我正在尝试使用 PHP 验证来自 Windows 商店的收据。
我正在使用以下代码:
<?php
include('Crypt/RSA.php');
include('File/X509.php');
$xml_str ='<Receipt Version="1.0" ReceiptDate="2012-08-30T23:08:52Z" CertificateId="b809e47cd0110a4db043b3f73e83acd917fe1336" ReceiptDeviceId="4e362949-acc3-fe3a-e71b-89893eb4f528">
<ProductReceipt Id="6bbf4366-6fb2-8be8-7947-92fd5f683530" ProductId="Product1" PurchaseDate="2012-08-30T23:08:52Z" ExpirationDate="2012-09-02T23:08:49Z" ProductType="Durable" AppId="55428GreenlakeApps.CurrentAppSimulatorEventTest_z7q3q7z11crfr" />
<Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
<SignedInfo>
<CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
<SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256" />
<Reference URI="">
<Transforms>
<Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" />
</Transforms>
<DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256" />
<DigestValue>Uvi8jkTYd3HtpMmAMpOm94fLeqmcQ2KCrV1XmSuY1xI=</DigestValue>
</Reference>
</SignedInfo>
<SignatureValue>TT5fDET1X9nBk9/yKEJAjVASKjall3gw8u9N5Uizx4/Le9RtJtv+E9XSMjrOXK/TDicidIPLBjTbcZylYZdGPkMvAIc3/1mdLMZYJc+EXG9IsE9L74LmJ0OqGH5WjGK/UexAXxVBWDtBbDI2JLOaBevYsyy+4hLOcTXDSUA4tXwPa2Bi+BRoUTdYE2mFW7ytOJNEs3jTiHrCK6JRvTyU9lGkNDMNx9loIr+mRks+BSf70KxPtE9XCpCvXyWa/Q1JaIyZI7llCH45Dn4SKFn6L/JBw8G8xSTrZ3sBYBKOnUDbSCfc8ucQX97EyivSPURvTyImmjpsXDm2LBaEgAMADg==</SignatureValue>
</Signature>
</Receipt>';
if( !$xml = simplexml_load_string( $xml_str ) )
{
echo 'Unable to load XML string<br />';
}
else
{
print 'XML String loaded successfully<br />';
}
$ch = curl_init();
//set the url, number of POST vars, POST data
curl_setopt($ch,CURLOPT_URL, "https://lic.apps.microsoft.com/licensing/certificateserver/?cid=".$xml["CertificateId"]);
curl_setopt($ch, CURLOPT_FRESH_CONNECT, true);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
$responseFromServer = curl_exec($ch);
//echo $responseFromServer;
echo '<br/>';
$x509 = new File_X509();
$cert=$x509->loadX509($responseFromServer);
print_r($cert);
echo $x509->getPublicKey();
echo '<br/>';
//close connection
curl_close($ch);
$signatureInfo2='<SignedInfo>
<CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
<SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256" />
<Reference URI="">
<Transforms>
<Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" />
</Transforms>
<DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256" />
<DigestValue>Uvi8jkTYd3HtpMmAMpOm94fLeqmcQ2KCrV1XmSuY1xI=</DigestValue>
</Reference>
</SignedInfo>';
$data = $xml->Signature->SignatureValue;
echo $data;
echo '<br/>';
$dom = new DOMDocument();
$dom->loadXML($signatureInfo2);
$canonicalized = $dom->C14N(TRUE, FALSE);
echo $canonicalized;
echo '<br/>';
$rsa = new Crypt_RSA();
$key = $x509->getPublicKey();
$key1 = 'MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnK+P74KmRbczKst4ztFx 4wVDceo+2U1xJzaS5dlUns1UAPSitkZb66FyoWDFFHSacPrcZtZqov1uw/UDmE6t XvNxi4VgvSEYfzkpkmLdHpIFSwfonMkR93baWHCebLKVNobj3+CPzXNOjrl5TLA/ TFOFIPSAQ9h0gwRKroRkaMVeuGLhB+OuOaAdeC5RGstPiWZZCmf5lYcf7Hc0gX63 WtV/wpHO0joJ00jN3fw5zuQysFdlmJ/u4v6wanuP6KeiKkDKz6R8npvUp8votMYl DAPtSMJF9IbNILxzOsw8MEzA4k2qWwsvS55jMeuaDKueoYbEMnSxJqrqvJVWFAxMywIDAQAB';
if($rsa->loadKey($key1))
{ // public key
$rsa->setPublicKey();
$rsa->setHash('sha256');
echo $rsa->verify($canonicalized, $data) ? 'verified' : 'unverified';
}
?>
我正在关注这个链接。但我总是得到“坏”的输出。
有人可以告诉我我在这里做错了什么吗?
谢谢