/** * Convert this assertion to an XML element. * * @param \DOMNode|null $parentElement The DOM node the assertion should be created in. * @return \DOMElement This assertion. */ public function toXML(\DOMNode $parentElement = null) { if ($parentElement === null) { $document = DOMDocumentFactory::create(); $parentElement = $document; } else { $document = $parentElement->ownerDocument; } $root = $document->createElementNS(Constants::NS_SAML, 'saml:' . 'Assertion'); $parentElement->appendChild($root); /* Ugly hack to add another namespace declaration to the root element. */ $root->setAttributeNS(Constants::NS_SAMLP, 'samlp:tmp', 'tmp'); $root->removeAttributeNS(Constants::NS_SAMLP, 'tmp'); $root->setAttributeNS(Constants::NS_XSI, 'xsi:tmp', 'tmp'); $root->removeAttributeNS(Constants::NS_XSI, 'tmp'); $root->setAttributeNS(Constants::NS_XS, 'xs:tmp', 'tmp'); $root->removeAttributeNS(Constants::NS_XS, 'tmp'); $root->setAttribute('ID', $this->id); $root->setAttribute('Version', '2.0'); $root->setAttribute('IssueInstant', gmdate('Y-m-d\\TH:i:s\\Z', $this->issueInstant)); if (is_string($this->issuer)) { $issuer = Utils::addString($root, Constants::NS_SAML, 'saml:Issuer', $this->issuer); } elseif ($this->issuer instanceof \SAML2\XML\saml\Issuer) { $issuer = $this->issuer->toXML($root); } $this->addSubject($root); $this->addConditions($root); $this->addAuthnStatement($root); if ($this->requiredEncAttributes == false) { $this->addAttributeStatement($root); } else { $this->addEncryptedAttributeStatement($root); } if ($this->signatureKey !== null) { Utils::insertSignature($this->signatureKey, $this->certificates, $root, $issuer->nextSibling); } return $root; }
/** * Convert this message to a signed XML document. * * This method sign the resulting XML document if the private key for * the signature is set. * * @return \DOMElement The root element of the DOM tree. */ public function toSignedXML() { $root = $this->toUnsignedXML(); if ($this->signatureKey === null) { /* We don't have a key to sign it with. */ return $root; } /* Find the position we should insert the signature node at. */ if ($this->issuer !== null) { /* * We have an issuer node. The signature node should come * after the issuer node. */ $issuerNode = $root->firstChild; $insertBefore = $issuerNode->nextSibling; } else { /* No issuer node - the signature element should be the first element. */ $insertBefore = $root->firstChild; } Utils::insertSignature($this->signatureKey, $this->certificates, $root, $insertBefore); return $root; }
/** * Sign the given XML element. * * @param \DOMElement $root The element we should sign. * @param \DOMElement|null $insertBefore The element we should insert the signature node before. * @return \DOMElement|null */ protected function signElement(\DOMElement $root, \DOMElement $insertBefore = null) { if ($this->signatureKey === null) { /* We cannot sign this element. */ return null; } Utils::insertSignature($this->signatureKey, $this->certificates, $root, $insertBefore); return $root; }