RobRichards\XMLSecLibs\XMLSecurityDSig Class Reference

xmlseclibs.php More...

Collaboration diagram for RobRichards\XMLSecLibs\XMLSecurityDSig:

Public Member Functions
	__construct ($prefix='ds')
	locateSignature ($objDoc, $pos=0)
	createNewSignNode ($name, $value=null)
	setCanonicalMethod ($method)
	canonicalizeSignedInfo ()
	calculateDigest ($digestAlgorithm, $data, $encode=true)
	validateDigest ($refNode, $data)
	processTransforms ($refNode, $objData, $includeCommentNodes=true)
	processRefNode ($refNode)
	getRefNodeID ($refNode)
	getRefIDs ()
	validateReference ()
	addReference ($node, $algorithm, $arTransforms=null, $options=null)
	addReferenceList ($arNodes, $algorithm, $arTransforms=null, $options=null)
	addObject ($data, $mimetype=null, $encoding=null)
	locateKey ($node=null)
	verify ($objKey)
	Returns: Bool when verifying HMAC_SHA1; Int otherwise, with following meanings: 1 on succesful signature verification, 0 when signature verification failed, -1 if an error occurred during processing. More...
	signData ($objKey, $data)
	sign ($objKey, $appendToNode=null)
	appendCert ()
	appendKey ($objKey, $parent=null)
	insertSignature ($node, $beforeNode=null)
	This function inserts the signature element. More...
	appendSignature ($parentNode, $insertBefore=false)
	add509Cert ($cert, $isPEMFormat=true, $isURL=false, $options=null)
	appendToKeyInfo ($node)
	This function appends a node to the KeyInfo. More...
	getValidatedNodes ()
	This function retrieves an associative array of the validated nodes. More...

Static Public Member Functions
static	generateGUID ($prefix='pfx')
	Generate guid. More...
static	generate_GUID ($prefix='pfx')
	Generate guid. More...
static	get509XCert ($cert, $isPEMFormat=true)
static	staticGet509XCerts ($certs, $isPEMFormat=true)
static	staticAdd509Cert ($parentRef, $cert, $isPEMFormat=true, $isURL=false, $xpath=null, $options=null)

Data Fields
const	XMLDSIGNS = 'http://www.w3.org/2000/09/xmldsig#'
const	SHA1 = 'http://www.w3.org/2000/09/xmldsig#sha1'
const	SHA256 = 'http://www.w3.org/2001/04/xmlenc#sha256'
const	SHA384 = 'http://www.w3.org/2001/04/xmldsig-more#sha384'
const	SHA512 = 'http://www.w3.org/2001/04/xmlenc#sha512'
const	RIPEMD160 = 'http://www.w3.org/2001/04/xmlenc#ripemd160'
const	C14N = 'http://www.w3.org/TR/2001/REC-xml-c14n-20010315'
const	C14N_COMMENTS = 'http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments'
const	EXC_C14N = 'http://www.w3.org/2001/10/xml-exc-c14n#'
const	EXC_C14N_COMMENTS = 'http://www.w3.org/2001/10/xml-exc-c14n#WithComments'
const	template
const	BASE_TEMPLATE
	$sigNode = null
	$idKeys = array()
	$idNS = array()

Private Member Functions
	resetXPathObj ()
	Reset the XPathObj to null. More...
	getXPathObj ()
	Returns the XPathObj or null if xPathCtx is set and sigNode is empty. More...
	canonicalizeData ($node, $canonicalmethod, $arXPath=null, $prefixList=null)
	addRefInternal ($sinfoNode, $node, $algorithm, $arTransforms=null, $options=null)

Private Attributes
	$signedInfo = null
	$xPathCtx = null
	$canonicalMethod = null
	$prefix = ''
	$searchpfx = 'secdsig'
	$validatedNodes = null

Detailed Description

xmlseclibs.php

Copyright (c) 2007-2019, Robert Richards rrich.nosp@m.ards.nosp@m.@cdat.nosp@m.azon.nosp@m.e.org. All rights reserved.

Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met:

• Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer.
• Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution.
• Neither the name of Robert Richards nor the names of his contributors may be used to endorse or promote products derived from this software without specific prior written permission.

THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.

Author

Robert Richards rrich.nosp@m.ards.nosp@m.@cdat.nosp@m.azon.nosp@m.e.org

Copyright

2007-2019 Robert Richards rrich.nosp@m.ards.nosp@m.@cdat.nosp@m.azon.nosp@m.e.org @license http://www.opensource.org/licenses/bsd-license.php BSD License

Definition at line 51 of file XMLSecurityDSig.php.

Constructor & Destructor Documentation

__construct()

RobRichards\XMLSecLibs\XMLSecurityDSig::__construct

(

$prefix = 'ds'

)

Parameters

string

$prefix

Definition at line 110 of file XMLSecurityDSig.php.

    {
        $template = self::BASE_TEMPLATE;
        if (! empty($prefix)) {
            $this->prefix = $prefix.':';
            $search = array("<S", "</S", "xmlns=");
            $replace = array("<$prefix:S", "</$prefix:S", "xmlns:$prefix=");
            $template = str_replace($search, $replace, $template);
        }
        $sigdoc = new DOMDocument();
        $sigdoc->loadXML($template);
        $this->sigNode = $sigdoc->documentElement;
    }

References RobRichards\XMLSecLibs\XMLSecurityDSig\$prefix, $template, and RobRichards\XMLSecLibs\XMLSecurityDSig\BASE_TEMPLATE.

Member Function Documentation

add509Cert()

RobRichards\XMLSecLibs\XMLSecurityDSig::add509Cert	(		$cert,
			$isPEMFormat = true,
			$isURL = false,
			$options = null
	)

Parameters

string	$cert
bool	$isPEMFormat
bool	$isURL
null | array	$options

Definition at line 1079 of file XMLSecurityDSig.php.

    {
        if ($xpath = $this->getXPathObj()) {
            self::staticAdd509Cert($this->sigNode, $cert, $isPEMFormat, $isURL, $xpath, $options);
        }
    }

References PHPMailer\PHPMailer\$options, RobRichards\XMLSecLibs\XMLSecurityDSig\getXPathObj(), and RobRichards\XMLSecLibs\XMLSecurityDSig\staticAdd509Cert().

Here is the call graph for this function:

addObject()

RobRichards\XMLSecLibs\XMLSecurityDSig::addObject	(		$data,
			$mimetype = null,
			$encoding = null
	)

Parameters

DOMElement | string	$data
null | string	$mimetype
null | string	$encoding

Returns

DOMElement

Definition at line 734 of file XMLSecurityDSig.php.

    {
        $objNode = $this->createNewSignNode('Object');
        $this->sigNode->appendChild($objNode);
        if (! empty($mimetype)) {
            $objNode->setAttribute('MimeType', $mimetype);
        }
        if (! empty($encoding)) {
            $objNode->setAttribute('Encoding', $encoding);
        }
 
        if ($data instanceof DOMElement) {
            $newData = $this->sigNode->ownerDocument->importNode($data, true);
        } else {
            $newData = $this->sigNode->ownerDocument->createTextNode($data);
        }
        $objNode->appendChild($newData);
 
        return $objNode;
    }

References $data, and RobRichards\XMLSecLibs\XMLSecurityDSig\createNewSignNode().

Here is the call graph for this function:

addReference()

RobRichards\XMLSecLibs\XMLSecurityDSig::addReference	(		$node,
			$algorithm,
			$arTransforms = null,
			$options = null
	)

Parameters

DOMDocument	$node
string	$algorithm
null | array	$arTransforms
null | array	$options

Definition at line 698 of file XMLSecurityDSig.php.

    {
        if ($xpath = $this->getXPathObj()) {
            $query = "./secdsig:SignedInfo";
            $nodeset = $xpath->query($query, $this->sigNode);
            if ($sInfo = $nodeset->item(0)) {
                $this->addRefInternal($sInfo, $node, $algorithm, $arTransforms, $options);
            }
        }
    }

References PHPMailer\PHPMailer\$options, $query, RobRichards\XMLSecLibs\XMLSecurityDSig\addRefInternal(), and RobRichards\XMLSecLibs\XMLSecurityDSig\getXPathObj().

Here is the call graph for this function:

addReferenceList()

RobRichards\XMLSecLibs\XMLSecurityDSig::addReferenceList	(		$arNodes,
			$algorithm,
			$arTransforms = null,
			$options = null
	)

Parameters

array	$arNodes
string	$algorithm
null | array	$arTransforms
null | array	$options

Definition at line 715 of file XMLSecurityDSig.php.

    {
        if ($xpath = $this->getXPathObj()) {
            $query = "./secdsig:SignedInfo";
            $nodeset = $xpath->query($query, $this->sigNode);
            if ($sInfo = $nodeset->item(0)) {
                foreach ($arNodes AS $node) {
                    $this->addRefInternal($sInfo, $node, $algorithm, $arTransforms, $options);
                }
            }
        }
    }

References PHPMailer\PHPMailer\$options, $query, RobRichards\XMLSecLibs\XMLSecurityDSig\addRefInternal(), and RobRichards\XMLSecLibs\XMLSecurityDSig\getXPathObj().

Here is the call graph for this function:

addRefInternal()

RobRichards\XMLSecLibs\XMLSecurityDSig::addRefInternal (   $sinfoNode,   $node,   $algorithm,   $arTransforms = null,   $options = null  )

private

Parameters

DOMNode	$sinfoNode
DOMDocument	$node
string	$algorithm
null | array	$arTransforms
null | array	$options

Definition at line 615 of file XMLSecurityDSig.php.

    {
        $prefix = null;
        $prefix_ns = null;
        $id_name = 'Id';
        $overwrite_id  = true;
        $force_uri = false;
 
        if (is_array($options)) {
            $prefix = empty($options['prefix']) ? null : $options['prefix'];
            $prefix_ns = empty($options['prefix_ns']) ? null : $options['prefix_ns'];
            $id_name = empty($options['id_name']) ? 'Id' : $options['id_name'];
            $overwrite_id = !isset($options['overwrite']) ? true : (bool) $options['overwrite'];
            $force_uri = !isset($options['force_uri']) ? false : (bool) $options['force_uri'];
        }
 
        $attname = $id_name;
        if (! empty($prefix)) {
            $attname = $prefix.':'.$attname;
        }
 
        $refNode = $this->createNewSignNode('Reference');
        $sinfoNode->appendChild($refNode);
 
        if (! $node instanceof DOMDocument) {
            $uri = null;
            if (! $overwrite_id) {
                $uri = $prefix_ns ? $node->getAttributeNS($prefix_ns, $id_name) : $node->getAttribute($id_name);
            }
            if (empty($uri)) {
                $uri = self::generateGUID();
                $node->setAttributeNS($prefix_ns, $attname, $uri);
            }
            $refNode->setAttribute("URI", '#'.$uri);
        } elseif ($force_uri) {
            $refNode->setAttribute("URI", '');
        }
 
        $transNodes = $this->createNewSignNode('Transforms');
        $refNode->appendChild($transNodes);
 
        if (is_array($arTransforms)) {
            foreach ($arTransforms AS $transform) {
                $transNode = $this->createNewSignNode('Transform');
                $transNodes->appendChild($transNode);
                if (is_array($transform) &&
                    (! empty($transform['http://www.w3.org/TR/1999/REC-xpath-19991116'])) &&
                    (! empty($transform['http://www.w3.org/TR/1999/REC-xpath-19991116']['query']))) {
                    $transNode->setAttribute('Algorithm', 'http://www.w3.org/TR/1999/REC-xpath-19991116');
                    $XPathNode = $this->createNewSignNode('XPath', $transform['http://www.w3.org/TR/1999/REC-xpath-19991116']['query']);
                    $transNode->appendChild($XPathNode);
                    if (! empty($transform['http://www.w3.org/TR/1999/REC-xpath-19991116']['namespaces'])) {
                        foreach ($transform['http://www.w3.org/TR/1999/REC-xpath-19991116']['namespaces'] AS $prefix => $namespace) {
                            $XPathNode->setAttributeNS("http://www.w3.org/2000/xmlns/", "xmlns:$prefix", $namespace);
                        }
                    }
                } else {
                    $transNode->setAttribute('Algorithm', $transform);
                }
            }
        } elseif (! empty($this->canonicalMethod)) {
            $transNode = $this->createNewSignNode('Transform');
            $transNodes->appendChild($transNode);
            $transNode->setAttribute('Algorithm', $this->canonicalMethod);
        }
 
        $canonicalData = $this->processTransforms($refNode, $node);
        $digValue = $this->calculateDigest($algorithm, $canonicalData);
 
        $digestMethod = $this->createNewSignNode('DigestMethod');
        $refNode->appendChild($digestMethod);
        $digestMethod->setAttribute('Algorithm', $algorithm);
 
        $digestValue = $this->createNewSignNode('DigestValue', $digValue);
        $refNode->appendChild($digestValue);
    }

References $namespace, PHPMailer\PHPMailer\$options, RobRichards\XMLSecLibs\XMLSecurityDSig\$prefix, RobRichards\XMLSecLibs\XMLSecurityDSig\calculateDigest(), RobRichards\XMLSecLibs\XMLSecurityDSig\createNewSignNode(), RobRichards\XMLSecLibs\XMLSecurityDSig\generateGUID(), and RobRichards\XMLSecLibs\XMLSecurityDSig\processTransforms().

Referenced by RobRichards\XMLSecLibs\XMLSecurityDSig\addReference(), and RobRichards\XMLSecLibs\XMLSecurityDSig\addReferenceList().

Here is the call graph for this function:

Here is the caller graph for this function:

appendCert()

RobRichards\XMLSecLibs\XMLSecurityDSig::appendCert

(

)

Definition at line 855 of file XMLSecurityDSig.php.

    {
 
    }

appendKey()

RobRichards\XMLSecLibs\XMLSecurityDSig::appendKey	(		$objKey,
			$parent = null
	)

Parameters

XMLSecurityKey	$objKey
null | DOMNode	$parent

Definition at line 864 of file XMLSecurityDSig.php.

    {
        $objKey->serializeKey($parent);
    }

appendSignature()

RobRichards\XMLSecLibs\XMLSecurityDSig::appendSignature	(		$parentNode,
			$insertBefore = false
	)

Parameters

DOMNode	$parentNode
bool	$insertBefore

Returns

DOMNode

Definition at line 899 of file XMLSecurityDSig.php.

    {
        $beforeNode = $insertBefore ? $parentNode->firstChild : null;
        return $this->insertSignature($parentNode, $beforeNode);
    }

References RobRichards\XMLSecLibs\XMLSecurityDSig\insertSignature().

Referenced by RobRichards\XMLSecLibs\XMLSecurityDSig\sign().

Here is the call graph for this function:

Here is the caller graph for this function:

appendToKeyInfo()

RobRichards\XMLSecLibs\XMLSecurityDSig::appendToKeyInfo

(

$node

)

This function appends a node to the KeyInfo.

The KeyInfo element will be created if one does not exist in the document.

Parameters

DOMNode

$node

The node to append to the KeyInfo.

Returns

DOMNode The KeyInfo element node

Definition at line 1095 of file XMLSecurityDSig.php.

    {
        $parentRef = $this->sigNode;
        $baseDoc = $parentRef->ownerDocument;
 
        $xpath = $this->getXPathObj();
        if (empty($xpath)) {
            $xpath = new DOMXPath($parentRef->ownerDocument);
            $xpath->registerNamespace('secdsig', self::XMLDSIGNS);
        }
 
        $query = "./secdsig:KeyInfo";
        $nodeset = $xpath->query($query, $parentRef);
        $keyInfo = $nodeset->item(0);
        if (! $keyInfo) {
            $dsig_pfx = '';
            $pfx = $parentRef->lookupPrefix(self::XMLDSIGNS);
            if (! empty($pfx)) {
                $dsig_pfx = $pfx.":";
            }
            $inserted = false;
            $keyInfo = $baseDoc->createElementNS(self::XMLDSIGNS, $dsig_pfx.'KeyInfo');
 
            $query = "./secdsig:Object";
            $nodeset = $xpath->query($query, $parentRef);
            if ($sObject = $nodeset->item(0)) {
                $sObject->parentNode->insertBefore($keyInfo, $sObject);
                $inserted = true;
            }
 
            if (! $inserted) {
                $parentRef->appendChild($keyInfo);
            }
        }
 
        $keyInfo->appendChild($node);
 
        return $keyInfo;
    }

References $query, RobRichards\XMLSecLibs\XMLSecurityDSig\$sigNode, and RobRichards\XMLSecLibs\XMLSecurityDSig\getXPathObj().

Here is the call graph for this function:

calculateDigest()

RobRichards\XMLSecLibs\XMLSecurityDSig::calculateDigest	(		$digestAlgorithm,
			$data,
			$encode = true
	)

Parameters

string	$digestAlgorithm
string	$data
bool	$encode

Returns

string

Exceptions

Exception

Definition at line 334 of file XMLSecurityDSig.php.

    {
        switch ($digestAlgorithm) {
            case self::SHA1:
                $alg = 'sha1';
                break;
            case self::SHA256:
                $alg = 'sha256';
                break;
            case self::SHA384:
                $alg = 'sha384';
                break;
            case self::SHA512:
                $alg = 'sha512';
                break;
            case self::RIPEMD160:
                $alg = 'ripemd160';
                break;
            default:
                throw new Exception("Cannot validate digest: Unsupported Algorithm <$digestAlgorithm>");
        }
 
        $digest = hash($alg, $data, true);
        if ($encode) {
            $digest = base64_encode($digest);
        }
        return $digest;
 
    }

References $data, GuzzleHttp\Psr7\hash(), RobRichards\XMLSecLibs\XMLSecurityDSig\RIPEMD160, RobRichards\XMLSecLibs\XMLSecurityDSig\SHA1, RobRichards\XMLSecLibs\XMLSecurityDSig\SHA256, RobRichards\XMLSecLibs\XMLSecurityDSig\SHA384, and RobRichards\XMLSecLibs\XMLSecurityDSig\SHA512.

Referenced by RobRichards\XMLSecLibs\XMLSecurityDSig\addRefInternal(), and RobRichards\XMLSecLibs\XMLSecurityDSig\validateDigest().

Here is the call graph for this function:

Here is the caller graph for this function:

canonicalizeData()

RobRichards\XMLSecLibs\XMLSecurityDSig::canonicalizeData (   $node,   $canonicalmethod,   $arXPath = null,   $prefixList = null  )

private

Parameters

DOMNode	$node
string	$canonicalmethod
null | array	$arXPath
null | array	$prefixList

Returns

string

Definition at line 261 of file XMLSecurityDSig.php.

    {
        $exclusive = false;
        $withComments = false;
        switch ($canonicalmethod) {
            case 'http://www.w3.org/TR/2001/REC-xml-c14n-20010315':
                $exclusive = false;
                $withComments = false;
                break;
            case 'http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments':
                $withComments = true;
                break;
            case 'http://www.w3.org/2001/10/xml-exc-c14n#':
                $exclusive = true;
                break;
            case 'http://www.w3.org/2001/10/xml-exc-c14n#WithComments':
                $exclusive = true;
                $withComments = true;
                break;
        }
 
        if (is_null($arXPath) && ($node instanceof DOMNode) && ($node->ownerDocument !== null) && $node->isSameNode($node->ownerDocument->documentElement)) {
            /* Check for any PI or comments as they would have been excluded */
            $element = $node;
            while ($refnode = $element->previousSibling) {
                if ($refnode->nodeType == XML_PI_NODE || (($refnode->nodeType == XML_COMMENT_NODE) && $withComments)) {
                    break;
                }
                $element = $refnode;
            }
            if ($refnode == null) {
                $node = $node->ownerDocument;
            }
        }
 
        return $node->C14N($exclusive, $withComments, $arXPath, $prefixList);
    }

Referenced by RobRichards\XMLSecLibs\XMLSecurityDSig\canonicalizeSignedInfo(), RobRichards\XMLSecLibs\XMLSecurityDSig\processTransforms(), and RobRichards\XMLSecLibs\XMLSecurityDSig\sign().

Here is the caller graph for this function:

canonicalizeSignedInfo()

RobRichards\XMLSecLibs\XMLSecurityDSig::canonicalizeSignedInfo

(

)

Returns

null|string

Definition at line 302 of file XMLSecurityDSig.php.

    {
 
        $doc = $this->sigNode->ownerDocument;
        $canonicalmethod = null;
        if ($doc) {
            $xpath = $this->getXPathObj();
            $query = "./secdsig:SignedInfo";
            $nodeset = $xpath->query($query, $this->sigNode);
            if ($nodeset->length > 1) {
                throw new Exception("Invalid structure - Too many SignedInfo elements found");
            }
            if ($signInfoNode = $nodeset->item(0)) {
                $query = "./secdsig:CanonicalizationMethod";
                $nodeset = $xpath->query($query, $signInfoNode);
                if ($canonNode = $nodeset->item(0)) {
                    $canonicalmethod = $canonNode->getAttribute('Algorithm');
                }
                $this->signedInfo = $this->canonicalizeData($signInfoNode, $canonicalmethod);
                return $this->signedInfo;
            }
        }
        return null;
    }

References $query, RobRichards\XMLSecLibs\XMLSecurityDSig\$signedInfo, RobRichards\XMLSecLibs\XMLSecurityDSig\canonicalizeData(), and RobRichards\XMLSecLibs\XMLSecurityDSig\getXPathObj().

Here is the call graph for this function:

createNewSignNode()

RobRichards\XMLSecLibs\XMLSecurityDSig::createNewSignNode	(		$name,
			$value = null
	)

Parameters

string	$name
null | string	$value

Returns

DOMElement

Definition at line 212 of file XMLSecurityDSig.php.

    {
        $doc = $this->sigNode->ownerDocument;
        if (! is_null($value)) {
            $node = $doc->createElementNS(self::XMLDSIGNS, $this->prefix.$name, $value);
        } else {
            $node = $doc->createElementNS(self::XMLDSIGNS, $this->prefix.$name);
        }
        return $node;
    }

Referenced by RobRichards\XMLSecLibs\XMLSecurityDSig\addObject(), RobRichards\XMLSecLibs\XMLSecurityDSig\addRefInternal(), RobRichards\XMLSecLibs\XMLSecurityDSig\setCanonicalMethod(), and RobRichards\XMLSecLibs\XMLSecurityDSig\sign().

Here is the caller graph for this function:

generate_GUID()

static RobRichards\XMLSecLibs\XMLSecurityDSig::generate_GUID (   $prefix = 'pfx' )

static

Generate guid.

Parameters

string

$prefix

Prefix to use for guid. defaults to pfx

Returns

string The generated guid

Deprecated:

Method deprecated in Release 1.4.1

Definition at line 174 of file XMLSecurityDSig.php.

    {
        return self::generateGUID($prefix);
    }

References RobRichards\XMLSecLibs\XMLSecurityDSig\$prefix, and RobRichards\XMLSecLibs\XMLSecurityDSig\generateGUID().

Here is the call graph for this function:

generateGUID()

static RobRichards\XMLSecLibs\XMLSecurityDSig::generateGUID (   $prefix = 'pfx' )

static

Generate guid.

Parameters

string

$prefix

Prefix to use for guid. defaults to pfx

Returns

string The generated guid

Definition at line 154 of file XMLSecurityDSig.php.

    {
        $uuid = md5(uniqid(mt_rand(), true));
        $guid = $prefix.substr($uuid, 0, 8)."-".
                substr($uuid, 8, 4)."-".
                substr($uuid, 12, 4)."-".
                substr($uuid, 16, 4)."-".
                substr($uuid, 20, 12);
        return $guid;
    }

References RobRichards\XMLSecLibs\XMLSecurityDSig\$prefix.

Referenced by RobRichards\XMLSecLibs\XMLSecEnc\addReference(), RobRichards\XMLSecLibs\XMLSecurityDSig\addRefInternal(), and RobRichards\XMLSecLibs\XMLSecurityDSig\generate_GUID().

Here is the caller graph for this function:

get509XCert()

static RobRichards\XMLSecLibs\XMLSecurityDSig::get509XCert (   $cert,   $isPEMFormat = true  )

static

Parameters

string	$cert
bool	$isPEMFormat

Returns

string

Definition at line 910 of file XMLSecurityDSig.php.

    {
        $certs = self::staticGet509XCerts($cert, $isPEMFormat);
        if (! empty($certs)) {
            return $certs[0];
        }
        return '';
    }

References RobRichards\XMLSecLibs\XMLSecurityDSig\staticGet509XCerts().

Here is the call graph for this function:

getRefIDs()

RobRichards\XMLSecLibs\XMLSecurityDSig::getRefIDs

(

)

Returns

array

Exceptions

Exception

Definition at line 560 of file XMLSecurityDSig.php.

    {
        $refids = array();
 
        $xpath = $this->getXPathObj();
        $query = "./secdsig:SignedInfo[1]/secdsig:Reference";
        $nodeset = $xpath->query($query, $this->sigNode);
        if ($nodeset->length == 0) {
            throw new Exception("Reference nodes not found");
        }
        foreach ($nodeset AS $refNode) {
            $refids[] = $this->getRefNodeID($refNode);
        }
        return $refids;
    }

References $query, RobRichards\XMLSecLibs\XMLSecurityDSig\getRefNodeID(), and RobRichards\XMLSecLibs\XMLSecurityDSig\getXPathObj().

Here is the call graph for this function:

getRefNodeID()

RobRichards\XMLSecLibs\XMLSecurityDSig::getRefNodeID

(

$refNode

)

Parameters

DOMNode

$refNode

Returns

null

Definition at line 543 of file XMLSecurityDSig.php.

    {
        if ($uri = $refNode->getAttribute("URI")) {
            $arUrl = parse_url($uri);
            if (empty($arUrl['path'])) {
                if ($identifier = $arUrl['fragment']) {
                    return $identifier;
                }
            }
        }
        return null;
    }

Referenced by RobRichards\XMLSecLibs\XMLSecurityDSig\getRefIDs().

Here is the caller graph for this function:

getValidatedNodes()

RobRichards\XMLSecLibs\XMLSecurityDSig::getValidatedNodes

(

)

This function retrieves an associative array of the validated nodes.

The array will contain the id of the referenced node as the key and the node itself as the value.

Returns: An associative array of validated nodes or null if no nodes have been validated.

Returns

array Associative array of validated nodes

Definition at line 1146 of file XMLSecurityDSig.php.

    {
        return $this->validatedNodes;
    }

References RobRichards\XMLSecLibs\XMLSecurityDSig\$validatedNodes.

getXPathObj()

RobRichards\XMLSecLibs\XMLSecurityDSig::getXPathObj ( )

private

Returns the XPathObj or null if xPathCtx is set and sigNode is empty.

Returns

DOMXPath|null

Definition at line 137 of file XMLSecurityDSig.php.

    {
        if (empty($this->xPathCtx) && ! empty($this->sigNode)) {
            $xpath = new DOMXPath($this->sigNode->ownerDocument);
            $xpath->registerNamespace('secdsig', self::XMLDSIGNS);
            $this->xPathCtx = $xpath;
        }
        return $this->xPathCtx;
    }

References RobRichards\XMLSecLibs\XMLSecurityDSig\$xPathCtx.

Referenced by RobRichards\XMLSecLibs\XMLSecurityDSig\add509Cert(), RobRichards\XMLSecLibs\XMLSecurityDSig\addReference(), RobRichards\XMLSecLibs\XMLSecurityDSig\addReferenceList(), RobRichards\XMLSecLibs\XMLSecurityDSig\appendToKeyInfo(), RobRichards\XMLSecLibs\XMLSecurityDSig\canonicalizeSignedInfo(), RobRichards\XMLSecLibs\XMLSecurityDSig\getRefIDs(), RobRichards\XMLSecLibs\XMLSecurityDSig\setCanonicalMethod(), RobRichards\XMLSecLibs\XMLSecurityDSig\sign(), and RobRichards\XMLSecLibs\XMLSecurityDSig\validateReference().

Here is the caller graph for this function:

insertSignature()

RobRichards\XMLSecLibs\XMLSecurityDSig::insertSignature	(		$node,
			$beforeNode = null
	)

This function inserts the signature element.

The signature element will be appended to the element, unless $beforeNode is specified. If $beforeNode is specified, the signature element will be inserted as the last element before $beforeNode.

Parameters

DOMNode	$node	The node the signature element should be inserted into.
DOMNode	$beforeNode	The node the signature element should be located before.

Returns

DOMNode The signature element node

Definition at line 881 of file XMLSecurityDSig.php.

    {
 
        $document = $node->ownerDocument;
        $signatureElement = $document->importNode($this->sigNode, true);
 
        if ($beforeNode == null) {
            return $node->insertBefore($signatureElement);
        } else {
            return $node->insertBefore($signatureElement, $beforeNode);
        }
    }

Referenced by RobRichards\XMLSecLibs\XMLSecurityDSig\appendSignature().

Here is the caller graph for this function:

locateKey()

RobRichards\XMLSecLibs\XMLSecurityDSig::locateKey

(

$node = null

)

Parameters

null | DOMNode

$node

Returns

null|XMLSecurityKey

Definition at line 759 of file XMLSecurityDSig.php.

    {
        if (empty($node)) {
            $node = $this->sigNode;
        }
        if (! $node instanceof DOMNode) {
            return null;
        }
        if ($doc = $node->ownerDocument) {
            $xpath = new DOMXPath($doc);
            $xpath->registerNamespace('secdsig', self::XMLDSIGNS);
            $query = "string(./secdsig:SignedInfo/secdsig:SignatureMethod/@Algorithm)";
            $algorithm = $xpath->evaluate($query, $node);
            if ($algorithm) {
                try {
                    $objKey = new XMLSecurityKey($algorithm, array('type' => 'public'));
                } catch (Exception $e) {
                    return null;
                }
                return $objKey;
            }
        }
        return null;
    }

References $query, and RobRichards\XMLSecLibs\XMLSecurityDSig\$sigNode.

locateSignature()

RobRichards\XMLSecLibs\XMLSecurityDSig::locateSignature	(		$objDoc,
			$pos = 0
	)

Parameters

DOMDocument	$objDoc
int	$pos

Returns

DOMNode|null

Definition at line 184 of file XMLSecurityDSig.php.

    {
        if ($objDoc instanceof DOMDocument) {
            $doc = $objDoc;
        } else {
            $doc = $objDoc->ownerDocument;
        }
        if ($doc) {
            $xpath = new DOMXPath($doc);
            $xpath->registerNamespace('secdsig', self::XMLDSIGNS);
            $query = ".//secdsig:Signature";
            $nodeset = $xpath->query($query, $objDoc);
            $this->sigNode = $nodeset->item($pos);
            $query = "./secdsig:SignedInfo";
            $nodeset = $xpath->query($query, $this->sigNode);
            if ($nodeset->length > 1) {
                throw new Exception("Invalid structure - Too many SignedInfo elements found");
            }
            return $this->sigNode;
        }
        return null;
    }

References $query, and RobRichards\XMLSecLibs\XMLSecurityDSig\$sigNode.

processRefNode()

RobRichards\XMLSecLibs\XMLSecurityDSig::processRefNode

(

$refNode

)

Parameters

DOMNode

$refNode

Returns

bool

Definition at line 475 of file XMLSecurityDSig.php.

    {
        $dataObject = null;
 
        /*
         * Depending on the URI, we may not want to include comments in the result
         * See: http://www.w3.org/TR/xmldsig-core/#sec-ReferenceProcessingModel
         */
        $includeCommentNodes = true;
 
        if ($uri = $refNode->getAttribute("URI")) {
            $arUrl = parse_url($uri);
            if (empty($arUrl['path'])) {
                if ($identifier = $arUrl['fragment']) {
 
                    /* This reference identifies a node with the given id by using
                     * a URI on the form "#identifier". This should not include comments.
                     */
                    $includeCommentNodes = false;
 
                    $xPath = new DOMXPath($refNode->ownerDocument);
                    if ($this->idNS && is_array($this->idNS)) {
                        foreach ($this->idNS as $nspf => $ns) {
                            $xPath->registerNamespace($nspf, $ns);
                        }
                    }
                    $iDlist = '@Id="'.XPath::filterAttrValue($identifier, XPath::DOUBLE_QUOTE).'"';
                    if (is_array($this->idKeys)) {
                        foreach ($this->idKeys as $idKey) {
                            $iDlist .= " or @".XPath::filterAttrName($idKey).'="'.
                                XPath::filterAttrValue($identifier, XPath::DOUBLE_QUOTE).'"';
                        }
                    }
                    $query = '//*['.$iDlist.']';
                    $dataObject = $xPath->query($query)->item(0);
                } else {
                    $dataObject = $refNode->ownerDocument;
                }
            }
        } else {
            /* This reference identifies the root node with an empty URI. This should
             * not include comments.
             */
            $includeCommentNodes = false;
 
            $dataObject = $refNode->ownerDocument;
        }
        $data = $this->processTransforms($refNode, $dataObject, $includeCommentNodes);
        if (!$this->validateDigest($refNode, $data)) {
            return false;
        }
 
        if ($dataObject instanceof DOMNode) {
            /* Add this node to the list of validated nodes. */
            if (! empty($identifier)) {
                $this->validatedNodes[$identifier] = $dataObject;
            } else {
                $this->validatedNodes[] = $dataObject;
            }
        }
 
        return true;
    }

References $data, $query, RobRichards\XMLSecLibs\XMLSecurityDSig\processTransforms(), and RobRichards\XMLSecLibs\XMLSecurityDSig\validateDigest().

Referenced by RobRichards\XMLSecLibs\XMLSecurityDSig\validateReference().

Here is the call graph for this function:

Here is the caller graph for this function:

processTransforms()

RobRichards\XMLSecLibs\XMLSecurityDSig::processTransforms	(		$refNode,
			$objData,
			$includeCommentNodes = true
	)

Parameters

	$refNode
DOMNode	$objData
bool	$includeCommentNodes

Returns

string

Definition at line 387 of file XMLSecurityDSig.php.

    {
        $data = $objData;
        $xpath = new DOMXPath($refNode->ownerDocument);
        $xpath->registerNamespace('secdsig', self::XMLDSIGNS);
        $query = './secdsig:Transforms/secdsig:Transform';
        $nodelist = $xpath->query($query, $refNode);
        $canonicalMethod = 'http://www.w3.org/TR/2001/REC-xml-c14n-20010315';
        $arXPath = null;
        $prefixList = null;
        foreach ($nodelist AS $transform) {
            $algorithm = $transform->getAttribute("Algorithm");
            switch ($algorithm) {
                case 'http://www.w3.org/2001/10/xml-exc-c14n#':
                case 'http://www.w3.org/2001/10/xml-exc-c14n#WithComments':
 
                    if (!$includeCommentNodes) {
                        /* We remove comment nodes by forcing it to use a canonicalization
                         * without comments.
                         */
                        $canonicalMethod = 'http://www.w3.org/2001/10/xml-exc-c14n#';
                    } else {
                        $canonicalMethod = $algorithm;
                    }
 
                    $node = $transform->firstChild;
                    while ($node) {
                        if ($node->localName == 'InclusiveNamespaces') {
                            if ($pfx = $node->getAttribute('PrefixList')) {
                                $arpfx = array();
                                $pfxlist = explode(" ", $pfx);
                                foreach ($pfxlist AS $pfx) {
                                    $val = trim($pfx);
                                    if (! empty($val)) {
                                        $arpfx[] = $val;
                                    }
                                }
                                if (count($arpfx) > 0) {
                                    $prefixList = $arpfx;
                                }
                            }
                            break;
                        }
                        $node = $node->nextSibling;
                    }
            break;
                case 'http://www.w3.org/TR/2001/REC-xml-c14n-20010315':
                case 'http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments':
                    if (!$includeCommentNodes) {
                        /* We remove comment nodes by forcing it to use a canonicalization
                         * without comments.
                         */
                        $canonicalMethod = 'http://www.w3.org/TR/2001/REC-xml-c14n-20010315';
                    } else {
                        $canonicalMethod = $algorithm;
                    }
 
                    break;
                case 'http://www.w3.org/TR/1999/REC-xpath-19991116':
                    $node = $transform->firstChild;
                    while ($node) {
                        if ($node->localName == 'XPath') {
                            $arXPath = array();
                            $arXPath['query'] = '(.//. | .//@* | .//namespace::*)['.$node->nodeValue.']';
                            $arXPath['namespaces'] = array();
                            $nslist = $xpath->query('./namespace::*', $node);
                            foreach ($nslist AS $nsnode) {
                                if ($nsnode->localName != "xml") {
                                    $arXPath['namespaces'][$nsnode->localName] = $nsnode->nodeValue;
                                }
                            }
                            break;
                        }
                        $node = $node->nextSibling;
                    }
                    break;
            }
        }
        if ($data instanceof DOMNode) {
            $data = $this->canonicalizeData($objData, $canonicalMethod, $arXPath, $prefixList);
        }
        return $data;
    }

References RobRichards\XMLSecLibs\XMLSecurityDSig\$canonicalMethod, $data, $query, and RobRichards\XMLSecLibs\XMLSecurityDSig\canonicalizeData().

Referenced by RobRichards\XMLSecLibs\XMLSecurityDSig\addRefInternal(), and RobRichards\XMLSecLibs\XMLSecurityDSig\processRefNode().

Here is the call graph for this function:

Here is the caller graph for this function:

resetXPathObj()

RobRichards\XMLSecLibs\XMLSecurityDSig::resetXPathObj ( )

private

Reset the XPathObj to null.

Definition at line 127 of file XMLSecurityDSig.php.

    {
        $this->xPathCtx = null;
    }

Referenced by RobRichards\XMLSecLibs\XMLSecurityDSig\sign().

Here is the caller graph for this function:

setCanonicalMethod()

RobRichards\XMLSecLibs\XMLSecurityDSig::setCanonicalMethod

(

$method

)

Parameters

string

$method

Exceptions

Exception

Definition at line 227 of file XMLSecurityDSig.php.

    {
        switch ($method) {
            case 'http://www.w3.org/TR/2001/REC-xml-c14n-20010315':
            case 'http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments':
            case 'http://www.w3.org/2001/10/xml-exc-c14n#':
            case 'http://www.w3.org/2001/10/xml-exc-c14n#WithComments':
                $this->canonicalMethod = $method;
                break;
            default:
                throw new Exception('Invalid Canonical Method');
        }
        if ($xpath = $this->getXPathObj()) {
            $query = './'.$this->searchpfx.':SignedInfo';
            $nodeset = $xpath->query($query, $this->sigNode);
            if ($sinfo = $nodeset->item(0)) {
                $query = './'.$this->searchpfx.'CanonicalizationMethod';
                $nodeset = $xpath->query($query, $sinfo);
                if (! ($canonNode = $nodeset->item(0))) {
                    $canonNode = $this->createNewSignNode('CanonicalizationMethod');
                    $sinfo->insertBefore($canonNode, $sinfo->firstChild);
                }
                $canonNode->setAttribute('Algorithm', $this->canonicalMethod);
            }
        }
    }

References $query, RobRichards\XMLSecLibs\XMLSecurityDSig\createNewSignNode(), and RobRichards\XMLSecLibs\XMLSecurityDSig\getXPathObj().

Here is the call graph for this function:

sign()

RobRichards\XMLSecLibs\XMLSecurityDSig::sign	(		$objKey,
			$appendToNode = null
	)

Parameters

XMLSecurityKey	$objKey
null | DOMNode	$appendToNode

Definition at line 827 of file XMLSecurityDSig.php.

    {
        // If we have a parent node append it now so C14N properly works
        if ($appendToNode != null) {
            $this->resetXPathObj();
            $this->appendSignature($appendToNode);
            $this->sigNode = $appendToNode->lastChild;
        }
        if ($xpath = $this->getXPathObj()) {
            $query = "./secdsig:SignedInfo";
            $nodeset = $xpath->query($query, $this->sigNode);
            if ($sInfo = $nodeset->item(0)) {
                $query = "./secdsig:SignatureMethod";
                $nodeset = $xpath->query($query, $sInfo);
                $sMethod = $nodeset->item(0);
                $sMethod->setAttribute('Algorithm', $objKey->type);
                $data = $this->canonicalizeData($sInfo, $this->canonicalMethod);
                $sigValue = base64_encode($this->signData($objKey, $data));
                $sigValueNode = $this->createNewSignNode('SignatureValue', $sigValue);
                if ($infoSibling = $sInfo->nextSibling) {
                    $infoSibling->parentNode->insertBefore($sigValueNode, $infoSibling);
                } else {
                    $this->sigNode->appendChild($sigValueNode);
                }
            }
        }
    }

References $data, $query, RobRichards\XMLSecLibs\XMLSecurityDSig\appendSignature(), RobRichards\XMLSecLibs\XMLSecurityDSig\canonicalizeData(), RobRichards\XMLSecLibs\XMLSecurityDSig\createNewSignNode(), RobRichards\XMLSecLibs\XMLSecurityDSig\getXPathObj(), RobRichards\XMLSecLibs\XMLSecurityDSig\resetXPathObj(), and RobRichards\XMLSecLibs\XMLSecurityDSig\signData().

Here is the call graph for this function:

signData()

RobRichards\XMLSecLibs\XMLSecurityDSig::signData	(		$objKey,
			$data
	)

Parameters

XMLSecurityKey	$objKey
string	$data

Returns

mixed|string

Definition at line 818 of file XMLSecurityDSig.php.

    {
        return $objKey->signData($data);
    }

References $data.

Referenced by RobRichards\XMLSecLibs\XMLSecurityDSig\sign().

Here is the caller graph for this function:

staticAdd509Cert()

static RobRichards\XMLSecLibs\XMLSecurityDSig::staticAdd509Cert (   $parentRef,   $cert,   $isPEMFormat = true,   $isURL = false,   $xpath = null,   $options = null  )

static

Parameters

DOMElement	$parentRef
string	$cert
bool	$isPEMFormat
bool	$isURL
null | DOMXPath	$xpath
null | array	$options

Exceptions

Exception

Definition at line 961 of file XMLSecurityDSig.php.

    {
        if ($isURL) {
            $cert = file_get_contents($cert);
        }
        if (! $parentRef instanceof DOMElement) {
            throw new Exception('Invalid parent Node parameter');
        }
        $baseDoc = $parentRef->ownerDocument;
 
        if (empty($xpath)) {
            $xpath = new DOMXPath($parentRef->ownerDocument);
            $xpath->registerNamespace('secdsig', self::XMLDSIGNS);
        }
 
        $query = "./secdsig:KeyInfo";
        $nodeset = $xpath->query($query, $parentRef);
        $keyInfo = $nodeset->item(0);
        $dsig_pfx = '';
        if (! $keyInfo) {
            $pfx = $parentRef->lookupPrefix(self::XMLDSIGNS);
            if (! empty($pfx)) {
                $dsig_pfx = $pfx.":";
            }
            $inserted = false;
            $keyInfo = $baseDoc->createElementNS(self::XMLDSIGNS, $dsig_pfx.'KeyInfo');
 
            $query = "./secdsig:Object";
            $nodeset = $xpath->query($query, $parentRef);
            if ($sObject = $nodeset->item(0)) {
                $sObject->parentNode->insertBefore($keyInfo, $sObject);
                $inserted = true;
            }
 
            if (! $inserted) {
                $parentRef->appendChild($keyInfo);
            }
        } else {
            $pfx = $keyInfo->lookupPrefix(self::XMLDSIGNS);
            if (! empty($pfx)) {
                $dsig_pfx = $pfx.":";
            }
        }
 
        // Add all certs if there are more than one
        $certs = self::staticGet509XCerts($cert, $isPEMFormat);
 
        // Attach X509 data node
        $x509DataNode = $baseDoc->createElementNS(self::XMLDSIGNS, $dsig_pfx.'X509Data');
        $keyInfo->appendChild($x509DataNode);
 
        $issuerSerial = false;
        $subjectName = false;
        if (is_array($options)) {
            if (! empty($options['issuerSerial'])) {
                $issuerSerial = true;
            }
            if (! empty($options['subjectName'])) {
                $subjectName = true;
            }
        }
 
        // Attach all certificate nodes and any additional data
        foreach ($certs as $X509Cert) {
            if ($issuerSerial || $subjectName) {
                if ($certData = openssl_x509_parse("-----BEGIN CERTIFICATE-----\n".chunk_split($X509Cert, 64, "\n")."-----END CERTIFICATE-----\n")) {
                    if ($subjectName && ! empty($certData['subject'])) {
                        if (is_array($certData['subject'])) {
                            $parts = array();
                            foreach ($certData['subject'] AS $key => $value) {
                                if (is_array($value)) {
                                    foreach ($value as $valueElement) {
                                        array_unshift($parts, "$key=$valueElement");
                                    }
                                } else {
                                    array_unshift($parts, "$key=$value");
                                }
                            }
                            $subjectNameValue = implode(',', $parts);
                        } else {
                            $subjectNameValue = $certData['issuer'];
                        }
                        $x509SubjectNode = $baseDoc->createElementNS(self::XMLDSIGNS, $dsig_pfx.'X509SubjectName', $subjectNameValue);
                        $x509DataNode->appendChild($x509SubjectNode);
                    }
                    if ($issuerSerial && ! empty($certData['issuer']) && ! empty($certData['serialNumber'])) {
                        if (is_array($certData['issuer'])) {
                            $parts = array();
                            foreach ($certData['issuer'] AS $key => $value) {
                                array_unshift($parts, "$key=$value");
                            }
                            $issuerName = implode(',', $parts);
                        } else {
                            $issuerName = $certData['issuer'];
                        }
 
                        $x509IssuerNode = $baseDoc->createElementNS(self::XMLDSIGNS, $dsig_pfx.'X509IssuerSerial');
                        $x509DataNode->appendChild($x509IssuerNode);
 
                        $x509Node = $baseDoc->createElementNS(self::XMLDSIGNS, $dsig_pfx.'X509IssuerName', $issuerName);
                        $x509IssuerNode->appendChild($x509Node);
                        $x509Node = $baseDoc->createElementNS(self::XMLDSIGNS, $dsig_pfx.'X509SerialNumber', $certData['serialNumber']);
                        $x509IssuerNode->appendChild($x509Node);
                    }
                }
 
            }
            $x509CertNode = $baseDoc->createElementNS(self::XMLDSIGNS, $dsig_pfx.'X509Certificate', $X509Cert);
            $x509DataNode->appendChild($x509CertNode);
        }
    }

References $key, PHPMailer\PHPMailer\$options, $query, and RobRichards\XMLSecLibs\XMLSecurityDSig\staticGet509XCerts().

Referenced by RobRichards\XMLSecLibs\XMLSecurityDSig\add509Cert().

Here is the call graph for this function:

Here is the caller graph for this function:

staticGet509XCerts()

static RobRichards\XMLSecLibs\XMLSecurityDSig::staticGet509XCerts (   $certs,   $isPEMFormat = true  )

static

Parameters

string	$certs
bool	$isPEMFormat

Returns

array

Definition at line 924 of file XMLSecurityDSig.php.

    {
        if ($isPEMFormat) {
            $data = '';
            $certlist = array();
            $arCert = explode("\n", $certs);
            $inData = false;
            foreach ($arCert AS $curData) {
                if (! $inData) {
                    if (strncmp($curData, '-----BEGIN CERTIFICATE', 22) == 0) {
                        $inData = true;
                    }
                } else {
                    if (strncmp($curData, '-----END CERTIFICATE', 20) == 0) {
                        $inData = false;
                        $certlist[] = $data;
                        $data = '';
                        continue;
                    }
                    $data .= trim($curData);
                }
            }
            return $certlist;
        } else {
            return array($certs);
        }
    }

References $data.

Referenced by RobRichards\XMLSecLibs\XMLSecurityDSig\get509XCert(), and RobRichards\XMLSecLibs\XMLSecurityDSig\staticAdd509Cert().

Here is the caller graph for this function:

validateDigest()

RobRichards\XMLSecLibs\XMLSecurityDSig::validateDigest	(		$refNode,
			$data
	)

Parameters

	$refNode
string	$data

Returns

bool

Definition at line 369 of file XMLSecurityDSig.php.

    {
        $xpath = new DOMXPath($refNode->ownerDocument);
        $xpath->registerNamespace('secdsig', self::XMLDSIGNS);
        $query = 'string(./secdsig:DigestMethod/@Algorithm)';
        $digestAlgorithm = $xpath->evaluate($query, $refNode);
        $digValue = $this->calculateDigest($digestAlgorithm, $data, false);
        $query = 'string(./secdsig:DigestValue)';
        $digestValue = $xpath->evaluate($query, $refNode);
        return ($digValue === base64_decode($digestValue));
    }

References $data, $query, and RobRichards\XMLSecLibs\XMLSecurityDSig\calculateDigest().

Referenced by RobRichards\XMLSecLibs\XMLSecurityDSig\processRefNode().

Here is the call graph for this function:

Here is the caller graph for this function:

validateReference()

RobRichards\XMLSecLibs\XMLSecurityDSig::validateReference

(

)

Returns

bool

Exceptions

Exception

Definition at line 580 of file XMLSecurityDSig.php.

    {
        $docElem = $this->sigNode->ownerDocument->documentElement;
        if (! $docElem->isSameNode($this->sigNode)) {
            if ($this->sigNode->parentNode != null) {
                $this->sigNode->parentNode->removeChild($this->sigNode);
            }
        }
        $xpath = $this->getXPathObj();
        $query = "./secdsig:SignedInfo[1]/secdsig:Reference";
        $nodeset = $xpath->query($query, $this->sigNode);
        if ($nodeset->length == 0) {
            throw new Exception("Reference nodes not found");
        }
 
        /* Initialize/reset the list of validated nodes. */
        $this->validatedNodes = array();
 
        foreach ($nodeset AS $refNode) {
            if (! $this->processRefNode($refNode)) {
                /* Clear the list of validated nodes. */
                $this->validatedNodes = null;
                throw new Exception("Reference validation failed");
            }
        }
        return true;
    }

References $query, RobRichards\XMLSecLibs\XMLSecurityDSig\getXPathObj(), and RobRichards\XMLSecLibs\XMLSecurityDSig\processRefNode().

Here is the call graph for this function:

verify()

RobRichards\XMLSecLibs\XMLSecurityDSig::verify

(

$objKey

)

Returns: Bool when verifying HMAC_SHA1; Int otherwise, with following meanings: 1 on succesful signature verification, 0 when signature verification failed, -1 if an error occurred during processing.

NOTE: be very careful when checking the int return value, because in PHP, -1 will be cast to True when in boolean context. Always check the return value in a strictly typed way, e.g. "$obj->verify(...) === 1".

Parameters

XMLSecurityKey

$objKey

Returns

bool|int

Exceptions

Exception

Definition at line 800 of file XMLSecurityDSig.php.

    {
        $doc = $this->sigNode->ownerDocument;
        $xpath = new DOMXPath($doc);
        $xpath->registerNamespace('secdsig', self::XMLDSIGNS);
        $query = "string(./secdsig:SignatureValue)";
        $sigValue = $xpath->evaluate($query, $this->sigNode);
        if (empty($sigValue)) {
            throw new Exception("Unable to locate SignatureValue");
        }
        return $objKey->verifySignature($this->signedInfo, base64_decode($sigValue));
    }

References $query.

Field Documentation

$canonicalMethod

RobRichards\XMLSecLibs\XMLSecurityDSig::$canonicalMethod = null

private

Definition at line 93 of file XMLSecurityDSig.php.

Referenced by RobRichards\XMLSecLibs\XMLSecurityDSig\processTransforms().

$idKeys

RobRichards\XMLSecLibs\XMLSecurityDSig::$idKeys = array()

Definition at line 81 of file XMLSecurityDSig.php.

$idNS

RobRichards\XMLSecLibs\XMLSecurityDSig::$idNS = array()

Definition at line 84 of file XMLSecurityDSig.php.

$prefix

RobRichards\XMLSecLibs\XMLSecurityDSig::$prefix = ''

private

Definition at line 96 of file XMLSecurityDSig.php.

Referenced by RobRichards\XMLSecLibs\XMLSecurityDSig\__construct(), RobRichards\XMLSecLibs\XMLSecurityDSig\addRefInternal(), RobRichards\XMLSecLibs\XMLSecurityDSig\generate_GUID(), and RobRichards\XMLSecLibs\XMLSecurityDSig\generateGUID().

$searchpfx

RobRichards\XMLSecLibs\XMLSecurityDSig::$searchpfx = 'secdsig'

private

Definition at line 99 of file XMLSecurityDSig.php.

$signedInfo

RobRichards\XMLSecLibs\XMLSecurityDSig::$signedInfo = null

private

Definition at line 87 of file XMLSecurityDSig.php.

Referenced by RobRichards\XMLSecLibs\XMLSecurityDSig\canonicalizeSignedInfo().

$sigNode

RobRichards\XMLSecLibs\XMLSecurityDSig::$sigNode = null

Definition at line 78 of file XMLSecurityDSig.php.

Referenced by RobRichards\XMLSecLibs\XMLSecurityDSig\appendToKeyInfo(), RobRichards\XMLSecLibs\XMLSecurityDSig\locateKey(), and RobRichards\XMLSecLibs\XMLSecurityDSig\locateSignature().

$validatedNodes

RobRichards\XMLSecLibs\XMLSecurityDSig::$validatedNodes = null

private

Definition at line 105 of file XMLSecurityDSig.php.

Referenced by RobRichards\XMLSecLibs\XMLSecurityDSig\getValidatedNodes().

$xPathCtx

RobRichards\XMLSecLibs\XMLSecurityDSig::$xPathCtx = null

private

Definition at line 90 of file XMLSecurityDSig.php.

Referenced by RobRichards\XMLSecLibs\XMLSecurityDSig\getXPathObj().

BASE_TEMPLATE

const RobRichards\XMLSecLibs\XMLSecurityDSig::BASE_TEMPLATE

Initial value:

= '<Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
  <SignedInfo>
    <SignatureMethod />
  </SignedInfo>
</Signature>'

Definition at line 71 of file XMLSecurityDSig.php.

Referenced by RobRichards\XMLSecLibs\XMLSecurityDSig\__construct().

C14N

const RobRichards\XMLSecLibs\XMLSecurityDSig::C14N = 'http://www.w3.org/TR/2001/REC-xml-c14n-20010315'

Definition at line 60 of file XMLSecurityDSig.php.

C14N_COMMENTS

const RobRichards\XMLSecLibs\XMLSecurityDSig::C14N_COMMENTS = 'http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments'

Definition at line 61 of file XMLSecurityDSig.php.

EXC_C14N

const RobRichards\XMLSecLibs\XMLSecurityDSig::EXC_C14N = 'http://www.w3.org/2001/10/xml-exc-c14n#'

Definition at line 62 of file XMLSecurityDSig.php.

EXC_C14N_COMMENTS

const RobRichards\XMLSecLibs\XMLSecurityDSig::EXC_C14N_COMMENTS = 'http://www.w3.org/2001/10/xml-exc-c14n#WithComments'

Definition at line 63 of file XMLSecurityDSig.php.

RIPEMD160

const RobRichards\XMLSecLibs\XMLSecurityDSig::RIPEMD160 = 'http://www.w3.org/2001/04/xmlenc#ripemd160'

Definition at line 58 of file XMLSecurityDSig.php.

Referenced by RobRichards\XMLSecLibs\XMLSecurityDSig\calculateDigest().

SHA1

const RobRichards\XMLSecLibs\XMLSecurityDSig::SHA1 = 'http://www.w3.org/2000/09/xmldsig#sha1'

Definition at line 54 of file XMLSecurityDSig.php.

Referenced by RobRichards\XMLSecLibs\XMLSecurityDSig\calculateDigest().

SHA256

const RobRichards\XMLSecLibs\XMLSecurityDSig::SHA256 = 'http://www.w3.org/2001/04/xmlenc#sha256'

Definition at line 55 of file XMLSecurityDSig.php.

Referenced by RobRichards\XMLSecLibs\XMLSecurityDSig\calculateDigest().

SHA384

const RobRichards\XMLSecLibs\XMLSecurityDSig::SHA384 = 'http://www.w3.org/2001/04/xmldsig-more#sha384'

Definition at line 56 of file XMLSecurityDSig.php.

Referenced by RobRichards\XMLSecLibs\XMLSecurityDSig\calculateDigest().

SHA512

const RobRichards\XMLSecLibs\XMLSecurityDSig::SHA512 = 'http://www.w3.org/2001/04/xmlenc#sha512'

Definition at line 57 of file XMLSecurityDSig.php.

Referenced by RobRichards\XMLSecLibs\XMLSecurityDSig\calculateDigest().

template

const RobRichards\XMLSecLibs\XMLSecurityDSig::template

Initial value:

= '<ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
  <ds:SignedInfo>
    <ds:SignatureMethod />
  </ds:SignedInfo>
</ds:Signature>'

Definition at line 65 of file XMLSecurityDSig.php.

XMLDSIGNS

const RobRichards\XMLSecLibs\XMLSecurityDSig::XMLDSIGNS = 'http://www.w3.org/2000/09/xmldsig#'

Definition at line 53 of file XMLSecurityDSig.php.

Referenced by SAML2\XML\ds\KeyInfo\__construct(), SAML2\XML\ds\X509Data\__construct(), SAML2\XML\saml\SubjectConfirmationData\__construct(), RobRichards\XMLSecLibs\XMLSecEnc\staticLocateKeyInfo(), SAML2\XML\ds\KeyName\toXML(), and SAML2\XML\ds\X509Certificate\toXML().

---

The documentation for this class was generated from the following file:

• libs/composer/vendor/robrichards/xmlseclibs/src/XMLSecurityDSig.php