/** * Validate the receipt contained in the given XML element using the * certificate provided. * * @param DOMDocument $dom * @param resource $certificate * @return bool */ protected function validateXml(DOMDocument $dom, $certificate) { $secDsig = new XMLSecurityDSig(); // Locate the signature in the receipt XML. $dsig = $secDsig->locateSignature($dom); if ($dsig === null) { throw new RunTimeException('Cannot locate receipt signature'); } $secDsig->canonicalizeSignedInfo(); $secDsig->idKeys = array('wsu:Id'); $secDsig->idNS = array('wsu' => 'http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd'); if (!$secDsig->validateReference()) { throw new RunTimeException('Reference validation failed'); } $key = $secDsig->locateKey(); if ($key === null) { throw new RunTimeException('Could not locate key in receipt'); } $keyInfo = XMLSecEnc::staticLocateKeyInfo($key, $dsig); if (!$keyInfo->key) { $key->loadKey($certificate); } return $secDsig->verify($key) == 1; }
/** * Try to extract the public key from DOM node. * * Sets publicKey and keyAlgorithm properties if success. * * @see publicKey * @see keyAlgorithm * * @param DOMNode $dom * * @return bool `true` If public key was extracted or `false` if cannot be possible */ protected function setPublicKeyFromNode(DOMNode $dom) { // try to get the public key from the certificate $objXMLSecDSig = new XMLSecurityDSig(); $objDSig = $objXMLSecDSig->locateSignature($dom); if (!$objDSig) { return false; } $objKey = $objXMLSecDSig->locateKey(); if (!$objKey) { return false; } XMLSecEnc::staticLocateKeyInfo($objKey, $objDSig); $this->publicKey = $objKey->getX509Certificate(); $this->keyAlgorithm = $objKey->getAlgorith(); return true; }
public function attachTokentoSig($token) { if (!$token instanceof DOMElement) { throw new Exception('Invalid parameter: BinarySecurityToken element expected'); } $objXMLSecDSig = new XMLSecurityDSig(); if ($objDSig = $objXMLSecDSig->locateSignature($this->soapDoc)) { $tokenURI = '#' . $token->getAttributeNS(self::WSUNS, 'Id'); $this->SOAPXPath->registerNamespace('secdsig', XMLSecurityDSig::XMLDSIGNS); $query = './secdsig:KeyInfo'; $nodeset = $this->SOAPXPath->query($query, $objDSig); $keyInfo = $nodeset->item(0); if (!$keyInfo) { $keyInfo = $objXMLSecDSig->createNewSignNode('KeyInfo'); $objDSig->appendChild($keyInfo); } $tokenRef = $this->soapDoc->createElementNS(self::WSSENS, self::WSSEPFX . ':SecurityTokenReference'); $keyInfo->appendChild($tokenRef); $reference = $this->soapDoc->createElementNS(self::WSSENS, self::WSSEPFX . ':Reference'); $reference->setAttribute('ValueType', 'http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3'); $reference->setAttribute('URI', $tokenURI); $tokenRef->appendChild($reference); } else { throw new Exception('Unable to locate digital signature'); } }