본문 바로가기
프로그래밍/PHP

XML Signature

네오미르 2021. 5. 13. 15:39

 

PHP 에서 XML Signature 를 구현하기 위해서는 

 

1. xmlseclibs

1.1. 라이브러리 다운받기 https://github.com/robrichards/xmlseclibs

- xmlseclib.php, src폴더 만 받아도 됨

1.2. XMLSecurityDSig.php, XMLSecurityKey.php 파일의 namespace 주석처리하거나 환경에 맞게 수정 : 문제없다면 수정 안 해도됨

 

참고사이트 : https://www.di-mgt.com.au/xmldsig.html

 

샘플소스

<?php
require_once 'XMLSecLibs/xmlseclibs.php';

$xml = '<?xml version="1.0" encoding="UTF-8"?>
<Root xmlns="urn:envelope">
  <Value>
	Hello, World!
  </Value>
</Root>';

$doc = new DOMDocument();

// XML 파일로 로드할경우
//$doc->load(dirname(__FILE__).'/test.xml');

// XML string 으로 로드할경우
$doc->loadXML($xml);

$objDSig = new XMLSecurityDSig();

$objDSig->setCanonicalMethod(XMLSecurityDSig::EXC_C14N);

$objDSig->addReference($doc, XMLSecurityDSig::SHA1, array('http://www.w3.org/2000/09/xmldsig#enveloped-signature'), array("force_uri"=>true));

$objKey = new XMLSecurityKey(XMLSecurityKey::RSA_SHA1, array('type'=>'private'));

/* load private key */
$objKey->loadKey(dirname(__FILE__) . '/privkey.pem', TRUE);

/* 인증키에 암호가 걸려있다면 */
//$objKey->passphrase = 'xxxxxxxx';

$objDSig->sign($objKey);

/* Add associated public key */
$objDSig->add509Cert(file_get_contents(dirname(__FILE__) . '/mycert.pem'));

/* XML Signature 삽입 */
$objDSig->appendSignature($doc->documentElement);

/* 특정태그안에 삽입하려면 
 * 삽입하려는 태그네임의 엘리먼트를 찾아서 해당 엘리먼트에 삽입
 */
foreach ($doc->getElementsByTagName('태그네임') as $el) {
	if (!$element) {
		$element = $el;
		break;
	}
}
$objDSig->appendSignature($element);

/* 파일로 생성시 */
$doc->save(dirname(__FILE__) . '/result.xml');

/* 변수로 처리시 */
$result = $doc->C14N();

?>

 

결과물

1. $objDSig->appendSignature($doc->documentElement);

<Root xmlns="urn:envelope">
	<Value>
		Hello, World!
	</Value>
	<ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
		<ds:SignedInfo>
			<ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"></ds:CanonicalizationMethod>
			<ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"></ds:SignatureMethod>
			<ds:Reference URI="">
				<ds:Transforms>
					<ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"></ds:Transform>
				</ds:Transforms>
				<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"></ds:DigestMethod>
				<ds:DigestValue>scTXEJcKZm9Mb0ldX7LSRbAKY8g=</ds:DigestValue>
			</ds:Reference>
		</ds:SignedInfo>
		<ds:SignatureValue>Zrt7B1/PdpJQ5J45KXGD9kza6oUMtmR+AyJs2T6rckWQm0+8PE/Rx3iKmq17O+qlVNrargcQu0AZkPxzV8dJLukEH1I3o/zg08WeHfwitq9uRNMxGlVqpS4Douqxjaqv/oCERksI5qCkXUuPa7iaSoEA8+uZuIIpM3T1XN3ByUKCgsOqeL9iBUNWKGGC3wWAFvdzkhc1gpti1yWrhaKFoH/apoUeoLjbLVqdr5UcxXx8VFfKn/AXbG6kAdbI+qcmW8D6j+atE7hxpiMi3V7oX1LxqAoRha7+ezokdCYhEtIogsKlpMQoZRXT4L/PqBzhfKbJLkZAj..........</ds:SignatureValue>
		<ds:KeyInfo>
			<ds:X509Data>
				<ds:X509Certificate>MIID5TCCAs2gAwIBAgIUb+fwf1JLWlVmELMixVUdG7SR0YYwDQYJKoZIhvcNAQELBQAwgYExCzAJBgNVBAYTAktSMQwwCgYDVQQIDANTRUwxDDAKBgNVBAcMA1NFTDELMAkGA1UECgwCUlMxEDAOBgNVBAsMB1NXUzIwMjIxEjAQBgNVBAMMCUFJUiBTRU9VTDEjMCEGCSqGSIb3DQEJARYUbGVlc3kzQGFzaWFuYWlkdC5jb20wHhcNMjEwNTA0MDAxNzU5WhcNMjIwNTA0MDAxNzU5WjCBgTELMAkGA1UEBhMCS1IxDDAKBgNVBAgMA1NFTDEMMAoGA1UEBwwDU0VMMQswCQYDVQQKDAJSUzEQMA4GA1UECwwHU1dTMjAyMjESMBAGA1UEAwwJQUlSIFNFT1VMMSMwIQYJKoZIhvcNAQkBFhRsZWVzeTNAYXNpYW5haWR0LmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANdm5lE8AHG/JQnaYigRKpBjMY4rToE2dAwEN96IO/PFp7EYOhO1hUM4........</ds:X509Certificate>
			</ds:X509Data>
		</ds:KeyInfo>
	</ds:Signature>
</Root>

2. 특정태그(Value)에 삽입한 결과

<Root xmlns="urn:envelope">
	<Value> Hello, World!
		<ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
			<ds:SignedInfo>
				<ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"></ds:CanonicalizationMethod>
				<ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"></ds:SignatureMethod>
				<ds:Reference URI="">
					<ds:Transforms>
						<ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"></ds:Transform>
					</ds:Transforms>
					<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"></ds:DigestMethod>
					<ds:DigestValue>scTXEJcKZm9Mb0ldX7LSRbAKY8g=</ds:DigestValue>
				</ds:Reference>
			</ds:SignedInfo>
			<ds:SignatureValue>Zrt7B1/PdpJQ5J45KXGD9kza6oUMtmR+AyJs2T6rckWQm0+8PE/Rx3iKmq17O+qlVNrargcQu0AZkPxzV8dJLukEH1I3o/zg08WeHfwitq9uRNMxGlVqpS4Douqx.....</ds:SignatureValue>
			<ds:KeyInfo>
				<ds:X509Data>
					<ds:X509Certificate>MIID5TCCAs2gAwIBAgIUb+fwf1JLWlVmELMixVUdG7SR0YYwDQYJKoZIhvcNAQELBQAwgYExCzAJBgNVBAYTAktSMQwwCgYDVQQIDANTRUwxDDAKBgNVBAcMA1NFTDELMAkGA1UECgwCUlMxEDAOBgNVBAsMB1NXUzIwMjIxEjAQBgNVBAMMCUFJUiBTRU9VTDEjMCEGCSqGSIb3DQEJARYUbGVlc3kzQGFzaWFuYWlkdC5jb20wHhcNMjEwNTA0MDAxNzU5WhcNMjIwNTA0MDAxNzU5WjCBgTELMAkGA1UEBhMCS1IxDDAKBgNVBAgMA1N......</ds:X509Certificate>
				</ds:X509Data>
			</ds:KeyInfo>
		</ds:Signature>
	</Value>
</Root>

'프로그래밍 > PHP' 카테고리의 다른 글

인풋데이터 확인하기  (0) 2017.04.07
구글 자동가입방지 recaptcha 활용하기  (0) 2015.06.22
PHP에서 bit.ly 이용하여 단축 URL 만들기  (0) 2014.08.07
fgetcsv 함수 사용시 한글깨지는 문제  (0) 2013.11.27
json_decode  (0) 2013.01.02

'프로그래밍/PHP' Related Articles

티스토리툴바