Set the certificate location to use for signing.
| public setSignCertificate ( string $certificate, string | array $privateKey = null, integer $signOptions = PKCS7_DETACHED, string $extraCerts = null ) : Swift_Signers_SMimeSigner | ||
| $certificate | string | |
| $privateKey | string | array | If the key needs an passphrase use array('file-location', 'passphrase') instead |
| $signOptions | integer | Bitwise operator options for openssl_pkcs7_sign() |
| $extraCerts | string | A file containing intermediate certificates needed by the signing certificate |
| return | Swift_Signers_SMimeSigner | |
public function testSignThenEncryptedMessage()
{
$message = Swift_SignedMessage::newInstance('Wonderful Subject')->setFrom(array('*****@*****.**' => 'John Doe'))->setTo(array('*****@*****.**', '*****@*****.**' => 'A name'))->setBody('Here is the message itself');
$signer = new Swift_Signers_SMimeSigner();
$signer->setSignCertificate($this->samplesDir . 'smime/sign.crt', $this->samplesDir . 'smime/sign.key');
$signer->setEncryptCertificate($this->samplesDir . 'smime/encrypt.crt');
$message->attachSigner($signer);
$messageStream = new Swift_ByteStream_TemporaryFileByteStream();
$message->toByteStream($messageStream);
$messageStream->commit();
$entityString = $messageStream->getContent();
$headers = self::getHeadersOfMessage($entityString);
if (!preg_match('#^application/(x\\-)?pkcs7-mime; smime-type=enveloped\\-data;#', $headers['content-type'])) {
$this->fail('Content-type does not match.');
return false;
}
$expectedBody = '(?:^[a-zA-Z0-9\\/\\r\\n+]*={0,2})';
$decryptedMessageStream = new Swift_ByteStream_TemporaryFileByteStream();
if (!openssl_pkcs7_decrypt($messageStream->getPath(), $decryptedMessageStream->getPath(), 'file://' . $this->samplesDir . 'smime/encrypt.crt', array('file://' . $this->samplesDir . 'smime/encrypt.key', 'swift'))) {
$this->fail(sprintf('Decrypt of the message failed. Internal error "%s".', openssl_error_string()));
}
$entityString = $decryptedMessageStream->getContent();
$headers = self::getHeadersOfMessage($entityString);
if (!($boundary = $this->getBoundary($headers['content-type']))) {
return false;
}
$expectedBody = <<<OEL
This is an S/MIME signed message
--{$boundary}
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable
Here is the message itself
--{$boundary}
Content-Type: application/(x\\-)?pkcs7-signature; name="smime\\.p7s"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="smime\\.p7s"
(?:^[a-zA-Z0-9\\/\\r\\n+]*={0,2})
--{$boundary}--
OEL;
if (!$this->assertValidVerify($expectedBody, $decryptedMessageStream)) {
return false;
}
unset($decryptedMessageStream, $messageStream);
}
public function testEncryptThenSignMessage()
{
$message = (new Swift_Message('Wonderful Subject'))->setFrom(array('*****@*****.**' => 'John Doe'))->setTo(array('*****@*****.**', '*****@*****.**' => 'A name'))->setBody('Here is the message itself');
$originalMessage = $this->cleanMessage($message->toString());
$signer = new Swift_Signers_SMimeSigner();
$signer->setSignCertificate($this->samplesDir . 'smime/sign.crt', $this->samplesDir . 'smime/sign.key');
$signer->setEncryptCertificate($this->samplesDir . 'smime/encrypt.crt');
$signer->setSignThenEncrypt(false);
$message->attachSigner($signer);
$messageStream = $this->newFilteredStream();
$message->toByteStream($messageStream);
$messageStream->commit();
$entityString = $messageStream->getContent();
$headers = self::getHeadersOfMessage($entityString);
if (!($boundary = $this->getBoundary($headers['content-type']))) {
return false;
}
$expectedBody = <<<OEL
This is an S/MIME signed message
--{$boundary}
(?P<encrypted_message>MIME-Version: 1\\.0
Content-Disposition: attachment; filename="smime\\.p7m"
Content-Type: application/(x\\-)?pkcs7-mime; smime-type=enveloped-data; name="smime\\.p7m"
Content-Transfer-Encoding: base64
(?:^[a-zA-Z0-9\\/\\r\\n+]*={0,2})
)--{$boundary}
Content-Type: application/(x\\-)?pkcs7-signature; name="smime\\.p7s"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="smime\\.p7s"
(?:^[a-zA-Z0-9\\/\\r\\n+]*={0,2})
--{$boundary}--
OEL;
if (!$this->assertValidVerify($expectedBody, $messageStream)) {
return false;
}
$expectedBody = str_replace("\n", "\r\n", $expectedBody);
if (!preg_match('%' . $expectedBody . '*%m', $entityString, $entities)) {
$this->fail('Failed regex match.');
return false;
}
$messageStreamClean = new Swift_ByteStream_TemporaryFileByteStream();
$messageStreamClean->write($entities['encrypted_message']);
$decryptedMessageStream = new Swift_ByteStream_TemporaryFileByteStream();
if (!openssl_pkcs7_decrypt($messageStreamClean->getPath(), $decryptedMessageStream->getPath(), 'file://' . $this->samplesDir . 'smime/encrypt.crt', array('file://' . $this->samplesDir . 'smime/encrypt.key', 'swift'))) {
$this->fail(sprintf('Decrypt of the message failed. Internal error "%s".', openssl_error_string()));
}
$this->assertEquals($originalMessage, $decryptedMessageStream->getContent());
unset($messageStreamClean, $messageStream, $decryptedMessageStream);
}
