public function add509Cert($cert, $isPEMFormat = TRUE)
{
$data = XMLSecurityDSig::get509XCert($cert, $isPEMFormat);
if ($xpath = $this->getXPathObj()) {
$query = "./secdsig:KeyInfo";
$nodeset = $xpath->query($query, $this->sigNode);
$keyInfo = $nodeset->item(0);
if (!$keyInfo) {
$inserted = FALSE;
$keyInfo = $this->createNewSignNode('KeyInfo');
if ($xpath = $this->getXPathObj()) {
$query = "./secdsig:Object";
$nodeset = $xpath->query($query, $this->sigNode);
if ($sObject = $nodeset->item(0)) {
$sObject->parentNode->insertBefore($keyInfo, $sObject);
$inserted = TRUE;
}
}
if (!$inserted) {
$this->sigNode->appendChild($keyInfo);
}
}
$x509DataNode = $this->createNewSignNode('X509Data');
$keyInfo->appendChild($x509DataNode);
$x509CertNode = $this->createNewSignNode('X509Certificate', $data);
$x509DataNode->appendChild($x509CertNode);
}
}
public function addBinaryToken($cert, $isPEMFormat = true, $isDSig = true)
{
$security = $this->locateSecurityHeader();
$data = XMLSecurityDSig::get509XCert($cert, $isPEMFormat);
$token = $this->soapDoc->createElementNS(self::WSSENS, self::WSSEPFX . ':BinarySecurityToken', $data);
$security->insertBefore($token, $security->firstChild);
$token->setAttribute('EncodingType', 'http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary');
$token->setAttributeNS(self::WSUNS, self::WSUPFX . ':Id', XMLSecurityDSig::generate_GUID());
$token->setAttribute('ValueType', 'http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3');
return $token;
}
public function mPayAttachCertificateInfo($cert, $isPEMFormat = TRUE)
{
$data = XMLSecurityDSig::get509XCert($cert, $isPEMFormat);
$certData = openssl_x509_parse("-----BEGIN CERTIFICATE-----\n" . chunk_split($data, 64, "\n") . "-----END CERTIFICATE-----\n");
$objXMLSecDSig = new XMLSecurityDSig();
if ($objDSig = $objXMLSecDSig->locateSignature($this->soapDoc)) {
$this->SOAPXPath->registerNamespace('secdsig', XMLSecurityDSig::XMLDSIGNS);
$query = "./secdsig:KeyInfo";
$nodeset = $this->SOAPXPath->query($query, $objDSig);
$keyInfo = $nodeset->item(0);
if (!$keyInfo) {
$keyInfo = $objXMLSecDSig->createNewSignNode('KeyInfo');
$objDSig->appendChild($keyInfo);
}
$tokenRef = $this->soapDoc->createElementNS(WSSESoap::WSSENS, WSSESoap::WSSEPFX . ':SecurityTokenReference');
$keyInfo->appendChild($tokenRef);
$xdata = $this->soapDoc->createElementNS(XMLSecurityDSig::XMLDSIGNS, 'ds:X509Data');
$tokenRef->appendChild($xdata);
$serial = $this->soapDoc->createElementNS(XMLSecurityDSig::XMLDSIGNS, 'ds:X509IssuerSerial');
$xdata->appendChild($serial);
if (!empty($certData['issuer']) && !empty($certData['serialNumber'])) {
if (is_array($certData['issuer'])) {
$parts = array();
foreach ($certData['issuer'] as $key => $value) {
array_unshift($parts, "{$key}={$value}");
}
$issuerName = implode(',', $parts);
} else {
$issuerName = $certData['issuer'];
}
$issuer_name_x = $this->soapDoc->createElementNS(XMLSecurityDSig::XMLDSIGNS, 'ds:X509IssuerName', $issuerName);
$serial->appendChild($issuer_name_x);
$serial_number = $this->soapDoc->createElementNS(XMLSecurityDSig::XMLDSIGNS, 'ds:X509SerialNumber', $certData['serialNumber']);
$serial->appendChild($serial_number);
}
} else {
throw new Exception('Unable to locate digital signature');
}
}
