大家好,我有下一个XML:
<ds:SignedInfo>
<ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
<ec:InclusiveNamespaces PrefixList="wsa cor soap"
xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#"/>
</ds:CanonicalizationMethod>
<ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
<ds:Reference URI="#id-2">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
<ec:InclusiveNamespaces PrefixList="cor"
xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#"/>
</ds:Transform>
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<ds:DigestValue>oGDoMATVcLIjqmglMqUJSkezEfM=</ds:DigestValue>
</ds:Reference>
<ds:Reference URI="#TS-23">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
<ec:InclusiveNamespaces PrefixList="wsse wsa cor soap"
xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#"/>
</ds:Transform>
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<ds:DigestValue>4oZ/yS5H6z/sRpotlj3lcPzs5t0=</ds:DigestValue>
</ds:Reference>
</ds:SignedInfo>
接下来尝试计算签名:
$this->privateKey = openssl_pkey_get_private($key, $passphrase);
$dom = new DOMDocument();
$dom->loadXML($xml_signed_info);
$xml_signed_info = $dom->C14N();
openssl_sign($xml_signed_info, $signature, $this->privateKey, OPENSSL_ALGO_SHA1);
$signature = base64_encode($signature);
下一个私钥:
-----BEGIN RSA PRIVATE KEY-----
MIICXQIBAAKBgQDhMZM9vKUJXMEHR60ZPF9vmGF5pJvx3jL5kY491sRmgnS4eluV
kvqSnXfrT+ZG82nGYZhRiLVnwKvE6/Zv8QnCSJsPCwTffEuF147CPW4/5ofMA97e
tn7xr557lckVALHwAfGiDXJLkMAsECc4AoGGOs9Iv6a5ru+AXlRDW63VGQIDAQAB
AoGAbUsBOiJXOs8AhAb+dNP/QYsEK+R/Jwj/Vm6VSV/1nAbOnUYNMu/NmuC/9b2m
dmLmwDhXk6K04DD7bKxUw4mJgQ8pp4z56PfKf3TqPD+jRmz6/9MqXj5krLfroEDZ
E23m6orSMSKjXFI9puMRL9jLIw1/KTRv0tmiuAgaEjTXFzECQQD7hzYM02e+6R76
c8uXk3PND8CmWtjbupPesCUwWalq5fnvy0E9chjYY7T/o4uzWJh/hpeCYQYZ98jX
YRDOPmitAkEA5TKBv+0OOc2VDxr4Xwwkcj+9BPrtwlcjiCc/UTbzDvLbMuz7/3Fk
pgK/ONIjlrpHTHhLOCEHr2umuzVWgYuPnQJBANNcMGggsZo0TQrKiTdq+bFEXm+s
AXTK2P0U6XsyrPGeJSOCmeTnXsdfKbZzmK3xcdwfnms52qWxmPybnUKiINUCQQCX
Wy5CH3sogvHvwsDIi805wYvC0S7YCxGE5V4z9NS4R3qn+8ZCn5B27RN4o5UrAaL6
Bequi2l24nJt6MBS1mYlAkA011+7aJf5WOWXkJuxTfESNaaOnGlGBFG8sIzZcCaC
Ys5wMmDGqPa477BItd79J8b1uChlZV2BVC6PTQDDMp1L
-----END RSA PRIVATE KEY-----
尝试向SignedInfo块添加不同的名称空间。但是签名始终是错误的-api无法接受我的签名。
也许您有任何想法?或有类似问题? 我需要帮助:(