Rewrite xml signature validation with newer dependency

composer.json

@@ -22,7 +22,7 @@
         "ext-curl": "*",
         "ext-json": "*",
         "ext-openssl": "*",
-        "selective/xmldsig": "^3.0"
+        "robrichards/xmlseclibs": "^3.1"
     },
     "autoload": {
         "psr-4": {

src/Validators/WebhookSignatureValidation.php

@@ -9,10 +9,10 @@
 namespace Bluem\BluemPHP\Validators;
 
 use Bluem\BluemPHP\Helpers\Now;
+use DOMDocument;
 use Exception;
-use Selective\XmlDSig\CryptoVerifier;
-use Selective\XmlDSig\PublicKeyStore;
-use Selective\XmlDSig\XmlSignatureVerifier;
+use RobRichards\XMLSecLibs\XMLSecurityDSig;
+use RobRichards\XMLSecLibs\XMLSecurityKey;
 
 class WebhookSignatureValidation extends WebhookValidator
 {
@@ -29,26 +29,44 @@ public function __construct(
      */
     public function validate(string $data): self
     {
+        $public_key_file_path = dirname(__DIR__, 2) . self::KEY_FOLDER . $this->getKeyFileName();
+
         $temp_file = tmpfile();
         fwrite($temp_file, $data);
         $temp_file_path = stream_get_meta_data($temp_file)['uri'];
 
-        $publicKeyStore = new PublicKeyStore();
 
-        $public_key_file_path = dirname(__DIR__, 2) . self::KEY_FOLDER . $this->getKeyFileName();
+        // Load the XML to be verified
+        $doc = new DOMDocument();
+        $doc->load($temp_file_path);
 
+        // Create a new Security object
+        $objDSig = new XMLSecurityDSig();
+
+        // Locate the signature within the XML
         try {
-            $publicKeyStore->loadFromPem(file_get_contents($public_key_file_path));
-            $cryptoVerifier = new CryptoVerifier($publicKeyStore);
+            $objDSig->locateSignature($doc);
+            $objDSig->canonicalizeSignedInfo();
+            $objDSig->validateReference();
+        } catch (Exception $e) {
+            $this->addError('Reference Validation Failed: ' . $e->getMessage());
+        }
 
-            // Create a verifier instance and pass the crypto decoder
-            $xmlSignatureVerifier = new XmlSignatureVerifier($cryptoVerifier);
+        try {
+            // Load the public key
+            $objKey = new XMLSecurityKey(XMLSecurityKey::RSA_SHA256, ['type' => 'public']);
+            $objKey->loadKey($public_key_file_path, TRUE);
 
-            // Verify a XML file
-            $xmlVerified = $xmlSignatureVerifier->verifyXml(file_get_contents($temp_file_path));
-            if (! $xmlVerified) {
+        } catch (Exception $e) {
+            $this->addError('Could not load public key');
+        }
+
+        try {
+            // Check the signature
+            if (!$objDSig->verify($objKey)) {
                 $this->addError("Invalid signature");
             }
+            // else, the signature is valid
         } catch (Exception $e) {
             $this->addError($e->getMessage());
         }