public function testCipherFactory() { if (!defined('MCRYPT_RIJNDAEL_128')) { $this->markTestSkipped('Use of the Zend_InfoCard component requires the mcrypt extension to be enabled in PHP'); } $this->assertTrue(Zend_InfoCard_Cipher::getInstanceByURI(Zend_InfoCard_Cipher::ENC_AES128CBC) instanceof Zend_InfoCard_Cipher_Symmetric_Adapter_Aes128cbc); $this->assertTrue(Zend_InfoCard_Cipher::getInstanceByURI(Zend_InfoCard_Cipher::ENC_RSA) instanceof Zend_InfoCard_Cipher_Pki_Adapter_Rsa); try { Zend_InfoCard_Cipher::getInstanceByURI("Broken"); $this->fail("Exception not thrown as expected"); } catch (Exception $e) { /* yay */ } }
/** * Extracts the Signed Token from an EncryptedData block * * @throws Zend_InfoCard_Exception * @param string $strXmlToken The EncryptedData XML block * @return string The XML of the Signed Token inside of the EncryptedData block */ protected function _extractSignedToken($strXmlToken) { $encryptedData = Zend_InfoCard_Xml_EncryptedData::getInstance($strXmlToken); // Determine the Encryption Method used to encrypt the token switch ($encryptedData->getEncryptionMethod()) { case Zend_InfoCard_Cipher::ENC_AES128CBC: case Zend_InfoCard_Cipher::ENC_AES256CBC: break; default: require_once 'Zend/InfoCard/Exception.php'; throw new Zend_InfoCard_Exception("Unknown Encryption Method used in the secure token"); } // Figure out the Key we are using to decrypt the token $keyinfo = $encryptedData->getKeyInfo(); if (!$keyinfo instanceof Zend_InfoCard_Xml_KeyInfo_XmlDSig) { require_once 'Zend/InfoCard/Exception.php'; throw new Zend_InfoCard_Exception("Expected a XML digital signature KeyInfo, but was not found"); } $encryptedKey = $keyinfo->getEncryptedKey(); switch ($encryptedKey->getEncryptionMethod()) { case Zend_InfoCard_Cipher::ENC_RSA: case Zend_InfoCard_Cipher::ENC_RSA_OAEP_MGF1P: break; default: require_once 'Zend/InfoCard/Exception.php'; throw new Zend_InfoCard_Exception("Unknown Key Encryption Method used in secure token"); } $securityTokenRef = $encryptedKey->getKeyInfo()->getSecurityTokenReference(); $key_id = $this->_findCertifiatePairByDigest($securityTokenRef->getKeyReference()); if (!$key_id) { require_once 'Zend/InfoCard/Exception.php'; throw new Zend_InfoCard_Exception("Unable to find key pair used to encrypt symmetric InfoCard Key"); } $certificate_pair = $this->getCertificatePair($key_id); // Santity Check if ($certificate_pair['type_uri'] != $encryptedKey->getEncryptionMethod()) { require_once 'Zend/InfoCard/Exception.php'; throw new Zend_InfoCard_Exception("Certificate Pair which matches digest is not of same algorithm type as document, check addCertificate()"); } $PKcipher = Zend_InfoCard_Cipher::getInstanceByURI($encryptedKey->getEncryptionMethod()); $base64DecodeSupportsStrictParam = version_compare(PHP_VERSION, '5.2.0', '>='); if ($base64DecodeSupportsStrictParam) { $keyCipherValueBase64Decoded = base64_decode($encryptedKey->getCipherValue(), true); } else { $keyCipherValueBase64Decoded = base64_decode($encryptedKey->getCipherValue()); } $symmetricKey = $PKcipher->decrypt($keyCipherValueBase64Decoded, file_get_contents($certificate_pair['private']), $certificate_pair['password']); $symCipher = Zend_InfoCard_Cipher::getInstanceByURI($encryptedData->getEncryptionMethod()); if ($base64DecodeSupportsStrictParam) { $dataCipherValueBase64Decoded = base64_decode($encryptedData->getCipherValue(), true); } else { $dataCipherValueBase64Decoded = base64_decode($encryptedData->getCipherValue()); } $signedToken = $symCipher->decrypt($dataCipherValueBase64Decoded, $symmetricKey); return $signedToken; }
public function testCipherFactory() { $this->assertTrue(Zend_InfoCard_Cipher::getInstanceByURI(Zend_InfoCard_Cipher::ENC_AES128CBC) instanceof Zend_InfoCard_Cipher_Symmetric_Adapter_AES128CBC); $this->assertTrue(Zend_InfoCard_Cipher::getInstanceByURI(Zend_InfoCard_Cipher::ENC_RSA) instanceof Zend_InfoCard_Cipher_PKI_Adapter_RSA); try { Zend_InfoCard_Cipher::getInstanceByURI("Broken"); $this->fail("Exception not thrown as expected"); } catch(Exception $e) { /* yay */ } }