Closed slavo210 closed 4 years ago
Hello Guys, I have a problem with signing node in my XML envelope. My code is below:
<?php session_start(); function getUniqueID($length){ $chars = "abcdef0123456789"; $uniqueID1 = ""; for ($i = 0; $i < $length; $i++) { $uniqueID1 .= substr($chars, rand(0, 15), 1); } $uniqueID2 = ""; for ($i = 0; $i < $length; $i++) { $uniqueID2 .= substr($chars, rand(0, 15), 1); } return "IS_" . $uniqueID1 . "_" . $uniqueID2; } $t = microtime(true); $micro = sprintf("%06d", ($t - floor($t)) * 1000000); $d = new DateTime(date('Y-m-d H:i:s.' . $micro, $t)); $IssueInstant = trim($d->format("Y-m-d\TH:i:s.v\Z")); $Issuer = trim('https://system(...).pl'); $SSOIDvalue = trim(getUniqueID(16)); $SAMLart = trim($_POST['SAMLart']); require_once 'pz/WSSESoap.php'; require_once 'pz/src/XMLSecurityDSig.php'; require_once 'pz/src/XMLSecurityKey.php'; use RobRichards\XMLSecLibs\XMLSecurityDSig; use RobRichards\XMLSecLibs\XMLSecurityKey; use RobRichards\XMLSecLibs\XMLSecEnc; $xml = '<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/"><soapenv:Header/><soapenv:Body><saml2p:ArtifactResolve xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol" Version="2.0" ID="' . $SSOIDvalue . '" IssueInstant="' . $IssueInstant . '"><saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">' . $Issuer . '</saml2:Issuer><saml2p:Artifact>' . $SAMLart . '</saml2p:Artifact></saml2p:ArtifactResolve></soapenv:Body></soapenv:Envelope>'; $results = array(); $doc = new DOMDocument(); $doc->loadXML($xml); $xp = new DOMXPath($doc); $xp->registerNamespace('soapenv', 'http://schemas.xmlsoap.org/soap/envelope/'); $xp->registerNamespace('saml2p', 'urn:oasis:names:tc:SAML:2.0:protocol'); $xp->registerNamespace('saml2', 'urn:oasis:names:tc:SAML:2.0:assertion'); $xp->registerNamespace('ds', XMLSecurityDSig::XMLDSIGNS); $artifactResolveNode = $xp->query('/*[local-name()=\'Envelope\']/*[local-name()=\'Body\']/*[local-name()=\'ArtifactResolve\']')->item(0); $artifactNode = $xp->query('/*[local-name()=\'Envelope\']/*[local-name()=\'Body\']/*[local-name()=\'ArtifactResolve\']/*[local-name()=\'Artifact\']')->item(0); if ($artifactResolveNode) { $objDSig = new XMLSecurityDSig(); $objDSig->setCanonicalMethod(XMLSecurityDSig::EXC_C14N); $objDSig->addReference($artifactResolveNode, XMLSecurityDSig::SHA256, array('http://www.w3.org/2000/09/xmldsig#enveloped-signature', 'http://www.w3.org/2001/10/xml-exc-c14n#'), array('id_name' => 'ID', 'overwrite' => false)); $objKey = new XMLSecurityKey(XMLSecurityKey::RSA_SHA256, array('type' => 'private')); $objKey->loadKey('system(...).pem', TRUE); $objKey->passphrase = "passw0rd"; $objDSig->sign($objKey); //$objDSig->sign($objKey, $artifactResolveNode); // this doesn't work too $objDSig->add509Cert($results['cert']); $objDSig->insertSignature($artifactResolveNode, $artifactNode); $envelope = $doc->saveXML(); echo $envelope; }
Complete XML Envelope:
<?xml version="1.0"?> <soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/"> <soapenv:Header/> <soapenv:Body> <saml2p:ArtifactResolve xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol" Version="2.0" ID="IS_25cb505364e2d986_587fa62a681d2bc8" IssueInstant="2020-06-03T06:45:11.279Z"> <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://system(...).pl </saml2:Issuer> <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#"> <ds:SignedInfo> <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/> <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/> <ds:Reference URI="#IS_25cb505364e2d986_587fa62a681d2bc8"> <ds:Transforms> <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/> <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/> </ds:Transforms> <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/> <ds:DigestValue>uVqDL0bTYAsgJG7/3p4DV/GvyNW4dmP3F61C27we2E4=</ds:DigestValue> </ds:Reference> </ds:SignedInfo> <ds:SignatureValue> TXEzcnFPa25sTENqWmtFLzM5WG(...)GRCNGdRPT0= </ds:SignatureValue> <ds:KeyInfo> <ds:X509Data> <ds:X509Certificate> MIIEHjCCAw(...)kGJxkgM= </ds:X509Certificate> </ds:X509Data> </ds:KeyInfo> </ds:Signature> <saml2p:Artifact>AAQAAKFbFR94fxqmioAqjJUwfyUtjJbvTvwVmBDXXjy3k+XHwJWWkpwJwaU=</saml2p:Artifact> </saml2p:ArtifactResolve> </soapenv:Body> </soapenv:Envelope>
When I validate the envelope on https://tools.chilkat.io/xmlDsigVerify.cshtml I get error: "Signature is Invalid Number of Reference Digests = 1 Reference 1 digest is valid." I try to change code but with no success. Do you see any error in my code?
Hello Guys, I have a problem with signing node in my XML envelope. My code is below:
Complete XML Envelope:
When I validate the envelope on https://tools.chilkat.io/xmlDsigVerify.cshtml I get error: "Signature is Invalid Number of Reference Digests = 1 Reference 1 digest is valid." I try to change code but with no success. Do you see any error in my code?