diff options
Diffstat (limited to '3rdparty/vendor/robrichards/xmlseclibs/src/XMLSecurityDSig.php')
| -rw-r--r-- | 3rdparty/vendor/robrichards/xmlseclibs/src/XMLSecurityDSig.php | 32 |
1 files changed, 26 insertions, 6 deletions
diff --git a/3rdparty/vendor/robrichards/xmlseclibs/src/XMLSecurityDSig.php b/3rdparty/vendor/robrichards/xmlseclibs/src/XMLSecurityDSig.php index 9ae4a968..9986123e 100644 --- a/3rdparty/vendor/robrichards/xmlseclibs/src/XMLSecurityDSig.php +++ b/3rdparty/vendor/robrichards/xmlseclibs/src/XMLSecurityDSig.php @@ -11,7 +11,7 @@ use RobRichards\XMLSecLibs\Utils\XPath as XPath; /** * xmlseclibs.php * - * Copyright (c) 2007-2018, Robert Richards <rrichards@cdatazone.org>. + * Copyright (c) 2007-2020, Robert Richards <rrichards@cdatazone.org>. * All rights reserved. * * Redistribution and use in source and binary forms, with or without @@ -44,7 +44,7 @@ use RobRichards\XMLSecLibs\Utils\XPath as XPath; * POSSIBILITY OF SUCH DAMAGE. * * @author Robert Richards <rrichards@cdatazone.org> - * @copyright 2007-2018 Robert Richards <rrichards@cdatazone.org> + * @copyright 2007-2020 Robert Richards <rrichards@cdatazone.org> * @license http://www.opensource.org/licenses/bsd-license.php BSD License */ @@ -194,6 +194,11 @@ class XMLSecurityDSig $query = ".//secdsig:Signature"; $nodeset = $xpath->query($query, $objDoc); $this->sigNode = $nodeset->item($pos); + $query = "./secdsig:SignedInfo"; + $nodeset = $xpath->query($query, $this->sigNode); + if ($nodeset->length > 1) { + throw new Exception("Invalid structure - Too many SignedInfo elements found"); + } return $this->sigNode; } return null; @@ -303,13 +308,28 @@ class XMLSecurityDSig $xpath = $this->getXPathObj(); $query = "./secdsig:SignedInfo"; $nodeset = $xpath->query($query, $this->sigNode); + if ($nodeset->length > 1) { + throw new Exception("Invalid structure - Too many SignedInfo elements found"); + } if ($signInfoNode = $nodeset->item(0)) { $query = "./secdsig:CanonicalizationMethod"; $nodeset = $xpath->query($query, $signInfoNode); + $prefixList = null; if ($canonNode = $nodeset->item(0)) { $canonicalmethod = $canonNode->getAttribute('Algorithm'); + foreach ($canonNode->childNodes as $node) + { + if ($node->localName == 'InclusiveNamespaces') { + if ($pfx = $node->getAttribute('PrefixList')) { + $arpfx = array_filter(explode(' ', $pfx)); + if (count($arpfx) > 0) { + $prefixList = array_merge($prefixList ? $prefixList : array(), $arpfx); + } + } + } + } } - $this->signedInfo = $this->canonicalizeData($signInfoNode, $canonicalmethod); + $this->signedInfo = $this->canonicalizeData($signInfoNode, $canonicalmethod, null, $prefixList); return $this->signedInfo; } } @@ -440,7 +460,7 @@ class XMLSecurityDSig if ($node->localName == 'XPath') { $arXPath = array(); $arXPath['query'] = '(.//. | .//@* | .//namespace::*)['.$node->nodeValue.']'; - $arXpath['namespaces'] = array(); + $arXPath['namespaces'] = array(); $nslist = $xpath->query('./namespace::*', $node); foreach ($nslist AS $nsnode) { if ($nsnode->localName != "xml") { @@ -554,7 +574,7 @@ class XMLSecurityDSig $refids = array(); $xpath = $this->getXPathObj(); - $query = "./secdsig:SignedInfo/secdsig:Reference"; + $query = "./secdsig:SignedInfo[1]/secdsig:Reference"; $nodeset = $xpath->query($query, $this->sigNode); if ($nodeset->length == 0) { throw new Exception("Reference nodes not found"); @@ -578,7 +598,7 @@ class XMLSecurityDSig } } $xpath = $this->getXPathObj(); - $query = "./secdsig:SignedInfo/secdsig:Reference"; + $query = "./secdsig:SignedInfo[1]/secdsig:Reference"; $nodeset = $xpath->query($query, $this->sigNode); if ($nodeset->length == 0) { throw new Exception("Reference nodes not found"); |