In case of using DES3-CBC the key is checked for a proper parity bits set - Mcrypt doesn't care about the parity bits,
but others may care.
public generateSessionKey ( ) : string | ||
리턴 | string |
public function __doRequest($request, $location, $saction, $version) { $doc = new DOMDocument('1.0'); $doc->loadXML($request); $objWSSE = new WSSESoap($doc); /* add Timestamp with no expiration timestamp */ $objWSSE->addTimestamp(); /* create new XMLSec Key using AES256_CBC and type is private key */ $objKey = new XMLSecurityKey(XMLSecurityKey::RSA_SHA1, array('type' => 'private')); /* load the private key from file - last arg is bool if key in file (true) or is string (false) */ $objKey->loadKey(PRIVATE_KEY, true); /* Sign the message - also signs appropiate WS-Security items */ $options = array("insertBefore" => false); $objWSSE->signSoapDoc($objKey, $options); /* Add certificate (BinarySecurityToken) to the message */ $token = $objWSSE->addBinaryToken(file_get_contents(CERT_FILE)); /* Attach pointer to Signature */ $objWSSE->attachTokentoSig($token); $objKey = new XMLSecurityKey(XMLSecurityKey::AES256_CBC); $objKey->generateSessionKey(); $siteKey = new XMLSecurityKey(XMLSecurityKey::RSA_OAEP_MGF1P, array('type' => 'public')); $siteKey->loadKey(SERVICE_CERT, true, true); $options = array("KeyInfo" => array("X509SubjectKeyIdentifier" => true)); $objWSSE->encryptSoapDoc($siteKey, $objKey, $options); $retVal = parent::__doRequest($objWSSE->saveXML(), $location, $saction, $version); $doc = new DOMDocument(); $doc->loadXML($retVal); $options = array("keys" => array("private" => array("key" => PRIVATE_KEY, "isFile" => true, "isCert" => false))); $objWSSE->decryptSoapDoc($doc, $options); return $doc->saveXML(); }
/** * @param AbstractSamlModel $object * @param XMLSecurityKey $key * * @return SerializationContext */ public function encrypt(AbstractSamlModel $object, XMLSecurityKey $key) { $oldKey = $key; $key = new XMLSecurityKey($this->keyTransportEncryption, ['type' => 'public']); $key->loadKey($oldKey->key); $serializationContext = new SerializationContext(); $object->serialize($serializationContext->getDocument(), $serializationContext); $enc = new XMLSecEnc(); $enc->setNode($serializationContext->getDocument()->firstChild); $enc->type = XMLSecEnc::Element; switch ($key->type) { case XMLSecurityKey::TRIPLEDES_CBC: case XMLSecurityKey::AES128_CBC: case XMLSecurityKey::AES192_CBC: case XMLSecurityKey::AES256_CBC: $symmetricKey = $key; break; case XMLSecurityKey::RSA_1_5: case XMLSecurityKey::RSA_SHA1: case XMLSecurityKey::RSA_SHA256: case XMLSecurityKey::RSA_SHA384: case XMLSecurityKey::RSA_SHA512: case XMLSecurityKey::RSA_OAEP_MGF1P: $symmetricKey = new XMLSecurityKey($this->blockEncryptionAlgorithm); $symmetricKey->generateSessionKey(); $enc->encryptKey($key, $symmetricKey); break; default: throw new LightSamlException(sprintf('Unknown key type for encryption: "%s"', $key->type)); } $this->encryptedElement = $enc->encryptNode($symmetricKey); return $serializationContext; }
/** * Set the assertion. * * @param \SAML2\Assertion $assertion The assertion. * @param XMLSecurityKey $key The key we should use to encrypt the assertion. * @throws \Exception */ public function setAssertion(Assertion $assertion, XMLSecurityKey $key) { $xml = $assertion->toXML(); Utils::getContainer()->debugMessage($xml, 'encrypt'); $enc = new XMLSecEnc(); $enc->setNode($xml); $enc->type = XMLSecEnc::Element; switch ($key->type) { case XMLSecurityKey::TRIPLEDES_CBC: case XMLSecurityKey::AES128_CBC: case XMLSecurityKey::AES192_CBC: case XMLSecurityKey::AES256_CBC: $symmetricKey = $key; break; case XMLSecurityKey::RSA_1_5: case XMLSecurityKey::RSA_OAEP_MGF1P: $symmetricKey = new XMLSecurityKey(XMLSecurityKey::AES128_CBC); $symmetricKey->generateSessionKey(); $enc->encryptKey($key, $symmetricKey); break; default: throw new \Exception('Unknown key type for encryption: ' . $key->type); } $this->encryptedData = $enc->encryptNode($symmetricKey); }
/** * Add an EncryptedAttribute Statement-node to the assertion. * * @param \DOMElement $root The assertion element we should add the Encrypted Attribute Statement to. */ private function addEncryptedAttributeStatement(\DOMElement $root) { if ($this->requiredEncAttributes == false) { return; } $document = $root->ownerDocument; $attributeStatement = $document->createElementNS(Constants::NS_SAML, 'saml:AttributeStatement'); $root->appendChild($attributeStatement); foreach ($this->attributes as $name => $values) { $document2 = DOMDocumentFactory::create(); $attribute = $document2->createElementNS(Constants::NS_SAML, 'saml:Attribute'); $attribute->setAttribute('Name', $name); $document2->appendChild($attribute); if ($this->nameFormat !== Constants::NAMEFORMAT_UNSPECIFIED) { $attribute->setAttribute('NameFormat', $this->nameFormat); } foreach ($values as $value) { if (is_string($value)) { $type = 'xs:string'; } elseif (is_int($value)) { $type = 'xs:integer'; } else { $type = null; } $attributeValue = $document2->createElementNS(Constants::NS_SAML, 'saml:AttributeValue'); $attribute->appendChild($attributeValue); if ($type !== null) { $attributeValue->setAttributeNS(Constants::NS_XSI, 'xsi:type', $type); } if ($value instanceof \DOMNodeList) { for ($i = 0; $i < $value->length; $i++) { $node = $document2->importNode($value->item($i), true); $attributeValue->appendChild($node); } } else { $attributeValue->appendChild($document2->createTextNode($value)); } } /*Once the attribute nodes are built, the are encrypted*/ $EncAssert = new XMLSecEnc(); $EncAssert->setNode($document2->documentElement); $EncAssert->type = 'http://www.w3.org/2001/04/xmlenc#Element'; /* * Attributes are encrypted with a session key and this one with * $EncryptionKey */ $symmetricKey = new XMLSecurityKey(XMLSecurityKey::AES256_CBC); $symmetricKey->generateSessionKey(); $EncAssert->encryptKey($this->encryptionKey, $symmetricKey); $EncrNode = $EncAssert->encryptNode($symmetricKey); $EncAttribute = $document->createElementNS(Constants::NS_SAML, 'saml:EncryptedAttribute'); $attributeStatement->appendChild($EncAttribute); $n = $document->importNode($EncrNode, true); $EncAttribute->appendChild($n); } }
public function addUserToken($userName, $password = null, $passwordDigest = false) { if ($passwordDigest && empty($password)) { throw new Exception('Cannot calculate the digest without a password'); } $security = $this->locateSecurityHeader(); $token = $this->soapDoc->createElementNS(self::WSSENS, self::WSSEPFX . ':UsernameToken'); $security->insertBefore($token, $security->firstChild); $username = $this->soapDoc->createElementNS(self::WSSENS, self::WSSEPFX . ':Username'); $usernameText = $this->soapDoc->createTextNode($userName); $username->appendChild($usernameText); $token->appendChild($username); /* Generate nonce - create a 256 bit session key to be used */ $objKey = new XMLSecurityKey(XMLSecurityKey::AES256_CBC); $nonce = $objKey->generateSessionKey(); unset($objKey); $createdate = gmdate("Y-m-d\\TH:i:s") . 'Z'; if ($password) { $passType = self::WSUNAME . '#PasswordText'; if ($passwordDigest) { $password = base64_encode(sha1($nonce . $createdate . $password, true)); $passType = self::WSUNAME . '#PasswordDigest'; } $passwordNode = $this->soapDoc->createElementNS(self::WSSENS, self::WSSEPFX . ':Password'); $token->appendChild($passwordNode); $passwordText = $this->soapDoc->createTextNode($password); $passwordNode->appendChild($passwordText); $passwordNode->setAttribute('Type', $passType); } $nonceNode = $this->soapDoc->createElementNS(self::WSSENS, self::WSSEPFX . ':Nonce', base64_encode($nonce)); $token->appendChild($nonceNode); $created = $this->soapDoc->createElementNS(self::WSUNS, self::WSUPFX . ':Created', $createdate); $token->appendChild($created); }
/** * Encrypt the NameID in the AuthnRequest. * * @param XMLSecurityKey $key The encryption key. */ public function encryptNameId(XMLSecurityKey $key) { /* First create a XML representation of the NameID. */ $doc = new \DOMDocument(); $root = $doc->createElement('root'); $doc->appendChild($root); Utils::addNameId($root, $this->nameId); $nameId = $root->firstChild; Utils::getContainer()->debugMessage($nameId, 'encrypt'); /* Encrypt the NameID. */ $enc = new XMLSecEnc(); $enc->setNode($nameId); // @codingStandardsIgnoreStart $enc->type = XMLSecEnc::Element; // @codingStandardsIgnoreEnd $symmetricKey = new XMLSecurityKey(XMLSecurityKey::AES128_CBC); $symmetricKey->generateSessionKey(); $enc->encryptKey($key, $symmetricKey); $this->encryptedNameId = $enc->encryptNode($symmetricKey); $this->nameId = null; }