示例#1
0
 static function staticAdd509Cert($parentRef, $cert, $isPEMFormat = TRUE, $isURL = False, $xpath = NULL, $options = NULL)
 {
     if ($isURL) {
         $cert = file_get_contents($cert);
     }
     if (!$parentRef instanceof DOMElement) {
         throw new Exception('Invalid parent Node parameter');
     }
     $baseDoc = $parentRef->ownerDocument;
     if (empty($xpath)) {
         $xpath = new DOMXPath($parentRef->ownerDocument);
         $xpath->registerNamespace('secdsig', DBSeller_Helper_Xml_Security_XMLSecurityDSig::XMLDSIGNS);
     }
     $query = "./secdsig:KeyInfo";
     $nodeset = $xpath->query($query, $parentRef);
     $keyInfo = $nodeset->item(0);
     if (!$keyInfo) {
         $inserted = FALSE;
         $keyInfo = $baseDoc->createElementNS(DBSeller_Helper_Xml_Security_XMLSecurityDSig::XMLDSIGNS, 'KeyInfo');
         $query = "./secdsig:Object";
         $nodeset = $xpath->query($query, $parentRef);
         if ($sObject = $nodeset->item(0)) {
             $sObject->parentNode->insertBefore($keyInfo, $sObject);
             $inserted = TRUE;
         }
         if (!$inserted) {
             $parentRef->appendChild($keyInfo);
         }
     }
     // Add all certs if there are more than one
     $certs = DBSeller_Helper_Xml_Security_XMLSecurityDSig::staticGet509XCerts($cert, $isPEMFormat);
     // Attach X509 data node
     $x509DataNode = $baseDoc->createElementNS(DBSeller_Helper_Xml_Security_XMLSecurityDSig::XMLDSIGNS, 'X509Data');
     $keyInfo->appendChild($x509DataNode);
     $issuerSerial = FALSE;
     $subjectName = FALSE;
     if (is_array($options)) {
         if (!empty($options['issuerSerial'])) {
             $issuerSerial = TRUE;
         }
     }
     // Attach all certificate nodes and any additional data
     foreach ($certs as $X509Cert) {
         if ($issuerSerial) {
             if ($certData = openssl_x509_parse("-----BEGIN CERTIFICATE-----\n" . chunk_split($X509Cert, 64, "\n") . "-----END CERTIFICATE-----\n")) {
                 if ($issuerSerial && !empty($certData['issuer']) && !empty($certData['serialNumber'])) {
                     if (is_array($certData['issuer'])) {
                         $parts = array();
                         foreach ($certData['issuer'] as $key => $value) {
                             array_unshift($parts, "{$key}={$value}" . $issuer);
                         }
                         $issuerName = implode(',', $parts);
                     } else {
                         $issuerName = $certData['issuer'];
                     }
                     $x509IssuerNode = $baseDoc->createElementNS(DBSeller_Helper_Xml_Security_XMLSecurityDSig::XMLDSIGNS, 'X509IssuerSerial');
                     $x509DataNode->appendChild($x509IssuerNode);
                     $x509Node = $baseDoc->createElementNS(DBSeller_Helper_Xml_Security_XMLSecurityDSig::XMLDSIGNS, 'X509IssuerName', $issuerName);
                     $x509IssuerNode->appendChild($x509Node);
                     $x509Node = $baseDoc->createElementNS(DBSeller_Helper_Xml_Security_XMLSecurityDSig::XMLDSIGNS, 'X509SerialNumber', $certData['serialNumber']);
                     $x509IssuerNode->appendChild($x509Node);
                 }
             }
         }
         $x509CertNode = $baseDoc->createElementNS(DBSeller_Helper_Xml_Security_XMLSecurityDSig::XMLDSIGNS, 'X509Certificate', $X509Cert);
         $x509DataNode->appendChild($x509CertNode);
     }
 }