/**
* Tries to resolve a key from the given \DOMElement.
*
* @param \DOMElement $node Node where to resolve the key
* @param string $algorithm XML security key algorithm
*
* @return \ass\XmlSecurity\Key|null
*/
public function keyInfoSecurityTokenReferenceResolver(\DOMElement $node, $algorithm)
{
foreach ($node->childNodes as $key) {
if (Helper::NS_WSS === $key->namespaceURI) {
switch ($key->localName) {
case 'KeyIdentifier':
return $this->serviceSecurityKey->getPublicKey();
case 'Reference':
$uri = $key->getAttribute('URI');
$referencedNode = $this->getReferenceNodeForUri($node, $uri);
if (XmlSecurityEnc::NS_XMLENC === $referencedNode->namespaceURI && 'EncryptedKey' == $referencedNode->localName) {
$key = XmlSecurityEnc::decryptEncryptedKey($referencedNode, $this->userSecurityKey->getPrivateKey());
return XmlSecurityKey::factory($algorithm, $key, false, XmlSecurityKey::TYPE_PRIVATE);
} elseif (Helper::NS_WSS === $referencedNode->namespaceURI && 'BinarySecurityToken' == $referencedNode->localName) {
$key = XmlSecurityPem::formatKeyInPemFormat($referencedNode->textContent);
return XmlSecurityKey::factory(XmlSecurityKey::RSA_SHA1, $key, false, XmlSecurityKey::TYPE_PUBLIC);
}
}
}
}
return null;
}
/**
* Get the thumbprint of the X509 certificate this key represents.
*
* @return string
*/
public function getX509Thumbprint()
{
if ($this->keyType != self::TYPE_PUBLIC) {
return null;
}
$certs = Pem::parseKeyFromPemFormat($this->key, Pem::PEM_TYPE_CERTIFICATE_X509);
return strtolower(sha1(base64_decode($certs[0])));
}
public function testParseKeyFromPemFormat()
{
$keys = Pem::parseKeyFromPemFormat($this->cert, PEM::PEM_TYPE_CERTIFICATE_X509);
$keyString = array_pop($keys);
$this->assertEquals($keyString, $this->keyString);
}
