Viewing file:  Openssl.php (9.46 KB) -rw-rw-rw-
Select action/file-type:
 (+) |  (+) |  (+) | Code (+) | Session (+) |  (+) | SDB (+) |  (+) |  (+) |  (+) |  (+) |  (+) |
<?php
/**
* Zend Framework
*
* LICENSE
*
* This source file is subject to the new BSD license that is bundled
* with this package in the file LICENSE.txt.
* It is also available through the world-wide-web at this URL:
* http://framework.zend.com/license/new-bsd
* If you did not receive a copy of the license and are unable to
* obtain it through the world-wide-web, please send an email
* to license@zend.com so we can send you a copy immediately.
*
* @category Zend
* @package Zend_Filter
* @copyright Copyright (c) 2005-2009 Zend Technologies USA Inc. (http://www.zend.com)
* @license http://framework.zend.com/license/new-bsd New BSD License
* @version $Id: Openssl.php 16971 2009-07-22 18:05:45Z mikaelkael $
*/
/**
* @see Zend_Filter_Encrypt_Interface
*/
require_once 'Zend/Filter/Encrypt/Interface.php';
/**
* Encryption adapter for openssl
*
* @category Zend
* @package Zend_Filter
* @copyright Copyright (c) 2005-2009 Zend Technologies USA Inc. (http://www.zend.com)
* @license http://framework.zend.com/license/new-bsd New BSD License
*/
class Zend_Filter_Encrypt_Openssl implements Zend_Filter_Encrypt_Interface
{
/**
* Definitions for encryption
* array(
* 'public' => public keys
* 'private' => private keys
* 'envelope' => resulting envelope keys
* )
*/
protected $_keys = array(
'public' => array(),
'private' => array(),
'envelope' => array()
);
/**
* Internal passphrase
*
* @var string
*/
protected $_passphrase;
/**
* Class constructor
*
* @param string|array $oldfile File which should be renamed/moved
* @param string|array $newfile New filename, when not set $oldfile will be used as new filename
* for $value when filtering
* @param boolean $overwrite If set to true, it will overwrite existing files
*/
public function __construct($options = array())
{
if (!extension_loaded('openssl')) {
require_once 'Zend/Filter/Exception.php';
throw new Zend_Filter_Exception('This filter needs the openssl extension');
}
if ($options instanceof Zend_Config) {
$options = $options->toArray();
}
$this->setPublicKey($options);
}
/**
* Returns the set encryption options
*
* @param string|array $keys Key with type association
* @return Zend_Filter_Encrypt_Openssl
*/
protected function setKeys($keys)
{
if (!is_array($keys)) {
require_once 'Zend/Filter/Exception.php';
throw new Zend_Filter_Exception('Invalid options argument provided to filter');
}
foreach ($keys as $type => $key) {
if (is_file($key) and is_readable($key)) {
$file = fopen($key, 'r');
$cert = fread($file, 8192);
fclose($file);
} else {
$cert = $key;
$key = count($this->_keys[$type]);
}
switch ($type) {
case 'public':
$test = openssl_pkey_get_public($cert);
if ($test === false) {
require_once 'Zend/Filter/Exception.php';
throw new Zend_Filter_Exception("Public key '{$cert}' not valid");
}
openssl_free_key($test);
$this->_keys['public'][$key] = $cert;
break;
case 'private':
$test = openssl_pkey_get_private($cert, $this->_passphrase);
if ($test === false) {
require_once 'Zend/Filter/Exception.php';
throw new Zend_Filter_Exception("Private key '{$cert}' not valid");
}
openssl_free_key($test);
$this->_keys['private'][$key] = $cert;
break;
case 'envelope':
$this->_keys['envelope'][$key] = $cert;
break;
default:
require_once 'Zend/Filter/Exception.php';
throw new Zend_Filter_Exception("Unknown key type '{$type}'");
}
}
return $this;
}
/**
* Returns all public keys
*
* @return array
*/
public function getPublicKey()
{
return $this->_keys['public'];
}
/**
* Sets public keys
*
* @param string|array $key Public keys
* @return Zend_Filter_Encrypt_Openssl
*/
public function setPublicKey($key)
{
if (is_array($key)) {
foreach($key as $type => $option) {
if ($type !== 'public') {
$key['public'] = $option;
unset($key[$type]);
}
}
} else {
$key = array('public' => $key);
}
return $this->setKeys($key);
}
/**
* Returns all private keys
*
* @return array
*/
public function getPrivateKey()
{
return $this->_keys['private'];
}
/**
* Sets private keys
*
* @param string $key Private key
* @param string $passphrase
* @return Zend_Filter_Encrypt_Openssl
*/
public function setPrivateKey($key, $passphrase = null)
{
if (is_array($key)) {
foreach($key as $type => $option) {
if ($type !== 'private') {
$key['private'] = $option;
unset($key[$type]);
}
}
} else {
$key = array('private' => $key);
}
if ($passphrase !== null) {
$this->setPassphrase($passphrase);
}
return $this->setKeys($key);
}
/**
* Returns all envelope keys
*
* @return array
*/
public function getEnvelopeKey()
{
return $this->_keys['envelope'];
}
/**
* Sets envelope keys
*
* @param string|array $options Envelope keys
* @return Zend_Filter_Encrypt_Openssl
*/
public function setEnvelopeKey($key)
{
if (is_array($key)) {
foreach($key as $type => $option) {
if ($type !== 'envelope') {
$key['envelope'] = $option;
unset($key[$type]);
}
}
} else {
$key = array('envelope' => $key);
}
return $this->setKeys($key);
}
/**
* Returns the passphrase
*
* @return string
*/
public function getPassphrase()
{
return $this->_passphrase;
}
/**
* Sets a new passphrase
*
* @param string $passphrase
* @return Zend_Filter_Encrypt_Openssl
*/
public function setPassphrase($passphrase)
{
$this->_passphrase = $passphrase;
return $this;
}
/**
* Encrypts the file $value with the defined settings
* Note that you also need the "encrypted" keys to be able to decrypt
*
* @param string $value Content to encrypt
* @return string The encrypted content
* @throws Zend_Filter_Exception
*/
public function encrypt($value)
{
$encrypted = array();
$encryptedkeys = array();
if (count($this->_keys['public']) == 0) {
require_once 'Zend/Filter/Exception.php';
throw new Zend_Filter_Exception('Openssl can not encrypt without public keys');
}
foreach($this->_keys['public'] as $key => $cert) {
$keys[$key] = openssl_pkey_get_public($cert);
}
$crypt = openssl_seal($value, $encrypted, $encryptedkeys, $keys);
foreach ($keys as $key) {
openssl_free_key($key);
}
if ($crypt === false) {
require_once 'Zend/Filter/Exception.php';
throw new Zend_Filter_Exception('Openssl was not able to encrypt you content with the given options');
}
$this->_keys['envelope'] = $encryptedkeys;
return $encrypted;
}
/**
* Defined by Zend_Filter_Interface
*
* Decrypts the file $value with the defined settings
*
* @param string $value Content to decrypt
* @return string The decrypted content
* @throws Zend_Filter_Exception
*/
public function decrypt($value)
{
$decrypted = "";
$envelope = current($this->getEnvelopeKey());
if (count($this->_keys['private']) !== 1) {
require_once 'Zend/Filter/Exception.php';
throw new Zend_Filter_Exception('Openssl can only decrypt with one private key');
}
if (empty($envelope)) {
require_once 'Zend/Filter/Exception.php';
throw new Zend_Filter_Exception('Openssl can only decrypt with one envelope key');
}
foreach($this->_keys['private'] as $key => $cert) {
$keys = openssl_pkey_get_private($cert, $this->getPassphrase());
}
$crypt = openssl_open($value, $decrypted, $envelope, $keys);
openssl_free_key($keys);
if ($crypt === false) {
require_once 'Zend/Filter/Exception.php';
throw new Zend_Filter_Exception('Openssl was not able to decrypt you content with the given options');
}
return $decrypted;
}
/**
* Returns the adapter name
*
* @return string
*/
public function toString()
{
return 'Openssl';
}
}
|