Signing document with X509SubjectKeyIdentifier options fails

[kamileczek]

Hello,

I have error during execution of this code:

/* create new XMLSec Key using AES256_CBC and type is private key */
$objKey = new XMLSecurityKey(XMLSecurityKey::RSA_SHA1, array('type' => 'private'));

/* load the private key from file - last arg is bool if key in file (true) or is string (false) */
$objKey->loadKey(PRIVATE_KEY, true);

/* Sign the message - also signs appropiate WS-Security items */
$options = ["insertBefore" => true, "KeyInfo" => ["X509SubjectKeyIdentifier" => true]];
$objWSSE->signSoapDoc($objKey, $options);

The problem is related to following code (line 265 inside WSSESoap.php::signSoapDoc():

$x509 = openssl_x509_parse($objKey->getX509Certificate());
$keyid = $x509["extensions"]["subjectKeyIdentifier"];
$arkeyid = split(":", $keyid);
$data = "";
foreach ($arkeyid AS $hexchar) {
    $data .= chr(hexdec($hexchar));
}
$dataNode = new DOMText(base64_encode($data));
$reference->appendChild($dataNode);

There is no X.509 certificate inside $objKey and there is no way to attach it, because $objKey has already contains private key (and it OK, because I need it to sign message, what is done in line 243 of this method).

The above code should also issue some error in such case rather then be continued as is now.

Is there any way to build $objKey to fulfill requirmenst of options ["KeyInfo"]["X509SubjectKeyIdentifier"]?

Thank you!

[ba1dr]

I've found a possible solution for this. I am trying to sign the message with X509SubjectKeyIdentifier.
Among other parameters passed to the function signSoapDoc() in $options array I pass public certificate which corresponds to the private key used for signing. And replace $objKey in WSESoap,php file with that value.

$x509 = openssl_x509_parse($options['signcert']->getX509Certificate());

[shizonic]

@ba1dr Thanks, this looks good. May you offer your complete code for reference?