我目前正在尝试构建一个php页面,该页面将基于XML的数据发送到提供商处的SOAP服务,然后提供者返回加密响应。
我需要帮助来弄清楚如何解密响应。
我稍微更改了名称,因此代码是匿名的。
以下是我所做的所有代码"播放"用:
// Turn on error reporting
error_reporting(-1);
// Triple linebreak function
function tlb() {
echo "<br /><br /><br />";
}
// Test XML
$xml = '<?xml version="1.0" encoding="ISO-8859-1"?>
SOME XML';
// SOAP Config
$soapConfig = array(
'cache_wsdl' => WSDL_CACHE_NONE,
'trace' => true,
'exceptions' => true,
'encoding' => "ISO-8859-1",
//'use' => SOAP_LITERAL,
'verify_peer' => true,
'stream_context' => stream_context_create([
'ssl' => [
'local_cert' => $wsdlcertpem,
'passphrase' => $wsdlpasspem
]
])
);
// SOAP Connection
$soapClient = new SoapClient($wsdlurl, $soapConfig);
// SOAP Function
try {
$soapClient->function($xml);
}
catch (SoapFault $fault) {
trigger_error("SOAP Fault: (faultcode: {$fault->faultcode}, faultstring: {$fault->faultstring})", E_USER_ERROR);
}
// Load into variables
$LastRequestHeaders = $soapClient->__getLastRequestHeaders();
$LastRequest = $soapClient->__getLastRequest();
$LastResponseHeaders = $soapClient->__getLastResponseHeaders();
$LastResponse = $soapClient->__getLastResponse();
$b64LastResponse = base64_decode($LastResponse);
// Echo output
echo "SOAP XML:<pre>". htmlentities($xml) ."</pre>";
tlb();
echo "SOAP REQUESTHEADERS: <pre>$LastRequestHeaders</pre";
tlb();
echo "SOAP REQUEST: <pre>$LastRequest</pre>";
tlb();
echo "SOAP RESPONSEHEADERS:<pre>$LastResponseHeaders</pre>";
tlb();
echo "SOAP RESPONSE:<pre>$LastResponse</pre>";
tlb();
echo "SOAP RESPONSE Base64Decoded: <pre>$b64LastResponse</pre>";
tlb();
// Check signature on data
$key = openssl_pkey_get_public('$wsdlcertpem');
echo "$key";
$ok = "";
$signature = "";
$ok = openssl_verify($LastResponse, $signature, $key, sha1WithRSAEncryption);
echo "Check: <br/>";
if ($ok == 1) {
echo "Signature OK";
} elseif ($ok == 0) {
echo "Signature BAD";
} else {
echo "Error checking signature";
}
echo "<br/>".$ok."";
tlb();
tlb();
// Attempt to decrypt
if (!$publicKey = openssl_pkey_get_public($wsdlcerttestpem))
{
echo "Public Key failed: $publicKey";
die;
}
$a_key = openssl_pkey_get_details($publicKey);
// Decrypt the data in the small chunks
$chunkSize = ceil($a_key['bits'] / 8);
$output = '';
echo "ChunkSize: $chunkSize";
$encrypted = $b64LastResponse;
$decrypt_block_size = 256;
$decrypted = "";
$data = str_split($b64LastResponse, $decrypt_block_size);
foreach ($data as $chunk)
{
$partial = "";
$decryptionok = "";
$decryptionok = openssl_public_decrypt($chunk, $partial, $publicKey);
if($decryptionOK === false){return false;}//here also processed errors in decryption. If too big this will be false
$decrypted .= $partial;
}
echo "Decrypteddata: $decrypted <br/>";
while ($encrypted)
{
$chunk = substr($encrypted, 0, $chunkSize);
$encrypted = substr($encrypted, $chunkSize);
$decrypted = '';
if (!openssl_public_decrypt($chunk, $decrypted, $publicKey))
{
echo "Failed to decrypt data";
//die;
}
$output .= $decrypted;
}
openssl_free_key($publicKey);
echo "Decrypted data: $output";
// Uncompress the unencrypted data.
//$output = gzuncompress($output);
echo '<br /><br /> Unencrypted Data: ' . $output;
?>
标题表明SOAP本身运行正常。
SOAP响应如下:
MIIIZgYJKoZIhvcNAQcCoIIIVzCCCFMCAQExCzAJBgUrDgMCGgUAMIIBRAYJKoZI hvcNAQcBoIIBNQSCATE8P3htbCB2ZXJzaW9uPSIxLjAiIGVuY29kaW5nPSJJU08t ODg1OS0xIj8+CjxyZXBseT48ZXJyb3I+PGludmFsaWQtZGF0YT48ZXJyb3ItY29k ZT5DVUkwNTE8L2Vycm9yLWNvZGU+PGVycm9yLXRleHQ+ZmVqbCB2ZWQgWE1MIGlu ZGdhbmc8L2Vycm9yLXRleHQ+PGVycm9yLXRleHQtZXh0ZW5kZWQ+b3JnLnhtbC5z YXguU0FYRXhjZXB0aW9uOiBFeGVjcHRpb24gZHVyaW5nIHBhcnNlOiBDb250ZW50 IGlzIG5vdCBhbGxvd2VkIGluIHByb2xvZy48L2Vycm9yLXRleHQtZXh0ZW5kZWQ+ PC9pbnZhbGlkLWRhdGE+PC9lcnJvcj48L3JlcGx5PqCCBSowggUmMIIEDqADAgEC AgMJZYMwDQYJKoZIhvcNAQEFBQAwPDELMAkGA1UEBhMCVVMxFzAVBgNVBAoTDkdl b1RydXN0LCBJbmMuMRQwEgYDVQQDEwtSYXBpZFNTTCBDQTAeFw0xMjExMjcxMjE2 MDJaFw0xNjExMjgxMzM5MTVaMIG/MSkwJwYDVQQFEyB4dDZReWVJRkJNSWNNSjVK bjY0cEZZa25UeFljaFF2dTETMBEGA1UECxMKR1Q1NDU2NDM2NzExMC8GA1UECxMo U2VlIHd3dy5yYXBpZHNzbC5jb20vcmVzb3VyY2VzL2NwcyAoYykxMjEvMC0GA1UE CxMmRG9tYWluIENvbnRyb2wgVmFsaWRhdGVkIC0gUmFwaWRTU0woUikxGTAXBgNV BAMTEGthcmVuZGVtby50ZGMuZGswggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK AoIBAQC7/9Yf14WIY8xC3ZtDTWSm40L2deF9reAnHL3aYEwtMmoN/k1sYaYOg2Pf TUOaUD/f9cBLagjyovFTun6S8maleCm6nuubuZePostWsJm9NjgL3ne1+0bQg9Iu aUL/99ThjCPj1Kw9sCcGIEu3X1ryMNIvUj6IVDPw6EIq/oonwYzVjyOsdyOO6bZ1 vJvtwKDlW3JIePF+HyN9aOKQMfE3e2TY6isFrLySqJw29niz/d6DM3H3H64AWZAa pvaPNKehHV0s5ZnvuoZK9qRK1mh4hiq9SIeS1nCfW4qD8cOn14cNdcaEQntrzUs1 dnLJ4CaITaKXZS1ZpYfqAnyFoWHzAgMBAAGjggGrMIIBpzAfBgNVHSMEGDAWgBRr aT1qGEJK3Y8CZTn9NSSGeJEWMDAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYI KwYBBQUHAwEGCCsGAQUFBwMCMBsGA1UdEQQUMBKCEGthcmVuZGVtby50ZGMuZGsw QwYDVR0fBDwwOjA4oDagNIYyaHR0cDovL3JhcGlkc3NsLWNybC5nZW90cnVzdC5j b20vY3Jscy9yYXBpZHNzbC5jcmwwHQYDVR0OBBYEFK3tOGh0xHCWZ8VD4cqGx03T j3wdMAwGA1UdEwEB/wQCMAAweAYIKwYBBQUHAQEEbDBqMC0GCCsGAQUFBzABhiFo dHRwOi8vcmFwaWRzc2wtb2NzcC5nZW90cnVzdC5jb20wOQYIKwYBBQUHMAKGLWh0 dHA6Ly9yYXBpZHNzbC1haWEuZ2VvdHJ1c3QuY29tL3JhcGlkc3NsLmNydDBMBgNV HSAERTBDMEEGCmCGSAGG+EUBBzYwMzAxBggrBgEFBQcCARYlaHR0cDovL3d3dy5n ZW90cnVzdC5jb20vcmVzb3VyY2VzL2NwczANBgkqhkiG9w0BAQUFAAOCAQEAR8IY eoLohTPFZd2ZoCAKqzreoiu2j3yCXeMDFHyIHX9bh5HmuSCmf25xsZeCcbXRH2a0 q+ym0X2BCqcJUMLuFKR83O/IN8z6iATQ6ZjccRg26KA1CB6NTVOi7NM13cqo9ucF KeDec2sFI9lrrphtWZwUbERprnjW6V0AorgdOukxCiCEPelmQogolIlDGHL6k83E QaLhznItOYwEgTdnJ6Okb4jP6pjxJKD8medi52ICjeeUmeHJXuKhI0wUFP+wcelF CpMco1Qs+mdVZ1FCNbw83KUwh5XwM4tKzgn5ipKomsPx4h6eQYpDoe4ulivH+xYN YNcLs+HijvkbmmV+3TGCAckwggHFAgEBMEMwPDELMAkGA1UEBhMCVVMxFzAVBgNV BAoTDkdlb1RydXN0LCBJbmMuMRQwEgYDVQQDEwtSYXBpZFNTTCBDQQIDCWWDMAkG BSsOAwIaBQCgXTAYBgkqhkiG9w0BCQMxCwYJKoZIhvcNAQcBMBwGCSqGSIb3DQEJ BTEPFw0xNzEyMjcxMzQyMTNaMCMGCSqGSIb3DQEJBDEWBBRXJS7GC+sYrrb9YaLm nsFH3e/lyDANBgkqhkiG9w0BAQEFAASCAQBTSz7X4URhT+u3b40YELnOT+lXirXP GGNb9UhQFZ+XAq8Fd9DTYs7A5EXpEDsByxnupctz48sG5Q8sosnZaMcQoIQvcPpg xgZ5Reo/qNlAbiWbGubt0wSCmwqJ1RbVlJu9zle8/7Y557YmQNMgEglnFus2Q8p4 9BuCK+e9bTuJ8JgLM6IokQdWcCWKevkWakHtBxrI/XrPPnPVqQbkS7/uKJ50FqqR Vv8Ip7dcGJCMaqKi+/VGoEuoDjt262MeKF1ZKI9Et0+wOEtnirMz97bByTyTHH6T 3ijPfaRyCNsdWXy3F8NHsI0I1Bo9mRRp7T4dlX04csVACIQvpmfbMLLL
当我使用base64解码时,我会得到类似这样的内容:
�ioz�"�}tzw(v)�!#��u���z{Ğ������Y첆�z{����!zf��il��h�졪z{ޖ�^������r�ig���i��0� ���M\��r�k���l�m����7��?�M5�sI�^����֧q����h�"w�E�)�{H��^���x�)^��i���隳������?�����ܡا��f�{8�5Xm�����^��1�[(j�+��(j�ޞ������ig�{4���ƥ�ig�#� org.xml.s�v��4�W�6WF���W�V7F���GW&��r'6S�6��FV�Mw is not allowed in prolog.�s����fƖB�FF���W'&�#���&WǓ� R� Rc @�0-we�0 * H 0 <10 UUS10U Ge�v�G&#39;W7B���2�C`5P@10�&amp;�E54�4�p�## s#mw02Z 161128133915Z0��1)0&#39;Uxt6QyeIFBMIcMJ5J�v�cGe���G��6�g
(还有更多..)
然而,无论我尝试什么,似乎我无法正确解密响应,即使使用他们的证书进行解密。
他们真的没有任何文档,但我有一个程序中的java代码,可以正常解码响应。
以下是java加密客户端的代码段:
private String checkAndDecode(final String base64AndSigned, final Certificate signingCert) throws IOException, SignatureException, NoSuchAlgorithmException {
final byte[] decoded = Base64.decodeBase64(base64AndSigned);
final PKCS7 p7 = new PKCS7(new DerInputStream(decoded));
final SignerInfo[] signerInfo = p7.verify();
final Certificate signerCertificate = signerInfo[0].getCertificate(p7);
if((signingCert != null) && !signingCert.equals(signerCertificate)) {
throw new SignatureException("Signed by incorrect certificate");
}
return new String(p7.getContentInfo().getContentBytes());
}
不幸的是,我真的不懂Java。
如果有人可以帮助我指出正确的方向,那将非常感激。 如果您需要更多信息,请告诉我,我会提供。