使用 PHP SoapClient 将加密值传递到 .Net SOAP 服务时出现问题
我有一个 SOAP 服务,正在使用 PHP 5.3.1 的内置 SoapClient 进行调用。我必须在服务上执行的第一个操作是自定义身份验证操作,我必须传递的必需参数之一是我使用 PHP 的 mcrypt 创建的 3DES 加密字符串,如下所示:
$encryptionKey = '1234myKey1234';
$currentFormattedDate = date ("Y/m/d H:i");
$encryptedString = mcrypt_encrypt('tripledes', $encryptionKey, $currentFormattedDate, 'ecb');
如果我尝试仅传递 $当我从 mcrypt_encrypt() 获取它时,我收到了一个致命错误,并且没有进行任何调用:
致命错误:SOAP-错误:编码:字符串“d\xe0...”不是 /path/to/file 中的有效 utf-8 字符串
但是,如果我 utf8_encode() 字符串本身:
$encryptedString = utf8_encode($encryptedString)
然后进行调用,但他们的网络服务响应以下错误:
格式化程序在尝试反序列化消息时抛出异常:尝试反序列化参数时出错 http:// tempuri.org/:argStatusDate。 InnerException 消息是“反序列化 System.String 类型的对象时出错”。字节 0x19 在此位置无效。第 2 行,位置 318。'。
在尝试了很多事情之后,我又回到了原点,这是我在这个过程中最接近成功的一次。我已经验证我可以只传递一个伪造的字符串,这会导致无法进行身份验证的预期响应。
我认为这不会有任何区别,因为我相信 SOAP 调用最终是作为 utf8 进行的,但我尝试设置 'encoding' =>在 PHP 中构造我的 SoapClient 时出现“ISO-8859-1”,并且出现相同的错误。已进行调用,但服务器响应反序列化错误。
有谁知道更好的方法让我处理这个加密字符串,让我的 PHP 客户端和他们的 .Net Web 服务都满意?
也许问题出在他们身上?
FWIW,我还可以要求我们根据他们的文档将加密方法更改为“Rijndael AES Block Cypher”。不确定这是否会导致更容易处理字符串。
I have a SOAP service I am calling with PHP 5.3.1's builtin SoapClient. The first operation I must perform on the service is a custom authentication operation, and one of the required parameters I must pass is a 3DES encrypted string which I am creating using PHP's mcrypt, like so:
$encryptionKey = '1234myKey1234';
$currentFormattedDate = date ("Y/m/d H:i");
$encryptedString = mcrypt_encrypt('tripledes', $encryptionKey, $currentFormattedDate, 'ecb');
If I try to just pass $encryptedString as I get it from mcrypt_encrypt() I get a fatal error on my side and no call is made:
Fatal error: SOAP-ERROR: Encoding: string 'd\xe0...' is not a valid utf-8 string in /path/to/file
However if I utf8_encode() the string as such:
$encryptedString = utf8_encode($encryptedString)
Then the call is made but their webservice responds with the following error:
The formatter threw an exception while trying to deserialize the message: There was an error while trying to deserialize parameter http://tempuri.org/:argStatusDate. The InnerException message was 'There was an error deserializing the object of type System.String. The byte 0x19 is not valid at this location. Line 2, position 318.'.
This is the closest I can get to success with this process after having tried so many things that I'm back to square one. I have verified I can just pass a bogus string which results in the expected response of not being able to authenticate.
I don't think this should make any difference since I believe the SOAP call is ultimately made as utf8, but I have tried setting 'encoding' => 'ISO-8859-1' when constructing my SoapClient in PHP and I get the same error. The call is made but the server responds with the deserialization error.
Does anyone know a better way for me to treat this encrypted string that will please both my PHP client and their .Net webservice?
Maybe the problem is on their end?
FWIW, I can also request that we change the encryption method to "Rijndael AES Block Cypher" per their documentation. Not sure if that would result in an easier to handle string.
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
您可能需要在开始和结束标记内的 Base 64 编码 CDATA 段中对数据进行编码。您可能想向服务的创建者索取示例,或者 - 如果它是 Web 服务 - 尝试下载定义,甚至创建一个客户端 通过发现。请注意,最后一个链接是使用 Google 搜索找到的,我已经有一段时间没有使用 PHP 了。
[编辑] 更改密码对此无济于事,尽管任何事情都比 ECB 编码 XML 更好
You probably need to encode the data in a base 64 encoded CDATA segment inside the opening and closing tags. You might want to ask the creater of the service for a sample, or - if it is a webservice - try to download the definition or even create a client through discovery. Note that the last link was found using Google search, I've been out of PHP for a while.
[EDIT] changing the cipher won't help for this, although anything is better than ECB encoding XML