使用PHP中的证书验证消息

时间:2015-10-15 09:03:00

标签: php soap openssl

我必须使用证书验证SOAP请求。是否可以使用$BinarySecurityToken在PHP中执行?如果是这样,在解析XML(请求)之后,我们将拥有$SignatureValue$digestValue$dataopenssl_verify()

下面是我的代码和XML。我对参数感到困惑。这些是需要从XML解析并赋予// xml node <wsse:BinarySecurityToken> $BinarySecurityToken = 'MIIDdjCCA3IwggJvbvaoAMCAQICBFMH6uYwDQYJKoZIhvcNAQEEBQAwezELMAkGA1UEBhMCVVMxEDAOBgNVBAgTB0FyaXpvbmExEDAOBgNVBAcTB1Bob2VuaXgxGTAXBgNVBAoTEEFtZXJpY2FuIEV4cHJlc3MxDDAKBgNVBAsTA0dUVDEfMB0GA1UEAwwWRGlnaXRhbFRyYXZlbFJlY29yZF9FMjAeFw0xNDAyMjIwMDEwMTRaFw0xNzAyMjEwMDEwMTRaMHsxCzAJBgNVBAYTAlVTMRAwDgYDVQQIEwdBcml6b25hMRAwDgYDVQQHEwdQaG9lbml4MRkwFwYDVQQKExBBbWVyaWNhbiBFeHByZXNzMQwwCgYDVQQLEwNHVFQxHzAdBgNVBAMMFkRpZ2l0YWxUcmF2ZWxSZWNvcmRfRTIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDZaSfXYimJ+4aikAkDcQWGf9D83yzBbESds7A3ednCH3w/inBuKs24ukAXBEQtUctCoUiWGvu2FYMVpfYGsw2sX7bmsYdMM0GC2XyG6HEIz64xXx4WEqvcoJb5+ELpO60rCD5bus1AnKt/jqNl2ntxMHDznv/2j5hE2BA+GBZS1DbJQWaVtNN0I9d8aWz+7OeqpUtv+ITLdauZdL4DovaZ4TPy9+IaITOIWgBElUWUw/zJI3YAV5vCupLgV2qAe05eFwNNxzMWvQVtslHPuSEW/ZryMA+pxrZyCFp7YQ4AwOTZL+u+LHpEwHVVfZB95EdPNo5uw+1ijmGbuaTDSjg1AgMBAAEwDQYJKoZIhvcNAQEEBQADggEBAGFTv+bULqq9sGJzmcdQMpj1fnXWqFw4w+fVoXV37RKjNlvGuwls5cHa9B0j9fTxn9fg8KE1IubS8L0jeJXXcuBhlT9RWAzCIzQDqs6TwO8Sys88EkjNMqwDZsJYjmGPFMkm8oPA11sCuy+y5m1yplN1VpO3f1Anm7j4WkZ9Cq2HRvZG5OZ45rcvPJ1+xsepz1PyLIQeMxFQJNu7YL4MyEl9UeoRxSoh9SVMaahQ2PgYc91TbCWCVwo96xkRoGPviZAFhXXxmSbjWX0OLigM8bGx2KryBOYIZfjTPfWZ1mhTWocD5URlkpx0WRUWmU2MaK9sXFuQf4UAXgu2RfIykrU='; // xml node <ds:SignatureValue> $SignatureValue = 'sDJwzzmPoVaV7m6cNaAReQU4l3EG98jVVff6C0MvYTTxA+fsKlANi/9cONnKxGCTT9z81DsY6uJmy/ 72gBZhf/csNBYc+9LFAHU17Ee/dOd2AeTXr7Bge7DDDqYXwoKKQVkAsNOCFa0UIuEI3HsfUl8GNb uD62v9Z9r4VpjxeLBNuE0RJxBtrPHYWCr/6MP9Q6smal5QvWnn9HkG6s4pehkdk9WkAnBPuChcF8 O+ojHo7wtA4EEFYh6LLQYzfcz4dkhwdxbMUpkejAWMbv8RVmdHcxvW76l84QPIqS9nn3cFviwyok y1ewnR7+qZkffgTETNhjwbFeNZP6h3QiUsI0pyLUw=='; // <ds:DigestValue> $digestValue = 'IPhyJugxYi+W+SJjydFNF/01jxg='; // data to be parsed $data = 'HI'; $fp = fopen("pathto/xxx_root.pem", "r"); // this file is given by the requester. We have given out certificates to them $cert = fread($fp, 8192); fclose($fp); // state whether signature is okay or not // use the certificate, not the public key //$ok = openssl_verify($data, $signature, $cert); $ok = openssl_verify($data, $SignatureValue, $cert); if ($ok == 1) { echo "good"; } elseif ($ok == 0) { echo "bad"; } else { echo "ugly, error checking signature"; } 函数的参数吗?我错过了什么? 

<soapenv:Envelope xmlns:itin="http://americanexpress.com/travel/dtr/ws/itinerary" xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/">
    <soapenv:Header>
        <wsse:Security soapenv:mustUnderstand="1" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
            <wsse:BinarySecurityToken EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509PKIPathv1" wsu:Id="X509-8CD06AFAA518E6C688143339459975413">
                MIIDdjCCA3IwggJaoAMCAQICBFMH6uYwDQYJKoZIhvcNAQEEBQAwezELMAkGA1UEBhMCVVMxEDAOBgNVBAgTB0FyaXpvbmExEDAOBgNVBAcTB1Bob2VuaXgxGTAXBgNVBAoTEEFtZXJpY2FuIEV4cHJlc3MxDDAKBgNVBAsTA0dUVDEfMB0GA1UEAwwWRGlnaXRhbFRyYXZlbFJlY29yZF9FMjAeFw0xNDAyMjIwMDEwMTRaFw0xNzAyMjEwMDEwMTRaMHsxCzAJBgNVBAgffgrYTAlVTMRAwDgYDVQQIEwdBecml6b25hMRAwDgYDVQQHEwdQaG9lbml4MRkwFwYDVQQKExBBbWVyaWNhbiBFeHByZXNzMQwwCgYDVQQLEwNHVFQxHzAdBgNVBAMMFkRpZ2l0YWxUcmF2ZWxSZWNvcmRfRTIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDZaSfXYimJ+4aikAkDcQWGf9D83yzBbESds7A3ednCH3w/inBuKs24ukAXBEQtUctCoUiWGvu2FYMVpfYGsw2sX7bmsYdMM0GC2XyG6HEIz64xXx4WEqvcoJb5+ELpO60rCD5bus1AnKt/jqNl2ntxMHDznv/2j5hE2BA+GBZS1DbJQWaVtNN0I9d8aWz+7OeqpUtv+ITLdauZdL4DovaZ4TPy9+IaITOIWgBElUWUw/zJI3YAV5vCupLgV2qAe05eFwNNxzMWvQVtslHPuSEW/ZryMA+pxrZyCFp7YQ4AwOTZL+u+LHpEwHVVfZB95EdPNo5uw+1ijmGbuaTDSjg1AgMBAAEwDQYJKoZIhvcNAQEEBQADggEBAGFTv+bULqq9sGJzmcdQMpj1fnXWqFw4w+fVoXV37RKjNlvGuwls5cHa9B0j9fTxn9fg8KE1IubS8L0jeJXXcuBhlT9RWAzCIzQDqs6TwO8Sys88EkjNMqwDZsJYjmGPFMkm8oPA11sCuy+y5m1yplN1VpO3f1Anm7j4WkZ9Cq2HRvZG5OZ45rcvPJ1+xsepz1PyLIQeMxFQJNu7YL4MyEl9UeoRxSoh9SVMaahQ2PgYc91TbCWCVwo96xkRoGPviZAFhXXxmSbjWX0OLigM8bGx2KryBOYIZfjTPfWZ1mhTWocD5URlkpx0WRUWmU2MaK9sXFuQf4UAXgu2RfIykrU=</wsse:BinarySecurityToken>
            <ds:Signature Id="SIG-7" xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
                <ds:SignedInfo>
                    <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
                        <ec:InclusiveNamespaces PrefixList="itin soapenv" xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                    </ds:CanonicalizationMethod>
                    <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
                    <ds:Reference URI="#id-6">
                        <ds:Transforms>
                            <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
                                <ec:InclusiveNamespaces PrefixList="itin" xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                            </ds:Transform>
                        </ds:Transforms>
                        <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
                        <ds:DigestValue>IPhyJugxYi+W+SJjydFNF/01jxg=</ds:DigestValue>
                    </ds:Reference>
                </ds:SignedInfo>
                <ds:SignatureValue>sDJwzzmPoVaV7m6cNaAReQU4l3EG98jVV6C0MvYTTxA+fsKlANi/9cONnKxGCTT9z81DsY6uJmy/
                    72gBZhf/csNBYc+9LFAHU17Ee/dOd2AeTXr7Bge7DDDqYXwoKKQVkAsNOCFa0UIuEI3HsfUl8GNb
                    uD62v9Z9r4VpjxeLBNuE0RJxBtrPHYWCr/6MP9Q6smal5QvWnn9HkG6s4pehkdk9WkAnBPuChcF8
                    O+ojHo7wtA4EEFYh6LLQYzfcz4dkhwdxbMUpkejAWMbv8RVmdHcxvW76l84QPIqS9nn3cFviwyok
                    y1ewnR7+qZkTETNhjwbFeNZP6h3QiUsI0pyLUw==</ds:SignatureValue>
                <ds:KeyInfo Id="KI-8CD06AFAA518E6C688143339459975414">
                    <wsse:SecurityTokenReference wsse11:TokenType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509PKIPathv1" wsu:Id="STR-8CD06AFAA518E6C688143339459975415" xmlns:wsse11="http://docs.oasis-open.org/wss/oasis-wss-wssecurity-secext-1.1.xsd">
                        <wsse:Reference URI="#X509-8CD06AFAA518E6C688143339459975413" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509PKIPathv1"/>
                    </wsse:SecurityTokenReference>
                </ds:KeyInfo>
            </ds:Signature>
        </wsse:Security>
    </soapenv:Header>
    <soapenv:Body wsu:Id="id-6" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
        <itin:ping>
            <!--Optional:-->
            <itin:param>HI</itin:param>
        </itin:ping>
    </soapenv:Body>
</soapenv:Envelope>

请求XML 

var endDate = moment(startDate).endOf('year');

0 个答案:

没有答案
相关问题
最新问题