PHP XMLSecurityDSig::addReference方法代码示例

function processDocument()
{
    global $src_file, $target_file, $user_pubkey_file_path, $user_cert_file_path;
    require dirname(__FILE__) . '/xmlseclibs.php';
    if (file_exists($target_file)) {
        unlink($target_file);
    }
    $doc = new DOMDocument();
    $doc->load($src_file);
    $objDSig = new XMLSecurityDSig();
    $objDSig->setCanonicalMethod(XMLSecurityDSig::EXC_C14N);
    $objDSig->addReference($doc, XMLSecurityDSig::SHA1, array('http://www.w3.org/2000/09/xmldsig#enveloped-signature'));
    /* gako pribatu bat behar dugu prozesua burutzeko. orain edozein erabiliko dugu. gero txartelekoarekin ordezkatzeko */
    $objKey = new XMLSecurityKey(XMLSecurityKey::RSA_SHA1, array('type' => 'private'));
    /* if key has Passphrase, set it using $objKey->passphrase = <passphrase> " */
    $objKey->loadKey(dirname(__FILE__) . '/privkey.pem', TRUE);
    $objDSig->sign($objKey);
    /* Add associated public key */
    // $objDSig->add509Cert(file_get_contents(dirname(__FILE__) . '/mycert.pem'));
    // $objDSig->add509Cert(file_get_contents($user_cert_file_path));
    if (!file_exists($user_cert_file_path)) {
        debug('File not found', $user_cert_file_path);
    } else {
        $objDSig->add509Cert($user_cert_file_path);
    }
    $objDSig->appendSignature($doc->documentElement);
    $doc->save($target_file);
}

function signXML($token, $privkey)
{
    $sigdoc = new DOMDocument();
    if (!$sigdoc->loadXML($token)) {
        throw new Exception("Invalid XML!");
    }
    $sigNode = $sigdoc->firstChild;
    $enc = new XMLSecurityDSig();
    $enc->idKeys[] = 'ID';
    $enc->setCanonicalMethod(XMLSecurityDSig::EXC_C14N);
    $enc->addReference($sigNode, XMLSecurityDSig::SHA1, array('http://www.w3.org/2000/09/xmldsig#enveloped-signature', XMLSecurityDSig::EXC_C14N));
    $key = new XMLSecurityKey(XMLSecurityKey::RSA_SHA1, array('type' => 'private', 'library' => 'openssl'));
    $key->loadKey($privkey, false, false);
    $enc->sign($key);
    $enc->appendSignature($sigNode);
    return $sigdoc->saveXML();
}

 /**
  * Sign the specified DOMDocument
  *
  * @see https://github.com/Maks3w/xmlseclibs/blob/v1.3.0/tests/xml-sign.phpt
  *
  * @param DOMDocument $document
  * @return DOMDocument
  */
 private function sign_document(DOMDocument $document)
 {
     $result = false;
     try {
         $dsig = new XMLSecurityDSig();
         // For canonicalization purposes the exclusive (9) algorithm must be used.
         // @see http://pronamic.nl/wp-content/uploads/2012/12/iDEAL-Merchant-Integration-Guide-ENG-v3.3.1.pdf #page 30
         $dsig->setCanonicalMethod(XMLSecurityDSig::EXC_C14N);
         // For hashing purposes the SHA-256 (11) algorithm must be used.
         // @see http://pronamic.nl/wp-content/uploads/2012/12/iDEAL-Merchant-Integration-Guide-ENG-v3.3.1.pdf #page 30
         $dsig->addReference($document, XMLSecurityDSig::SHA256, array('http://www.w3.org/2000/09/xmldsig#enveloped-signature'), array('force_uri' => true));
         // For signature purposes the RSAWithSHA 256 (12) algorithm must be used.
         // @see http://pronamic.nl/wp-content/uploads/2012/12/iDEAL-Merchant-Integration-Guide-ENG-v3.3.1.pdf #page 31
         $key = new XMLSecurityKey(XMLSecurityKey::RSA_SHA256, array('type' => 'private'));
         $key->passphrase = $this->private_key_password;
         $key->loadKey($this->private_key);
         // Test if we can get an private key object, to prefent the following errors:
         // Warning: openssl_sign() [function.openssl-sign]: supplied key param cannot be coerced into a private key
         $result = openssl_get_privatekey($this->private_key, $this->private_key_password);
         if (false !== $result) {
             // Sign
             $dsig->sign($key);
             // The public key must be referenced using a fingerprint of an X.509
             // certificate. The fingerprint must be calculated according
             // to the following formula HEX(SHA-1(DER certificate)) (13)
             // @see http://pronamic.nl/wp-content/uploads/2012/12/iDEAL-Merchant-Integration-Guide-ENG-v3.3.1.pdf #page 31
             $fingerprint = Pronamic_WP_Pay_Gateways_IDealAdvanced_Security::getShaFingerprint($this->private_certificate);
             $dsig->addKeyInfoAndName($fingerprint);
             // Add the signature
             $dsig->appendSignature($document->documentElement);
             $result = $document;
         } else {
             throw new Exception('Can not load private key');
         }
     } catch (Exception $e) {
         $this->error = new WP_Error('xml_security', $e->getMessage(), $e);
     }
     return $result;
 }

 /**
  * @dataProvider testXmlSignProvider
  * @throws \Exception
  */
 public function testXmlSign($dsigAlgorithm, $keyType, $expectedFileName)
 {
     $doc = new \DOMDocument();
     $doc->load(dirname(__FILE__) . '/../basic-doc.xml');
     $objDSig = new XMLSecurityDSig();
     $objDSig->setCanonicalMethod(XMLSecurityDSig::EXC_C14N);
     $objDSig->addReference($doc, $dsigAlgorithm, array('http://www.w3.org/2000/09/xmldsig#enveloped-signature'));
     $objKey = new XMLSecurityKey($keyType, array('type' => 'private'));
     /* load private key */
     $objKey->loadKey(dirname(__FILE__) . '/../privkey.pem', true);
     /* if key has Passphrase, set it using $objKey->passphrase = <passphrase> " */
     $objDSig->sign($objKey);
     /* Add associated public key */
     $objDSig->add509Cert(file_get_contents(dirname(__FILE__) . '/../mycert.pem'));
     $objDSig->appendSignature($doc->documentElement);
     $sign_output = $doc->saveXML();
     $sign_output_def = file_get_contents($expectedFileName);
     $this->assertEquals($sign_output_def, $sign_output, "Signature doesn't match");
 }

 file_put_contents($user_cert_file_path, $_SERVER['SSL_CLIENT_CERT']);
 $output = shell_exec($openssl . ' x509 -inform pem -in ' . $user_cert_file_path . ' -pubkey -noout > ' . $user_pubkey_file_path);
 if ($yafirmado) {
     $src = file_get_contents($target_file);
     $src = preg_replace('/<ds:SignatureValue>[^<]*<\\/ds:SignatureValue>/i', '<ds:SignatureValue>' . $sinatuta . '</ds:SignatureValue>', $src);
     file_put_contents($target_file, $src);
     $xml = file_get_contents($target_file);
 } else {
     if (file_exists($target_file)) {
         unlink($target_file);
     }
     $doc = new DOMDocument();
     $doc->load($dir);
     $objDSig = new XMLSecurityDSig();
     $objDSig->setCanonicalMethod(XMLSecurityDSig::EXC_C14N);
     $objDSig->addReference($doc, XMLSecurityDSig::SHA1, array('http://www.w3.org/2000/09/xmldsig#enveloped-signature'));
     /* gako pribatu bat behar dugu prozesua burutzeko. orain edozein erabiliko dugu. gero txartelekoarekin ordezkatzeko */
     $objKey = new XMLSecurityKey(XMLSecurityKey::RSA_SHA1, array('type' => 'private'));
     /* if key has Passphrase, set it using $objKey->passphrase = <passphrase> " */
     $objKey->loadKey(dirname(__FILE__) . '/privkey.pem', TRUE);
     $objDSig->sign($objKey);
     /* Add associated public key */
     // $objDSig->add509Cert(file_get_contents(dirname(__FILE__) . '/mycert.pem'));
     // $objDSig->add509Cert(file_get_contents($user_cert_file_path));
     if (!file_exists($user_cert_file_path)) {
         die('File not found : ' . $user_cert_file_path);
     } else {
         $objDSig->add509Cert($user_cert_file_path);
     }
     $objDSig->appendSignature($doc->documentElement);
     $doc->save($target_file);