/** * zSignCheck * @param DOMDocument $dom * @return boolean * @throws Exception\RuntimeException */ private function zSignCheck($dom) { // Obter e remontar a chave publica do xml $x509Certificate = $dom->getNodeValue('X509Certificate'); $x509Certificate = "-----BEGIN CERTIFICATE-----\n" . $this->zSplitLines($x509Certificate) . "\n-----END CERTIFICATE-----\n"; //carregar a chave publica remontada $objSSLPubKey = openssl_pkey_get_public($x509Certificate); if ($objSSLPubKey === false) { $msg = "Ocorreram problemas ao carregar a chave pública. Certificado incorreto ou corrompido!!"; $this->zGetOpenSSLError($msg); //while ($erro = openssl_error_string()) { // $msg .= $erro . "\n"; //} //throw new Exception\RuntimeException($msg); } //remontando conteudo que foi assinado $signContent = $dom->getElementsByTagName('SignedInfo')->item(0)->C14N(true, false, null, null); // validando assinatura do conteudo $signatureValueXML = $dom->getElementsByTagName('SignatureValue')->item(0)->nodeValue; $decodedSignature = base64_decode(str_replace(array("\r", "\n"), '', $signatureValueXML)); $resp = openssl_verify($signContent, $decodedSignature, $objSSLPubKey); if ($resp != 1) { $msg = "Problema ({$resp}) ao verificar a assinatura do digital!!"; $this->zGetOpenSSLError($msg); //while ($erro = openssl_error_string()) { // $msg .= $erro . "\n"; //} //throw new Exception\RuntimeException($msg); } return true; }
/** * zSignCheck * @param DOMDocument $dom * @return boolean * @throws Exception\RuntimeException */ private function zSignCheck($dom) { //SignatureMethod attribute Algorithm //<SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/> $sigMethAlgo = $dom->getNode('SignatureMethod', 0)->getAttribute('Algorithm'); if ($sigMethAlgo == 'http://www.w3.org/2000/09/xmldsig#rsa-sha1') { $signAlgorithm = OPENSSL_ALGO_SHA1; } else { $signAlgorithm = OPENSSL_ALGO_SHA256; } // Obter e remontar a chave publica do xml $x509Certificate = $dom->getNodeValue('X509Certificate'); $x509Certificate = "-----BEGIN CERTIFICATE-----\n" . $this->zSplitLines($x509Certificate) . "\n-----END CERTIFICATE-----\n"; //carregar a chave publica remontada $objSSLPubKey = openssl_pkey_get_public($x509Certificate); if ($objSSLPubKey === false) { $msg = "Ocorreram problemas ao carregar a chave pública. Certificado incorreto ou corrompido!!"; $this->zGetOpenSSLError($msg); } //remontando conteudo que foi assinado $signContent = $dom->getElementsByTagName('SignedInfo')->item(0)->C14N(true, false, null, null); // validando assinatura do conteudo $signatureValueXML = $dom->getElementsByTagName('SignatureValue')->item(0)->nodeValue; $decodedSignature = base64_decode(str_replace(array("\r", "\n"), '', $signatureValueXML)); $resp = openssl_verify($signContent, $decodedSignature, $objSSLPubKey, $signAlgorithm); if ($resp != 1) { $msg = "Problema ({$resp}) ao verificar a assinatura do digital!!"; $this->zGetOpenSSLError($msg); } return true; }