Example #1
0
 /**
  * Generate a signature of the given data using a private key and an algorithm.
  *
  * @param string     $data
  * @param PrivateKey $privateKey
  * @param int        $algorithm
  *
  * @return string
  */
 public function signData($data, PrivateKey $privateKey, $algorithm = OPENSSL_ALGO_SHA256)
 {
     if (!openssl_sign($data, $signature, $privateKey->getResource(), $algorithm)) {
         throw new DataSigningException(sprintf('OpenSSL data signing failed with error: %s', openssl_error_string()));
     }
     return $signature;
 }
Example #2
0
 public function filterHttpRequest($method, $url, $headers = array(), $body = null, $contentType = null)
 {
     if ($this->getAuthSubToken() != null) {
         // AuthSub authentication
         if ($this->getAuthSubPrivateKeyId() != null) {
             // secure AuthSub
             $time = time();
             $nonce = mt_rand(0, 999999999);
             $dataToSign = $method . ' ' . $url . ' ' . $time . ' ' . $nonce;
             // compute signature
             $pKeyId = $this->getAuthSubPrivateKeyId();
             $signSuccess = openssl_sign($dataToSign, $signature, $pKeyId, OPENSSL_ALGO_SHA1);
             if (!$signSuccess) {
                 require_once 'Zend/Gdata/App/Exception.php';
                 throw new Zend_Gdata_App_Exception('openssl_signing failure - returned false');
             }
             // encode signature
             $encodedSignature = base64_encode($signature);
             // final header
             $headers['authorization'] = 'AuthSub token="' . $this->getAuthSubToken() . '" ' . 'data="' . $dataToSign . '" ' . 'sig="' . $encodedSignature . '" ' . 'sigalg="rsa-sha1"';
         } else {
             // AuthSub without secure tokens
             $headers['authorization'] = 'AuthSub token="' . $this->getAuthSubToken() . '"';
         }
     } elseif ($this->getClientLoginToken() != null) {
         $headers['authorization'] = 'GoogleLogin auth=' . $this->getClientLoginToken();
     }
     return array('method' => $method, 'url' => $url, 'body' => $body, 'headers' => $headers, 'contentType' => $contentType);
 }
Example #3
0
 /**
  * 签名数据
  *
  * @param string $data
  *        	要签名的数据
  * @param string $private
  *        	私钥文件
  * @return string 签名的16进制数据
  */
 private function sign($data)
 {
     $p = openssl_pkey_get_private($this->chinaums_config['privateKey']);
     openssl_sign($data, $signature, $p);
     openssl_free_key($p);
     return bin2hex($signature);
 }
 private static function generateRSA($input, $secret, $algo)
 {
     if (!openssl_sign($input, $signature, $secret, $algo)) {
         throw new Exception("Unable to sign data.");
     }
     return $signature;
 }
Example #5
0
 /**
  * @param array $params
  * @return string
  */
 public function sign(array $params)
 {
     $digestText = implode('|', $params);
     openssl_sign($digestText, $digest, $this->getPrivateKeyResource());
     $digest = base64_encode($digest);
     return $digest;
 }
 /**
  * Signs the data using this private key
  *
  * @param   string data
  * @return  string
  * @throws  security.crypto.CryptoException if the operation fails
  */
 public function sign($data)
 {
     if (false === openssl_sign($data, $signature, $this->_hdl)) {
         throw new CryptoException('Could not sign data', OpenSslUtil::getErrors());
     }
     return $signature;
 }
Example #7
0
 /**
  * 对数据进行RSA签名
  *
  * @param string $data
  *            需要进行签名的数据.
  * @param string $privateKey
  *            签名用户的私钥
  *            
  * @return string
  */
 public static function createRSASign($data, $privateKey)
 {
     $private_key_id = openssl_pkey_get_private($privateKey);
     openssl_sign($data, $signature, $private_key_id, OPENSSL_ALGO_SHA1);
     openssl_free_key($private_key_id);
     return base64_encode($signature);
 }
Example #8
0
/** 
 * 
 array(3) {
  ["cert"]=>
  string(1334) "-----BEGIN CERTIFICATE-----
MIIDrTCCAxagAwIBAgIQWQKhEMePlPB2aPEW+YUIIDANBgkqhkiG9w0BAQUFADAk
MQswCQYDVQQGEwJDTjEVMBMGA1UEChMMQ0ZDQSBURVNUIENBMB4XDTExMDgyNDA3
NDc1MFoXDTEzMDgyNDA3NDc1MFowczELMAkGA1UEBhMCQ04xFTATBgNVBAoTDENG
Q0EgVEVTVCBDQTERMA8GA1UECxMITG9jYWwgUkExFDASBgNVBAsTC0VudGVycHJp
c2VzMSQwIgYDVQQDFBswNDFAWjIwMTEwODI0QFRFU1RAMDAwMDAwMjMwgZ8wDQYJ
KoZIhvcNAQEBBQADgY0AMIGJAoGBAK8kL0wwZEqbFEEjQoyMO3PYqighzpc6WMc9
aFN8BqaFXcDm/nI+JmviFowOm6VTTxjQnGx6DAPB9uxxCuEbue+KUiohr4eIjXGR
8XGO01Ssw3mGm87wdRR/CrNvkR2WVBy/8LTHEGR4IQIhvzokmvLu3LiY0GQ3aJ1s
bGV0yL3RAgMBAAGjggGPMIIBizAfBgNVHSMEGDAWgBRGctwlcp8CTlWDtYD5C9vp
k7P0RTAdBgNVHQ4EFgQUiFLVc/e56LvykZgnvwbiVHMKt0swCwYDVR0PBAQDAgTw
MAwGA1UdEwQFMAMBAQAwOwYDVR0lBDQwMgYIKwYBBQUHAwEGCCsGAQUFBwMCBggr
BgEFBQcDAwYIKwYBBQUHAwQGCCsGAQUFBwMIMIHwBgNVHR8EgegwgeUwT6BNoEuk
STBHMQswCQYDVQQGEwJDTjEVMBMGA1UEChMMQ0ZDQSBURVNUIENBMQwwCgYDVQQL
EwNDUkwxEzARBgNVBAMTCmNybDEyN18xNTcwgZGggY6ggYuGgYhsZGFwOi8vdGVz
dGxkYXAuY2ZjYS5jb20uY246Mzg5L0NOPWNybDEyN18xNTcsT1U9Q1JMLE89Q0ZD
QSBURVNUIENBLEM9Q04/Y2VydGlmaWNhdGVSZXZvY2F0aW9uTGlzdD9iYXNlP29i
amVjdGNsYXNzPWNSTERpc3RyaWJ1dGlvblBvaW50MA0GCSqGSIb3DQEBBQUAA4GB
AFakQbOuB4QHfvewOyDy1mW4iQSRgP2v47QFyExvRk/iOZkUT3tWsYaSLuyRyQV2
eg9lmuMZmB8ITL/0ed7DUsXN7mdoKHmgsBga1Sp8UhR3dznqOSfaAYJqDaIV6gei
TH0Fbj4FTRxcIsf20WzFUN65kkop3hl1ZssxxvA9Asns
-----END CERTIFICATE-----
"
  ["pkey"]=>
  string(887) "-----BEGIN RSA PRIVATE KEY-----
MIICXQIBAAKBgQCvJC9MMGRKmxRBI0KMjDtz2KooIc6XOljHPWhTfAamhV3A5v5y
PiZr4haMDpulU08Y0JxsegwDwfbscQrhG7nvilIqIa+HiI1xkfFxjtNUrMN5hpvO
8HUUfwqzb5EdllQcv/C0xxBkeCECIb86JJry7ty4mNBkN2idbGxldMi90QIDAQAB
AoGATvTIIdfbDss06Vyk/smlb8dohmkfQov6Q/AKHUDXmrCbIIDCiuw70/z73y4i
uviAuxYovrqSugryb4tStUMTogmft4methz1/O/083XHwBNKBPnS2fobYDfBxqkX
tH26woCjrEr/O/wngo6iFp7b5yJlyXapN0x+iOF3CShIhAECQQD2gZ6LLYdxSP8i
aRYAPOh10mF5IHt2dl89eOjNiqVGMlkV5aXNT80jAQr/kWGZfIjscb/xkawSKQKs
ovcn99GRAkEAteL02mBrCLfn2idBwXTdil+yeigReAZmRpqQuAfTRZN4RM+5Dw3q
X0IiCkR3oyiwx89n1eGmz1JTZRxoY1AIQQJAWVbQ5xAxLlWOYiJD3wI0Hb+JpCSp
ml18VwMjHJtLGw3US6NXW/m4Fx+hpM5D2STRWyA+uIZbHpnOZlMJ0Gp4gQJBAK38
66JV5y1Q1r2tHc6UHzQ1tMH7wDIjVQSm6FbSTXxZxAt29Rx8gD0dQvi1ZAg0bV7F
fRtwnqPlqZaoJQcTUMECQQD1Dh+Mu3OMb5AHnrtbk9l1qjM3U81QBKdyF0RY+djo
b3cR9I7+hurpqhJmQ7yuvAWe2xWc+YNTQ48FDJTogXlB
-----END RSA PRIVATE KEY-----
"
  ["extracerts"]=>
  array(0) {
  }
}
*/
function cfcasign_pkcs12($plainText)
{
    $p12cert = array();
    //①读取公匙文件内容:二进制数据
    $file = 'ceshi/test.pfx';
    //二进制文件
    $fd = fopen($file, 'r');
    //只读模式打开文件
    $p12buf = fread($fd, filesize($file));
    //读取文件
    fclose($fd);
    /**
     * bool openssl_pkcs12_read ( string $pkcs12 , array &$certs , string $pass  )
     * 把以公匙加密标准证书存放区($pkcs12)转为数组存储($certs)
     * $pass:解开公匙加密标准证书存放区加密的密码
     */
    //②转为数组
    openssl_pkcs12_read($p12buf, $p12cert, 'cfca1234');
    $pkeyid = $p12cert["pkey"];
    $binary_signature = "";
    /**
     * bool openssl_sign ( string $data , string &$signature , mixed $priv_key_id [, int $signature_alg = OPENSSL_ALGO_SHA1 ] )
     * 生成签名
     * $data:特殊数据
     * $signature:如果成功,生成的签名(二进制数)
     * $priv_key_id:用于加密sha散列法生成的数据
     * 注意:$data没被加密过
     */
    openssl_sign($plainText, $binary_signature, $pkeyid, OPENSSL_ALGO_SHA1);
    return bin2hex($binary_signature);
    //将二进制数据转换成十六进制表示
}
Example #9
0
 /**
  * {@inheritdoc}
  */
 public function createHash($payload, $key)
 {
     $this->validateKey($key);
     $signature = '';
     openssl_sign($payload, $signature, $key, $this->getAlgorithm());
     return $signature;
 }
Example #10
0
/**
 * 签名
 *
 * @param String $params_str
 */
function sign(&$params, $cert_path, $cert_pwd)
{
    //global $log;
    $log = new PhpLog(SDK_LOG_FILE_PATH, "PRC", SDK_LOG_LEVEL);
    $log->LogInfo('=====签名报文开始======');
    if (isset($params['signature'])) {
        unset($params['signature']);
    }
    // 转换成key=val&串
    $params_str = createLinkString($params, true, false);
    $log->LogInfo("签名key=val&...串 >" . $params_str);
    $params_sha1x16 = sha1($params_str, FALSE);
    $log->LogInfo("摘要sha1x16 >" . $params_sha1x16);
    $private_key = getPrivateKey($cert_path, $cert_pwd);
    // 签名
    $sign_falg = openssl_sign($params_sha1x16, $signature, $private_key, OPENSSL_ALGO_SHA1);
    if ($sign_falg) {
        $signature_base64 = base64_encode($signature);
        $log->LogInfo("签名串为 >" . $signature_base64);
        $params['signature'] = $signature_base64;
    } else {
        $log->LogInfo(">>>>>签名失败<<<<<<<");
    }
    $log->LogInfo('=====签名报文结束======');
}
Example #11
0
 private function generateRSASignature($input, $key, $algo)
 {
     if (!openssl_sign($input, $signature, $key, $algo)) {
         throw new \Exception("Unable to sign data.");
     }
     return $signature;
 }
Example #12
0
 public function testSign()
 {
     $unencryptedValue = 'foobar';
     openssl_sign($unencryptedValue, $encryptedValue, $this->key, OPENSSL_ALGO_SHA384);
     $signature = $this->algorithm->sign($unencryptedValue, $this->key);
     $this->assertSame($encryptedValue, $signature);
 }
Example #13
0
 /**
  * Sign some data with a private key.
  *
  * @param  string      $data
  * @param  string      $privateKey
  * @param  string|null $passphrase
  * @return string
  */
 protected function signData($data, $privateKey, $passphrase = null)
 {
     $privateKey = openssl_pkey_get_private($privateKey, $passphrase);
     openssl_sign($data, $signature, $privateKey);
     openssl_free_key($privateKey);
     return $signature;
 }
 public function __construct()
 {
     $strCoreKey = "";
     $strPackageKey = "";
     //==================================================================
     $objPackages = $this->db->query("SELECT * FROM __repo_packages WHERE category");
     if ($objPackages) {
         while ($row = $objPackages->fetchAssoc()) {
             if (intval($row['category']) == 8) {
                 $privateKey = $strCoreKey;
             } else {
                 $privateKey = $strPackageKey;
             }
             if ($row['filehash'] != "") {
                 $strHash = $row['filehash'];
                 // fetch private key from file and ready it
                 $strKey = "file://" . $privateKey;
                 $pkeyid = openssl_pkey_get_private($strKey);
                 // compute signature
                 openssl_sign($strHash, $signature, $pkeyid, "sha1WithRSAEncryption");
                 // free the key from memory
                 openssl_free_key($pkeyid);
                 $signature = base64_encode($signature);
                 echo "UPDATE eqdkp20_repo_packages SET signature = '" . $signature . "' WHERE id=" . $row['id'] . "; ";
             }
         }
     }
 }
Example #15
0
 function getSignedURL($resource, $timeout)
 {
     //This comes from key pair you generated for cloudfront
     $keyPairId = $this->config->item('cloudfront_keyPairId');
     $key = $this->config->item('cloudfront_key');
     //IMPORTANT: Keep private and not in a web-accessible location
     //Set privateKey location based on web url (dev or production)
     $privateKey = $this->config->item('cloudfront_keyLocation') . $key;
     $expires = time() + $timeout;
     //Time out in seconds
     $json = '{"Statement":[{"Resource":"' . $resource . '","Condition":{"DateLessThan":{"AWS:EpochTime":' . $expires . '}}}]}';
     //Read Cloudfront Private Key Pair
     $fp = fopen($privateKey, "r");
     $priv_key = fread($fp, 8192);
     fclose($fp);
     //Create the private key
     $key = openssl_get_privatekey($priv_key);
     if (!$key) {
         echo "<p>Failed to load private key!</p>";
         return;
     }
     //Sign the policy with the private key
     if (!openssl_sign($json, $signed_policy, $key, OPENSSL_ALGO_SHA1)) {
         echo '<p>Failed to sign policy: ' . openssl_error_string() . '</p>';
         return;
     }
     //Create url safe signed policy
     $base64_signed_policy = base64_encode($signed_policy);
     $signature = str_replace(array('+', '=', '/'), array('-', '_', '~'), $base64_signed_policy);
     //Construct the URL
     $url = $resource . '?Expires=' . $expires . '&Signature=' . $signature . '&Key-Pair-Id=' . $keyPairId;
     return $url;
 }
 /**
  * 加签
  * @param string $rawData 原数据
  * @return string 加签结果
  */
 public function sign($rawData)
 {
     $this->_makesure_provider();
     $result = '';
     openssl_sign($rawData, $result, $this->keyProvider);
     return base64_encode($result);
 }
Example #17
0
 function sign($data)
 {
     if (!openssl_sign($data, $signature, $this->privateKey, "sha256")) {
         throw new apiAuthException("Unable to sign data");
     }
     return $signature;
 }
 protected function generateSignedJWT()
 {
     if (!file_exists($this->privateKey) || !is_file($this->privateKey)) {
         throw new Exception('Private key does not exist');
     }
     $header = array('alg' => 'RS256', 'typ' => 'JWT');
     $t = time();
     $params = array('iss' => $this->email, 'scope' => Oauth::SCOPE_URL, 'aud' => Oauth::TOKEN_URL, 'exp' => $t + self::MAX_LIFETIME_SECONDS, 'iat' => $t);
     $encodings = array(base64_encode(json_encode($header)), base64_encode(json_encode($params)));
     $input = implode('.', $encodings);
     $certs = array();
     $pkcs12 = file_get_contents($this->privateKey);
     if (!openssl_pkcs12_read($pkcs12, $certs, $this->password)) {
         throw new Exception('Could not parse .p12 file');
     }
     if (!isset($certs['pkey'])) {
         throw new Exception('Could not find private key in .p12 file');
     }
     $keyId = openssl_pkey_get_private($certs['pkey']);
     if (!openssl_sign($input, $sig, $keyId, 'sha256')) {
         throw new Exception('Could not sign data');
     }
     $encodings[] = base64_encode($sig);
     $jwt = implode('.', $encodings);
     return $jwt;
 }
Example #19
0
 /**
  * getSignMsg 计算前面
  *
  * @param array $pay_params
  *        	计算前面数据
  * @param string $sign_type
  *        	签名类型
  * @return string $signMsg 返回密文
  */
 function getSignMsg($pay_params = array(), $sign_type)
 {
     $params_str = "";
     $signMsg = "";
     $sina_config = \System\Entrance::config('SINA_FUND_MANAGED');
     foreach ($pay_params as $key => $val) {
         if ($key != "sign" && $key != "sign_type" && $key != "sign_version" && isset($val) && @$val != "") {
             $params_str .= $key . "=" . $val . "&";
         }
     }
     $params_str = substr($params_str, 0, -1);
     switch (@$sign_type) {
         case 'RSA':
             //签名私钥
             $private_key = $sina_config['private_key'];
             $priv_key = file_get_contents($private_key);
             $pkeyid = openssl_pkey_get_private($priv_key);
             openssl_sign($params_str, $signMsg, $pkeyid, OPENSSL_ALGO_SHA1);
             openssl_free_key($pkeyid);
             $signMsg = base64_encode($signMsg);
             break;
         case 'MD5':
         default:
             $params_str = $params_str . $sina_config['md5_key'];
             $signMsg = strtolower(md5($params_str));
             break;
     }
     return $signMsg;
 }
Example #20
0
 public static function generateUrl($params)
 {
     $config = Payplug::getConfig();
     $data;
     $signature;
     if (!$config) {
         throw new ParametersNotSetException();
     }
     if (!isset($params['amount'])) {
         throw new MissingRequiredParameterException("Missing required parameter: amount");
     }
     if (!isset($params['currency'])) {
         throw new MissingRequiredParameterException("Missing required parameter: currency");
     }
     if (!isset($params['ipnUrl'])) {
         throw new MissingRequiredParameterException("Missing required parameter: ipnUrl");
     }
     if (!preg_match("/^(http|https):\\/\\//i", $params['ipnUrl'])) {
         throw new MalformedURLException($params['ipnUrl'] . " doesn't starts with 'http://' or 'https://'");
     }
     if ($params['returnUrl'] != null && !preg_match("/^(http|https):\\/\\//i", $params['returnUrl'])) {
         throw new MalformedURLException($params['returnUrl'] . " doesn't starts with 'http://' or 'https://'");
     }
     $url_params = http_build_query(array("amount" => $params['amount'], "currency" => $params['currency'], "custom_data" => $params['customData'], "customer" => $params['customer'], "email" => $params['email'], "first_name" => $params['firstName'], "ipn_url" => $params['ipnUrl'], "last_name" => $params['lastName'], "order" => $params['order'], "origin" => $params['origin'] . " payplug-php" . Payplug::VERSION . " PHP" . phpversion(), "return_url" => $params['returnUrl']));
     $data = urlencode(base64_encode($url_params));
     $privateKey = openssl_pkey_get_private($config->privateKey);
     openssl_sign($url_params, $signature, $privateKey, OPENSSL_ALGO_SHA1);
     $signature = urlencode(base64_encode($signature));
     return $config->paymentBaseUrl . "?data=" . $data . "&sign=" . $signature;
 }
Example #21
0
 public function make_lincese($product_code, $name, $email)
 {
     // Generae a sha1 digest with the passed parameters.
     $stringData = $product_code . "," . $name . "," . $email;
     echo "Data: " . $stringData . "<br>";
     $binary_signature = "";
     openssl_sign($stringData, $binary_signature, $this->private_key, OPENSSL_ALGO_DSS1);
     echo "Binary Sig: " . $binary_signature . "<br>";
     // base 32 encode the stuff
     $encoded = base32_encode($binary_signature);
     echo "Original Key: " . $encoded . "<br>";
     echo "Key Length: " . strlen($encoded) . "<br>";
     // replace O with 8 and I with 9
     $replacement = str_replace("O", "8", str_replace("I", "9", $encoded));
     echo "Replaced: " . $replacement . "<br>";
     //remove padding if any.
     $padding = trim(str_replace("=", "", $replacement));
     echo "Stripped: " . $padding . "<br>";
     $dashed = rtrim(chunk_split($padding, 5, "-"));
     $theKey = substr($dashed, 0, strlen($dashed) - 1);
     echo "Dashed: " . $theKey . "<br><br>";
     echo "<strong>Verify the just created License<br></strong>";
     $this->verify_license($product_code, $name, $email, $theKey);
     return $theKey;
 }
Example #22
0
function getSign($sMessage)
{
    $sPrivateKey = file_get_contents('private.pem');
    $rPrivateKey = openssl_pkey_get_private($sPrivateKey);
    openssl_sign($sMessage, $sSign, $rPrivateKey, OPENSSL_ALGO_SHA1);
    return bin2hex($sSign);
}
Example #23
0
/**
 * 签名
 *
 * @param String $params_str
 */
function sign(&$params) {
	global $log;
	$log->LogInfo ( '=====签名报文开始======' );
	if(isset($params['transTempUrl'])){
		unset($params['transTempUrl']);
	}
	// 转换成key=val&串
	$params_str = coverParamsToString ( $params );
	$log->LogInfo ( "签名key=val&...串 >" . $params_str );
	
	$params_sha1x16 = sha1 ( $params_str, FALSE );
	$log->LogInfo ( "摘要sha1x16 >" . $params_sha1x16 );
	// 签名证书路径
	$cert_path = SDK_SIGN_CERT_PATH;
	$private_key = getPrivateKey ( $cert_path );
	// 签名
	$sign_falg = openssl_sign ( $params_sha1x16, $signature, $private_key, OPENSSL_ALGO_SHA1 );
	if ($sign_falg) {
		$signature_base64 = base64_encode ( $signature );
		$log->LogInfo ( "签名串为 >" . $signature_base64 );
		$params ['signature'] = $signature_base64;
	} else {
		$log->LogInfo ( ">>>>>签名失败<<<<<<<" );
	}
	$log->LogInfo ( '=====签名报文结束======' );
}
Example #24
0
function get_signed_url($url, $private_key, $key_pair_id, $expires, $client_ip = null)
{
    $policy = '{' . '"Statement":[' . '{' . '"Resource":"' . $url . '",' . '"Condition":{';
    if (!is_null($client_ip)) {
        $policy .= '"IpAddress":{"AWS:SourceIp":"' . $client_ip . '/32"},';
    }
    $policy .= '"DateLessThan":{"AWS:EpochTime":' . $expires . '}' . '}' . '}' . ']' . '}';
    // the policy contains characters that cannot be part of a URL, so we base64 encode it
    $encoded_policy = url_safe_base64_encode($policy);
    // sign the original policy, not the encoded version
    $signature = '';
    $pkeyid = openssl_get_privatekey($private_key);
    // compute signature
    openssl_sign($policy, $signature, $pkeyid);
    // free the key from memory
    openssl_free_key($pkeyid);
    // make the signature is safe to be included in a url
    $encoded_signature = url_safe_base64_encode($signature);
    // combine the above into a signed url
    // if the signed url already contains query parameters, attach the new query parameters to the end
    // otherwise, add the query parameters
    $separator = strpos($url, '?') == FALSE ? '?' : '&';
    // no IP restriction means we are using a canned policy
    if (!is_null($client_ip)) {
        $url .= $separator . "Expires=" . $expires . "&Signature=" . $encoded_signature . "&Key-Pair-Id=" . $key_pair_id;
    } else {
        $url .= $separator . "Policy=" . $encoded_policy . "&Signature=" . $encoded_signature . "&Key-Pair-Id=" . $key_pair_id;
    }
    // new lines would break us, so remove them
    return str_replace('\\n', '', $url);
}
Example #25
0
function rsaSign($data, $priKey)
{
    openssl_sign($data, $signature, $priKey, OPENSSL_ALGO_MD5);
    //base64编码
    $sign = base64_encode($signature);
    return $sign;
}
	function getXMLSing($xmlHon,$priv_key){
		//Carga Certificado
		$xml = new DomDocument();
		$xml->loadXML($xmlHon);
		//Carga prosedimiento de proceso de cadena original
		$xsl = new DomDocument;
		$xsl->load("ostring.xsl");
		$proc = new xsltprocessor();
		$proc->importStyleSheet($xsl);
		$original =$proc->transformToXML($xml);
		//firma la cadena original
		
		//$fp = $cert[0]['certificates']['key'];
		//$priv_key = $f['key'];
		//die($f['key']);
		//fclose($fp);
		$pkeyid = openssl_get_privatekey($priv_key);
		openssl_sign($original, $signature, $pkeyid,OPENSSL_ALGO_MD5);
		openssl_free_key($pkeyid);
		//coloca el sello en xml
		$esqueletonew=$xmlHon;
		$esqueletonew=str_replace("#1#",base64_encode($signature),$esqueletonew);
		$xmlReturn[1]=$esqueletonew;
		$xmlReturn[2]=$original;
		$xmlReturn[3]=base64_encode($signature);
		return $xmlReturn;
	}
Example #27
0
 /**
  * @param string $securedInput
  * @param string $key
  *
  * @return string
  */
 public function sign($securedInput, $key)
 {
     if (false === openssl_sign($securedInput, $signature, $key, $this->signatureAlgorithm)) {
         throw new JoseJwtException('Unable to sign data: ' . openssl_error_string());
     }
     return $signature;
 }
 public function sign($data, $key, $passphrase = '')
 {
     $privateKey = openssl_pkey_get_private($key, $passphrase);
     openssl_sign($data, $signature, $privateKey);
     openssl_free_key($privateKey);
     return $signature;
 }
Example #29
0
    public function signXML($XMLRequest)
    {
        $XMLRequestDOMDoc = new DOMDocument();
        $XMLRequestDOMDoc->loadXML($XMLRequest);
        $canonical = $XMLRequestDOMDoc->C14N();
        $DigestValue = base64_encode(hash('sha1', $canonical, true));
        $rootElem = $XMLRequestDOMDoc->documentElement;
        $SignatureNode = $rootElem->appendChild(new DOMElement('Signature'));
        $SignatureNode->setAttribute('xmlns', 'http://www.w3.org/2000/09/xmldsig#');
        $SignedInfoNode = $SignatureNode->appendChild(new DOMElement('SignedInfo'));
        $SignedInfoNode->setAttribute('xmlns', 'http://www.w3.org/2000/09/xmldsig#');
        $CanonicalizationMethodNode = $SignedInfoNode->appendChild(new DOMElement('CanonicalizationMethod'));
        $CanonicalizationMethodNode->setAttribute('Algorithm', 'http://www.w3.org/2001/10/xml-exc-c14n#');
        $SignatureMethodNode = $SignedInfoNode->appendChild(new DOMElement('SignatureMethod'));
        $SignatureMethodNode->setAttribute('Algorithm', 'http://www.w3.org/2000/09/xmldsig#rsa-sha1');
        $ReferenceNode = $SignedInfoNode->appendChild(new DOMElement('Reference'));
        $ReferenceNode->setAttribute('URI', sprintf('#%s', $XMLRequestDOMDoc->documentElement->getAttribute('Id')));
        $TransformsNode = $ReferenceNode->appendChild(new DOMElement('Transforms'));
        $Transform1Node = $TransformsNode->appendChild(new DOMElement('Transform'));
        $Transform1Node->setAttribute('Algorithm', 'http://www.w3.org/2000/09/xmldsig#enveloped-signature');
        $Transform2Node = $TransformsNode->appendChild(new DOMElement('Transform'));
        $Transform2Node->setAttribute('Algorithm', 'http://www.w3.org/2001/10/xml-exc-c14n#');
        $DigestMethodNode = $ReferenceNode->appendChild(new DOMElement('DigestMethod'));
        $DigestMethodNode->setAttribute('Algorithm', 'http://www.w3.org/2000/09/xmldsig#sha1');
        $ReferenceNode->appendChild(new DOMElement('DigestValue', $DigestValue));
        $SignedInfoNode = $XMLRequestDOMDoc->getElementsByTagName('SignedInfo')->item(0);
        $X509Issuer = $this->publicCertificateData['issuer'];
        $X509IssuerName = sprintf('OU=%s,O=%s,C=%s', $X509Issuer['OU'], $X509Issuer['O'], $X509Issuer['C']);
        $X509IssuerSerial = $this->publicCertificateData['serialNumber'];
        $publicCertificatePureString = str_replace('-----BEGIN CERTIFICATE-----', '', $this->certificate['cert']);
        $publicCertificatePureString = str_replace('-----END CERTIFICATE-----', '', $publicCertificatePureString);
        $this->signedInfoSignature = null;
        if (!openssl_sign($SignedInfoNode->C14N(true), $this->signedInfoSignature, $this->privateKeyResource, OPENSSL_ALGO_SHA1)) {
            throw new Exception('Unable to sign the request');
        }
        $SignatureNode = $XMLRequestDOMDoc->getElementsByTagName('Signature')->item(0);
        $SignatureValueNode = new DOMElement('SignatureValue', base64_encode($this->signedInfoSignature));
        $SignatureNode->appendChild($SignatureValueNode);
        $KeyInfoNode = $SignatureNode->appendChild(new DOMElement('KeyInfo'));
        $X509DataNode = $KeyInfoNode->appendChild(new DOMElement('X509Data'));
        $X509CertificateNode = new DOMElement('X509Certificate', $publicCertificatePureString);
        $X509DataNode->appendChild($X509CertificateNode);
        $X509IssuerSerialNode = $X509DataNode->appendChild(new DOMElement('X509IssuerSerial'));
        $X509IssuerNameNode = new DOMElement('X509IssuerName', $X509IssuerName);
        $X509IssuerSerialNode->appendChild($X509IssuerNameNode);
        $X509SerialNumberNode = new DOMElement('X509SerialNumber', $X509IssuerSerial);
        $X509IssuerSerialNode->appendChild($X509SerialNumberNode);
        $envelope = new DOMDocument();
        $envelope->loadXML('<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/">
		    <soapenv:Body></soapenv:Body>
		</soapenv:Envelope>');
        $envelope->encoding = 'UTF-8';
        $envelope->version = '1.0';
        $XMLRequestType = $XMLRequestDOMDoc->documentElement->localName;
        $XMLRequestTypeNode = $XMLRequestDOMDoc->getElementsByTagName($XMLRequestType)->item(0);
        $XMLRequestTypeNode = $envelope->importNode($XMLRequestTypeNode, true);
        $envelope->getElementsByTagName('Body')->item(0)->appendChild($XMLRequestTypeNode);
        return $envelope->saveXML();
    }
Example #30
0
 public static function getParamsSignatureWithRSA($params, $certPath, $password)
 {
     $query = self::getStringToSign($params);
     $params_sha1x16 = sha1($query, false);
     $privateKey = self::getPrivateKey($certPath, $password);
     openssl_sign($params_sha1x16, $signature, $privateKey, OPENSSL_ALGO_SHA1);
     return base64_encode($signature);
 }