Royal Mail Shipping API - SOAP 连接和 pem/certificates 查询

Royal Mail Shipping API - SOAP connection & pem/certificates query

我正在尝试设置 Royal Mail Shipping API(如果有人对此有任何经验,如果您能提供帮助,我将不胜感激)。

在他们提供的文档中,我需要下载一个证书(一个 .p12 文件)并将其导入我的 Windows 机器 - 使用 'Certificate Import Wizard' 这非常简单。一旦达到“设置安全级别”,我必须 select & 这将在每次使用时请求密码权限。

在 Internet Explorer 中 'Internet Options' 的“内容”选项卡中,我可以查看证书,并且可以清楚地看到该证书已导入且尚未过期。

下一步是提取证书组件,这里我必须运行以下三个命令使用OpenSSL生成.pem文件。

$ openssl pkcs12 -in mycert.p12 -cacerts -nokeys -out cacert.pem
$ openssl pkcs12 -in mycert.p12 -clcerts -nokeys -out mycert.pem
$ openssl pkcs12 -in mycert.p12 -nocerts -nodes -out mykey.pem 

文档指出 cacert.pem 文件可以由使用文件本身的应用程序直接引用 ,我相信我已经在我的 PHP 中完成了脚本但是不清楚我应该把其他 mycert & mykey pem 文件放在哪里.

文档对此有如下说明:-

How an application passes the issued client SSL certificate when establishing an SSL network connection to is application and environment dependent but it would essentially need to access both the "mycert.pem" and "mykey.pem" file, or in some cases, a single combined file containing both cert and key.

所以它没有说明应用程序如何使用这两个文件,目前我只是将它们留在与 cacert.pem 文件相同的目录中。

如果我尝试直接从浏览器访问 url https://api.royalmail.com/shipping/onboarding,它要求我 select 一个证书,我 select 这个 & 然后输入当它询问 'Grant or deny permission to use this key' 时正确密码。一旦我输入正确的密码,就会出现以下页面 - 任何人都可以确认这是否意味着问题出在我这边,或者皇家邮政在他们这边没有正确配置的东西。

除此之外,我拥有的用于将 SOAP 请求发送到 Shipping API 的实际 PHP 脚本无法正常工作(可能与上述所有内容有关)。

在我的 PHP 脚本中,soapclient 选项设置如下:

$soapclient_options['cache_wsdl'] = 'WSDL_CACHE_NONE'; 
$soapclient_options['local_cert'] = 'certs/cacert.pem';
$soapclient_options['passphrase'] = $api_certificate_passphrase;
$soapclient_options['trace'] = true;
$soapclient_options['ssl_method'] = 'SOAP_SSL_METHOD_SSLv3';
$soapclient_options['location'] = 'https://api.royalmail.com/shipping/onboarding';

$client = new SoapClient('SAPI/ShippingAPI_V2_0_8.wsdl', $soapclient_options);
$client->__setLocation($soapclient_options['location']);

当我 运行 PHP 脚本(这基本上是皇家邮政为自己提供我自己的个人 API 登录详细信息的相同代码)我在浏览器:

Could not connect to host 
REQUEST: email@yoursite.co.ukAPI rngfJ+4dt4Gt855a5pr6u38i3B4= ODcwMTE5Nzc3 2015-10-13T11:02:20Z 2015-10-13T11:02:201.00526348001DeliveryDSD12015-10-13bobSS23, Some AvenueLondonE10g1000000

显然这无法连接到主机,原因不明,后者只是发送的请求。 PHP 脚本的其余部分与他们发送给我的 Royal Mail 脚本完全相同并且已确认已被其他人使用并且工作正常。

我在 WAMP 环境中工作,尽管最终代码将在 Linux 环境中。 谁能帮忙我真的很困惑&皇家邮政自己还没有能够提供任何可靠的技术支持。

更新

这是浏览器中显示的完整错误消息(为了安全起见,我已经更改了电子邮件地址)

Invalid Request REQUEST: myemail@company.co.ukAPI dgCW98Vqw3ladYgPPpNialODhvI= MTMzMjE1NjM4 2015-10-13T13:25:30Z 2015-10-13T13:25:302.00526348001DeliveryDSD12015-10-13Jon DoeSS23, Some RoadLondonE10g1000000

I've merged the two pem files into a single file called 'bundle.pem' & referenced this in the 'local_cert' variable for the SoapClient & BINGO this is now connecting. This now longer shows the Could not connect but states an 'Invalid Request' instead, so at least now this is connecting and giving me a different error.

我的整个 PHP 脚本如下:

<?php

ini_set('default_socket_timeout', 120);
ini_set('soap.wsdl_cache_enabled',1);
ini_set('soap.wsdl_cache_ttl',1);

$api_password = "xxxxxxxxxxxxxx!";
$api_username = "xxxxxxxxx@xxxxxxxxx.co.ukAPI";
$api_application_id = "xxxxxxxxxxxx";
$api_service_type = "D";
$api_service_code = "SD1";
$api_service_format = "";
$api_certificate_passphrase = 'xxxxxxxxxx';
$api_service_enhancements = "";

$data = new ArrayObject();
$data->order_tracking_id = "";
$data->shipping_name = "Jon Doe";
$data->shipping_company = "SS";
$data->shipping_address1 = "23, Some Road"; 
$data->shipping_address2 = "";
$data->shipping_town = "London";
$data->shipping_postcode = "E1";
$data->order_tracking_boxes = "0";
$data->order_tracking_weight = "1000";    

$time = gmdate('Y-m-d\TH:i:s');
$created = gmdate('Y-m-d\TH:i:s\Z');
$nonce = mt_rand();
$nonce_date_pwd = pack("A*",$nonce) . pack("A*",$created) . pack("H*", sha1($api_password));
$passwordDigest = base64_encode(pack('H*',sha1($nonce_date_pwd)));
$ENCODEDNONCE = base64_encode($nonce);


$soapclient_options = array(); 
$soapclient_options['cache_wsdl'] = 'WSDL_CACHE_NONE'; 
$soapclient_options['local_cert'] = 'royalmail/cert/bundle.pem';
$soapclient_options['passphrase'] = $api_certificate_passphrase;
$soapclient_options['trace'] = true;
$soapclient_options['ssl_method'] = 'SOAP_SSL_METHOD_SSLv3';
$soapclient_options['exceptions'] = true;
$soapclient_options['location'] = 'https://api.royalmail.com/shipping/onboarding';

//launch soap client
$client = new SoapClient('royalmail/ShippingAPI_V2_0_8.wsdl', $soapclient_options);
$client->__setLocation($soapclient_options['location']);

//headers needed for royal mail
$HeaderObjectXML  = '<wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"
                      xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
           <wsse:UsernameToken wsu:Id="UsernameToken-000">
              <wsse:Username>'.$api_username.'</wsse:Username>
              <wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordDigest">'.$passwordDigest.'</wsse:Password>
              <wsse:Nonce EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary">'.$ENCODEDNONCE.'</wsse:Nonce>
              <wsu:Created>'.$created.'</wsu:Created>
           </wsse:UsernameToken>
       </wsse:Security>';

//push the header into soap
$HeaderObject = new SoapVar( $HeaderObjectXML, XSD_ANYXML );

//push soap header
$header = new SoapHeader( 'http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd', 'Security', $HeaderObject );
$client->__setSoapHeaders($header);

//build the request
$request = array(
    'integrationHeader' => array(
        'dateTime' => $time,
        'version' => '1.0',
        'identification' => array(
            'applicationId' => $api_application_id,
            'transactionId' => $data->order_tracking_id
        )
    ),
    'requestedShipment' => array(
                                'shipmentType' => array('code' => 'Delivery'),
                                'serviceOccurence' => '1',
                                'serviceType' => array('code' => $api_service_type),
                                'serviceOffering' => array('serviceOfferingCode' => array('code' => $api_service_code)),
                                'serviceFormat' => array('serviceFormatCode' => array('code' => $api_service_format)),
                                'shippingDate' => date('Y-m-d'),
                                'recipientContact' => array('name' => $data->shipping_name, 'complementaryName' => $data->shipping_company),
                                'recipientAddress' => array('addressLine1' => $data->shipping_address1,  'addressLine2' => $data->shipping_address2, 'postTown' => $data->shipping_town, 'postcode' => $data->shipping_postcode),
                                'items' => array('item' => array(
                                            'numberOfItems' => $data->order_tracking_boxes,
                                            'weight' => array( 'unitOfMeasure' => array('unitOfMeasureCode' => array('code' => 'g')), 'value' => ($data->order_tracking_weight*1000) //weight of each individual item
                                                             )
                                                                )
                                                )
                                )               
);


//if any enhancements, add it into the array
if($api_service_enhancements != "") {
    $request['requestedShipment']['serviceEnhancements'] = array('enhancementType' => array('serviceEnhancementCode' => array('code' => $api_service_enhancements)));
}

//try make the call
try { 
    $response = $client->__soapCall( 'createShipment', array($request), array('soapaction' => 'https://api.royalmail.com/shipping/onboarding') );
} catch (Exception $e) {
    //catch the error message and echo the last request for debug
    echo $e->getMessage(); 
    echo " REQUEST:\n" . $client->__getLastRequest() . "\n";
    die;
}

//check for any errors
if(isset($response->integrationFooter->errors)) { 
    $build = "";

    //check it wasn't a single error message
    if(isset($response->integrationFooter->errors->error->errorCode)) { 
        $build .= $output_error->errorCode.": ".$output_error->errorDescription."<br/>"; 
    } else {
        //loop out each error message, throw exception will be added ehre
        foreach($response->integrationFooter->errors->error as $output_error) { 
            $build .= $output_error->errorCode.": ".$output_error->errorDescription."<br/>";
        }
    }

    echo $build; die;

}

print_r($response);

echo "REQUEST:\n" . $client->__getLastRequest() . "\n";
die;            
?>

为了更加清楚,我在 $request 变量到达 try/catch 块之前添加了一个转储(注意这有点长)。

Array
(
    [integrationHeader] => Array
        (
        [dateTime] => 2015-10-13T13:34:44
        [version] => 1.0
        [identification] => Array
            (
                [applicationId] => 0526348001
                [transactionId] => 
            )

    )

[requestedShipment] => Array
    (
        [shipmentType] => Array
            (
                [code] => Delivery
            )

        [serviceOccurence] => 1
        [serviceType] => Array
            (
                [code] => D
            )

        [serviceOffering] => Array
            (
                [serviceOfferingCode] => Array
                    (
                        [code] => SD1
                    )

            )

        [serviceFormat] => Array
            (
                [serviceFormatCode] => Array
                    (
                        [code] => 
                    )

            )

        [shippingDate] => 2015-10-13
        [recipientContact] => Array
            (
                [name] => Jon Doe
                [complementaryName] => SS
            )

        [recipientAddress] => Array
            (
                [addressLine1] => 23, Some Road
                [addressLine2] => 
                [postTown] => London
                [postcode] => E1
            )

        [items] => Array
            (
                [item] => Array
                    (
                        [numberOfItems] => 0
                        [weight] => Array
                            (
                                [unitOfMeasure] => Array
                                    (
                                        [unitOfMeasureCode] => Array
                                            (
                                                [code] => g
                                            )

                                    )

                                [value] => 1000000
                            )

                    )

            )

    )

)

首先,直接访问 https://api.royalmail.com/shipping/onboarding 是行不通的,因为它只能通过 API 访问。

对于 Royal Mail,您是否拥有所有 CDM 文件和 WSDL 文件?确保 CDM 文件与 WSDL 文件位于同一目录中。

这是我在使用 API;

时所做的
$client = new SoapClient("/royalmail/ShippingAPI_V2_0_8.wsdl", array(
                                                    'trace' => 1,
                                                    'location'   => $location, //https://api.royalmail.com/shipping
                                                    'soap_version' => SOAP_1_1,
                                                    'local_cert' => '/royalmail/cert/cert.pem',
                                                    'passphrase' => 'xxx',
                                                    'exceptions' => true
                                                ));

然后,当真正建立连接时,我做了这样的事情:

    $password = 'xxx';

    $date = gmdate('Y-m-d\TH:i:s\Z');
    $nonce = mt_rand();
    $nonce_date_pwd = pack("A*",$nonce) . pack("A*",$date) . pack("H*", sha1($password));
    $encoded_password = base64_encode(pack('H*',sha1($nonce_date_pwd)));
    $encoded_nonce = base64_encode($nonce);

    $HeaderObjectXML  = '<wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"
                              xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
                   <wsse:UsernameToken wsu:Id="UsernameToken-0000">
                      <wsse:Username>Username</wsse:Username>
                      <wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordDigest">' . $encoded_password . '</wsse:Password>
                      <wsse:Nonce EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary">' . $encoded_nonce . '</wsse:Nonce>
                      <wsu:Created>'.$date.'</wsu:Created>
                   </wsse:UsernameToken>
               </wsse:Security>';

    $HeaderObject = new SoapVar( $HeaderObjectXML, XSD_ANYXML );

    $header = new SoapHeader( 'http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd', 'Security', $HeaderObject );
    $client->__setSoapHeaders( $header );

    $request = array('the shipment request');

    try {
        $client->__soapCall( 'createShipment', array($request) );
    }
    catch (SoapFault $soapFault) {
       print_r($soapFault);
    }

希望对您有所帮助。

编辑

试试这个请求

认为 如果我没记错的话,您需要为该服务事件使用版本 2。另外,只是...格式化。使调试更容易。

$request = Array(

    'integrationHeader' => array(
        'dateTime' => date('Y-m-d\TH:i:s'),
        'version' => '2',
        'identification' => array(
            'applicationId' => $api_application_id,
            'transactionId' => $data->order_tracking_id
        ),

    ),

    'requestedShipment' => array(   
        'shipmentType' => array(
            'code' => 'Delivery'
        ),
    'serviceOccurrence' => 1,
        'serviceType' => array(
            'code' => $api_service_type
        ),
        'serviceOffering' => array(
            'serviceOfferingCode' => array(
                'code' => $api_service_code
            )
        ),
        'serviceFormat' => array(
            'serviceFormatCode' => array(
                'code' => $api_service_format
            )
        ),
        'shippingDate' => gmdate('Y-m-d'),
        'recipientContact' => array(
            'name' => $data->shipping_name,
            'complementaryName' => $data->shipping_company
        ),
        'recipientAddress' => array(
            'addressLine1' => $data->shipping_address1,
            'addressLine2' => $data->shipping_address2,
            'postTown' => $data->shipping_town,
            'postcode' => $data->shipping_postcode
        ),
        'items' => array(
            'item' => array(
                'numberOfItems' => $data->order_tracking_boxes,
                'weight' => array(
                    'unitOfMeasure' => array(
                        'unitOfMeasureCode' => array(
                            'code' => 'g'
                        )
                    ),
                    'value' => ($data->order_tracking_weight*1000)
                )
            )
        )

    )
);

!虽然您提到您已经完成了大部分步骤,但我还是会详细说明它们以完成说明

正在将 CA 安装到服务器

  • 上传p12文件到服务器(以/root/Desktop为例)
  • 运行下面3条命令安装
openssl pkcs12 -in mycert.p12 -cacerts -nokeys -out cacert.pem
openssl pkcs12 -in mycert.p12 -clcerts -nokeys -out mycert.pem
openssl pkcs12 -in mycert.p12 -nocerts -nodes -out mykey.pem 
  • 现在将 *.pem 个文件复制到 /etc/ssl/certs
    • 我想在这里创建一个子目录(mkdir royalmail)
    • 并移动 *.pem 个文件 (mv *.pem /etc/ssl/certs/certificates)
  • 现在新建一个文件,把mycert.pemmykey.pem的内容复制进去(只从-----BEGIN .... -------到EOF)

您应该有以下文件;

使用 SOAPClient

现在证书已安装,我们现在可以测试连接(假设您的证书在 /etc/pki/tls/certs/certificates/royalmail/shippingv2 中)

如果你运行

wget https://api.royalmail.com/shipping/onboarding --private-key=/etc/ssl/certs/certificates/royalmail/shippingv2/rm_bundle.pem --private-key-type=PEM

您应该能够连接到端口 443(尽管 OpenSSL 中可能存在握手失败 - 至少在我刚刚在暂存环境中进行的测试中是这样)。

我们现在可以使用 WSDL 的本地副本并在 $options 参数中指定本地证书来实例化 SoapClient

$objSoapClient = new \SoapClient('lib/wsdl/royalmail/shipping/ShippingAPI_V2_0_8.wsdl', array(
    'soap_version' => SOAP_1_1,
    'trace' => 1,
    'uri' => 'http://www.royalmailgroup.com/api/ship/V2',
    'location' => 'https://api.royalmail.com/shipping/onboarding',
    'local_cert' => '/etc/ssl/certs/certificates/royalmail/shippingv2/rm_bundle.pem',
    'passphrase' => '', //Your passphrase when doing step 1
    'ssl_method' => 'SOAP_SSL_METHOD_TLS',
    'exceptions' => 1,
    'trace' => 1
));

身份验证

在您的文档中,您应该找到一个名为 rm_password_digest.php 或类似名称的文件,其中详细说明了如何创建身份验证 headers。

/* The value below should be changed to your password.  If you store the password  */  
/* as hashed in your database, you will need to change the code below to remove hashing */

$password = 'just_my_royalmail_api_password';

/* CREATIONDATE - The timestamp. The computer must be on correct time or the server you are
* connecting may reject the password digest for security.
*/
$CREATIONDATE = gmdate('Y-m-d\TH:i:s\Z');

/* NONCE - A random word. The use of rand() may repeat the word if the server is
* very loaded.
*/
$nonce = mt_rand();

/* PASSWORDDIGEST This is the way to create the password digest. As per OASIS standard
*  digest = base64_encode(Sha1(nonce + creationdate + password)
*  however note that we use a SHA1(password) instead of the password above
*/
$nonce_date_pwd = pack("A*",$nonce) . pack("A*",$CREATIONDATE) . pack("H*", sha1($password));
$PASSWORDDIGEST = base64_encode(
pack('H*', sha1($nonce_date_pwd)));

/* ENCODEDNONCE - Now encode the nonce for security header */

$ENCODEDNONCE = base64_encode($nonce);

/* Now Print all the values - so we can use it for testing with tools like soapui */

print "WS Security Header elements \n";
print "--------------------------- \n";
print 'Nonce = ' . $nonce;
print "\n";
print 'PASSWORDDIGEST= ' . $PASSWORDDIGEST;
print "\n";
print 'ENCODEDNONCE= ' . $ENCODEDNONCE;
print "\n";
print "CREATIONDATE= " . $CREATIONDATE;

这将帮助您在 SOAPHeader 中构建以下内容

<wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
    <wsse:UsernameToken wsu:Id="UsernameToken-0000">
        <wsse:Username>[...]</wsse:Username>
        <wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordDigest">[...]</wsse:Password>
        <wsse:Nonce EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary">[...]</wsse:Nonce>
        <wsu:Created>[...]</wsu:Created>
    </wsse:UsernameToken>
</wsse:Security>