public static function XMLSecurityDSig::staticAdd509Cert in SAML SP 2.0 Single Sign On (SSO) - SAML Service Provider 7
Parameters
DOMElement $parentRef:
string $cert:
bool $isPEMFormat:
bool $isURL:
null|DOMXPath $xpath:
null|array $options:
Throws
Exception
1 call to XMLSecurityDSig::staticAdd509Cert()
- XMLSecurityDSig::add509Cert in includes/
XMLSecurityKey.php
File
- includes/
XMLSecurityKey.php, line 1662
Class
Code
public static function staticAdd509Cert($parentRef, $cert, $isPEMFormat = true, $isURL = false, $xpath = null, $options = null) {
if ($isURL) {
$cert = file_get_contents($cert);
}
if (!$parentRef instanceof DOMElement) {
throw new Exception('Invalid parent Node parameter');
}
$baseDoc = $parentRef->ownerDocument;
if (empty($xpath)) {
$xpath = new DOMXPath($parentRef->ownerDocument);
$xpath
->registerNamespace('secdsig', self::XMLDSIGNS);
}
$query = "./secdsig:KeyInfo";
$nodeset = $xpath
->query($query, $parentRef);
$keyInfo = $nodeset
->item(0);
$dsig_pfx = '';
if (!$keyInfo) {
$pfx = $parentRef
->lookupPrefix(self::XMLDSIGNS);
if (!empty($pfx)) {
$dsig_pfx = $pfx . ":";
}
$inserted = false;
$keyInfo = $baseDoc
->createElementNS(self::XMLDSIGNS, $dsig_pfx . 'KeyInfo');
$query = "./secdsig:Object";
$nodeset = $xpath
->query($query, $parentRef);
if ($sObject = $nodeset
->item(0)) {
$sObject->parentNode
->insertBefore($keyInfo, $sObject);
$inserted = true;
}
if (!$inserted) {
$parentRef
->appendChild($keyInfo);
}
}
else {
$pfx = $keyInfo
->lookupPrefix(self::XMLDSIGNS);
if (!empty($pfx)) {
$dsig_pfx = $pfx . ":";
}
}
// Add all certs if there are more than one
$certs = self::staticGet509XCerts($cert, $isPEMFormat);
// Attach X509 data node
$x509DataNode = $baseDoc
->createElementNS(self::XMLDSIGNS, $dsig_pfx . 'X509Data');
$keyInfo
->appendChild($x509DataNode);
$issuerSerial = false;
$subjectName = false;
if (is_array($options)) {
if (!empty($options['issuerSerial'])) {
$issuerSerial = true;
}
if (!empty($options['subjectName'])) {
$subjectName = true;
}
}
// Attach all certificate nodes and any additional data
foreach ($certs as $X509Cert) {
if ($issuerSerial || $subjectName) {
if ($certData = openssl_x509_parse("-----BEGIN CERTIFICATE-----\n" . chunk_split($X509Cert, 64, "\n") . "-----END CERTIFICATE-----\n")) {
if ($subjectName && !empty($certData['subject'])) {
if (is_array($certData['subject'])) {
$parts = array();
foreach ($certData['subject'] as $key => $value) {
if (is_array($value)) {
foreach ($value as $valueElement) {
array_unshift($parts, "{$key}={$valueElement}");
}
}
else {
array_unshift($parts, "{$key}={$value}");
}
}
$subjectNameValue = implode(',', $parts);
}
else {
$subjectNameValue = $certData['issuer'];
}
$x509SubjectNode = $baseDoc
->createElementNS(self::XMLDSIGNS, $dsig_pfx . 'X509SubjectName', $subjectNameValue);
$x509DataNode
->appendChild($x509SubjectNode);
}
if ($issuerSerial && !empty($certData['issuer']) && !empty($certData['serialNumber'])) {
if (is_array($certData['issuer'])) {
$parts = array();
foreach ($certData['issuer'] as $key => $value) {
array_unshift($parts, "{$key}={$value}");
}
$issuerName = implode(',', $parts);
}
else {
$issuerName = $certData['issuer'];
}
$x509IssuerNode = $baseDoc
->createElementNS(self::XMLDSIGNS, $dsig_pfx . 'X509IssuerSerial');
$x509DataNode
->appendChild($x509IssuerNode);
$x509Node = $baseDoc
->createElementNS(self::XMLDSIGNS, $dsig_pfx . 'X509IssuerName', $issuerName);
$x509IssuerNode
->appendChild($x509Node);
$x509Node = $baseDoc
->createElementNS(self::XMLDSIGNS, $dsig_pfx . 'X509SerialNumber', $certData['serialNumber']);
$x509IssuerNode
->appendChild($x509Node);
}
}
}
$x509CertNode = $baseDoc
->createElementNS(self::XMLDSIGNS, $dsig_pfx . 'X509Certificate', $X509Cert);
$x509DataNode
->appendChild($x509CertNode);
}
}