当前位置: 首页>>代码示例>>PHP>>正文


PHP XMLSecEnc类代码示例

本文整理汇总了PHP中XMLSecEnc的典型用法代码示例。如果您正苦于以下问题:PHP XMLSecEnc类的具体用法?PHP XMLSecEnc怎么用?PHP XMLSecEnc使用的例子?那么, 这里精选的类代码示例或许可以为您提供帮助。


在下文中一共展示了XMLSecEnc类的15个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的PHP代码示例。

示例1: setAssertion

 /**
  * Set the assertion.
  *
  * @param SAML2_Assertion $assertion The assertion.
  * @param XMLSecurityKey  $key       The key we should use to encrypt the assertion.
  * @throws Exception
  */
 public function setAssertion(SAML2_Assertion $assertion, XMLSecurityKey $key)
 {
     $xml = $assertion->toXML();
     SAML2_Utils::getContainer()->debugMessage($xml, 'encrypt');
     $enc = new XMLSecEnc();
     $enc->setNode($xml);
     $enc->type = XMLSecEnc::Element;
     switch ($key->type) {
         case XMLSecurityKey::TRIPLEDES_CBC:
         case XMLSecurityKey::AES128_CBC:
         case XMLSecurityKey::AES192_CBC:
         case XMLSecurityKey::AES256_CBC:
             $symmetricKey = $key;
             break;
         case XMLSecurityKey::RSA_1_5:
         case XMLSecurityKey::RSA_OAEP_MGF1P:
             $symmetricKey = new XMLSecurityKey(XMLSecurityKey::AES128_CBC);
             $symmetricKey->generateSessionKey();
             $enc->encryptKey($key, $symmetricKey);
             break;
         default:
             throw new Exception('Unknown key type for encryption: ' . $key->type);
     }
     $this->encryptedData = $enc->encryptNode($symmetricKey);
 }
开发者ID:danielkjfrog,项目名称:docker,代码行数:32,代码来源:EncryptedAssertion.php

示例2: is_valid

function is_valid($document, $x509certificate)
{
    $objXMLSecDSig = new XMLSecurityDSig();
    $objDSig = $objXMLSecDSig->locateSignature($document);
    if (!$objDSig) {
        throw new Exception("Cannot locate Signature Node");
    }
    $objXMLSecDSig->canonicalizeSignedInfo();
    $objXMLSecDSig->idKeys = array('ID');
    $retVal = $objXMLSecDSig->validateReference();
    if (!$retVal) {
        throw new Exception("Reference Validation Failed");
    }
    $objKey = $objXMLSecDSig->locateKey();
    if (!$objKey) {
        throw new Exception("We have no idea about the key");
    }
    $key = NULL;
    $singleAssertion = validateNumAssertions($document);
    if (!$singleAssertion) {
        throw new Exception("Only one SAMLAssertion allowed");
    }
    $validTimestamps = validateTimestamps($document);
    if (!$validTimestamps) {
        throw new Exception("SAMLAssertion conditions not met");
    }
    $objKeyInfo = XMLSecEnc::staticLocateKeyInfo($objKey, $objDSig);
    $objKey->loadKey($x509certificate, FALSE, true);
    $result = $objXMLSecDSig->verify($objKey);
    return $result;
}
开发者ID:nethad,项目名称:experiments,代码行数:31,代码来源:saml2.php

示例3: is_valid

 function is_valid()
 {
     $objXMLSecDSig = new XMLSecurityDSig();
     $objDSig = $objXMLSecDSig->locateSignature($this->doc);
     if (!$objDSig) {
         throw new Exception("Cannot locate Signature Node");
         //, 'error', FALSE
         return false;
     }
     $objXMLSecDSig->canonicalizeSignedInfo();
     $objXMLSecDSig->idKeys = array('ID');
     $retVal = $objXMLSecDSig->validateReference();
     if (!$retVal) {
         throw new Exception("SAML Assertion Error: Reference Validation Failed");
         //, 'error', FALSE
         return false;
         // throw new Exception("Reference Validation Failed");
     }
     $objKey = $objXMLSecDSig->locateKey();
     if (!$objKey) {
         throw new Exception("SAML Assertion Error: We have no idea about the key");
         //, 'error', FALSE
         return false;
         // throw new Exception("We have no idea about the key");
     }
     $key = NULL;
     $singleAssertion = $this->validateNumAssertions();
     if (!$singleAssertion) {
         throw new Exception("SAML Assertion Error: Only ONE SAML Assertion Allowed");
         //, 'error', FALSE
         return false;
         // throw new Exception("Only ONE SamlAssertion allowed");
     }
     $validTimestamps = $this->validateTimestamps();
     if (!$validTimestamps) {
         throw new Exception("SAML Assertion Error: Check your timestamp conditions");
         //, 'error', FALSE
         return false;
         // throw new Exception("Check your timestamp conditions");
     }
     $objKeyInfo = XMLSecEnc::staticLocateKeyInfo($objKey, $objDSig);
     $objKey->loadKey($this->x509certificate, FALSE, true);
     $result = $objXMLSecDSig->verify($objKey);
     return $result;
 }
开发者ID:stefanotirati,项目名称:moodle-google-apps,代码行数:45,代码来源:xmlsec.php

示例4: __construct

 /**
  * This function initializes the validator.
  *
  * @param $xmlNode  The XML node which contains the Signature element.
  * @param $idAttribute  The ID attribute which is used in node references. If this attribute is
  *                      NULL (the default), then we will use whatever is the default ID.
  */
 public function __construct($xmlNode, $idAttribute = NULL, $publickey = FALSE)
 {
     assert('$xmlNode instanceof DOMNode');
     /* Create an XML security object. */
     $objXMLSecDSig = new XMLSecurityDSig();
     /* Add the id attribute if the user passed in an id attribute. */
     if ($idAttribute !== NULL) {
         assert('is_string($idAttribute)');
         $objXMLSecDSig->idKeys[] = $idAttribute;
     }
     /* Locate the XMLDSig Signature element to be used. */
     $signatureElement = $objXMLSecDSig->locateSignature($xmlNode);
     if (!$signatureElement) {
         throw new Exception('Could not locate XML Signature element.');
     }
     /* Canonicalize the XMLDSig SignedInfo element in the message. */
     $objXMLSecDSig->canonicalizeSignedInfo();
     /* Validate referenced xml nodes. */
     if (!$objXMLSecDSig->validateReference()) {
         throw new Exception('XMLsec: digest validation failed');
     }
     /* Find the key used to sign the document. */
     $objKey = $objXMLSecDSig->locateKey();
     if (empty($objKey)) {
         throw new Exception('Error loading key to handle XML signature');
     }
     /* Load the key data. */
     if ($publickey) {
         $objKey->loadKey($publickey);
     } else {
         if (!XMLSecEnc::staticLocateKeyInfo($objKey, $signatureElement)) {
             throw new Exception('Error finding key data for XML signature validation.');
         }
     }
     /* Check the signature. */
     if (!$objXMLSecDSig->verify($objKey)) {
         throw new Exception("Unable to validate Signature");
     }
     /* Extract the certificate fingerprint. */
     $this->x509Fingerprint = $objKey->getX509Fingerprint();
     /* Find the list of validated nodes. */
     $this->validNodes = $objXMLSecDSig->getValidatedNodes();
 }
开发者ID:stefanotirati,项目名称:moodle-google-apps,代码行数:50,代码来源:Validator.php

示例5: is_valid

 function is_valid()
 {
     $objXMLSecDSig = new XMLSecurityDSig();
     $objDSig = $objXMLSecDSig->locateSignature($this->doc);
     if (!$objDSig) {
         throw new Exception("Cannot locate Signature Node");
     }
     $objXMLSecDSig->canonicalizeSignedInfo();
     $objXMLSecDSig->idKeys = array('ID');
     $retVal = $objXMLSecDSig->validateReference();
     if (!$retVal) {
         throw new Exception("Reference Validation Failed");
     }
     $objKey = $objXMLSecDSig->locateKey();
     if (!$objKey) {
         throw new Exception("We have no idea about the key");
     }
     $key = NULL;
     $objKeyInfo = XMLSecEnc::staticLocateKeyInfo($objKey, $objDSig);
     $objKey->loadKey($this->x509certificate, FALSE, true);
     $result = $objXMLSecDSig->verify($objKey);
     return $result;
 }
开发者ID:sysraj86,项目名称:carnivalcrm,代码行数:23,代码来源:xmlsec.php

示例6: sendResponse

 public function sendResponse($response, $idmetaindex, $spentityid, $relayState = null)
 {
     $idpmd = $this->metadata->getMetaData($idmetaindex, 'saml20-idp-hosted');
     $spmd = $this->metadata->getMetaData($spentityid, 'saml20-sp-remote');
     $destination = $spmd['AssertionConsumerService'];
     if (empty($idpmd['privatekey'])) {
         throw new Exception('SAML: RSA private key not configured. This is required to sign the authentication response.');
     }
     if (empty($idpmd['certificate'])) {
         throw new Exception('SAML: X.509 certificate not configured. This is required to attach to the authentication response.');
     }
     // XMLDSig. Sign the complete request with the key stored in cert/server.pem
     $objXMLSecDSig = new XMLSecurityDSig();
     $objXMLSecDSig->setCanonicalMethod(XMLSecurityDSig::EXC_C14N);
     try {
         $responsedom = new DOMDocument();
         $responsedom->loadXML(str_replace("\n", "", str_replace("\r", "", $response)));
     } catch (Exception $e) {
         throw new Exception("foo");
     }
     $responseroot = $responsedom->getElementsByTagName('Response')->item(0);
     $firstassertionroot = $responsedom->getElementsByTagName('Assertion')->item(0);
     /* Determine what we should sign - either the Response element or the Assertion. The default
      * is to sign the Assertion, but that can be overridden by the 'signresponse' option in the
      * SP metadata or 'saml20.signresponse' in the global configuration.
      */
     $signResponse = FALSE;
     if (array_key_exists('signresponse', $spmd) && $spmd['signresponse'] !== NULL) {
         $signResponse = $spmd['signresponse'];
         if (!is_bool($signResponse)) {
             throw new Exception('Expected the \'signresponse\' option in the metadata of the' . ' SP \'' . $spmd['entityid'] . '\' to be a boolean value.');
         }
     } else {
         $signResponse = $this->configuration->getBoolean('saml20.signresponse', FALSE);
     }
     if ($signResponse) {
         // Sign the response.
         $objXMLSecDSig->addReferenceList(array($responseroot), XMLSecurityDSig::SHA1, array('http://www.w3.org/2000/09/xmldsig#enveloped-signature', XMLSecurityDSig::EXC_C14N), array('id_name' => 'ID'));
     } else {
         // Sign the assertion.
         $objXMLSecDSig->addReferenceList(array($firstassertionroot), XMLSecurityDSig::SHA1, array('http://www.w3.org/2000/09/xmldsig#enveloped-signature', XMLSecurityDSig::EXC_C14N), array('id_name' => 'ID'));
     }
     $objKey = new XMLSecurityKey(XMLSecurityKey::RSA_SHA1, array('type' => 'private'));
     if (array_key_exists('privatekey_pass', $idpmd)) {
         $objKey->passphrase = $idpmd['privatekey_pass'];
     }
     $objKey->loadKey($idpmd['privatekey']);
     $objXMLSecDSig->sign($objKey);
     $objXMLSecDSig->add509Cert($idpmd['certificate'], true);
     if ($signResponse) {
         $objXMLSecDSig->appendSignature($responseroot, true, false);
     } else {
         $objXMLSecDSig->appendSignature($firstassertionroot, true, true);
     }
     if (isset($spmd['assertion.encryption']) && $spmd['assertion.encryption']) {
         $encryptedassertion = $responsedom->createElement("saml:EncryptedAssertion");
         $encryptedassertion->setAttribute("xmlns:saml", "urn:oasis:names:tc:SAML:2.0:assertion");
         $firstassertionroot->parentNode->replaceChild($encryptedassertion, $firstassertionroot);
         $encryptedassertion->appendChild($firstassertionroot);
         $enc = new XMLSecEnc();
         $enc->setNode($firstassertionroot);
         $enc->type = XMLSecEnc::Element;
         $objKey = new XMLSecurityKey(XMLSecurityKey::AES128_CBC);
         if (isset($spmd['sharedkey'])) {
             $objKey->loadkey($spmd['sharedkey']);
         } else {
             $key = $objKey->generateSessionKey();
             $objKey->loadKey($key);
             if (empty($spmd['certificate'])) {
                 throw new Exception("Public key for encrypting assertion needed, but not specified for saml20-sp-remote id: " . $spentityid);
             }
             $keyKey = new XMLSecurityKey(XMLSecurityKey::RSA_1_5, array('type' => 'public'));
             $keyKey->loadKey($spmd['certificate']);
             $enc->encryptKey($keyKey, $objKey);
         }
         $encNode = $enc->encryptNode($objKey);
         # replacing the unencrypted node
     }
     $response = $responsedom->saveXML();
     SimpleSAML_Utilities::validateXMLDocument($response, 'saml20');
     # openssl genrsa -des3 -out server.key 1024
     # openssl rsa -in server.key -out server.pem
     # openssl req -new -key server.key -out server.csr
     # openssl x509 -req -days 60 -in server.csr -signkey server.key -out server.crt
     if ($this->configuration->getValue('debug')) {
         $p = new SimpleSAML_XHTML_Template($this->configuration, 'post-debug.php');
         $p->data['header'] = 'SAML Response Debug-mode';
         $p->data['RelayStateName'] = 'RelayState';
         $p->data['RelayState'] = $relayState;
         $p->data['destination'] = $destination;
         $p->data['response'] = str_replace("\n", "", base64_encode($response));
         $p->data['responseHTML'] = htmlentities($responsedom->saveHTML());
         $p->show();
     } else {
         $p = new SimpleSAML_XHTML_Template($this->configuration, 'post.php');
         $p->data['RelayStateName'] = 'RelayState';
         $p->data['RelayState'] = $relayState;
         $p->data['destination'] = $destination;
         $p->data['response'] = base64_encode($response);
         $p->show();
//.........这里部分代码省略.........
开发者ID:stefanotirati,项目名称:moodle-google-apps,代码行数:101,代码来源:HTTPPost.php

示例7: locateKeyInfo

 public function locateKeyInfo($objBaseKey = NULL, $node = NULL)
 {
     if (empty($node)) {
         $node = $this->rawNode;
     }
     return XMLSecEnc::staticLocateKeyInfo($objBaseKey, $node);
 }
开发者ID:BGCX067,项目名称:face-proveedor-cliente-php-git,代码行数:7,代码来源:XMLSecEnc.php

示例8: isValid

 /**
  * @return bool
  * @throws Exception
  */
 public function isValid()
 {
     $singleAssertion = $this->validateNumAssertions();
     if (!$singleAssertion) {
         throw new Exception('Multiple assertions are not supported');
     }
     $validTimestamps = $this->validateTimestamps();
     if (!$validTimestamps) {
         throw new Exception('Timing issues (please check your clock settings)');
     }
     $objXMLSecDSig = new XMLSecurityDSig();
     $objDSig = $objXMLSecDSig->locateSignature($this->_document);
     if (!$objDSig) {
         throw new Exception('Cannot locate Signature Node');
     }
     $objXMLSecDSig->canonicalizeSignedInfo();
     $objXMLSecDSig->idKeys = array('ID');
     $objKey = $objXMLSecDSig->locateKey();
     if (!$objKey) {
         throw new Exception('We have no idea about the key');
     }
     try {
         $retVal = $objXMLSecDSig->validateReference();
     } catch (Exception $e) {
         throw new Exception('Reference Validation Failed');
     }
     XMLSecEnc::staticLocateKeyInfo($objKey, $objDSig);
     $objKey->loadKey($this->_settings->idpPublicCertificate, false, true);
     return $objXMLSecDSig->verify($objKey) === 1;
 }
开发者ID:maestrano,项目名称:maestrano-php,代码行数:34,代码来源:XmlSec.php

示例9: EncryptBody

 public function EncryptBody($siteKey, $objKey, $token)
 {
     $enc = new XMLSecEnc();
     foreach ($this->envelope->childNodes as $node) {
         if ($node->namespaceURI == $this->soapNS && $node->localName == 'Body') {
             break;
         }
     }
     $enc->setNode($node);
     /* encrypt the symmetric key */
     $enc->encryptKey($siteKey, $objKey, FALSE);
     $enc->type = XMLSecEnc::Content;
     /* Using the symmetric key to actually encrypt the data */
     $encNode = $enc->encryptNode($objKey);
     $guid = XMLSecurityDSig::generate_GUID();
     $encNode->setAttribute('Id', $guid);
     $refNode = $encNode->firstChild;
     while ($refNode && $refNode->nodeType != XML_ELEMENT_NODE) {
         $refNode = $refNode->nextSibling;
     }
     if ($refNode) {
         $refNode = $refNode->nextSibling;
     }
     if ($this->addEncryptedKey($encNode, $enc, $token)) {
         $this->AddReference($enc->encKey, $guid);
     }
 }
开发者ID:aenetworks,项目名称:exacttarget,代码行数:27,代码来源:soap-wsse.php

示例10: decryptAssertion

 /**
  * This function decrypts the Assertion in the AuthnResponse
  * It throws an exception if the encryptAssertion for the remote idp is true and
  * the assertion is not encrypted
  * To Do: handle multible assertions
  */
 private function decryptAssertion()
 {
     $dom = $this->getDOM();
     $encryptedassertion = $this->doXPathQuery('/samlp:Response/saml:EncryptedAssertion')->item(0);
     $objenc = new XMLSecEnc();
     $encData = $objenc->locateEncryptedData($dom);
     if ($encData) {
         $spmd = $this->metadata->getMetaDataCurrent('saml20-sp-hosted');
         $spid = $this->metadata->getMetaDataCurrentEntityID('saml20-sp-hosted');
         $objenc->setNode($encData);
         $objenc->type = $encData->getAttribute("Type");
         $key = NULL;
         $objKey = $objenc->locateKey($encData);
         if ($objKey) {
             if ($objKeyInfo = $objenc->locateKeyInfo($objKey)) {
                 if ($objKeyInfo->isEncrypted) {
                     $objencKey = $objKeyInfo->encryptedCtx;
                     if (empty($spmd['privatekey'])) {
                         throw new Exception("SAML: RSA private key not configured. This is required to decrypt the response. saml20-sp-hosted: {$spid}");
                     }
                     $objKeyInfo->loadKey($spmd['privatekey']);
                     $key = $objencKey->decryptKey($objKeyInfo);
                 } else {
                     $idpmd = $this->metadata->getMetaData($this->issuer, 'saml20-idp-remote');
                     if (!isset($idpmd['sharedkey'])) {
                         throw new Exception("Shared key for decrypting assertion needed, but not specified for saml20-idp-remote id: " . $this->issuer);
                     }
                     $key = $idpmd['sharedkey'];
                 }
             }
         }
         if (empty($objKey) || empty($key)) {
             throw new Exception("Error loading key to handle Decryption: >" . var_export($objKey, true));
         }
         $objKey->loadkey($key);
         $decrypted = $objenc->decryptNode($objKey, false);
         $newdoc = new DOMDocument();
         $newdoc->loadXML('<root xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">' . $decrypted . '</root>');
         $importEnc = $encData->ownerDocument->importNode($newdoc->documentElement->firstChild, TRUE);
         $encryptedassertion->parentNode->replaceChild($importEnc, $encryptedassertion);
     } else {
         $md = $this->metadata->getMetaData($this->issuer, 'saml20-idp-remote');
         if (isset($md['assertion.encryption']) && $md['assertion.encryption']) {
             throw new Exception('Received unencrypted assertion from [' . $this->issuer . '] contrary to its metadata attribute [assertion.encryption]: ' . $md['assertion.encryption']);
         }
     }
 }
开发者ID:stefanotirati,项目名称:moodle-google-apps,代码行数:53,代码来源:AuthnResponse.php

示例11: _decryptAssertion

 /**
  * Decrypts the Assertion (DOMDocument)
  *
  * @param DomNode $dom DomDocument
  *
  * @return DOMDocument Decrypted Assertion
  *
  * @throws Exception
  */
 protected function _decryptAssertion($dom)
 {
     $pem = $this->_settings->getSPkey();
     if (empty($pem)) {
         throw new Exception("No private key available, check settings");
     }
     $objenc = new XMLSecEnc();
     $encData = $objenc->locateEncryptedData($dom);
     if (!$encData) {
         throw new Exception("Cannot locate encrypted assertion");
     }
     $objenc->setNode($encData);
     $objenc->type = $encData->getAttribute("Type");
     if (!($objKey = $objenc->locateKey())) {
         throw new Exception("Unknown algorithm");
     }
     $key = null;
     if ($objKeyInfo = $objenc->locateKeyInfo($objKey)) {
         if ($objKeyInfo->isEncrypted) {
             $objencKey = $objKeyInfo->encryptedCtx;
             $objKeyInfo->loadKey($pem, false, false);
             $key = $objencKey->decryptKey($objKeyInfo);
         } else {
             // symmetric encryption key support
             $objKeyInfo->loadKey($pem, false, false);
         }
     }
     if (empty($objKey->key)) {
         $objKey->loadKey($key);
     }
     $decrypted = $objenc->decryptNode($objKey, true);
     if ($decrypted instanceof DOMDocument) {
         return $decrypted;
     } else {
         $encryptedAssertion = $decrypted->parentNode;
         $container = $encryptedAssertion->parentNode;
         # Fix possible issue with saml namespace
         if (!$decrypted->hasAttributeNS('http://www.w3.org/2000/xmlns/', 'xmlns:saml') && !$decrypted->hasAttributeNS('http://www.w3.org/2000/xmlns/', 'xmlns:saml2') && !$decrypted->hasAttributeNS('http://www.w3.org/2000/xmlns/', 'xmlns') && !$container->hasAttributeNS('http://www.w3.org/2000/xmlns/', 'xmlns:saml') && !$container->hasAttributeNS('http://www.w3.org/2000/xmlns/', 'xmlns:saml2')) {
             if (strpos($encryptedAssertion->tagName, 'saml2:') !== false) {
                 $ns = 'xmlns:saml2';
             } else {
                 if (strpos($encryptedAssertion->tagName, 'saml:') != false) {
                     $ns = 'xmlns:saml';
                 } else {
                     $ns = 'xmlns';
                 }
             }
             $decrypted->setAttributeNS('http://www.w3.org/2000/xmlns/', $ns, OneLogin_Saml2_Constants::NS_SAML);
         }
         $container->replaceChild($decrypted, $encryptedAssertion);
         return $decrypted->ownerDocument;
     }
 }
开发者ID:onelogin,项目名称:php-saml,代码行数:62,代码来源:Response.php

示例12: testVerify

 /**
  * @param $testName
  * @param $testFile
  *
  * @dataProvider verifyProvider
  */
 public function testVerify($testName, $testFile)
 {
     $doc = new \DOMDocument();
     $doc->load($testFile);
     $objXMLSecDSig = new XMLSecurityDSig();
     $objDSig = $objXMLSecDSig->locateSignature($doc);
     $this->assertInstanceOf('\\DOMElement', $objDSig, "Cannot locate Signature Node");
     $objXMLSecDSig->canonicalizeSignedInfo();
     $objXMLSecDSig->idKeys = array('wsu:Id');
     $objXMLSecDSig->idNS = array('wsu' => 'http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd');
     $retVal = $objXMLSecDSig->validateReference();
     $this->assertTrue($retVal, "Reference Validation Failed");
     $objKey = $objXMLSecDSig->locateKey();
     $this->assertInstanceOf('\\XmlSecLibs\\XMLSecurityKey', $objKey, "We have no idea about the key");
     $key = null;
     $objKeyInfo = XMLSecEnc::staticLocateKeyInfo($objKey, $objDSig);
     if (!$objKeyInfo->key && empty($key)) {
         $objKey->loadKey(dirname(__FILE__) . '/../mycert.pem', true);
     }
     $this->assertEquals(1, $objXMLSecDSig->verify($objKey), "{$testName}: Signature is invalid");
 }
开发者ID:ddvzwzjm,项目名称:xmlseclibs,代码行数:27,代码来源:XmlSecEncTest.php

示例13: define

define('DS', '\\');
$doc = new DOMDocument();
$doc->load('C:\\Users\\Miha Nahtigal\\Downloads\\Obcina_Trebnje_koledar_eslog (82).xml');
require dirname(dirname(__FILE__)) . DS . 'Plugin' . DS . 'LilInvoices' . DS . 'Lib' . DS . 'xmlseclibs_bes.php';
$objXMLSecDSig = new XMLSecurityDSig();
$objDSig = $objXMLSecDSig->locateSignature($doc);
if (!$objDSig) {
    throw new Exception("Cannot locate Signature Node");
}
$objXMLSecDSig->canonicalizeSignedInfo();
//$objXMLSecDSig->idKeys = array('xds:Id');
//$objXMLSecDSig->idNS = array('xds'=>'http://uri.etsi.org/01903/v1.1.1#');
$retVal = $objXMLSecDSig->validateReference();
if (!$retVal) {
    throw new Exception("Reference Validation Failed");
}
$objKey = $objXMLSecDSig->locateKey();
if (!$objKey) {
    throw new Exception("We have no idea about the key");
}
$key = NULL;
$objKeyInfo = XMLSecEnc::staticLocateKeyInfo($objKey, $objDSig);
if (!$objKeyInfo->key && empty($key)) {
    $objKey->loadKey(dirname(__FILE__) . '/mycert.pem', TRUE);
}
if ($objXMLSecDSig->verify($objKey)) {
    print "Signature validated!";
} else {
    print "Failure!!!!!!!!";
}
print "\n";
开发者ID:malamalca,项目名称:lil-intranet,代码行数:31,代码来源:verify.php

示例14: fromEncryptedKeyElement

 /**
  * Create key from an EncryptedKey-element.
  *
  * @param DOMElement $element The EncryptedKey-element.
  *
  * @return XMLSecurityKey The new key.
  */
 public static function fromEncryptedKeyElement(DOMElement $element)
 {
     $objenc = new XMLSecEnc();
     $objenc->setNode($element);
     if (!($objKey = $objenc->locateKey())) {
         throw new Exception("Unable to locate algorithm for this Encrypted Key");
     }
     $objKey->isEncrypted = true;
     $objKey->encryptedCtx = $objenc;
     XMLSecEnc::staticLocateKeyInfo($objKey, $element);
     return $objKey;
 }
开发者ID:RKathees,项目名称:is-connectors,代码行数:19,代码来源:XMLSecurityKey.php

示例15: doDecryptElement

 /**
  * Decrypt an encrypted element.
  *
  * This is an internal helper function.
  *
  * @param  DOMElement     $encryptedData The encrypted data.
  * @param  XMLSecurityKey $inputKey      The decryption key.
  * @param  array          &$blacklist    Blacklisted decryption algorithms.
  * @return DOMElement     The decrypted element.
  * @throws Exception
  */
 private static function doDecryptElement(DOMElement $encryptedData, XMLSecurityKey $inputKey, array &$blacklist)
 {
     $enc = new XMLSecEnc();
     $enc->setNode($encryptedData);
     $enc->type = $encryptedData->getAttribute("Type");
     $symmetricKey = $enc->locateKey($encryptedData);
     if (!$symmetricKey) {
         throw new Exception('Could not locate key algorithm in encrypted data.');
     }
     $symmetricKeyInfo = $enc->locateKeyInfo($symmetricKey);
     if (!$symmetricKeyInfo) {
         throw new Exception('Could not locate <dsig:KeyInfo> for the encrypted key.');
     }
     $inputKeyAlgo = $inputKey->getAlgorith();
     if ($symmetricKeyInfo->isEncrypted) {
         $symKeyInfoAlgo = $symmetricKeyInfo->getAlgorith();
         if (in_array($symKeyInfoAlgo, $blacklist, TRUE)) {
             throw new Exception('Algorithm disabled: ' . var_export($symKeyInfoAlgo, TRUE));
         }
         if ($symKeyInfoAlgo === XMLSecurityKey::RSA_OAEP_MGF1P && $inputKeyAlgo === XMLSecurityKey::RSA_1_5) {
             /*
              * The RSA key formats are equal, so loading an RSA_1_5 key
              * into an RSA_OAEP_MGF1P key can be done without problems.
              * We therefore pretend that the input key is an
              * RSA_OAEP_MGF1P key.
              */
             $inputKeyAlgo = XMLSecurityKey::RSA_OAEP_MGF1P;
         }
         /* Make sure that the input key format is the same as the one used to encrypt the key. */
         if ($inputKeyAlgo !== $symKeyInfoAlgo) {
             throw new Exception('Algorithm mismatch between input key and key used to encrypt ' . ' the symmetric key for the message. Key was: ' . var_export($inputKeyAlgo, TRUE) . '; message was: ' . var_export($symKeyInfoAlgo, TRUE));
         }
         /** @var XMLSecEnc $encKey */
         $encKey = $symmetricKeyInfo->encryptedCtx;
         $symmetricKeyInfo->key = $inputKey->key;
         $keySize = $symmetricKey->getSymmetricKeySize();
         if ($keySize === NULL) {
             /* To protect against "key oracle" attacks, we need to be able to create a
              * symmetric key, and for that we need to know the key size.
              */
             throw new Exception('Unknown key size for encryption algorithm: ' . var_export($symmetricKey->type, TRUE));
         }
         try {
             $key = $encKey->decryptKey($symmetricKeyInfo);
             if (strlen($key) != $keySize) {
                 throw new Exception('Unexpected key size (' . strlen($key) * 8 . 'bits) for encryption algorithm: ' . var_export($symmetricKey->type, TRUE));
             }
         } catch (Exception $e) {
             /* We failed to decrypt this key. Log it, and substitute a "random" key. */
             SAML2_Utils::getContainer()->getLogger()->error('Failed to decrypt symmetric key: ' . $e->getMessage());
             /* Create a replacement key, so that it looks like we fail in the same way as if the key was correctly padded. */
             /* We base the symmetric key on the encrypted key and private key, so that we always behave the
              * same way for a given input key.
              */
             $encryptedKey = $encKey->getCipherValue();
             $pkey = openssl_pkey_get_details($symmetricKeyInfo->key);
             $pkey = sha1(serialize($pkey), TRUE);
             $key = sha1($encryptedKey . $pkey, TRUE);
             /* Make sure that the key has the correct length. */
             if (strlen($key) > $keySize) {
                 $key = substr($key, 0, $keySize);
             } elseif (strlen($key) < $keySize) {
                 $key = str_pad($key, $keySize);
             }
         }
         $symmetricKey->loadkey($key);
     } else {
         $symKeyAlgo = $symmetricKey->getAlgorith();
         /* Make sure that the input key has the correct format. */
         if ($inputKeyAlgo !== $symKeyAlgo) {
             throw new Exception('Algorithm mismatch between input key and key in message. ' . 'Key was: ' . var_export($inputKeyAlgo, TRUE) . '; message was: ' . var_export($symKeyAlgo, TRUE));
         }
         $symmetricKey = $inputKey;
     }
     $algorithm = $symmetricKey->getAlgorith();
     if (in_array($algorithm, $blacklist, TRUE)) {
         throw new Exception('Algorithm disabled: ' . var_export($algorithm, TRUE));
     }
     /** @var string $decrypted */
     $decrypted = $enc->decryptNode($symmetricKey, FALSE);
     /*
      * This is a workaround for the case where only a subset of the XML
      * tree was serialized for encryption. In that case, we may miss the
      * namespaces needed to parse the XML.
      */
     $xml = '<root xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" ' . 'xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">' . $decrypted . '</root>';
     $newDoc = new DOMDocument();
     if (!@$newDoc->loadXML($xml)) {
         throw new Exception('Failed to parse decrypted XML. Maybe the wrong sharedkey was used?');
//.........这里部分代码省略.........
开发者ID:dutchbridge,项目名称:saml2,代码行数:101,代码来源:Utils.php


注:本文中的XMLSecEnc类示例由纯净天空整理自Github/MSDocs等开源代码及文档管理平台,相关代码片段筛选自各路编程大神贡献的开源项目,源码版权归原作者所有,传播和使用请参考对应项目的License;未经允许,请勿转载。