From bd2b810c334c258a7d4540acffb721583452f039 Mon Sep 17 00:00:00 2001 From: Nash van Gool Date: Mon, 1 Oct 2018 11:30:05 +0200 Subject: [PATCH] Include InclusiveNamespaces specified in CanonicalizationMethod when canonicalizing SignedInfo --- src/XMLSecurityDSig.php | 23 ++++++++++++++++++++++- 1 file changed, 22 insertions(+), 1 deletion(-) diff --git a/src/XMLSecurityDSig.php b/src/XMLSecurityDSig.php index 9eabde07..276f2019 100644 --- a/src/XMLSecurityDSig.php +++ b/src/XMLSecurityDSig.php @@ -300,6 +300,7 @@ public function canonicalizeSignedInfo() $doc = $this->sigNode->ownerDocument; $canonicalmethod = null; if ($doc) { + $prefixList = []; $xpath = $this->getXPathObj(); $query = "./secdsig:SignedInfo"; $nodeset = $xpath->query($query, $this->sigNode); @@ -308,8 +309,28 @@ public function canonicalizeSignedInfo() $nodeset = $xpath->query($query, $signInfoNode); if ($canonNode = $nodeset->item(0)) { $canonicalmethod = $canonNode->getAttribute('Algorithm'); + $node = $canonNode->firstChild; + while ($node) { + if ($node->localName == 'InclusiveNamespaces') { + if ($pfx = $node->getAttribute('PrefixList')) { + $arpfx = array(); + $pfxlist = explode(" ", $pfx); + foreach ($pfxlist AS $pfx) { + $val = trim($pfx); + if (! empty($val)) { + $arpfx[] = $val; + } + } + if (count($arpfx) > 0) { + $prefixList = $arpfx; + } + } + break; + } + $node = $node->nextSibling; + } } - $this->signedInfo = $this->canonicalizeData($signInfoNode, $canonicalmethod); + $this->signedInfo = $this->canonicalizeData($signInfoNode, $canonicalmethod, null, $prefixList); return $this->signedInfo; } }