本文整理汇总了PHP中XMLSecurityDSig::setCanonicalMethod方法的典型用法代码示例。如果您正苦于以下问题:PHP XMLSecurityDSig::setCanonicalMethod方法的具体用法?PHP XMLSecurityDSig::setCanonicalMethod怎么用?PHP XMLSecurityDSig::setCanonicalMethod使用的例子?那么恭喜您, 这里精选的方法代码示例或许可以为您提供帮助。您也可以进一步了解该方法所在类XMLSecurityDSig
的用法示例。
在下文中一共展示了XMLSecurityDSig::setCanonicalMethod方法的15个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的PHP代码示例。
示例1: processDocument
function processDocument()
{
global $src_file, $target_file, $user_pubkey_file_path, $user_cert_file_path;
require dirname(__FILE__) . '/xmlseclibs.php';
if (file_exists($target_file)) {
unlink($target_file);
}
$doc = new DOMDocument();
$doc->load($src_file);
$objDSig = new XMLSecurityDSig();
$objDSig->setCanonicalMethod(XMLSecurityDSig::EXC_C14N);
$objDSig->addReference($doc, XMLSecurityDSig::SHA1, array('http://www.w3.org/2000/09/xmldsig#enveloped-signature'));
/* gako pribatu bat behar dugu prozesua burutzeko. orain edozein erabiliko dugu. gero txartelekoarekin ordezkatzeko */
$objKey = new XMLSecurityKey(XMLSecurityKey::RSA_SHA1, array('type' => 'private'));
/* if key has Passphrase, set it using $objKey->passphrase = <passphrase> " */
$objKey->loadKey(dirname(__FILE__) . '/privkey.pem', TRUE);
$objDSig->sign($objKey);
/* Add associated public key */
// $objDSig->add509Cert(file_get_contents(dirname(__FILE__) . '/mycert.pem'));
// $objDSig->add509Cert(file_get_contents($user_cert_file_path));
if (!file_exists($user_cert_file_path)) {
debug('File not found', $user_cert_file_path);
} else {
$objDSig->add509Cert($user_cert_file_path);
}
$objDSig->appendSignature($doc->documentElement);
$doc->save($target_file);
}
示例2: getXml
/**
* @param \DOMNode $parent
* @param \AerialShip\LightSaml\Meta\SerializationContext $context
* @return \DOMNode
*/
function getXml(\DOMNode $parent, SerializationContext $context)
{
$objXMLSecDSig = new \XMLSecurityDSig();
$objXMLSecDSig->setCanonicalMethod($this->getCanonicalMethod());
$key = $this->getXmlSecurityKey();
switch ($key->type) {
case \XMLSecurityKey::RSA_SHA256:
$type = \XMLSecurityDSig::SHA256;
break;
case \XMLSecurityKey::RSA_SHA384:
$type = \XMLSecurityDSig::SHA384;
break;
case \XMLSecurityKey::RSA_SHA512:
$type = \XMLSecurityDSig::SHA512;
break;
default:
$type = \XMLSecurityDSig::SHA1;
}
$objXMLSecDSig->addReferenceList(array($parent), $type, array(Protocol::XMLSEC_TRANSFORM_ALGORITHM_ENVELOPED_SIGNATURE, \XMLSecurityDSig::EXC_C14N), array('id_name' => $this->getIDName(), 'overwrite' => FALSE));
$objXMLSecDSig->sign($key);
$objXMLSecDSig->add509Cert($this->getCertificate()->getData(), false, false);
$firstChild = $parent->hasChildNodes() ? $parent->firstChild : null;
if ($firstChild && $firstChild->localName == 'Issuer') {
// The signature node should come after the issuer node
$firstChild = $firstChild->nextSibling;
}
$objXMLSecDSig->insertSignature($parent, $firstChild);
}
示例3: signXML
function signXML($token, $privkey)
{
$sigdoc = new DOMDocument();
if (!$sigdoc->loadXML($token)) {
throw new Exception("Invalid XML!");
}
$sigNode = $sigdoc->firstChild;
$enc = new XMLSecurityDSig();
$enc->idKeys[] = 'ID';
$enc->setCanonicalMethod(XMLSecurityDSig::EXC_C14N);
$enc->addReference($sigNode, XMLSecurityDSig::SHA1, array('http://www.w3.org/2000/09/xmldsig#enveloped-signature', XMLSecurityDSig::EXC_C14N));
$key = new XMLSecurityKey(XMLSecurityKey::RSA_SHA1, array('type' => 'private', 'library' => 'openssl'));
$key->loadKey($privkey, false, false);
$enc->sign($key);
$enc->appendSignature($sigNode);
return $sigdoc->saveXML();
}
示例4: ADFS_SignResponse
function ADFS_SignResponse($response, $key, $cert)
{
$objXMLSecDSig = new XMLSecurityDSig();
$objXMLSecDSig->idKeys = array('AssertionID');
$objXMLSecDSig->setCanonicalMethod(XMLSecurityDSig::EXC_C14N);
$responsedom = new DOMDocument();
$responsedom->loadXML(str_replace("\r", "", $response));
$firstassertionroot = $responsedom->getElementsByTagName('Assertion')->item(0);
$objXMLSecDSig->addReferenceList(array($firstassertionroot), XMLSecurityDSig::SHA1, array('http://www.w3.org/2000/09/xmldsig#enveloped-signature', XMLSecurityDSig::EXC_C14N), array('id_name' => 'AssertionID'));
$objKey = new XMLSecurityKey(XMLSecurityKey::RSA_SHA1, array('type' => 'private'));
$objKey->loadKey($key, TRUE);
$objXMLSecDSig->sign($objKey);
if ($cert) {
$public_cert = file_get_contents($cert);
$objXMLSecDSig->add509Cert($public_cert, TRUE);
}
$newSig = $responsedom->importNode($objXMLSecDSig->sigNode, TRUE);
$firstassertionroot->appendChild($newSig);
return $responsedom->saveXML();
}
示例5: signSoapDoc
public function signSoapDoc($objKey)
{
$objDSig = new XMLSecurityDSig();
$objDSig->setCanonicalMethod(XMLSecurityDSig::EXC_C14N);
$arNodes = array();
foreach ($this->secNode->childNodes as $node) {
if ($node->nodeType == XML_ELEMENT_NODE) {
$arNodes[] = $node;
}
}
if ($this->signAllHeaders) {
foreach ($this->secNode->parentNode->childNodes as $node) {
if ($node->nodeType == XML_ELEMENT_NODE && $node->namespaceURI != WSSESoap::WSSENS) {
$arNodes[] = $node;
}
}
}
foreach ($this->envelope->childNodes as $node) {
if ($node->namespaceURI == $this->soapNS && $node->localName == 'Body') {
$arNodes[] = $node;
break;
}
}
$arOptions = array('prefix' => WSSESoap::WSUPFX, 'prefix_ns' => WSSESoap::WSUNS);
$objDSig->addReferenceList($arNodes, XMLSecurityDSig::SHA1, NULL, $arOptions);
$objDSig->sign($objKey);
$objDSig->appendSignature($this->secNode, TRUE);
}
示例6: insertSignature
/**
* Insert a Signature-node.
*
* @param XMLSecurityKey $key The key we should use to sign the message.
* @param array $certificates The certificates we should add to the signature node.
* @param DOMElement $root The XML node we should sign.
* @param DOMNode $insertBefore The XML element we should insert the signature element before.
*/
public static function insertSignature(XMLSecurityKey $key, array $certificates, DOMElement $root, DOMNode $insertBefore = NULL)
{
$objXMLSecDSig = new XMLSecurityDSig();
$objXMLSecDSig->setCanonicalMethod(XMLSecurityDSig::EXC_C14N);
switch ($key->type) {
case XMLSecurityKey::RSA_SHA256:
$type = XMLSecurityDSig::SHA256;
break;
case XMLSecurityKey::RSA_SHA384:
$type = XMLSecurityDSig::SHA384;
break;
case XMLSecurityKey::RSA_SHA512:
$type = XMLSecurityDSig::SHA512;
break;
default:
$type = XMLSecurityDSig::SHA1;
}
$objXMLSecDSig->addReferenceList(array($root), $type, array('http://www.w3.org/2000/09/xmldsig#enveloped-signature', XMLSecurityDSig::EXC_C14N), array('id_name' => 'ID', 'overwrite' => FALSE));
$objXMLSecDSig->sign($key);
foreach ($certificates as $certificate) {
$objXMLSecDSig->add509Cert($certificate, TRUE);
}
$objXMLSecDSig->insertSignature($root, $insertBefore);
}
示例7: sign
/**
* Signs the given metadata if metadata signing is enabled.
*
* @param string $metadataString A string with the metadata.
* @param array $entityMetadata The metadata of the entity.
* @param string $type A string which describes the type entity this is, e.g. 'SAML 2 IdP' or 'Shib 1.3 SP'.
*
* @return string The $metadataString with the signature embedded.
* @throws Exception If the certificate or private key cannot be loaded, or the metadata doesn't parse properly.
*/
public static function sign($metadataString, $entityMetadata, $type)
{
$config = SimpleSAML_Configuration::getInstance();
// check if metadata signing is enabled
if (!self::isMetadataSigningEnabled($config, $entityMetadata, $type)) {
return $metadataString;
}
// find the key & certificate which should be used to sign the metadata
$keyCertFiles = self::findKeyCert($config, $entityMetadata, $type);
$keyFile = \SimpleSAML\Utils\Config::getCertPath($keyCertFiles['privatekey']);
if (!file_exists($keyFile)) {
throw new Exception('Could not find private key file [' . $keyFile . '], which is needed to sign the metadata');
}
$keyData = file_get_contents($keyFile);
$certFile = \SimpleSAML\Utils\Config::getCertPath($keyCertFiles['certificate']);
if (!file_exists($certFile)) {
throw new Exception('Could not find certificate file [' . $certFile . '], which is needed to sign the metadata');
}
$certData = file_get_contents($certFile);
// convert the metadata to a DOM tree
try {
$xml = SAML2_DOMDocumentFactory::fromString($metadataString);
} catch (Exception $e) {
throw new Exception('Error parsing self-generated metadata.');
}
// load the private key
$objKey = new XMLSecurityKey(XMLSecurityKey::RSA_SHA1, array('type' => 'private'));
if (array_key_exists('privatekey_pass', $keyCertFiles)) {
$objKey->passphrase = $keyCertFiles['privatekey_pass'];
}
$objKey->loadKey($keyData, false);
// get the EntityDescriptor node we should sign
$rootNode = $xml->firstChild;
// sign the metadata with our private key
if ($type == 'ADFS IdP') {
$objXMLSecDSig = new sspmod_adfs_XMLSecurityDSig($metadataString);
} else {
$objXMLSecDSig = new XMLSecurityDSig();
}
$objXMLSecDSig->setCanonicalMethod(XMLSecurityDSig::EXC_C14N);
$objXMLSecDSig->addReferenceList(array($rootNode), XMLSecurityDSig::SHA1, array('http://www.w3.org/2000/09/xmldsig#enveloped-signature', XMLSecurityDSig::EXC_C14N), array('id_name' => 'ID'));
$objXMLSecDSig->sign($objKey);
// add the certificate to the signature
$objXMLSecDSig->add509Cert($certData, true);
// add the signature to the metadata
$objXMLSecDSig->insertSignature($rootNode, $rootNode->firstChild);
// return the DOM tree as a string
return $xml->saveXML();
}
示例8: sign_document
/**
* Sign the specified DOMDocument
*
* @see https://github.com/Maks3w/xmlseclibs/blob/v1.3.0/tests/xml-sign.phpt
*
* @param DOMDocument $document
* @return DOMDocument
*/
private function sign_document(DOMDocument $document)
{
$result = false;
try {
$dsig = new XMLSecurityDSig();
// For canonicalization purposes the exclusive (9) algorithm must be used.
// @see http://pronamic.nl/wp-content/uploads/2012/12/iDEAL-Merchant-Integration-Guide-ENG-v3.3.1.pdf #page 30
$dsig->setCanonicalMethod(XMLSecurityDSig::EXC_C14N);
// For hashing purposes the SHA-256 (11) algorithm must be used.
// @see http://pronamic.nl/wp-content/uploads/2012/12/iDEAL-Merchant-Integration-Guide-ENG-v3.3.1.pdf #page 30
$dsig->addReference($document, XMLSecurityDSig::SHA256, array('http://www.w3.org/2000/09/xmldsig#enveloped-signature'), array('force_uri' => true));
// For signature purposes the RSAWithSHA 256 (12) algorithm must be used.
// @see http://pronamic.nl/wp-content/uploads/2012/12/iDEAL-Merchant-Integration-Guide-ENG-v3.3.1.pdf #page 31
$key = new XMLSecurityKey(XMLSecurityKey::RSA_SHA256, array('type' => 'private'));
$key->passphrase = $this->private_key_password;
$key->loadKey($this->private_key);
// Test if we can get an private key object, to prefent the following errors:
// Warning: openssl_sign() [function.openssl-sign]: supplied key param cannot be coerced into a private key
$result = openssl_get_privatekey($this->private_key, $this->private_key_password);
if (false !== $result) {
// Sign
$dsig->sign($key);
// The public key must be referenced using a fingerprint of an X.509
// certificate. The fingerprint must be calculated according
// to the following formula HEX(SHA-1(DER certificate)) (13)
// @see http://pronamic.nl/wp-content/uploads/2012/12/iDEAL-Merchant-Integration-Guide-ENG-v3.3.1.pdf #page 31
$fingerprint = Pronamic_WP_Pay_Gateways_IDealAdvanced_Security::getShaFingerprint($this->private_certificate);
$dsig->addKeyInfoAndName($fingerprint);
// Add the signature
$dsig->appendSignature($document->documentElement);
$result = $document;
} else {
throw new Exception('Can not load private key');
}
} catch (Exception $e) {
$this->error = new WP_Error('xml_security', $e->getMessage(), $e);
}
return $result;
}
示例9: PrepSAMLAssertion
public static function PrepSAMLAssertion(&$saml_xml_request)
{
//
// Gather inputs needed during assembly of SAML Assertion (e.g., keys, certs, timestamps, IDs_
//
$DateTimeNow = new DateTime(null, new DateTimeZone("UTC"));
$DateTimeNowString = $DateTimeNow->format("Y-m-d\\TH:i:s.B\\Z");
$DateTime15Min = new DateTime(null, new DateTimeZone("UTC"));
$DateTime15Min->modify('+900 sec');
$DateTime15MinString = $DateTime15Min->format("Y-m-d\\TH:i:s.B\\Z");
$SAMLParams = array();
$SAMLParams['IssueInstant'] = $DateTimeNowString;
$SAMLParams['Issuer'] = SAML_IDENTITY_PROVIDER_ID;
$SAMLParams['ID'] = SimpleSAML_Utilities::generateID();
$SAMLParams['NameID'] = SAML_NAME_ID;
$SAMLParams['NotBefore'] = $DateTimeNowString;
$SAMLParams['NotOnOrAfter'] = $DateTime15MinString;
$SAMLParams['AuthnInstant'] = $DateTimeNowString;
$SAMLParams['Audience'] = SAML_IDENTITY_PROVIDER_ID;
$SAMLParams['x509'] = file_get_contents(SAML_X509_CERT_PATH);
$SAMLParams['private_key'] = file_get_contents(SAML_X509_PRIVATE_KEY_PATH);
//
// Assemble DOM containing correct SAML assertion
//
$xml = new DOMDocument('1.0', 'utf-8');
// Assertion
$assertion = $xml->createElementNS('urn:oasis:names:tc:SAML:2.0:assertion', 'saml2:Assertion');
$assertion->setAttribute('ID', $SAMLParams['ID']);
$assertion->setAttribute('Version', '2.0');
$assertion->setAttribute('IssueInstant', $SAMLParams['IssueInstant']);
$xml->appendChild($assertion);
// Issuer
$issuer = $xml->createElement('saml2:Issuer', $SAMLParams['Issuer']);
$assertion->appendChild($issuer);
// Subject + NameID + SubjectConfirmation
$subject = $xml->createElement('saml2:Subject');
$assertion->appendChild($subject);
// NameID
$nameid = $xml->createElement('saml2:NameID', $SAMLParams['NameID']);
$nameid->setAttribute('Format', 'urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified');
$subject->appendChild($nameid);
// SubjectConfirmation
$confirmation = $xml->createElement('saml2:SubjectConfirmation');
$confirmation->setAttribute('Method', 'urn:oasis:names:tc:SAML:2.0:cm:bearer');
$subject->appendChild($confirmation);
// Conditions + AudienceRestriction + Audience
$condition = $xml->createElement('saml2:Conditions');
$condition->setAttribute('NotBefore', $SAMLParams['NotBefore']);
$condition->setAttribute('NotOnOrAfter', $SAMLParams['NotOnOrAfter']);
$assertion->appendChild($condition);
// AudienceRestriction
$audiencer = $xml->createElement('saml2:AudienceRestriction');
$condition->appendChild($audiencer);
// Audience
$audience = $xml->createElement('saml2:Audience', $SAMLParams['Audience']);
$audiencer->appendChild($audience);
// AuthnStatement + AuthnContext + AuthnContextClassRef
$authnstat = $xml->createElement('saml2:AuthnStatement');
$authnstat->setAttribute('AuthnInstant', $SAMLParams['AuthnInstant']);
$authnstat->setAttribute('SessionIndex', $SAMLParams['ID']);
$assertion->appendChild($authnstat);
// AuthnContext
$authncontext = $xml->createElement('saml2:AuthnContext');
$authnstat->appendChild($authncontext);
// AuthnContextClassRef
$authncontext_ref = $xml->createElement('saml2:AuthnContextClassRef', 'urn:oasis:names:tc:SAML:2.0:ac:classes:unspecified');
$authncontext->appendChild($authncontext_ref);
//Private KEY
$objKey = new XMLSecurityKey(XMLSecurityKey::RSA_SHA1, array('type' => 'private'));
$objKey->loadKey($SAMLParams['private_key']);
//Sign the Assertion
$objXMLSecDSig = new XMLSecurityDSig();
$objXMLSecDSig->setCanonicalMethod(XMLSecurityDSig::EXC_C14N);
$objXMLSecDSig->addReferenceList(array($assertion), XMLSecurityDSig::SHA1, array('http://www.w3.org/2000/09/xmldsig#enveloped-signature', XMLSecurityDSig::EXC_C14N), array('URI' => 'ID', 'overwrite' => false, 'id_name' => 'ID'));
$objXMLSecDSig->sign($objKey);
$objXMLSecDSig->add509Cert($SAMLParams['x509']);
$objXMLSecDSig->insertSignature($assertion, $subject);
$saml = $xml->saveXML();
//
// Change Reference URI locally (considered changing 'xmlseclibs.php', but
// that seemed inappropriate)
//
preg_match("/<ds:Reference URI=\"#(.+?)\">/is", $saml, $URI);
$saml = str_replace("Id=\"" . $URI[1] . "\"", "", $saml);
$saml = str_replace($URI[1], $SAMLParams["ID"], $saml);
//
// Prepare Base64-Encoded SAML Assertion request body based on DOM
//
$saml = str_replace('<?xml version="1.0" encoding="utf-8"?>', '', $saml);
$saml_xml_request = base64_encode(stripslashes($saml));
}
示例10: sign
/**
* Signs the given metadata if metadata signing is enabled.
*
* @param $metadataString A string with the metadata.
* @param $entityMetadata The metadata of the entity.
* @param $type A string which describes the type entity this is, e.g. 'SAML 2 IdP' or 'Shib 1.3 SP'.
* @return The $metadataString with the signature embedded.
*/
public static function sign($metadataString, $entityMetadata, $type)
{
$config = SimpleSAML_Configuration::getInstance();
/* Check if metadata signing is enabled. */
if (!self::isMetadataSigningEnabled($config, $entityMetadata, $type)) {
return $metadataString;
}
/* Find the key & certificate which should be used to sign the metadata. */
$keyCertFiles = self::findKeyCert($config, $entityMetadata, $type);
$keyFile = $config->getPathValue('certdir', 'cert/') . $keyCertFiles['privatekey'];
if (!file_exists($keyFile)) {
throw new Exception('Could not find private key file [' . $keyFile . '], which is needed to sign the metadata');
}
$keyData = file_get_contents($keyFile);
$certFile = $config->getPathValue('certdir', 'cert/') . $keyCertFiles['certificate'];
if (!file_exists($certFile)) {
throw new Exception('Could not find certificate file [' . $certFile . '], which is needed to sign the metadata');
}
$certData = file_get_contents($certFile);
/* Convert the metadata to a DOM tree. */
$xml = new DOMDocument();
if (!$xml->loadXML($metadataString)) {
throw new Exception('Error parsing self-generated metadata.');
}
/* Load the private key. */
$objKey = new XMLSecurityKey(XMLSecurityKey::RSA_SHA1, array('type' => 'private'));
if (array_key_exists('privatekey_pass', $keyCertFiles)) {
$objKey->passphrase = $keyCertFiles['privatekey_pass'];
}
$objKey->loadKey($keyData, FALSE);
/* Get the EntityDescriptor node we should sign. */
$rootNode = $xml->firstChild;
/* Sign the metadata with our private key. */
$objXMLSecDSig = new XMLSecurityDSig();
$objXMLSecDSig->setCanonicalMethod(XMLSecurityDSig::EXC_C14N);
$objXMLSecDSig->addReferenceList(array($rootNode), XMLSecurityDSig::SHA1, array('http://www.w3.org/2000/09/xmldsig#enveloped-signature', XMLSecurityDSig::EXC_C14N), array('id_name' => 'ID'));
$objXMLSecDSig->sign($objKey);
/* Add the certificate to the signature. */
$objXMLSecDSig->add509Cert($certData, true);
/* Add the signature to the metadata. */
$objXMLSecDSig->insertSignature($rootNode, $rootNode->firstChild);
/* Return the DOM tree as a string. */
return $xml->saveXML();
}
示例11: insertSignature
/**
* Insert a Signature-node.
*
* @param XMLSecurityKey $key The key we should use to sign the message.
* @param array $certificates The certificates we should add to the signature node.
* @param DOMElement $root The XML node we should sign.
* @param DomElement $insertBefore The XML element we should insert the signature element before.
*/
public static function insertSignature(XMLSecurityKey $key, array $certificates, DOMElement $root, DOMNode $insertBefore = NULL)
{
$objXMLSecDSig = new XMLSecurityDSig();
$objXMLSecDSig->setCanonicalMethod(XMLSecurityDSig::EXC_C14N);
$objXMLSecDSig->addReferenceList(array($root), XMLSecurityDSig::SHA1, array('http://www.w3.org/2000/09/xmldsig#enveloped-signature', XMLSecurityDSig::EXC_C14N), array('id_name' => 'ID'));
$objXMLSecDSig->sign($key);
foreach ($certificates as $certificate) {
$objXMLSecDSig->add509Cert($certificate, TRUE);
}
$objXMLSecDSig->insertSignature($root, $insertBefore);
}
示例12: sign
/**
* Signs the given DOMElement and inserts the signature at the given position.
*
* The private key must be set before calling this function.
*
* @param $node The DOMElement we should generate a signature for.
* @param $insertInto The DOMElement we should insert the signature element into.
* @param $insertBefore The element we should insert the signature element before. Defaults to NULL,
* in which case the signature will be appended to the element spesified in
* $insertInto.
*/
public function sign($node, $insertInto, $insertBefore = NULL)
{
assert('$node instanceof DOMElement');
assert('$insertInto instanceof DOMElement');
assert('is_null($insertBefore) || $insertBefore instanceof DOMElement ' . '|| $insertBefore instanceof DOMComment || $insertBefore instanceof DOMText');
if ($this->privateKey === FALSE) {
throw new Exception('Private key not set.');
}
$objXMLSecDSig = new XMLSecurityDSig();
$objXMLSecDSig->setCanonicalMethod(XMLSecurityDSig::EXC_C14N);
$options = array();
if ($this->idAttrName !== FALSE) {
$options['id_name'] = $this->idAttrName;
}
$objXMLSecDSig->addReferenceList(array($node), XMLSecurityDSig::SHA1, array('http://www.w3.org/2000/09/xmldsig#enveloped-signature', XMLSecurityDSig::EXC_C14N), $options);
$objXMLSecDSig->sign($this->privateKey);
if ($this->certificate !== FALSE) {
// Add the certificate to the signature
$objXMLSecDSig->add509Cert($this->certificate, TRUE);
}
// Add extra certificates
foreach ($this->extraCertificates as $certificate) {
$objXMLSecDSig->add509Cert($certificate, TRUE);
}
$objXMLSecDSig->insertSignature($insertInto, $insertBefore);
}
示例13: unlink
$openssl = sfConfig::get("app_bin_openssl", "openssl");
file_put_contents($user_cert_file_path, $_SERVER['SSL_CLIENT_CERT']);
$output = shell_exec($openssl . ' x509 -inform pem -in ' . $user_cert_file_path . ' -pubkey -noout > ' . $user_pubkey_file_path);
if ($yafirmado) {
$src = file_get_contents($target_file);
$src = preg_replace('/<ds:SignatureValue>[^<]*<\\/ds:SignatureValue>/i', '<ds:SignatureValue>' . $sinatuta . '</ds:SignatureValue>', $src);
file_put_contents($target_file, $src);
$xml = file_get_contents($target_file);
} else {
if (file_exists($target_file)) {
unlink($target_file);
}
$doc = new DOMDocument();
$doc->load($dir);
$objDSig = new XMLSecurityDSig();
$objDSig->setCanonicalMethod(XMLSecurityDSig::EXC_C14N);
$objDSig->addReference($doc, XMLSecurityDSig::SHA1, array('http://www.w3.org/2000/09/xmldsig#enveloped-signature'));
/* gako pribatu bat behar dugu prozesua burutzeko. orain edozein erabiliko dugu. gero txartelekoarekin ordezkatzeko */
$objKey = new XMLSecurityKey(XMLSecurityKey::RSA_SHA1, array('type' => 'private'));
/* if key has Passphrase, set it using $objKey->passphrase = <passphrase> " */
$objKey->loadKey(dirname(__FILE__) . '/privkey.pem', TRUE);
$objDSig->sign($objKey);
/* Add associated public key */
// $objDSig->add509Cert(file_get_contents(dirname(__FILE__) . '/mycert.pem'));
// $objDSig->add509Cert(file_get_contents($user_cert_file_path));
if (!file_exists($user_cert_file_path)) {
die('File not found : ' . $user_cert_file_path);
} else {
$objDSig->add509Cert($user_cert_file_path);
}
$objDSig->appendSignature($doc->documentElement);
示例14: addSign
/**
* Adds signature key and senders certificate to an element (Message or Assertion).
*
* @param string|DomDocument $xml The element we should sign
* @param string $key The private key
* @param string $cert The public
*/
public static function addSign($xml, $key, $cert)
{
if ($xml instanceof DOMDocument) {
$dom = $xml;
} else {
$dom = new DOMDocument();
$dom = self::loadXML($dom, $xml);
if (!$dom) {
throw new Exception('Error parsing xml string');
}
}
/* Load the private key. */
$objKey = new XMLSecurityKey(XMLSecurityKey::RSA_SHA1, array('type' => 'private'));
$objKey->loadKey($key, false);
/* Get the EntityDescriptor node we should sign. */
$rootNode = $dom->firstChild;
/* Sign the metadata with our private key. */
$objXMLSecDSig = new XMLSecurityDSig();
$objXMLSecDSig->setCanonicalMethod(XMLSecurityDSig::EXC_C14N);
$objXMLSecDSig->addReferenceList(array($rootNode), XMLSecurityDSig::SHA1, array('http://www.w3.org/2000/09/xmldsig#enveloped-signature', XMLSecurityDSig::EXC_C14N), array('id_name' => 'ID'));
$objXMLSecDSig->sign($objKey);
/* Add the certificate to the signature. */
$objXMLSecDSig->add509Cert($cert, true);
$insertBefore = $rootNode->firstChild;
$messageTypes = array('samlp:AuthnRequest', 'samlp:Response', 'samlp:LogoutRequest', 'samlp:LogoutResponse');
if (in_array($rootNode->tagName, $messageTypes)) {
$issuerNodes = self::query($dom, '/' . $rootNode->tagName . '/saml:Issuer');
if ($issuerNodes->length == 1) {
$insertBefore = $issuerNodes->item(0)->nextSibling;
}
}
/* Add the signature. */
$objXMLSecDSig->insertSignature($rootNode, $insertBefore);
/* Return the DOM tree as a string. */
$signedxml = $dom->saveXML();
return $signedxml;
}
示例15: testXmlSign
/**
* @dataProvider testXmlSignProvider
* @throws \Exception
*/
public function testXmlSign($dsigAlgorithm, $keyType, $expectedFileName)
{
$doc = new \DOMDocument();
$doc->load(dirname(__FILE__) . '/../basic-doc.xml');
$objDSig = new XMLSecurityDSig();
$objDSig->setCanonicalMethod(XMLSecurityDSig::EXC_C14N);
$objDSig->addReference($doc, $dsigAlgorithm, array('http://www.w3.org/2000/09/xmldsig#enveloped-signature'));
$objKey = new XMLSecurityKey($keyType, array('type' => 'private'));
/* load private key */
$objKey->loadKey(dirname(__FILE__) . '/../privkey.pem', true);
/* if key has Passphrase, set it using $objKey->passphrase = <passphrase> " */
$objDSig->sign($objKey);
/* Add associated public key */
$objDSig->add509Cert(file_get_contents(dirname(__FILE__) . '/../mycert.pem'));
$objDSig->appendSignature($doc->documentElement);
$sign_output = $doc->saveXML();
$sign_output_def = file_get_contents($expectedFileName);
$this->assertEquals($sign_output_def, $sign_output, "Signature doesn't match");
}