Signer::sign() - Code Metrics - Inspection of "Merge pull request #178 from zoiosilva/lineBreaks" - nfephp-org/sped-common - Measure and Improve Code Quality continuously with Scrutinizer

Passed

Push — master ( 0b76ec...f45b85 )

by Roberto

created 2018-06-29 18:22 UTC

Signer::sign() B

↳ Parent: Signer

Complexity

Conditions	7
Paths	8

Size

Total Lines

Duplication

Lines	0
Ratio	0 %

Code Coverage

Tests	15
CRAP Score	7.2269

Importance

Changes

Metric	Value
dl	0
loc	41
ccs	15
cts	18
cp	0.8333
rs	8.3306
c	0
b	0
f	0
cc	7
nc	8
nop	7
crap	7.2269

<?php

namespace NFePHP\Common;

/**
 * Class to signner a Xml
 * Meets packages :
 *     sped-nfe,
 *     sped-cte,
 *     sped-mdfe,
 *     sped-nfse,
 *     sped-efinanceira
 *     sped-esocial
 *     sped-efdreinf
 *     e sped-esfinge
 *
 * @category  NFePHP
 * @package   NFePHP\Common\Signer
 * @copyright NFePHP Copyright (c) 2016
 * @license   http://www.gnu.org/licenses/lgpl.txt LGPLv3+
 * @license   https://opensource.org/licenses/MIT MIT
 * @license   http://www.gnu.org/licenses/gpl.txt GPLv3+
 * @author    Roberto L. Machado <linux.rlm at gmail dot com>
 * @link      http://github.com/nfephp-org/sped-common for the canonical source repository
 */

use NFePHP\Common\Certificate\PublicKey;
use NFePHP\Common\Exception\SignerException;
use DOMDocument;
use DOMNode;
use DOMElement;

class Signer
{
    const CANONICAL = [true,false,null,null];
    
    /**
     * Make Signature tag
     * @param Certificate $certificate
     * @param string $content xml for signed
     * @param string $tagname
     * @param string $mark for URI (opcional)
     * @param int $algorithm (opcional)
     * @param array $canonical parameters to format node for signature (opcional)
     * @param string $rootname name of tag to insert signature block (opcional)
     * @return string
     * @throws SignerException
     */
    public static function sign(
        Certificate $certificate,
        $content,
        $tagname,
        $mark = 'Id',
        $algorithm = OPENSSL_ALGO_SHA1,
        $canonical = self::CANONICAL,
        $rootname = ''
    ) {
        if (empty($content)) {
            throw SignerException::isNotXml();
        }
        if (!Validator::isXML($content)) {
            throw SignerException::isNotXml();
        }
        $dom = new DOMDocument('1.0', 'UTF-8');
        $dom->loadXML($content);
        $dom->preserveWhiteSpace = false;
        $dom->formatOutput = false;
        $root = $dom->documentElement;
        if (!empty($rootname)) {
            $root = $dom->getElementsByTagName($rootname)->item(0);
        }
        $node = $dom->getElementsByTagName($tagname)->item(0);
        if (empty($node) || empty($root)) {
            throw SignerException::tagNotFound($tagname);
        }
        if (!self::existsSignature($content)) {
            $dom = self::createSignature(
                $certificate,
                $dom,
                $root,
                $node,

                $mark,
                $algorithm,
                $canonical
            );
        }
        return "<?xml version=\"1.0\" encoding=\"UTF-8\"?>"
            . $dom->saveXML($dom->documentElement, LIBXML_NOXMLDECL);
    }
    
    /**
     * Method that provides the signature of xml as standard SEFAZ
     * @param Certificate $certificate
     * @param \DOMDocument $dom
     * @param \DOMNode $root xml root
     * @param \DOMElement $node node to be signed
     * @param string $mark Marker signed attribute
     * @param int $algorithm cryptographic algorithm (opcional)
     * @param array $canonical parameters to format node for signature (opcional)
     * @return \DOMDocument
     */
    private static function createSignature(
        Certificate $certificate,
        DOMDocument $dom,
        DOMNode $root,
        DOMElement $node,
        $mark,
        $algorithm = OPENSSL_ALGO_SHA1,
        $canonical = self::CANONICAL
    ) {
        $nsDSIG = 'http://www.w3.org/2000/09/xmldsig#';
        $nsCannonMethod = 'http://www.w3.org/TR/2001/REC-xml-c14n-20010315';
        $nsSignatureMethod = 'http://www.w3.org/2000/09/xmldsig#rsa-sha1';
        $nsDigestMethod = 'http://www.w3.org/2000/09/xmldsig#sha1';
        $digestAlgorithm = 'sha1';
        if ($algorithm == OPENSSL_ALGO_SHA256) {
            $digestAlgorithm = 'sha256';
            $nsSignatureMethod = 'http://www.w3.org/2001/04/xmldsig-more#rsa-sha256';
            $nsDigestMethod = 'http://www.w3.org/2001/04/xmlenc#sha256';
        }
        $nsTransformMethod1 ='http://www.w3.org/2000/09/xmldsig#enveloped-signature';
        $nsTransformMethod2 = 'http://www.w3.org/TR/2001/REC-xml-c14n-20010315';
        $idSigned = trim($node->getAttribute($mark));
        $digestValue = self::makeDigest($node, $digestAlgorithm, $canonical);
        $signatureNode = $dom->createElementNS($nsDSIG, 'Signature');
        $root->appendChild($signatureNode);
        $signedInfoNode = $dom->createElement('SignedInfo');
        $signatureNode->appendChild($signedInfoNode);
        $canonicalNode = $dom->createElement('CanonicalizationMethod');
        $signedInfoNode->appendChild($canonicalNode);
        $canonicalNode->setAttribute('Algorithm', $nsCannonMethod);
        $signatureMethodNode = $dom->createElement('SignatureMethod');
        $signedInfoNode->appendChild($signatureMethodNode);
        $signatureMethodNode->setAttribute('Algorithm', $nsSignatureMethod);
        $referenceNode = $dom->createElement('Reference');
        $signedInfoNode->appendChild($referenceNode);
        if (!empty($idSigned)) {
            $idSigned = "#$idSigned";
        }
        $referenceNode->setAttribute('URI', $idSigned);
        $transformsNode = $dom->createElement('Transforms');
        $referenceNode->appendChild($transformsNode);
        $transfNode1 = $dom->createElement('Transform');
        $transformsNode->appendChild($transfNode1);
        $transfNode1->setAttribute('Algorithm', $nsTransformMethod1);
        $transfNode2 = $dom->createElement('Transform');
        $transformsNode->appendChild($transfNode2);
        $transfNode2->setAttribute('Algorithm', $nsTransformMethod2);
        $digestMethodNode = $dom->createElement('DigestMethod');
        $referenceNode->appendChild($digestMethodNode);
        $digestMethodNode->setAttribute('Algorithm', $nsDigestMethod);
        $digestValueNode = $dom->createElement('DigestValue', $digestValue);
        $referenceNode->appendChild($digestValueNode);
        $c14n = self::canonize($signedInfoNode, $canonical);
        $signature = $certificate->sign($c14n, $algorithm);
        $signatureValue = base64_encode($signature);
        $signatureValueNode = $dom->createElement('SignatureValue', $signatureValue);
        $signatureNode->appendChild($signatureValueNode);
        $keyInfoNode = $dom->createElement('KeyInfo');
        $signatureNode->appendChild($keyInfoNode);
        $x509DataNode = $dom->createElement('X509Data');
        $keyInfoNode->appendChild($x509DataNode);
        $pubKeyClean = $certificate->publicKey->unFormated();
        $x509CertificateNode = $dom->createElement('X509Certificate', $pubKeyClean);
        $x509DataNode->appendChild($x509CertificateNode);
        return $dom;
    }

    /**
     * Remove old signature from document to replace it
     * @param string $content
     * @return string
     */
    public static function removeSignature($content)
    {
        if (!self::existsSignature($content)) {
            return $content;
        }
        $dom = new \DOMDocument('1.0', 'utf-8');
        $dom->formatOutput = false;
        $dom->preserveWhiteSpace = false;
        $dom->loadXML($content);
        $node = $dom->documentElement;
        $signature = $node->getElementsByTagName('Signature')->item(0);
        if (!empty($signature)) {
            $parent = $signature->parentNode;
            $parent->removeChild($signature);
        }
        return $dom->saveXML();
    }

    /**
     * Verify if xml signature is valid
     * @param string $content
     * @param string $tagname tag for sign (opcional)
     * @param array $canonical parameters to format node for signature (opcional)
     * @return boolean
     * @throws SignerException Not is a XML, Digest or Signature dont match
     */
    public static function isSigned($content, $tagname = '', $canonical = self::CANONICAL)
    {
        if (!self::existsSignature($content)) {
            return false;
        }
        if (!self::digestCheck($content, $tagname, $canonical)) {
            return false;
        }
        return self::signatureCheck($content, $canonical);
    }
    
    /**
     * Check if Signature tag already exists
     * @param string $content
     * @return boolean
     */
    public static function existsSignature($content)
    {
        if (!Validator::isXML($content)) {
            throw SignerException::isNotXml();
        }
        $dom = new \DOMDocument('1.0', 'utf-8');
        $dom->formatOutput = false;
        $dom->preserveWhiteSpace = false;
        $dom->loadXML($content);
        $signature = $dom->getElementsByTagName('Signature')->item(0);
        return !empty($signature);
    }
    
    /**
     * Verify signature value from SignatureInfo node and public key
     * @param string $xml
     * @param array $canonical
     * @return boolean
     */
    public static function signatureCheck($xml, $canonical = self::CANONICAL)
    {
        $dom = new \DOMDocument('1.0', 'utf-8');
        $dom->formatOutput = false;
        $dom->preserveWhiteSpace = false;
        $dom->loadXML($xml);
        
        $signature = $dom->getElementsByTagName('Signature')->item(0);
        $sigMethAlgo = $signature->getElementsByTagName('SignatureMethod')->item(0)->getAttribute('Algorithm');
        $algorithm = OPENSSL_ALGO_SHA256;
        if ($sigMethAlgo == 'http://www.w3.org/2000/09/xmldsig#rsa-sha1') {
            $algorithm = OPENSSL_ALGO_SHA1;
        }
        $certificateContent = $signature->getElementsByTagName('X509Certificate')->item(0)->nodeValue;
        $publicKey = PublicKey::createFromContent($certificateContent);
        $signInfoNode = self::canonize($signature->getElementsByTagName('SignedInfo')->item(0), $canonical);
        $signatureValue = $signature->getElementsByTagName('SignatureValue')->item(0)->nodeValue;
        $decodedSignature = base64_decode(str_replace(array("\r", "\n"), '', $signatureValue));
        if (!$publicKey->verify($signInfoNode, $decodedSignature, $algorithm)) {
            throw SignerException::signatureComparisonFailed();
        }
        return true;
    }
    
    /**
     * Verify digest value of data node
     * @param string $xml
     * @param string $tagname
     * @param array $canonical
     * @return bool
     * @throws SignerException
     */
    public static function digestCheck($xml, $tagname = '', $canonical = self::CANONICAL)
    {
        $dom = new \DOMDocument('1.0', 'utf-8');
        $dom->formatOutput = false;
        $dom->preserveWhiteSpace = false;
        $dom->loadXML($xml);
        $root = $dom->documentElement;
        $signature = $dom->getElementsByTagName('Signature')->item(0);
        $sigURI = $signature->getElementsByTagName('Reference')->item(0)->getAttribute('URI');
        if (empty($tagname)) {
            if (empty($sigURI)) {
                $tagname = $root->nodeName;
            } else {
                $xpath = new \DOMXPath($dom);
                $entries = $xpath->query('//@Id');
                foreach ($entries as $entry) {
                    $tagname = $entry->ownerElement->nodeName;
                    break;
                }
            }
        }
        $node = $dom->getElementsByTagName($tagname)->item(0);
        if (empty($node)) {
            throw SignerException::tagNotFound($tagname);
        }
        $sigMethAlgo = $signature->getElementsByTagName('SignatureMethod')->item(0)->getAttribute('Algorithm');
        $algorithm = 'sha256';
        if ($sigMethAlgo == 'http://www.w3.org/2000/09/xmldsig#rsa-sha1') {
            $algorithm = 'sha1';
        }
        if ($sigURI == '') {
            $node->removeChild($signature);
        }
        $calculatedDigest = self::makeDigest($node, $algorithm, $canonical);
        $informedDigest = $signature->getElementsByTagName('DigestValue')->item(0)->nodeValue;
        if ($calculatedDigest != $informedDigest) {
            throw SignerException::digestComparisonFailed();
        }
        return true;
    }
    
    /**
     * Calculate digest value for given node
     * @param DOMNode $node
     * @param string $algorithm
     * @param array $canonical
     * @return string
     */
    private static function makeDigest(DOMNode $node, $algorithm, $canonical = self::CANONICAL)
    {
        //calcular o hash dos dados
        $c14n = self::canonize($node, $canonical);
        $hashValue = hash($algorithm, $c14n, true);
        return base64_encode($hashValue);
    }
    
    /**
     * Reduced to the canonical form
     * @param DOMNode $node
     * @param array $canonical
     * @return string
     */
    private static function canonize(DOMNode $node, $canonical = self::CANONICAL)
    {
        return $node->C14N(
            $canonical[0],
            $canonical[1],
            $canonical[2],
            $canonical[3]
        );
    }
}


1		<?php
2
3		namespace NFePHP\Common;
4
5		/**
6		* Class to signner a Xml
7		* Meets packages :
8		* sped-nfe,
9		* sped-cte,
10		* sped-mdfe,
11		* sped-nfse,
12		* sped-efinanceira
13		* sped-esocial
14		* sped-efdreinf
15		* e sped-esfinge
16		*
17		* @category NFePHP
18		* @package NFePHP\Common\Signer
19		* @copyright NFePHP Copyright (c) 2016
20		* @license http://www.gnu.org/licenses/lgpl.txt LGPLv3+
21		* @license https://opensource.org/licenses/MIT MIT
22		* @license http://www.gnu.org/licenses/gpl.txt GPLv3+
23		* @author Roberto L. Machado <linux.rlm at gmail dot com>
24		* @link http://github.com/nfephp-org/sped-common for the canonical source repository
25		*/
26
27		use NFePHP\Common\Certificate\PublicKey;
28		use NFePHP\Common\Exception\SignerException;
29		use DOMDocument;
30		use DOMNode;
31		use DOMElement;
32
33		class Signer
34		{
35		const CANONICAL = [true,false,null,null];
36
37		/**
38		* Make Signature tag
39		* @param Certificate $certificate
40		* @param string $content xml for signed
41		* @param string $tagname
42		* @param string $mark for URI (opcional)
43		* @param int $algorithm (opcional)
44		* @param array $canonical parameters to format node for signature (opcional)
45		* @param string $rootname name of tag to insert signature block (opcional)
46		* @return string
47		* @throws SignerException
48		*/
49	2	public static function sign(
50		Certificate $certificate,
51		$content,
52		$tagname,
53		$mark = 'Id',
54		$algorithm = OPENSSL_ALGO_SHA1,
55		$canonical = self::CANONICAL,
56		$rootname = ''
57		) {
58	2	if (empty($content)) {
59		throw SignerException::isNotXml();
60		}
61	2	if (!Validator::isXML($content)) {
62	1	throw SignerException::isNotXml();
63		}
64	1	$dom = new DOMDocument('1.0', 'UTF-8');
65	1	$dom->loadXML($content);
66	1	$dom->preserveWhiteSpace = false;
67	1	$dom->formatOutput = false;
68	1	$root = $dom->documentElement;
69	1	if (!empty($rootname)) {
70		$root = $dom->getElementsByTagName($rootname)->item(0);
71		}
72	1	$node = $dom->getElementsByTagName($tagname)->item(0);
73	1	if (empty($node) \|\| empty($root)) {
74		throw SignerException::tagNotFound($tagname);
75		}
76	1	if (!self::existsSignature($content)) {
77	1	$dom = self::createSignature(
78		$certificate,
79		$dom,
80		$root,
81		$node,
		0 ignored issues – show Compatibility introduced 2017-04-29 14:39 UTC by Report Bug Copy Issue Report `$node` of type `object<DOMNode>` is not a sub-type of `object<DOMElement>`. It seems like you assume a child class of the class `DOMNode` to be always present. This check looks for parameters that are defined as one type in their type hint or doc comment but seem to be used as a narrower type, i.e an implementation of an interface or a subclass. Consider changing the type of the parameter or doing an instanceof check before assuming your parameter is of the expected type. Loading history...
82		$mark,
83		$algorithm,
84		$canonical
85		);
86		}
87		return "<?xml version=\"1.0\" encoding=\"UTF-8\"?>"
88	1	. $dom->saveXML($dom->documentElement, LIBXML_NOXMLDECL);
89		}
90
91		/**
92		* Method that provides the signature of xml as standard SEFAZ
93		* @param Certificate $certificate
94		* @param \DOMDocument $dom
95		* @param \DOMNode $root xml root
96		* @param \DOMElement $node node to be signed
97		* @param string $mark Marker signed attribute
98		* @param int $algorithm cryptographic algorithm (opcional)
99		* @param array $canonical parameters to format node for signature (opcional)
100		* @return \DOMDocument
101		*/
102	1	private static function createSignature(
103		Certificate $certificate,
104		DOMDocument $dom,
105		DOMNode $root,
106		DOMElement $node,
107		$mark,
108		$algorithm = OPENSSL_ALGO_SHA1,
109		$canonical = self::CANONICAL
110		) {
111	1	$nsDSIG = 'http://www.w3.org/2000/09/xmldsig#';
112	1	$nsCannonMethod = 'http://www.w3.org/TR/2001/REC-xml-c14n-20010315';
113	1	$nsSignatureMethod = 'http://www.w3.org/2000/09/xmldsig#rsa-sha1';
114	1	$nsDigestMethod = 'http://www.w3.org/2000/09/xmldsig#sha1';
115	1	$digestAlgorithm = 'sha1';
116	1	if ($algorithm == OPENSSL_ALGO_SHA256) {
117		$digestAlgorithm = 'sha256';
118		$nsSignatureMethod = 'http://www.w3.org/2001/04/xmldsig-more#rsa-sha256';
119		$nsDigestMethod = 'http://www.w3.org/2001/04/xmlenc#sha256';
120		}
121	1	$nsTransformMethod1 ='http://www.w3.org/2000/09/xmldsig#enveloped-signature';
122	1	$nsTransformMethod2 = 'http://www.w3.org/TR/2001/REC-xml-c14n-20010315';
123	1	$idSigned = trim($node->getAttribute($mark));
124	1	$digestValue = self::makeDigest($node, $digestAlgorithm, $canonical);
125	1	$signatureNode = $dom->createElementNS($nsDSIG, 'Signature');
126	1	$root->appendChild($signatureNode);
127	1	$signedInfoNode = $dom->createElement('SignedInfo');
128	1	$signatureNode->appendChild($signedInfoNode);
129	1	$canonicalNode = $dom->createElement('CanonicalizationMethod');
130	1	$signedInfoNode->appendChild($canonicalNode);
131	1	$canonicalNode->setAttribute('Algorithm', $nsCannonMethod);
132	1	$signatureMethodNode = $dom->createElement('SignatureMethod');
133	1	$signedInfoNode->appendChild($signatureMethodNode);
134	1	$signatureMethodNode->setAttribute('Algorithm', $nsSignatureMethod);
135	1	$referenceNode = $dom->createElement('Reference');
136	1	$signedInfoNode->appendChild($referenceNode);
137	1	if (!empty($idSigned)) {
138	1	$idSigned = "#$idSigned";
139		}
140	1	$referenceNode->setAttribute('URI', $idSigned);
141	1	$transformsNode = $dom->createElement('Transforms');
142	1	$referenceNode->appendChild($transformsNode);
143	1	$transfNode1 = $dom->createElement('Transform');
144	1	$transformsNode->appendChild($transfNode1);
145	1	$transfNode1->setAttribute('Algorithm', $nsTransformMethod1);
146	1	$transfNode2 = $dom->createElement('Transform');
147	1	$transformsNode->appendChild($transfNode2);
148	1	$transfNode2->setAttribute('Algorithm', $nsTransformMethod2);
149	1	$digestMethodNode = $dom->createElement('DigestMethod');
150	1	$referenceNode->appendChild($digestMethodNode);
151	1	$digestMethodNode->setAttribute('Algorithm', $nsDigestMethod);
152	1	$digestValueNode = $dom->createElement('DigestValue', $digestValue);
153	1	$referenceNode->appendChild($digestValueNode);
154	1	$c14n = self::canonize($signedInfoNode, $canonical);
155	1	$signature = $certificate->sign($c14n, $algorithm);
156	1	$signatureValue = base64_encode($signature);
157	1	$signatureValueNode = $dom->createElement('SignatureValue', $signatureValue);
158	1	$signatureNode->appendChild($signatureValueNode);
159	1	$keyInfoNode = $dom->createElement('KeyInfo');
160	1	$signatureNode->appendChild($keyInfoNode);
161	1	$x509DataNode = $dom->createElement('X509Data');
162	1	$keyInfoNode->appendChild($x509DataNode);
163	1	$pubKeyClean = $certificate->publicKey->unFormated();
164	1	$x509CertificateNode = $dom->createElement('X509Certificate', $pubKeyClean);
165	1	$x509DataNode->appendChild($x509CertificateNode);
166	1	return $dom;
167		}
168
169		/**
170		* Remove old signature from document to replace it
171		* @param string $content
172		* @return string
173		*/
174	1	public static function removeSignature($content)
175		{
176	1	if (!self::existsSignature($content)) {
177		return $content;
178		}
179	1	$dom = new \DOMDocument('1.0', 'utf-8');
180	1	$dom->formatOutput = false;
181	1	$dom->preserveWhiteSpace = false;
182	1	$dom->loadXML($content);
183	1	$node = $dom->documentElement;
184	1	$signature = $node->getElementsByTagName('Signature')->item(0);
185	1	if (!empty($signature)) {
186	1	$parent = $signature->parentNode;
187	1	$parent->removeChild($signature);
188		}
189	1	return $dom->saveXML();
190		}
191
192		/**
193		* Verify if xml signature is valid
194		* @param string $content
195		* @param string $tagname tag for sign (opcional)
196		* @param array $canonical parameters to format node for signature (opcional)
197		* @return boolean
198		* @throws SignerException Not is a XML, Digest or Signature dont match
199		*/
200	6	public static function isSigned($content, $tagname = '', $canonical = self::CANONICAL)
201		{
202	6	if (!self::existsSignature($content)) {
203	1	return false;
204		}
205	5	if (!self::digestCheck($content, $tagname, $canonical)) {
206		return false;
207		}
208	3	return self::signatureCheck($content, $canonical);
209		}
210
211		/**
212		* Check if Signature tag already exists
213		* @param string $content
214		* @return boolean
215		*/
216	6	public static function existsSignature($content)
217		{
218	6	if (!Validator::isXML($content)) {
219		throw SignerException::isNotXml();
220		}
221	6	$dom = new \DOMDocument('1.0', 'utf-8');
222	6	$dom->formatOutput = false;
223	6	$dom->preserveWhiteSpace = false;
224	6	$dom->loadXML($content);
225	6	$signature = $dom->getElementsByTagName('Signature')->item(0);
226	6	return !empty($signature);
227		}
228
229		/**
230		* Verify signature value from SignatureInfo node and public key
231		* @param string $xml
232		* @param array $canonical
233		* @return boolean
234		*/
235	3	public static function signatureCheck($xml, $canonical = self::CANONICAL)
236		{
237	3	$dom = new \DOMDocument('1.0', 'utf-8');
238	3	$dom->formatOutput = false;
239	3	$dom->preserveWhiteSpace = false;
240	3	$dom->loadXML($xml);
241
242	3	$signature = $dom->getElementsByTagName('Signature')->item(0);
243	3	$sigMethAlgo = $signature->getElementsByTagName('SignatureMethod')->item(0)->getAttribute('Algorithm');
244	3	$algorithm = OPENSSL_ALGO_SHA256;
245	3	if ($sigMethAlgo == 'http://www.w3.org/2000/09/xmldsig#rsa-sha1') {
246	3	$algorithm = OPENSSL_ALGO_SHA1;
247		}
248	3	$certificateContent = $signature->getElementsByTagName('X509Certificate')->item(0)->nodeValue;
249	3	$publicKey = PublicKey::createFromContent($certificateContent);
250	3	$signInfoNode = self::canonize($signature->getElementsByTagName('SignedInfo')->item(0), $canonical);
251	3	$signatureValue = $signature->getElementsByTagName('SignatureValue')->item(0)->nodeValue;
252	3	$decodedSignature = base64_decode(str_replace(array("\r", "\n"), '', $signatureValue));
253	3	if (!$publicKey->verify($signInfoNode, $decodedSignature, $algorithm)) {
254	1	throw SignerException::signatureComparisonFailed();
255		}
256	2	return true;
257		}
258
259		/**
260		* Verify digest value of data node
261		* @param string $xml
262		* @param string $tagname
263		* @param array $canonical
264		* @return bool
265		* @throws SignerException
266		*/
267	5	public static function digestCheck($xml, $tagname = '', $canonical = self::CANONICAL)
268		{
269	5	$dom = new \DOMDocument('1.0', 'utf-8');
270	5	$dom->formatOutput = false;
271	5	$dom->preserveWhiteSpace = false;
272	5	$dom->loadXML($xml);
273	5	$root = $dom->documentElement;
274	5	$signature = $dom->getElementsByTagName('Signature')->item(0);
275	5	$sigURI = $signature->getElementsByTagName('Reference')->item(0)->getAttribute('URI');
276	5	if (empty($tagname)) {
277	4	if (empty($sigURI)) {
278		$tagname = $root->nodeName;
279		} else {
280	4	$xpath = new \DOMXPath($dom);
281	4	$entries = $xpath->query('//@Id');
282	4	foreach ($entries as $entry) {
283	4	$tagname = $entry->ownerElement->nodeName;
284	4	break;
285		}
286		}
287		}
288	5	$node = $dom->getElementsByTagName($tagname)->item(0);
289	5	if (empty($node)) {
290	1	throw SignerException::tagNotFound($tagname);
291		}
292	4	$sigMethAlgo = $signature->getElementsByTagName('SignatureMethod')->item(0)->getAttribute('Algorithm');
293	4	$algorithm = 'sha256';
294	4	if ($sigMethAlgo == 'http://www.w3.org/2000/09/xmldsig#rsa-sha1') {
295	4	$algorithm = 'sha1';
296		}
297	4	if ($sigURI == '') {
298		$node->removeChild($signature);
299		}
300	4	$calculatedDigest = self::makeDigest($node, $algorithm, $canonical);
301	4	$informedDigest = $signature->getElementsByTagName('DigestValue')->item(0)->nodeValue;
302	4	if ($calculatedDigest != $informedDigest) {
303	1	throw SignerException::digestComparisonFailed();
304		}
305	3	return true;
306		}
307
308		/**
309		* Calculate digest value for given node
310		* @param DOMNode $node
311		* @param string $algorithm
312		* @param array $canonical
313		* @return string
314		*/
315	4	private static function makeDigest(DOMNode $node, $algorithm, $canonical = self::CANONICAL)
316		{
317		//calcular o hash dos dados
318	4	$c14n = self::canonize($node, $canonical);
319	4	$hashValue = hash($algorithm, $c14n, true);
320	4	return base64_encode($hashValue);
321		}
322
323		/**
324		* Reduced to the canonical form
325		* @param DOMNode $node
326		* @param array $canonical
327		* @return string
328		*/
329	4	private static function canonize(DOMNode $node, $canonical = self::CANONICAL)
330		{
331	4	return $node->C14N(
332	4	$canonical[0],
333	4	$canonical[1],
334	4	$canonical[2],
335	4	$canonical[3]
336		);
337		}
338		}
339

nfephp-org / sped-common

Push — master ( 0b76ec...f45b85 )

Signer::sign() B

Complexity

Size

Duplication

Code Coverage

Importance

Duplication Side-by-Side

Filter issues like