function processDocument() { global $src_file, $target_file, $user_pubkey_file_path, $user_cert_file_path; require dirname(__FILE__) . '/xmlseclibs.php'; if (file_exists($target_file)) { unlink($target_file); } $doc = new DOMDocument(); $doc->load($src_file); $objDSig = new XMLSecurityDSig(); $objDSig->setCanonicalMethod(XMLSecurityDSig::EXC_C14N); $objDSig->addReference($doc, XMLSecurityDSig::SHA1, array('http://www.w3.org/2000/09/xmldsig#enveloped-signature')); /* gako pribatu bat behar dugu prozesua burutzeko. orain edozein erabiliko dugu. gero txartelekoarekin ordezkatzeko */ $objKey = new XMLSecurityKey(XMLSecurityKey::RSA_SHA1, array('type' => 'private')); /* if key has Passphrase, set it using $objKey->passphrase = <passphrase> " */ $objKey->loadKey(dirname(__FILE__) . '/privkey.pem', TRUE); $objDSig->sign($objKey); /* Add associated public key */ // $objDSig->add509Cert(file_get_contents(dirname(__FILE__) . '/mycert.pem')); // $objDSig->add509Cert(file_get_contents($user_cert_file_path)); if (!file_exists($user_cert_file_path)) { debug('File not found', $user_cert_file_path); } else { $objDSig->add509Cert($user_cert_file_path); } $objDSig->appendSignature($doc->documentElement); $doc->save($target_file); }
function signXML($token, $privkey) { $sigdoc = new DOMDocument(); if (!$sigdoc->loadXML($token)) { throw new Exception("Invalid XML!"); } $sigNode = $sigdoc->firstChild; $enc = new XMLSecurityDSig(); $enc->idKeys[] = 'ID'; $enc->setCanonicalMethod(XMLSecurityDSig::EXC_C14N); $enc->addReference($sigNode, XMLSecurityDSig::SHA1, array('http://www.w3.org/2000/09/xmldsig#enveloped-signature', XMLSecurityDSig::EXC_C14N)); $key = new XMLSecurityKey(XMLSecurityKey::RSA_SHA1, array('type' => 'private', 'library' => 'openssl')); $key->loadKey($privkey, false, false); $enc->sign($key); $enc->appendSignature($sigNode); return $sigdoc->saveXML(); }
/** * Sign the specified DOMDocument * * @see https://github.com/Maks3w/xmlseclibs/blob/v1.3.0/tests/xml-sign.phpt * * @param DOMDocument $document * @return DOMDocument */ private function sign_document(DOMDocument $document) { $result = false; try { $dsig = new XMLSecurityDSig(); // For canonicalization purposes the exclusive (9) algorithm must be used. // @see http://pronamic.nl/wp-content/uploads/2012/12/iDEAL-Merchant-Integration-Guide-ENG-v3.3.1.pdf #page 30 $dsig->setCanonicalMethod(XMLSecurityDSig::EXC_C14N); // For hashing purposes the SHA-256 (11) algorithm must be used. // @see http://pronamic.nl/wp-content/uploads/2012/12/iDEAL-Merchant-Integration-Guide-ENG-v3.3.1.pdf #page 30 $dsig->addReference($document, XMLSecurityDSig::SHA256, array('http://www.w3.org/2000/09/xmldsig#enveloped-signature'), array('force_uri' => true)); // For signature purposes the RSAWithSHA 256 (12) algorithm must be used. // @see http://pronamic.nl/wp-content/uploads/2012/12/iDEAL-Merchant-Integration-Guide-ENG-v3.3.1.pdf #page 31 $key = new XMLSecurityKey(XMLSecurityKey::RSA_SHA256, array('type' => 'private')); $key->passphrase = $this->private_key_password; $key->loadKey($this->private_key); // Test if we can get an private key object, to prefent the following errors: // Warning: openssl_sign() [function.openssl-sign]: supplied key param cannot be coerced into a private key $result = openssl_get_privatekey($this->private_key, $this->private_key_password); if (false !== $result) { // Sign $dsig->sign($key); // The public key must be referenced using a fingerprint of an X.509 // certificate. The fingerprint must be calculated according // to the following formula HEX(SHA-1(DER certificate)) (13) // @see http://pronamic.nl/wp-content/uploads/2012/12/iDEAL-Merchant-Integration-Guide-ENG-v3.3.1.pdf #page 31 $fingerprint = Pronamic_WP_Pay_Gateways_IDealAdvanced_Security::getShaFingerprint($this->private_certificate); $dsig->addKeyInfoAndName($fingerprint); // Add the signature $dsig->appendSignature($document->documentElement); $result = $document; } else { throw new Exception('Can not load private key'); } } catch (Exception $e) { $this->error = new WP_Error('xml_security', $e->getMessage(), $e); } return $result; }
/** * @dataProvider testXmlSignProvider * @throws \Exception */ public function testXmlSign($dsigAlgorithm, $keyType, $expectedFileName) { $doc = new \DOMDocument(); $doc->load(dirname(__FILE__) . '/../basic-doc.xml'); $objDSig = new XMLSecurityDSig(); $objDSig->setCanonicalMethod(XMLSecurityDSig::EXC_C14N); $objDSig->addReference($doc, $dsigAlgorithm, array('http://www.w3.org/2000/09/xmldsig#enveloped-signature')); $objKey = new XMLSecurityKey($keyType, array('type' => 'private')); /* load private key */ $objKey->loadKey(dirname(__FILE__) . '/../privkey.pem', true); /* if key has Passphrase, set it using $objKey->passphrase = <passphrase> " */ $objDSig->sign($objKey); /* Add associated public key */ $objDSig->add509Cert(file_get_contents(dirname(__FILE__) . '/../mycert.pem')); $objDSig->appendSignature($doc->documentElement); $sign_output = $doc->saveXML(); $sign_output_def = file_get_contents($expectedFileName); $this->assertEquals($sign_output_def, $sign_output, "Signature doesn't match"); }
file_put_contents($user_cert_file_path, $_SERVER['SSL_CLIENT_CERT']); $output = shell_exec($openssl . ' x509 -inform pem -in ' . $user_cert_file_path . ' -pubkey -noout > ' . $user_pubkey_file_path); if ($yafirmado) { $src = file_get_contents($target_file); $src = preg_replace('/<ds:SignatureValue>[^<]*<\\/ds:SignatureValue>/i', '<ds:SignatureValue>' . $sinatuta . '</ds:SignatureValue>', $src); file_put_contents($target_file, $src); $xml = file_get_contents($target_file); } else { if (file_exists($target_file)) { unlink($target_file); } $doc = new DOMDocument(); $doc->load($dir); $objDSig = new XMLSecurityDSig(); $objDSig->setCanonicalMethod(XMLSecurityDSig::EXC_C14N); $objDSig->addReference($doc, XMLSecurityDSig::SHA1, array('http://www.w3.org/2000/09/xmldsig#enveloped-signature')); /* gako pribatu bat behar dugu prozesua burutzeko. orain edozein erabiliko dugu. gero txartelekoarekin ordezkatzeko */ $objKey = new XMLSecurityKey(XMLSecurityKey::RSA_SHA1, array('type' => 'private')); /* if key has Passphrase, set it using $objKey->passphrase = <passphrase> " */ $objKey->loadKey(dirname(__FILE__) . '/privkey.pem', TRUE); $objDSig->sign($objKey); /* Add associated public key */ // $objDSig->add509Cert(file_get_contents(dirname(__FILE__) . '/mycert.pem')); // $objDSig->add509Cert(file_get_contents($user_cert_file_path)); if (!file_exists($user_cert_file_path)) { die('File not found : ' . $user_cert_file_path); } else { $objDSig->add509Cert($user_cert_file_path); } $objDSig->appendSignature($doc->documentElement); $doc->save($target_file);