我测试了最终的 XML 签名文件,它发送“无效签名”,为什么?信息:我已经准备了这个信息。使用 XML 签名进行签名:
<?xml version="1.0" encoding="UTF-8" standalone="no"?><SolicitudRegistro
xmlns="http://www.cie.mx/SCG/Inilidad" IdMensaje="f2-8505d81914c">
<FechaEnvio>2013-02-26T21:08:36</FechaEnvio>
<Registrante EndPoint="https://200.34.175.46:443/InteropOPE
/MensajeidadService" Nombre="Instigua" NombreCorto="IMTA" URI="op.mx">
<DatosDeContacto AreaOficina="Informatica"
CorreoElect="req@tc.ia.mx" Nombre="Rafadina" Puesto="Subdirector nicaciones" >
<Telefonos>
<Telefono Extension=" " NumeroTelefonico="7773293644" />
</Telefonos>
</DatosDeContacto>
<CertificadoInstancia>MIIFETCCA/mgAwIBAgIUMDAwMDAwMDAwMDAwMD CERTIFICATE
WITH SENDER'S PUBLIC KEY=</CertificadoInstancia>
</Registrante>
<Reto>
<CadenaCifrada>Ln0BAsnwrNg6IzjW7hk2c/Nxx/x3LZ STRING ENCRYPTED
WITH PRIVATE KEY SO RECEIVER CAN AUTHENTICATE SOURCE WITH SENDER'S CERTIFICATE=
</CadenaCifrada>
</Reto>
</SolicitudRegistro>
所以我将所有这些都存储在文件 results.xml 中,然后我用 phpseclib 函数对其进行签名,代码是:
<?php
require('xmlseclibs.php');
if (file_exists('./firmas/sign-basic-test_mio.xml')) {
unlink('./firmas/sign-basic-test_mio.xml');
}
$doc = new DOMDocument();
$doc->load('./firmas/results.xml');
$objDSig = new XMLSecurityDSig();
$objDSig->setCanonicalMethod(XMLSecurityDSig::C14N);
$objDSig->addReference($doc, XMLSecurityDSig::SHA1,
array('http://www.w3.org/2000/09/xmldsig#enveloped-signature',
array('http://www.w3.org/TR/1999/REC-xpath-19991116' =>
array("query" => "ancestor-or-self::*[local-
name()='SolicitudRegistro']"))),array("force_uri"=>true));
$objKey = new XMLSecurityKey(XMLSecurityKey::RSA_SHA1, array('type'=>'private'));
/* load private key */
$objKey->loadKey('i.pem', TRUE);
$objDSig->sign($objKey);
/* Add associated public key */
$objDSig->add509Cert(file_get_contents('instancia_imta_ope.crt'));
$objDSig->appendSignature($doc->documentElement);
$doc->save('./firmas/sign-basic-test_mio.xml');
$sign_output = file_get_contents('./firmas/sign-basic-test_mio.xml');
$sign_output_def = file_get_contents('./firmas/sign-basic-test_mio.res');
if ($sign_output != $sign_output_def) {
echo "NOT THE SAME";
}
echo "DONE";
?>
这给出了一个完整的 XML 签名,看起来像(截断一些加密文本):
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<SolicitudRegistro xmlns="http://www.cb.mx/SCG/Interlidad"
IdMensaje="f2e140eb-2b09-44ab-8504-87b25d81914c">
<FechaEnvio>2013-02-26T21:08:36</FechaEnvio>
<Registrante EndPoint="https://200.34.175.46:443/InteropOPE.....
<DatosDeContacto AreaOficina="Informatica" CorreoElectronico.....
<Telefonos>
<Telefono Extension=" " NumeroTelefonico="7773293644"/>
</Telefonos>
</DatosDeContacto>
<CertificadoInstancia>MIIFETCCA/mgAwIBAgIUMDAwMDY....=</CertificadoInstancia>
</Registrante>
<Reto>
<CadenaCifrada>Ln0BAsnwrNg6IzjW7hk.....</CadenaCifrada>
</Reto>
<ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<ds:SignedInfo><ds:CanonicalizationMethod
Algorithm="http://ww.org/TR/2001 /REC-xml-c14n-20010315"/>
<ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
<ds:Reference URI=""><ds:Transforms><ds:Transform Algorithm="http://www.
w3.org/2000/09/xmldsig#enveloped-signature"/><ds:Transform
Algorithm="http://www.w3.org/TR/1999/REC-xpath-19991116">
<ds:XPath>ancestor-or-self::*[local-name()='SolicitudRegistro']</ds:XPath>
</ds:Transform></ds:Transforms><ds:DigestMethod
Algorithm="http://www.w3.org/2000/09 /xmldsig#sha1"
/><ds:DigestValue>GogFeLcUThvfAeyNrDBroTQaGhA=</ds:DigestValue>
</ds:Reference>
</ds:SignedInfo><ds:SignatureValue>N+Btck0X9H81ZUcmrIK3h7LR2CtA86BPaBFE=
</ds:SignatureValue>
<ds:KeyInfo>
<ds:X509Data>
<ds:X509Certificate>MIIFETCCA/mgAwIB.....=</ds:X509Certificate>
</ds:X509Data>
</ds:KeyInfo>
所有这一切都针对 1 个问题,您知道如何使用 PHPSECLIB 验证此签名的任何示例吗?还是其他图书馆?显示无效签名的测试页面是: https ://ope.gob.mx/BrokerInteropQA/Diagnostico/default.aspx
谢谢,我为这么多信息道歉,但我试图在我的怀疑中澄清马里奥