CODEWITHSUNDEEP
phpxmlsoapdigest
KMatko
KMatko

Reputation: 161

Wrong digest value using PHP

I've got string:

$string = '<Predstavitev xmlns="http://www.sigen.si/PodpisaniDokument" Id="MyVisualisation2"><Podatki ca="SIGEN-CA" dsPodjetja="" dsUporabnika="12345678" emso="1212912500444" maticna="" serial="2462933412018"/></Predstavitev>';

and digest value of it should be

tmLGK3IVc1mC/r5ScUKXQ46wcCA=

but when I use this PHP code

echo base64_encode(hash('SHA1', $string, true));

the output is

yszGh284QybUiyVNLfQlkh358qQ=

In SOAP is reference for canonicalization method (http://www.w3.org/TR/2001/REC-xml-c14n-20010315) and digest method algorithm (http://www.w3.org/2000/09/xmldsig#sha1).

Thanks for help!

Upvotes: 0

Views: 1475

Answers (2)

DieGoth74
DieGoth74

Reputation: 1

You need to canonicalize the string before doing the hash.

Just add the string to a DomDocument and get the C14N from element Predstavitev:

$string = '<Predstavitev xmlns="http://www.sigen.si/PodpisaniDokument"     
Id="MyVisualisation2"><Podatki ca="SIGEN-CA" dsPodjetja="" 
dsUporabnika="12345678" emso="1212912500444" maticna="" 
serial="2462933412018"/></Predstavitev>';

$xml = new DomDocument();

$xml->loadXML($string);

$node = $xml->getElementsByTagName('Predstavitev');

echo base64_encode(hash('SHA1', $node->item(0)->C14N(), true));

Upvotes: 0

hakre
hakre

Reputation: 197544

If the digest value is wrong and the functions applied are correct, then the input value is wrong - and not the digest. The digest is correct in the sense that it's correct from the wrong input value.

Therefore you need to apply the standards as you've named them (canonical form, digest) on the input you've got.

If you're too lazy to do that your own, you can for example take an existing library for that which is able to parse the algorithms from the soap-response XML you've got:

$string = '<Predstavitev xmlns="http://www.sigen.si/PodpisaniDokument" Id="MyVisualisation2"><Podatki ca="SIGEN-CA" dsPodjetja="" dsUporabnika="12345678" emso="1212912500444" maticna="" serial="2462933412018"/></Predstavitev>';

$sig = new XMLDSig($soapResponse);

var_dump($sig->getDigest($string)); // string(28) "tmLGK3IVc1mC/r5ScUKXQ46wcCA="

The XMLDSig class is part of XMLUtil, also on packagist, just require "hakre/xmlutil": "dev-develop".

Upvotes: 0

Related Questions