PHP 你用证书实现 XML 数字签名和验签（ SHA256 with RSA）

版权声明：本文为博主原创文章，未经博主允许不得转载。 https://blog.csdn.net/u010324331/article/details/85268130

首先

需要安装扩展 xmlseclibs
地址：https://github.com/robrichards/xmlseclibs

然后

看下面示例（github上面也有测试的调用示例）

/**  * generateXMLSignFields XML生成签名域  * Use sha256withrsa algorithm to generate XML internal signature  * @param $xml  * @return string  * @throws \Exception  * @author   liuml  <liumenglei0211@163.com>  * @DateTime 2018/12/21  16:37  */ protected function generateXMLSignFields($xml) {     // 加载要签名的XML     $doc = new \DOMDocument();     $doc->loadXML($xml);      // 创建一个新的安全对象     $objDSig = new XMLSecurityDSig();     // 使用c14n专属规范化     $objDSig->setCanonicalMethod(XMLSecurityDSig::C14N);     // 签名使用 SHA-256     $objDSig->addReference(         $doc,         XMLSecurityDSig::SHA1,         array('http://www.w3.org/2000/09/xmldsig#enveloped-signature')     );      // 创建一个新的(私有)安全密钥     $objKey = new XMLSecurityKey(XMLSecurityKey::RSA_SHA256, array('type' => 'private'));      // 如果密钥有密码，则使用它进行设置     // $objKey->passphrase = '<passphrase>';      // 加载私钥     $objKey->loadKey("-----BEGIN RSA PRIVATE KEY-----\n" . $this->privateKey . "\n-----END RSA PRIVATE KEY-----\n");      // 对XML文件签名     $objDSig->sign($objKey);      // 将关联的公钥添加到签名     $objDSig->add509Cert("-----BEGIN PUBLIC KEY-----\n" . $this->publicKey . "\n-----END PUBLIC KEY-----\n");      // 将签名附加到XML     $objDSig->appendSignature($doc->documentElement);      return $doc->saveXML(); }  /**  * checkResponseSign 验证签名  * Validate signatures in XML  * @param $xml  * @return bool  * @throws \Exception  * @author   liuml  <liumenglei0211@163.com>  * @DateTime 2018/12/21  17:51  */ protected function checkResponseSign($xml) {     $doc = new \DOMDocument();     $doc->loadXML($xml);     $objXMLSecDSig = new XMLSecurityDSig();      $objDSig = $objXMLSecDSig->locateSignature($doc);     if (!$objDSig) {         throw new \Exception("Cannot locate Signature Node");     }     $objXMLSecDSig->canonicalizeSignedInfo();     $objXMLSecDSig->idKeys = array('wsu:Id');     $objXMLSecDSig->idNS   = array('wsu' => 'http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd');      $retVal = $objXMLSecDSig->validateReference();     if (!$retVal) {         throw new \Exception("Reference Validation Failed");     }      $objKey = $objXMLSecDSig->locateKey();     if (!$objKey) {         throw new \Exception("We have no idea about the key");     }      $key = NULL;      $objKeyInfo = XMLSecEnc::staticLocateKeyInfo($objKey, $objDSig);      if (!$objKeyInfo->key && empty($key)) {         $objKey->loadKey("-----BEGIN PUBLIC KEY-----\n" . $this->myBankPublicKey . "\n-----END PUBLIC KEY-----\n");     }      if ($objXMLSecDSig->verify($objKey) === 1) {         return true;     } else {         return false;     } } 

文章来源: PHP 你用证书实现 XML 数字签名和验签（ SHA256 with RSA）