|
Chilkat • HOME • .NET Core C# • Android™ • AutoIt • C • C# • C++ • Chilkat2-Python • CkPython • Classic ASP • DataFlex • Delphi ActiveX • Delphi DLL • Go • Java • Lianja • Mono C# • Node.js • Objective-C • PHP ActiveX • PHP Extension • Perl • PowerBuilder • PowerShell • PureBasic • Ruby • SQL Server • Swift 2 • Swift 3,4,5... • Tcl • Unicode C • Unicode C++ • VB.NET • VBScript • Visual Basic 6.0 • Visual FoxPro • Xojo Plugin
(PHP Extension) Create XAdES with ec:InclusiveNamespaces within the TransformsDemonstrates how to generate XAdES that has a Reference that has Transforms that include an ec:InclusiveNamespaces.
<?php // The version number (9_5_0) should match version of the Chilkat extension used, omitting the micro-version number. // For example, if using Chilkat v9.5.0.48, then include as shown here: include("chilkat_9_5_0.php"); // This example requires the Chilkat API to have been previously unlocked. // See Global Unlock Sample for sample code. // This is the XML we'll be signing: // <soapenv:Envelope xmlns:obs="http://csioz.gov.pl/zsmopl/ws/obslugakomunikatow/" xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/"> // <soapenv:Header> // <wsse:Security // xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" // xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" soapenv:mustUnderstand="1"> // <wsse:BinarySecurityToken // EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary" // ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509PKIPathv1" // wsu:Id="X509-02BF0107214FC61449FD0013DF68F0359">MII...</wsse:BinarySecurityToken> // </wsse:Security> // </soapenv:Header> // <soapenv:Body xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" // wsu:Id="id-396BB6026342EB5C0E1EA73593B3CC098"> // <obs:zapiszKomunikatOS> // <komunikatOS> // <idPodmiotuRaportujacego> // <idBiznesowy>000000011986</idBiznesowy> // <rodzajPodmiotuRaportujacego>PA</rodzajPodmiotuRaportujacego> // </idPodmiotuRaportujacego> // </komunikatOS> // </obs:zapiszKomunikatOS> // </soapenv:Body> // </soapenv:Envelope> // // ---------------------------------------------------------------------- // IMPORTANT: This generated example requires Chilkat v9.5.0.77 or later. // ---------------------------------------------------------------------- $success = true; // Create the above XML to be signed... $xmlToSign = new CkXml(); $xmlToSign->put_Tag('soapenv:Envelope'); $xmlToSign->AddAttribute('xmlns:obs','http://csioz.gov.pl/zsmopl/ws/obslugakomunikatow/'); $xmlToSign->AddAttribute('xmlns:soapenv','http://schemas.xmlsoap.org/soap/envelope/'); $xmlToSign->UpdateAttrAt('soapenv:Header|wsse:Security',true,'xmlns:wsse','http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd'); $xmlToSign->UpdateAttrAt('soapenv:Header|wsse:Security',true,'xmlns:wsu','http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd'); $xmlToSign->UpdateAttrAt('soapenv:Header|wsse:Security',true,'soapenv:mustUnderstand','1'); $xmlToSign->UpdateAttrAt('soapenv:Header|wsse:Security|wsse:BinarySecurityToken',true,'EncodingType','http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary'); $xmlToSign->UpdateAttrAt('soapenv:Header|wsse:Security|wsse:BinarySecurityToken',true,'ValueType','http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509PKIPathv1'); $xmlToSign->UpdateAttrAt('soapenv:Header|wsse:Security|wsse:BinarySecurityToken',true,'wsu:Id','X509-02BF0107214FC61449FD0013DF68F0359'); // Note: The content of this XML node is a placeholder that will be updated below with the X509PKIPathv1 for the signing certificate. $xmlToSign->UpdateChildContent('soapenv:Header|wsse:Security|wsse:BinarySecurityToken','BinarySecurityToken_Base64Binary_Content'); $xmlToSign->UpdateAttrAt('soapenv:Body',true,'xmlns:wsu','http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd'); $xmlToSign->UpdateAttrAt('soapenv:Body',true,'wsu:Id','id-396BB6026342EB5C0E1EA73593B3CC098'); $xmlToSign->UpdateChildContent('soapenv:Body|obs:zapiszKomunikatOS|komunikatOS|idPodmiotuRaportujacego|idBiznesowy','000000011986'); $xmlToSign->UpdateChildContent('soapenv:Body|obs:zapiszKomunikatOS|komunikatOS|idPodmiotuRaportujacego|rodzajPodmiotuRaportujacego','PA'); $gen = new CkXmlDSigGen(); $gen->put_SigLocation('soapenv:Envelope|soapenv:Header|wsse:Security'); $gen->put_SigLocationMod(0); $gen->put_SigId('SIG-BB965DFC3C8AAF87903C0ED898B8D2A8D'); $gen->put_SigNamespacePrefix('ds'); $gen->put_SigNamespaceUri('http://www.w3.org/2000/09/xmldsig#'); $gen->put_SignedInfoCanonAlg('EXCL_C14N'); $gen->put_SignedInfoDigestMethod('sha1'); // Set the KeyInfoId before adding references.. $gen->put_KeyInfoId('KI-9D95C38916099AD2EE87DDAC1A76E97E4'); // -------- Reference 1 -------- $gen->AddSameDocRef('id-396BB6026342EB5C0E1EA73593B3CC098','sha1','EXCL_C14N','obs',''); // The reference to be produced in the Signature should look like this: // <ds:Reference URI="#id-396BB6026342EB5C0E1EA73593B3CC098"> // <ds:Transforms><ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"> // <ec:InclusiveNamespaces xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#" PrefixList="obs"></ec:InclusiveNamespaces> // </ds:Transform></ds:Transforms> // <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"></ds:DigestMethod> // <ds:DigestValue>2e9hZYj/CN2nPsgQqUraU43k3ds=</ds:DigestValue> // </ds:Reference> // // Provide a certificate + private key. (PFX password is test123) $cert = new CkCert(); $success = $cert->LoadPfxFile('qa_data/pfx/cert_test123.pfx','test123'); if ($success != true) { print $cert->lastErrorText() . "\n"; exit; } $gen->SetX509Cert($cert,true); $gen->put_KeyInfoType('Custom'); // Create the custom KeyInfo XML.. $xmlCustomKeyInfo = new CkXml(); $xmlCustomKeyInfo->put_Tag('wsse:SecurityTokenReference'); $xmlCustomKeyInfo->AddAttribute('wsse11:TokenType','http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509PKIPathv1'); $xmlCustomKeyInfo->AddAttribute('xmlns:wsse11','http://docs.oasis-open.org/wss/oasis-wss-wssecurity-secext-1.1.xsd'); $xmlCustomKeyInfo->AddAttribute('wsu:Id','STR-FF238E7C061332C5B19752C2FBC8CDEF2'); $xmlCustomKeyInfo->UpdateAttrAt('wsse:Reference',true,'URI','#X509-02BF0107214FC61449FD0013DF68F0359'); $xmlCustomKeyInfo->UpdateAttrAt('wsse:Reference',true,'ValueType','http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509PKIPathv1'); $xmlCustomKeyInfo->put_EmitXmlDecl(false); $gen->put_CustomKeyInfoXml($xmlCustomKeyInfo->getXml()); // Load XML to be signed... $sbXml = new CkStringBuilder(); $xmlToSign->GetXmlSb($sbXml); // Update BinarySecurityToken_Base64Binary_Content with the actual X509PKIPathv1 of the signing cert. $nReplaced = $sbXml->Replace('BinarySecurityToken_Base64Binary_Content',$cert->x509PKIPathv1()); $gen->put_Behaviors('IndentedSignature'); // Sign the XML... $success = $gen->CreateXmlDSigSb($sbXml); if ($success != true) { print $gen->lastErrorText() . "\n"; exit; } // ----------------------------------------------- // Save the signed XML to a file. $success = $sbXml->WriteFile('qa_output/signedXml.xml','utf-8',false); print $sbXml->getAsString() . "\n"; // ---------------------------------------- // Verify the signatures we just produced... $verifier = new CkXmlDSig(); $success = $verifier->LoadSignatureSb($sbXml); if ($success != true) { print $verifier->lastErrorText() . "\n"; exit; } $numSigs = $verifier->get_NumSignatures(); $verifyIdx = 0; while ($verifyIdx < $numSigs) { $verifier->put_Selector($verifyIdx); $verified = $verifier->VerifySignature(true); if ($verified != true) { print $verifier->lastErrorText() . "\n"; exit; } $verifyIdx = $verifyIdx + 1; } print 'All signatures were successfully verified.' . "\n"; ?> |
||||
© 2000-2024 Chilkat Software, Inc. All Rights Reserved.