/**
* Validate the receipt contained in the given XML element using the
* certificate provided.
*
* @param DOMDocument $dom
* @param resource $certificate
* @return bool
*/
protected function validateXml(DOMDocument $dom, $certificate)
{
$secDsig = new XMLSecurityDSig();
// Locate the signature in the receipt XML.
$dsig = $secDsig->locateSignature($dom);
if ($dsig === null) {
throw new RunTimeException('Cannot locate receipt signature');
}
$secDsig->canonicalizeSignedInfo();
$secDsig->idKeys = array('wsu:Id');
$secDsig->idNS = array('wsu' => 'http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd');
if (!$secDsig->validateReference()) {
throw new RunTimeException('Reference validation failed');
}
$key = $secDsig->locateKey();
if ($key === null) {
throw new RunTimeException('Could not locate key in receipt');
}
$keyInfo = XMLSecEnc::staticLocateKeyInfo($key, $dsig);
if (!$keyInfo->key) {
$key->loadKey($certificate);
}
return $secDsig->verify($key) == 1;
}
/**
* Try to extract the public key from DOM node.
*
* Sets publicKey and keyAlgorithm properties if success.
*
* @see publicKey
* @see keyAlgorithm
*
* @param DOMNode $dom
*
* @return bool `true` If public key was extracted or `false` if cannot be possible
*/
protected function setPublicKeyFromNode(DOMNode $dom)
{
// try to get the public key from the certificate
$objXMLSecDSig = new XMLSecurityDSig();
$objDSig = $objXMLSecDSig->locateSignature($dom);
if (!$objDSig) {
return false;
}
$objKey = $objXMLSecDSig->locateKey();
if (!$objKey) {
return false;
}
XMLSecEnc::staticLocateKeyInfo($objKey, $objDSig);
$this->publicKey = $objKey->getX509Certificate();
$this->keyAlgorithm = $objKey->getAlgorith();
return true;
}
public function attachTokentoSig($token)
{
if (!$token instanceof DOMElement) {
throw new Exception('Invalid parameter: BinarySecurityToken element expected');
}
$objXMLSecDSig = new XMLSecurityDSig();
if ($objDSig = $objXMLSecDSig->locateSignature($this->soapDoc)) {
$tokenURI = '#' . $token->getAttributeNS(self::WSUNS, 'Id');
$this->SOAPXPath->registerNamespace('secdsig', XMLSecurityDSig::XMLDSIGNS);
$query = './secdsig:KeyInfo';
$nodeset = $this->SOAPXPath->query($query, $objDSig);
$keyInfo = $nodeset->item(0);
if (!$keyInfo) {
$keyInfo = $objXMLSecDSig->createNewSignNode('KeyInfo');
$objDSig->appendChild($keyInfo);
}
$tokenRef = $this->soapDoc->createElementNS(self::WSSENS, self::WSSEPFX . ':SecurityTokenReference');
$keyInfo->appendChild($tokenRef);
$reference = $this->soapDoc->createElementNS(self::WSSENS, self::WSSEPFX . ':Reference');
$reference->setAttribute('ValueType', 'http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3');
$reference->setAttribute('URI', $tokenURI);
$tokenRef->appendChild($reference);
} else {
throw new Exception('Unable to locate digital signature');
}
}
