7 * This source file is subject to the new BSD license that is bundled
8 * with this package in the file LICENSE.txt.
9 * It is also available through the world-wide-web at this URL:
10 * http://framework.zend.com/license/new-bsd
11 * If you did not receive a copy of the license and are unable to
12 * obtain it through the world-wide-web, please send an email
13 * to license@zend.com so we can send you a copy immediately.
18 * @copyright Copyright (c) 2005-2010 Zend Technologies USA Inc. (http://www.zend.com)
19 * @license http://framework.zend.com/license/new-bsd New BSD License
24 * @see Zend_Crypt_Rsa_Key_Private
26 require_once 'Zend/Crypt/Rsa/Key/Private.php';
29 * @see Zend_Crypt_Rsa_Key_Public
31 require_once 'Zend/Crypt/Rsa/Key/Public.php';
36 * @copyright Copyright (c) 2005-2010 Zend Technologies USA Inc. (http://www.zend.com)
37 * @license http://framework.zend.com/license/new-bsd New BSD License
42 const BINARY = 'binary';
43 const BASE64 = 'base64';
45 protected $_privateKey = null;
47 protected $_publicKey = null;
52 protected $_pemString = null;
54 protected $_pemPath = null;
56 protected $_certificateString = null;
58 protected $_certificatePath = null;
60 protected $_hashAlgorithm = OPENSSL_ALGO_SHA1;
62 protected $_passPhrase = null;
64 public function __construct(array $options = null)
66 if (isset($options)) {
67 $this->setOptions($options);
71 public function setOptions(array $options)
73 if (isset($options['passPhrase'])) {
74 $this->_passPhrase = $options['passPhrase'];
76 foreach ($options as $option=>$value) {
79 $this->setPemString($value);
82 $this->setPemPath($value);
84 case 'certificateString':
85 $this->setCertificateString($value);
87 case 'certificatePath':
88 $this->setCertificatePath($value);
91 $this->setHashAlgorithm($value);
97 public function getPrivateKey()
99 return $this->_privateKey;
102 public function getPublicKey()
104 return $this->_publicKey;
108 * @param string $data
109 * @param Zend_Crypt_Rsa_Key_Private $privateKey
110 * @param string $format
113 public function sign($data, Zend_Crypt_Rsa_Key_Private $privateKey = null, $format = null)
116 if (isset($privateKey)) {
117 $opensslKeyResource = $privateKey->getOpensslKeyResource();
119 $opensslKeyResource = $this->_privateKey->getOpensslKeyResource();
121 $result = openssl_sign(
124 $this->getHashAlgorithm()
126 if ($format == self::BASE64) {
127 return base64_encode($signature);
133 * @param string $data
134 * @param string $signature
135 * @param string $format
138 public function verifySignature($data, $signature, $format = null)
140 if ($format == self::BASE64) {
141 $signature = base64_decode($signature);
143 $result = openssl_verify($data, $signature,
144 $this->getPublicKey()->getOpensslKeyResource(),
145 $this->getHashAlgorithm());
150 * @param string $data
151 * @param Zend_Crypt_Rsa_Key $key
152 * @param string $format
155 public function encrypt($data, Zend_Crypt_Rsa_Key $key, $format = null)
158 $function = 'openssl_public_encrypt';
159 if ($key instanceof Zend_Crypt_Rsa_Key_Private) {
160 $function = 'openssl_private_encrypt';
162 $function($data, $encrypted, $key->getOpensslKeyResource());
163 if ($format == self::BASE64) {
164 return base64_encode($encrypted);
170 * @param string $data
171 * @param Zend_Crypt_Rsa_Key $key
172 * @param string $format
175 public function decrypt($data, Zend_Crypt_Rsa_Key $key, $format = null)
178 if ($format == self::BASE64) {
179 $data = base64_decode($data);
181 $function = 'openssl_private_decrypt';
182 if ($key instanceof Zend_Crypt_Rsa_Key_Public) {
183 $function = 'openssl_public_decrypt';
185 $function($data, $decrypted, $key->getOpensslKeyResource());
189 public function generateKeys(array $configargs = null)
193 if ($configargs !== null) {
194 if (isset($configargs['passPhrase'])) {
195 $passPhrase = $configargs['passPhrase'];
196 unset($configargs['passPhrase']);
198 $config = $this->_parseConfigArgs($configargs);
202 $resource = openssl_pkey_new($config);
203 // above fails on PHP 5.3
204 openssl_pkey_export($resource, $private, $passPhrase);
205 $privateKey = new Zend_Crypt_Rsa_Key_Private($private, $passPhrase);
206 $details = openssl_pkey_get_details($resource);
207 $publicKey = new Zend_Crypt_Rsa_Key_Public($details['key']);
208 $return = new ArrayObject(array(
209 'privateKey'=>$privateKey,
210 'publicKey'=>$publicKey
211 ), ArrayObject::ARRAY_AS_PROPS);
216 * @param string $value
218 public function setPemString($value)
220 $this->_pemString = $value;
222 $this->_privateKey = new Zend_Crypt_Rsa_Key_Private($this->_pemString, $this->_passPhrase);
223 $this->_publicKey = $this->_privateKey->getPublicKey();
224 } catch (Zend_Crypt_Exception $e) {
225 $this->_privateKey = null;
226 $this->_publicKey = new Zend_Crypt_Rsa_Key_Public($this->_pemString);
230 public function setPemPath($value)
232 $this->_pemPath = $value;
233 $this->setPemString(file_get_contents($this->_pemPath));
236 public function setCertificateString($value)
238 $this->_certificateString = $value;
239 $this->_publicKey = new Zend_Crypt_Rsa_Key_Public($this->_certificateString, $this->_passPhrase);
242 public function setCertificatePath($value)
244 $this->_certificatePath = $value;
245 $this->setCertificateString(file_get_contents($this->_certificatePath));
248 public function setHashAlgorithm($name)
250 switch (strtolower($name)) {
252 $this->_hashAlgorithm = OPENSSL_ALGO_MD2;
255 $this->_hashAlgorithm = OPENSSL_ALGO_MD4;
258 $this->_hashAlgorithm = OPENSSL_ALGO_MD5;
261 $this->_hashAlgorithm = OPENSSL_ALGO_SHA1;
264 $this->_hashAlgorithm = OPENSSL_ALGO_DSS1;
272 public function getPemString()
274 return $this->_pemString;
277 public function getPemPath()
279 return $this->_pemPath;
282 public function getCertificateString()
284 return $this->_certificateString;
287 public function getCertificatePath()
289 return $this->_certificatePath;
292 public function getHashAlgorithm()
294 return $this->_hashAlgorithm;
297 protected function _parseConfigArgs(array $config = null)
300 if (isset($config['privateKeyBits'])) {
301 $configs['private_key_bits'] = $config['privateKeyBits'];
303 if (!empty($configs)) {