如何在不使用 wsf/php 的情况下签署传出的肥皂请求?

How to sign outgoing soap request without using wsf/php?

我正在寻找如何使用 PHP 对 soap header 签名。

soap服务由apache rampart构建,与https://axis.apache.org/axis2/java/rampart/samples.html中的示例2完全相同。

现在,我有一个使用 PHP 开发的 soap 客户端。 我不知道如何签署整个 headers 和 body.

我可以按以下方式提出肥皂请求

<?xml version="1.0" encoding="UTF-8" ?>
<SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/" xmlns:ns1="http://ws.globesteel.com" xmlns:ns2="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" xmlns:SOAP-ENC="http://schemas.xmlsoap.org/soap/encoding/"
xmlns:ns3="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
  <SOAP-ENV:Header>
    <ns3:Security SOAP-ENV:mustUnderstand="1">
      <ns2:Timestamp>
        <ns2:Created>2016-07-13T08:16:02Z</ns2:Created>
        <ns2:Expires>2016-07-20T06:56:02Z</ns2:Expires>
      </ns2:Timestamp>
      <ns3:Signature>
        <ns3:SignedInfo>
          <Signature>
            <SignedInfo>
              <CanonicalizationMethod>
                <Algorithm>http://www.w3.org/2001/10/xml-exc-c14n#</Algorithm>
              </CanonicalizationMethod>
              <SignatureMethod>
                <Algorithm>http://www.w3.org/2000/09/xmldsig#rsa-sha1</Algorithm>
              </SignatureMethod>
              <Reference>
                <SOAP-ENC:Struct>
                  <Transforms>
                    <SOAP-ENC:Struct>
                      <Algorithm>http://www.w3.org/2001/10/xml-exc-c14n#</Algorithm>
                    </SOAP-ENC:Struct>
                  </Transforms>
                  <DigestMethod>
                    <Algorithm>http://www.w3.org/2000/09/xmldsig#sha1</Algorithm>
                  </DigestMethod>
                  <DigestValue>8f6c3a934fc237673e9f1a12793f5507b8103e4a</DigestValue>
                  <URI>#_body</URI>
                  <Id/>
                </SOAP-ENC:Struct>
                <SOAP-ENC:Struct>
                  <Transforms>
                    <SOAP-ENC:Struct>
                      <Algorithm>http://www.w3.org/2001/10/xml-exc-c14n#</Algorithm>
                    </SOAP-ENC:Struct>
                  </Transforms>
                  <DigestMethod>
                    <Algorithm>http://www.w3.org/2000/09/xmldsig#sha1</Algorithm>
                  </DigestMethod>
                  <DigestValue></DigestValue>
                  <URI>#_control</URI>
                  <Id/>
                </SOAP-ENC:Struct>
              </Reference>
            </SignedInfo>
            <SignatureValue>Yu/DkCbKXAoalySGM2XdieRYhk1rnwhFKNcklXn5l+YgNk3AXEnpr4yDAlReYgU3FGOZh0XGUn8hGWwEs28S+xjrROgb3G/SYKVKbS3EmAU/vLBa+lABn/0NDoGdR/iIv9C7XAr/OBhE++cHA+lktZSS1SUPtfG5BAifN/RtfkE=</SignatureValue>
            <KeyInfo>aqePjuZzE1lzwMMtquksvNJsbmI=</KeyInfo>
          </Signature>
        </ns3:SignedInfo>
      </ns3:Signature>
    </ns3:Security>
  </SOAP-ENV:Header>
  <SOAP-ENV:Body>
    <ns1:GetAvailableSecurityQuestions/>
  </SOAP-ENV:Body>
</SOAP-ENV:Envelope>

但我仍然得到错误 return "Message is not signed".

经过2周的痛苦,我终于用https://github.com/robrichards/xmlseclibs

解决了这个问题