public function addEncryptedKey($node, $key, $token, $options = null)
{
if (!$key->encKey) {
return false;
}
$encKey = $key->encKey;
$security = $this->locateSecurityHeader();
$doc = $security->ownerDocument;
if (!$doc->isSameNode($encKey->ownerDocument)) {
$key->encKey = $security->ownerDocument->importNode($encKey, true);
$encKey = $key->encKey;
}
if (!empty($key->guid)) {
return true;
}
$lastToken = null;
$findTokens = $security->firstChild;
while ($findTokens) {
if ($findTokens->localName == 'BinarySecurityToken') {
$lastToken = $findTokens;
}
$findTokens = $findTokens->nextSibling;
}
if ($lastToken) {
$lastToken = $lastToken->nextSibling;
}
$security->insertBefore($encKey, $lastToken);
$key->guid = XMLSecurityDSig::generateGUID();
$encKey->setAttribute('Id', $key->guid);
$encMethod = $encKey->firstChild;
while ($encMethod && $encMethod->localName != 'EncryptionMethod') {
$encMethod = $encMethod->nextChild;
}
if ($encMethod) {
$encMethod = $encMethod->nextSibling;
}
$objDoc = $encKey->ownerDocument;
$keyInfo = $objDoc->createElementNS('http://www.w3.org/2000/09/xmldsig#', 'dsig:KeyInfo');
$encKey->insertBefore($keyInfo, $encMethod);
$tokenRef = $objDoc->createElementNS(self::WSSENS, self::WSSEPFX . ':SecurityTokenReference');
$keyInfo->appendChild($tokenRef);
/* New suff */
if (is_array($options)) {
if (!empty($options['KeyInfo'])) {
if (!empty($options['KeyInfo']['X509SubjectKeyIdentifier'])) {
$reference = $objDoc->createElementNS(self::WSSENS, self::WSSEPFX . ':KeyIdentifier');
$reference->setAttribute('ValueType', 'http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509SubjectKeyIdentifier');
$reference->setAttribute('EncodingType', 'http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary');
$tokenRef->appendChild($reference);
$x509 = openssl_x509_parse($token->getX509Certificate());
$keyid = $x509['extensions']['subjectKeyIdentifier'];
$arkeyid = split(':', $keyid);
$data = '';
foreach ($arkeyid as $hexchar) {
$data .= chr(hexdec($hexchar));
}
$dataNode = new DOMText(base64_encode($data));
$reference->appendChild($dataNode);
return true;
}
}
}
$tokenURI = '#' . $token->getAttributeNS(self::WSUNS, 'Id');
$reference = $objDoc->createElementNS(self::WSSENS, self::WSSEPFX . ':Reference');
$reference->setAttribute('URI', $tokenURI);
$tokenRef->appendChild($reference);
return true;
}