public function processSignature($refNode)
{
$objXMLSecDSig = new XMLSecurityDSig();
$objXMLSecDSig->idKeys[] = 'wswsu:Id';
$objXMLSecDSig->idNS['wswsu'] = WSSESoapServer::WSUNS;
$objXMLSecDSig->sigNode = $refNode;
/* Canonicalize the signed info */
$objXMLSecDSig->canonicalizeSignedInfo();
$retVal = $objXMLSecDSig->validateReference();
if (!$retVal) {
throw new Exception("Validation Failed");
}
$key = NULL;
$objKey = $objXMLSecDSig->locateKey();
if ($objKey) {
if ($objKeyInfo = XMLSecEnc::staticLocateKeyInfo($objKey, $refNode)) {
/* Handle any additional key processing such as encrypted keys here */
}
}
if (empty($objKey)) {
throw new Exception("Error loading key to handle Signature");
}
do {
if (empty($objKey->key)) {
$this->SOAPXPath->registerNamespace('xmlsecdsig', XMLSecurityDSig::XMLDSIGNS);
$query = "./xmlsecdsig:KeyInfo/wswsse:SecurityTokenReference/wswsse:Reference";
$nodeset = $this->SOAPXPath->query($query, $refNode);
if ($encmeth = $nodeset->item(0)) {
if ($uri = $encmeth->getAttribute("URI")) {
$arUrl = parse_url($uri);
if (empty($arUrl['path']) && ($identifier = $arUrl['fragment'])) {
$query = '//wswsse:BinarySecurityToken[@wswsu:Id="' . $identifier . '"]';
$nodeset = $this->SOAPXPath->query($query);
if ($encmeth = $nodeset->item(0)) {
$x509cert = $encmeth->textContent;
$x509cert = str_replace(array("\r", "\n"), "", $x509cert);
$x509cert = "-----BEGIN CERTIFICATE-----\n" . chunk_split($x509cert, 64, "\n") . "-----END CERTIFICATE-----\n";
$objKey->loadKey($x509cert);
break;
}
}
}
}
throw new Exception("Error loading key to handle Signature");
}
} while (0);
if (!$objXMLSecDSig->verify($objKey)) {
throw new Exception("Unable to validate Signature");
}
return TRUE;
}
public function locateKeyInfo($objBaseKey = NULL, $node = NULL)
{
if (empty($node)) {
$node = $this->rawNode;
}
return XMLSecEnc::staticLocateKeyInfo($objBaseKey, $node);
}
public function decryptSoapDoc($doc, $options)
{
$privKey = NULL;
$privKey_isFile = FALSE;
$privKey_isCert = FALSE;
if (is_array($options)) {
$privKey = !empty($options["keys"]["private"]["key"]) ? $options["keys"]["private"]["key"] : NULL;
$privKey_isFile = !empty($options["keys"]["private"]["isFile"]) ? TRUE : FALSE;
$privKey_isCert = !empty($options["keys"]["private"]["isCert"]) ? TRUE : FALSE;
}
$objenc = new XMLSecEnc();
$xpath = new DOMXPath($doc);
$envns = $doc->documentElement->namespaceURI;
$xpath->registerNamespace("soapns", $envns);
$xpath->registerNamespace("soapenc", "http://www.w3.org/2001/04/xmlenc#");
$nodes = $xpath->query('/soapns:Envelope/soapns:Header/*[local-name()="Security"]/soapenc:EncryptedKey');
$references = array();
if ($node = $nodes->item(0)) {
$objenc = new XMLSecEnc();
$objenc->setNode($node);
if (!($objKey = $objenc->locateKey())) {
throw new Exception("Unable to locate algorithm for this Encrypted Key");
}
$objKey->isEncrypted = TRUE;
$objKey->encryptedCtx = $objenc;
XMLSecEnc::staticLocateKeyInfo($objKey, $node);
if ($objKey && $objKey->isEncrypted) {
$objencKey = $objKey->encryptedCtx;
$objKey->loadKey($privKey, $privKey_isFile, $privKey_isCert);
$key = $objencKey->decryptKey($objKey);
$objKey->loadKey($key);
}
$refnodes = $xpath->query('./soapenc:ReferenceList/soapenc:DataReference/@URI', $node);
foreach ($refnodes as $reference) {
$references[] = $reference->nodeValue;
}
}
foreach ($references as $reference) {
$arUrl = parse_url($reference);
$reference = $arUrl['fragment'];
$query = '//*[@Id="' . $reference . '"]';
$nodes = $xpath->query($query);
$encData = $nodes->item(0);
if ($algo = $xpath->evaluate("string(./soapenc:EncryptionMethod/@Algorithm)", $encData)) {
$objKey = new XMLSecurityKey($algo);
$objKey->loadKey($key);
}
$objenc->setNode($encData);
$objenc->type = $encData->getAttribute("Type");
$decrypt = $objenc->decryptNode($objKey, TRUE);
}
return TRUE;
}
