如何使用 PHP/linux 工具为封装的 XML 签名生成 DigestValue 和 SignatureValue
我一直在尝试寻找一些有关如何为 XML 签名 (WSDL) 生成 DigestValue 和 SignatureValue 的示例。
下面是应用程序的 SOAP 示例:
<?xml version="1.0" encoding="UTF-8"?>
<soapenv:Envelope xmlns:SOAP-SEC="http://schemas.xmlsoap.org/soap/security/2000-12" xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<soapenv:Header>
<SOAP-SEC:Signature soapenv:actor="" soapenv:mustUnderstand="0">
<ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<ds:SignedInfo>
<ds:CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/>
<ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
<ds:Reference URI="#Body">
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<ds:DigestValue></ds:DigestValue>
</ds:Reference>
</ds:SignedInfo>
<ds:SignatureValue></ds:SignatureValue>
</ds:Signature>
</SOAP-SEC:Signature>
</soapenv:Header>
<soapenv:Body Id="Body">
<SomeApplicationMethod soapenv:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/">
<Application href="#id0"/></SomeApplicationMethod>
<multiRef id="id0" soapenc:root="0" soapenv:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/" xmlns:ns1="urn:NCDServices" xmlns:soapenc="http://schemas.xmlsoap.org/soap/encoding/" xsi:type="ns1:SomeApplicationMethod">
<param2 xsi:type="soapenc:string">123456</param2>
<param3 xsi:type="soapenc:string">someString</param3>
<param4 xsi:type="soapenc:string">string123 bla bla</param4>
<param5 xsi:type="soapenc:string">0</param5>
</multiRef>
</soapenv:Body>
</soapenv:Envelope>
我有一个来自应用程序提供商的示例,但我似乎无法生成与示例相同的 DigestValue 和 SignatureValue。根据应用程序文档,我需要从整个 Body 部分创建摘要值。
我确实知道我必须规范化、sha1,然后进行 Base64 编码。但是我如何规范化正文部分呢? (sha1 和 base64 编码很容易理解)。
最初我想尝试创建一个字符串 var:
$whole_body = '<soapenv:Body Id="Body"> ........stuff inside...... </soapenv:Body>';
但后来我发现 PHP 中没有 c14n 函数之类的东西(至少没有像 var 这样的字符串,以及 PHP 5.2 及以下版本;不用担心,我有 5.2.6 )。
我查看了 xmlseclibs.php 代码,它似乎使用 DOMelement 对象来获取 C14N 函数。我对 DOMelement 不是很熟悉。
我尝试使用 xmlseclibs.php 来签署我的 XML,但它似乎不起作用,我从应用程序中收到“签名无效”错误。
有人可以帮助启发新手吗(读,我:))?
非常感谢您的合作。
i have been trying to find some examples on how to generate DigestValue and SignatureValue for XML signature (WSDL).
Below is a sample SOAP for the application:
<?xml version="1.0" encoding="UTF-8"?>
<soapenv:Envelope xmlns:SOAP-SEC="http://schemas.xmlsoap.org/soap/security/2000-12" xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<soapenv:Header>
<SOAP-SEC:Signature soapenv:actor="" soapenv:mustUnderstand="0">
<ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<ds:SignedInfo>
<ds:CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/>
<ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
<ds:Reference URI="#Body">
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<ds:DigestValue></ds:DigestValue>
</ds:Reference>
</ds:SignedInfo>
<ds:SignatureValue></ds:SignatureValue>
</ds:Signature>
</SOAP-SEC:Signature>
</soapenv:Header>
<soapenv:Body Id="Body">
<SomeApplicationMethod soapenv:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/">
<Application href="#id0"/></SomeApplicationMethod>
<multiRef id="id0" soapenc:root="0" soapenv:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/" xmlns:ns1="urn:NCDServices" xmlns:soapenc="http://schemas.xmlsoap.org/soap/encoding/" xsi:type="ns1:SomeApplicationMethod">
<param2 xsi:type="soapenc:string">123456</param2>
<param3 xsi:type="soapenc:string">someString</param3>
<param4 xsi:type="soapenc:string">string123 bla bla</param4>
<param5 xsi:type="soapenc:string">0</param5>
</multiRef>
</soapenv:Body>
</soapenv:Envelope>
I have a single example from the application provider and I cant seem to produce the same DigestValue and SignatureValue as the sample. According to the application documentation, i need to create the digestValue from the whole Body section.
I do know that i have to cannonicalize, sha1, then base64encode. But how do i cannonicalize the body section? (sha1 and base64 encode is easy enough to understand).
Initially i want to try creating a string var:
$whole_body = '<soapenv:Body Id="Body"> ........stuff inside...... </soapenv:Body>';
but then i found out that there is no such thing as c14n function in PHP (at least not for string like var, and PHP 5.2 and below; not a worry, i have 5.2.6).
I took at look at xmlseclibs.php code and it seems to use DOMelement object to get C14N function. I am not very familiar on what DOMelement is..
I tried using xmlseclibs.php to sign my XML, but it doesnt seem to work, i got 'signature not valid' error from the application.
Can someone help enlighten the newbie (reads, me :) ) ?
Thank you very much for your cooperation.
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(2)
嗯..我实际上不久前就让它工作了。
我最终使用了 Rob Richards 的 xmlseclibs。 http://code.google.com/p/xmlseclibs/
我建议您尝试一下库,它非常容易使用。
Hmm.. I actually manage to get it working a while ago.
I ended up using xmlseclibs by Rob Richards. http://code.google.com/p/xmlseclibs/
I suggest you try that library, it is extremely easy to use.
那应该可以达到你的目的。
我还忙于 XML-DSIG,并且想知道要规范化哪些部分,因为我收到的文档很差......:(
That should do your trick.
I am also busy with XML-DSIG, and wondering what pieces to canonicalize, since I received poor documentation... :(