public function add509Cert($cert, $isPEMFormat = TRUE) { $data = XMLSecurityDSig::get509XCert($cert, $isPEMFormat); if ($xpath = $this->getXPathObj()) { $query = "./secdsig:KeyInfo"; $nodeset = $xpath->query($query, $this->sigNode); $keyInfo = $nodeset->item(0); if (!$keyInfo) { $inserted = FALSE; $keyInfo = $this->createNewSignNode('KeyInfo'); if ($xpath = $this->getXPathObj()) { $query = "./secdsig:Object"; $nodeset = $xpath->query($query, $this->sigNode); if ($sObject = $nodeset->item(0)) { $sObject->parentNode->insertBefore($keyInfo, $sObject); $inserted = TRUE; } } if (!$inserted) { $this->sigNode->appendChild($keyInfo); } } $x509DataNode = $this->createNewSignNode('X509Data'); $keyInfo->appendChild($x509DataNode); $x509CertNode = $this->createNewSignNode('X509Certificate', $data); $x509DataNode->appendChild($x509CertNode); } }
public function addBinaryToken($cert, $isPEMFormat = true, $isDSig = true) { $security = $this->locateSecurityHeader(); $data = XMLSecurityDSig::get509XCert($cert, $isPEMFormat); $token = $this->soapDoc->createElementNS(self::WSSENS, self::WSSEPFX . ':BinarySecurityToken', $data); $security->insertBefore($token, $security->firstChild); $token->setAttribute('EncodingType', 'http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary'); $token->setAttributeNS(self::WSUNS, self::WSUPFX . ':Id', XMLSecurityDSig::generate_GUID()); $token->setAttribute('ValueType', 'http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3'); return $token; }
public function mPayAttachCertificateInfo($cert, $isPEMFormat = TRUE) { $data = XMLSecurityDSig::get509XCert($cert, $isPEMFormat); $certData = openssl_x509_parse("-----BEGIN CERTIFICATE-----\n" . chunk_split($data, 64, "\n") . "-----END CERTIFICATE-----\n"); $objXMLSecDSig = new XMLSecurityDSig(); if ($objDSig = $objXMLSecDSig->locateSignature($this->soapDoc)) { $this->SOAPXPath->registerNamespace('secdsig', XMLSecurityDSig::XMLDSIGNS); $query = "./secdsig:KeyInfo"; $nodeset = $this->SOAPXPath->query($query, $objDSig); $keyInfo = $nodeset->item(0); if (!$keyInfo) { $keyInfo = $objXMLSecDSig->createNewSignNode('KeyInfo'); $objDSig->appendChild($keyInfo); } $tokenRef = $this->soapDoc->createElementNS(WSSESoap::WSSENS, WSSESoap::WSSEPFX . ':SecurityTokenReference'); $keyInfo->appendChild($tokenRef); $xdata = $this->soapDoc->createElementNS(XMLSecurityDSig::XMLDSIGNS, 'ds:X509Data'); $tokenRef->appendChild($xdata); $serial = $this->soapDoc->createElementNS(XMLSecurityDSig::XMLDSIGNS, 'ds:X509IssuerSerial'); $xdata->appendChild($serial); if (!empty($certData['issuer']) && !empty($certData['serialNumber'])) { if (is_array($certData['issuer'])) { $parts = array(); foreach ($certData['issuer'] as $key => $value) { array_unshift($parts, "{$key}={$value}"); } $issuerName = implode(',', $parts); } else { $issuerName = $certData['issuer']; } $issuer_name_x = $this->soapDoc->createElementNS(XMLSecurityDSig::XMLDSIGNS, 'ds:X509IssuerName', $issuerName); $serial->appendChild($issuer_name_x); $serial_number = $this->soapDoc->createElementNS(XMLSecurityDSig::XMLDSIGNS, 'ds:X509SerialNumber', $certData['serialNumber']); $serial->appendChild($serial_number); } } else { throw new Exception('Unable to locate digital signature'); } }