Skip to content

Commit

Permalink
added encrypted key reference handling + some small fixes and change to
Browse files Browse the repository at this point in the history 
namespace use statements
  • Loading branch information
@aschamberger
aschamberger committed Oct 18, 2013
1 parent 47a1ed1 commit 90278f0
Show file tree
Hide file tree
Showing 7 changed files with 190 additions and 85 deletions.
55 changes: 30 additions & 25 deletions src/ass/XmlSecurity/DSig.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -44,6 +44,11 @@

namespace ass\XmlSecurity;

use DOMDocument;
use DOMElement;
use DOMNode;
use DOMXPath;

use ass\XmlSecurity\Exception\InvalidArgumentException;
use ass\XmlSecurity\Exception\MissingMandatoryParametersException;

Expand Down Expand Up @@ -191,7 +196,7 @@ public static function addKeyInfoResolver($ns, $localName, $keyResolver)
*
* @return \DOMElement
*/
public static function addNodeToSignature(\DOMElement $signature, \DOMNode $node, $digestAlgorithm, $transformationAlgorithm, array $options = array())
public static function addNodeToSignature(DOMElement $signature, DOMNode $node, $digestAlgorithm, $transformationAlgorithm, array $options = array())
{
$doc = $signature->ownerDocument;
$signedInfo = $signature->getElementsByTagNameNS(self::NS_XMLDSIG, 'SignedInfo')->item(0);
Expand All @@ -215,7 +220,7 @@ public static function addNodeToSignature(\DOMElement $signature, \DOMNode $node
}

$uri = null;
if ($node instanceof \DOMElement) {
if ($node instanceof DOMElement) {
$idAttributeValue = null;
if ($overwriteId === false) {
$idAttributeValue = $node->getAttributeNS($idNamespace, $idName);
Expand Down Expand Up @@ -309,7 +314,7 @@ private static function calculateDigest($data, $digestAlgorithm)
*
* @return string
*/
private static function canonicalizeData(\DOMNode $node, $canonicalizationAlgorithm, $xpath = null, $nsPrefixes = null)
private static function canonicalizeData(DOMNode $node, $canonicalizationAlgorithm, $xpath = null, $nsPrefixes = null)
{
$exclusive = false;
$withComments = false;
Expand Down Expand Up @@ -369,7 +374,7 @@ protected static function checkMandatoryParametersForPublicKeyCalculation(array
*
* @return \DOMElement
*/
public static function createSignature(\ass\XmlSecurity\Key $keyForSignature, $canonicalizationAlgorithm, \DOMNode $appendTo, \DOMNode $insertBefore = null, \DOMElement $keyInfo = null)
public static function createSignature(Key $keyForSignature, $canonicalizationAlgorithm, DOMNode $appendTo, DOMNode $insertBefore = null, DOMElement $keyInfo = null)
{
$doc = $appendTo->ownerDocument;
$signature = $doc->createElementNS(self::NS_XMLDSIG, self::PFX_XMLDSIG . ':Signature');
Expand Down Expand Up @@ -438,7 +443,7 @@ public static function generateUUID()
*
* @return \ass\XmlSecurity\Key|null
*/
public static function getSecurityKey(\DOMElement $signature)
public static function getSecurityKey(DOMElement $signature)
{
$encryptedMethod = $signature->getElementsByTagNameNS(self::NS_XMLDSIG, 'SignatureMethod')->item(0);
if (!is_null($encryptedMethod)) {
Expand All @@ -460,7 +465,7 @@ public static function getSecurityKey(\DOMElement $signature)
*
* @return DOMElement
*/
public static function createX509CertificateKeyInfo(\DOMDocument $doc, Key $cert)
public static function createX509CertificateKeyInfo(DOMDocument $doc, Key $cert)
{
$publicCertificate = $cert->getX509Certificate(true);

Expand All @@ -487,11 +492,11 @@ public static function createX509CertificateKeyInfo(\DOMDocument $doc, Key $cert
*
* @return \ass\XmlSecurity\Key|null
*/
public static function getSecurityKeyFromKeyInfo(\DOMElement $keyInfo, $algorithm)
public static function getSecurityKeyFromKeyInfo(DOMElement $keyInfo, $algorithm)
{
if (!is_null($keyInfo)) {
foreach ($keyInfo->childNodes as $child) {
if ($child instanceof \DOMElement) {
if ($child instanceof DOMElement) {
$key = null;
if (isset(self::$keyInfoResolvers[$child->namespaceURI][$child->localName]) && is_callable(self::$keyInfoResolvers[$child->namespaceURI][$child->localName])) {
$key = call_user_func(self::$keyInfoResolvers[$child->namespaceURI][$child->localName], $child, $algorithm);
Expand All @@ -515,7 +520,7 @@ public static function getSecurityKeyFromKeyInfo(\DOMElement $keyInfo, $algorith
* @return \ass\XmlSecurity\Key|null
* @throws MissingMandatoryParametersException
*/
private static function keyInfoKeyValueResolver(\DOMElement $node, $algorithm)
private static function keyInfoKeyValueResolver(DOMElement $node, $algorithm)
{
foreach ($node->childNodes as $key) {
if ($key->namespaceURI == self::NS_XMLDSIG) {
Expand All @@ -534,9 +539,9 @@ private static function keyInfoKeyValueResolver(\DOMElement $node, $algorithm)
// throws exception if mandatory parameters check fails
self::checkMandatoryParametersForPublicKeyCalculation($mandatoryParameters, 'DSA', $parameters);
// calculate public key
$publicKey = \ass\XmlSecurity\Pem::getPublicKeyFromPqgy($parameters['P'], $parameters['Q'], $parameters['G'], $parameters['Y']);
$publicKey = Pem::getPublicKeyFromPqgy($parameters['P'], $parameters['Q'], $parameters['G'], $parameters['Y']);

return \ass\XmlSecurity\Key::factory($algorithm, $publicKey, \ass\XmlSecurity\Key::TYPE_PUBLIC);
return Key::factory($algorithm, $publicKey, Key::TYPE_PUBLIC);
case 'RSAKeyValue':
$parameters = array();
foreach ($key->childNodes as $parameter) {
Expand All @@ -549,9 +554,9 @@ private static function keyInfoKeyValueResolver(\DOMElement $node, $algorithm)
// throws exception if mandatory parameters check fails
self::checkMandatoryParametersForPublicKeyCalculation($mandatoryParameters, 'DSA', $parameters);
// calculate public key
$publicKey = \ass\XmlSecurity\Pem::getPublicKeyFromModExp($parameters['Modulus'], $parameters['Exponent']);
$publicKey = Pem::getPublicKeyFromModExp($parameters['Modulus'], $parameters['Exponent']);

return \ass\XmlSecurity\Key::factory($algorithm, $publicKey, \ass\XmlSecurity\Key::TYPE_PUBLIC);
return Key::factory($algorithm, $publicKey, Key::TYPE_PUBLIC);
}
}
}
Expand All @@ -567,13 +572,13 @@ private static function keyInfoKeyValueResolver(\DOMElement $node, $algorithm)
*
* @return \ass\XmlSecurity\Key|null
*/
private static function keyInfoX509DataResolver(\DOMElement $node, $algorithm)
private static function keyInfoX509DataResolver(DOMElement $node, $algorithm)
{
$x509Certificate = $node->getElementsByTagNameNS(self::NS_XMLDSIG, 'X509Certificate')->item(0);
if (!is_null($x509Certificate)) {
$certificate = \ass\XmlSecurity\Pem::formatKeyInPemFormat($x509Certificate->textContent);
$certificate = Pem::formatKeyInPemFormat($x509Certificate->textContent);

return \ass\XmlSecurity\Key::factory($algorithm, $certificate, false, \ass\XmlSecurity\Key::TYPE_PUBLIC);
return Key::factory($algorithm, $certificate, false, Key::TYPE_PUBLIC);
}

return null;
Expand All @@ -586,16 +591,16 @@ private static function keyInfoX509DataResolver(\DOMElement $node, $algorithm)
*
* @return \DOMElement
*/
public static function locateSignature(\DOMNode $node)
public static function locateSignature(DOMNode $node)
{
if ($node instanceof \DOMDocument) {
if ($node instanceof DOMDocument) {
$doc = $node;
$relativeTo = null;
} else {
$doc = $node->ownerDocument;
$relativeTo = $node;
}
$xpath = new \DOMXPath($doc);
$xpath = new DOMXPath($doc);
$xpath->registerNamespace('ds', self::NS_XMLDSIG);
$query = './/ds:Signature';
$nodes = $xpath->query($query, $relativeTo);
Expand All @@ -615,7 +620,7 @@ public static function locateSignature(\DOMNode $node)
*
* @return string
*/
private static function processTransform(\DOMNode $node, $transformationAlgorithm, array $options = array())
private static function processTransform(DOMNode $node, $transformationAlgorithm, array $options = array())
{
switch ($transformationAlgorithm) {
case self::XPATH:
Expand Down Expand Up @@ -664,7 +669,7 @@ private static function processTransform(\DOMNode $node, $transformationAlgorith
*
* @return \DOMElement
*/
public static function signDocument(\DOMElement $signature, \ass\XmlSecurity\Key $keyForSignature, $canonicalizationAlgorithm)
public static function signDocument(DOMElement $signature, Key $keyForSignature, $canonicalizationAlgorithm)
{
$doc = $signature->ownerDocument;
$signedInfo = $signature->getElementsByTagNameNS(self::NS_XMLDSIG, 'SignedInfo')->item(0);
Expand All @@ -687,7 +692,7 @@ public static function signDocument(\DOMElement $signature, \ass\XmlSecurity\Key
*
* @return boolean
*/
public static function verifyDocumentSignature(\DOMElement $signature, \ass\XmlSecurity\Key $keyForSignature = null)
public static function verifyDocumentSignature(DOMElement $signature, Key $keyForSignature = null)
{
if (is_null($keyForSignature)) {
$keyForSignature = self::getSecurityKey($signature);
Expand Down Expand Up @@ -719,14 +724,14 @@ public static function verifyDocumentSignature(\DOMElement $signature, \ass\XmlS
*
* @return boolean
*/
public static function verifyReferences(\DOMElement $signature, array $options = array())
public static function verifyReferences(DOMElement $signature, array $options = array())
{
if ($signature instanceof \DOMDocument) {
if ($signature instanceof DOMDocument) {
$doc = $signature;
} else {
$doc = $signature->ownerDocument;
}
$xpath = new \DOMXPath($doc);
$xpath = new DOMXPath($doc);

$idName = 'Id';
if (isset($options['id_name'])) {
Expand Down
Loading

0 comments on commit 90278f0

Please sign in to comment.