tweet_live: web/rsln/Zend/InfoCard/Xml/Security.php@d522fd390921 (annotated)

20 7e0a67a20e74 add new rsln page Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	1	<?php
7e0a67a20e74 add new rsln page Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	2	/**
7e0a67a20e74 add new rsln page Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	3	* Zend Framework
7e0a67a20e74 add new rsln page Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	4	*
7e0a67a20e74 add new rsln page Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	5	* LICENSE
7e0a67a20e74 add new rsln page Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	6	*
7e0a67a20e74 add new rsln page Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	7	* This source file is subject to the new BSD license that is bundled
7e0a67a20e74 add new rsln page Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	8	* with this package in the file LICENSE.txt.
7e0a67a20e74 add new rsln page Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	9	* It is also available through the world-wide-web at this URL:
7e0a67a20e74 add new rsln page Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	10	* http://framework.zend.com/license/new-bsd
7e0a67a20e74 add new rsln page Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	11	* If you did not receive a copy of the license and are unable to
7e0a67a20e74 add new rsln page Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	12	* obtain it through the world-wide-web, please send an email
7e0a67a20e74 add new rsln page Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	13	* to license@zend.com so we can send you a copy immediately.
7e0a67a20e74 add new rsln page Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	14	*
7e0a67a20e74 add new rsln page Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	15	* @category Zend
7e0a67a20e74 add new rsln page Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	16	* @package Zend_InfoCard
7e0a67a20e74 add new rsln page Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	17	* @subpackage Zend_InfoCard_Xml_Security
7e0a67a20e74 add new rsln page Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	18	* @copyright Copyright (c) 2005-2010 Zend Technologies USA Inc. (http://www.zend.com)
7e0a67a20e74 add new rsln page Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	19	* @license http://framework.zend.com/license/new-bsd New BSD License
7e0a67a20e74 add new rsln page Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	20	* @version $Id: Security.php 23280 2010-10-31 10:28:58Z ramon $
7e0a67a20e74 add new rsln page Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	21	*/
7e0a67a20e74 add new rsln page Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	22
7e0a67a20e74 add new rsln page Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	23	/**
7e0a67a20e74 add new rsln page Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	24	* Zend_InfoCard_Xml_Security_Transform
7e0a67a20e74 add new rsln page Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	25	*/
7e0a67a20e74 add new rsln page Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	26	require_once 'Zend/InfoCard/Xml/Security/Transform.php';
7e0a67a20e74 add new rsln page Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	27
7e0a67a20e74 add new rsln page Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	28	/**
7e0a67a20e74 add new rsln page Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	29	*
7e0a67a20e74 add new rsln page Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	30	* @category Zend
7e0a67a20e74 add new rsln page Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	31	* @package Zend_InfoCard
7e0a67a20e74 add new rsln page Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	32	* @subpackage Zend_InfoCard_Xml_Security
7e0a67a20e74 add new rsln page Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	33	* @copyright Copyright (c) 2005-2010 Zend Technologies USA Inc. (http://www.zend.com)
7e0a67a20e74 add new rsln page Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	34	* @license http://framework.zend.com/license/new-bsd New BSD License
7e0a67a20e74 add new rsln page Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	35	*/
7e0a67a20e74 add new rsln page Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	36	class Zend_InfoCard_Xml_Security
7e0a67a20e74 add new rsln page Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	37	{
7e0a67a20e74 add new rsln page Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	38	/**
7e0a67a20e74 add new rsln page Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	39	* ASN.1 type INTEGER class
7e0a67a20e74 add new rsln page Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	40	*/
7e0a67a20e74 add new rsln page Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	41	const ASN_TYPE_INTEGER = 0x02;
7e0a67a20e74 add new rsln page Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	42
7e0a67a20e74 add new rsln page Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	43	/**
7e0a67a20e74 add new rsln page Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	44	* ASN.1 type BIT STRING class
7e0a67a20e74 add new rsln page Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	45	*/
7e0a67a20e74 add new rsln page Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	46	const ASN_TYPE_BITSTRING = 0x03;
7e0a67a20e74 add new rsln page Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	47
7e0a67a20e74 add new rsln page Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	48	/**
7e0a67a20e74 add new rsln page Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	49	* ASN.1 type SEQUENCE class
7e0a67a20e74 add new rsln page Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	50	*/
7e0a67a20e74 add new rsln page Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	51	const ASN_TYPE_SEQUENCE = 0x30;
7e0a67a20e74 add new rsln page Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	52
7e0a67a20e74 add new rsln page Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	53	/**
7e0a67a20e74 add new rsln page Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	54	* The URI for Canonical Method C14N Exclusive
7e0a67a20e74 add new rsln page Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	55	*/
7e0a67a20e74 add new rsln page Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	56	const CANONICAL_METHOD_C14N_EXC = 'http://www.w3.org/2001/10/xml-exc-c14n#';
7e0a67a20e74 add new rsln page Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	57
7e0a67a20e74 add new rsln page Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	58	/**
7e0a67a20e74 add new rsln page Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	59	* The URI for Signature Method SHA1
7e0a67a20e74 add new rsln page Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	60	*/
7e0a67a20e74 add new rsln page Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	61	const SIGNATURE_METHOD_SHA1 = 'http://www.w3.org/2000/09/xmldsig#rsa-sha1';
7e0a67a20e74 add new rsln page Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	62
7e0a67a20e74 add new rsln page Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	63	/**
7e0a67a20e74 add new rsln page Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	64	* The URI for Digest Method SHA1
7e0a67a20e74 add new rsln page Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	65	*/
7e0a67a20e74 add new rsln page Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	66	const DIGEST_METHOD_SHA1 = 'http://www.w3.org/2000/09/xmldsig#sha1';
7e0a67a20e74 add new rsln page Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	67
7e0a67a20e74 add new rsln page Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	68	/**
7e0a67a20e74 add new rsln page Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	69	* The Identifier for RSA Keys
7e0a67a20e74 add new rsln page Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	70	*/
7e0a67a20e74 add new rsln page Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	71	const RSA_KEY_IDENTIFIER = '300D06092A864886F70D0101010500';
7e0a67a20e74 add new rsln page Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	72
7e0a67a20e74 add new rsln page Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	73	/**
7e0a67a20e74 add new rsln page Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	74	* Constructor (disabled)
7e0a67a20e74 add new rsln page Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	75	*
7e0a67a20e74 add new rsln page Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	76	* @return void
7e0a67a20e74 add new rsln page Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	77	*/
7e0a67a20e74 add new rsln page Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	78	private function __construct()
7e0a67a20e74 add new rsln page Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	79	{
7e0a67a20e74 add new rsln page Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	80	}
7e0a67a20e74 add new rsln page Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	81
7e0a67a20e74 add new rsln page Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	82	/**
7e0a67a20e74 add new rsln page Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	83	* Validates the signature of a provided XML block
7e0a67a20e74 add new rsln page Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	84	*
7e0a67a20e74 add new rsln page Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	85	* @param string $strXMLInput An XML block containing a Signature
7e0a67a20e74 add new rsln page Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	86	* @return bool True if the signature validated, false otherwise
7e0a67a20e74 add new rsln page Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	87	* @throws Zend_InfoCard_Xml_Security_Exception
7e0a67a20e74 add new rsln page Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	88	*/
7e0a67a20e74 add new rsln page Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	89	static public function validateXMLSignature($strXMLInput)
7e0a67a20e74 add new rsln page Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	90	{
7e0a67a20e74 add new rsln page Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	91	if(!extension_loaded('openssl')) {
7e0a67a20e74 add new rsln page Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	92	require_once 'Zend/InfoCard/Xml/Security/Exception.php';
7e0a67a20e74 add new rsln page Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	93	throw new Zend_InfoCard_Xml_Security_Exception("You must have the openssl extension installed to use this class");
7e0a67a20e74 add new rsln page Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	94	}
7e0a67a20e74 add new rsln page Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	95
7e0a67a20e74 add new rsln page Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	96	$sxe = simplexml_load_string($strXMLInput);
7e0a67a20e74 add new rsln page Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	97
7e0a67a20e74 add new rsln page Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	98	if(!isset($sxe->Signature)) {
7e0a67a20e74 add new rsln page Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	99	require_once 'Zend/InfoCard/Xml/Security/Exception.php';
7e0a67a20e74 add new rsln page Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	100	throw new Zend_InfoCard_Xml_Security_Exception("Could not identify XML Signature element");
7e0a67a20e74 add new rsln page Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	101	}
7e0a67a20e74 add new rsln page Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	102
7e0a67a20e74 add new rsln page Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	103	if(!isset($sxe->Signature->SignedInfo)) {
7e0a67a20e74 add new rsln page Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	104	require_once 'Zend/InfoCard/Xml/Security/Exception.php';
7e0a67a20e74 add new rsln page Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	105	throw new Zend_InfoCard_Xml_Security_Exception("Signature is missing a SignedInfo block");
7e0a67a20e74 add new rsln page Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	106	}
7e0a67a20e74 add new rsln page Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	107
7e0a67a20e74 add new rsln page Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	108	if(!isset($sxe->Signature->SignatureValue)) {
7e0a67a20e74 add new rsln page Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	109	require_once 'Zend/InfoCard/Xml/Security/Exception.php';
7e0a67a20e74 add new rsln page Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	110	throw new Zend_InfoCard_Xml_Security_Exception("Signature is missing a SignatureValue block");
7e0a67a20e74 add new rsln page Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	111	}
7e0a67a20e74 add new rsln page Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	112
7e0a67a20e74 add new rsln page Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	113	if(!isset($sxe->Signature->KeyInfo)) {
7e0a67a20e74 add new rsln page Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	114	require_once 'Zend/InfoCard/Xml/Security/Exception.php';
7e0a67a20e74 add new rsln page Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	115	throw new Zend_InfoCard_Xml_Security_Exception("Signature is missing a KeyInfo block");
7e0a67a20e74 add new rsln page Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	116	}
7e0a67a20e74 add new rsln page Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	117
7e0a67a20e74 add new rsln page Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	118	if(!isset($sxe->Signature->KeyInfo->KeyValue)) {
7e0a67a20e74 add new rsln page Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	119	require_once 'Zend/InfoCard/Xml/Security/Exception.php';
7e0a67a20e74 add new rsln page Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	120	throw new Zend_InfoCard_Xml_Security_Exception("Signature is missing a KeyValue block");
7e0a67a20e74 add new rsln page Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	121	}
7e0a67a20e74 add new rsln page Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	122
7e0a67a20e74 add new rsln page Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	123	switch((string)$sxe->Signature->SignedInfo->CanonicalizationMethod['Algorithm']) {
7e0a67a20e74 add new rsln page Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	124	case self::CANONICAL_METHOD_C14N_EXC:
7e0a67a20e74 add new rsln page Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	125	$cMethod = (string)$sxe->Signature->SignedInfo->CanonicalizationMethod['Algorithm'];
7e0a67a20e74 add new rsln page Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	126	break;
7e0a67a20e74 add new rsln page Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	127	default:
7e0a67a20e74 add new rsln page Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	128	require_once 'Zend/InfoCard/Xml/Security/Exception.php';
7e0a67a20e74 add new rsln page Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	129	throw new Zend_InfoCard_Xml_Security_Exception("Unknown or unsupported CanonicalizationMethod Requested");
7e0a67a20e74 add new rsln page Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	130	break;
7e0a67a20e74 add new rsln page Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	131	}
7e0a67a20e74 add new rsln page Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	132
7e0a67a20e74 add new rsln page Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	133	switch((string)$sxe->Signature->SignedInfo->SignatureMethod['Algorithm']) {
7e0a67a20e74 add new rsln page Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	134	case self::SIGNATURE_METHOD_SHA1:
7e0a67a20e74 add new rsln page Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	135	$sMethod = (string)$sxe->Signature->SignedInfo->SignatureMethod['Algorithm'];
7e0a67a20e74 add new rsln page Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	136	break;
7e0a67a20e74 add new rsln page Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	137	default:
7e0a67a20e74 add new rsln page Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	138	require_once 'Zend/InfoCard/Xml/Security/Exception.php';
7e0a67a20e74 add new rsln page Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	139	throw new Zend_InfoCard_Xml_Security_Exception("Unknown or unsupported SignatureMethod Requested");
7e0a67a20e74 add new rsln page Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	140	break;
7e0a67a20e74 add new rsln page Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	141	}
7e0a67a20e74 add new rsln page Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	142
7e0a67a20e74 add new rsln page Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	143	switch((string)$sxe->Signature->SignedInfo->Reference->DigestMethod['Algorithm']) {
7e0a67a20e74 add new rsln page Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	144	case self::DIGEST_METHOD_SHA1:
7e0a67a20e74 add new rsln page Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	145	$dMethod = (string)$sxe->Signature->SignedInfo->Reference->DigestMethod['Algorithm'];
7e0a67a20e74 add new rsln page Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	146	break;
7e0a67a20e74 add new rsln page Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	147	default:
7e0a67a20e74 add new rsln page Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	148	require_once 'Zend/InfoCard/Xml/Security/Exception.php';
7e0a67a20e74 add new rsln page Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	149	throw new Zend_InfoCard_Xml_Security_Exception("Unknown or unsupported DigestMethod Requested");
7e0a67a20e74 add new rsln page Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	150	break;
7e0a67a20e74 add new rsln page Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	151	}
7e0a67a20e74 add new rsln page Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	152
7e0a67a20e74 add new rsln page Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	153	$base64DecodeSupportsStrictParam = version_compare(PHP_VERSION, '5.2.0', '>=');
7e0a67a20e74 add new rsln page Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	154
7e0a67a20e74 add new rsln page Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	155	if ($base64DecodeSupportsStrictParam) {
7e0a67a20e74 add new rsln page Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	156	$dValue = base64_decode((string)$sxe->Signature->SignedInfo->Reference->DigestValue, true);
7e0a67a20e74 add new rsln page Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	157	} else {
7e0a67a20e74 add new rsln page Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	158	$dValue = base64_decode((string)$sxe->Signature->SignedInfo->Reference->DigestValue);
7e0a67a20e74 add new rsln page Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	159	}
7e0a67a20e74 add new rsln page Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	160
7e0a67a20e74 add new rsln page Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	161	if ($base64DecodeSupportsStrictParam) {
7e0a67a20e74 add new rsln page Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	162	$signatureValue = base64_decode((string)$sxe->Signature->SignatureValue, true);
7e0a67a20e74 add new rsln page Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	163	} else {
7e0a67a20e74 add new rsln page Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	164	$signatureValue = base64_decode((string)$sxe->Signature->SignatureValue);
7e0a67a20e74 add new rsln page Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	165	}
7e0a67a20e74 add new rsln page Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	166
7e0a67a20e74 add new rsln page Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	167	$transformer = new Zend_InfoCard_Xml_Security_Transform();
7e0a67a20e74 add new rsln page Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	168
7e0a67a20e74 add new rsln page Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	169	foreach($sxe->Signature->SignedInfo->Reference->Transforms->children() as $transform) {
7e0a67a20e74 add new rsln page Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	170	$transformer->addTransform((string)$transform['Algorithm']);
7e0a67a20e74 add new rsln page Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	171	}
7e0a67a20e74 add new rsln page Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	172
7e0a67a20e74 add new rsln page Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	173	$transformed_xml = $transformer->applyTransforms($strXMLInput);
7e0a67a20e74 add new rsln page Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	174
7e0a67a20e74 add new rsln page Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	175	$transformed_xml_binhash = pack("H*", sha1($transformed_xml));
7e0a67a20e74 add new rsln page Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	176
7e0a67a20e74 add new rsln page Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	177	if(!self::_secureStringCompare($transformed_xml_binhash, $dValue)) {
7e0a67a20e74 add new rsln page Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	178	require_once 'Zend/InfoCard/Xml/Security/Exception.php';
7e0a67a20e74 add new rsln page Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	179	throw new Zend_InfoCard_Xml_Security_Exception("Locally Transformed XML does not match XML Document. Cannot Verify Signature");
7e0a67a20e74 add new rsln page Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	180	}
7e0a67a20e74 add new rsln page Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	181
7e0a67a20e74 add new rsln page Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	182	$public_key = null;
7e0a67a20e74 add new rsln page Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	183
7e0a67a20e74 add new rsln page Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	184	switch(true) {
7e0a67a20e74 add new rsln page Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	185	case isset($sxe->Signature->KeyInfo->KeyValue->X509Certificate):
7e0a67a20e74 add new rsln page Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	186
7e0a67a20e74 add new rsln page Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	187	$certificate = (string)$sxe->Signature->KeyInfo->KeyValue->X509Certificate;
7e0a67a20e74 add new rsln page Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	188
7e0a67a20e74 add new rsln page Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	189
7e0a67a20e74 add new rsln page Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	190	$pem = "-----BEGIN CERTIFICATE-----\n" .
7e0a67a20e74 add new rsln page Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	191	wordwrap($certificate, 64, "\n", true) .
7e0a67a20e74 add new rsln page Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	192	"\n-----END CERTIFICATE-----";
7e0a67a20e74 add new rsln page Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	193
7e0a67a20e74 add new rsln page Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	194	$public_key = openssl_pkey_get_public($pem);
7e0a67a20e74 add new rsln page Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	195
7e0a67a20e74 add new rsln page Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	196	if(!$public_key) {
7e0a67a20e74 add new rsln page Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	197	require_once 'Zend/InfoCard/Xml/Security/Exception.php';
7e0a67a20e74 add new rsln page Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	198	throw new Zend_InfoCard_Xml_Security_Exception("Unable to extract and prcoess X509 Certificate from KeyValue");
7e0a67a20e74 add new rsln page Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	199	}
7e0a67a20e74 add new rsln page Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	200
7e0a67a20e74 add new rsln page Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	201	break;
7e0a67a20e74 add new rsln page Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	202	case isset($sxe->Signature->KeyInfo->KeyValue->RSAKeyValue):
7e0a67a20e74 add new rsln page Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	203
7e0a67a20e74 add new rsln page Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	204	if(!isset($sxe->Signature->KeyInfo->KeyValue->RSAKeyValue->Modulus) \|\|
7e0a67a20e74 add new rsln page Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	205	!isset($sxe->Signature->KeyInfo->KeyValue->RSAKeyValue->Exponent)) {
7e0a67a20e74 add new rsln page Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	206	require_once 'Zend/InfoCard/Xml/Security/Exception.php';
7e0a67a20e74 add new rsln page Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	207	throw new Zend_InfoCard_Xml_Security_Exception("RSA Key Value not in Modulus/Exponent form");
7e0a67a20e74 add new rsln page Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	208	}
7e0a67a20e74 add new rsln page Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	209
7e0a67a20e74 add new rsln page Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	210	$modulus = base64_decode((string)$sxe->Signature->KeyInfo->KeyValue->RSAKeyValue->Modulus);
7e0a67a20e74 add new rsln page Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	211	$exponent = base64_decode((string)$sxe->Signature->KeyInfo->KeyValue->RSAKeyValue->Exponent);
7e0a67a20e74 add new rsln page Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	212
7e0a67a20e74 add new rsln page Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	213	$pem_public_key = self::_getPublicKeyFromModExp($modulus, $exponent);
7e0a67a20e74 add new rsln page Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	214
7e0a67a20e74 add new rsln page Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	215	$public_key = openssl_pkey_get_public ($pem_public_key);
7e0a67a20e74 add new rsln page Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	216
7e0a67a20e74 add new rsln page Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	217	break;
7e0a67a20e74 add new rsln page Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	218	default:
7e0a67a20e74 add new rsln page Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	219	require_once 'Zend/InfoCard/Xml/Security/Exception.php';
7e0a67a20e74 add new rsln page Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	220	throw new Zend_InfoCard_Xml_Security_Exception("Unable to determine or unsupported representation of the KeyValue block");
7e0a67a20e74 add new rsln page Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	221	}
7e0a67a20e74 add new rsln page Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	222
7e0a67a20e74 add new rsln page Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	223	$transformer = new Zend_InfoCard_Xml_Security_Transform();
7e0a67a20e74 add new rsln page Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	224	$transformer->addTransform((string)$sxe->Signature->SignedInfo->CanonicalizationMethod['Algorithm']);
7e0a67a20e74 add new rsln page Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	225
7e0a67a20e74 add new rsln page Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	226	// The way we are doing our XML processing requires that we specifically add this
7e0a67a20e74 add new rsln page Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	227	// (even though it's in the <Signature> parent-block).. otherwise, our canonical form
7e0a67a20e74 add new rsln page Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	228	// fails signature verification
7e0a67a20e74 add new rsln page Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	229	$sxe->Signature->SignedInfo->addAttribute('xmlns', 'http://www.w3.org/2000/09/xmldsig#');
7e0a67a20e74 add new rsln page Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	230
7e0a67a20e74 add new rsln page Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	231	$canonical_signedinfo = $transformer->applyTransforms($sxe->Signature->SignedInfo->asXML());
7e0a67a20e74 add new rsln page Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	232
7e0a67a20e74 add new rsln page Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	233	if(@openssl_verify($canonical_signedinfo, $signatureValue, $public_key)) {
7e0a67a20e74 add new rsln page Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	234	return (string)$sxe->Signature->SignedInfo->Reference['URI'];
7e0a67a20e74 add new rsln page Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	235	}
7e0a67a20e74 add new rsln page Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	236
7e0a67a20e74 add new rsln page Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	237	return false;
7e0a67a20e74 add new rsln page Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	238	}
7e0a67a20e74 add new rsln page Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	239
7e0a67a20e74 add new rsln page Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	240	/**
7e0a67a20e74 add new rsln page Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	241	* Transform an RSA Key in Modulus/Exponent format into a PEM encoding and
7e0a67a20e74 add new rsln page Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	242	* return an openssl resource for it
7e0a67a20e74 add new rsln page Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	243	*
7e0a67a20e74 add new rsln page Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	244	* @param string $modulus The RSA Modulus in binary format
7e0a67a20e74 add new rsln page Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	245	* @param string $exponent The RSA exponent in binary format
7e0a67a20e74 add new rsln page Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	246	* @return string The PEM encoded version of the key
7e0a67a20e74 add new rsln page Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	247	*/
7e0a67a20e74 add new rsln page Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	248	static protected function _getPublicKeyFromModExp($modulus, $exponent)
7e0a67a20e74 add new rsln page Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	249	{
7e0a67a20e74 add new rsln page Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	250	$modulusInteger = self::_encodeValue($modulus, self::ASN_TYPE_INTEGER);
7e0a67a20e74 add new rsln page Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	251	$exponentInteger = self::_encodeValue($exponent, self::ASN_TYPE_INTEGER);
7e0a67a20e74 add new rsln page Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	252	$modExpSequence = self::_encodeValue($modulusInteger . $exponentInteger, self::ASN_TYPE_SEQUENCE);
7e0a67a20e74 add new rsln page Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	253	$modExpBitString = self::_encodeValue($modExpSequence, self::ASN_TYPE_BITSTRING);
7e0a67a20e74 add new rsln page Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	254
7e0a67a20e74 add new rsln page Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	255	$binRsaKeyIdentifier = pack( "H*", self::RSA_KEY_IDENTIFIER );
7e0a67a20e74 add new rsln page Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	256
7e0a67a20e74 add new rsln page Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	257	$publicKeySequence = self::_encodeValue($binRsaKeyIdentifier . $modExpBitString, self::ASN_TYPE_SEQUENCE);
7e0a67a20e74 add new rsln page Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	258
7e0a67a20e74 add new rsln page Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	259	$publicKeyInfoBase64 = base64_encode( $publicKeySequence );
7e0a67a20e74 add new rsln page Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	260
7e0a67a20e74 add new rsln page Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	261	$publicKeyString = "-----BEGIN PUBLIC KEY-----\n";
7e0a67a20e74 add new rsln page Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	262	$publicKeyString .= wordwrap($publicKeyInfoBase64, 64, "\n", true);
7e0a67a20e74 add new rsln page Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	263	$publicKeyString .= "\n-----END PUBLIC KEY-----\n";
7e0a67a20e74 add new rsln page Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	264
7e0a67a20e74 add new rsln page Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	265	return $publicKeyString;
7e0a67a20e74 add new rsln page Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	266	}
7e0a67a20e74 add new rsln page Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	267
7e0a67a20e74 add new rsln page Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	268	/**
7e0a67a20e74 add new rsln page Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	269	* Encode a limited set of data types into ASN.1 encoding format
7e0a67a20e74 add new rsln page Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	270	* which is used in X.509 certificates
7e0a67a20e74 add new rsln page Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	271	*
7e0a67a20e74 add new rsln page Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	272	* @param string $data The data to encode
7e0a67a20e74 add new rsln page Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	273	* @param const $type The encoding format constant
7e0a67a20e74 add new rsln page Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	274	* @return string The encoded value
7e0a67a20e74 add new rsln page Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	275	* @throws Zend_InfoCard_Xml_Security_Exception
7e0a67a20e74 add new rsln page Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	276	*/
7e0a67a20e74 add new rsln page Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	277	static protected function _encodeValue($data, $type)
7e0a67a20e74 add new rsln page Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	278	{
7e0a67a20e74 add new rsln page Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	279	// Null pad some data when we get it (integer values > 128 and bitstrings)
7e0a67a20e74 add new rsln page Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	280	if( (($type == self::ASN_TYPE_INTEGER) && (ord($data) > 0x7f)) \|\|
7e0a67a20e74 add new rsln page Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	281	($type == self::ASN_TYPE_BITSTRING)) {
7e0a67a20e74 add new rsln page Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	282	$data = "\0$data";
7e0a67a20e74 add new rsln page Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	283	}
7e0a67a20e74 add new rsln page Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	284
7e0a67a20e74 add new rsln page Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	285	$len = strlen($data);
7e0a67a20e74 add new rsln page Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	286
7e0a67a20e74 add new rsln page Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	287	// encode the value based on length of the string
7e0a67a20e74 add new rsln page Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	288	// I'm fairly confident that this is by no means a complete implementation
7e0a67a20e74 add new rsln page Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	289	// but it is enough for our purposes
7e0a67a20e74 add new rsln page Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	290	switch(true) {
7e0a67a20e74 add new rsln page Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	291	case ($len < 128):
7e0a67a20e74 add new rsln page Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	292	return sprintf("%c%c%s", $type, $len, $data);
7e0a67a20e74 add new rsln page Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	293	case ($len < 0x0100):
7e0a67a20e74 add new rsln page Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	294	return sprintf("%c%c%c%s", $type, 0x81, $len, $data);
7e0a67a20e74 add new rsln page Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	295	case ($len < 0x010000):
7e0a67a20e74 add new rsln page Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	296	return sprintf("%c%c%c%c%s", $type, 0x82, $len / 0x0100, $len % 0x0100, $data);
7e0a67a20e74 add new rsln page Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	297	default:
7e0a67a20e74 add new rsln page Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	298	require_once 'Zend/InfoCard/Xml/Security/Exception.php';
7e0a67a20e74 add new rsln page Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	299	throw new Zend_InfoCard_Xml_Security_Exception("Could not encode value");
7e0a67a20e74 add new rsln page Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	300	}
7e0a67a20e74 add new rsln page Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	301
7e0a67a20e74 add new rsln page Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	302	require_once 'Zend/InfoCard/Xml/Security/Exception.php';
7e0a67a20e74 add new rsln page Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	303	throw new Zend_InfoCard_Xml_Security_Exception("Invalid code path");
7e0a67a20e74 add new rsln page Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	304	}
7e0a67a20e74 add new rsln page Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	305
7e0a67a20e74 add new rsln page Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	306	/**
7e0a67a20e74 add new rsln page Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	307	* Securely compare two strings for equality while avoided C level memcmp()
7e0a67a20e74 add new rsln page Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	308	* optimisations capable of leaking timing information useful to an attacker
7e0a67a20e74 add new rsln page Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	309	* attempting to iteratively guess the unknown string (e.g. password) being
7e0a67a20e74 add new rsln page Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	310	* compared against.
7e0a67a20e74 add new rsln page Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	311	*
7e0a67a20e74 add new rsln page Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	312	* @param string $a
7e0a67a20e74 add new rsln page Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	313	* @param string $b
7e0a67a20e74 add new rsln page Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	314	* @return bool
7e0a67a20e74 add new rsln page Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	315	*/
7e0a67a20e74 add new rsln page Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	316	static protected function _secureStringCompare($a, $b)
7e0a67a20e74 add new rsln page Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	317	{
7e0a67a20e74 add new rsln page Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	318	if (strlen($a) !== strlen($b)) {
7e0a67a20e74 add new rsln page Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	319	return false;
7e0a67a20e74 add new rsln page Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	320	}
7e0a67a20e74 add new rsln page Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	321	$result = 0;
7e0a67a20e74 add new rsln page Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	322	for ($i = 0; $i < strlen($a); $i++) {
7e0a67a20e74 add new rsln page Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	323	$result \|= ord($a[$i]) ^ ord($b[$i]);
7e0a67a20e74 add new rsln page Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	324	}
7e0a67a20e74 add new rsln page Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	325	return $result == 0;
7e0a67a20e74 add new rsln page Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	326	}
7e0a67a20e74 add new rsln page Yves-Marie Haussonne <1218002+ymph@users.noreply.github.com> parents: diff changeset	327	}

author	Samuel Huron <samuel.huron@centrepompidou.fr>
	Tue, 08 Mar 2011 10:57:18 +0100
changeset 52	d522fd390921
parent 20	7e0a67a20e74
permissions	-rw-r--r--