本文整理汇总了PHP中XMLSecurityDSig类的典型用法代码示例。如果您正苦于以下问题:PHP XMLSecurityDSig类的具体用法?PHP XMLSecurityDSig怎么用?PHP XMLSecurityDSig使用的例子?那么恭喜您, 这里精选的类代码示例或许可以为您提供帮助。
在下文中一共展示了XMLSecurityDSig类的20个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于我们的系统推荐出更棒的PHP代码示例。
示例1: isValid
/**
* @return bool
* @throws Exception
*/
public function isValid()
{
$singleAssertion = $this->validateNumAssertions();
if (!$singleAssertion) {
throw new Exception('Multiple assertions are not supported');
}
$validTimestamps = $this->validateTimestamps();
if (!$validTimestamps) {
throw new Exception('Timing issues (please check your clock settings)');
}
$objXMLSecDSig = new XMLSecurityDSig();
$objDSig = $objXMLSecDSig->locateSignature($this->_document);
if (!$objDSig) {
throw new Exception('Cannot locate Signature Node');
}
$objXMLSecDSig->canonicalizeSignedInfo();
$objXMLSecDSig->idKeys = array('ID');
$objKey = $objXMLSecDSig->locateKey();
if (!$objKey) {
throw new Exception('We have no idea about the key');
}
try {
$retVal = $objXMLSecDSig->validateReference();
} catch (Exception $e) {
throw new Exception('Reference Validation Failed');
}
XMLSecEnc::staticLocateKeyInfo($objKey, $objDSig);
$objKey->loadKey($this->_settings->idpPublicCertificate, false, true);
return $objXMLSecDSig->verify($objKey) === 1;
}
开发者ID:maestrano,项目名称:maestrano-php,代码行数:34,代码来源:XmlSec.php
示例2: getXml
/**
* @param \DOMNode $parent
* @param \AerialShip\LightSaml\Meta\SerializationContext $context
* @return \DOMNode
*/
function getXml(\DOMNode $parent, SerializationContext $context)
{
$objXMLSecDSig = new \XMLSecurityDSig();
$objXMLSecDSig->setCanonicalMethod($this->getCanonicalMethod());
$key = $this->getXmlSecurityKey();
switch ($key->type) {
case \XMLSecurityKey::RSA_SHA256:
$type = \XMLSecurityDSig::SHA256;
break;
case \XMLSecurityKey::RSA_SHA384:
$type = \XMLSecurityDSig::SHA384;
break;
case \XMLSecurityKey::RSA_SHA512:
$type = \XMLSecurityDSig::SHA512;
break;
default:
$type = \XMLSecurityDSig::SHA1;
}
$objXMLSecDSig->addReferenceList(array($parent), $type, array(Protocol::XMLSEC_TRANSFORM_ALGORITHM_ENVELOPED_SIGNATURE, \XMLSecurityDSig::EXC_C14N), array('id_name' => $this->getIDName(), 'overwrite' => FALSE));
$objXMLSecDSig->sign($key);
$objXMLSecDSig->add509Cert($this->getCertificate()->getData(), false, false);
$firstChild = $parent->hasChildNodes() ? $parent->firstChild : null;
if ($firstChild && $firstChild->localName == 'Issuer') {
// The signature node should come after the issuer node
$firstChild = $firstChild->nextSibling;
}
$objXMLSecDSig->insertSignature($parent, $firstChild);
}
开发者ID:LearnerNation,项目名称:lightsaml,代码行数:33,代码来源:SignatureCreator.php
示例3: processDocument
function processDocument()
{
global $src_file, $target_file, $user_pubkey_file_path, $user_cert_file_path;
require dirname(__FILE__) . '/xmlseclibs.php';
if (file_exists($target_file)) {
unlink($target_file);
}
$doc = new DOMDocument();
$doc->load($src_file);
$objDSig = new XMLSecurityDSig();
$objDSig->setCanonicalMethod(XMLSecurityDSig::EXC_C14N);
$objDSig->addReference($doc, XMLSecurityDSig::SHA1, array('http://www.w3.org/2000/09/xmldsig#enveloped-signature'));
/* gako pribatu bat behar dugu prozesua burutzeko. orain edozein erabiliko dugu. gero txartelekoarekin ordezkatzeko */
$objKey = new XMLSecurityKey(XMLSecurityKey::RSA_SHA1, array('type' => 'private'));
/* if key has Passphrase, set it using $objKey->passphrase = <passphrase> " */
$objKey->loadKey(dirname(__FILE__) . '/privkey.pem', TRUE);
$objDSig->sign($objKey);
/* Add associated public key */
// $objDSig->add509Cert(file_get_contents(dirname(__FILE__) . '/mycert.pem'));
// $objDSig->add509Cert(file_get_contents($user_cert_file_path));
if (!file_exists($user_cert_file_path)) {
debug('File not found', $user_cert_file_path);
} else {
$objDSig->add509Cert($user_cert_file_path);
}
$objDSig->appendSignature($doc->documentElement);
$doc->save($target_file);
}
开发者ID:Esleelkartea,项目名称:legedia-ESLE,代码行数:28,代码来源:index.php
示例4: is_valid
public function is_valid()
{
$objXMLSecDSig = new XMLSecurityDSig();
$objDSig = $objXMLSecDSig->locateSignature($this->document);
if (!$objDSig) {
throw new Exception("Cannot locate Signature Node");
}
$objXMLSecDSig->canonicalizeSignedInfo();
$objXMLSecDSig->idKeys = array('ID');
$retVal = $objXMLSecDSig->validateReference();
if (!$retVal) {
throw new Exception("Reference Validation Failed");
}
$objKey = $objXMLSecDSig->locateKey();
if (!$objKey) {
throw new Exception("We have no idea about the key");
}
$key = null;
$singleAssertion = $this->validateNumAssertions();
if (!$singleAssertion) {
throw new Exception("Only one SAMLAssertion allowed");
}
$validTimestamps = $this->validateTimestamps();
if (!$validTimestamps) {
throw new Exception("SAMLAssertion conditions not met");
}
$objKeyInfo = XMLSecEnc::staticLocateKeyInfo($objKey, $objDSig);
$objKey->loadKey($this->settings->x509certificate, false, true);
$result = $objXMLSecDSig->verify($objKey);
return $result;
}
开发者ID:jan-tee,项目名称:dokuwiki-plugin-adfs,代码行数:31,代码来源:xmlsec.php
示例5: ADFS_SignResponse
function ADFS_SignResponse($response, $key, $cert)
{
$objXMLSecDSig = new XMLSecurityDSig();
$objXMLSecDSig->idKeys = array('AssertionID');
$objXMLSecDSig->setCanonicalMethod(XMLSecurityDSig::EXC_C14N);
$responsedom = new DOMDocument();
$responsedom->loadXML(str_replace("\r", "", $response));
$firstassertionroot = $responsedom->getElementsByTagName('Assertion')->item(0);
$objXMLSecDSig->addReferenceList(array($firstassertionroot), XMLSecurityDSig::SHA1, array('http://www.w3.org/2000/09/xmldsig#enveloped-signature', XMLSecurityDSig::EXC_C14N), array('id_name' => 'AssertionID'));
$objKey = new XMLSecurityKey(XMLSecurityKey::RSA_SHA1, array('type' => 'private'));
$objKey->loadKey($key, TRUE);
$objXMLSecDSig->sign($objKey);
if ($cert) {
$public_cert = file_get_contents($cert);
$objXMLSecDSig->add509Cert($public_cert, TRUE);
}
$newSig = $responsedom->importNode($objXMLSecDSig->sigNode, TRUE);
$firstassertionroot->appendChild($newSig);
return $responsedom->saveXML();
}
开发者ID:hukumonline,项目名称:yii,代码行数:20,代码来源:prp.php
示例6: addReference
public function addReference($name, $node, $type)
{
if (!$node instanceof \DOMNode) {
throw new \Exception('$node is not of type \\DOMNode');
}
$curencdoc = $this->encdoc;
$this->_resetTemplate();
$encdoc = $this->encdoc;
$this->encdoc = $curencdoc;
$refuri = XMLSecurityDSig::generate_GUID();
$element = $encdoc->documentElement;
$element->setAttribute("Id", $refuri);
$this->references[$name] = array("node" => $node, "type" => $type, "encnode" => $encdoc, "refuri" => $refuri);
}
开发者ID:BGCX067,项目名称:face-proveedor-cliente-php-git,代码行数:14,代码来源:XMLSecEnc.php
示例7: __construct
/**
* This function initializes the validator.
*
* @param $xmlNode The XML node which contains the Signature element.
* @param $idAttribute The ID attribute which is used in node references. If this attribute is
* NULL (the default), then we will use whatever is the default ID.
*/
public function __construct($xmlNode, $idAttribute = NULL, $publickey = FALSE)
{
assert('$xmlNode instanceof DOMNode');
/* Create an XML security object. */
$objXMLSecDSig = new XMLSecurityDSig();
/* Add the id attribute if the user passed in an id attribute. */
if ($idAttribute !== NULL) {
assert('is_string($idAttribute)');
$objXMLSecDSig->idKeys[] = $idAttribute;
}
/* Locate the XMLDSig Signature element to be used. */
$signatureElement = $objXMLSecDSig->locateSignature($xmlNode);
if (!$signatureElement) {
throw new Exception('Could not locate XML Signature element.');
}
/* Canonicalize the XMLDSig SignedInfo element in the message. */
$objXMLSecDSig->canonicalizeSignedInfo();
/* Validate referenced xml nodes. */
if (!$objXMLSecDSig->validateReference()) {
throw new Exception('XMLsec: digest validation failed');
}
/* Find the key used to sign the document. */
$objKey = $objXMLSecDSig->locateKey();
if (empty($objKey)) {
throw new Exception('Error loading key to handle XML signature');
}
/* Load the key data. */
if ($publickey) {
$objKey->loadKey($publickey);
} else {
if (!XMLSecEnc::staticLocateKeyInfo($objKey, $signatureElement)) {
throw new Exception('Error finding key data for XML signature validation.');
}
}
/* Check the signature. */
if (!$objXMLSecDSig->verify($objKey)) {
throw new Exception("Unable to validate Signature");
}
/* Extract the certificate fingerprint. */
$this->x509Fingerprint = $objKey->getX509Fingerprint();
/* Find the list of validated nodes. */
$this->validNodes = $objXMLSecDSig->getValidatedNodes();
}
开发者ID:stefanotirati,项目名称:moodle-google-apps,代码行数:50,代码来源:Validator.php
示例8: is_valid
function is_valid()
{
$objXMLSecDSig = new XMLSecurityDSig();
$objDSig = $objXMLSecDSig->locateSignature($this->doc);
if (!$objDSig) {
throw new Exception("Cannot locate Signature Node");
//, 'error', FALSE
return false;
}
$objXMLSecDSig->canonicalizeSignedInfo();
$objXMLSecDSig->idKeys = array('ID');
$retVal = $objXMLSecDSig->validateReference();
if (!$retVal) {
throw new Exception("SAML Assertion Error: Reference Validation Failed");
//, 'error', FALSE
return false;
// throw new Exception("Reference Validation Failed");
}
$objKey = $objXMLSecDSig->locateKey();
if (!$objKey) {
throw new Exception("SAML Assertion Error: We have no idea about the key");
//, 'error', FALSE
return false;
// throw new Exception("We have no idea about the key");
}
$key = NULL;
$singleAssertion = $this->validateNumAssertions();
if (!$singleAssertion) {
throw new Exception("SAML Assertion Error: Only ONE SAML Assertion Allowed");
//, 'error', FALSE
return false;
// throw new Exception("Only ONE SamlAssertion allowed");
}
$validTimestamps = $this->validateTimestamps();
if (!$validTimestamps) {
throw new Exception("SAML Assertion Error: Check your timestamp conditions");
//, 'error', FALSE
return false;
// throw new Exception("Check your timestamp conditions");
}
$objKeyInfo = XMLSecEnc::staticLocateKeyInfo($objKey, $objDSig);
$objKey->loadKey($this->x509certificate, FALSE, true);
$result = $objXMLSecDSig->verify($objKey);
return $result;
}
开发者ID:stefanotirati,项目名称:moodle-google-apps,代码行数:45,代码来源:xmlsec.php
示例9: testGetValidatingCertificates
/**
* Test that signatures contain the corresponding public keys.
*/
public function testGetValidatingCertificates()
{
$certData = XMLSecurityDSig::staticGet509XCerts(SAML2_CertificatesMock::PUBLIC_KEY_PEM);
$certData = $certData[0];
$signedMockElementCopy = SAML2_Utils::copyElement($this->signedMockElement);
$signedMockElementCopy->ownerDocument->appendChild($signedMockElementCopy);
$tmp = new SAML2_SignedElementHelperMock($signedMockElementCopy);
$certs = $tmp->getValidatingCertificates();
$this->assertCount(1, $certs);
$this->assertEquals($certData, $certs[0]);
// Test with two certificates.
$tmpCert = '-----BEGIN CERTIFICATE-----
MIICsDCCAhmgAwIBAgIJALU2mjA9ULI2MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNV
BAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBX
aWRnaXRzIFB0eSBMdGQwHhcNMTAwODAzMDYzNTQ4WhcNMjAwODAyMDYzNTQ4WjBF
MQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50
ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKB
gQDG6q53nl3Gn/9JE+ZiCgEB+EPcGbvzi0NrBDkKz9SKBNflxKQ+De/OAVQ9RQZO
tEm/j0hoSCGO7maemOm1PVNtDuMchSroPs0L4szLhh6m1uMhw9RXqq34C+Cr7Wee
ZNPQTFnQhBYqnYM03/e3SeUawiZ7rGeAMJ/8BSk0CB1GAQIDAQABo4GnMIGkMB0G
A1UdDgQWBBRnHHPiQ/pV/xDZg3EBmU3ik64ORDB1BgNVHSMEbjBsgBRnHHPiQ/pV
/xDZg3EBmU3ik64ORKFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUt
U3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJALU2mjA9
ULI2MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAScv7ee6QajoSM4c4
+fX+eYdjHFsvtqHD0ng987viS8eGjIrRfKAMHVzzs1jSU0TxMM7WUFDf6FpjW+Do
r+X+X2Al/n6aDn7qAxXbl0RZuB+saxn+yFR6HFKggwkR1L2pimCuD0gTr6LlrNgf
edF1YfJgq35hcMMLY9RE/0C0bCI=
-----END CERTIFICATE-----';
$mock = new SAML2_SignedElementHelperMock();
$mock->setSignatureKey(SAML2_CertificatesMock::getPrivateKey());
$mock->setCertificates(array($tmpCert, SAML2_CertificatesMock::PUBLIC_KEY_PEM));
$this->signedMockElement = $mock->toSignedXML();
$tmp = new SAML2_SignedElementHelperMock($this->signedMockElement);
$certs = $tmp->getValidatingCertificates();
$this->assertCount(1, $certs);
$this->assertEquals($certData, $certs[0]);
}
开发者ID:Stony-Brook-University,项目名称:doitsbu,代码行数:40,代码来源:SignedElementHelperTest.php
示例10: is_valid
function is_valid()
{
$objXMLSecDSig = new XMLSecurityDSig();
$objDSig = $objXMLSecDSig->locateSignature($this->doc);
if (!$objDSig) {
throw new Exception("Cannot locate Signature Node");
}
$objXMLSecDSig->canonicalizeSignedInfo();
$objXMLSecDSig->idKeys = array('ID');
$retVal = $objXMLSecDSig->validateReference();
if (!$retVal) {
throw new Exception("Reference Validation Failed");
}
$objKey = $objXMLSecDSig->locateKey();
if (!$objKey) {
throw new Exception("We have no idea about the key");
}
$key = NULL;
$objKeyInfo = XMLSecEnc::staticLocateKeyInfo($objKey, $objDSig);
$objKey->loadKey($this->x509certificate, FALSE, true);
$result = $objXMLSecDSig->verify($objKey);
return $result;
}
开发者ID:sysraj86,项目名称:carnivalcrm,代码行数:23,代码来源:xmlsec.php
示例11: staticAdd509Cert
static function staticAdd509Cert($parentRef, $cert, $isPEMFormat = TRUE, $isURL = False, $xpath = NULL)
{
if ($isURL) {
$cert = file_get_contents($cert);
}
if (!$parentRef instanceof DOMElement) {
throw new Exception('Invalid parent Node parameter');
}
$baseDoc = $parentRef->ownerDocument;
if (empty($xpath)) {
$xpath = new DOMXPath($parentRef->ownerDocument);
$xpath->registerNamespace('secdsig', XMLSecurityDSig::XMLDSIGNS);
}
$query = "./secdsig:KeyInfo";
$nodeset = $xpath->query($query, $parentRef);
$keyInfo = $nodeset->item(0);
if (!$keyInfo) {
$inserted = FALSE;
$keyInfo = $baseDoc->createElementNS(XMLSecurityDSig::XMLDSIGNS, 'ds:KeyInfo');
$query = "./secdsig:Object";
$nodeset = $xpath->query($query, $parentRef);
if ($sObject = $nodeset->item(0)) {
$sObject->parentNode->insertBefore($keyInfo, $sObject);
$inserted = TRUE;
}
if (!$inserted) {
$parentRef->appendChild($keyInfo);
}
}
// Add all certs if there are more than one
$certs = XMLSecurityDSig::staticGet509XCerts($cert, $isPEMFormat);
// Atach X509 data node
$x509DataNode = $baseDoc->createElementNS(XMLSecurityDSig::XMLDSIGNS, 'ds:X509Data');
$keyInfo->appendChild($x509DataNode);
// Atach all certificate nodes
foreach ($certs as $X509Cert) {
$x509CertNode = $baseDoc->createElementNS(XMLSecurityDSig::XMLDSIGNS, 'ds:X509Certificate', $X509Cert);
$x509DataNode->appendChild($x509CertNode);
}
}
开发者ID:MexinaD,项目名称:SuiteCRM,代码行数:40,代码来源:xmlseclibs.php
示例12: __construct
/**
* This function initializes the validator.
*
* This function accepts an optional parameter $publickey, which is the public key
* or certificate which should be used to validate the signature. This parameter can
* take the following values:
* - NULL/FALSE: No validation will be performed. This is the default.
* - A string: Assumed to be a PEM-encoded certificate / public key.
* - An array: Assumed to be an array returned by SimpleSAML_Utilities::loadPublicKey.
*
* @param DOMNode $xmlNode The XML node which contains the Signature element.
* @param string|array $idAttribute The ID attribute which is used in node references. If
* this attribute is NULL (the default), then we will use whatever is the default
* ID. Can be eigther a string with one value, or an array with multiple ID
* attrbute names.
* @param array $publickey The public key / certificate which should be used to validate the XML node.
*/
public function __construct($xmlNode, $idAttribute = NULL, $publickey = FALSE)
{
assert('$xmlNode instanceof DOMNode');
if ($publickey === NULL) {
$publickey = FALSE;
} elseif (is_string($publickey)) {
$publickey = array('PEM' => $publickey);
} else {
assert('$publickey === FALSE || is_array($publickey)');
}
/* Create an XML security object. */
$objXMLSecDSig = new XMLSecurityDSig();
/* Add the id attribute if the user passed in an id attribute. */
if ($idAttribute !== NULL) {
if (is_string($idAttribute)) {
$objXMLSecDSig->idKeys[] = $idAttribute;
} elseif (is_array($idAttribute)) {
foreach ($idAttribute as $ida) {
$objXMLSecDSig->idKeys[] = $ida;
}
}
}
/* Locate the XMLDSig Signature element to be used. */
$signatureElement = $objXMLSecDSig->locateSignature($xmlNode);
if (!$signatureElement) {
throw new Exception('Could not locate XML Signature element.');
}
/* Canonicalize the XMLDSig SignedInfo element in the message. */
$objXMLSecDSig->canonicalizeSignedInfo();
/* Validate referenced xml nodes. */
if (!$objXMLSecDSig->validateReference()) {
throw new Exception('XMLsec: digest validation failed');
}
/* Find the key used to sign the document. */
$objKey = $objXMLSecDSig->locateKey();
if (empty($objKey)) {
throw new Exception('Error loading key to handle XML signature');
}
/* Load the key data. */
if ($publickey !== FALSE && array_key_exists('PEM', $publickey)) {
/* We have PEM data for the public key / certificate. */
$objKey->loadKey($publickey['PEM']);
} else {
/* No PEM data. Search for key in signature. */
if (!XMLSecEnc::staticLocateKeyInfo($objKey, $signatureElement)) {
throw new Exception('Error finding key data for XML signature validation.');
}
if ($publickey !== FALSE) {
/* $publickey is set, and should therefore contain one or more fingerprints.
* Check that the response contains a certificate with a matching
* fingerprint.
*/
assert('is_array($publickey["certFingerprint"])');
$certificate = $objKey->getX509Certificate();
if ($certificate === NULL) {
/* Wasn't signed with an X509 certificate. */
throw new Exception('Message wasn\'t signed with an X509 certificate,' . ' and no public key was provided in the metadata.');
}
self::validateCertificateFingerprint($certificate, $publickey['certFingerprint']);
/* Key OK. */
}
}
/* Check the signature. */
if (!$objXMLSecDSig->verify($objKey)) {
throw new Exception("Unable to validate Signature");
}
/* Extract the certificate. */
$this->x509Certificate = $objKey->getX509Certificate();
/* Find the list of validated nodes. */
$this->validNodes = $objXMLSecDSig->getValidatedNodes();
}
开发者ID:danielkjfrog,项目名称:docker,代码行数:88,代码来源:Validator.php
示例13: processSignature
public function processSignature($refNode)
{
$objXMLSecDSig = new XMLSecurityDSig();
$objXMLSecDSig->idKeys[] = 'wswsu:Id';
$objXMLSecDSig->idNS['wswsu'] = WSSESoapServer::WSUNS;
$objXMLSecDSig->sigNode = $refNode;
/* Canonicalize the signed info */
$objXMLSecDSig->canonicalizeSignedInfo();
$retVal = $objXMLSecDSig->validateReference();
if (!$retVal) {
throw new Exception("Validation Failed");
}
$key = NULL;
$objKey = $objXMLSecDSig->locateKey();
if ($objKey) {
if ($objKeyInfo = XMLSecEnc::staticLocateKeyInfo($objKey, $refNode)) {
/* Handle any additional key processing such as encrypted keys here */
}
}
if (empty($objKey)) {
throw new Exception("Error loading key to handle Signature");
}
do {
if (empty($objKey->key)) {
$this->SOAPXPath->registerNamespace('xmlsecdsig', XMLSecurityDSig::XMLDSIGNS);
$query = "./xmlsecdsig:KeyInfo/wswsse:SecurityTokenReference/wswsse:Reference";
$nodeset = $this->SOAPXPath->query($query, $refNode);
if ($encmeth = $nodeset->item(0)) {
if ($uri = $encmeth->getAttribute("URI")) {
$arUrl = parse_url($uri);
if (empty($arUrl['path']) && ($identifier = $arUrl['fragment'])) {
$query = '//wswsse:BinarySecurityToken[@wswsu:Id="' . $identifier . '"]';
$nodeset = $this->SOAPXPath->query($query);
if ($encmeth = $nodeset->item(0)) {
$x509cert = $encmeth->textContent;
$x509cert = str_replace(array("\r", "\n"), "", $x509cert);
$x509cert = "-----BEGIN CERTIFICATE-----\n" . chunk_split($x509cert, 64, "\n") . "-----END CERTIFICATE-----\n";
$objKey->loadKey($x509cert);
break;
}
}
}
}
throw new Exception("Error loading key to handle Signature");
}
} while (0);
if (!$objXMLSecDSig->verify($objKey)) {
throw new Exception("Unable to validate Signature");
}
return TRUE;
}
开发者ID:binondord,项目名称:wse-php,代码行数:51,代码来源:soap-server-wsse.php
示例14: insertSignature
/**
* Insert a Signature-node.
*
* @param XMLSecurityKey $key The key we should use to sign the message.
* @param array $certificates The certificates we should add to the signature node.
* @param DOMElement $root The XML node we should sign.
* @param DomElement $insertBefore The XML element we should insert the signature element before.
*/
public static function insertSignature(XMLSecurityKey $key, array $certificates, DOMElement $root, DOMNode $insertBefore = NULL)
{
$objXMLSecDSig = new XMLSecurityDSig();
$objXMLSecDSig->setCanonicalMethod(XMLSecurityDSig::EXC_C14N);
$objXMLSecDSig->addReferenceList(array($root), XMLSecurityDSig::SHA1, array('http://www.w3.org/2000/09/xmldsig#enveloped-signature', XMLSecurityDSig::EXC_C14N), array('id_name' => 'ID'));
$objXMLSecDSig->sign($key);
foreach ($certificates as $certificate) {
$objXMLSecDSig->add509Cert($certificate, TRUE);
}
$objXMLSecDSig->insertSignature($root, $insertBefore);
}
开发者ID:filonuse,项目名称:fedlab,代码行数:19,代码来源:Utils.php
示例15: staticAddBes
static function staticAddBes($parentRef, $cert, $isPEMFormat = TRUE, $isURL = False, $xpath = NULL, $digest = NULL)
{
if ($isURL) {
$cert = file_get_contents($cert);
}
if (!$parentRef instanceof DOMElement) {
throw new Exception('Invalid parent Node parameter');
}
$baseDoc = $parentRef->ownerDocument;
// Add all certs if there are more than one
$certs = XMLSecurityDSig::staticGet509XCerts($cert, $isPEMFormat);
// Attach X509 data node
//$objectNode = $baseDoc->createElementNS(XMLSecurityDSig::XMLDSIGNS, 'ds:Object');
$objectNode = $baseDoc->createElementNS(XMLSecurityDSig::XMLDSIGNS, 'ds:Object');
$parentRef->appendChild($objectNode);
$qProps = $baseDoc->createElement('QualifyingProperties');
$qProps->setAttribute('xmlns:xsi', 'http://www.w3.org/2001/XMLSchema-instance');
$qProps->setAttribute('xmlns:xsd', 'http://www.w3.org/2001/XMLSchema');
$qProps->setAttribute('xmlns', 'http://uri.etsi.org/01903/v1.1.1#');
$qProps->setAttribute('Target', '#SignatureId');
$objectNode->appendChild($qProps);
$SignedProps = $baseDoc->createElement('SignedProperties');
$SignedProps->setAttribute('Id', 'SignedPropertiesId');
$qProps->appendChild($SignedProps);
$SignedSignatureProperties = $baseDoc->createElement('SignedSignatureProperties');
$SignedProps->appendChild($SignedSignatureProperties);
$SigningTime = $baseDoc->createElement('SigningTime', date('c', strtotime('2014-01-27')));
$SignedSignatureProperties->appendChild($SigningTime);
$SigningCertificate = $baseDoc->createElement('SigningCertificate');
$SignedSignatureProperties->appendChild($SigningCertificate);
$Cert = $baseDoc->createElement('Cert');
$SigningCertificate->appendChild($Cert);
$CertDigest = $baseDoc->createElement('CertDigest');
$Cert->appendChild($CertDigest);
$DigestMethod = $baseDoc->createElement('DigestMethod');
$DigestMethodAttrAlgorithm = $baseDoc->createAttribute('Algorithm');
$DigestMethodAttrAlgorithm->value = self::SHA1;
$DigestMethod->appendChild($DigestMethodAttrAlgorithm);
$CertDigest->appendChild($DigestMethod);
$DigestValue = $baseDoc->createElement('DigestValue', $digest);
$CertDigest->appendChild($DigestValue);
// ADD CERS
foreach ($certs as $X509Cert) {
if ($certData = openssl_x509_parse("-----BEGIN CERTIFICATE-----\n" . chunk_split($X509Cert, 64, "\n") . "-----END CERTIFICATE-----\n")) {
if (!empty($certData['issuer']) && !empty($certData['serialNumber'])) {
if (is_array($certData['issuer'])) {
$parts = array();
foreach ($certData['issuer'] as $key => $value) {
array_unshift($parts, "{$key}={$value}");
}
$issuerName = implode(', ', $parts);
} else {
$issuerName = $certData['issuer'];
}
$IssuerSerial = $baseDoc->createElement('IssuerSerial');
$Cert->appendChild($IssuerSerial);
$x509Node = $baseDoc->createElement('X509IssuerName', $issuerName);
$x509NodeAttr = $baseDoc->createAttribute('xmlns');
$x509NodeAttr->value = 'http://www.w3.org/2000/09/xmldsig#';
$x509Node->appendChild($x509NodeAttr);
$IssuerSerial->appendChild($x509Node);
$x509Node = $baseDoc->createElement('X509SerialNumber', $certData['serialNumber']);
$x509NodeAttr = $baseDoc->createAttribute('xmlns');
$x509NodeAttr->value = 'http://www.w3.org/2000/09/xmldsig#';
$x509Node->appendChild($x509NodeAttr);
$IssuerSerial->appendChild($x509Node);
}
}
}
$SignaturePolicyIdentifier = $baseDoc->createElement('SignaturePolicyIdentifier');
$SignedSignatureProperties->appendChild($SignaturePolicyIdentifier);
$SignaturePolicyImplied = $baseDoc->createElement('SignaturePolicyImplied');
$SignaturePolicyIdentifier->appendChild($SignaturePolicyImplied);
return $SignedProps;
}
开发者ID:malamalca,项目名称:lil-documents,代码行数:75,代码来源:xmlseclibs_bes3.php
示例16: sign
/**
* Signs the given metadata if metadata signing is enabled.
*
* @param string $metadataString A string with the metadata.
* @param array $entityMetadata The metadata of the entity.
* @param string $type A string which describes the type entity this is, e.g. 'SAML 2 IdP' or 'Shib 1.3 SP'.
*
* @return string The $metadataString with the signature embedded.
* @throws Exception If the certificate or private key cannot be loaded, or the metadata doesn't parse properly.
*/
public static function sign($metadataString, $entityMetadata, $type)
{
$config = SimpleSAML_Configuration::getInstance();
// check if metadata signing is enabled
if (!self::isMetadataSigningEnabled($config, $entityMetadata, $type)) {
return $metadataString;
}
// find the key & certificate which should be used to sign the metadata
$keyCertFiles = self::findKeyCert($config, $entityMetadata, $type);
$keyFile = \SimpleSAML\Utils\Config::getCertPath($keyCertFiles['privatekey']);
if (!file_exists($keyFile)) {
throw new Exception('Could not find private key file [' . $keyFile . '], which is needed to sign the metadata');
}
$keyData = file_get_contents($keyFile);
$certFile = \SimpleSAML\Utils\Config::getCertPath($keyCertFiles['certificate']);
if (!file_exists($certFile)) {
throw new Exception('Could not find certificate file [' . $certFile . '], which is needed to sign the metadata');
}
$certData = file_get_contents($certFile);
// convert the metadata to a DOM tree
try {
$xml = SAML2_DOMDocumentFactory::fromString($metadataString);
} catch (Exception $e) {
throw new Exception('Error parsing self-generated metadata.');
}
// load the private key
$objKey = new XMLSecurityKey(XMLSecurityKey::RSA_SHA1, array('type' => 'private'));
if (array_key_exists('privatekey_pass', $keyCertFiles)) {
$objKey->passphrase = $keyCertFiles['privatekey_pass'];
}
$objKey->loadKey($keyData, false);
// get the EntityDescriptor node we should sign
$rootNode = $xml->firstChild;
// sign the metadata with our private key
if ($type == 'ADFS IdP') {
$objXMLSecDSig = new sspmod_adfs_XMLSecurityDSig($metadataString);
} else {
$objXMLSecDSig = new XMLSecurityDSig();
}
$objXMLSecDSig->setCanonicalMethod(XMLSecurityDSig::EXC_C14N);
$objXMLSecDSig->addReferenceList(array($rootNode), XMLSecurityDSig::SHA1, array('http://www.w3.org/2000/09/xmldsig#enveloped-signature', XMLSecurityDSig::EXC_C14N), array('id_name' => 'ID'));
$objXMLSecDSig->sign($objKey);
// add the certificate to the signature
$objXMLSecDSig->add509Cert($certData, true);
// add the signature to the metadata
$objXMLSecDSig->insertSignature($rootNode, $rootNode->firstChild);
// return the DOM tree as a string
return $xml->saveXML();
}
开发者ID:PitcherAG,项目名称:simplesamlphp,代码行数:59,代码来源:Signer.php
示例17: mPayAttachCertificateInfo
public function mPayAttachCertificateInfo($cert, $isPEMFormat = TRUE)
{
$data = XMLSecurityDSig::get509XCert($cert, $isPEMFormat);
$certData = openssl_x509_parse("-----BEGIN CERTIFICATE-----\n" . chunk_split($data, 64, "\n") . "-----END CERTIFICATE-----\n");
$objXMLSecDSig = new XMLSecurityDSig();
if ($objDSig = $objXMLSecDSig->locateSignature($this->soapDoc)) {
$this->SOAPXPath->registerNamespace('secdsig', XMLSecurityDSig::XMLDSIGNS);
$query = "./secdsig:KeyInfo";
$nodeset = $this->SOAPXPath->query($query, $objDSig);
$keyInfo = $nodeset->item(0);
if (!$keyInfo) {
$keyInfo = $objXMLSecDSig->createNewSignNode('KeyInfo');
$objDSig->appendChild($keyInfo);
}
$tokenRef = $this->soapDoc->createElementNS(WSSESoap::WSSENS, WSSESoap::WSSEPFX . ':SecurityTokenReference');
$keyInfo->appendChild($tokenRef);
$xdata = $this->soapDoc->createElementNS(XMLSecurityDSig::XMLDSIGNS, 'ds:X509Data');
$tokenRef->appendChild($xdata);
$serial = $this->soapDoc->createElementNS(XMLSecurityDSig::XMLDSIGNS, 'ds:X509IssuerSerial');
$xdata->appendChild($serial);
if (!empty($certData['issuer']) && !empty($certData['serialNumber'])) {
if (is_array($certData['issuer'])) {
$parts = array();
foreach ($certData['issuer'] as $key => $value) {
array_unshift($parts, "{$key}={$value}");
}
$issuerName = implode(',', $parts);
} else {
$issuerName = $certData['issuer'];
}
$issuer_name_x = $this->soapDoc->createElementNS(XMLSecurityDSig::XMLDSIGNS, 'ds:X509IssuerName', $issuerName);
$serial->appendChild($issuer_name_x);
$serial_number = $this->soapDoc->createElementNS(XMLSecurityDSig::XMLDSIGNS, 'ds:X509SerialNumber', $certData['serialNumber']);
$serial->appendChild($serial_number);
}
} else {
throw new Exception('Unable to locate digital signature');
}
}
开发者ID:Deeplace,项目名称:mpay_integration,代码行数:39,代码来源:soap-wsse.php
示例18: sign_document
/**
* Sign the specified DOMDocument
*
* @see https://github.com/Maks3w/xmlseclibs/blob/v1.3.0/tests/xml-sign.phpt
*
* @param DOMDocument $document
* @return DOMDocument
*/
private function sign_document(DOMDocument $document)
{
$result = false;
try {
$dsig = new XMLSecurityDSig();
// For canonicalization purposes the exclusive (9) algorithm must be used.
// @see http://pronamic.nl/wp-content/uploads/2012/12/iDEAL-Merchant-Integration-Guide-ENG-v3.3.1.pdf #page 30
$dsig->setCanonicalMethod(XMLSecurityDSig::EXC_C14N);
// For hashing purposes the SHA-256 (11) algorithm must be used.
// @see http://pronamic.nl/wp-content/uploads/2012/12/iDEAL-Merchant-Integration-Guide-ENG-v3.3.1.pdf #page 30
$dsig->addReference($document, XMLSecurityDSig::SHA256, array('http://www.w3.org/2000/09/xmldsig#enveloped-signature'), array('force_uri' => true));
// For signature purposes the RSAWithSHA 256 (12) algorithm must be used.
// @see http://pronamic.nl/wp-content/uploads/2012/12/iDEAL-Merchant-Integration-Guide-ENG-v3.3.1.pdf #page 31
$key = new XMLSecurityKey(XMLSecurityKey::RSA_SHA256, array('type' => 'private'));
$key->passphrase = $this->private_key_password;
$key->loadKey($this->private_key);
// Test if we can get an private key object, to prefent the following errors:
// Warning: openssl_sign() [function.openssl-sign]: supplied key param cannot be coerced into a private key
$result = openssl_get_privatekey($this->private_key, $this->private_key_password);
if (false !== $result) {
// Sign
$dsig->sign($key);
// The public key must be referenced using a fingerprint of an X.509
// certificate. The fingerprint must be calculated according
// to the following formula HEX(SHA-1(DER certificate)) (13)
// @see http://pronamic.nl/wp-content/uploads/2012/12/iDEAL-Merchant-Integration-Guide-ENG-v3.3.1.pdf #page 31
$fingerprint = Pronamic_WP_Pay_Gateways_IDealAdvanced_Security::getShaFingerprint($this->private_certificate);
$dsig->addKeyInfoAndName($fingerprint);
// Add the signature
$dsig->appendSignature($document->documentElement);
$result = $document;
} else {
throw new Exception('Can not load private key');
}
} catch (Exception $e) {
$this->error = new WP_Error('xml_security', $e->getMessage(), $e);
}
return $result;
}
开发者ID:daanbakker1995,项目名称:vanteun,代码行数:47,代码来源:Client.php
示例19: findCertificate
public function findCertificate($refNode)
{
$objXMLSecDSig = new XMLSecurityDSig();
$objXMLSecDSig->idKeys[] = 'wswsu:Id';
$objXMLSecDSig->idNS['wswsu'] = WSSESoapServer::WSUNS;
$objXMLSecDSig->sigNode = $refNode;
/* Canonicalize the signed info */
$objXMLSecDSig->canonicalizeSignedInfo();
$key = NULL;
$objKey = $objXMLSecDSig->locateKey();
if (empty($objKey)) {
throw new Exception("Error loading key to handle Signature");
}
do {
if (empty($objKey->key)) {
$this->SOAPXPath->registerNamespace('xmlsecdsig', XMLSecurityDSig::XMLDSIGNS);
$query = "./xmlsecdsig:KeyInfo/wswsse:SecurityTokenReference/wswsse:Reference";
$nodeset = $this->SOAPXPath->query($query, $refNode);
if ($encmeth = $nodeset->item(0)) {
if ($uri = $encmeth->getAttribute("URI")) {
$arUrl = parse_url($uri);
if (empty($arUrl['path']) && ($identifier = $arUrl['fragment'])) {
$query = '//wswsse:BinarySecurityToken[@wswsu:Id="' . $identifier . '"]';
$nodeset = $this->SOAPXPath->query($query);
if ($encmeth = $nodeset->item(0)) {
$x509cert = $encmeth->textContent;
if (!$x509cert) {
return FALSE;
}
$x509cert = str_replace(array("\r", "\n"), "", $x509cert);
$x509cert = "-----BEGIN CERTIFICATE-----\n" . chunk_split($x509cert, 64, "\n") . "-----END CERTIFICATE-----\n";
return $x509cert;
}
}
}
}
throw new Exception("Error loading key to handle Signature");
}
} while (0);
return FALSE;
}
开发者ID:Deeplace,项目名 |
客服电话
APP下载
官方微信
请发表评论