/** * Adds the configured KeyInfo to the parentNode. * * @param FilterHelper $filterHelper Filter helper object * @param int $tokenReference Token reference type * @param string $guid Unique ID * @param \ass\XmlSecurity\Key $xmlSecurityKey XML security key * * @return \DOMElement */ protected function createKeyInfo(FilterHelper $filterHelper, $tokenReference, $guid, XmlSecurityKey $xmlSecurityKey = null) { $keyInfo = $filterHelper->createElement(XmlSecurityDSig::NS_XMLDSIG, 'KeyInfo'); $securityTokenReference = $filterHelper->createElement(Helper::NS_WSS, 'SecurityTokenReference'); $keyInfo->appendChild($securityTokenReference); // security token if (self::TOKEN_REFERENCE_SECURITY_TOKEN === $tokenReference) { $reference = $filterHelper->createElement(Helper::NS_WSS, 'Reference'); $filterHelper->setAttribute($reference, null, 'URI', '#' . $guid); if (null !== $xmlSecurityKey) { $filterHelper->setAttribute($reference, null, 'ValueType', Helper::NAME_WSS_X509 . '#X509v3'); } $securityTokenReference->appendChild($reference); // subject key identifier } elseif (self::TOKEN_REFERENCE_SUBJECT_KEY_IDENTIFIER === $tokenReference && null !== $xmlSecurityKey) { $keyIdentifier = $filterHelper->createElement(Helper::NS_WSS, 'KeyIdentifier'); $filterHelper->setAttribute($keyIdentifier, null, 'EncodingType', Helper::NAME_WSS_SMS . '#Base64Binary'); $filterHelper->setAttribute($keyIdentifier, null, 'ValueType', Helper::NAME_WSS_X509 . '#509SubjectKeyIdentifier'); $securityTokenReference->appendChild($keyIdentifier); $certificate = $xmlSecurityKey->getX509SubjectKeyIdentifier(); $dataNode = new \DOMText($certificate); $keyIdentifier->appendChild($dataNode); // thumbprint sha1 } elseif (self::TOKEN_REFERENCE_THUMBPRINT_SHA1 === $tokenReference && null !== $xmlSecurityKey) { $keyIdentifier = $filterHelper->createElement(Helper::NS_WSS, 'KeyIdentifier'); $filterHelper->setAttribute($keyIdentifier, null, 'EncodingType', Helper::NAME_WSS_SMS . '#Base64Binary'); $filterHelper->setAttribute($keyIdentifier, null, 'ValueType', Helper::NAME_WSS_SMS_1_1 . '#ThumbprintSHA1'); $securityTokenReference->appendChild($keyIdentifier); $thumbprintSha1 = base64_encode(sha1(base64_decode($xmlSecurityKey->getX509Certificate(true)), true)); $dataNode = new \DOMText($thumbprintSha1); $keyIdentifier->appendChild($dataNode); } return $keyInfo; }
/** * Create a ds:KeyInfo with X509 certificate from given Key object * * @param DOMDocument $doc DOMDocument to add the KeyInfo * @param Key $cert Key containing certificate * * @return DOMElement */ public static function createX509CertificateKeyInfo(DOMDocument $doc, Key $cert) { $publicCertificate = $cert->getX509Certificate(true); $keyInfo = $doc->createElementNS(DSig::NS_XMLDSIG, DSig::PFX_XMLDSIG . ':KeyInfo'); $x509Data = $doc->createElementNS(DSig::NS_XMLDSIG, DSig::PFX_XMLDSIG . ':X509Data'); $keyInfo->appendChild($x509Data); $x509Certificate = $doc->createElementNS(DSig::NS_XMLDSIG, DSig::PFX_XMLDSIG . ':X509Certificate', $publicCertificate); $x509Data->appendChild($x509Certificate); return $keyInfo; }