Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Added RSAKeyValue to KeyInfo element #75

Open
wants to merge 3 commits into
base: master
Choose a base branch
from
Open

Added RSAKeyValue to KeyInfo element #75

Show file tree
Hide file tree
Changes from 2 commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
52d1133
Added RSAKeyValue to KeyInfo element
hiddewie Sep 3, 2015
28d22bd
Made adding KeyInfo optional in adding X509 cert
hiddewie Oct 11, 2017
acda667
Fix missing boolean check for printing the pub key info
hiddewie Dec 13, 2017
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
18 changes: 17 additions & 1 deletion src/XMLSecurityDSig.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -990,19 +990,24 @@ public static function staticAdd509Cert($parentRef, $cert, $isPEMFormat=true, $i

$issuerSerial = false;
$subjectName = false;
$addPubKeyInfo = false;
if (is_array($options)) {
if (! empty($options['issuerSerial'])) {
$issuerSerial = true;
}
if (! empty($options['subjectName'])) {
$subjectName = true;
}
if (! empty($options['pubKeyInfo'])) {
$addPubKeyInfo = true;
}
}

// Attach all certificate nodes and any additional data
foreach ($certs as $X509Cert) {
if ($issuerSerial || $subjectName) {
hiddewie marked this conversation as resolved.
Show resolved Hide resolved
if ($certData = openssl_x509_parse("-----BEGIN CERTIFICATE-----\n".chunk_split($X509Cert, 64, "\n")."-----END CERTIFICATE-----\n")) {
$certString = "-----BEGIN CERTIFICATE-----\n".chunk_split($X509Cert, 64, "\n")."-----END CERTIFICATE-----\n";
if ($certData = openssl_x509_parse($certString)) {
if ($subjectName && ! empty($certData['subject'])) {
if (is_array($certData['subject'])) {
$parts = array();
Expand Down Expand Up @@ -1035,6 +1040,17 @@ public static function staticAdd509Cert($parentRef, $cert, $isPEMFormat=true, $i
$x509Node = $baseDoc->createElementNS(self::XMLDSIGNS, $dsig_pfx.'X509SerialNumber', $certData['serialNumber']);
$x509IssuerNode->appendChild($x509Node);
}
if ($addPubKeyInfo) {
$pubkeyInfo = openssl_pkey_get_details(openssl_pkey_get_public($certString));
if ($pubkeyInfo['type'] === OPENSSL_KEYTYPE_RSA) {
$keyValueNode = $baseDoc->createElementNS(self::XMLDSIGNS, $dsig_pfx.'KeyValue');
$keyInfo -> appendChild($keyValueNode);
$rsaKeyValueNode = $baseDoc->createElementNS(self::XMLDSIGNS, $dsig_pfx.'RSAKeyValue');
$keyValueNode -> appendChild($rsaKeyValueNode);
$rsaKeyValueNode -> appendChild($baseDoc->createElementNS(self::XMLDSIGNS, $dsig_pfx.'Modulus', base64_encode($pubkeyInfo["rsa"]["n"])));
$rsaKeyValueNode -> appendChild($baseDoc->createElementNS(self::XMLDSIGNS, $dsig_pfx.'Exponent', base64_encode($pubkeyInfo["rsa"]["e"])));
}
}
}

}
Expand Down
11 changes: 11 additions & 0 deletions tests/sign-subject-key-info.res
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,11 @@
<?xml version="1.0" encoding="UTF-8"?>
<!-- Basic XML example -->
<Root xmlns="urn:envelope">
<Value>
Hello, World!
</Value>
<ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<ds:SignedInfo><ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
<ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
<ds:Reference><ds:Transforms><ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/></ds:Transforms><ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><ds:DigestValue>scTXEJcKZm9Mb0ldX7LSRbAKY8g=</ds:DigestValue></ds:Reference></ds:SignedInfo><ds:SignatureValue>TPHrAOC4iXv5Uwk4oROJXuXHVJ7bUgmUVsAdr21oPhy37ROqT8ZsaWHxAFnBnc5XmXKkzu1yYrlNA7Im9nmAXwMZCH4xZvvFTBR2UA49F8Of92GKRLqwy+OBp/zA0FnEOKB9ji/ZYEMeZ4SoV7fY+avoJ4u5UBjlj/dtQrZVQcftdOw1+urvIo43PYpxLeIVxs+fnO8o6+pc80OLOhzT0tcnNLkYZvfTufdi2PjDuJvjaNP+HGbvSkleUoSwngAFDu4yABKudiEYENxzesP09HtMrWnmjNy2MAejq71ABsXPlx2O1acDA5b9eYRTmZTfxOQwRTxTn6fUb2GNJsPS8A==</ds:SignatureValue>
<ds:KeyInfo><ds:X509Data><ds:X509SubjectName>CN=xmlseclibs/www.cdatazone.org,O=xmlseclibs.php Library,L=Limington,ST=Maine,C=US</ds:X509SubjectName><ds:X509Certificate>MIIEVDCCAzygAwIBAgIJAPTrkMJbCOr1MA0GCSqGSIb3DQEBBQUAMHkxCzAJBgNVBAYTAlVTMQ4wDAYDVQQIEwVNYWluZTESMBAGA1UEBxMJTGltaW5ndG9uMR8wHQYDVQQKExZ4bWxzZWNsaWJzLnBocCBMaWJyYXJ5MSUwIwYDVQQDExx4bWxzZWNsaWJzL3d3dy5jZGF0YXpvbmUub3JnMB4XDTA4MDcwNzIwMjIzMVoXDTE4MDcwNTIwMjIzMVoweTELMAkGA1UEBhMCVVMxDjAMBgNVBAgTBU1haW5lMRIwEAYDVQQHEwlMaW1pbmd0b24xHzAdBgNVBAoTFnhtbHNlY2xpYnMucGhwIExpYnJhcnkxJTAjBgNVBAMTHHhtbHNlY2xpYnMvd3d3LmNkYXRhem9uZS5vcmcwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDttdMyM5ISVD1Uz+BHAPrxVJ6N1eZonfg3DMvZVT0Zy64+qcXj8zuHC6lolDsfGnD8LUttraQ7qCL+bHKps+hjAhCRdx5Wcn4iDrlFpxFL7INnr6vekzsCQ45BPUrvksF9FKa7yX4iSDButmPfoT14gPnIuSe8Y5UeGe6Lk6sF0WgHyL+JmxOu377Kuhah2pXZ1+z7V4JIlNgemJtKlqrvgGeuE9TagfGHUL9BuZK5fUx/RSDUjqxUeKU3fft9fGIAZl0dduitC2Otv4dr1gxLrUmI+ZZ75FmtfKQT7SmS92QVI2B5WAPlL1bnbvhkZiyw7nFE+Q/wGJ2myE4RIFjdAgMBAAGjgd4wgdswHQYDVR0OBBYEFEC5iG0uGXLpQG/zMj/4TuDWfTpHMIGrBgNVHSMEgaMwgaCAFEC5iG0uGXLpQG/zMj/4TuDWfTpHoX2kezB5MQswCQYDVQQGEwJVUzEOMAwGA1UECBMFTWFpbmUxEjAQBgNVBAcTCUxpbWluZ3RvbjEfMB0GA1UEChMWeG1sc2VjbGlicy5waHAgTGlicmFyeTElMCMGA1UEAxMceG1sc2VjbGlicy93d3cuY2RhdGF6b25lLm9yZ4IJAPTrkMJbCOr1MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADggEBACmSKrte07VrGB8dtrN5mrt28ILickQjguu46h6vChgQ4YfIAoA1KWNsZJUuuIzTDjE5xz2hsW37CI0yrNesv2ho2hhP+fIaxCGmcwLYXL80UaPRglYk5+wPWFOt3QFAVoEgwjLX9+y+c2Gu7xLgHAFZVRjQ5hhKT0Nj3vhnt0k8LcognNl1wKuWda7VL4tODp/2IOXr5o5v/OL3UesGfeWfvr8LVmMc5f7/vLAu1+2Yk+/C9/EZyf3BDZQ4z8ae/iwqprCTUIEjhUDcq4+0YN2EIw6suGE2FtWlsIywNErmoOhdrmntU61n3nFCQBi7QDUnZrAFrl4/bmk3eRJ00nE=</ds:X509Certificate></ds:X509Data><ds:KeyValue><ds:RSAKeyValue><ds:Modulus>7bXTMjOSElQ9VM/gRwD68VSejdXmaJ34NwzL2VU9GcuuPqnF4/M7hwupaJQ7Hxpw/C1Lba2kO6gi/mxyqbPoYwIQkXceVnJ+Ig65RacRS+yDZ6+r3pM7AkOOQT1K75LBfRSmu8l+IkgwbrZj36E9eID5yLknvGOVHhnui5OrBdFoB8i/iZsTrt++yroWodqV2dfs+1eCSJTYHpibSpaq74BnrhPU2oHxh1C/QbmSuX1Mf0Ug1I6sVHilN337fXxiAGZdHXborQtjrb+Ha9YMS61JiPmWe+RZrXykE+0pkvdkFSNgeVgD5S9W5274ZGYssO5xRPkP8BidpshOESBY3Q==</ds:Modulus><ds:Exponent>AQAB</ds:Exponent></ds:RSAKeyValue></ds:KeyValue></ds:KeyInfo></ds:Signature></Root>
45 changes: 45 additions & 0 deletions tests/xml-sign-subject-key-info.phpt
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,45 @@
--TEST--
Basic Signature With Subject and Key Info
--FILE--
<?php
require(dirname(__FILE__) . '/../xmlseclibs.php');
use RobRichards\XMLSecLibs\XMLSecurityDSig;
use RobRichards\XMLSecLibs\XMLSecurityKey;

if (file_exists(dirname(__FILE__) . '/sign-subject-key-info.xml')) {
unlink(dirname(__FILE__) . '/sign-subject-key-info.xml');
}

$doc = new DOMDocument();
$doc->load(dirname(__FILE__) . '/basic-doc.xml');

$objDSig = new XMLSecurityDSig();

$objDSig->setCanonicalMethod(XMLSecurityDSig::EXC_C14N);

$objDSig->addReference($doc, XMLSecurityDSig::SHA1, array('http://www.w3.org/2000/09/xmldsig#enveloped-signature'));

$objKey = new XMLSecurityKey(XMLSecurityKey::RSA_SHA1, array('type'=>'private'));
/* load private key */
$objKey->loadKey(dirname(__FILE__) . '/privkey.pem', TRUE);

/* if key has Passphrase, set it using $objKey->passphrase = <passphrase> " */


$objDSig->sign($objKey);

/* Add associated public key */
$objDSig->add509Cert(file_get_contents(dirname(__FILE__) . '/mycert.pem'), TRUE, FALSE, array('subjectName'=>TRUE, 'pubKeyInfo'=>TRUE));

$objDSig->appendSignature($doc->documentElement);
$doc->save(dirname(__FILE__) . '/sign-subject-key-info.xml');

$sign_output = file_get_contents(dirname(__FILE__) . '/sign-subject-key-info.xml');
$sign_output_def = file_get_contents(dirname(__FILE__) . '/sign-subject-key-info.res');
if ($sign_output != $sign_output_def) {
echo "NOT THE SAME\n";
}
echo "DONE\n";
?>
--EXPECTF--
DONE