示例#1
0
 public function addReference($name, $node, $type)
 {
     if (!$node instanceof DOMNode) {
         throw new Exception('$node is not of type DOMNode');
     }
     $curencdoc = $this->encdoc;
     $this->_resetTemplate();
     $encdoc = $this->encdoc;
     $this->encdoc = $curencdoc;
     $refuri = XMLSecurityDSig::generate_GUID();
     $element = $encdoc->documentElement;
     $element->setAttribute("Id", $refuri);
     $this->references[$name] = array("node" => $node, "type" => $type, "encnode" => $encdoc, "refuri" => $refuri);
 }
示例#2
0
 static function staticAdd509Cert($parentRef, $cert, $isPEMFormat = TRUE, $isURL = False, $xpath = NULL)
 {
     if ($isURL) {
         $cert = file_get_contents($cert);
     }
     if (!$parentRef instanceof DOMElement) {
         throw new Exception('Invalid parent Node parameter');
     }
     $baseDoc = $parentRef->ownerDocument;
     if (empty($xpath)) {
         $xpath = new DOMXPath($parentRef->ownerDocument);
         $xpath->registerNamespace('secdsig', XMLSecurityDSig::XMLDSIGNS);
     }
     $query = "./secdsig:KeyInfo";
     $nodeset = $xpath->query($query, $parentRef);
     $keyInfo = $nodeset->item(0);
     if (!$keyInfo) {
         $inserted = FALSE;
         $keyInfo = $baseDoc->createElementNS(XMLSecurityDSig::XMLDSIGNS, 'ds:KeyInfo');
         $query = "./secdsig:Object";
         $nodeset = $xpath->query($query, $parentRef);
         if ($sObject = $nodeset->item(0)) {
             $sObject->parentNode->insertBefore($keyInfo, $sObject);
             $inserted = TRUE;
         }
         if (!$inserted) {
             $parentRef->appendChild($keyInfo);
         }
     }
     // Add all certs if there are more than one
     $certs = XMLSecurityDSig::staticGet509XCerts($cert, $isPEMFormat);
     // Atach X509 data node
     $x509DataNode = $baseDoc->createElementNS(XMLSecurityDSig::XMLDSIGNS, 'ds:X509Data');
     $keyInfo->appendChild($x509DataNode);
     // Atach all certificate nodes
     foreach ($certs as $X509Cert) {
         $x509CertNode = $baseDoc->createElementNS(XMLSecurityDSig::XMLDSIGNS, 'ds:X509Certificate', $X509Cert);
         $x509DataNode->appendChild($x509CertNode);
     }
 }
示例#3
0
 public function processSignature($refNode)
 {
     $objXMLSecDSig = new XMLSecurityDSig();
     $objXMLSecDSig->idKeys[] = 'wswsu:Id';
     $objXMLSecDSig->idNS['wswsu'] = WSSESoapServer::WSUNS;
     $objXMLSecDSig->sigNode = $refNode;
     /* Canonicalize the signed info */
     $objXMLSecDSig->canonicalizeSignedInfo();
     $retVal = $objXMLSecDSig->validateReference();
     if (!$retVal) {
         throw new Exception("Validation Failed");
     }
     $key = NULL;
     $objKey = $objXMLSecDSig->locateKey();
     if ($objKey) {
         if ($objKeyInfo = XMLSecEnc::staticLocateKeyInfo($objKey, $refNode)) {
             /* Handle any additional key processing such as encrypted keys here */
         }
     }
     if (empty($objKey)) {
         throw new Exception("Error loading key to handle Signature");
     }
     do {
         if (empty($objKey->key)) {
             $this->SOAPXPath->registerNamespace('xmlsecdsig', XMLSecurityDSig::XMLDSIGNS);
             $query = "./xmlsecdsig:KeyInfo/wswsse:SecurityTokenReference/wswsse:Reference";
             $nodeset = $this->SOAPXPath->query($query, $refNode);
             if ($encmeth = $nodeset->item(0)) {
                 if ($uri = $encmeth->getAttribute("URI")) {
                     $arUrl = parse_url($uri);
                     if (empty($arUrl['path']) && ($identifier = $arUrl['fragment'])) {
                         $query = '//wswsse:BinarySecurityToken[@wswsu:Id="' . $identifier . '"]';
                         $nodeset = $this->SOAPXPath->query($query);
                         if ($encmeth = $nodeset->item(0)) {
                             $x509cert = $encmeth->textContent;
                             $x509cert = str_replace(array("\r", "\n"), "", $x509cert);
                             $x509cert = "-----BEGIN CERTIFICATE-----\n" . chunk_split($x509cert, 64, "\n") . "-----END CERTIFICATE-----\n";
                             $objKey->loadKey($x509cert);
                             break;
                         }
                     }
                 }
             }
             throw new Exception("Error loading key to handle Signature");
         }
     } while (0);
     if (!$objXMLSecDSig->verify($objKey)) {
         throw new Exception("Unable to validate Signature");
     }
     return TRUE;
 }
示例#4
0
 public function EncryptBody($siteKey, $objKey, $token)
 {
     $enc = new XMLSecEnc();
     foreach ($this->envelope->childNodes as $node) {
         if ($node->namespaceURI == $this->soapNS && $node->localName == 'Body') {
             break;
         }
     }
     $enc->setNode($node);
     /* encrypt the symmetric key */
     $enc->encryptKey($siteKey, $objKey, FALSE);
     $enc->type = XMLSecEnc::Content;
     /* Using the symmetric key to actually encrypt the data */
     $encNode = $enc->encryptNode($objKey);
     $guid = XMLSecurityDSig::generate_GUID();
     $encNode->setAttribute('Id', $guid);
     $refNode = $encNode->firstChild;
     while ($refNode && $refNode->nodeType != XML_ELEMENT_NODE) {
         $refNode = $refNode->nextSibling;
     }
     if ($refNode) {
         $refNode = $refNode->nextSibling;
     }
     if ($this->addEncryptedKey($encNode, $enc, $token)) {
         $this->AddReference($enc->encKey, $guid);
     }
 }