/** * Método que firma un XML utilizando RSA y SHA1 * * Referencia: http://www.di-mgt.com.au/xmldsig2.html * * @param xml Datos XML que se desean firmar * @param reference Referencia a la que hace la firma * @return XML firmado o =false si no se pudo fimar * @author Esteban De La Fuente Rubio, DeLaF (esteban[at]sasco.cl) * @version 2015-09-02 */ public function signXML($xml, $reference = '', $tag = null, $xmlns_xsi = false) { $doc = new XML(); $doc->loadXML($xml); // crear nodo para la firma $Signature = $doc->importNode((new XML())->generate(['Signature' => ['@attributes' => ['xmlns' => 'http://www.w3.org/2000/09/xmldsig#'], 'SignedInfo' => ['@attributes' => ['xmlns' => 'http://www.w3.org/2000/09/xmldsig#', 'xmlns:xsi' => $xmlns_xsi ? 'http://www.w3.org/2001/XMLSchema-instance' : false], 'CanonicalizationMethod' => ['@attributes' => ['Algorithm' => 'http://www.w3.org/TR/2001/REC-xml-c14n-20010315']], 'SignatureMethod' => ['@attributes' => ['Algorithm' => 'http://www.w3.org/2000/09/xmldsig#rsa-sha1']], 'Reference' => ['@attributes' => ['URI' => $reference], 'Transforms' => ['Transform' => ['@attributes' => ['Algorithm' => 'http://www.w3.org/2000/09/xmldsig#enveloped-signature']]], 'DigestMethod' => ['@attributes' => ['Algorithm' => 'http://www.w3.org/2000/09/xmldsig#sha1']], 'DigestValue' => null]], 'SignatureValue' => null, 'KeyInfo' => ['KeyValue' => ['RSAKeyValue' => ['Modulus' => null, 'Exponent' => null]], 'X509Data' => ['X509Certificate' => null]]]])->documentElement, true); // calcular DigestValue if ($tag) { $digest = base64_encode(sha1($doc->documentElement->getElementsByTagName($tag)->item(0)->C14N(), true)); } else { $digest = base64_encode(sha1($doc->C14N(), true)); } $Signature->getElementsByTagName('DigestValue')->item(0)->nodeValue = $digest; // calcular SignatureValue $SignedInfo = $doc->saveHTML($Signature->getElementsByTagName('SignedInfo')->item(0)); $firma = $this->sign($SignedInfo); if (!$firma) { return false; } $signature = wordwrap($firma, $this->config['wordwrap'], "\n", true); // reemplazar valores en la firma de $Signature->getElementsByTagName('SignatureValue')->item(0)->nodeValue = $signature; $Signature->getElementsByTagName('Modulus')->item(0)->nodeValue = $this->getModulus(); $Signature->getElementsByTagName('Exponent')->item(0)->nodeValue = $this->getExponent(); $Signature->getElementsByTagName('X509Certificate')->item(0)->nodeValue = $this->getCertificate(true); // agregar y entregar firma $doc->documentElement->appendChild($Signature); return $doc->saveXML(); }