public function sign(DOMDocument $data) { if (null === $this->privateKey) { throw new RuntimeException('Missing private key. Use setPrivateKey to set one.'); } $objKey = new XMLSecurityKey($this->keyAlgorithm, ['type' => 'private']); $objKey->loadKey($this->privateKey); $objXMLSecDSig = new XMLSecurityDSig(); $objXMLSecDSig->setCanonicalMethod($this->canonicalMethod); $objXMLSecDSig->addReference($data, $this->digestAlgorithm, $this->transforms, ['force_uri' => true]); $objXMLSecDSig->sign($objKey, $data->documentElement); /* Add associated public key */ if ($this->getPublicKey()) { $objXMLSecDSig->add509Cert($this->getPublicKey()); } }
public function signDocument() { if (strlen($this->content2SignIdentifier) == 0) { return; } // get content to sign // get content to sign $doc = new DOMDocument('1.0', 'UTF-8'); $doc->loadXML($this->xmlMessage); $xpath = new DOMXPath($doc); $nodeset = $xpath->query("//{$this->content2SignIdentifier}")->item(0); // sign // sign $objXMLSecDSig = new XMLSecurityDSig(''); $objXMLSecDSig->setCanonicalMethod(XMLSecurityDSig::C14N); $objXMLSecDSig->addReference($nodeset, XMLSecurityDSig::SHA256, array('http://www.w3.org/2000/09/xmldsig#enveloped-signature'), array('id_name' => 'Id', 'uri' => $this->msgIdentifier, 'overwrite' => false)); openssl_pkcs12_read(file_get_contents($this->myCertificatePathP12), $raw, $this->myCertificatePassword); $objKey = new XMLSecurityKey(XMLSecurityKey::RSA_SHA256, array('type' => 'private')); $objKey->loadKey($raw['pkey']); $objXMLSecDSig->sign($objKey, $nodeset); $objXMLSecDSig->add509Cert($raw['cert'], true, false, array('issuerSerial' => true, 'subjectName' => true, 'issuerCertificate' => false)); $this->xmlMessage = $doc->saveXML(); }