XMLSecurityDSig
in package
xmlseclibs.php
Copyright (c) 2007-2017, Robert Richards rrichards@cdatazone.org. All rights reserved.
Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met:
-
Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer.
-
Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution.
-
Neither the name of Robert Richards nor the names of his contributors may be used to endorse or promote products derived from this software without specific prior written permission.
THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
Tags
Table of Contents
- BASE_TEMPLATE = '<Signature xmlns="http://www.w3.org/2000/09/xmldsig#"> <SignedInfo> <SignatureMethod /> </SignedInfo> </Signature>'
- C14N = 'http://www.w3.org/TR/2001/REC-xml-c14n-20010315'
- C14N_COMMENTS = 'http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments'
- EXC_C14N = 'http://www.w3.org/2001/10/xml-exc-c14n#'
- EXC_C14N_COMMENTS = 'http://www.w3.org/2001/10/xml-exc-c14n#WithComments'
- RIPEMD160 = 'http://www.w3.org/2001/04/xmlenc#ripemd160'
- SHA1 = 'http://www.w3.org/2000/09/xmldsig#sha1'
- SHA256 = 'http://www.w3.org/2001/04/xmlenc#sha256'
- SHA384 = 'http://www.w3.org/2001/04/xmldsig-more#sha384'
- SHA512 = 'http://www.w3.org/2001/04/xmlenc#sha512'
- template = '<ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#"> <ds:SignedInfo> <ds:SignatureMethod /> </ds:SignedInfo> </ds:Signature>'
- XMLDSIGNS = 'http://www.w3.org/2000/09/xmldsig#'
- $idKeys : array<string|int, mixed>
- $idNS : array<string|int, mixed>
- $sigNode : DOMElement|null
- $canonicalMethod : string|null
- $prefix : string
- $searchpfx : string
- $signedInfo : string|null
- $validatedNodes : array<string|int, mixed>|null
- This variable contains an associative array of validated nodes.
- $xPathCtx : DomXPath|null
- __construct() : mixed
- add509Cert() : mixed
- addObject() : DOMElement
- addReference() : mixed
- addReferenceList() : mixed
- appendCert() : mixed
- appendKey() : mixed
- appendSignature() : DOMNode
- appendToKeyInfo() : DOMNode
- This function appends a node to the KeyInfo.
- calculateDigest() : string
- canonicalizeSignedInfo() : null|string
- createNewSignNode() : DOMElement
- generate_GUID() : string
- Generate guid
- generateGUID() : string
- Generate guid
- get509XCert() : string
- getRefIDs() : array<string|int, mixed>
- getRefNodeID() : null
- getValidatedNodes() : array<string|int, mixed>
- This function retrieves an associative array of the validated nodes.
- insertSignature() : DOMNode
- This function inserts the signature element.
- locateKey() : null|XMLSecurityKey
- locateSignature() : DOMNode|null
- processRefNode() : bool
- processTransforms() : string
- setCanonicalMethod() : mixed
- sign() : mixed
- signData() : mixed|string
- staticAdd509Cert() : mixed
- staticGet509XCerts() : array<string|int, mixed>
- validateDigest() : bool
- validateReference() : bool
- verify() : bool|int
- Returns: Bool when verifying HMAC_SHA1; Int otherwise, with following meanings: 1 on succesful signature verification, 0 when signature verification failed, -1 if an error occurred during processing.
- addRefInternal() : mixed
- canonicalizeData() : string
- getXPathObj() : DOMXPath|null
- Returns the XPathObj or null if xPathCtx is set and sigNode is empty.
- resetXPathObj() : mixed
- Reset the XPathObj to null
Constants
BASE_TEMPLATE
public
mixed
BASE_TEMPLATE
= '<Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
<SignedInfo>
<SignatureMethod />
</SignedInfo>
</Signature>'
C14N
public
mixed
C14N
= 'http://www.w3.org/TR/2001/REC-xml-c14n-20010315'
C14N_COMMENTS
public
mixed
C14N_COMMENTS
= 'http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments'
EXC_C14N
public
mixed
EXC_C14N
= 'http://www.w3.org/2001/10/xml-exc-c14n#'
EXC_C14N_COMMENTS
public
mixed
EXC_C14N_COMMENTS
= 'http://www.w3.org/2001/10/xml-exc-c14n#WithComments'
RIPEMD160
public
mixed
RIPEMD160
= 'http://www.w3.org/2001/04/xmlenc#ripemd160'
SHA1
public
mixed
SHA1
= 'http://www.w3.org/2000/09/xmldsig#sha1'
SHA256
public
mixed
SHA256
= 'http://www.w3.org/2001/04/xmlenc#sha256'
SHA384
public
mixed
SHA384
= 'http://www.w3.org/2001/04/xmldsig-more#sha384'
SHA512
public
mixed
SHA512
= 'http://www.w3.org/2001/04/xmlenc#sha512'
template
public
mixed
template
= '<ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<ds:SignedInfo>
<ds:SignatureMethod />
</ds:SignedInfo>
</ds:Signature>'
XMLDSIGNS
public
mixed
XMLDSIGNS
= 'http://www.w3.org/2000/09/xmldsig#'
Properties
$idKeys
public
array<string|int, mixed>
$idKeys
= array()
$idNS
public
array<string|int, mixed>
$idNS
= array()
$sigNode
public
DOMElement|null
$sigNode
= null
$canonicalMethod
private
string|null
$canonicalMethod
= null
$prefix
private
string
$prefix
= ''
$searchpfx
private
string
$searchpfx
= 'secdsig'
$signedInfo
private
string|null
$signedInfo
= null
$validatedNodes
This variable contains an associative array of validated nodes.
private
array<string|int, mixed>|null
$validatedNodes
= null
$xPathCtx
private
DomXPath|null
$xPathCtx
= null
Methods
__construct()
public
__construct([string $prefix = 'ds' ]) : mixed
Parameters
- $prefix : string = 'ds'
Return values
mixed —add509Cert()
public
add509Cert(string $cert[, bool $isPEMFormat = true ][, bool $isURL = false ][, null|array<string|int, mixed> $options = null ]) : mixed
Parameters
- $cert : string
- $isPEMFormat : bool = true
- $isURL : bool = false
- $options : null|array<string|int, mixed> = null
Return values
mixed —addObject()
public
addObject(DOMElement|string $data[, null|string $mimetype = null ][, null|string $encoding = null ]) : DOMElement
Parameters
- $data : DOMElement|string
- $mimetype : null|string = null
- $encoding : null|string = null
Return values
DOMElement —addReference()
public
addReference(DOMDocument $node, string $algorithm[, null|array<string|int, mixed> $arTransforms = null ][, null|array<string|int, mixed> $options = null ]) : mixed
Parameters
- $node : DOMDocument
- $algorithm : string
- $arTransforms : null|array<string|int, mixed> = null
- $options : null|array<string|int, mixed> = null
Return values
mixed —addReferenceList()
public
addReferenceList(array<string|int, mixed> $arNodes, string $algorithm[, null|array<string|int, mixed> $arTransforms = null ][, null|array<string|int, mixed> $options = null ]) : mixed
Parameters
- $arNodes : array<string|int, mixed>
- $algorithm : string
- $arTransforms : null|array<string|int, mixed> = null
- $options : null|array<string|int, mixed> = null
Return values
mixed —appendCert()
public
appendCert() : mixed
Return values
mixed —appendKey()
public
appendKey(XMLSecurityKey $objKey[, null|DOMNode $parent = null ]) : mixed
Parameters
- $objKey : XMLSecurityKey
- $parent : null|DOMNode = null
Return values
mixed —appendSignature()
public
appendSignature(DOMNode $parentNode[, bool $insertBefore = false ]) : DOMNode
Parameters
- $parentNode : DOMNode
- $insertBefore : bool = false
Return values
DOMNode —appendToKeyInfo()
This function appends a node to the KeyInfo.
public
appendToKeyInfo(DOMNode $node) : DOMNode
The KeyInfo element will be created if one does not exist in the document.
Parameters
- $node : DOMNode
-
The node to append to the KeyInfo.
Return values
DOMNode —The KeyInfo element node
calculateDigest()
public
calculateDigest(string $digestAlgorithm, string $data[, bool $encode = true ]) : string
Parameters
- $digestAlgorithm : string
- $data : string
- $encode : bool = true
Tags
Return values
string —canonicalizeSignedInfo()
public
canonicalizeSignedInfo() : null|string
Return values
null|string —createNewSignNode()
public
createNewSignNode(string $name[, null|string $value = null ]) : DOMElement
Parameters
- $name : string
- $value : null|string = null
Return values
DOMElement —generate_GUID()
Generate guid
public
static generate_GUID([string $prefix = 'pfx' ]) : string
Parameters
- $prefix : string = 'pfx'
-
Prefix to use for guid. defaults to pfx
Tags
Return values
string —The generated guid
generateGUID()
Generate guid
public
static generateGUID([string $prefix = 'pfx' ]) : string
Parameters
- $prefix : string = 'pfx'
-
Prefix to use for guid. defaults to pfx
Return values
string —The generated guid
get509XCert()
public
static get509XCert(string $cert[, bool $isPEMFormat = true ]) : string
Parameters
- $cert : string
- $isPEMFormat : bool = true
Return values
string —getRefIDs()
public
getRefIDs() : array<string|int, mixed>
Tags
Return values
array<string|int, mixed> —getRefNodeID()
public
getRefNodeID(DOMNode $refNode) : null
Parameters
- $refNode : DOMNode
Return values
null —getValidatedNodes()
This function retrieves an associative array of the validated nodes.
public
getValidatedNodes() : array<string|int, mixed>
The array will contain the id of the referenced node as the key and the node itself as the value.
Returns: An associative array of validated nodes or null if no nodes have been validated.
Return values
array<string|int, mixed> —Associative array of validated nodes
insertSignature()
This function inserts the signature element.
public
insertSignature(DOMNode $node[, DOMNode $beforeNode = null ]) : DOMNode
The signature element will be appended to the element, unless $beforeNode is specified. If $beforeNode is specified, the signature element will be inserted as the last element before $beforeNode.
Parameters
- $node : DOMNode
-
The node the signature element should be inserted into.
- $beforeNode : DOMNode = null
-
The node the signature element should be located before.
Return values
DOMNode —The signature element node
locateKey()
public
locateKey([null|DOMNode $node = null ]) : null|XMLSecurityKey
Parameters
- $node : null|DOMNode = null
Return values
null|XMLSecurityKey —locateSignature()
public
locateSignature(DOMDocument $objDoc, int $pos) : DOMNode|null
Parameters
- $objDoc : DOMDocument
- $pos : int
Return values
DOMNode|null —processRefNode()
public
processRefNode(DOMNode $refNode) : bool
Parameters
- $refNode : DOMNode
Return values
bool —processTransforms()
public
processTransforms( $refNode, DOMNode $objData[, bool $includeCommentNodes = true ]) : string
Parameters
Return values
string —setCanonicalMethod()
public
setCanonicalMethod(string $method) : mixed
Parameters
- $method : string
Tags
Return values
mixed —sign()
public
sign(XMLSecurityKey $objKey[, null|DOMNode $appendToNode = null ]) : mixed
Parameters
- $objKey : XMLSecurityKey
- $appendToNode : null|DOMNode = null
Return values
mixed —signData()
public
signData(XMLSecurityKey $objKey, string $data) : mixed|string
Parameters
- $objKey : XMLSecurityKey
- $data : string
Return values
mixed|string —staticAdd509Cert()
public
static staticAdd509Cert(DOMElement $parentRef, string $cert[, bool $isPEMFormat = true ][, bool $isURL = false ][, null|DOMXPath $xpath = null ][, null|array<string|int, mixed> $options = null ]) : mixed
Parameters
- $parentRef : DOMElement
- $cert : string
- $isPEMFormat : bool = true
- $isURL : bool = false
- $xpath : null|DOMXPath = null
- $options : null|array<string|int, mixed> = null
Tags
Return values
mixed —staticGet509XCerts()
public
static staticGet509XCerts(string $certs[, bool $isPEMFormat = true ]) : array<string|int, mixed>
Parameters
- $certs : string
- $isPEMFormat : bool = true
Return values
array<string|int, mixed> —validateDigest()
public
validateDigest( $refNode, string $data) : bool
Parameters
Return values
bool —validateReference()
public
validateReference() : bool
Tags
Return values
bool —verify()
Returns: Bool when verifying HMAC_SHA1; Int otherwise, with following meanings: 1 on succesful signature verification, 0 when signature verification failed, -1 if an error occurred during processing.
public
verify(XMLSecurityKey $objKey) : bool|int
NOTE: be very careful when checking the int return value, because in PHP, -1 will be cast to True when in boolean context. Always check the return value in a strictly typed way, e.g. "$obj->verify(...) === 1".
Parameters
- $objKey : XMLSecurityKey
Tags
Return values
bool|int —addRefInternal()
private
addRefInternal(DOMNode $sinfoNode, DOMDocument $node, string $algorithm[, null|array<string|int, mixed> $arTransforms = null ][, null|array<string|int, mixed> $options = null ]) : mixed
Parameters
- $sinfoNode : DOMNode
- $node : DOMDocument
- $algorithm : string
- $arTransforms : null|array<string|int, mixed> = null
- $options : null|array<string|int, mixed> = null
Return values
mixed —canonicalizeData()
private
canonicalizeData(DOMNode $node, string $canonicalmethod[, null|array<string|int, mixed> $arXPath = null ][, null|array<string|int, mixed> $prefixList = null ]) : string
Parameters
- $node : DOMNode
- $canonicalmethod : string
- $arXPath : null|array<string|int, mixed> = null
- $prefixList : null|array<string|int, mixed> = null
Return values
string —getXPathObj()
Returns the XPathObj or null if xPathCtx is set and sigNode is empty.
private
getXPathObj() : DOMXPath|null
Return values
DOMXPath|null —resetXPathObj()
Reset the XPathObj to null
private
resetXPathObj() : mixed