I'm trying to submit a signed XML document (with xmlseclibs), but the signature is turning itself to be wrong.
The code I'm using looks like this:
// input variables:
$tout = __DIR__ . "/" . $firmacert2;
$certBuffer = file_get_contents($tout);
$certTempFile = __DIR__ . '/temp/temp.xml';
$xmlBuffer = base64_decode($xmlstrBase64);
// document creation and loading
$doc = new DOMDocument();
$doc->loadXML($xmlBuffer);
$objDSig = new XMLSecurityDSig();
$objDSig->setCanonicalMethod(XMLSecurityDSig::EXC_C14N);
$objDSig->addReference($doc, XMLSecurityDSig::SHA1, array('http://www.w3.org/2000/09/xmldsig#enveloped-signature'));
$objKey = new XMLSecurityKey(XMLSecurityKey::RSA_SHA1, array('type' => 'private'));
// load private key
$objKey->passphrase = $pass;
$objKey->loadKey($tout, TRUE);
$objDSig->sign($objKey);
// Add associated public key
$objDSig->add509Cert($certBuffer);
$objDSig->appendSignature($doc->documentElement);
$doc->save($certTempFile);
$codif = file_get_contents($certTempFile);
$xml_base64 = base64_encode($codif);
$param1 = new SoapParam($xml_base64, 'xml');
$com = new SoapClient('https://www.aespd.es:443/agenciapd/axis/SolicitudService?wsdl', array('trace' => 1, 'encoding' => 'UTF-8'));
$respuesta2 = $com->probarXml($param1);
$respuesta = base64_decode($respuesta2);
And the xml is being sent, and that's nice, but when i recover the xml file, and check the signature on: http://www.aleksey.com/xmlsec/xmldsig-verifier.html
the error I'm getting is:
func=xmlSecOpenSSLEvpDigestVerify:file=digests.c:line=229:obj=sha1:subj=unknown:error=12:invalid data:data and digest do not match
I tried to transform the certificate into separate private and public keys, same file, different files, importing and exporting and such.
The flow goes this way:
Java program sends generated unsigned Base64 encoded XML to PHP file, which signs and sends it with a SoapClient, result is printed, then captured and interpreted by Java program, thus avoiding having individual certificates on the machines using this system.