在php中使用xmlseclibs对xml进行签名会产生错误的签名。

Question

我使用xmlseclibs v.1.3.1

下面是我尝试签署xml的方法

$document = new DOMDocument();

$request  = $document->createElement('paymentRequest');

$xmlnsxsi = $document->createAttribute('xmlns:xsi');

$xmlns = $document->createAttribute('xmlns');

$xmlns->value = 'url link';

$xmlnsxsi->value = 'http://www.w3.org/2001/XMLSchema-instance';

$request->appendChild($xmlnsxsi);

$request->appendChild($xmlns);  

$pid  = $document->createElement('pid',$_SESSION['payment_info'][$_GET['object_id']]['PID']);

$senderId  = $document->createElement('senderId',$_SESSION['info'][$_GET['object']]['ID']);

$returnUrl  = $document->createElement('returnUrl',$_SESSION['info'][$_GET['object']]['RETURN']);

$amount  = $document->createElement('amount',$_POST['AMOUNT']);
$currency  = $document->createElement('currency','USD');

$language  = $document->createElement('language','EN');

$message  = $document->createElement('message','test test');

$paymentCode  = $document->createElement('paymentCode',$_SESSION['info'][$_GET['object']]['PCODE']);

$date  = $document->createElement('date','2013-12-03T15:37:19.6414668+02:00');

$correlation  = $document->createElement('correlation',$_SESSION['info'][$_GET['object']]['EXTRA']);

$request->appendChild($pid);
$request->appendChild($senderId);
$request->appendChild($returnUrl);
$request->appendChild($amount);
$request->appendChild($currency);
$request->appendChild($language);
$request->appendChild($message);
$request->appendChild($paymentCode);
$request->appendChild($date);
$request->appendChild($correlation);
$document->appendChild($request);
$xml_pay2 = $document->saveXml();


require_once('xmlseclibs.php');
$doc = new DOMDocument();
$doc->loadXML($xml_pay2);

$objDSig = new XMLSecurityDSig();

$objDSig->setCanonicalMethod(XMLSecurityDSig::EXC_C14N_COMMENTS);

$objDSig->addReference($doc, XMLSecurityDSig::SHA1, array('http://www.w3.org/2000/09/xmldsig#enveloped-signature')); 

$objKey = new XMLSecurityKey(XMLSecurityKey::RSA_SHA1, array('type'=>'private'));


$objKey->loadKey('system/key.pem', TRUE);

$objDSig->add509Cert(file_get_contents("system/cert.pem"));

$objDSig->sign($objKey,$doc);



$xml_pay2 = $doc->saveXML();

$doc2 = new DOMDocument();
$doc2->loadXML($xml_pay2);

$objXMLSecDSig = new XMLSecurityDSig();
$objDSig = $objXMLSecDSig->locateSignature($doc2);

if (!$objDSig) {
    echo "Cannot locate Signature Node";die();
}
$objXMLSecDSig->canonicalizeSignedInfo();

$objXMLSecDSig->idKeys = array('wsu:Id');

$objXMLSecDSig->idNS = array('wsu'=>'http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd');

$retVal = $objXMLSecDSig->validateReference();
if (!$retVal) {
    die("Reference Validation Failed");
}   
$objKey = $objXMLSecDSig->locateKey();
if (!$objKey ) {
    echo "We have no idea about the key";die();
}

$key = NULL;

$objKeyInfo = XMLSecEnc::staticLocateKeyInfo($objKey, $objDSig);
if (! $objKeyInfo->key && empty($key)) {
    $objKey->loadKey('system/cert.pem', TRUE);
}

if ($objXMLSecDSig->verify($objKey)) {
        echo "Signature validated!";
} else {
    echo "Failure!!!!!!!!";
}

它总是给我“失败！”结果。

Answer 1

第一步是为PHP启用错误输出，这样您就可以看到真正的错误消息。这可能是因为你正在访问this bug，但是如果没有来自PHP的错误消息，就没有办法知道。