我使用xmlseclibs v.1.3.1
以下是我尝试签署xml的方法
$document = new DOMDocument();
$request = $document->createElement('paymentRequest');
$xmlnsxsi = $document->createAttribute('xmlns:xsi');
$xmlns = $document->createAttribute('xmlns');
$xmlns->value = 'url link';
$xmlnsxsi->value = 'http://www.w3.org/2001/XMLSchema-instance';
$request->appendChild($xmlnsxsi);
$request->appendChild($xmlns);
$pid = $document->createElement('pid',$_SESSION['payment_info'][$_GET['object_id']]['PID']);
$senderId = $document->createElement('senderId',$_SESSION['info'][$_GET['object']]['ID']);
$returnUrl = $document->createElement('returnUrl',$_SESSION['info'][$_GET['object']]['RETURN']);
$amount = $document->createElement('amount',$_POST['AMOUNT']);
$currency = $document->createElement('currency','USD');
$language = $document->createElement('language','EN');
$message = $document->createElement('message','test test');
$paymentCode = $document->createElement('paymentCode',$_SESSION['info'][$_GET['object']]['PCODE']);
$date = $document->createElement('date','2013-12-03T15:37:19.6414668+02:00');
$correlation = $document->createElement('correlation',$_SESSION['info'][$_GET['object']]['EXTRA']);
$request->appendChild($pid);
$request->appendChild($senderId);
$request->appendChild($returnUrl);
$request->appendChild($amount);
$request->appendChild($currency);
$request->appendChild($language);
$request->appendChild($message);
$request->appendChild($paymentCode);
$request->appendChild($date);
$request->appendChild($correlation);
$document->appendChild($request);
$xml_pay2 = $document->saveXml();
require_once('xmlseclibs.php');
$doc = new DOMDocument();
$doc->loadXML($xml_pay2);
$objDSig = new XMLSecurityDSig();
$objDSig->setCanonicalMethod(XMLSecurityDSig::EXC_C14N_COMMENTS);
$objDSig->addReference($doc, XMLSecurityDSig::SHA1, array('http://www.w3.org/2000/09/xmldsig#enveloped-signature'));
$objKey = new XMLSecurityKey(XMLSecurityKey::RSA_SHA1, array('type'=>'private'));
$objKey->loadKey('system/key.pem', TRUE);
$objDSig->add509Cert(file_get_contents("system/cert.pem"));
$objDSig->sign($objKey,$doc);
$xml_pay2 = $doc->saveXML();
$doc2 = new DOMDocument();
$doc2->loadXML($xml_pay2);
$objXMLSecDSig = new XMLSecurityDSig();
$objDSig = $objXMLSecDSig->locateSignature($doc2);
if (!$objDSig) {
echo "Cannot locate Signature Node";die();
}
$objXMLSecDSig->canonicalizeSignedInfo();
$objXMLSecDSig->idKeys = array('wsu:Id');
$objXMLSecDSig->idNS = array('wsu'=>'http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd');
$retVal = $objXMLSecDSig->validateReference();
if (!$retVal) {
die("Reference Validation Failed");
}
$objKey = $objXMLSecDSig->locateKey();
if (!$objKey ) {
echo "We have no idea about the key";die();
}
$key = NULL;
$objKeyInfo = XMLSecEnc::staticLocateKeyInfo($objKey, $objDSig);
if (! $objKeyInfo->key && empty($key)) {
$objKey->loadKey('system/cert.pem', TRUE);
}
if ($objXMLSecDSig->verify($objKey)) {
echo "Signature validated!";
} else {
echo "Failure!!!!!!!!";
}
总是给我“失败!!!!!!!!”结果