我正在使用 curl API 调用具有两个 SSL 身份验证的 SOAP Web 服务,并在 SOAP 标头中使用 UserName、PasswordDigest 和 Nounce。
curl API 代码是:
$soap_do = curl_init();
curl_setopt($soap_do, CURLOPT_URL, "WEBSERVICE_URL" );
curl_setopt($soap_do, CURLOPT_CONNECTTIMEOUT, 1000);
curl_setopt($soap_do, CURLOPT_TIMEOUT, 1000);
curl_setopt($soap_do, CURLOPT_RETURNTRANSFER, true );
curl_setopt($soap_do, CURLOPT_SSL_VERIFYPEER, true);
curl_setopt($soap_do, CURLOPT_POST, true );
curl_setopt($soap_do, CURLOPT_VERBOSE, '1');
curl_setopt($soap_do, CURLOPT_SSLVERSION, '1');
curl_setopt($soap_do, CURLOPT_SSL_VERIFYHOST, 2);
curl_setopt($soap_do, CURLOPT_SSLKEYPASSWD, 'secret');
curl_setopt($soap_do, CURLOPT_SSLKEYTYPE, 'PEM');
curl_setopt($soap_do, CURLOPT_SSLKEY,"C:/XP/Projects/setups/certs/key.pem");
curl_setopt($soap_do, CURLOPT_POSTFIELDS, $in);
curl_setopt($soap_do, CURLOPT_HTTPHEADER, array('Content-Type: text/xml; charset=utf-8', 'Content-Length: '.strlen($in) ));
$out = curl_exec($soap_do);
if($out === false)
{
echo "err";
$err = 'Curl error: ' . curl_error($soap_do);
curl_close($soap_do);
echo $err;
return $err;
}
else
{
echo "response ==";
echo $out;
echo "execu";
curl_close($soap_do);
return 'Operation completed without any errors';
}
CACERTS 已经在 php.ini 文件中设置:
响应始终是策略伪造的,任何人都可以查看 SSLKEY 是否已正确设置,并且出站 POST 消息将使用此密钥进行加密?
完整的回应是:
response ==<?xml version="1.0" encoding="UTF-8"?>
<soapenv:Envelope xmlns:soapenv="http://www.w3.org/2003/05/soap-envelope">
<soapenv:Body>
<soapenv:Fault>
<soapenv:Code>
<soapenv:Value>soapenv:Receiver</soapenv:Value>
</soapenv:Code>
<soapenv:Reason>
<soapenv:Text xml:lang="en-US">Policy Falsified</soapenv:Text>
</soapenv:Reason>
<soapenv:Role>REMOVED FOR PRIVACY</soapenv:Role>
<soapenv:Detail>
<l7:policyResult status="Bad Request" xmlns:l7="http://www.layer7tech.com/ws/policy/fault"/>
</soapenv:Detail>
</soapenv:Fault>
</soapenv:Body>
</soapenv:Envelope>
execu* Trying 216.178.233.150...
* Connected to impl.client.com (216.178.233.150) port 443 (#0)
* successfully set certificate verify locations:
* CAfile: C:/Project_ah/php/cacert.pem
CApath: none
* SSL connection using TLSv1.0 / DHE-RSA-AES256-SHA
* Server certificate:
* subject: C=US; ST=Maryland; L=Baltimore; O=Centers for Medicare & Medicaid Services; OU=OIS; CN=REMOVED FOR PRIVACY
* start date: 2014-12-31 00:00:00 GMT
* expire date: 2016-01-23 23:59:59 GMT
* subjectAltName: REMOVED FOR PRIVACY
* issuer: C=US; O=Symantec Corporation; OU=Symantec Trust Network; CN=Symantec Class 3 Secure Server CA - G4
* SSL certificate verify ok.
> POST /Imp1/servie HTTP/1.1
Host: REMOVED FOR PRIVACY
Accept: */*
Content-Type: text/xml; charset=utf-8
Content-Length: 2517
Expect: 100-continue
< HTTP/1.1 100 Continue
< HTTP/1.1 500 Internal Server Error
< Server: Apache-Coyote/1.1
< Content-Type: application/soap+xml;charset=utf-8
< Content-Length: 746
< Date: Wed, 03 Jun 2015 03:53:13 GMT
< Connection: close
<
* Closing connection 0
注意:不使用 SOAPClient,因为它无法解析 WSDL,因为嵌套的 XSD 再次定义了命名空间