public function addIssuerSerial($X509Cert)
{
$name = getIssuerName($X509Cert);
$serialNumber = getSerialNumber($X509Cert);
$objXMLSecDSig = new XMLSecurityDSig();
if ($objDSig = $objXMLSecDSig->locateSignature($this->soapDoc)) {
$this->SOAPXPath->registerNamespace('secdsig', XMLSecurityDSig::XMLDSIGNS);
$query = "./secdsig:KeyInfo";
$nodeset = $this->SOAPXPath->query($query, $objDSig);
$keyInfo = $nodeset->item(0);
if (!$keyInfo) {
$keyInfo = $objXMLSecDSig->createNewSignNode('KeyInfo');
$objDSig->appendChild($keyInfo);
}
$tokenRef = $this->soapDoc->createElementNS(WSSESoap::WSSENS, WSSESoap::WSSEPFX . ':SecurityTokenReference');
$keyInfo->appendChild($tokenRef);
$x509Data = $objXMLSecDSig->createNewSignNode("X509Data");
$x509IssuerSerial = $objXMLSecDSig->createNewSignNode("X509IssuerSerial");
$x509Data->appendChild($x509IssuerSerial);
$x509IssuerName = $objXMLSecDSig->createNewSignNode("X509IssuerName", $name);
$x509SerialNumber = $objXMLSecDSig->createNewSignNode("X509SerialNumber", $serialNumber);
$x509IssuerSerial->appendChild($x509IssuerName);
$x509IssuerSerial->appendChild($x509SerialNumber);
$tokenRef->appendChild($x509Data);
} else {
throw new Exception('Unable to locate digital signature');
}
}
public function attachTokentoSig($token)
{
if (!$token instanceof DOMElement) {
throw new Exception('Invalid parameter: BinarySecurityToken element expected');
}
$objXMLSecDSig = new XMLSecurityDSig();
if ($objDSig = $objXMLSecDSig->locateSignature($this->soapDoc)) {
$tokenURI = '#' . $token->getAttributeNS(self::WSUNS, "Id");
$this->SOAPXPath->registerNamespace('secdsig', XMLSecurityDSig::XMLDSIGNS);
$query = "./secdsig:KeyInfo";
$nodeset = $this->SOAPXPath->query($query, $objDSig);
$keyInfo = $nodeset->item(0);
if (!$keyInfo) {
$keyInfo = $objXMLSecDSig->createNewSignNode('KeyInfo');
$objDSig->appendChild($keyInfo);
}
$tokenRef = $this->soapDoc->createElementNS(self::WSSENS, self::WSSEPFX . ':SecurityTokenReference');
$keyInfo->appendChild($tokenRef);
$reference = $this->soapDoc->createElementNS(self::WSSENS, self::WSSEPFX . ':Reference');
$reference->setAttribute('ValueType', 'http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3');
$reference->setAttribute("URI", $tokenURI);
$tokenRef->appendChild($reference);
} else {
throw new Exception('Unable to locate digital signature');
}
}
public function mPayAttachCertificateInfo($cert, $isPEMFormat = TRUE)
{
$data = XMLSecurityDSig::get509XCert($cert, $isPEMFormat);
$certData = openssl_x509_parse("-----BEGIN CERTIFICATE-----\n" . chunk_split($data, 64, "\n") . "-----END CERTIFICATE-----\n");
$objXMLSecDSig = new XMLSecurityDSig();
if ($objDSig = $objXMLSecDSig->locateSignature($this->soapDoc)) {
$this->SOAPXPath->registerNamespace('secdsig', XMLSecurityDSig::XMLDSIGNS);
$query = "./secdsig:KeyInfo";
$nodeset = $this->SOAPXPath->query($query, $objDSig);
$keyInfo = $nodeset->item(0);
if (!$keyInfo) {
$keyInfo = $objXMLSecDSig->createNewSignNode('KeyInfo');
$objDSig->appendChild($keyInfo);
}
$tokenRef = $this->soapDoc->createElementNS(WSSESoap::WSSENS, WSSESoap::WSSEPFX . ':SecurityTokenReference');
$keyInfo->appendChild($tokenRef);
$xdata = $this->soapDoc->createElementNS(XMLSecurityDSig::XMLDSIGNS, 'ds:X509Data');
$tokenRef->appendChild($xdata);
$serial = $this->soapDoc->createElementNS(XMLSecurityDSig::XMLDSIGNS, 'ds:X509IssuerSerial');
$xdata->appendChild($serial);
if (!empty($certData['issuer']) && !empty($certData['serialNumber'])) {
if (is_array($certData['issuer'])) {
$parts = array();
foreach ($certData['issuer'] as $key => $value) {
array_unshift($parts, "{$key}={$value}");
}
$issuerName = implode(',', $parts);
} else {
$issuerName = $certData['issuer'];
}
$issuer_name_x = $this->soapDoc->createElementNS(XMLSecurityDSig::XMLDSIGNS, 'ds:X509IssuerName', $issuerName);
$serial->appendChild($issuer_name_x);
$serial_number = $this->soapDoc->createElementNS(XMLSecurityDSig::XMLDSIGNS, 'ds:X509SerialNumber', $certData['serialNumber']);
$serial->appendChild($serial_number);
}
} else {
throw new Exception('Unable to locate digital signature');
}
}
