public function addReference($name, $node, $type) { if (!$node instanceof DOMNode) { throw new Exception('$node is not of type DOMNode'); } $curencdoc = $this->encdoc; $this->_resetTemplate(); $encdoc = $this->encdoc; $this->encdoc = $curencdoc; $refuri = XMLSecurityDSig::generate_GUID(); $element = $encdoc->documentElement; $element->setAttribute("Id", $refuri); $this->references[$name] = array("node" => $node, "type" => $type, "encnode" => $encdoc, "refuri" => $refuri); }
/** * @param $parentRef * @param $cert * @param bool $isPEMFormat * @param bool $isURL * @param null $xpath * @param null $options * * @throws Exception */ static function staticAdd509Cert($parentRef, $cert, $isPEMFormat = true, $isURL = false, $xpath = null, $options = null) { if ($isURL) { $cert = file_get_contents($cert); } if (!$parentRef instanceof DOMElement) { throw new Exception('Invalid parent Node parameter'); } $baseDoc = $parentRef->ownerDocument; if (empty($xpath)) { $xpath = new DOMXPath($parentRef->ownerDocument); $xpath->registerNamespace('secdsig', XMLSecurityDSig::XMLDSIGNS); } $query = "./secdsig:KeyInfo"; $nodeset = $xpath->query($query, $parentRef); $keyInfo = $nodeset->item(0); if (!$keyInfo) { $inserted = false; $keyInfo = $baseDoc->createElementNS(XMLSecurityDSig::XMLDSIGNS, 'ds:KeyInfo'); $query = "./secdsig:Object"; $nodeset = $xpath->query($query, $parentRef); if ($sObject = $nodeset->item(0)) { $sObject->parentNode->insertBefore($keyInfo, $sObject); $inserted = true; } if (!$inserted) { $parentRef->appendChild($keyInfo); } } // Add all certs if there are more than one $certs = XMLSecurityDSig::staticGet509XCerts($cert, $isPEMFormat); // Attach X509 data node $x509DataNode = $baseDoc->createElementNS(XMLSecurityDSig::XMLDSIGNS, 'ds:X509Data'); $keyInfo->appendChild($x509DataNode); $issuerSerial = false; if (is_array($options)) { if (!empty($options['issuerSerial'])) { $issuerSerial = true; } } // Attach all certificate nodes and any additional data foreach ($certs as $X509Cert) { if ($issuerSerial) { if ($certData = openssl_x509_parse("-----BEGIN CERTIFICATE-----\n" . chunk_split($X509Cert, 64, "\n") . "-----END CERTIFICATE-----\n")) { if ($issuerSerial && !empty($certData['issuer']) && !empty($certData['serialNumber'])) { if (is_array($certData['issuer'])) { $parts = array(); foreach ($certData['issuer'] as $key => $value) { array_unshift($parts, "{$key}={$value}"); } $issuerName = implode(',', $parts); } else { $issuerName = $certData['issuer']; } $x509IssuerNode = $baseDoc->createElementNS(XMLSecurityDSig::XMLDSIGNS, 'ds:X509IssuerSerial'); $x509DataNode->appendChild($x509IssuerNode); $x509Node = $baseDoc->createElementNS(XMLSecurityDSig::XMLDSIGNS, 'ds:X509IssuerName', $issuerName); $x509IssuerNode->appendChild($x509Node); $x509Node = $baseDoc->createElementNS(XMLSecurityDSig::XMLDSIGNS, 'ds:X509SerialNumber', $certData['serialNumber']); $x509IssuerNode->appendChild($x509Node); } } } $x509CertNode = $baseDoc->createElementNS(XMLSecurityDSig::XMLDSIGNS, 'ds:X509Certificate', $X509Cert); $x509DataNode->appendChild($x509CertNode); } }