ILIAS  release_5-4 Revision v5.4.26-12-gabc799a52e6
Public Member Functions | Static Public Member Functions | Data Fields | Private Member Functions | Private Attributes
RobRichards\XMLSecLibs\XMLSecurityDSig Class Reference

xmlseclibs.php More...

+ Collaboration diagram for RobRichards\XMLSecLibs\XMLSecurityDSig:

Public Member Functions

 __construct ($prefix='ds')
 
 locateSignature ($objDoc, $pos=0)
 
 createNewSignNode ($name, $value=null)
 
 setCanonicalMethod ($method)
 
 canonicalizeSignedInfo ()
 
 calculateDigest ($digestAlgorithm, $data, $encode=true)
 
 validateDigest ($refNode, $data)
 
 processTransforms ($refNode, $objData, $includeCommentNodes=true)
 
 processRefNode ($refNode)
 
 getRefNodeID ($refNode)
 
 getRefIDs ()
 
 validateReference ()
 
 addReference ($node, $algorithm, $arTransforms=null, $options=null)
 
 addReferenceList ($arNodes, $algorithm, $arTransforms=null, $options=null)
 
 addObject ($data, $mimetype=null, $encoding=null)
 
 locateKey ($node=null)
 
 verify ($objKey)
 Returns: Bool when verifying HMAC_SHA1; Int otherwise, with following meanings: 1 on succesful signature verification, 0 when signature verification failed, -1 if an error occurred during processing. More...
 
 signData ($objKey, $data)
 
 sign ($objKey, $appendToNode=null)
 
 appendCert ()
 
 appendKey ($objKey, $parent=null)
 
 insertSignature ($node, $beforeNode=null)
 This function inserts the signature element. More...
 
 appendSignature ($parentNode, $insertBefore=false)
 
 add509Cert ($cert, $isPEMFormat=true, $isURL=false, $options=null)
 
 appendToKeyInfo ($node)
 This function appends a node to the KeyInfo. More...
 
 getValidatedNodes ()
 This function retrieves an associative array of the validated nodes. More...
 

Static Public Member Functions

static generateGUID ($prefix='pfx')
 Generate guid. More...
 
static generate_GUID ($prefix='pfx')
 Generate guid. More...
 
static get509XCert ($cert, $isPEMFormat=true)
 
static staticGet509XCerts ($certs, $isPEMFormat=true)
 
static staticAdd509Cert ($parentRef, $cert, $isPEMFormat=true, $isURL=false, $xpath=null, $options=null)
 

Data Fields

const XMLDSIGNS = 'http://www.w3.org/2000/09/xmldsig#'
 
const SHA1 = 'http://www.w3.org/2000/09/xmldsig#sha1'
 
const SHA256 = 'http://www.w3.org/2001/04/xmlenc#sha256'
 
const SHA384 = 'http://www.w3.org/2001/04/xmldsig-more#sha384'
 
const SHA512 = 'http://www.w3.org/2001/04/xmlenc#sha512'
 
const RIPEMD160 = 'http://www.w3.org/2001/04/xmlenc#ripemd160'
 
const C14N = 'http://www.w3.org/TR/2001/REC-xml-c14n-20010315'
 
const C14N_COMMENTS = 'http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments'
 
const EXC_C14N = 'http://www.w3.org/2001/10/xml-exc-c14n#'
 
const EXC_C14N_COMMENTS = 'http://www.w3.org/2001/10/xml-exc-c14n#WithComments'
 
const template
 
const BASE_TEMPLATE
 
 $sigNode = null
 
 $idKeys = array()
 
 $idNS = array()
 

Private Member Functions

 resetXPathObj ()
 Reset the XPathObj to null. More...
 
 getXPathObj ()
 Returns the XPathObj or null if xPathCtx is set and sigNode is empty. More...
 
 canonicalizeData ($node, $canonicalmethod, $arXPath=null, $prefixList=null)
 
 addRefInternal ($sinfoNode, $node, $algorithm, $arTransforms=null, $options=null)
 

Private Attributes

 $signedInfo = null
 
 $xPathCtx = null
 
 $canonicalMethod = null
 
 $prefix = ''
 
 $searchpfx = 'secdsig'
 
 $validatedNodes = null
 

Detailed Description

xmlseclibs.php

Copyright (c) 2007-2019, Robert Richards rrich.nosp@m.ards.nosp@m.@cdat.nosp@m.azon.nosp@m.e.org. All rights reserved.

Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met:

  • Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer.
  • Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution.
  • Neither the name of Robert Richards nor the names of his contributors may be used to endorse or promote products derived from this software without specific prior written permission.

THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.

Author
Robert Richards rrich.nosp@m.ards.nosp@m.@cdat.nosp@m.azon.nosp@m.e.org
Copyright
2007-2019 Robert Richards rrich.nosp@m.ards.nosp@m.@cdat.nosp@m.azon.nosp@m.e.org http://www.opensource.org/licenses/bsd-license.php BSD License

Definition at line 51 of file XMLSecurityDSig.php.

Constructor & Destructor Documentation

◆ __construct()

RobRichards\XMLSecLibs\XMLSecurityDSig::__construct (   $prefix = 'ds')
Parameters
string$prefix

Definition at line 110 of file XMLSecurityDSig.php.

References RobRichards\XMLSecLibs\XMLSecurityDSig\$prefix, and $template.

111  {
112  $template = self::BASE_TEMPLATE;
113  if (! empty($prefix)) {
114  $this->prefix = $prefix.':';
115  $search = array("<S", "</S", "xmlns=");
116  $replace = array("<$prefix:S", "</$prefix:S", "xmlns:$prefix=");
117  $template = str_replace($search, $replace, $template);
118  }
119  $sigdoc = new DOMDocument();
120  $sigdoc->loadXML($template);
121  $this->sigNode = $sigdoc->documentElement;
122  }
$template
$template
Definition: consentAdmin.php:218

Member Function Documentation

◆ add509Cert()

RobRichards\XMLSecLibs\XMLSecurityDSig::add509Cert (   $cert,
  $isPEMFormat = true,
  $isURL = false,
  $options = null 
)
Parameters
string$cert
bool$isPEMFormat
bool$isURL
null | array$options

Definition at line 1079 of file XMLSecurityDSig.php.

References PHPMailer\PHPMailer\$options, and RobRichards\XMLSecLibs\XMLSecurityDSig\getXPathObj().

1080  {
1081  if ($xpath = $this->getXPathObj()) {
1082  self::staticAdd509Cert($this->sigNode, $cert, $isPEMFormat, $isURL, $xpath, $options);
1083  }
1084  }
RobRichards\XMLSecLibs\XMLSecurityDSig\getXPathObj
getXPathObj()
Returns the XPathObj or null if xPathCtx is set and sigNode is empty.
Definition: XMLSecurityDSig.php:137
+ Here is the call graph for this function:

◆ addObject()

RobRichards\XMLSecLibs\XMLSecurityDSig::addObject (   $data,
  $mimetype = null,
  $encoding = null 
)
Parameters
DOMElement | string$data
null | string$mimetype
null | string$encoding
Returns
DOMElement

Definition at line 734 of file XMLSecurityDSig.php.

References $data, and RobRichards\XMLSecLibs\XMLSecurityDSig\createNewSignNode().

735  {
736  $objNode = $this->createNewSignNode('Object');
737  $this->sigNode->appendChild($objNode);
738  if (! empty($mimetype)) {
739  $objNode->setAttribute('MimeType', $mimetype);
740  }
741  if (! empty($encoding)) {
742  $objNode->setAttribute('Encoding', $encoding);
743  }
744 
745  if ($data instanceof DOMElement) {
746  $newData = $this->sigNode->ownerDocument->importNode($data, true);
747  } else {
748  $newData = $this->sigNode->ownerDocument->createTextNode($data);
749  }
750  $objNode->appendChild($newData);
751 
752  return $objNode;
753  }
$data
$data
Definition: bench.php:6
+ Here is the call graph for this function:

◆ addReference()

RobRichards\XMLSecLibs\XMLSecurityDSig::addReference (   $node,
  $algorithm,
  $arTransforms = null,
  $options = null 
)
Parameters
DOMDocument$node
string$algorithm
null | array$arTransforms
null | array$options

Definition at line 698 of file XMLSecurityDSig.php.

References PHPMailer\PHPMailer\$options, $query, RobRichards\XMLSecLibs\XMLSecurityDSig\addRefInternal(), and RobRichards\XMLSecLibs\XMLSecurityDSig\getXPathObj().

699  {
700  if ($xpath = $this->getXPathObj()) {
701  $query = "./secdsig:SignedInfo";
702  $nodeset = $xpath->query($query, $this->sigNode);
703  if ($sInfo = $nodeset->item(0)) {
704  $this->addRefInternal($sInfo, $node, $algorithm, $arTransforms, $options);
705  }
706  }
707  }
RobRichards\XMLSecLibs\XMLSecurityDSig\getXPathObj
getXPathObj()
Returns the XPathObj or null if xPathCtx is set and sigNode is empty.
Definition: XMLSecurityDSig.php:137
$query
$query
Definition: proxy_ylocal.php:13
RobRichards\XMLSecLibs\XMLSecurityDSig\addRefInternal
addRefInternal($sinfoNode, $node, $algorithm, $arTransforms=null, $options=null)
Definition: XMLSecurityDSig.php:615
+ Here is the call graph for this function:

◆ addReferenceList()

RobRichards\XMLSecLibs\XMLSecurityDSig::addReferenceList (   $arNodes,
  $algorithm,
  $arTransforms = null,
  $options = null 
)
Parameters
array$arNodes
string$algorithm
null | array$arTransforms
null | array$options

Definition at line 715 of file XMLSecurityDSig.php.

References PHPMailer\PHPMailer\$options, $query, RobRichards\XMLSecLibs\XMLSecurityDSig\addRefInternal(), and RobRichards\XMLSecLibs\XMLSecurityDSig\getXPathObj().

716  {
717  if ($xpath = $this->getXPathObj()) {
718  $query = "./secdsig:SignedInfo";
719  $nodeset = $xpath->query($query, $this->sigNode);
720  if ($sInfo = $nodeset->item(0)) {
721  foreach ($arNodes AS $node) {
722  $this->addRefInternal($sInfo, $node, $algorithm, $arTransforms, $options);
723  }
724  }
725  }
726  }
RobRichards\XMLSecLibs\XMLSecurityDSig\getXPathObj
getXPathObj()
Returns the XPathObj or null if xPathCtx is set and sigNode is empty.
Definition: XMLSecurityDSig.php:137
$query
$query
Definition: proxy_ylocal.php:13
RobRichards\XMLSecLibs\XMLSecurityDSig\addRefInternal
addRefInternal($sinfoNode, $node, $algorithm, $arTransforms=null, $options=null)
Definition: XMLSecurityDSig.php:615
+ Here is the call graph for this function:

◆ addRefInternal()

RobRichards\XMLSecLibs\XMLSecurityDSig::addRefInternal (   $sinfoNode,
  $node,
  $algorithm,
  $arTransforms = null,
  $options = null 
)
private
Parameters
DOMNode$sinfoNode
DOMDocument$node
string$algorithm
null | array$arTransforms
null | array$options

Definition at line 615 of file XMLSecurityDSig.php.

References $namespace, PHPMailer\PHPMailer\$options, RobRichards\XMLSecLibs\XMLSecurityDSig\$prefix, RobRichards\XMLSecLibs\XMLSecurityDSig\calculateDigest(), RobRichards\XMLSecLibs\XMLSecurityDSig\createNewSignNode(), and RobRichards\XMLSecLibs\XMLSecurityDSig\processTransforms().

Referenced by RobRichards\XMLSecLibs\XMLSecurityDSig\addReference(), and RobRichards\XMLSecLibs\XMLSecurityDSig\addReferenceList().

616  {
617  $prefix = null;
618  $prefix_ns = null;
619  $id_name = 'Id';
620  $overwrite_id = true;
621  $force_uri = false;
622 
623  if (is_array($options)) {
624  $prefix = empty($options['prefix']) ? null : $options['prefix'];
625  $prefix_ns = empty($options['prefix_ns']) ? null : $options['prefix_ns'];
626  $id_name = empty($options['id_name']) ? 'Id' : $options['id_name'];
627  $overwrite_id = !isset($options['overwrite']) ? true : (bool) $options['overwrite'];
628  $force_uri = !isset($options['force_uri']) ? false : (bool) $options['force_uri'];
629  }
630 
631  $attname = $id_name;
632  if (! empty($prefix)) {
633  $attname = $prefix.':'.$attname;
634  }
635 
636  $refNode = $this->createNewSignNode('Reference');
637  $sinfoNode->appendChild($refNode);
638 
639  if (! $node instanceof DOMDocument) {
640  $uri = null;
641  if (! $overwrite_id) {
642  $uri = $prefix_ns ? $node->getAttributeNS($prefix_ns, $id_name) : $node->getAttribute($id_name);
643  }
644  if (empty($uri)) {
645  $uri = self::generateGUID();
646  $node->setAttributeNS($prefix_ns, $attname, $uri);
647  }
648  $refNode->setAttribute("URI", '#'.$uri);
649  } elseif ($force_uri) {
650  $refNode->setAttribute("URI", '');
651  }
652 
653  $transNodes = $this->createNewSignNode('Transforms');
654  $refNode->appendChild($transNodes);
655 
656  if (is_array($arTransforms)) {
657  foreach ($arTransforms AS $transform) {
658  $transNode = $this->createNewSignNode('Transform');
659  $transNodes->appendChild($transNode);
660  if (is_array($transform) &&
661  (! empty($transform['http://www.w3.org/TR/1999/REC-xpath-19991116'])) &&
662  (! empty($transform['http://www.w3.org/TR/1999/REC-xpath-19991116']['query']))) {
663  $transNode->setAttribute('Algorithm', 'http://www.w3.org/TR/1999/REC-xpath-19991116');
664  $XPathNode = $this->createNewSignNode('XPath', $transform['http://www.w3.org/TR/1999/REC-xpath-19991116']['query']);
665  $transNode->appendChild($XPathNode);
666  if (! empty($transform['http://www.w3.org/TR/1999/REC-xpath-19991116']['namespaces'])) {
667  foreach ($transform['http://www.w3.org/TR/1999/REC-xpath-19991116']['namespaces'] AS $prefix => $namespace) {
668  $XPathNode->setAttributeNS("http://www.w3.org/2000/xmlns/", "xmlns:$prefix", $namespace);
669  }
670  }
671  } else {
672  $transNode->setAttribute('Algorithm', $transform);
673  }
674  }
675  } elseif (! empty($this->canonicalMethod)) {
676  $transNode = $this->createNewSignNode('Transform');
677  $transNodes->appendChild($transNode);
678  $transNode->setAttribute('Algorithm', $this->canonicalMethod);
679  }
680 
681  $canonicalData = $this->processTransforms($refNode, $node);
682  $digValue = $this->calculateDigest($algorithm, $canonicalData);
683 
684  $digestMethod = $this->createNewSignNode('DigestMethod');
685  $refNode->appendChild($digestMethod);
686  $digestMethod->setAttribute('Algorithm', $algorithm);
687 
688  $digestValue = $this->createNewSignNode('DigestValue', $digValue);
689  $refNode->appendChild($digestValue);
690  }
RobRichards\XMLSecLibs\XMLSecurityDSig\calculateDigest
calculateDigest($digestAlgorithm, $data, $encode=true)
Definition: XMLSecurityDSig.php:334
$namespace
if($err=$client->getError()) $namespace
Definition: dummy_client.php:50
RobRichards\XMLSecLibs\XMLSecurityDSig\processTransforms
processTransforms($refNode, $objData, $includeCommentNodes=true)
Definition: XMLSecurityDSig.php:387
+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ appendCert()

RobRichards\XMLSecLibs\XMLSecurityDSig::appendCert ( )

Definition at line 855 of file XMLSecurityDSig.php.

856  {
857 
858  }

◆ appendKey()

RobRichards\XMLSecLibs\XMLSecurityDSig::appendKey (   $objKey,
  $parent = null 
)
Parameters
XMLSecurityKey$objKey
null | DOMNode$parent

Definition at line 864 of file XMLSecurityDSig.php.

865  {
866  $objKey->serializeKey($parent);
867  }

◆ appendSignature()

RobRichards\XMLSecLibs\XMLSecurityDSig::appendSignature (   $parentNode,
  $insertBefore = false 
)
Parameters
DOMNode$parentNode
bool$insertBefore
Returns
DOMNode

Definition at line 899 of file XMLSecurityDSig.php.

References RobRichards\XMLSecLibs\XMLSecurityDSig\insertSignature().

Referenced by RobRichards\XMLSecLibs\XMLSecurityDSig\sign().

900  {
901  $beforeNode = $insertBefore ? $parentNode->firstChild : null;
902  return $this->insertSignature($parentNode, $beforeNode);
903  }
RobRichards\XMLSecLibs\XMLSecurityDSig\insertSignature
insertSignature($node, $beforeNode=null)
This function inserts the signature element.
Definition: XMLSecurityDSig.php:881
+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ appendToKeyInfo()

RobRichards\XMLSecLibs\XMLSecurityDSig::appendToKeyInfo (   $node)

This function appends a node to the KeyInfo.

The KeyInfo element will be created if one does not exist in the document.

Parameters
DOMNode$nodeThe node to append to the KeyInfo.
Returns
DOMNode The KeyInfo element node

Definition at line 1095 of file XMLSecurityDSig.php.

References $query, RobRichards\XMLSecLibs\XMLSecurityDSig\$sigNode, and RobRichards\XMLSecLibs\XMLSecurityDSig\getXPathObj().

1096  {
1097  $parentRef = $this->sigNode;
1098  $baseDoc = $parentRef->ownerDocument;
1099 
1100  $xpath = $this->getXPathObj();
1101  if (empty($xpath)) {
1102  $xpath = new DOMXPath($parentRef->ownerDocument);
1103  $xpath->registerNamespace('secdsig', self::XMLDSIGNS);
1104  }
1105 
1106  $query = "./secdsig:KeyInfo";
1107  $nodeset = $xpath->query($query, $parentRef);
1108  $keyInfo = $nodeset->item(0);
1109  if (! $keyInfo) {
1110  $dsig_pfx = '';
1111  $pfx = $parentRef->lookupPrefix(self::XMLDSIGNS);
1112  if (! empty($pfx)) {
1113  $dsig_pfx = $pfx.":";
1114  }
1115  $inserted = false;
1116  $keyInfo = $baseDoc->createElementNS(self::XMLDSIGNS, $dsig_pfx.'KeyInfo');
1117 
1118  $query = "./secdsig:Object";
1119  $nodeset = $xpath->query($query, $parentRef);
1120  if ($sObject = $nodeset->item(0)) {
1121  $sObject->parentNode->insertBefore($keyInfo, $sObject);
1122  $inserted = true;
1123  }
1124 
1125  if (! $inserted) {
1126  $parentRef->appendChild($keyInfo);
1127  }
1128  }
1129 
1130  $keyInfo->appendChild($node);
1131 
1132  return $keyInfo;
1133  }
RobRichards\XMLSecLibs\XMLSecurityDSig\getXPathObj
getXPathObj()
Returns the XPathObj or null if xPathCtx is set and sigNode is empty.
Definition: XMLSecurityDSig.php:137
$query
$query
Definition: proxy_ylocal.php:13
+ Here is the call graph for this function:

◆ calculateDigest()

RobRichards\XMLSecLibs\XMLSecurityDSig::calculateDigest (   $digestAlgorithm,
  $data,
  $encode = true 
)
Parameters
string$digestAlgorithm
string$data
bool$encode
Returns
string
Exceptions
Exception

Definition at line 334 of file XMLSecurityDSig.php.

References $data, and GuzzleHttp\Psr7\hash().

Referenced by RobRichards\XMLSecLibs\XMLSecurityDSig\addRefInternal(), and RobRichards\XMLSecLibs\XMLSecurityDSig\validateDigest().

335  {
336  switch ($digestAlgorithm) {
337  case self::SHA1:
338  $alg = 'sha1';
339  break;
340  case self::SHA256:
341  $alg = 'sha256';
342  break;
343  case self::SHA384:
344  $alg = 'sha384';
345  break;
346  case self::SHA512:
347  $alg = 'sha512';
348  break;
349  case self::RIPEMD160:
350  $alg = 'ripemd160';
351  break;
352  default:
353  throw new Exception("Cannot validate digest: Unsupported Algorithm <$digestAlgorithm>");
354  }
355 
356  $digest = hash($alg, $data, true);
357  if ($encode) {
358  $digest = base64_encode($digest);
359  }
360  return $digest;
361 
362  }
GuzzleHttp\Psr7\hash
hash(StreamInterface $stream, $algo, $rawOutput=false)
Calculate a hash of a Stream.
Definition: functions.php:406
$data
$data
Definition: bench.php:6
+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ canonicalizeData()

RobRichards\XMLSecLibs\XMLSecurityDSig::canonicalizeData (   $node,
  $canonicalmethod,
  $arXPath = null,
  $prefixList = null 
)
private
Parameters
DOMNode$node
string$canonicalmethod
null | array$arXPath
null | array$prefixList
Returns
string

Definition at line 261 of file XMLSecurityDSig.php.

Referenced by RobRichards\XMLSecLibs\XMLSecurityDSig\canonicalizeSignedInfo(), RobRichards\XMLSecLibs\XMLSecurityDSig\processTransforms(), and RobRichards\XMLSecLibs\XMLSecurityDSig\sign().

262  {
263  $exclusive = false;
264  $withComments = false;
265  switch ($canonicalmethod) {
266  case 'http://www.w3.org/TR/2001/REC-xml-c14n-20010315':
267  $exclusive = false;
268  $withComments = false;
269  break;
270  case 'http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments':
271  $withComments = true;
272  break;
273  case 'http://www.w3.org/2001/10/xml-exc-c14n#':
274  $exclusive = true;
275  break;
276  case 'http://www.w3.org/2001/10/xml-exc-c14n#WithComments':
277  $exclusive = true;
278  $withComments = true;
279  break;
280  }
281 
282  if (is_null($arXPath) && ($node instanceof DOMNode) && ($node->ownerDocument !== null) && $node->isSameNode($node->ownerDocument->documentElement)) {
283  /* Check for any PI or comments as they would have been excluded */
284  $element = $node;
285  while ($refnode = $element->previousSibling) {
286  if ($refnode->nodeType == XML_PI_NODE || (($refnode->nodeType == XML_COMMENT_NODE) && $withComments)) {
287  break;
288  }
289  $element = $refnode;
290  }
291  if ($refnode == null) {
292  $node = $node->ownerDocument;
293  }
294  }
295 
296  return $node->C14N($exclusive, $withComments, $arXPath, $prefixList);
297  }
+ Here is the caller graph for this function:

◆ canonicalizeSignedInfo()

RobRichards\XMLSecLibs\XMLSecurityDSig::canonicalizeSignedInfo ( )
Returns
null|string

Definition at line 302 of file XMLSecurityDSig.php.

References $query, RobRichards\XMLSecLibs\XMLSecurityDSig\$signedInfo, RobRichards\XMLSecLibs\XMLSecurityDSig\canonicalizeData(), and RobRichards\XMLSecLibs\XMLSecurityDSig\getXPathObj().

303  {
304 
305  $doc = $this->sigNode->ownerDocument;
306  $canonicalmethod = null;
307  if ($doc) {
308  $xpath = $this->getXPathObj();
309  $query = "./secdsig:SignedInfo";
310  $nodeset = $xpath->query($query, $this->sigNode);
311  if ($nodeset->length > 1) {
312  throw new Exception("Invalid structure - Too many SignedInfo elements found");
313  }
314  if ($signInfoNode = $nodeset->item(0)) {
315  $query = "./secdsig:CanonicalizationMethod";
316  $nodeset = $xpath->query($query, $signInfoNode);
317  if ($canonNode = $nodeset->item(0)) {
318  $canonicalmethod = $canonNode->getAttribute('Algorithm');
319  }
320  $this->signedInfo = $this->canonicalizeData($signInfoNode, $canonicalmethod);
321  return $this->signedInfo;
322  }
323  }
324  return null;
325  }
RobRichards\XMLSecLibs\XMLSecurityDSig\canonicalizeData
canonicalizeData($node, $canonicalmethod, $arXPath=null, $prefixList=null)
Definition: XMLSecurityDSig.php:261
RobRichards\XMLSecLibs\XMLSecurityDSig\getXPathObj
getXPathObj()
Returns the XPathObj or null if xPathCtx is set and sigNode is empty.
Definition: XMLSecurityDSig.php:137
$query
$query
Definition: proxy_ylocal.php:13
+ Here is the call graph for this function:

◆ createNewSignNode()

RobRichards\XMLSecLibs\XMLSecurityDSig::createNewSignNode (   $name,
  $value = null 
)
Parameters
string$name
null | string$value
Returns
DOMElement

Definition at line 212 of file XMLSecurityDSig.php.

Referenced by RobRichards\XMLSecLibs\XMLSecurityDSig\addObject(), RobRichards\XMLSecLibs\XMLSecurityDSig\addRefInternal(), RobRichards\XMLSecLibs\XMLSecurityDSig\setCanonicalMethod(), and RobRichards\XMLSecLibs\XMLSecurityDSig\sign().

213  {
214  $doc = $this->sigNode->ownerDocument;
215  if (! is_null($value)) {
216  $node = $doc->createElementNS(self::XMLDSIGNS, $this->prefix.$name, $value);
217  } else {
218  $node = $doc->createElementNS(self::XMLDSIGNS, $this->prefix.$name);
219  }
220  return $node;
221  }
+ Here is the caller graph for this function:

◆ generate_GUID()

static RobRichards\XMLSecLibs\XMLSecurityDSig::generate_GUID (   $prefix = 'pfx')
static

Generate guid.

Parameters
string$prefixPrefix to use for guid. defaults to pfx
Returns
string The generated guid
Deprecated:
Method deprecated in Release 1.4.1

Definition at line 174 of file XMLSecurityDSig.php.

References RobRichards\XMLSecLibs\XMLSecurityDSig\$prefix.

175  {
176  return self::generateGUID($prefix);
177  }

◆ generateGUID()

static RobRichards\XMLSecLibs\XMLSecurityDSig::generateGUID (   $prefix = 'pfx')
static

Generate guid.

Parameters
string$prefixPrefix to use for guid. defaults to pfx
Returns
string The generated guid

Definition at line 154 of file XMLSecurityDSig.php.

References RobRichards\XMLSecLibs\XMLSecurityDSig\$prefix.

Referenced by RobRichards\XMLSecLibs\XMLSecEnc\addReference().

155  {
156  $uuid = md5(uniqid(mt_rand(), true));
157  $guid = $prefix.substr($uuid, 0, 8)."-".
158  substr($uuid, 8, 4)."-".
159  substr($uuid, 12, 4)."-".
160  substr($uuid, 16, 4)."-".
161  substr($uuid, 20, 12);
162  return $guid;
163  }
+ Here is the caller graph for this function:

◆ get509XCert()

static RobRichards\XMLSecLibs\XMLSecurityDSig::get509XCert (   $cert,
  $isPEMFormat = true 
)
static
Parameters
string$cert
bool$isPEMFormat
Returns
string

Definition at line 910 of file XMLSecurityDSig.php.

911  {
912  $certs = self::staticGet509XCerts($cert, $isPEMFormat);
913  if (! empty($certs)) {
914  return $certs[0];
915  }
916  return '';
917  }

◆ getRefIDs()

RobRichards\XMLSecLibs\XMLSecurityDSig::getRefIDs ( )
Returns
array
Exceptions
Exception

Definition at line 560 of file XMLSecurityDSig.php.

References $query, RobRichards\XMLSecLibs\XMLSecurityDSig\getRefNodeID(), and RobRichards\XMLSecLibs\XMLSecurityDSig\getXPathObj().

561  {
562  $refids = array();
563 
564  $xpath = $this->getXPathObj();
565  $query = "./secdsig:SignedInfo[1]/secdsig:Reference";
566  $nodeset = $xpath->query($query, $this->sigNode);
567  if ($nodeset->length == 0) {
568  throw new Exception("Reference nodes not found");
569  }
570  foreach ($nodeset AS $refNode) {
571  $refids[] = $this->getRefNodeID($refNode);
572  }
573  return $refids;
574  }
RobRichards\XMLSecLibs\XMLSecurityDSig\getXPathObj
getXPathObj()
Returns the XPathObj or null if xPathCtx is set and sigNode is empty.
Definition: XMLSecurityDSig.php:137
$query
$query
Definition: proxy_ylocal.php:13
+ Here is the call graph for this function:

◆ getRefNodeID()

RobRichards\XMLSecLibs\XMLSecurityDSig::getRefNodeID (   $refNode)
Parameters
DOMNode$refNode
Returns
null

Definition at line 543 of file XMLSecurityDSig.php.

Referenced by RobRichards\XMLSecLibs\XMLSecurityDSig\getRefIDs().

544  {
545  if ($uri = $refNode->getAttribute("URI")) {
546  $arUrl = parse_url($uri);
547  if (empty($arUrl['path'])) {
548  if ($identifier = $arUrl['fragment']) {
549  return $identifier;
550  }
551  }
552  }
553  return null;
554  }
+ Here is the caller graph for this function:

◆ getValidatedNodes()

RobRichards\XMLSecLibs\XMLSecurityDSig::getValidatedNodes ( )

This function retrieves an associative array of the validated nodes.

The array will contain the id of the referenced node as the key and the node itself as the value.

Returns: An associative array of validated nodes or null if no nodes have been validated.

Returns
array Associative array of validated nodes

Definition at line 1146 of file XMLSecurityDSig.php.

References RobRichards\XMLSecLibs\XMLSecurityDSig\$validatedNodes.

1147  {
1148  return $this->validatedNodes;
1149  }

◆ getXPathObj()

RobRichards\XMLSecLibs\XMLSecurityDSig::getXPathObj ( )
private

Returns the XPathObj or null if xPathCtx is set and sigNode is empty.

Returns
DOMXPath|null

Definition at line 137 of file XMLSecurityDSig.php.

References RobRichards\XMLSecLibs\XMLSecurityDSig\$xPathCtx.

Referenced by RobRichards\XMLSecLibs\XMLSecurityDSig\add509Cert(), RobRichards\XMLSecLibs\XMLSecurityDSig\addReference(), RobRichards\XMLSecLibs\XMLSecurityDSig\addReferenceList(), RobRichards\XMLSecLibs\XMLSecurityDSig\appendToKeyInfo(), RobRichards\XMLSecLibs\XMLSecurityDSig\canonicalizeSignedInfo(), RobRichards\XMLSecLibs\XMLSecurityDSig\getRefIDs(), RobRichards\XMLSecLibs\XMLSecurityDSig\setCanonicalMethod(), RobRichards\XMLSecLibs\XMLSecurityDSig\sign(), and RobRichards\XMLSecLibs\XMLSecurityDSig\validateReference().

138  {
139  if (empty($this->xPathCtx) && ! empty($this->sigNode)) {
140  $xpath = new DOMXPath($this->sigNode->ownerDocument);
141  $xpath->registerNamespace('secdsig', self::XMLDSIGNS);
142  $this->xPathCtx = $xpath;
143  }
144  return $this->xPathCtx;
145  }
+ Here is the caller graph for this function:

◆ insertSignature()

RobRichards\XMLSecLibs\XMLSecurityDSig::insertSignature (   $node,
  $beforeNode = null 
)

This function inserts the signature element.

The signature element will be appended to the element, unless $beforeNode is specified. If $beforeNode is specified, the signature element will be inserted as the last element before $beforeNode.

Parameters
DOMNode$nodeThe node the signature element should be inserted into.
DOMNode$beforeNodeThe node the signature element should be located before.
Returns
DOMNode The signature element node

Definition at line 881 of file XMLSecurityDSig.php.

Referenced by RobRichards\XMLSecLibs\XMLSecurityDSig\appendSignature().

882  {
883 
884  $document = $node->ownerDocument;
885  $signatureElement = $document->importNode($this->sigNode, true);
886 
887  if ($beforeNode == null) {
888  return $node->insertBefore($signatureElement);
889  } else {
890  return $node->insertBefore($signatureElement, $beforeNode);
891  }
892  }
+ Here is the caller graph for this function:

◆ locateKey()

RobRichards\XMLSecLibs\XMLSecurityDSig::locateKey (   $node = null)
Parameters
null | DOMNode$node
Returns
null|XMLSecurityKey

Definition at line 759 of file XMLSecurityDSig.php.

References $query, and RobRichards\XMLSecLibs\XMLSecurityDSig\$sigNode.

760  {
761  if (empty($node)) {
762  $node = $this->sigNode;
763  }
764  if (! $node instanceof DOMNode) {
765  return null;
766  }
767  if ($doc = $node->ownerDocument) {
768  $xpath = new DOMXPath($doc);
769  $xpath->registerNamespace('secdsig', self::XMLDSIGNS);
770  $query = "string(./secdsig:SignedInfo/secdsig:SignatureMethod/@Algorithm)";
771  $algorithm = $xpath->evaluate($query, $node);
772  if ($algorithm) {
773  try {
774  $objKey = new XMLSecurityKey($algorithm, array('type' => 'public'));
775  } catch (Exception $e) {
776  return null;
777  }
778  return $objKey;
779  }
780  }
781  return null;
782  }
$query
$query
Definition: proxy_ylocal.php:13

◆ locateSignature()

RobRichards\XMLSecLibs\XMLSecurityDSig::locateSignature (   $objDoc,
  $pos = 0 
)
Parameters
DOMDocument$objDoc
int$pos
Returns
DOMNode|null

Definition at line 184 of file XMLSecurityDSig.php.

References $query, and RobRichards\XMLSecLibs\XMLSecurityDSig\$sigNode.

185  {
186  if ($objDoc instanceof DOMDocument) {
187  $doc = $objDoc;
188  } else {
189  $doc = $objDoc->ownerDocument;
190  }
191  if ($doc) {
192  $xpath = new DOMXPath($doc);
193  $xpath->registerNamespace('secdsig', self::XMLDSIGNS);
194  $query = ".//secdsig:Signature";
195  $nodeset = $xpath->query($query, $objDoc);
196  $this->sigNode = $nodeset->item($pos);
197  $query = "./secdsig:SignedInfo";
198  $nodeset = $xpath->query($query, $this->sigNode);
199  if ($nodeset->length > 1) {
200  throw new Exception("Invalid structure - Too many SignedInfo elements found");
201  }
202  return $this->sigNode;
203  }
204  return null;
205  }
$query
$query
Definition: proxy_ylocal.php:13

◆ processRefNode()

RobRichards\XMLSecLibs\XMLSecurityDSig::processRefNode (   $refNode)
Parameters
DOMNode$refNode
Returns
bool

Definition at line 475 of file XMLSecurityDSig.php.

References $data, $query, RobRichards\XMLSecLibs\XMLSecurityDSig\processTransforms(), and RobRichards\XMLSecLibs\XMLSecurityDSig\validateDigest().

Referenced by RobRichards\XMLSecLibs\XMLSecurityDSig\validateReference().

476  {
477  $dataObject = null;
478 
479  /*
480  * Depending on the URI, we may not want to include comments in the result
481  * See: http://www.w3.org/TR/xmldsig-core/#sec-ReferenceProcessingModel
482  */
483  $includeCommentNodes = true;
484 
485  if ($uri = $refNode->getAttribute("URI")) {
486  $arUrl = parse_url($uri);
487  if (empty($arUrl['path'])) {
488  if ($identifier = $arUrl['fragment']) {
489 
490  /* This reference identifies a node with the given id by using
491  * a URI on the form "#identifier". This should not include comments.
492  */
493  $includeCommentNodes = false;
494 
495  $xPath = new DOMXPath($refNode->ownerDocument);
496  if ($this->idNS && is_array($this->idNS)) {
497  foreach ($this->idNS as $nspf => $ns) {
498  $xPath->registerNamespace($nspf, $ns);
499  }
500  }
501  $iDlist = '@Id="'.XPath::filterAttrValue($identifier, XPath::DOUBLE_QUOTE).'"';
502  if (is_array($this->idKeys)) {
503  foreach ($this->idKeys as $idKey) {
504  $iDlist .= " or @".XPath::filterAttrName($idKey).'="'.
505  XPath::filterAttrValue($identifier, XPath::DOUBLE_QUOTE).'"';
506  }
507  }
508  $query = '//*['.$iDlist.']';
509  $dataObject = $xPath->query($query)->item(0);
510  } else {
511  $dataObject = $refNode->ownerDocument;
512  }
513  }
514  } else {
515  /* This reference identifies the root node with an empty URI. This should
516  * not include comments.
517  */
518  $includeCommentNodes = false;
519 
520  $dataObject = $refNode->ownerDocument;
521  }
522  $data = $this->processTransforms($refNode, $dataObject, $includeCommentNodes);
523  if (!$this->validateDigest($refNode, $data)) {
524  return false;
525  }
526 
527  if ($dataObject instanceof DOMNode) {
528  /* Add this node to the list of validated nodes. */
529  if (! empty($identifier)) {
530  $this->validatedNodes[$identifier] = $dataObject;
531  } else {
532  $this->validatedNodes[] = $dataObject;
533  }
534  }
535 
536  return true;
537  }
$query
$query
Definition: proxy_ylocal.php:13
RobRichards\XMLSecLibs\XMLSecurityDSig\processTransforms
processTransforms($refNode, $objData, $includeCommentNodes=true)
Definition: XMLSecurityDSig.php:387
$data
$data
Definition: bench.php:6
+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ processTransforms()

RobRichards\XMLSecLibs\XMLSecurityDSig::processTransforms (   $refNode,
  $objData,
  $includeCommentNodes = true 
)
Parameters
$refNode
DOMNode$objData
bool$includeCommentNodes
Returns
string

Definition at line 387 of file XMLSecurityDSig.php.

References RobRichards\XMLSecLibs\XMLSecurityDSig\$canonicalMethod, $data, $query, and RobRichards\XMLSecLibs\XMLSecurityDSig\canonicalizeData().

Referenced by RobRichards\XMLSecLibs\XMLSecurityDSig\addRefInternal(), and RobRichards\XMLSecLibs\XMLSecurityDSig\processRefNode().

388  {
389  $data = $objData;
390  $xpath = new DOMXPath($refNode->ownerDocument);
391  $xpath->registerNamespace('secdsig', self::XMLDSIGNS);
392  $query = './secdsig:Transforms/secdsig:Transform';
393  $nodelist = $xpath->query($query, $refNode);
394  $canonicalMethod = 'http://www.w3.org/TR/2001/REC-xml-c14n-20010315';
395  $arXPath = null;
396  $prefixList = null;
397  foreach ($nodelist AS $transform) {
398  $algorithm = $transform->getAttribute("Algorithm");
399  switch ($algorithm) {
400  case 'http://www.w3.org/2001/10/xml-exc-c14n#':
401  case 'http://www.w3.org/2001/10/xml-exc-c14n#WithComments':
402 
403  if (!$includeCommentNodes) {
404  /* We remove comment nodes by forcing it to use a canonicalization
405  * without comments.
406  */
407  $canonicalMethod = 'http://www.w3.org/2001/10/xml-exc-c14n#';
408  } else {
409  $canonicalMethod = $algorithm;
410  }
411 
412  $node = $transform->firstChild;
413  while ($node) {
414  if ($node->localName == 'InclusiveNamespaces') {
415  if ($pfx = $node->getAttribute('PrefixList')) {
416  $arpfx = array();
417  $pfxlist = explode(" ", $pfx);
418  foreach ($pfxlist AS $pfx) {
419  $val = trim($pfx);
420  if (! empty($val)) {
421  $arpfx[] = $val;
422  }
423  }
424  if (count($arpfx) > 0) {
425  $prefixList = $arpfx;
426  }
427  }
428  break;
429  }
430  $node = $node->nextSibling;
431  }
432  break;
433  case 'http://www.w3.org/TR/2001/REC-xml-c14n-20010315':
434  case 'http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments':
435  if (!$includeCommentNodes) {
436  /* We remove comment nodes by forcing it to use a canonicalization
437  * without comments.
438  */
439  $canonicalMethod = 'http://www.w3.org/TR/2001/REC-xml-c14n-20010315';
440  } else {
441  $canonicalMethod = $algorithm;
442  }
443 
444  break;
445  case 'http://www.w3.org/TR/1999/REC-xpath-19991116':
446  $node = $transform->firstChild;
447  while ($node) {
448  if ($node->localName == 'XPath') {
449  $arXPath = array();
450  $arXPath['query'] = '(.//. | .//@* | .//namespace::*)['.$node->nodeValue.']';
451  $arXPath['namespaces'] = array();
452  $nslist = $xpath->query('./namespace::*', $node);
453  foreach ($nslist AS $nsnode) {
454  if ($nsnode->localName != "xml") {
455  $arXPath['namespaces'][$nsnode->localName] = $nsnode->nodeValue;
456  }
457  }
458  break;
459  }
460  $node = $node->nextSibling;
461  }
462  break;
463  }
464  }
465  if ($data instanceof DOMNode) {
466  $data = $this->canonicalizeData($objData, $canonicalMethod, $arXPath, $prefixList);
467  }
468  return $data;
469  }
RobRichards\XMLSecLibs\XMLSecurityDSig\canonicalizeData
canonicalizeData($node, $canonicalmethod, $arXPath=null, $prefixList=null)
Definition: XMLSecurityDSig.php:261
$query
$query
Definition: proxy_ylocal.php:13
$data
$data
Definition: bench.php:6
+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ resetXPathObj()

RobRichards\XMLSecLibs\XMLSecurityDSig::resetXPathObj ( )
private

Reset the XPathObj to null.

Definition at line 127 of file XMLSecurityDSig.php.

Referenced by RobRichards\XMLSecLibs\XMLSecurityDSig\sign().

128  {
129  $this->xPathCtx = null;
130  }
+ Here is the caller graph for this function:

◆ setCanonicalMethod()

RobRichards\XMLSecLibs\XMLSecurityDSig::setCanonicalMethod (   $method)
Parameters
string$method
Exceptions
Exception

Definition at line 227 of file XMLSecurityDSig.php.

References $query, RobRichards\XMLSecLibs\XMLSecurityDSig\createNewSignNode(), and RobRichards\XMLSecLibs\XMLSecurityDSig\getXPathObj().

228  {
229  switch ($method) {
230  case 'http://www.w3.org/TR/2001/REC-xml-c14n-20010315':
231  case 'http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments':
232  case 'http://www.w3.org/2001/10/xml-exc-c14n#':
233  case 'http://www.w3.org/2001/10/xml-exc-c14n#WithComments':
234  $this->canonicalMethod = $method;
235  break;
236  default:
237  throw new Exception('Invalid Canonical Method');
238  }
239  if ($xpath = $this->getXPathObj()) {
240  $query = './'.$this->searchpfx.':SignedInfo';
241  $nodeset = $xpath->query($query, $this->sigNode);
242  if ($sinfo = $nodeset->item(0)) {
243  $query = './'.$this->searchpfx.'CanonicalizationMethod';
244  $nodeset = $xpath->query($query, $sinfo);
245  if (! ($canonNode = $nodeset->item(0))) {
246  $canonNode = $this->createNewSignNode('CanonicalizationMethod');
247  $sinfo->insertBefore($canonNode, $sinfo->firstChild);
248  }
249  $canonNode->setAttribute('Algorithm', $this->canonicalMethod);
250  }
251  }
252  }
RobRichards\XMLSecLibs\XMLSecurityDSig\getXPathObj
getXPathObj()
Returns the XPathObj or null if xPathCtx is set and sigNode is empty.
Definition: XMLSecurityDSig.php:137
$query
$query
Definition: proxy_ylocal.php:13
+ Here is the call graph for this function:

◆ sign()

RobRichards\XMLSecLibs\XMLSecurityDSig::sign (   $objKey,
  $appendToNode = null 
)
Parameters
XMLSecurityKey$objKey
null | DOMNode$appendToNode

Definition at line 827 of file XMLSecurityDSig.php.

References $data, $query, RobRichards\XMLSecLibs\XMLSecurityDSig\appendSignature(), RobRichards\XMLSecLibs\XMLSecurityDSig\canonicalizeData(), RobRichards\XMLSecLibs\XMLSecurityDSig\createNewSignNode(), RobRichards\XMLSecLibs\XMLSecurityDSig\getXPathObj(), RobRichards\XMLSecLibs\XMLSecurityDSig\resetXPathObj(), and RobRichards\XMLSecLibs\XMLSecurityDSig\signData().

828  {
829  // If we have a parent node append it now so C14N properly works
830  if ($appendToNode != null) {
831  $this->resetXPathObj();
832  $this->appendSignature($appendToNode);
833  $this->sigNode = $appendToNode->lastChild;
834  }
835  if ($xpath = $this->getXPathObj()) {
836  $query = "./secdsig:SignedInfo";
837  $nodeset = $xpath->query($query, $this->sigNode);
838  if ($sInfo = $nodeset->item(0)) {
839  $query = "./secdsig:SignatureMethod";
840  $nodeset = $xpath->query($query, $sInfo);
841  $sMethod = $nodeset->item(0);
842  $sMethod->setAttribute('Algorithm', $objKey->type);
843  $data = $this->canonicalizeData($sInfo, $this->canonicalMethod);
844  $sigValue = base64_encode($this->signData($objKey, $data));
845  $sigValueNode = $this->createNewSignNode('SignatureValue', $sigValue);
846  if ($infoSibling = $sInfo->nextSibling) {
847  $infoSibling->parentNode->insertBefore($sigValueNode, $infoSibling);
848  } else {
849  $this->sigNode->appendChild($sigValueNode);
850  }
851  }
852  }
853  }
RobRichards\XMLSecLibs\XMLSecurityDSig\canonicalizeData
canonicalizeData($node, $canonicalmethod, $arXPath=null, $prefixList=null)
Definition: XMLSecurityDSig.php:261
RobRichards\XMLSecLibs\XMLSecurityDSig\appendSignature
appendSignature($parentNode, $insertBefore=false)
Definition: XMLSecurityDSig.php:899
RobRichards\XMLSecLibs\XMLSecurityDSig\getXPathObj
getXPathObj()
Returns the XPathObj or null if xPathCtx is set and sigNode is empty.
Definition: XMLSecurityDSig.php:137
$query
$query
Definition: proxy_ylocal.php:13
RobRichards\XMLSecLibs\XMLSecurityDSig\resetXPathObj
resetXPathObj()
Reset the XPathObj to null.
Definition: XMLSecurityDSig.php:127
$data
$data
Definition: bench.php:6
+ Here is the call graph for this function:

◆ signData()

RobRichards\XMLSecLibs\XMLSecurityDSig::signData (   $objKey,
  $data 
)
Parameters
XMLSecurityKey$objKey
string$data
Returns
mixed|string

Definition at line 818 of file XMLSecurityDSig.php.

References $data.

Referenced by RobRichards\XMLSecLibs\XMLSecurityDSig\sign().

819  {
820  return $objKey->signData($data);
821  }
$data
$data
Definition: bench.php:6
+ Here is the caller graph for this function:

◆ staticAdd509Cert()

static RobRichards\XMLSecLibs\XMLSecurityDSig::staticAdd509Cert (   $parentRef,
  $cert,
  $isPEMFormat = true,
  $isURL = false,
  $xpath = null,
  $options = null 
)
static
Parameters
DOMElement$parentRef
string$cert
bool$isPEMFormat
bool$isURL
null | DOMXPath$xpath
null | array$options
Exceptions
Exception

Definition at line 961 of file XMLSecurityDSig.php.

References $key, PHPMailer\PHPMailer\$options, and $query.

962  {
963  if ($isURL) {
964  $cert = file_get_contents($cert);
965  }
966  if (! $parentRef instanceof DOMElement) {
967  throw new Exception('Invalid parent Node parameter');
968  }
969  $baseDoc = $parentRef->ownerDocument;
970 
971  if (empty($xpath)) {
972  $xpath = new DOMXPath($parentRef->ownerDocument);
973  $xpath->registerNamespace('secdsig', self::XMLDSIGNS);
974  }
975 
976  $query = "./secdsig:KeyInfo";
977  $nodeset = $xpath->query($query, $parentRef);
978  $keyInfo = $nodeset->item(0);
979  $dsig_pfx = '';
980  if (! $keyInfo) {
981  $pfx = $parentRef->lookupPrefix(self::XMLDSIGNS);
982  if (! empty($pfx)) {
983  $dsig_pfx = $pfx.":";
984  }
985  $inserted = false;
986  $keyInfo = $baseDoc->createElementNS(self::XMLDSIGNS, $dsig_pfx.'KeyInfo');
987 
988  $query = "./secdsig:Object";
989  $nodeset = $xpath->query($query, $parentRef);
990  if ($sObject = $nodeset->item(0)) {
991  $sObject->parentNode->insertBefore($keyInfo, $sObject);
992  $inserted = true;
993  }
994 
995  if (! $inserted) {
996  $parentRef->appendChild($keyInfo);
997  }
998  } else {
999  $pfx = $keyInfo->lookupPrefix(self::XMLDSIGNS);
1000  if (! empty($pfx)) {
1001  $dsig_pfx = $pfx.":";
1002  }
1003  }
1004 
1005  // Add all certs if there are more than one
1006  $certs = self::staticGet509XCerts($cert, $isPEMFormat);
1007 
1008  // Attach X509 data node
1009  $x509DataNode = $baseDoc->createElementNS(self::XMLDSIGNS, $dsig_pfx.'X509Data');
1010  $keyInfo->appendChild($x509DataNode);
1011 
1012  $issuerSerial = false;
1013  $subjectName = false;
1014  if (is_array($options)) {
1015  if (! empty($options['issuerSerial'])) {
1016  $issuerSerial = true;
1017  }
1018  if (! empty($options['subjectName'])) {
1019  $subjectName = true;
1020  }
1021  }
1022 
1023  // Attach all certificate nodes and any additional data
1024  foreach ($certs as $X509Cert) {
1025  if ($issuerSerial || $subjectName) {
1026  if ($certData = openssl_x509_parse("-----BEGIN CERTIFICATE-----\n".chunk_split($X509Cert, 64, "\n")."-----END CERTIFICATE-----\n")) {
1027  if ($subjectName && ! empty($certData['subject'])) {
1028  if (is_array($certData['subject'])) {
1029  $parts = array();
1030  foreach ($certData['subject'] AS $key => $value) {
1031  if (is_array($value)) {
1032  foreach ($value as $valueElement) {
1033  array_unshift($parts, "$key=$valueElement");
1034  }
1035  } else {
1036  array_unshift($parts, "$key=$value");
1037  }
1038  }
1039  $subjectNameValue = implode(',', $parts);
1040  } else {
1041  $subjectNameValue = $certData['issuer'];
1042  }
1043  $x509SubjectNode = $baseDoc->createElementNS(self::XMLDSIGNS, $dsig_pfx.'X509SubjectName', $subjectNameValue);
1044  $x509DataNode->appendChild($x509SubjectNode);
1045  }
1046  if ($issuerSerial && ! empty($certData['issuer']) && ! empty($certData['serialNumber'])) {
1047  if (is_array($certData['issuer'])) {
1048  $parts = array();
1049  foreach ($certData['issuer'] AS $key => $value) {
1050  array_unshift($parts, "$key=$value");
1051  }
1052  $issuerName = implode(',', $parts);
1053  } else {
1054  $issuerName = $certData['issuer'];
1055  }
1056 
1057  $x509IssuerNode = $baseDoc->createElementNS(self::XMLDSIGNS, $dsig_pfx.'X509IssuerSerial');
1058  $x509DataNode->appendChild($x509IssuerNode);
1059 
1060  $x509Node = $baseDoc->createElementNS(self::XMLDSIGNS, $dsig_pfx.'X509IssuerName', $issuerName);
1061  $x509IssuerNode->appendChild($x509Node);
1062  $x509Node = $baseDoc->createElementNS(self::XMLDSIGNS, $dsig_pfx.'X509SerialNumber', $certData['serialNumber']);
1063  $x509IssuerNode->appendChild($x509Node);
1064  }
1065  }
1066 
1067  }
1068  $x509CertNode = $baseDoc->createElementNS(self::XMLDSIGNS, $dsig_pfx.'X509Certificate', $X509Cert);
1069  $x509DataNode->appendChild($x509CertNode);
1070  }
1071  }
$query
$query
Definition: proxy_ylocal.php:13
$key
$key
Definition: croninfo.php:18

◆ staticGet509XCerts()

static RobRichards\XMLSecLibs\XMLSecurityDSig::staticGet509XCerts (   $certs,
  $isPEMFormat = true 
)
static
Parameters
string$certs
bool$isPEMFormat
Returns
array

Definition at line 924 of file XMLSecurityDSig.php.

References $data.

925  {
926  if ($isPEMFormat) {
927  $data = '';
928  $certlist = array();
929  $arCert = explode("\n", $certs);
930  $inData = false;
931  foreach ($arCert AS $curData) {
932  if (! $inData) {
933  if (strncmp($curData, '-----BEGIN CERTIFICATE', 22) == 0) {
934  $inData = true;
935  }
936  } else {
937  if (strncmp($curData, '-----END CERTIFICATE', 20) == 0) {
938  $inData = false;
939  $certlist[] = $data;
940  $data = '';
941  continue;
942  }
943  $data .= trim($curData);
944  }
945  }
946  return $certlist;
947  } else {
948  return array($certs);
949  }
950  }
$data
$data
Definition: bench.php:6

◆ validateDigest()

RobRichards\XMLSecLibs\XMLSecurityDSig::validateDigest (   $refNode,
  $data 
)
Parameters
$refNode
string$data
Returns
bool

Definition at line 369 of file XMLSecurityDSig.php.

References $data, $query, and RobRichards\XMLSecLibs\XMLSecurityDSig\calculateDigest().

Referenced by RobRichards\XMLSecLibs\XMLSecurityDSig\processRefNode().

370  {
371  $xpath = new DOMXPath($refNode->ownerDocument);
372  $xpath->registerNamespace('secdsig', self::XMLDSIGNS);
373  $query = 'string(./secdsig:DigestMethod/@Algorithm)';
374  $digestAlgorithm = $xpath->evaluate($query, $refNode);
375  $digValue = $this->calculateDigest($digestAlgorithm, $data, false);
376  $query = 'string(./secdsig:DigestValue)';
377  $digestValue = $xpath->evaluate($query, $refNode);
378  return ($digValue === base64_decode($digestValue));
379  }
RobRichards\XMLSecLibs\XMLSecurityDSig\calculateDigest
calculateDigest($digestAlgorithm, $data, $encode=true)
Definition: XMLSecurityDSig.php:334
$query
$query
Definition: proxy_ylocal.php:13
$data
$data
Definition: bench.php:6
+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ validateReference()

RobRichards\XMLSecLibs\XMLSecurityDSig::validateReference ( )
Returns
bool
Exceptions
Exception

Definition at line 580 of file XMLSecurityDSig.php.

References $query, RobRichards\XMLSecLibs\XMLSecurityDSig\getXPathObj(), and RobRichards\XMLSecLibs\XMLSecurityDSig\processRefNode().

581  {
582  $docElem = $this->sigNode->ownerDocument->documentElement;
583  if (! $docElem->isSameNode($this->sigNode)) {
584  if ($this->sigNode->parentNode != null) {
585  $this->sigNode->parentNode->removeChild($this->sigNode);
586  }
587  }
588  $xpath = $this->getXPathObj();
589  $query = "./secdsig:SignedInfo[1]/secdsig:Reference";
590  $nodeset = $xpath->query($query, $this->sigNode);
591  if ($nodeset->length == 0) {
592  throw new Exception("Reference nodes not found");
593  }
594 
595  /* Initialize/reset the list of validated nodes. */
596  $this->validatedNodes = array();
597 
598  foreach ($nodeset AS $refNode) {
599  if (! $this->processRefNode($refNode)) {
600  /* Clear the list of validated nodes. */
601  $this->validatedNodes = null;
602  throw new Exception("Reference validation failed");
603  }
604  }
605  return true;
606  }
RobRichards\XMLSecLibs\XMLSecurityDSig\getXPathObj
getXPathObj()
Returns the XPathObj or null if xPathCtx is set and sigNode is empty.
Definition: XMLSecurityDSig.php:137
$query
$query
Definition: proxy_ylocal.php:13
+ Here is the call graph for this function:

◆ verify()

RobRichards\XMLSecLibs\XMLSecurityDSig::verify (   $objKey)

Returns: Bool when verifying HMAC_SHA1; Int otherwise, with following meanings: 1 on succesful signature verification, 0 when signature verification failed, -1 if an error occurred during processing.

NOTE: be very careful when checking the int return value, because in PHP, -1 will be cast to True when in boolean context. Always check the return value in a strictly typed way, e.g. "$obj->verify(...) === 1".

Parameters
XMLSecurityKey$objKey
Returns
bool|int
Exceptions
Exception

Definition at line 800 of file XMLSecurityDSig.php.

References $query.

801  {
802  $doc = $this->sigNode->ownerDocument;
803  $xpath = new DOMXPath($doc);
804  $xpath->registerNamespace('secdsig', self::XMLDSIGNS);
805  $query = "string(./secdsig:SignatureValue)";
806  $sigValue = $xpath->evaluate($query, $this->sigNode);
807  if (empty($sigValue)) {
808  throw new Exception("Unable to locate SignatureValue");
809  }
810  return $objKey->verifySignature($this->signedInfo, base64_decode($sigValue));
811  }
$query
$query
Definition: proxy_ylocal.php:13

Field Documentation

◆ $canonicalMethod

RobRichards\XMLSecLibs\XMLSecurityDSig::$canonicalMethod = null
private

Definition at line 93 of file XMLSecurityDSig.php.

Referenced by RobRichards\XMLSecLibs\XMLSecurityDSig\processTransforms().

◆ $idKeys

RobRichards\XMLSecLibs\XMLSecurityDSig::$idKeys = array()

Definition at line 81 of file XMLSecurityDSig.php.

◆ $idNS

RobRichards\XMLSecLibs\XMLSecurityDSig::$idNS = array()

Definition at line 84 of file XMLSecurityDSig.php.

◆ $prefix

RobRichards\XMLSecLibs\XMLSecurityDSig::$prefix = ''
private

Definition at line 96 of file XMLSecurityDSig.php.

Referenced by RobRichards\XMLSecLibs\XMLSecurityDSig\__construct(), RobRichards\XMLSecLibs\XMLSecurityDSig\addRefInternal(), RobRichards\XMLSecLibs\XMLSecurityDSig\generate_GUID(), and RobRichards\XMLSecLibs\XMLSecurityDSig\generateGUID().

◆ $searchpfx

RobRichards\XMLSecLibs\XMLSecurityDSig::$searchpfx = 'secdsig'
private

Definition at line 99 of file XMLSecurityDSig.php.

◆ $signedInfo

RobRichards\XMLSecLibs\XMLSecurityDSig::$signedInfo = null
private

Definition at line 87 of file XMLSecurityDSig.php.

Referenced by RobRichards\XMLSecLibs\XMLSecurityDSig\canonicalizeSignedInfo().

◆ $sigNode

RobRichards\XMLSecLibs\XMLSecurityDSig::$sigNode = null

Definition at line 78 of file XMLSecurityDSig.php.

Referenced by RobRichards\XMLSecLibs\XMLSecurityDSig\appendToKeyInfo(), RobRichards\XMLSecLibs\XMLSecurityDSig\locateKey(), and RobRichards\XMLSecLibs\XMLSecurityDSig\locateSignature().

◆ $validatedNodes

RobRichards\XMLSecLibs\XMLSecurityDSig::$validatedNodes = null
private

Definition at line 105 of file XMLSecurityDSig.php.

Referenced by RobRichards\XMLSecLibs\XMLSecurityDSig\getValidatedNodes().

◆ $xPathCtx

RobRichards\XMLSecLibs\XMLSecurityDSig::$xPathCtx = null
private

Definition at line 90 of file XMLSecurityDSig.php.

Referenced by RobRichards\XMLSecLibs\XMLSecurityDSig\getXPathObj().

◆ BASE_TEMPLATE

const RobRichards\XMLSecLibs\XMLSecurityDSig::BASE_TEMPLATE
Initial value:
= '<Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
<SignedInfo>
<SignatureMethod />
</SignedInfo>
</Signature>'

Definition at line 71 of file XMLSecurityDSig.php.

◆ C14N

const RobRichards\XMLSecLibs\XMLSecurityDSig::C14N = 'http://www.w3.org/TR/2001/REC-xml-c14n-20010315'

Definition at line 60 of file XMLSecurityDSig.php.

◆ C14N_COMMENTS

const RobRichards\XMLSecLibs\XMLSecurityDSig::C14N_COMMENTS = 'http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments'

Definition at line 61 of file XMLSecurityDSig.php.

◆ EXC_C14N

const RobRichards\XMLSecLibs\XMLSecurityDSig::EXC_C14N = 'http://www.w3.org/2001/10/xml-exc-c14n#'

Definition at line 62 of file XMLSecurityDSig.php.

Referenced by SimpleSAML\XML\Signer\addCertificate().

◆ EXC_C14N_COMMENTS

const RobRichards\XMLSecLibs\XMLSecurityDSig::EXC_C14N_COMMENTS = 'http://www.w3.org/2001/10/xml-exc-c14n#WithComments'

Definition at line 63 of file XMLSecurityDSig.php.

◆ RIPEMD160

const RobRichards\XMLSecLibs\XMLSecurityDSig::RIPEMD160 = 'http://www.w3.org/2001/04/xmlenc#ripemd160'

Definition at line 58 of file XMLSecurityDSig.php.

◆ SHA1

const RobRichards\XMLSecLibs\XMLSecurityDSig::SHA1 = 'http://www.w3.org/2000/09/xmldsig#sha1'

Definition at line 54 of file XMLSecurityDSig.php.

◆ SHA256

const RobRichards\XMLSecLibs\XMLSecurityDSig::SHA256 = 'http://www.w3.org/2001/04/xmlenc#sha256'

Definition at line 55 of file XMLSecurityDSig.php.

Referenced by SimpleSAML\XML\Signer\addCertificate().

◆ SHA384

const RobRichards\XMLSecLibs\XMLSecurityDSig::SHA384 = 'http://www.w3.org/2001/04/xmldsig-more#sha384'

Definition at line 56 of file XMLSecurityDSig.php.

◆ SHA512

const RobRichards\XMLSecLibs\XMLSecurityDSig::SHA512 = 'http://www.w3.org/2001/04/xmlenc#sha512'

Definition at line 57 of file XMLSecurityDSig.php.

◆ template

const RobRichards\XMLSecLibs\XMLSecurityDSig::template
Initial value:
= '<ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<ds:SignedInfo>
<ds:SignatureMethod />
</ds:SignedInfo>
</ds:Signature>'

Definition at line 65 of file XMLSecurityDSig.php.

◆ XMLDSIGNS

const RobRichards\XMLSecLibs\XMLSecurityDSig::XMLDSIGNS = 'http://www.w3.org/2000/09/xmldsig#'

Definition at line 53 of file XMLSecurityDSig.php.

Referenced by SAML2\XML\ds\X509Data\__construct(), SAML2\XML\ds\KeyInfo\__construct(), SAML2\XML\saml\SubjectConfirmationData\__construct(), RobRichards\XMLSecLibs\XMLSecEnc\staticLocateKeyInfo(), SAML2\XML\ds\KeyName\toXML(), and SAML2\XML\ds\X509Certificate\toXML().

The documentation for this class was generated from the following file: