/** * Generate a signature of the given data using a private key and an algorithm. * * @param string $data * @param PrivateKey $privateKey * @param int $algorithm * * @return string */ public function signData($data, PrivateKey $privateKey, $algorithm = OPENSSL_ALGO_SHA256) { if (!openssl_sign($data, $signature, $privateKey->getResource(), $algorithm)) { throw new DataSigningException(sprintf('OpenSSL data signing failed with error: %s', openssl_error_string())); } return $signature; }
public function filterHttpRequest($method, $url, $headers = array(), $body = null, $contentType = null) { if ($this->getAuthSubToken() != null) { // AuthSub authentication if ($this->getAuthSubPrivateKeyId() != null) { // secure AuthSub $time = time(); $nonce = mt_rand(0, 999999999); $dataToSign = $method . ' ' . $url . ' ' . $time . ' ' . $nonce; // compute signature $pKeyId = $this->getAuthSubPrivateKeyId(); $signSuccess = openssl_sign($dataToSign, $signature, $pKeyId, OPENSSL_ALGO_SHA1); if (!$signSuccess) { require_once 'Zend/Gdata/App/Exception.php'; throw new Zend_Gdata_App_Exception('openssl_signing failure - returned false'); } // encode signature $encodedSignature = base64_encode($signature); // final header $headers['authorization'] = 'AuthSub token="' . $this->getAuthSubToken() . '" ' . 'data="' . $dataToSign . '" ' . 'sig="' . $encodedSignature . '" ' . 'sigalg="rsa-sha1"'; } else { // AuthSub without secure tokens $headers['authorization'] = 'AuthSub token="' . $this->getAuthSubToken() . '"'; } } elseif ($this->getClientLoginToken() != null) { $headers['authorization'] = 'GoogleLogin auth=' . $this->getClientLoginToken(); } return array('method' => $method, 'url' => $url, 'body' => $body, 'headers' => $headers, 'contentType' => $contentType); }
/** * 签名数据 * * @param string $data * 要签名的数据 * @param string $private * 私钥文件 * @return string 签名的16进制数据 */ private function sign($data) { $p = openssl_pkey_get_private($this->chinaums_config['privateKey']); openssl_sign($data, $signature, $p); openssl_free_key($p); return bin2hex($signature); }
private static function generateRSA($input, $secret, $algo) { if (!openssl_sign($input, $signature, $secret, $algo)) { throw new Exception("Unable to sign data."); } return $signature; }
/** * @param array $params * @return string */ public function sign(array $params) { $digestText = implode('|', $params); openssl_sign($digestText, $digest, $this->getPrivateKeyResource()); $digest = base64_encode($digest); return $digest; }
/** * Signs the data using this private key * * @param string data * @return string * @throws security.crypto.CryptoException if the operation fails */ public function sign($data) { if (false === openssl_sign($data, $signature, $this->_hdl)) { throw new CryptoException('Could not sign data', OpenSslUtil::getErrors()); } return $signature; }
/** * 对数据进行RSA签名 * * @param string $data * 需要进行签名的数据. * @param string $privateKey * 签名用户的私钥 * * @return string */ public static function createRSASign($data, $privateKey) { $private_key_id = openssl_pkey_get_private($privateKey); openssl_sign($data, $signature, $private_key_id, OPENSSL_ALGO_SHA1); openssl_free_key($private_key_id); return base64_encode($signature); }
/** * array(3) { ["cert"]=> string(1334) "-----BEGIN CERTIFICATE----- MIIDrTCCAxagAwIBAgIQWQKhEMePlPB2aPEW+YUIIDANBgkqhkiG9w0BAQUFADAk MQswCQYDVQQGEwJDTjEVMBMGA1UEChMMQ0ZDQSBURVNUIENBMB4XDTExMDgyNDA3 NDc1MFoXDTEzMDgyNDA3NDc1MFowczELMAkGA1UEBhMCQ04xFTATBgNVBAoTDENG Q0EgVEVTVCBDQTERMA8GA1UECxMITG9jYWwgUkExFDASBgNVBAsTC0VudGVycHJp c2VzMSQwIgYDVQQDFBswNDFAWjIwMTEwODI0QFRFU1RAMDAwMDAwMjMwgZ8wDQYJ KoZIhvcNAQEBBQADgY0AMIGJAoGBAK8kL0wwZEqbFEEjQoyMO3PYqighzpc6WMc9 aFN8BqaFXcDm/nI+JmviFowOm6VTTxjQnGx6DAPB9uxxCuEbue+KUiohr4eIjXGR 8XGO01Ssw3mGm87wdRR/CrNvkR2WVBy/8LTHEGR4IQIhvzokmvLu3LiY0GQ3aJ1s bGV0yL3RAgMBAAGjggGPMIIBizAfBgNVHSMEGDAWgBRGctwlcp8CTlWDtYD5C9vp k7P0RTAdBgNVHQ4EFgQUiFLVc/e56LvykZgnvwbiVHMKt0swCwYDVR0PBAQDAgTw MAwGA1UdEwQFMAMBAQAwOwYDVR0lBDQwMgYIKwYBBQUHAwEGCCsGAQUFBwMCBggr BgEFBQcDAwYIKwYBBQUHAwQGCCsGAQUFBwMIMIHwBgNVHR8EgegwgeUwT6BNoEuk STBHMQswCQYDVQQGEwJDTjEVMBMGA1UEChMMQ0ZDQSBURVNUIENBMQwwCgYDVQQL EwNDUkwxEzARBgNVBAMTCmNybDEyN18xNTcwgZGggY6ggYuGgYhsZGFwOi8vdGVz dGxkYXAuY2ZjYS5jb20uY246Mzg5L0NOPWNybDEyN18xNTcsT1U9Q1JMLE89Q0ZD QSBURVNUIENBLEM9Q04/Y2VydGlmaWNhdGVSZXZvY2F0aW9uTGlzdD9iYXNlP29i amVjdGNsYXNzPWNSTERpc3RyaWJ1dGlvblBvaW50MA0GCSqGSIb3DQEBBQUAA4GB AFakQbOuB4QHfvewOyDy1mW4iQSRgP2v47QFyExvRk/iOZkUT3tWsYaSLuyRyQV2 eg9lmuMZmB8ITL/0ed7DUsXN7mdoKHmgsBga1Sp8UhR3dznqOSfaAYJqDaIV6gei TH0Fbj4FTRxcIsf20WzFUN65kkop3hl1ZssxxvA9Asns -----END CERTIFICATE----- " ["pkey"]=> string(887) "-----BEGIN RSA PRIVATE KEY----- MIICXQIBAAKBgQCvJC9MMGRKmxRBI0KMjDtz2KooIc6XOljHPWhTfAamhV3A5v5y PiZr4haMDpulU08Y0JxsegwDwfbscQrhG7nvilIqIa+HiI1xkfFxjtNUrMN5hpvO 8HUUfwqzb5EdllQcv/C0xxBkeCECIb86JJry7ty4mNBkN2idbGxldMi90QIDAQAB AoGATvTIIdfbDss06Vyk/smlb8dohmkfQov6Q/AKHUDXmrCbIIDCiuw70/z73y4i uviAuxYovrqSugryb4tStUMTogmft4methz1/O/083XHwBNKBPnS2fobYDfBxqkX tH26woCjrEr/O/wngo6iFp7b5yJlyXapN0x+iOF3CShIhAECQQD2gZ6LLYdxSP8i aRYAPOh10mF5IHt2dl89eOjNiqVGMlkV5aXNT80jAQr/kWGZfIjscb/xkawSKQKs ovcn99GRAkEAteL02mBrCLfn2idBwXTdil+yeigReAZmRpqQuAfTRZN4RM+5Dw3q X0IiCkR3oyiwx89n1eGmz1JTZRxoY1AIQQJAWVbQ5xAxLlWOYiJD3wI0Hb+JpCSp ml18VwMjHJtLGw3US6NXW/m4Fx+hpM5D2STRWyA+uIZbHpnOZlMJ0Gp4gQJBAK38 66JV5y1Q1r2tHc6UHzQ1tMH7wDIjVQSm6FbSTXxZxAt29Rx8gD0dQvi1ZAg0bV7F fRtwnqPlqZaoJQcTUMECQQD1Dh+Mu3OMb5AHnrtbk9l1qjM3U81QBKdyF0RY+djo b3cR9I7+hurpqhJmQ7yuvAWe2xWc+YNTQ48FDJTogXlB -----END RSA PRIVATE KEY----- " ["extracerts"]=> array(0) { } } */ function cfcasign_pkcs12($plainText) { $p12cert = array(); //①读取公匙文件内容:二进制数据 $file = 'ceshi/test.pfx'; //二进制文件 $fd = fopen($file, 'r'); //只读模式打开文件 $p12buf = fread($fd, filesize($file)); //读取文件 fclose($fd); /** * bool openssl_pkcs12_read ( string $pkcs12 , array &$certs , string $pass ) * 把以公匙加密标准证书存放区($pkcs12)转为数组存储($certs) * $pass:解开公匙加密标准证书存放区加密的密码 */ //②转为数组 openssl_pkcs12_read($p12buf, $p12cert, 'cfca1234'); $pkeyid = $p12cert["pkey"]; $binary_signature = ""; /** * bool openssl_sign ( string $data , string &$signature , mixed $priv_key_id [, int $signature_alg = OPENSSL_ALGO_SHA1 ] ) * 生成签名 * $data:特殊数据 * $signature:如果成功,生成的签名(二进制数) * $priv_key_id:用于加密sha散列法生成的数据 * 注意:$data没被加密过 */ openssl_sign($plainText, $binary_signature, $pkeyid, OPENSSL_ALGO_SHA1); return bin2hex($binary_signature); //将二进制数据转换成十六进制表示 }
/** * {@inheritdoc} */ public function createHash($payload, $key) { $this->validateKey($key); $signature = ''; openssl_sign($payload, $signature, $key, $this->getAlgorithm()); return $signature; }
/** * 签名 * * @param String $params_str */ function sign(&$params, $cert_path, $cert_pwd) { //global $log; $log = new PhpLog(SDK_LOG_FILE_PATH, "PRC", SDK_LOG_LEVEL); $log->LogInfo('=====签名报文开始======'); if (isset($params['signature'])) { unset($params['signature']); } // 转换成key=val&串 $params_str = createLinkString($params, true, false); $log->LogInfo("签名key=val&...串 >" . $params_str); $params_sha1x16 = sha1($params_str, FALSE); $log->LogInfo("摘要sha1x16 >" . $params_sha1x16); $private_key = getPrivateKey($cert_path, $cert_pwd); // 签名 $sign_falg = openssl_sign($params_sha1x16, $signature, $private_key, OPENSSL_ALGO_SHA1); if ($sign_falg) { $signature_base64 = base64_encode($signature); $log->LogInfo("签名串为 >" . $signature_base64); $params['signature'] = $signature_base64; } else { $log->LogInfo(">>>>>签名失败<<<<<<<"); } $log->LogInfo('=====签名报文结束======'); }
private function generateRSASignature($input, $key, $algo) { if (!openssl_sign($input, $signature, $key, $algo)) { throw new \Exception("Unable to sign data."); } return $signature; }
public function testSign() { $unencryptedValue = 'foobar'; openssl_sign($unencryptedValue, $encryptedValue, $this->key, OPENSSL_ALGO_SHA384); $signature = $this->algorithm->sign($unencryptedValue, $this->key); $this->assertSame($encryptedValue, $signature); }
/** * Sign some data with a private key. * * @param string $data * @param string $privateKey * @param string|null $passphrase * @return string */ protected function signData($data, $privateKey, $passphrase = null) { $privateKey = openssl_pkey_get_private($privateKey, $passphrase); openssl_sign($data, $signature, $privateKey); openssl_free_key($privateKey); return $signature; }
public function __construct() { $strCoreKey = ""; $strPackageKey = ""; //================================================================== $objPackages = $this->db->query("SELECT * FROM __repo_packages WHERE category"); if ($objPackages) { while ($row = $objPackages->fetchAssoc()) { if (intval($row['category']) == 8) { $privateKey = $strCoreKey; } else { $privateKey = $strPackageKey; } if ($row['filehash'] != "") { $strHash = $row['filehash']; // fetch private key from file and ready it $strKey = "file://" . $privateKey; $pkeyid = openssl_pkey_get_private($strKey); // compute signature openssl_sign($strHash, $signature, $pkeyid, "sha1WithRSAEncryption"); // free the key from memory openssl_free_key($pkeyid); $signature = base64_encode($signature); echo "UPDATE eqdkp20_repo_packages SET signature = '" . $signature . "' WHERE id=" . $row['id'] . "; "; } } } }
function getSignedURL($resource, $timeout) { //This comes from key pair you generated for cloudfront $keyPairId = $this->config->item('cloudfront_keyPairId'); $key = $this->config->item('cloudfront_key'); //IMPORTANT: Keep private and not in a web-accessible location //Set privateKey location based on web url (dev or production) $privateKey = $this->config->item('cloudfront_keyLocation') . $key; $expires = time() + $timeout; //Time out in seconds $json = '{"Statement":[{"Resource":"' . $resource . '","Condition":{"DateLessThan":{"AWS:EpochTime":' . $expires . '}}}]}'; //Read Cloudfront Private Key Pair $fp = fopen($privateKey, "r"); $priv_key = fread($fp, 8192); fclose($fp); //Create the private key $key = openssl_get_privatekey($priv_key); if (!$key) { echo "<p>Failed to load private key!</p>"; return; } //Sign the policy with the private key if (!openssl_sign($json, $signed_policy, $key, OPENSSL_ALGO_SHA1)) { echo '<p>Failed to sign policy: ' . openssl_error_string() . '</p>'; return; } //Create url safe signed policy $base64_signed_policy = base64_encode($signed_policy); $signature = str_replace(array('+', '=', '/'), array('-', '_', '~'), $base64_signed_policy); //Construct the URL $url = $resource . '?Expires=' . $expires . '&Signature=' . $signature . '&Key-Pair-Id=' . $keyPairId; return $url; }
/** * 加签 * @param string $rawData 原数据 * @return string 加签结果 */ public function sign($rawData) { $this->_makesure_provider(); $result = ''; openssl_sign($rawData, $result, $this->keyProvider); return base64_encode($result); }
function sign($data) { if (!openssl_sign($data, $signature, $this->privateKey, "sha256")) { throw new apiAuthException("Unable to sign data"); } return $signature; }
protected function generateSignedJWT() { if (!file_exists($this->privateKey) || !is_file($this->privateKey)) { throw new Exception('Private key does not exist'); } $header = array('alg' => 'RS256', 'typ' => 'JWT'); $t = time(); $params = array('iss' => $this->email, 'scope' => Oauth::SCOPE_URL, 'aud' => Oauth::TOKEN_URL, 'exp' => $t + self::MAX_LIFETIME_SECONDS, 'iat' => $t); $encodings = array(base64_encode(json_encode($header)), base64_encode(json_encode($params))); $input = implode('.', $encodings); $certs = array(); $pkcs12 = file_get_contents($this->privateKey); if (!openssl_pkcs12_read($pkcs12, $certs, $this->password)) { throw new Exception('Could not parse .p12 file'); } if (!isset($certs['pkey'])) { throw new Exception('Could not find private key in .p12 file'); } $keyId = openssl_pkey_get_private($certs['pkey']); if (!openssl_sign($input, $sig, $keyId, 'sha256')) { throw new Exception('Could not sign data'); } $encodings[] = base64_encode($sig); $jwt = implode('.', $encodings); return $jwt; }
/** * getSignMsg 计算前面 * * @param array $pay_params * 计算前面数据 * @param string $sign_type * 签名类型 * @return string $signMsg 返回密文 */ function getSignMsg($pay_params = array(), $sign_type) { $params_str = ""; $signMsg = ""; $sina_config = \System\Entrance::config('SINA_FUND_MANAGED'); foreach ($pay_params as $key => $val) { if ($key != "sign" && $key != "sign_type" && $key != "sign_version" && isset($val) && @$val != "") { $params_str .= $key . "=" . $val . "&"; } } $params_str = substr($params_str, 0, -1); switch (@$sign_type) { case 'RSA': //签名私钥 $private_key = $sina_config['private_key']; $priv_key = file_get_contents($private_key); $pkeyid = openssl_pkey_get_private($priv_key); openssl_sign($params_str, $signMsg, $pkeyid, OPENSSL_ALGO_SHA1); openssl_free_key($pkeyid); $signMsg = base64_encode($signMsg); break; case 'MD5': default: $params_str = $params_str . $sina_config['md5_key']; $signMsg = strtolower(md5($params_str)); break; } return $signMsg; }
public static function generateUrl($params) { $config = Payplug::getConfig(); $data; $signature; if (!$config) { throw new ParametersNotSetException(); } if (!isset($params['amount'])) { throw new MissingRequiredParameterException("Missing required parameter: amount"); } if (!isset($params['currency'])) { throw new MissingRequiredParameterException("Missing required parameter: currency"); } if (!isset($params['ipnUrl'])) { throw new MissingRequiredParameterException("Missing required parameter: ipnUrl"); } if (!preg_match("/^(http|https):\\/\\//i", $params['ipnUrl'])) { throw new MalformedURLException($params['ipnUrl'] . " doesn't starts with 'http://' or 'https://'"); } if ($params['returnUrl'] != null && !preg_match("/^(http|https):\\/\\//i", $params['returnUrl'])) { throw new MalformedURLException($params['returnUrl'] . " doesn't starts with 'http://' or 'https://'"); } $url_params = http_build_query(array("amount" => $params['amount'], "currency" => $params['currency'], "custom_data" => $params['customData'], "customer" => $params['customer'], "email" => $params['email'], "first_name" => $params['firstName'], "ipn_url" => $params['ipnUrl'], "last_name" => $params['lastName'], "order" => $params['order'], "origin" => $params['origin'] . " payplug-php" . Payplug::VERSION . " PHP" . phpversion(), "return_url" => $params['returnUrl'])); $data = urlencode(base64_encode($url_params)); $privateKey = openssl_pkey_get_private($config->privateKey); openssl_sign($url_params, $signature, $privateKey, OPENSSL_ALGO_SHA1); $signature = urlencode(base64_encode($signature)); return $config->paymentBaseUrl . "?data=" . $data . "&sign=" . $signature; }
public function make_lincese($product_code, $name, $email) { // Generae a sha1 digest with the passed parameters. $stringData = $product_code . "," . $name . "," . $email; echo "Data: " . $stringData . "<br>"; $binary_signature = ""; openssl_sign($stringData, $binary_signature, $this->private_key, OPENSSL_ALGO_DSS1); echo "Binary Sig: " . $binary_signature . "<br>"; // base 32 encode the stuff $encoded = base32_encode($binary_signature); echo "Original Key: " . $encoded . "<br>"; echo "Key Length: " . strlen($encoded) . "<br>"; // replace O with 8 and I with 9 $replacement = str_replace("O", "8", str_replace("I", "9", $encoded)); echo "Replaced: " . $replacement . "<br>"; //remove padding if any. $padding = trim(str_replace("=", "", $replacement)); echo "Stripped: " . $padding . "<br>"; $dashed = rtrim(chunk_split($padding, 5, "-")); $theKey = substr($dashed, 0, strlen($dashed) - 1); echo "Dashed: " . $theKey . "<br><br>"; echo "<strong>Verify the just created License<br></strong>"; $this->verify_license($product_code, $name, $email, $theKey); return $theKey; }
function getSign($sMessage) { $sPrivateKey = file_get_contents('private.pem'); $rPrivateKey = openssl_pkey_get_private($sPrivateKey); openssl_sign($sMessage, $sSign, $rPrivateKey, OPENSSL_ALGO_SHA1); return bin2hex($sSign); }
/** * 签名 * * @param String $params_str */ function sign(&$params) { global $log; $log->LogInfo ( '=====签名报文开始======' ); if(isset($params['transTempUrl'])){ unset($params['transTempUrl']); } // 转换成key=val&串 $params_str = coverParamsToString ( $params ); $log->LogInfo ( "签名key=val&...串 >" . $params_str ); $params_sha1x16 = sha1 ( $params_str, FALSE ); $log->LogInfo ( "摘要sha1x16 >" . $params_sha1x16 ); // 签名证书路径 $cert_path = SDK_SIGN_CERT_PATH; $private_key = getPrivateKey ( $cert_path ); // 签名 $sign_falg = openssl_sign ( $params_sha1x16, $signature, $private_key, OPENSSL_ALGO_SHA1 ); if ($sign_falg) { $signature_base64 = base64_encode ( $signature ); $log->LogInfo ( "签名串为 >" . $signature_base64 ); $params ['signature'] = $signature_base64; } else { $log->LogInfo ( ">>>>>签名失败<<<<<<<" ); } $log->LogInfo ( '=====签名报文结束======' ); }
function get_signed_url($url, $private_key, $key_pair_id, $expires, $client_ip = null) { $policy = '{' . '"Statement":[' . '{' . '"Resource":"' . $url . '",' . '"Condition":{'; if (!is_null($client_ip)) { $policy .= '"IpAddress":{"AWS:SourceIp":"' . $client_ip . '/32"},'; } $policy .= '"DateLessThan":{"AWS:EpochTime":' . $expires . '}' . '}' . '}' . ']' . '}'; // the policy contains characters that cannot be part of a URL, so we base64 encode it $encoded_policy = url_safe_base64_encode($policy); // sign the original policy, not the encoded version $signature = ''; $pkeyid = openssl_get_privatekey($private_key); // compute signature openssl_sign($policy, $signature, $pkeyid); // free the key from memory openssl_free_key($pkeyid); // make the signature is safe to be included in a url $encoded_signature = url_safe_base64_encode($signature); // combine the above into a signed url // if the signed url already contains query parameters, attach the new query parameters to the end // otherwise, add the query parameters $separator = strpos($url, '?') == FALSE ? '?' : '&'; // no IP restriction means we are using a canned policy if (!is_null($client_ip)) { $url .= $separator . "Expires=" . $expires . "&Signature=" . $encoded_signature . "&Key-Pair-Id=" . $key_pair_id; } else { $url .= $separator . "Policy=" . $encoded_policy . "&Signature=" . $encoded_signature . "&Key-Pair-Id=" . $key_pair_id; } // new lines would break us, so remove them return str_replace('\\n', '', $url); }
function rsaSign($data, $priKey) { openssl_sign($data, $signature, $priKey, OPENSSL_ALGO_MD5); //base64编码 $sign = base64_encode($signature); return $sign; }
function getXMLSing($xmlHon,$priv_key){ //Carga Certificado $xml = new DomDocument(); $xml->loadXML($xmlHon); //Carga prosedimiento de proceso de cadena original $xsl = new DomDocument; $xsl->load("ostring.xsl"); $proc = new xsltprocessor(); $proc->importStyleSheet($xsl); $original =$proc->transformToXML($xml); //firma la cadena original //$fp = $cert[0]['certificates']['key']; //$priv_key = $f['key']; //die($f['key']); //fclose($fp); $pkeyid = openssl_get_privatekey($priv_key); openssl_sign($original, $signature, $pkeyid,OPENSSL_ALGO_MD5); openssl_free_key($pkeyid); //coloca el sello en xml $esqueletonew=$xmlHon; $esqueletonew=str_replace("#1#",base64_encode($signature),$esqueletonew); $xmlReturn[1]=$esqueletonew; $xmlReturn[2]=$original; $xmlReturn[3]=base64_encode($signature); return $xmlReturn; }
/** * @param string $securedInput * @param string $key * * @return string */ public function sign($securedInput, $key) { if (false === openssl_sign($securedInput, $signature, $key, $this->signatureAlgorithm)) { throw new JoseJwtException('Unable to sign data: ' . openssl_error_string()); } return $signature; }
public function sign($data, $key, $passphrase = '') { $privateKey = openssl_pkey_get_private($key, $passphrase); openssl_sign($data, $signature, $privateKey); openssl_free_key($privateKey); return $signature; }
public function signXML($XMLRequest) { $XMLRequestDOMDoc = new DOMDocument(); $XMLRequestDOMDoc->loadXML($XMLRequest); $canonical = $XMLRequestDOMDoc->C14N(); $DigestValue = base64_encode(hash('sha1', $canonical, true)); $rootElem = $XMLRequestDOMDoc->documentElement; $SignatureNode = $rootElem->appendChild(new DOMElement('Signature')); $SignatureNode->setAttribute('xmlns', 'http://www.w3.org/2000/09/xmldsig#'); $SignedInfoNode = $SignatureNode->appendChild(new DOMElement('SignedInfo')); $SignedInfoNode->setAttribute('xmlns', 'http://www.w3.org/2000/09/xmldsig#'); $CanonicalizationMethodNode = $SignedInfoNode->appendChild(new DOMElement('CanonicalizationMethod')); $CanonicalizationMethodNode->setAttribute('Algorithm', 'http://www.w3.org/2001/10/xml-exc-c14n#'); $SignatureMethodNode = $SignedInfoNode->appendChild(new DOMElement('SignatureMethod')); $SignatureMethodNode->setAttribute('Algorithm', 'http://www.w3.org/2000/09/xmldsig#rsa-sha1'); $ReferenceNode = $SignedInfoNode->appendChild(new DOMElement('Reference')); $ReferenceNode->setAttribute('URI', sprintf('#%s', $XMLRequestDOMDoc->documentElement->getAttribute('Id'))); $TransformsNode = $ReferenceNode->appendChild(new DOMElement('Transforms')); $Transform1Node = $TransformsNode->appendChild(new DOMElement('Transform')); $Transform1Node->setAttribute('Algorithm', 'http://www.w3.org/2000/09/xmldsig#enveloped-signature'); $Transform2Node = $TransformsNode->appendChild(new DOMElement('Transform')); $Transform2Node->setAttribute('Algorithm', 'http://www.w3.org/2001/10/xml-exc-c14n#'); $DigestMethodNode = $ReferenceNode->appendChild(new DOMElement('DigestMethod')); $DigestMethodNode->setAttribute('Algorithm', 'http://www.w3.org/2000/09/xmldsig#sha1'); $ReferenceNode->appendChild(new DOMElement('DigestValue', $DigestValue)); $SignedInfoNode = $XMLRequestDOMDoc->getElementsByTagName('SignedInfo')->item(0); $X509Issuer = $this->publicCertificateData['issuer']; $X509IssuerName = sprintf('OU=%s,O=%s,C=%s', $X509Issuer['OU'], $X509Issuer['O'], $X509Issuer['C']); $X509IssuerSerial = $this->publicCertificateData['serialNumber']; $publicCertificatePureString = str_replace('-----BEGIN CERTIFICATE-----', '', $this->certificate['cert']); $publicCertificatePureString = str_replace('-----END CERTIFICATE-----', '', $publicCertificatePureString); $this->signedInfoSignature = null; if (!openssl_sign($SignedInfoNode->C14N(true), $this->signedInfoSignature, $this->privateKeyResource, OPENSSL_ALGO_SHA1)) { throw new Exception('Unable to sign the request'); } $SignatureNode = $XMLRequestDOMDoc->getElementsByTagName('Signature')->item(0); $SignatureValueNode = new DOMElement('SignatureValue', base64_encode($this->signedInfoSignature)); $SignatureNode->appendChild($SignatureValueNode); $KeyInfoNode = $SignatureNode->appendChild(new DOMElement('KeyInfo')); $X509DataNode = $KeyInfoNode->appendChild(new DOMElement('X509Data')); $X509CertificateNode = new DOMElement('X509Certificate', $publicCertificatePureString); $X509DataNode->appendChild($X509CertificateNode); $X509IssuerSerialNode = $X509DataNode->appendChild(new DOMElement('X509IssuerSerial')); $X509IssuerNameNode = new DOMElement('X509IssuerName', $X509IssuerName); $X509IssuerSerialNode->appendChild($X509IssuerNameNode); $X509SerialNumberNode = new DOMElement('X509SerialNumber', $X509IssuerSerial); $X509IssuerSerialNode->appendChild($X509SerialNumberNode); $envelope = new DOMDocument(); $envelope->loadXML('<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/"> <soapenv:Body></soapenv:Body> </soapenv:Envelope>'); $envelope->encoding = 'UTF-8'; $envelope->version = '1.0'; $XMLRequestType = $XMLRequestDOMDoc->documentElement->localName; $XMLRequestTypeNode = $XMLRequestDOMDoc->getElementsByTagName($XMLRequestType)->item(0); $XMLRequestTypeNode = $envelope->importNode($XMLRequestTypeNode, true); $envelope->getElementsByTagName('Body')->item(0)->appendChild($XMLRequestTypeNode); return $envelope->saveXML(); }
public static function getParamsSignatureWithRSA($params, $certPath, $password) { $query = self::getStringToSign($params); $params_sha1x16 = sha1($query, false); $privateKey = self::getPrivateKey($certPath, $password); openssl_sign($params_sha1x16, $signature, $privateKey, OPENSSL_ALGO_SHA1); return base64_encode($signature); }