/**
* zSignCheck
* @param DOMDocument $dom
* @return boolean
* @throws Exception\RuntimeException
*/
private function zSignCheck($dom)
{
// Obter e remontar a chave publica do xml
$x509Certificate = $dom->getNodeValue('X509Certificate');
$x509Certificate = "-----BEGIN CERTIFICATE-----\n" . $this->zSplitLines($x509Certificate) . "\n-----END CERTIFICATE-----\n";
//carregar a chave publica remontada
$objSSLPubKey = openssl_pkey_get_public($x509Certificate);
if ($objSSLPubKey === false) {
$msg = "Ocorreram problemas ao carregar a chave pública. Certificado incorreto ou corrompido!!";
$this->zGetOpenSSLError($msg);
//while ($erro = openssl_error_string()) {
// $msg .= $erro . "\n";
//}
//throw new Exception\RuntimeException($msg);
}
//remontando conteudo que foi assinado
$signContent = $dom->getElementsByTagName('SignedInfo')->item(0)->C14N(true, false, null, null);
// validando assinatura do conteudo
$signatureValueXML = $dom->getElementsByTagName('SignatureValue')->item(0)->nodeValue;
$decodedSignature = base64_decode(str_replace(array("\r", "\n"), '', $signatureValueXML));
$resp = openssl_verify($signContent, $decodedSignature, $objSSLPubKey);
if ($resp != 1) {
$msg = "Problema ({$resp}) ao verificar a assinatura do digital!!";
$this->zGetOpenSSLError($msg);
//while ($erro = openssl_error_string()) {
// $msg .= $erro . "\n";
//}
//throw new Exception\RuntimeException($msg);
}
return true;
}
/**
* zSignCheck
* @param DOMDocument $dom
* @return boolean
* @throws Exception\RuntimeException
*/
private function zSignCheck($dom)
{
//SignatureMethod attribute Algorithm
//<SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
$sigMethAlgo = $dom->getNode('SignatureMethod', 0)->getAttribute('Algorithm');
if ($sigMethAlgo == 'http://www.w3.org/2000/09/xmldsig#rsa-sha1') {
$signAlgorithm = OPENSSL_ALGO_SHA1;
} else {
$signAlgorithm = OPENSSL_ALGO_SHA256;
}
// Obter e remontar a chave publica do xml
$x509Certificate = $dom->getNodeValue('X509Certificate');
$x509Certificate = "-----BEGIN CERTIFICATE-----\n" . $this->zSplitLines($x509Certificate) . "\n-----END CERTIFICATE-----\n";
//carregar a chave publica remontada
$objSSLPubKey = openssl_pkey_get_public($x509Certificate);
if ($objSSLPubKey === false) {
$msg = "Ocorreram problemas ao carregar a chave pública. Certificado incorreto ou corrompido!!";
$this->zGetOpenSSLError($msg);
}
//remontando conteudo que foi assinado
$signContent = $dom->getElementsByTagName('SignedInfo')->item(0)->C14N(true, false, null, null);
// validando assinatura do conteudo
$signatureValueXML = $dom->getElementsByTagName('SignatureValue')->item(0)->nodeValue;
$decodedSignature = base64_decode(str_replace(array("\r", "\n"), '', $signatureValueXML));
$resp = openssl_verify($signContent, $decodedSignature, $objSSLPubKey, $signAlgorithm);
if ($resp != 1) {
$msg = "Problema ({$resp}) ao verificar a assinatura do digital!!";
$this->zGetOpenSSLError($msg);
}
return true;
}
