diff --git a/src/FR3D/XmlDSig/Adapter/XmlseclibsAdapter.php b/src/FR3D/XmlDSig/Adapter/XmlseclibsAdapter.php index e53a11b..2e13881 100644 --- a/src/FR3D/XmlDSig/Adapter/XmlseclibsAdapter.php +++ b/src/FR3D/XmlDSig/Adapter/XmlseclibsAdapter.php @@ -177,7 +177,18 @@ public function verify(DOMDocument $data) $objKey->loadKey($this->getPublicKey()); } - //$objXMLSecDSig->validateReference(); - return (1 === $objXMLSecDSig->verify($objKey)); + // Check signature + if (1 !== $objXMLSecDSig->verify($objKey)) { + return false; + } + + // Check references (data) + try { + $objXMLSecDSig->validateReference(); + } catch(\Exception $e) { + return false; + } + + return true; } } diff --git a/test/FR3D/XmlDSigTest/Adapter/CommonTestCase.php b/test/FR3D/XmlDSigTest/Adapter/CommonTestCase.php index 9213022..baf3c5e 100644 --- a/test/FR3D/XmlDSigTest/Adapter/CommonTestCase.php +++ b/test/FR3D/XmlDSigTest/Adapter/CommonTestCase.php @@ -3,6 +3,7 @@ namespace FR3D\XmlDSigTest\Adapter; use DOMDocument; +use DOMXPath; use FR3D\XmlDSig\Adapter\AdapterInterface; /** @@ -59,4 +60,28 @@ public function testVerify() $this->assertTrue($this->adapter->verify($data)); } + + public function testManipulatedData() + { + $data = new DOMDocument(); + $data->load(__DIR__ . '/_files/basic-doc-signed.xml'); + + $xpath = new DOMXPath($data); + $xpath->registerNamespace('s', 'urn:envelope'); + $xpath->query('//s:Value')->item(0)->nodeValue = 'wrong test'; + + $this->assertFalse($this->adapter->verify($data)); + } + + public function testManipulatedSignature() + { + $data = new DOMDocument(); + $data->load(__DIR__ . '/_files/basic-doc-signed.xml'); + + $xpath = new DOMXPath($data); + $xpath->registerNamespace('s', 'urn:envelope'); + $xpath->query('//s:Value')->item(0)->nodeValue = 'wrong test'; + + $this->assertFalse($this->adapter->verify($data)); + } }