[英]Working algorithm for PasswordDigest in WS-Security php
I have been creating hash password from the formula given by my airline supplier.我一直在根据我的航空公司供应商提供的公式创建哈希密码。 I have search on this site and I got the solution from below link in C# but I want in PHP.我在这个网站上搜索过,我从下面的 C# 链接中得到了解决方案,但我想要 PHP。 Working algorithm for PasswordDigest in WS-Security WS-Security 中 PasswordDigest 的工作算法
I have tried like this in php but password digest which I am getting is wrong我在 php 中尝试过这样的操作,但是我得到的密码摘要是错误的
function getTimestamp()
{
$microtime = floatval(substr((string)microtime(), 1, 8));
$rounded = round($microtime, 3);
return gmdate("Y-m-d\TH:i:s") . substr((string)$rounded, 1, strlen($rounded))."Z";
}
$nounce = base64_encode(mt_rand(10000000, 99999999));
$timestamp = getTimestamp();
$password = "AMADEUS"; //clear password
$final_hashed_password = base64_encode(sha1($nounce.$timestamp.sha1($password)));
My values are generating like this我的价值观是这样产生的
Nonce: ODczNzczNzE=
Timestamp: 2014-09-21T06:36:31.328Z
password: "TEST"
password digest I got: NjQxOThmZjViNmIwOGM0NGNiNDE1YTExNWQ3MDc2OGNlYjBjZDY2MA==
but password digest should generate like this但是密码摘要应该像这样生成
Right password digest: zGXsP85SuUngY7FjtnQizeO6yUk=
I know the algorithm for creating the Digest is:我知道创建摘要的算法是:
Password_Digest = Base64 ( SHA-1 ( nonce + created + SHA-1 ( password ) ) )
Please help me to generate right hash password in php and also please see the above link which has the solution in c#请帮助我在 php 中生成正确的哈希密码,并请参阅上面的链接,其中包含 c# 中的解决方案
得到了解决方案!...我们必须解码nonce,然后在其上应用公式,在xml中我们必须发送编码的nonce
As you mentioned - the issue was in Nonce. 正如你所提到的 - 问题出在Nonce中。
If I may suggest, it may be better to use for nonce a stream of bytes ( random_bytes
), instead of mt_rand(10000000, 99999999)
without encoding it. 如果我可以建议,最好使用nonce一个字节流( random_bytes
),而不是mt_rand(10000000, 99999999)
而不编码它。 And then, only encode it when you'll be including it in the Nonce SOAP/XML node. 然后,只有在将它包含在Nonce SOAP / XML节点中时才对其进行编码。
you can use this php code to generate Digest password
<?php
date_default_timezone_set('UTC');
$t = microtime(true);
$micro = sprintf("%03d",($t - floor($t)) * 1000);
$date = new DateTime( date('Y-m-d H:i:s.'.$micro) );
echo $timestamp = $date->format("Y-m-d\TH:i:s").$micro . 'Z';
$nonce = mt_rand(10000000, 99999999);
echo $nounce = base64_encode($nonce);//we have to decode the nonce and then apply the formula on it and in xml we have to send the encoded nonce
$password = "AMADEUS"; //clear password
echo $passSHA = base64_encode(sha1($nonce . $timestamp . sha1($password, true), true));
?>
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.