带有签名证书的PHP Soapcall

Question

我一直在尝试使此工作正常，但似乎根本没有任何工作...

我目前有（无法获得）来自政府的SOAP服务。现在，我可以在SoapUI中使用SOAP调用，但是我需要在代码（php）中使用它。

现在，他们希望我做一个名为“工作”的工作，因此在SoapUI中拥有所谓的“ WS-Security Configuration”。我将其设置如下：

Timestamp WSS条目的TTL只有60，没有毫秒精度。

现在，应该完成请求WSS的配置（我已经在其中进行了密钥存储）

一旦我转到请求，我只需要添加以下正文：

现在我得到了一个响应，就像在SoapUI（5.5.0）中所说的那样，就像一个咒语一样。

[当我尝试在PHP中执行相同的操作时，它不起作用...我发现了一个非常老的类，实际上应该使用该证书的PEM密钥和密码对调用进行身份验证...

我认为确实可行，（虽然不确定）

我找到并修改的代码如下：

https://gitlab.com/snippets/1930847

我现在使用以下代码调用该代码：

$client_options = [
            'ssl' => [
                'cert' => storage_path('checkinatwork/keystore.p12'),
                'certpasswd' => 'MY_PASSWORD_OF_THE_KEY'
            ]
        ];
        $client = new SignedSoapClient('https://www.url.be/registry/dbffff0b-ed82-4ac5-8422-826bad0fbcd6/SecurityTokenService/1.0/be/socialsecurity/sts/v1/SecurityTokenService_v1.wsdl', $client_options);

        $client->__setLocation('https://url.be/SecurityTokenService/v1');
        $request = $client->__soapCall('RequestSecurityToken', []);
        return $request->__getLastRequest();

我从服务器获得的响应如下（我使用Laravel命令中的代码，因此添加了-v选项。

* Expire in 0 ms for 6 (transfer 0x555976dc88a0)
* Expire in 1 ms for 1 (transfer 0x555976dc88a0)
* Expire in 0 ms for 1 (transfer 0x555976dc88a0)
* Expire in 2 ms for 1 (transfer 0x555976dc88a0)
* Expire in 0 ms for 1 (transfer 0x555976dc88a0)
* Expire in 1 ms for 1 (transfer 0x555976dc88a0)
* Expire in 4 ms for 1 (transfer 0x555976dc88a0)
* Expire in 1 ms for 1 (transfer 0x555976dc88a0)
* Expire in 1 ms for 1 (transfer 0x555976dc88a0)
* Expire in 4 ms for 1 (transfer 0x555976dc88a0)
* Expire in 2 ms for 1 (transfer 0x555976dc88a0)
* Expire in 2 ms for 1 (transfer 0x555976dc88a0)
* Expire in 4 ms for 1 (transfer 0x555976dc88a0)
* Expire in 3 ms for 1 (transfer 0x555976dc88a0)
* Expire in 3 ms for 1 (transfer 0x555976dc88a0)
* Expire in 8 ms for 1 (transfer 0x555976dc88a0)
* Expire in 4 ms for 1 (transfer 0x555976dc88a0)
* Expire in 4 ms for 1 (transfer 0x555976dc88a0)
* Expire in 16 ms for 1 (transfer 0x555976dc88a0)
* Expire in 7 ms for 1 (transfer 0x555976dc88a0)
* Expire in 7 ms for 1 (transfer 0x555976dc88a0)
* Expire in 16 ms for 1 (transfer 0x555976dc88a0)
* Expire in 9 ms for 1 (transfer 0x555976dc88a0)
* Expire in 9 ms for 1 (transfer 0x555976dc88a0)
* Expire in 16 ms for 1 (transfer 0x555976dc88a0)
* Expire in 10 ms for 1 (transfer 0x555976dc88a0)
* Expire in 10 ms for 1 (transfer 0x555976dc88a0)
* Expire in 16 ms for 1 (transfer 0x555976dc88a0)
* Expire in 14 ms for 1 (transfer 0x555976dc88a0)
* Expire in 14 ms for 1 (transfer 0x555976dc88a0)
* Expire in 16 ms for 1 (transfer 0x555976dc88a0)
* Expire in 50 ms for 1 (transfer 0x555976dc88a0)
* Expire in 50 ms for 1 (transfer 0x555976dc88a0)
* Expire in 16 ms for 1 (transfer 0x555976dc88a0)
* Expire in 50 ms for 1 (transfer 0x555976dc88a0)
* Expire in 50 ms for 1 (transfer 0x555976dc88a0)
* Expire in 32 ms for 1 (transfer 0x555976dc88a0)
* Expire in 50 ms for 1 (transfer 0x555976dc88a0)
* Expire in 50 ms for 1 (transfer 0x555976dc88a0)
* Expire in 32 ms for 1 (transfer 0x555976dc88a0)
* Expire in 50 ms for 1 (transfer 0x555976dc88a0)
* Expire in 50 ms for 1 (transfer 0x555976dc88a0)
* Expire in 64 ms for 1 (transfer 0x555976dc88a0)
* Expire in 50 ms for 1 (transfer 0x555976dc88a0)
* Expire in 50 ms for 1 (transfer 0x555976dc88a0)
* Expire in 64 ms for 1 (transfer 0x555976dc88a0)
* Expire in 50 ms for 1 (transfer 0x555976dc88a0)
* Expire in 50 ms for 1 (transfer 0x555976dc88a0)
* Expire in 64 ms for 1 (transfer 0x555976dc88a0)
* Expire in 50 ms for 1 (transfer 0x555976dc88a0)
* Expire in 50 ms for 1 (transfer 0x555976dc88a0)
* Expire in 200 ms for 1 (transfer 0x555976dc88a0)
*   Trying 85.91.178.151...
* TCP_NODELAY set
* Expire in 200 ms for 4 (transfer 0x555976dc88a0)
* Connected to domain.be (IP) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* successfully set certificate verify locations:
*   CAfile: none
  CApath: /etc/ssl/certs
* SSL connection using TLSv1.2 / ECDHE-RSA-AES128-GCM-SHA256
* ALPN, server did not agree to a protocol
* Server certificate:
*  subject: CERTIFICATE_RESPONSE_DATA
*  start date: Nov  5 10:16:25 2018 GMT
*  expire date: Nov  5 10:26:00 2020 GMT
*  subjectAltName: host "domain.be" matched cert's "domain.be"
*  issuer: ISSUER DATA
*  SSL certificate verify ok.
> POST /SecurityTokenService/v1 HTTP/1.1
Host: domain.be
Accept: */*
Content-Length: 370
Content-Type: multipart/form-data; boundary=------------------------887f9c2af3ff5bf8

< HTTP/1.1 500 Internal Server Error
HTTP/1.1 500 Internal Server Error
< Date: Fri, 17 Jan 2020 08:27:27 GMT
Date: Fri, 17 Jan 2020 08:27:27 GMT
< Server: Apache
Server: Apache
< Content-Length: 349
Content-Length: 349
< X-Powered-By: Servlet/2.5 JSP/2.1
X-Powered-By: Servlet/2.5 JSP/2.1
< Connection: close
Connection: close
< Content-Type: text/xml; charset=utf-8
Content-Type: text/xml; charset=utf-8

<
<?xml version="1.0" encoding="UTF-8"?>
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/"><soapenv:Body><soapenv:Fault><faultcode xmlns:wst="http://docs.oasis-open.org/ws-sx/ws-trust/200512">wst:RequestFailed</faultcode><faultstring>The specific request failed</faultstring></soapenv:Fault></soapenv:Body></soapenv:Envelope>* Closing connection 0

所以我得到了一个真正描述性的错误响应...我应该能够在PHP中获得相同的确切请求和响应，就像在SoapUI中一样。

有人对如何解决此问题有想法吗？

然后请求完成时，我也得到以下错误：

SoapFault : SoapClient::__doRequest() returned non string value

但是我认为这将是以后的关注。

所以我对此问题的主要目标是能够像使用SoapUI一样具有相同的请求和良好的响应。

提前谢谢！

Answer 1

PHP SoapClient无法处理p12证书文件。您必须将其转换为pem文件。您可以将oppenssl toolkit用于此目的。

一旦安装，您可以使用以下CLI命令转换p12证书文件

openssl pkcs12 -in mycert.p12 -out mycert.pem -nodes -clcerts

转换为pem文件后，更改您的SoapClient ssl选项。

$options = [
    'local_cert' => dirname(__FILE__) . 'mycert.pem',
    'athentication' => SOAP_ATHENTICATION_DIGEST
];

$client = new SoapClient(
    $wsdl,
    $options
);

如果要单独保存私钥和证书文件，请使用以下示例。

$context = stream_context_create([
    'ssl' => [
        'local_cert' => '/path/to/cert/file',
        'local_pk'   => '/path/to/private/key'
    ]
]);

$client = new \SoapClient($wsdl, [
    'stream_context' => $context,
    // other options
]);

希望有所帮助...

带有签名证书的PHP Soapcall

问题描述投票：0回答：1

1个回答

最新问题

带有签名证书的PHP Soapcall

问题描述 投票：0回答：1

1个回答

最新问题

问题描述投票：0回答：1