeValue = $document2->createElementNS(SAML2_Const::NS_SAML, 'saml:AttributeValue');
             $attribute->appendChild($attributeValue);
             if ($type !== NULL) {
                 $attributeValue->setAttributeNS(SAML2_Const::NS_XSI, 'xsi:type', $type);
             }
             if ($value instanceof DOMNodeList) {
                 for ($i = 0; $i < $value->length; $i++) {
                     $node = $document2->importNode($value->item($i), TRUE);
                     $attributeValue->appendChild($node);
                 }
             } else {
                 $attributeValue->appendChild($document2->createTextNode($value));
             }
         }
         /*Once the attribute nodes are built, the are encrypted*/
         $EncAssert = new XMLSecEnc();
         $EncAssert->setNode($document2->documentElement);
         $EncAssert->type = 'http://www.w3.org/2001/04/xmlenc#Element';
         /*
          * Attributes are encrypted with a session key and this one with
          * $EncryptionKey
          */
         $symmetricKey = new XMLSecurityKey(XMLSecurityKey::AES256_CBC);
         $symmetricKey->generateSessionKey();
         $EncAssert->encryptKey($this->encryptionKey, $symmetricKey);
         $EncrNode = $EncAssert->encryptNode($symmetricKey);
         $EncAttribute = $document->createElementNS(SAML2_Const::NS_SAML, 'saml:EncryptedAttribute');
         $attributeStatement->appendChild($EncAttribute);
         $n = $document->importNode($EncrNode, true);
         $EncAttribute->appendChild($n);
     }
 }
コード例 #23
0
 static function staticLocateKeyInfo($objBaseKey = NULL, $node = NULL)
 {
     if (empty($node) || !$node instanceof \DOMNode) {
         return NULL;
     }
     if ($doc = $node->ownerDocument) {
         $xpath = new \DOMXPath($doc);
         $xpath->registerNamespace('xmlsecenc', XMLSecEnc::XMLENCNS);
         $xpath->registerNamespace('xmlsecdsig', XMLSecurityDSig::XMLDSIGNS);
         $query = "./xmlsecdsig:KeyInfo";
         $nodeset = $xpath->query($query, $node);
         if ($encmeth = $nodeset->item(0)) {
             foreach ($encmeth->childNodes as $child) {
                 switch ($child->localName) {
                     case 'KeyName':
                         if (!empty($objBaseKey)) {
                             $objBaseKey->name = $child->nodeValue;
                         }
                         break;
                     case 'KeyValue':
                         foreach ($child->childNodes as $keyval) {
                             switch ($keyval->localName) {
                                 case 'DSAKeyValue':
                                     throw new \Exception("DSAKeyValue currently not supported");
                                     break;
                                 case 'RSAKeyValue':
                                     $modulus = NULL;
                                     $exponent = NULL;
                                     if ($modulusNode = $keyval->getElementsByTagName('Modulus')->item(0)) {
                                         $modulus = base64_decode($modulusNode->nodeValue);
                                     }
                                     if ($exponentNode = $keyval->getElementsByTagName('Exponent')->item(0)) {
                                         $exponent = base64_decode($exponentNode->nodeValue);
                                     }
                                     if (empty($modulus) || empty($exponent)) {
                                         throw new \Exception("Missing Modulus or Exponent");
                                     }
                                     $publicKey = XMLSecurityKey::convertRSA($modulus, $exponent);
                                     $objBaseKey->loadKey($publicKey);
                                     break;
                             }
                         }
                         break;
                     case 'RetrievalMethod':
                         /* Not currently supported */
                         break;
                     case 'EncryptedKey':
                         $objenc = new XMLSecEnc();
                         $objenc->setNode($child);
                         if (!($objKey = $objenc->locateKey())) {
                             throw new \Exception("Unable to locate algorithm for this Encrypted Key");
                         }
                         $objKey->isEncrypted = TRUE;
                         $objKey->encryptedCtx = $objenc;
                         XMLSecEnc::staticLocateKeyInfo($objKey, $child);
                         return $objKey;
                         break;
                     case 'X509Data':
                         if ($x509certNodes = $child->getElementsByTagName('X509Certificate')) {
                             if ($x509certNodes->length > 0) {
                                 $x509cert = $x509certNodes->item(0)->textContent;
                                 $x509cert = str_replace(array("\r", "\n"), "", $x509cert);
                                 $x509cert = "-----BEGIN CERTIFICATE-----\n" . chunk_split($x509cert, 64, "\n") . "-----END CERTIFICATE-----\n";
                                 $objBaseKey->loadKey($x509cert, FALSE, TRUE);
                             }
                         }
                         break;
                 }
             }
         }
         return $objBaseKey;
     }
     return NULL;
 }
コード例 #24
0
 static function staticLocateKeyInfo($objBaseKey = NULL, $node = NULL)
 {
     if (empty($node) || !$node instanceof DOMNode) {
         return NULL;
     }
     $doc = $node->ownerDocument;
     if (!$doc) {
         return NULL;
     }
     $xpath = new DOMXPath($doc);
     $xpath->registerNamespace('xmlsecenc', DBSeller_Helper_Xml_Security_XMLSecEnc::XMLENCNS);
     $xpath->registerNamespace('xmlsecdsig', DBSeller_Helper_Xml_Security_XMLSecurityDSig::XMLDSIGNS);
     $query = "./xmlsecdsig:KeyInfo";
     $nodeset = $xpath->query($query, $node);
     $encmeth = $nodeset->item(0);
     if (!$encmeth) {
         /* No KeyInfo in EncryptedData / EncryptedKey. */
         return $objBaseKey;
     }
     foreach ($encmeth->childNodes as $child) {
         switch ($child->localName) {
             case 'KeyName':
                 if (!empty($objBaseKey)) {
                     $objBaseKey->name = $child->nodeValue;
                 }
                 break;
             case 'KeyValue':
                 foreach ($child->childNodes as $keyval) {
                     switch ($keyval->localName) {
                         case 'DSAKeyValue':
                             throw new Exception("DSAKeyValue currently not supported");
                             break;
                         case 'RSAKeyValue':
                             $modulus = NULL;
                             $exponent = NULL;
                             if ($modulusNode = $keyval->getElementsByTagName('Modulus')->item(0)) {
                                 $modulus = base64_decode($modulusNode->nodeValue);
                             }
                             if ($exponentNode = $keyval->getElementsByTagName('Exponent')->item(0)) {
                                 $exponent = base64_decode($exponentNode->nodeValue);
                             }
                             if (empty($modulus) || empty($exponent)) {
                                 throw new Exception("Missing Modulus or Exponent");
                             }
                             $publicKey = XMLSecurityKey::convertRSA($modulus, $exponent);
                             $objBaseKey->loadKey($publicKey);
                             break;
                     }
                 }
                 break;
             case 'RetrievalMethod':
                 $type = $child->getAttribute('Type');
                 if ($type !== 'http://www.w3.org/2001/04/xmlenc#EncryptedKey') {
                     /* Unsupported key type. */
                     break;
                 }
                 $uri = $child->getAttribute('URI');
                 if ($uri[0] !== '#') {
                     /* URI not a reference - unsupported. */
                     break;
                 }
                 $id = substr($uri, 1);
                 $query = "//xmlsecenc:EncryptedKey[@Id='{$id}']";
                 $keyElement = $xpath->query($query)->item(0);
                 if (!$keyElement) {
                     throw new Exception("Unable to locate EncryptedKey with @Id='{$id}'.");
                 }
                 return XMLSecurityKey::fromEncryptedKeyElement($keyElement);
             case 'EncryptedKey':
                 return XMLSecurityKey::fromEncryptedKeyElement($child);
             case 'X509Data':
                 if ($x509certNodes = $child->getElementsByTagName('X509Certificate')) {
                     if ($x509certNodes->length > 0) {
                         $x509cert = $x509certNodes->item(0)->textContent;
                         $x509cert = str_replace(array("\r", "\n"), "", $x509cert);
                         $x509cert = "-----BEGIN CERTIFICATE-----\n" . chunk_split($x509cert, 64, "\n") . "-----END CERTIFICATE-----\n";
                         $objBaseKey->loadKey($x509cert, FALSE, TRUE);
                     }
                 }
                 break;
         }
     }
     return $objBaseKey;
 }
コード例 #25
0
ファイル: WSSESoap.php プロジェクト: KoenLav/wse-php
 public function decryptSoapDoc($doc, $options)
 {
     $privKey = null;
     $privKey_isFile = false;
     $privKey_isCert = false;
     if (is_array($options)) {
         $privKey = !empty($options["keys"]["private"]["key"]) ? $options["keys"]["private"]["key"] : null;
         $privKey_isFile = !empty($options["keys"]["private"]["isFile"]) ? true : false;
         $privKey_isCert = !empty($options["keys"]["private"]["isCert"]) ? true : false;
     }
     $objenc = new XMLSecEnc();
     $xpath = new DOMXPath($doc);
     $envns = $doc->documentElement->namespaceURI;
     $xpath->registerNamespace("soapns", $envns);
     $xpath->registerNamespace("soapenc", "http://www.w3.org/2001/04/xmlenc#");
     $nodes = $xpath->query('/soapns:Envelope/soapns:Header/*[local-name()="Security"]/soapenc:EncryptedKey');
     $references = array();
     if ($node = $nodes->item(0)) {
         $objenc = new XMLSecEnc();
         $objenc->setNode($node);
         if (!($objKey = $objenc->locateKey())) {
             throw new Exception("Unable to locate algorithm for this Encrypted Key");
         }
         $objKey->isEncrypted = true;
         $objKey->encryptedCtx = $objenc;
         XMLSecEnc::staticLocateKeyInfo($objKey, $node);
         if ($objKey && $objKey->isEncrypted) {
             $objencKey = $objKey->encryptedCtx;
             $objKey->loadKey($privKey, $privKey_isFile, $privKey_isCert);
             $key = $objencKey->decryptKey($objKey);
             $objKey->loadKey($key);
         }
         $refnodes = $xpath->query('./soapenc:ReferenceList/soapenc:DataReference/@URI', $node);
         foreach ($refnodes as $reference) {
             $references[] = $reference->nodeValue;
         }
     }
     foreach ($references as $reference) {
         $arUrl = parse_url($reference);
         $reference = $arUrl['fragment'];
         $query = '//*[@Id="' . $reference . '"]';
         $nodes = $xpath->query($query);
         $encData = $nodes->item(0);
         if ($algo = $xpath->evaluate("string(./soapenc:EncryptionMethod/@Algorithm)", $encData)) {
             $objKey = new XMLSecurityKey($algo);
             $objKey->loadKey($key);
         }
         $objenc->setNode($encData);
         $objenc->type = $encData->getAttribute("Type");
         $decrypt = $objenc->decryptNode($objKey, true);
     }
     return true;
 }
コード例 #26
0
ファイル: SAML2.php プロジェクト: rediris-es/simplesamlphp
 /**
  * Encrypt an assertion.
  *
  * This function takes in a SAML2_Assertion and encrypts it if encryption of
  * assertions are enabled in the metadata.
  *
  * @param SimpleSAML_Configuration $idpMetadata  The metadata of the IdP.
  * @param SimpleSAML_Configuration $spMetadata  The metadata of the SP.
  * @param SAML2_Assertion $assertion  The assertion we are encrypting.
  * @return SAML2_Assertion|SAML2_EncryptedAssertion  The assertion.
  */
 private static function encryptAssertion(SimpleSAML_Configuration $idpMetadata, SimpleSAML_Configuration $spMetadata, SAML2_Assertion $assertion)
 {
     $encryptAssertion = $spMetadata->getBoolean('assertion.encryption', NULL);
     if ($encryptAssertion === NULL) {
         $encryptAssertion = $idpMetadata->getBoolean('assertion.encryption', FALSE);
     }
     if (!$encryptAssertion) {
         /* We are _not_ encrypting this assertion, and are therefore done. */
         return $assertion;
     }
     $sharedKey = $spMetadata->getString('sharedkey', NULL);
     if ($sharedKey !== NULL) {
         $key = new XMLSecurityKey(XMLSecurityKey::AES128_CBC);
         $key->loadKey($sharedKey);
     } else {
         $keys = $spMetadata->getPublicKeys('encryption', TRUE);
         $key = $keys[0];
         switch ($key['type']) {
             case 'X509Certificate':
                 $pemKey = "-----BEGIN CERTIFICATE-----\n" . chunk_split($key['X509Certificate'], 64) . "-----END CERTIFICATE-----\n";
                 break;
             default:
                 throw new SimpleSAML_Error_Exception('Unsupported encryption key type: ' . $key['type']);
         }
         /* Extract the public key from the certificate for encryption. */
         $key = new XMLSecurityKey(XMLSecurityKey::RSA_OAEP_MGF1P, array('type' => 'public'));
         $key->loadKey($pemKey);
     }
     $ea = new SAML2_EncryptedAssertion();
     $ea->setAssertion($assertion, $key);
     return $ea;
 }
コード例 #27
0
ファイル: Utils.php プロジェクト: faxe-kommune/OS2loop
 /**
  * Adds signature key and senders certificate to an element (Message or Assertion).
  *
  * @param string|DomDocument $xml  The element we should sign
  * @param string             $key  The private key
  * @param string             $cert The public
  */
 public static function addSign($xml, $key, $cert)
 {
     if ($xml instanceof DOMDocument) {
         $dom = $xml;
     } else {
         $dom = new DOMDocument();
         $dom = self::loadXML($dom, $xml);
         if (!$dom) {
             throw new Exception('Error parsing xml string');
         }
     }
     /* Load the private key. */
     $objKey = new XMLSecurityKey(XMLSecurityKey::RSA_SHA1, array('type' => 'private'));
     $objKey->loadKey($key, false);
     /* Get the EntityDescriptor node we should sign. */
     $rootNode = $dom->firstChild;
     /* Sign the metadata with our private key. */
     $objXMLSecDSig = new XMLSecurityDSig();
     $objXMLSecDSig->setCanonicalMethod(XMLSecurityDSig::EXC_C14N);
     $objXMLSecDSig->addReferenceList(array($rootNode), XMLSecurityDSig::SHA1, array('http://www.w3.org/2000/09/xmldsig#enveloped-signature', XMLSecurityDSig::EXC_C14N), array('id_name' => 'ID'));
     $objXMLSecDSig->sign($objKey);
     /* Add the certificate to the signature. */
     $objXMLSecDSig->add509Cert($cert, true);
     $insertBefore = $rootNode->firstChild;
     $messageTypes = array('samlp:AuthnRequest', 'samlp:Response', 'samlp:LogoutRequest', 'samlp:LogoutResponse');
     if (in_array($rootNode->tagName, $messageTypes)) {
         $issuerNodes = self::query($dom, '/' . $rootNode->tagName . '/saml:Issuer');
         if ($issuerNodes->length == 1) {
             $insertBefore = $issuerNodes->item(0)->nextSibling;
         }
     }
     /* Add the signature. */
     $objXMLSecDSig->insertSignature($rootNode, $insertBefore);
     /* Return the DOM tree as a string. */
     $signedxml = $dom->saveXML();
     return $signedxml;
 }
コード例 #28
0
 /**
  * Retrieve certificates that sign this element.
  *
  * @return array Array with certificates.
  */
 public function getValidatingCertificates()
 {
     $ret = array();
     foreach ($this->certificates as $cert) {
         /* We have found a matching fingerprint. */
         $pemCert = "-----BEGIN CERTIFICATE-----\n" . chunk_split($cert, 64) . "-----END CERTIFICATE-----\n";
         /* Extract the public key from the certificate for validation. */
         $key = new XMLSecurityKey(XMLSecurityKey::RSA_SHA1, array('type' => 'public'));
         $key->loadKey($pemCert);
         try {
             /* Check the signature. */
             if ($this->validate($key)) {
                 $ret[] = $cert;
             }
         } catch (Exception $e) {
             /* This certificate does not sign this element. */
         }
     }
     return $ret;
 }
コード例 #29
0
 /**
  * Retrieve the encryption key for the given entity.
  *
  * @param SimpleSAML_Configuration $metadata  The metadata of the entity.
  * @return XMLSecurityKey  The encryption key.
  */
 public static function getEncryptionKey(SimpleSAML_Configuration $metadata)
 {
     $sharedKey = $metadata->getString('sharedkey', NULL);
     if ($sharedKey !== NULL) {
         $key = new XMLSecurityKey(XMLSecurityKey::AES128_CBC);
         $key->loadKey($sharedKey);
         return $key;
     }
     $keys = $metadata->getPublicKeys('encryption', TRUE);
     foreach ($keys as $key) {
         switch ($key['type']) {
             case 'X509Certificate':
                 $pemKey = "-----BEGIN CERTIFICATE-----\n" . chunk_split($key['X509Certificate'], 64) . "-----END CERTIFICATE-----\n";
                 $key = new XMLSecurityKey(XMLSecurityKey::RSA_OAEP_MGF1P, array('type' => 'public'));
                 $key->loadKey($pemKey);
                 return $key;
         }
     }
     throw new SimpleSAML_Error_Exception('No supported encryption key in ' . var_export($metadata->getString('entityid'), TRUE));
 }
コード例 #30
0
ファイル: HTTPRedirect.php プロジェクト: filonuse/fedlab
 /**
  * Validate the signature on a HTTP-Redirect message.
  *
  * Throws an exception if we are unable to validate the signature.
  *
  * @param array $data  The data we need to validate the query string.
  * @param XMLSecurityKey $key  The key we should validate the query against.
  */
 public static function validateSignature(array $data, XMLSecurityKey $key)
 {
     assert('array_key_exists("Query", $data)');
     assert('array_key_exists("SigAlg", $data)');
     assert('array_key_exists("Signature", $data)');
     $query = $data['Query'];
     $sigAlg = $data['SigAlg'];
     $signature = $data['Signature'];
     $signature = base64_decode($signature);
     switch ($sigAlg) {
         case XMLSecurityKey::RSA_SHA1:
             if ($key->type !== XMLSecurityKey::RSA_SHA1) {
                 throw new Exception('Invalid key type for validating signature on query string.');
             }
             if (!$key->verifySignature($query, $signature)) {
                 throw new Exception('Unable to validate signature on query string.');
             }
             break;
         default:
             throw new Exception('Unknown signature algorithm: ' . var_export($sigAlg, TRUE));
     }
 }