我使用curl API通过两个SSL身份验证调用SOAP Web服务,并在SOAP标头中使用UserName,PasswordDigest和Nounce。
curl API代码是:
$soap_do = curl_init();
curl_setopt($soap_do, CURLOPT_URL, "WEBSERVICE_URL" );
curl_setopt($soap_do, CURLOPT_CONNECTTIMEOUT, 1000);
curl_setopt($soap_do, CURLOPT_TIMEOUT, 1000);
curl_setopt($soap_do, CURLOPT_RETURNTRANSFER, true );
curl_setopt($soap_do, CURLOPT_SSL_VERIFYPEER, true);
curl_setopt($soap_do, CURLOPT_POST, true );
curl_setopt($soap_do, CURLOPT_VERBOSE, '1');
curl_setopt($soap_do, CURLOPT_SSLVERSION, '1');
curl_setopt($soap_do, CURLOPT_SSL_VERIFYHOST, 2);
curl_setopt($soap_do, CURLOPT_SSLKEYPASSWD, 'secret');
curl_setopt($soap_do, CURLOPT_SSLKEYTYPE, 'PEM');
curl_setopt($soap_do, CURLOPT_SSLKEY,"C:/XP/Projects/setups/certs/key.pem");
curl_setopt($soap_do, CURLOPT_POSTFIELDS, $in);
curl_setopt($soap_do, CURLOPT_HTTPHEADER, array('Content-Type: text/xml; charset=utf-8', 'Content-Length: '.strlen($in) ));
$out = curl_exec($soap_do);
if($out === false)
{
echo "err";
$err = 'Curl error: ' . curl_error($soap_do);
curl_close($soap_do);
echo $err;
return $err;
}
else
{
echo "response ==";
echo $out;
echo "execu";
curl_close($soap_do);
return 'Operation completed without any errors';
}
CACERTS已在php.ini文件中设置:
响应始终是Policy Falsified,有人可以查看SSLKEY是否已正确设置,而出站POST消息是否会使用此密钥加密?
完整回复是:
response ==<?xml version="1.0" encoding="UTF-8"?>
<soapenv:Envelope xmlns:soapenv="http://www.w3.org/2003/05/soap-envelope">
<soapenv:Body>
<soapenv:Fault>
<soapenv:Code>
<soapenv:Value>soapenv:Receiver</soapenv:Value>
</soapenv:Code>
<soapenv:Reason>
<soapenv:Text xml:lang="en-US">Policy Falsified</soapenv:Text>
</soapenv:Reason>
<soapenv:Role>REMOVED FOR PRIVACY</soapenv:Role>
<soapenv:Detail>
<l7:policyResult status="Bad Request" xmlns:l7="http://www.layer7tech.com/ws/policy/fault"/>
</soapenv:Detail>
</soapenv:Fault>
</soapenv:Body>
</soapenv:Envelope>
execu* Trying 216.178.233.150...
* Connected to impl.client.com (216.178.233.150) port 443 (#0)
* successfully set certificate verify locations:
* CAfile: C:/Project_ah/php/cacert.pem
CApath: none
* SSL connection using TLSv1.0 / DHE-RSA-AES256-SHA
* Server certificate:
* subject: C=US; ST=Maryland; L=Baltimore; O=Centers for Medicare & Medicaid Services; OU=OIS; CN=REMOVED FOR PRIVACY
* start date: 2014-12-31 00:00:00 GMT
* expire date: 2016-01-23 23:59:59 GMT
* subjectAltName: REMOVED FOR PRIVACY
* issuer: C=US; O=Symantec Corporation; OU=Symantec Trust Network; CN=Symantec Class 3 Secure Server CA - G4
* SSL certificate verify ok.
> POST /Imp1/servie HTTP/1.1
Host: REMOVED FOR PRIVACY
Accept: */*
Content-Type: text/xml; charset=utf-8
Content-Length: 2517
Expect: 100-continue
< HTTP/1.1 100 Continue
< HTTP/1.1 500 Internal Server Error
< Server: Apache-Coyote/1.1
< Content-Type: application/soap+xml;charset=utf-8
< Content-Length: 746
< Date: Wed, 03 Jun 2015 03:53:13 GMT
< Connection: close
<
* Closing connection 0
注意:不使用SOAPClient,因为由于嵌套的XSD再次定义命名空间而无法解析WSDL