/**
* Sign the specified DOMDocument
*
* @see https://github.com/Maks3w/xmlseclibs/blob/v1.3.0/tests/xml-sign.phpt
*
* @param DOMDocument $document
* @return DOMDocument
*/
private function sign_document(DOMDocument $document)
{
$result = false;
try {
$dsig = new XMLSecurityDSig();
// For canonicalization purposes the exclusive (9) algorithm must be used.
// @see http://pronamic.nl/wp-content/uploads/2012/12/iDEAL-Merchant-Integration-Guide-ENG-v3.3.1.pdf #page 30
$dsig->setCanonicalMethod(XMLSecurityDSig::EXC_C14N);
// For hashing purposes the SHA-256 (11) algorithm must be used.
// @see http://pronamic.nl/wp-content/uploads/2012/12/iDEAL-Merchant-Integration-Guide-ENG-v3.3.1.pdf #page 30
$dsig->addReference($document, XMLSecurityDSig::SHA256, array('http://www.w3.org/2000/09/xmldsig#enveloped-signature'), array('force_uri' => true));
// For signature purposes the RSAWithSHA 256 (12) algorithm must be used.
// @see http://pronamic.nl/wp-content/uploads/2012/12/iDEAL-Merchant-Integration-Guide-ENG-v3.3.1.pdf #page 31
$key = new XMLSecurityKey(XMLSecurityKey::RSA_SHA256, array('type' => 'private'));
$key->passphrase = $this->private_key_password;
$key->loadKey($this->private_key);
// Test if we can get an private key object, to prefent the following errors:
// Warning: openssl_sign() [function.openssl-sign]: supplied key param cannot be coerced into a private key
$result = openssl_get_privatekey($this->private_key, $this->private_key_password);
if (false !== $result) {
// Sign
$dsig->sign($key);
// The public key must be referenced using a fingerprint of an X.509
// certificate. The fingerprint must be calculated according
// to the following formula HEX(SHA-1(DER certificate)) (13)
// @see http://pronamic.nl/wp-content/uploads/2012/12/iDEAL-Merchant-Integration-Guide-ENG-v3.3.1.pdf #page 31
$fingerprint = Pronamic_WP_Pay_Gateways_IDealAdvancedV3_Security::get_sha_fingerprint($this->private_certificate);
$dsig->addKeyInfoAndName($fingerprint);
// Add the signature
$dsig->appendSignature($document->documentElement);
$result = $document;
} else {
throw new Exception('Can not load private key');
}
} catch (Exception $e) {
$this->error = new WP_Error('xml_security', $e->getMessage(), $e);
}
return $result;
}
public function field_private_certificate($field)
{
$certificate = get_post_meta(get_the_ID(), '_pronamic_gateway_ideal_private_certificate', true);
$private_key_password = get_post_meta(get_the_ID(), '_pronamic_gateway_ideal_private_key_password', true);
$number_days_valid = get_post_meta(get_the_ID(), '_pronamic_gateway_number_days_valid', true);
$filename_key = __('ideal.key', 'pronamic_ideal');
$filename_cer = __('ideal.cer', 'pronamic_ideal');
// @see http://www.openssl.org/docs/apps/req.html
$subj_args = array('C' => get_post_meta(get_the_ID(), '_pronamic_gateway_country', true), 'ST' => get_post_meta(get_the_ID(), '_pronamic_gateway_state_or_province', true), 'L' => get_post_meta(get_the_ID(), '_pronamic_gateway_locality', true), 'O' => get_post_meta(get_the_ID(), '_pronamic_gateway_organization', true), 'OU' => get_post_meta(get_the_ID(), '_pronamic_gateway_organization_unit', true), 'CN' => get_post_meta(get_the_ID(), '_pronamic_gateway_organization', true), 'emailAddress' => get_post_meta(get_the_ID(), '_pronamic_gateway_email', true));
$subj_args = array_filter($subj_args);
$subj = '';
foreach ($subj_args as $type => $value) {
$subj .= '/' . $type . '=' . addslashes($value);
}
if (!empty($subj)) {
$command = trim(sprintf('openssl req -x509 -sha256 -new -key %s -passin pass:%s -days %s -out %s %s', escapeshellarg($filename_key), escapeshellarg($private_key_password), escapeshellarg($number_days_valid), escapeshellarg($filename_cer), empty($subj) ? '' : sprintf("-subj '%s'", escapeshellarg($subj))));
?>
<p><?php
esc_html_e('OpenSSL command', 'pronamic_ideal');
?>
</p>
<input id="pronamic_ideal_openssl_command_certificate" name="pronamic_ideal_openssl_command_certificate" value="<?php
echo esc_attr($command);
?>
" type="text" class="large-text code" readonly="readonly" />
<?php
} else {
printf('<p class="pronamic-pay-description description">%s</p>', esc_html__('Leave empty and save the configuration to generate the certificate or view the OpenSSL command.', 'pronamic_ideal'));
}
if (!empty($certificate)) {
$fingerprint = Pronamic_WP_Pay_Gateways_IDealAdvancedV3_Security::get_sha_fingerprint($certificate);
$fingerprint = str_split($fingerprint, 2);
$fingerprint = implode(':', $fingerprint);
echo '<dl>';
echo '<dt>', esc_html__('SHA Fingerprint', 'pronamic_ideal'), '</dt>';
echo '<dd>', esc_html($fingerprint), '</dd>';
$info = openssl_x509_parse($certificate);
if ($info) {
$date_format = __('M j, Y @ G:i', 'pronamic_ideal');
if (isset($info['validFrom_time_t'])) {
echo '<dt>', esc_html__('Valid From', 'pronamic_ideal'), '</dt>';
echo '<dd>', esc_html(date_i18n($date_format, $info['validFrom_time_t'])), '</dd>';
}
if (isset($info['validTo_time_t'])) {
echo '<dt>', esc_html__('Valid To', 'pronamic_ideal'), '</dt>';
echo '<dd>', esc_html(date_i18n($date_format, $info['validTo_time_t'])), '</dd>';
}
}
echo '</dl>';
}
?>
<p>
<?php
if (!empty($certificate)) {
submit_button(__('Download', 'pronamic_ideal'), 'secondary', 'download_private_certificate', false);
echo ' ';
}
printf('<label class="pronamic-pay-form-control-file-button button">%s <input type="file" name="%s" /></label>', esc_html__('Upload', 'pronamic_ideal'), '_pronamic_gateway_ideal_private_certificate_file');
?>
</p>
<?php
}
