public function sign(DOMDocument $data)
{
if (null === $this->privateKey) {
throw new RuntimeException('Missing private key. Use setPrivateKey to set one.');
}
$objKey = new XMLSecurityKey($this->keyAlgorithm, ['type' => 'private']);
$objKey->loadKey($this->privateKey);
$objXMLSecDSig = new XMLSecurityDSig();
$objXMLSecDSig->setCanonicalMethod($this->canonicalMethod);
$objXMLSecDSig->addReference($data, $this->digestAlgorithm, $this->transforms, ['force_uri' => true]);
$objXMLSecDSig->sign($objKey, $data->documentElement);
/* Add associated public key */
if ($this->getPublicKey()) {
$objXMLSecDSig->add509Cert($this->getPublicKey());
}
}
public function signDocument()
{
if (strlen($this->content2SignIdentifier) == 0) {
return;
}
// get content to sign
// get content to sign
$doc = new DOMDocument('1.0', 'UTF-8');
$doc->loadXML($this->xmlMessage);
$xpath = new DOMXPath($doc);
$nodeset = $xpath->query("//{$this->content2SignIdentifier}")->item(0);
// sign
// sign
$objXMLSecDSig = new XMLSecurityDSig('');
$objXMLSecDSig->setCanonicalMethod(XMLSecurityDSig::C14N);
$objXMLSecDSig->addReference($nodeset, XMLSecurityDSig::SHA256, array('http://www.w3.org/2000/09/xmldsig#enveloped-signature'), array('id_name' => 'Id', 'uri' => $this->msgIdentifier, 'overwrite' => false));
openssl_pkcs12_read(file_get_contents($this->myCertificatePathP12), $raw, $this->myCertificatePassword);
$objKey = new XMLSecurityKey(XMLSecurityKey::RSA_SHA256, array('type' => 'private'));
$objKey->loadKey($raw['pkey']);
$objXMLSecDSig->sign($objKey, $nodeset);
$objXMLSecDSig->add509Cert($raw['cert'], true, false, array('issuerSerial' => true, 'subjectName' => true, 'issuerCertificate' => false));
$this->xmlMessage = $doc->saveXML();
}
