public function addIssuerSerial($X509Cert) { $name = getIssuerName($X509Cert); $serialNumber = getSerialNumber($X509Cert); $objXMLSecDSig = new XMLSecurityDSig(); if ($objDSig = $objXMLSecDSig->locateSignature($this->soapDoc)) { $this->SOAPXPath->registerNamespace('secdsig', XMLSecurityDSig::XMLDSIGNS); $query = "./secdsig:KeyInfo"; $nodeset = $this->SOAPXPath->query($query, $objDSig); $keyInfo = $nodeset->item(0); if (!$keyInfo) { $keyInfo = $objXMLSecDSig->createNewSignNode('KeyInfo'); $objDSig->appendChild($keyInfo); } $tokenRef = $this->soapDoc->createElementNS(WSSESoap::WSSENS, WSSESoap::WSSEPFX . ':SecurityTokenReference'); $keyInfo->appendChild($tokenRef); $x509Data = $objXMLSecDSig->createNewSignNode("X509Data"); $x509IssuerSerial = $objXMLSecDSig->createNewSignNode("X509IssuerSerial"); $x509Data->appendChild($x509IssuerSerial); $x509IssuerName = $objXMLSecDSig->createNewSignNode("X509IssuerName", $name); $x509SerialNumber = $objXMLSecDSig->createNewSignNode("X509SerialNumber", $serialNumber); $x509IssuerSerial->appendChild($x509IssuerName); $x509IssuerSerial->appendChild($x509SerialNumber); $tokenRef->appendChild($x509Data); } else { throw new Exception('Unable to locate digital signature'); } }
public function attachTokentoSig($token) { if (!$token instanceof DOMElement) { throw new Exception('Invalid parameter: BinarySecurityToken element expected'); } $objXMLSecDSig = new XMLSecurityDSig(); if ($objDSig = $objXMLSecDSig->locateSignature($this->soapDoc)) { $tokenURI = '#' . $token->getAttributeNS(self::WSUNS, "Id"); $this->SOAPXPath->registerNamespace('secdsig', XMLSecurityDSig::XMLDSIGNS); $query = "./secdsig:KeyInfo"; $nodeset = $this->SOAPXPath->query($query, $objDSig); $keyInfo = $nodeset->item(0); if (!$keyInfo) { $keyInfo = $objXMLSecDSig->createNewSignNode('KeyInfo'); $objDSig->appendChild($keyInfo); } $tokenRef = $this->soapDoc->createElementNS(self::WSSENS, self::WSSEPFX . ':SecurityTokenReference'); $keyInfo->appendChild($tokenRef); $reference = $this->soapDoc->createElementNS(self::WSSENS, self::WSSEPFX . ':Reference'); $reference->setAttribute('ValueType', 'http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3'); $reference->setAttribute("URI", $tokenURI); $tokenRef->appendChild($reference); } else { throw new Exception('Unable to locate digital signature'); } }
public function mPayAttachCertificateInfo($cert, $isPEMFormat = TRUE) { $data = XMLSecurityDSig::get509XCert($cert, $isPEMFormat); $certData = openssl_x509_parse("-----BEGIN CERTIFICATE-----\n" . chunk_split($data, 64, "\n") . "-----END CERTIFICATE-----\n"); $objXMLSecDSig = new XMLSecurityDSig(); if ($objDSig = $objXMLSecDSig->locateSignature($this->soapDoc)) { $this->SOAPXPath->registerNamespace('secdsig', XMLSecurityDSig::XMLDSIGNS); $query = "./secdsig:KeyInfo"; $nodeset = $this->SOAPXPath->query($query, $objDSig); $keyInfo = $nodeset->item(0); if (!$keyInfo) { $keyInfo = $objXMLSecDSig->createNewSignNode('KeyInfo'); $objDSig->appendChild($keyInfo); } $tokenRef = $this->soapDoc->createElementNS(WSSESoap::WSSENS, WSSESoap::WSSEPFX . ':SecurityTokenReference'); $keyInfo->appendChild($tokenRef); $xdata = $this->soapDoc->createElementNS(XMLSecurityDSig::XMLDSIGNS, 'ds:X509Data'); $tokenRef->appendChild($xdata); $serial = $this->soapDoc->createElementNS(XMLSecurityDSig::XMLDSIGNS, 'ds:X509IssuerSerial'); $xdata->appendChild($serial); if (!empty($certData['issuer']) && !empty($certData['serialNumber'])) { if (is_array($certData['issuer'])) { $parts = array(); foreach ($certData['issuer'] as $key => $value) { array_unshift($parts, "{$key}={$value}"); } $issuerName = implode(',', $parts); } else { $issuerName = $certData['issuer']; } $issuer_name_x = $this->soapDoc->createElementNS(XMLSecurityDSig::XMLDSIGNS, 'ds:X509IssuerName', $issuerName); $serial->appendChild($issuer_name_x); $serial_number = $this->soapDoc->createElementNS(XMLSecurityDSig::XMLDSIGNS, 'ds:X509SerialNumber', $certData['serialNumber']); $serial->appendChild($serial_number); } } else { throw new Exception('Unable to locate digital signature'); } }