Implement security token exchange in WS-Security in PHP_问答_开发者

Implement security token exchange in WS-Security in PHP

开发者 https://www.devze.com 2023-01-21 04:51 出处：网络

I am trying to communicate with a web service that is developed by .NET, and I am writing my client in PHP. One of the headache right now, is generating the SignatureValue andfor SignedInfo.

I am trying to communicate with a web service that is developed by .NET, and I am writing my client in PHP. One of the headache right now, is generating the SignatureValue and for SignedInfo.

<Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
            <SignedInfo>
                <CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                <SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#hmac-sha1"/>
                <Reference URI="#_0">
                    <Transforms>
                        <Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                    </Transforms>
                    <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
                    <DigestValue>CwMGnFZklO7XsDfFguzl0tw7iHM=</DigestValue>
                </Reference>
            </SignedInfo>
            <SignatureValue>nXJEN8p1nupMA/00TK03VZlADkU=</SignatureValue>

There was an Entropy sent to the server and and Entropy received from the server... Sent to server:

<t:Entropy>
                    <t:BinarySecret u:Id="uuid-6d32fbfc-2a74-422f-8b0b-3089db58f6ec-1" 
                        Type="http://schemas.xmlsoap.org/ws/2005/02/trust/Nonce">
                        grrlUUfhuNwlvQzQ4bV6TT3wA8ieZPltIf4+H7nIvCE=
                    </t:BinarySecret>
                </t:Entropy>

received from server:

<t:Entropy>
                <t:BinarySecret u:Id="uuid-8aebe294-15d0-4233-a3b1-ddd9a0d43d98-4"
                    Type="http://schemas.xmlsoap.org/ws/2005/02/trust/Nonce">
                    YLABh3ZmZyiO5gvVLZe9J4JPd9w59KGeTFwE85XlzxE=

                    </t:BinarySecret>
                </t:Entropy>

From what I read, I am suppose to use PSHA1 to generate a shared key and then run HMAC_SHA1 on the conocalized SignedInfo to generate signed value. Using these two entropies, the expected value is nXJEN8p1nupMA/00TK03VZlADkU= but I could never generate that...

My parameter to psha1_derive is psha1_derive($entropySentByMe (as $secret), 'WS-SecureConversationWS-SecureConversation', $entropyReturne开发者_C百科dByServer (as $seed), '' (as timestamp), and length is 32 (256 bits));

If anyone has more information on how to use PSHA1 to derive the shared key or how to generate the signature value, please let me know!

There is an npm module for node.js to make a shared secret using the PSHA1 algorithm to obtain the computed key. GitHub Link.