public function addReference($name, $node, $type) { if (!$node instanceof DOMNode) { throw new Exception('$node is not of type DOMNode'); } $curencdoc = $this->encdoc; $this->_resetTemplate(); $encdoc = $this->encdoc; $this->encdoc = $curencdoc; $refuri = DBSeller_Helper_Xml_Security_XMLSecurityDSig::generate_GUID(); $element = $encdoc->documentElement; $element->setAttribute("Id", $refuri); $this->references[$name] = array("node" => $node, "type" => $type, "encnode" => $encdoc, "refuri" => $refuri); }
/** * Realiza a validação do documento. * @param bool $lVerificarIntegridadeDocumento true para validar a integridade do documento * @return bool */ public function validar($lVerificarIntegridadeDocumento = true) { if ($this->getDataFinal() < new DateTime()) { $this->lastError = self::ERRO_CERTIFICADO_VENCIDO; return false; } $oXMLSecDSig = new DBSeller_Helper_Xml_Security_XMLSecurityDSig(); $oAssinatura = $oXMLSecDSig->locateSignature($this->oDomDocument); if (empty($oAssinatura)) { $this->lastError = self::ERRO_ASSINATURA_NAO_ENCONTRADA; return false; } $oXMLSecDSig->canonicalizeSignedInfo(); if ($lVerificarIntegridadeDocumento && !$oXMLSecDSig->validateReference()) { $this->lastError = self::ERRO_INTEGRIDADE_DOCUMENTO; return false; } $oKeyData = $oXMLSecDSig->locateKey(); if (!$oKeyData) { $this->lastError = self::ERRO_ASSINATURA_INVALIDA; return false; } $objKeyInfo = DBSeller_Helper_Xml_Security_XMLSecEnc::staticLocateKeyInfo($oKeyData, $oAssinatura); return $oXMLSecDSig->verify($objKeyInfo); }
static function staticAdd509Cert($parentRef, $cert, $isPEMFormat = TRUE, $isURL = False, $xpath = NULL, $options = NULL) { if ($isURL) { $cert = file_get_contents($cert); } if (!$parentRef instanceof DOMElement) { throw new Exception('Invalid parent Node parameter'); } $baseDoc = $parentRef->ownerDocument; if (empty($xpath)) { $xpath = new DOMXPath($parentRef->ownerDocument); $xpath->registerNamespace('secdsig', DBSeller_Helper_Xml_Security_XMLSecurityDSig::XMLDSIGNS); } $query = "./secdsig:KeyInfo"; $nodeset = $xpath->query($query, $parentRef); $keyInfo = $nodeset->item(0); if (!$keyInfo) { $inserted = FALSE; $keyInfo = $baseDoc->createElementNS(DBSeller_Helper_Xml_Security_XMLSecurityDSig::XMLDSIGNS, 'KeyInfo'); $query = "./secdsig:Object"; $nodeset = $xpath->query($query, $parentRef); if ($sObject = $nodeset->item(0)) { $sObject->parentNode->insertBefore($keyInfo, $sObject); $inserted = TRUE; } if (!$inserted) { $parentRef->appendChild($keyInfo); } } // Add all certs if there are more than one $certs = DBSeller_Helper_Xml_Security_XMLSecurityDSig::staticGet509XCerts($cert, $isPEMFormat); // Attach X509 data node $x509DataNode = $baseDoc->createElementNS(DBSeller_Helper_Xml_Security_XMLSecurityDSig::XMLDSIGNS, 'X509Data'); $keyInfo->appendChild($x509DataNode); $issuerSerial = FALSE; $subjectName = FALSE; if (is_array($options)) { if (!empty($options['issuerSerial'])) { $issuerSerial = TRUE; } } // Attach all certificate nodes and any additional data foreach ($certs as $X509Cert) { if ($issuerSerial) { if ($certData = openssl_x509_parse("-----BEGIN CERTIFICATE-----\n" . chunk_split($X509Cert, 64, "\n") . "-----END CERTIFICATE-----\n")) { if ($issuerSerial && !empty($certData['issuer']) && !empty($certData['serialNumber'])) { if (is_array($certData['issuer'])) { $parts = array(); foreach ($certData['issuer'] as $key => $value) { array_unshift($parts, "{$key}={$value}" . $issuer); } $issuerName = implode(',', $parts); } else { $issuerName = $certData['issuer']; } $x509IssuerNode = $baseDoc->createElementNS(DBSeller_Helper_Xml_Security_XMLSecurityDSig::XMLDSIGNS, 'X509IssuerSerial'); $x509DataNode->appendChild($x509IssuerNode); $x509Node = $baseDoc->createElementNS(DBSeller_Helper_Xml_Security_XMLSecurityDSig::XMLDSIGNS, 'X509IssuerName', $issuerName); $x509IssuerNode->appendChild($x509Node); $x509Node = $baseDoc->createElementNS(DBSeller_Helper_Xml_Security_XMLSecurityDSig::XMLDSIGNS, 'X509SerialNumber', $certData['serialNumber']); $x509IssuerNode->appendChild($x509Node); } } } $x509CertNode = $baseDoc->createElementNS(DBSeller_Helper_Xml_Security_XMLSecurityDSig::XMLDSIGNS, 'X509Certificate', $X509Cert); $x509DataNode->appendChild($x509CertNode); } }