infocard.php

Bug tracker, and reporter.

<?php
/**
 * Zend Framework
 *
 * LICENSE
 *
 * This source file is subject to the new BSD license that is bundled
 * with this package in the file LICENSE.txt.
 * It is also available through the world-wide-web at this URL:
 * http://framework.zend.com/license/new-bsd
 * If you did not receive a copy of the license and are unable to
 * obtain it through the world-wide-web, please send an email
 * to license@zend.com so we can send you a copy immediately.
 *
 * @category   Zend
 * @package    Zend_InfoCard
 * @copyright  Copyright (c) 2005-2008 Zend Technologies USA Inc. (http://www.zend.com)
 * @license    http://framework.zend.com/license/new-bsd     New BSD License
 * @version    $Id: InfoCard.php 8601 2008-03-06 20:50:55Z darby $
 * @author     John Coggeshall <john@zend.com>
 */

/**
 * Zend_InfoCard_Xml_EncryptedData
 */
require_once 'Zend/InfoCard/Xml/EncryptedData.php';

/**
 * Zend_InfoCard_Xml_Assertion
 */
require_once 'Zend/InfoCard/Xml/Assertion.php';

/**
 * Zend_InfoCard_Exception
 */
require_once 'Zend/InfoCard/Exception.php';

/**
 * Zend_InfoCard_Cipher
 */
require_once 'Zend/InfoCard/Cipher.php';

/**
 * Zend_InfoCard_Xml_Security
 */
require_once 'Zend/InfoCard/Xml/Security.php';

/**
 * Zend_InfoCard_Adapter_Interface
 */
require_once 'Zend/InfoCard/Adapter/Interface.php';

/**
 * Zend_InfoCard_Claims
 */
require_once 'Zend/InfoCard/Claims.php';


/**
 * @category   Zend
 * @package    Zend_InfoCard
 * @copyright  Copyright (c) 2005-2008 Zend Technologies USA Inc. (http://www.zend.com)
 * @license    http://framework.zend.com/license/new-bsd     New BSD License
 * @author     John Coggeshall <john@zend.com>
 */
class Zend_InfoCard
{
    /**
     * URI for XML Digital Signature SHA1 Digests
     */
    const DIGEST_SHA1        = 'http://www.w3.org/2000/09/xmldsig#sha1';

    /**
     * An array of certificate pair files and optional passwords for them to search
     * when trying to determine which certificate was used to encrypt the transient key
     *
     * @var Array
     */
    protected $_keyPairs;

    /**
     * The instance to use to decrypt public-key encrypted data
     *
     * @var Zend_InfoCard_Cipher_Pki_Interface
     */
    protected $_pkiCipherObj;

    /**
     * The instance to use to decrypt symmetric encrypted data
     *
     * @var Zend_InfoCard_Cipher_Symmetric_Interface
     */
    protected $_symCipherObj;

    /**
     * The InfoCard Adapter to use for callbacks into the application using the component
     * such as when storing assertions, etc.
     *
     * @var Zend_InfoCard_Adapter_Interface
     */
    protected $_adapter;


    /**
     * InfoCard Constructor
     *
     * @throws Zend_InfoCard_Exception
     */
    public function __construct()
    {
        $this->_keyPairs = array();

        if(!extension_loaded('mcrypt')) {
            throw new Zend_InfoCard_Exception("Use of the Zend_InfoCard component requires the mcrypt extension to be enabled in PHP");
        }

        if(!extension_loaded('openssl')) {
            throw new Zend_InfoCard_Exception("Use of the Zend_InfoCard component requires the openssl extension to be enabled in PHP");
        }
    }

    /**
     * Sets the adapter uesd for callbacks into the application using the component, used
     * when doing things such as storing / retrieving assertions, etc.
     *
     * @param Zend_InfoCard_Adapter_Interface $a The Adapter instance
     * @return Zend_InfoCard The instnace
     */
    public function setAdapter(Zend_InfoCard_Adapter_Interface $a)
    {
        $this->_adapter = $a;
        return $this;
    }

    /**
     * Retrieves the adapter used for callbacks into the application using the component.
     * If no adapter was set then an instance of Zend_InfoCard_Adapter_Default is used
     *
     * @return Zend_InfoCard_Adapter_Interface The Adapter instance
     */
    public function getAdapter()
    {
        if(is_null($this->_adapter)) {
            Zend_Loader::loadClass('Zend_InfoCard_Adapter_Default');
            $this->setAdapter(new Zend_InfoCard_Adapter_Default());
        }

        return $this->_adapter;
    }

    /**
     * Gets the Public Key Cipher object used in this instance
     *
     * @return Zend_InfoCard_Cipher_Pki_Interface
     */
    public function getPkiCipherObject()
    {
        return $this->_pkiCipherObj;
    }

    /**
     * Sets the Public Key Cipher Object used in this instance
     *
     * @param Zend_InfoCard_Cipher_Pki_Interface $cipherObj
     * @return Zend_InfoCard
     */
    public function setPkiCipherObject(Zend_InfoCard_Cipher_Pki_Interface $cipherObj)
    {
        $this->_pkiCipherObj = $cipherObj;
        return $this;
    }

    /**
     * Get the Symmetric Cipher Object used in this instance
     *
     * @return Zend_InfoCard_Cipher_Symmetric_Interface
     */
    public function getSymCipherObject()
    {
        return $this->_symCipherObj;
    }

    /**
     * Sets the Symmetric Cipher Object used in this instance
     *
     * @param Zend_InfoCard_Cipher_Symmetric_Interface $cipherObj
     * @return Zend_InfoCard
     */
    public function setSymCipherObject($cipherObj)
    {
        $this->_symCipherObj = $cipherObj;
        return $this;
    }

    /**
     * Remove a Certificate Pair by Key ID from the search list
     *
     * @throws Zend_InfoCard_Exception
     * @param string $key_id The Certificate Key ID returned from adding the certificate pair
     * @return Zend_InfoCard
     */
    public function removeCertificatePair($key_id)
    {

        if(!key_exists($key_id, $this->_keyPairs)) {
            throw new Zend_InfoCard_Exception("Attempted to remove unknown key id: $key_id");
        }

        unset($this->_keyPairs[$key_id]);
        return $this;
    }

    /**
     * Add a Certificate Pair to the list of certificates searched by the component
     *
     * @throws Zend_InfoCard_Exception
     * @param string $private_key_file The path to the private key file for the pair
     * @param string $public_key_file The path to the certificate / public key for the pair
     * @param string $type (optional) The URI for the type of key pair this is (default RSA with OAEP padding)
     * @param string $password (optional) The password for the private key file if necessary
     * @return string A key ID representing this key pair in the component
     */
    public function addCertificatePair($private_key_file, $public_key_file, $type = Zend_InfoCard_Cipher::ENC_RSA_OAEP_MGF1P, $password = null)
    {
        if(!file_exists($private_key_file) ||
           !file_exists($public_key_file)) {
               throw new Zend_InfoCard_Exception("Could not locate the public and private certificate pair files: $private_key_file, $public_key_file");
        }

        if(!is_readable($private_key_file) ||
           !is_readable($public_key_file)) {
               throw new Zend_InfoCard_Exception("Could not read the public and private certificate pair files (check permissions): $private_key_file, $public_key_file");
          }

          $key_id = md5($private_key_file.$public_key_file);

          if(key_exists($key_id, $this->_keyPairs)) {
              throw new Zend_InfoCard_Exception("Attempted to add previously existing certificate pair: $private_key_file, $public_key_file");
          }

          switch($type) {
              case Zend_InfoCard_Cipher::ENC_RSA:
              case Zend_InfoCard_Cipher::ENC_RSA_OAEP_MGF1P:
                  $this->_keyPairs[$key_id] = array('private' => $private_key_file,
                                  'public'      => $public_key_file,
                                  'type_uri'    => $type);