You are here

public static function XMLSecurityDSig::staticAdd509Cert in SAML SP 2.0 Single Sign On (SSO) - SAML Service Provider 7

Parameters

DOMElement $parentRef:

string $cert:

bool $isPEMFormat:

bool $isURL:

null|DOMXPath $xpath:

null|array $options:

Throws

Exception

1 call to XMLSecurityDSig::staticAdd509Cert()
XMLSecurityDSig::add509Cert in includes/XMLSecurityKey.php

File

includes/XMLSecurityKey.php, line 1662

Class

XMLSecurityDSig

Code

public static function staticAdd509Cert($parentRef, $cert, $isPEMFormat = true, $isURL = false, $xpath = null, $options = null) {
  if ($isURL) {
    $cert = file_get_contents($cert);
  }
  if (!$parentRef instanceof DOMElement) {
    throw new Exception('Invalid parent Node parameter');
  }
  $baseDoc = $parentRef->ownerDocument;
  if (empty($xpath)) {
    $xpath = new DOMXPath($parentRef->ownerDocument);
    $xpath
      ->registerNamespace('secdsig', self::XMLDSIGNS);
  }
  $query = "./secdsig:KeyInfo";
  $nodeset = $xpath
    ->query($query, $parentRef);
  $keyInfo = $nodeset
    ->item(0);
  $dsig_pfx = '';
  if (!$keyInfo) {
    $pfx = $parentRef
      ->lookupPrefix(self::XMLDSIGNS);
    if (!empty($pfx)) {
      $dsig_pfx = $pfx . ":";
    }
    $inserted = false;
    $keyInfo = $baseDoc
      ->createElementNS(self::XMLDSIGNS, $dsig_pfx . 'KeyInfo');
    $query = "./secdsig:Object";
    $nodeset = $xpath
      ->query($query, $parentRef);
    if ($sObject = $nodeset
      ->item(0)) {
      $sObject->parentNode
        ->insertBefore($keyInfo, $sObject);
      $inserted = true;
    }
    if (!$inserted) {
      $parentRef
        ->appendChild($keyInfo);
    }
  }
  else {
    $pfx = $keyInfo
      ->lookupPrefix(self::XMLDSIGNS);
    if (!empty($pfx)) {
      $dsig_pfx = $pfx . ":";
    }
  }

  // Add all certs if there are more than one
  $certs = self::staticGet509XCerts($cert, $isPEMFormat);

  // Attach X509 data node
  $x509DataNode = $baseDoc
    ->createElementNS(self::XMLDSIGNS, $dsig_pfx . 'X509Data');
  $keyInfo
    ->appendChild($x509DataNode);
  $issuerSerial = false;
  $subjectName = false;
  if (is_array($options)) {
    if (!empty($options['issuerSerial'])) {
      $issuerSerial = true;
    }
    if (!empty($options['subjectName'])) {
      $subjectName = true;
    }
  }

  // Attach all certificate nodes and any additional data
  foreach ($certs as $X509Cert) {
    if ($issuerSerial || $subjectName) {
      if ($certData = openssl_x509_parse("-----BEGIN CERTIFICATE-----\n" . chunk_split($X509Cert, 64, "\n") . "-----END CERTIFICATE-----\n")) {
        if ($subjectName && !empty($certData['subject'])) {
          if (is_array($certData['subject'])) {
            $parts = array();
            foreach ($certData['subject'] as $key => $value) {
              if (is_array($value)) {
                foreach ($value as $valueElement) {
                  array_unshift($parts, "{$key}={$valueElement}");
                }
              }
              else {
                array_unshift($parts, "{$key}={$value}");
              }
            }
            $subjectNameValue = implode(',', $parts);
          }
          else {
            $subjectNameValue = $certData['issuer'];
          }
          $x509SubjectNode = $baseDoc
            ->createElementNS(self::XMLDSIGNS, $dsig_pfx . 'X509SubjectName', $subjectNameValue);
          $x509DataNode
            ->appendChild($x509SubjectNode);
        }
        if ($issuerSerial && !empty($certData['issuer']) && !empty($certData['serialNumber'])) {
          if (is_array($certData['issuer'])) {
            $parts = array();
            foreach ($certData['issuer'] as $key => $value) {
              array_unshift($parts, "{$key}={$value}");
            }
            $issuerName = implode(',', $parts);
          }
          else {
            $issuerName = $certData['issuer'];
          }
          $x509IssuerNode = $baseDoc
            ->createElementNS(self::XMLDSIGNS, $dsig_pfx . 'X509IssuerSerial');
          $x509DataNode
            ->appendChild($x509IssuerNode);
          $x509Node = $baseDoc
            ->createElementNS(self::XMLDSIGNS, $dsig_pfx . 'X509IssuerName', $issuerName);
          $x509IssuerNode
            ->appendChild($x509Node);
          $x509Node = $baseDoc
            ->createElementNS(self::XMLDSIGNS, $dsig_pfx . 'X509SerialNumber', $certData['serialNumber']);
          $x509IssuerNode
            ->appendChild($x509Node);
        }
      }
    }
    $x509CertNode = $baseDoc
      ->createElementNS(self::XMLDSIGNS, $dsig_pfx . 'X509Certificate', $X509Cert);
    $x509DataNode
      ->appendChild($x509CertNode);
  }
}