如何在不使用 wsf/php 的情况下签署传出的肥皂请求?
How to sign outgoing soap request without using wsf/php?
我正在寻找如何使用 PHP 对 soap header 签名。
soap服务由apache rampart构建,与https://axis.apache.org/axis2/java/rampart/samples.html中的示例2完全相同。
现在,我有一个使用 PHP 开发的 soap 客户端。
我不知道如何签署整个 headers 和 body.
我可以按以下方式提出肥皂请求
<?xml version="1.0" encoding="UTF-8" ?>
<SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/" xmlns:ns1="http://ws.globesteel.com" xmlns:ns2="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" xmlns:SOAP-ENC="http://schemas.xmlsoap.org/soap/encoding/"
xmlns:ns3="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
<SOAP-ENV:Header>
<ns3:Security SOAP-ENV:mustUnderstand="1">
<ns2:Timestamp>
<ns2:Created>2016-07-13T08:16:02Z</ns2:Created>
<ns2:Expires>2016-07-20T06:56:02Z</ns2:Expires>
</ns2:Timestamp>
<ns3:Signature>
<ns3:SignedInfo>
<Signature>
<SignedInfo>
<CanonicalizationMethod>
<Algorithm>http://www.w3.org/2001/10/xml-exc-c14n#</Algorithm>
</CanonicalizationMethod>
<SignatureMethod>
<Algorithm>http://www.w3.org/2000/09/xmldsig#rsa-sha1</Algorithm>
</SignatureMethod>
<Reference>
<SOAP-ENC:Struct>
<Transforms>
<SOAP-ENC:Struct>
<Algorithm>http://www.w3.org/2001/10/xml-exc-c14n#</Algorithm>
</SOAP-ENC:Struct>
</Transforms>
<DigestMethod>
<Algorithm>http://www.w3.org/2000/09/xmldsig#sha1</Algorithm>
</DigestMethod>
<DigestValue>8f6c3a934fc237673e9f1a12793f5507b8103e4a</DigestValue>
<URI>#_body</URI>
<Id/>
</SOAP-ENC:Struct>
<SOAP-ENC:Struct>
<Transforms>
<SOAP-ENC:Struct>
<Algorithm>http://www.w3.org/2001/10/xml-exc-c14n#</Algorithm>
</SOAP-ENC:Struct>
</Transforms>
<DigestMethod>
<Algorithm>http://www.w3.org/2000/09/xmldsig#sha1</Algorithm>
</DigestMethod>
<DigestValue></DigestValue>
<URI>#_control</URI>
<Id/>
</SOAP-ENC:Struct>
</Reference>
</SignedInfo>
<SignatureValue>Yu/DkCbKXAoalySGM2XdieRYhk1rnwhFKNcklXn5l+YgNk3AXEnpr4yDAlReYgU3FGOZh0XGUn8hGWwEs28S+xjrROgb3G/SYKVKbS3EmAU/vLBa+lABn/0NDoGdR/iIv9C7XAr/OBhE++cHA+lktZSS1SUPtfG5BAifN/RtfkE=</SignatureValue>
<KeyInfo>aqePjuZzE1lzwMMtquksvNJsbmI=</KeyInfo>
</Signature>
</ns3:SignedInfo>
</ns3:Signature>
</ns3:Security>
</SOAP-ENV:Header>
<SOAP-ENV:Body>
<ns1:GetAvailableSecurityQuestions/>
</SOAP-ENV:Body>
</SOAP-ENV:Envelope>
但我仍然得到错误 return "Message is not signed".
经过2周的痛苦,我终于用https://github.com/robrichards/xmlseclibs
解决了这个问题
我正在寻找如何使用 PHP 对 soap header 签名。
soap服务由apache rampart构建,与https://axis.apache.org/axis2/java/rampart/samples.html中的示例2完全相同。
现在,我有一个使用 PHP 开发的 soap 客户端。 我不知道如何签署整个 headers 和 body.
我可以按以下方式提出肥皂请求
<?xml version="1.0" encoding="UTF-8" ?>
<SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/" xmlns:ns1="http://ws.globesteel.com" xmlns:ns2="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" xmlns:SOAP-ENC="http://schemas.xmlsoap.org/soap/encoding/"
xmlns:ns3="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
<SOAP-ENV:Header>
<ns3:Security SOAP-ENV:mustUnderstand="1">
<ns2:Timestamp>
<ns2:Created>2016-07-13T08:16:02Z</ns2:Created>
<ns2:Expires>2016-07-20T06:56:02Z</ns2:Expires>
</ns2:Timestamp>
<ns3:Signature>
<ns3:SignedInfo>
<Signature>
<SignedInfo>
<CanonicalizationMethod>
<Algorithm>http://www.w3.org/2001/10/xml-exc-c14n#</Algorithm>
</CanonicalizationMethod>
<SignatureMethod>
<Algorithm>http://www.w3.org/2000/09/xmldsig#rsa-sha1</Algorithm>
</SignatureMethod>
<Reference>
<SOAP-ENC:Struct>
<Transforms>
<SOAP-ENC:Struct>
<Algorithm>http://www.w3.org/2001/10/xml-exc-c14n#</Algorithm>
</SOAP-ENC:Struct>
</Transforms>
<DigestMethod>
<Algorithm>http://www.w3.org/2000/09/xmldsig#sha1</Algorithm>
</DigestMethod>
<DigestValue>8f6c3a934fc237673e9f1a12793f5507b8103e4a</DigestValue>
<URI>#_body</URI>
<Id/>
</SOAP-ENC:Struct>
<SOAP-ENC:Struct>
<Transforms>
<SOAP-ENC:Struct>
<Algorithm>http://www.w3.org/2001/10/xml-exc-c14n#</Algorithm>
</SOAP-ENC:Struct>
</Transforms>
<DigestMethod>
<Algorithm>http://www.w3.org/2000/09/xmldsig#sha1</Algorithm>
</DigestMethod>
<DigestValue></DigestValue>
<URI>#_control</URI>
<Id/>
</SOAP-ENC:Struct>
</Reference>
</SignedInfo>
<SignatureValue>Yu/DkCbKXAoalySGM2XdieRYhk1rnwhFKNcklXn5l+YgNk3AXEnpr4yDAlReYgU3FGOZh0XGUn8hGWwEs28S+xjrROgb3G/SYKVKbS3EmAU/vLBa+lABn/0NDoGdR/iIv9C7XAr/OBhE++cHA+lktZSS1SUPtfG5BAifN/RtfkE=</SignatureValue>
<KeyInfo>aqePjuZzE1lzwMMtquksvNJsbmI=</KeyInfo>
</Signature>
</ns3:SignedInfo>
</ns3:Signature>
</ns3:Security>
</SOAP-ENV:Header>
<SOAP-ENV:Body>
<ns1:GetAvailableSecurityQuestions/>
</SOAP-ENV:Body>
</SOAP-ENV:Envelope>
但我仍然得到错误 return "Message is not signed".
经过2周的痛苦,我终于用https://github.com/robrichards/xmlseclibs
解决了这个问题