Ejemplo n.º 1
0
 public function testSignDocumentSha256()
 {
     // if key has a passphrase, set it via fifth parameter in factory
     $key = Key::factory(Key::RSA_SHA256, $this->fixturesDir . '/privkey.pem', true, Key::TYPE_PRIVATE);
     $cert = Key::factory(Key::RSA_SHA256, $this->fixturesDir . '/mycert.pem', true, Key::TYPE_PUBLIC);
     $doc = new DOMDocument();
     $doc->formatOutput = true;
     $doc->load($this->fixturesDir . '/DSig/sign_document.xml');
     $keyInfo = DSig::createX509CertificateKeyInfo($doc, $cert);
     $signature = DSig::createSignature($key, DSig::EXC_C14N, $doc->documentElement, null, $keyInfo);
     DSig::addNodeToSignature($signature, $doc, DSig::SHA1, DSig::TRANSFORMATION_ENVELOPED_SIGNATURE);
     DSig::signDocument($signature, $key, DSig::EXC_C14N);
     $file = $this->fixturesDir . '/DSig/sign_document_sha256_result.xml';
     $this->assertXmlStringEqualsXmlFile($file, $doc->saveXML(), "Sign document with SHA256");
 }
Ejemplo n.º 2
0
 /**
  * Modify the given request XML.
  *
  * @param \BeSimple\SoapCommon\SoapResponse $response SOAP response
  *
  * @return void
  */
 public function filterResponse(CommonSoapResponse $response)
 {
     // get \DOMDocument from SOAP response
     $dom = $response->getContentDocument();
     // create FilterHelper
     $filterHelper = new FilterHelper($dom);
     // add the neccessary namespaces
     $filterHelper->addNamespace(Helper::PFX_WSS, Helper::NS_WSS);
     $filterHelper->addNamespace(Helper::PFX_WSU, Helper::NS_WSU);
     $filterHelper->registerNamespace(XmlSecurityDSig::PFX_XMLDSIG, XmlSecurityDSig::NS_XMLDSIG);
     // init timestamp
     $dt = new \DateTime('now', new \DateTimeZone('UTC'));
     $createdTimestamp = $dt->format(static::DATETIME_FORMAT);
     // create security header
     $security = $filterHelper->createElement(Helper::NS_WSS, 'Security');
     $filterHelper->addHeaderElement($security, true, $this->actor, $response->getVersion());
     if (true === $this->addTimestamp || null !== $this->expires) {
         $timestamp = $filterHelper->createElement(Helper::NS_WSU, 'Timestamp');
         $created = $filterHelper->createElement(Helper::NS_WSU, 'Created', $createdTimestamp);
         $timestamp->appendChild($created);
         if (null !== $this->expires) {
             $dt->modify('+' . $this->expires . ' seconds');
             $expiresTimestamp = $dt->format(static::DATETIME_FORMAT);
             $expires = $filterHelper->createElement(Helper::NS_WSU, 'Expires', $expiresTimestamp);
             $timestamp->appendChild($expires);
         }
         $security->appendChild($timestamp);
     }
     if (null !== $this->userSecurityKey && $this->userSecurityKey->hasKeys()) {
         $guid = 'CertId-' . Helper::generateUUID();
         // add token references
         $keyInfo = null;
         if (null !== $this->tokenReferenceSignature) {
             $keyInfo = $this->createKeyInfo($filterHelper, $this->tokenReferenceSignature, $guid, $this->userSecurityKey->getPublicKey());
         }
         $nodes = $this->createNodeListForSigning($dom, $security);
         $signature = XmlSecurityDSig::createSignature($this->userSecurityKey->getPrivateKey(), XmlSecurityDSig::EXC_C14N, $security, null, $keyInfo);
         $options = array('id_ns_prefix' => Helper::PFX_WSU, 'id_prefix_ns' => Helper::NS_WSU);
         foreach ($nodes as $node) {
             XmlSecurityDSig::addNodeToSignature($signature, $node, XmlSecurityDSig::SHA1, XmlSecurityDSig::EXC_C14N, $options);
         }
         XmlSecurityDSig::signDocument($signature, $this->userSecurityKey->getPrivateKey(), XmlSecurityDSig::EXC_C14N);
         $publicCertificate = $this->userSecurityKey->getPublicKey()->getX509Certificate(true);
         $binarySecurityToken = $filterHelper->createElement(Helper::NS_WSS, 'BinarySecurityToken', $publicCertificate);
         $filterHelper->setAttribute($binarySecurityToken, null, 'EncodingType', Helper::NAME_WSS_SMS . '#Base64Binary');
         $filterHelper->setAttribute($binarySecurityToken, null, 'ValueType', Helper::NAME_WSS_X509 . '#X509v3');
         $filterHelper->setAttribute($binarySecurityToken, Helper::NS_WSU, 'Id', $guid);
         $security->insertBefore($binarySecurityToken, $signature);
         // encrypt soap document
         if (null !== $this->serviceSecurityKey && $this->serviceSecurityKey->hasKeys()) {
             $guid = 'EncKey-' . Helper::generateUUID();
             // add token references
             $keyInfo = null;
             if (null !== $this->tokenReferenceEncryption) {
                 $keyInfo = $this->createKeyInfo($filterHelper, $this->tokenReferenceEncryption, $guid, $this->serviceSecurityKey->getPublicKey());
             }
             $encryptedKey = XmlSecurityEnc::createEncryptedKey($guid, $this->serviceSecurityKey->getPrivateKey(), $this->serviceSecurityKey->getPublicKey(), $security, $signature, $keyInfo);
             $referenceList = XmlSecurityEnc::createReferenceList($encryptedKey);
             // token reference to encrypted key
             $keyInfo = $this->createKeyInfo($filterHelper, self::TOKEN_REFERENCE_SECURITY_TOKEN, $guid);
             $nodes = $this->createNodeListForEncryption($dom);
             foreach ($nodes as $node) {
                 $type = XmlSecurityEnc::ELEMENT;
                 if ($node->localName == 'Body') {
                     $type = XmlSecurityEnc::CONTENT;
                 }
                 XmlSecurityEnc::encryptNode($node, $type, $this->serviceSecurityKey->getPrivateKey(), $referenceList, $keyInfo);
             }
         }
     }
 }