public function testCreateXmlSignature() { $nfe = new Schemas\V200\DocumentNFe(); $nfe->load('samples/35101158716523000119550010000000011003000000-nfe.xml'); $cert = Certified::loadPfx($this->file, 'associacao'); Certified::createXmlSignature($nfe, $cert); $nfe->save('samples/35101158716523000119550010000000011003000000-nfe-sign.xml'); }
public static function createXmlSignature(Schemas\V200\DocumentNFe &$domNFe, Certification\X509Certified $certified) { if (!$domNFe->getNFe() instanceof Schemas\V200\TNFe || !$domNFe->getNFe()->getInfNFe() instanceof Schemas\V200\TNFe\InfNFe) { throw new Exception('O arquivo xml está vazio, não é possível assiná-lo.'); } if ($domNFe->getNFe()->getSignature() instanceof Schemas\V200\SignatureType) { throw new Exception('O arquivo xml já está assinado, não é possível assiná-lo.'); } $idNFe = $domNFe->getNFe()->getInfNFe()->getId(); //extrai os dados da tag para uma string $dados = $domNFe->getNFe()->getInfNFe()->C14N(FALSE, FALSE, NULL, NULL); $digestValue = base64_encode(hash('sha1', $dados, TRUE)); $signature = $domNFe->getNFe()->addSignature(); $signedInfo = $signature->addSignedInfo(); $node = $signedInfo->addCanonicalizationMethod(); $node->setAlgorithm('http://www.w3.org/TR/2001/REC-xml-c14n-20010315'); $node = $signedInfo->addSignatureMethod(); $node->setAlgorithm('http://www.w3.org/2000/09/xmldsig#rsa-sha1'); $reference = $signedInfo->addReference(); $reference->setURI('#' . $idNFe); $node = $reference->addTransforms(); $node->addTransform()->setAlgorithm('http://www.w3.org/2000/09/xmldsig#enveloped-signature'); $node->addTransform()->setAlgorithm('http://www.w3.org/TR/2001/REC-xml-c14n-20010315'); $reference->addDigestMethod()->setAlgorithm('http://www.w3.org/2000/09/xmldsig#sha1'); $reference->addDigestValue($digestValue); $dataSignedInfo = $signedInfo->C14N(FALSE, FALSE, NULL, NULL); //inicializa a variavel que vai receber a assinatura //executa a assinatura digital usando o resource da chave privada $certifiedSignature = ''; $privateKey = openssl_pkey_get_private($certified->getPrivateKey()); if (!openssl_sign($dataSignedInfo, $certifiedSignature, $privateKey)) { throw new Exception('Não foi possível recuperar a assinatura do certificado.'); } $signatureValue = base64_encode($certifiedSignature); $signature->addSignatureValue($signatureValue); $keyInfo = $signature->addKeyInfo(); $keyInfo->addX509Data(); $keyInfo->getX509Data()->addX509Certificate($certified->getPublicKey(true)); }