Keith Grennan has a fix to the PHP sample code I published a while back. He notes he “hasn't heard back”… My mail system is extremely aggressive about putting things in the Junk Mail folder, so if you ever “don't hear back” don't be afraid to ping me again.
I was hacking on Kim Cameronâ€™s demo PHP InfoCard libraries recently, and sometimes found I got the error â€œSignedInfo digest doesnâ€™t match calculated digestâ€.
It turns out the XML canonicalization in infocard-post-get-claims.php was breaking when character data in the token contained entity references (e.g. &), because the characterData handler gets only the decoded data.
Hereâ€™s a patch that fixes it. The patch re-encodes â€˜< â€™, â€˜>â€™, and â€˜&â€™ characters back to â€˜<â€™, â€˜>â€™ and â€˜&â€™ respectively before adding them to $canonicalTokenBuffer. There are some edge cases that may not be solved by this patch, but itâ€™s a quick fix that should make the token processing code more robust for many possible cases. I sent it to Kim but have not heard back.
Check out the fix here. I'll incorporate it into my code, which is intended to help people master infocard and can be used in whatever way is deemed helpful. I'll post an updated ZIP this comng week.