我收到 XML 请求,包含 MsgBody 标记和签名(在.net中完成的签名过程),
我必须验证他们发送的 msg 正文、签名和请求者公钥,但我不能。
我的代码是:
$msg_body = "<MsgBody><Transactions>....</Transactions></MsgBody>";
$signature = "nkI/Z/ySJSxarh..............==";
$verifying_flag = openssl_verify($msg_body, base64_decode($signature), PUBLIC_KEY, OPENSSL_ALGO_SHA256);
我试过这个:
$rsa = new \Crypt_RSA();
$rsa->loadKey(PUBLIC_KEY);
$verifying_flag = $rsa->verify($msg_body, base64_decode($signature));
两种方式的 $verifying_flag 失败,
通过此代码在 .NET 中完成的签名过程:
using System;
public class Program
{
public static string SignMessage(XElement xmlMessage, Collection<string> xPaths, string certificateSerialNumber)
{
string elementsValue = string.Empty;
foreach (vara xPath in xpaths)
{
IEnumerable<XElement> xPathSelectElements = xmlMessage.XPathSelectElements(xPath);
foreach (XElement xPathSelectElements in xPathSelectElements)
{
elementsValue += xPathSelectElements.ToString();
}
}
RSACryptoServiceProvider rsaCryptoServiceProvider = new RSACryptoServiceProvider();
rsaCryptoServiceProvider.FromXmlString(GetCertificates(certificateSerialNumber).PrivateKey.ToXmlString(true));
RSACryptoServiceProvider.UseMachineKeyStore = true;
rsaCryptoServiceProvider.ExportParameters(false);
rsaCryptoServiceProvider.KeySize = 2048;
return Convert.ToBase64String(rsaCryptoServiceProvider.SignData(Encoding.Unicode.GetBytes(elementsValue), CryptoConfig.MapNameToOID("SHA256")));
}
如何验证他们的要求?!