import v1.1.0_beta1 | 2009-08-21
This commit is contained in:
@ -17,14 +17,9 @@
|
||||
* @subpackage Zend_InfoCard_Xml_Security
|
||||
* @copyright Copyright (c) 2005-2008 Zend Technologies USA Inc. (http://www.zend.com)
|
||||
* @license http://framework.zend.com/license/new-bsd New BSD License
|
||||
* @version $Id: Security.php 9094 2008-03-30 18:36:55Z thomas $
|
||||
* @version $Id: Security.php 13213 2008-12-14 11:05:07Z thomas $
|
||||
*/
|
||||
|
||||
/**
|
||||
* Zend_InfoCard_Xml_Security_Exception
|
||||
*/
|
||||
require_once 'Zend/InfoCard/Xml/Security/Exception.php';
|
||||
|
||||
/**
|
||||
* Zend_InfoCard_Xml_Security_Transform
|
||||
*/
|
||||
@ -94,28 +89,34 @@ class Zend_InfoCard_Xml_Security
|
||||
static public function validateXMLSignature($strXMLInput)
|
||||
{
|
||||
if(!extension_loaded('openssl')) {
|
||||
require_once 'Zend/InfoCard/Xml/Security/Exception.php';
|
||||
throw new Zend_InfoCard_Xml_Security_Exception("You must have the openssl extension installed to use this class");
|
||||
}
|
||||
|
||||
$sxe = simplexml_load_string($strXMLInput);
|
||||
|
||||
if(!isset($sxe->Signature)) {
|
||||
require_once 'Zend/InfoCard/Xml/Security/Exception.php';
|
||||
throw new Zend_InfoCard_Xml_Security_Exception("Could not identify XML Signature element");
|
||||
}
|
||||
|
||||
if(!isset($sxe->Signature->SignedInfo)) {
|
||||
require_once 'Zend/InfoCard/Xml/Security/Exception.php';
|
||||
throw new Zend_InfoCard_Xml_Security_Exception("Signature is missing a SignedInfo block");
|
||||
}
|
||||
|
||||
if(!isset($sxe->Signature->SignatureValue)) {
|
||||
require_once 'Zend/InfoCard/Xml/Security/Exception.php';
|
||||
throw new Zend_InfoCard_Xml_Security_Exception("Signature is missing a SignatureValue block");
|
||||
}
|
||||
|
||||
if(!isset($sxe->Signature->KeyInfo)) {
|
||||
require_once 'Zend/InfoCard/Xml/Security/Exception.php';
|
||||
throw new Zend_InfoCard_Xml_Security_Exception("Signature is missing a KeyInfo block");
|
||||
}
|
||||
|
||||
if(!isset($sxe->Signature->KeyInfo->KeyValue)) {
|
||||
require_once 'Zend/InfoCard/Xml/Security/Exception.php';
|
||||
throw new Zend_InfoCard_Xml_Security_Exception("Signature is missing a KeyValue block");
|
||||
}
|
||||
|
||||
@ -124,7 +125,9 @@ class Zend_InfoCard_Xml_Security
|
||||
$cMethod = (string)$sxe->Signature->SignedInfo->CanonicalizationMethod['Algorithm'];
|
||||
break;
|
||||
default:
|
||||
require_once 'Zend/InfoCard/Xml/Security/Exception.php';
|
||||
throw new Zend_InfoCard_Xml_Security_Exception("Unknown or unsupported CanonicalizationMethod Requested");
|
||||
break;
|
||||
}
|
||||
|
||||
switch((string)$sxe->Signature->SignedInfo->SignatureMethod['Algorithm']) {
|
||||
@ -132,7 +135,9 @@ class Zend_InfoCard_Xml_Security
|
||||
$sMethod = (string)$sxe->Signature->SignedInfo->SignatureMethod['Algorithm'];
|
||||
break;
|
||||
default:
|
||||
require_once 'Zend/InfoCard/Xml/Security/Exception.php';
|
||||
throw new Zend_InfoCard_Xml_Security_Exception("Unknown or unsupported SignatureMethod Requested");
|
||||
break;
|
||||
}
|
||||
|
||||
switch((string)$sxe->Signature->SignedInfo->Reference->DigestMethod['Algorithm']) {
|
||||
@ -140,7 +145,9 @@ class Zend_InfoCard_Xml_Security
|
||||
$dMethod = (string)$sxe->Signature->SignedInfo->Reference->DigestMethod['Algorithm'];
|
||||
break;
|
||||
default:
|
||||
require_once 'Zend/InfoCard/Xml/Security/Exception.php';
|
||||
throw new Zend_InfoCard_Xml_Security_Exception("Unknown or unsupported DigestMethod Requested");
|
||||
break;
|
||||
}
|
||||
|
||||
$base64DecodeSupportsStrictParam = version_compare(PHP_VERSION, '5.2.0', '>=');
|
||||
@ -168,6 +175,7 @@ class Zend_InfoCard_Xml_Security
|
||||
$transformed_xml_binhash = pack("H*", sha1($transformed_xml));
|
||||
|
||||
if($transformed_xml_binhash != $dValue) {
|
||||
require_once 'Zend/InfoCard/Xml/Security/Exception.php';
|
||||
throw new Zend_InfoCard_Xml_Security_Exception("Locally Transformed XML does not match XML Document. Cannot Verify Signature");
|
||||
}
|
||||
|
||||
@ -186,6 +194,7 @@ class Zend_InfoCard_Xml_Security
|
||||
$public_key = openssl_pkey_get_public($pem);
|
||||
|
||||
if(!$public_key) {
|
||||
require_once 'Zend/InfoCard/Xml/Security/Exception.php';
|
||||
throw new Zend_InfoCard_Xml_Security_Exception("Unable to extract and prcoess X509 Certificate from KeyValue");
|
||||
}
|
||||
|
||||
@ -194,7 +203,8 @@ class Zend_InfoCard_Xml_Security
|
||||
|
||||
if(!isset($sxe->Signature->KeyInfo->KeyValue->RSAKeyValue->Modulus) ||
|
||||
!isset($sxe->Signature->KeyInfo->KeyValue->RSAKeyValue->Exponent)) {
|
||||
throw new Zend_InfoCard_Xml_Security_Exception("RSA Key Value not in Modulus/Exponent form");
|
||||
require_once 'Zend/InfoCard/Xml/Security/Exception.php';
|
||||
throw new Zend_InfoCard_Xml_Security_Exception("RSA Key Value not in Modulus/Exponent form");
|
||||
}
|
||||
|
||||
$modulus = base64_decode((string)$sxe->Signature->KeyInfo->KeyValue->RSAKeyValue->Modulus);
|
||||
@ -206,6 +216,7 @@ class Zend_InfoCard_Xml_Security
|
||||
|
||||
break;
|
||||
default:
|
||||
require_once 'Zend/InfoCard/Xml/Security/Exception.php';
|
||||
throw new Zend_InfoCard_Xml_Security_Exception("Unable to determine or unsupported representation of the KeyValue block");
|
||||
}
|
||||
|
||||
@ -284,9 +295,11 @@ class Zend_InfoCard_Xml_Security
|
||||
case ($len < 0x010000):
|
||||
return sprintf("%c%c%c%c%s", $type, 0x82, $len / 0x0100, $len % 0x0100, $data);
|
||||
default:
|
||||
require_once 'Zend/InfoCard/Xml/Security/Exception.php';
|
||||
throw new Zend_InfoCard_Xml_Security_Exception("Could not encode value");
|
||||
}
|
||||
|
||||
require_once 'Zend/InfoCard/Xml/Security/Exception.php';
|
||||
throw new Zend_InfoCard_Xml_Security_Exception("Invalid code path");
|
||||
}
|
||||
}
|
||||
Reference in New Issue
Block a user