search

robrichards / xmlseclibs

A PHP library for XML Security
BSD 3-Clause "New" or "Revised" License
389 stars 181 forks source link

Sing error when add a KeyInfo Reference #149

Open alphp opened 6 years ago

alphp commented 6 years ago

Code:

openssl_pkcs12_read(file_get_contents($pkcs12_file), $certs, $pkcs12_pass);

$data = new DOMDocument();
$data->load($file);

$objKey = new XMLSecurityKey(XMLSecurityKey::RSA_SHA1, ['type' => 'private']);
$objKey->loadKey($certs['pkey']);

$objXMLSecDSig = new XMLSecurityDSig();
$objXMLSecDSig->setCanonicalMethod(XMLSecurityDSig::C14N);

$objXMLSecDSig->add509Cert($certs['cert']);
$objXMLSecDSig->addReference($data, XMLSecurityDSig::SHA1, ['http://www.w3.org/2000/09/xmldsig#enveloped-signature'], ['force_uri' => true]);

$objKeyInfo = $objXMLSecDSig->sigNode->getElementsByTagName('KeyInfo')->item(0);
// Adding a KeyInfo Reference: this Reference invalidates the signature
$objXMLSecDSig->addReference($objKeyInfo , XMLSecurityDSig::SHA1, ['http://www.w3.org/2000/09/xmldsig#enveloped-signature'], ['force_uri' => true]);

$data->save($file . '.xsig');

If I add a reference to the KeyInfo node, the signature is invalidated (signature or altered certificates). If I do not add the reference the signature is correct, but my application needs that reference.

alphp commented 6 years ago

More info and code in https://github.com/alphp/signature_facturae/issues/1