5

I have signed the XML but I don't know how to include KeyValue element in the signature. Having some documentation would save a lot of time.

The code below (if you are interested) is what I managed to do with xmlseclibs so far:

<?php
require('xmlseclibs.php'); 

XML string

$getToken = '<getToken>
<item>
<Semilla>Random string</Semilla>
</item>
</getToken>';

Creating XML object (to sign)

$getToken_DOMDocument = new DOMDocument(); 
$getToken_DOMDocument -> loadXml($getToken); 

Creating the signature object with xmlseclibs

$getToken_XMLSecurityDSig = new XMLSecurityDSig(); 
$getToken_XMLSecurityDSig -> setCanonicalMethod(XMLSecurityDSig::C14N); 

Trying to turn off the ds: prefix which didn't work

$options['prefix'] = '';
$options['prefix_ns'] = '';
$options['force_uri'] = TRUE;
$options['id_name'] = 'ID';

$getToken_XMLSecurityDSig -> addReference($getToken_DOMDocument, XMLSecurityDSig::SHA1, array('http://www.w3.org/2000/09/xmldsig#enveloped-signature', 'http://www.w3.org/TR/2001/REC-xml-c14n-20010315'), $options); 

Accessing the necessary key data

$XMLSecurityKey = new XMLSecurityKey(XMLSecurityKey::RSA_SHA1, array('type'=>'private')); 
$XMLSecurityKey -> loadKey('../../DTE/certificado/firma/certificado.pem', TRUE); 
/* if key has Passphrase, set it using $objKey -> passphrase = <passphrase> */ 

Signing the XML object

$getToken_XMLSecurityDSig -> sign($XMLSecurityKey); 

Adding the public key

$getToken_XMLSecurityDSig -> add509Cert(file_get_contents('../../DTE/certificado/firma/certificado.pem')); 

Appending the enveloped signature to the XML object

$getToken_XMLSecurityDSig -> appendSignature($getToken_DOMDocument -> documentElement); 

Saving the signed XML code toa file

$getToken_DOMDocument -> save('sign-basic-test.xml'); 
?>

Additionaly would also like from this library:

  1. Know official and trustable repository to ensure the library is not corrupted.
  2. Turning off the "ds:" prefix (because nor the example nor the documentation of the XML I am producing includes such prefix).
  3. Linebreaks every X characters in the Base64 type values.
  4. Full indentation (otherwise none at all).

I got the library from enter link description here

Thanks in advance.

mikl
  • 1,067
  • 1
  • 20
  • 34

2 Answers2

2

Here is a list of links which might help with those issues:

How to validate signature with phpseclib, in a XML signature message?

http://code.google.com/p/xmlseclibs/issues/attachmentText?id=6&aid=-1080340148797098435&name=example.php&token=81f737657f6cf89b3e7fcdb6cc15033b

http://code.google.com/p/xmlseclibs/issues/detail?id=13

Which is the proper XML exclusive canonicalization?

Not sure it will solve everything but should help you along a bit.

Community
  • 1
  • 1
Hektor
  • 1,845
  • 15
  • 19
  • Thanks, it helps but it is still not formal documentation needed to have a complete map of the library and next to go directly to what you need, and in the other hand to know inmediatly the library's limitations. I'm quite sure such thing doesn't exist (to date) but i had to do my last try. – mikl Jul 24 '14 at 17:33
2

I've wrote a facade library called xmldsig for simplify the use of the underline XMLSecLibs

With this library the code result as this:

public function testSign()
{
    $getToken = '<getToken>
    <item>
    <Semilla>Random string</Semilla>
    </item>
    </getToken>';

    $data = new DOMDocument();
    $data->loadXml($getToken);

    $adapter = new XmlseclibsAdapter();
    $adapter
        ->setPrivateKey(file_get_contents('privateKey.pem'))
        ->setPublicKey(file_get_contents('publicKey.pem'))
        ->setCanonicalMethod('http://www.w3.org/2001/10/xml-exc-c14n#')
        ->sign($data);

        echo $data->saveXML();
    );
}
Maks3w
  • 6,014
  • 6
  • 37
  • 42
  • I'm getting the fatal error: "Class 'XmlseclibsAdapter' not found in /Applications/MAMP/htdocs/test.php" even though I have included the files via include 'AdapterInterface.php'; and include 'XmlseclibsAdapter.php'; Any pointers as to where I can go from here? – Advait Saravade Aug 30 '16 at 16:08
  • You have to import the class `FR3D\XmlDSig\Adapter\XmlseclibsAdapter` – Maks3w Sep 13 '16 at 13:30