English 中文(简体)
Decoding http response with certificate
原标题:

I m new to php and I need to authenticate to a SSO server. The SSO server is a .Net one, using a SSL certificate.

When I go back from the SSO server, the response is encoded. I have the key of the certificate of course, but how could I decrypt the response ?

This is very vague for me, don t hesitate to detail your answer :)

Many thanks in advance for your help, best regards

问题回答

You can use the http/ssl stream wrapper to let php transparently handle the ssl part.

Let s start simple:

$c = file_get_contents( file.txt );

No wrapper has been specified, therefore file:// is used by default. The file:// wrapper tries to open the local file file.txt and file_get_contents() reads the data from that stream.

Next step: the http wrapper

$c = file_get_contents( http://docs.php.net/fopen );

Now a wrapper is specified. The http-wrapper makes a request for http://docs.php.net/fopen and returns the result as a stream from which file_get_contents() all its data.

You can also use https if ssl support is enabled in (see also http://docs.php.net/openssl).

$c = file_get_contents( https://developer.mozilla.org/en/gecko_dom_reference );

Optional: server/client authentication
You can attach a context to a php stream allowing you to set options/parameter for the involved stream wrappers.
E.g. the http-wrapper take the http.user_agent parameter into account when sending a http request to a server. So, if you want to make the server "believe" that a specific version of firefox makes a request for a document and you can do something like

$context = stream_context_create(
  array(
     http =>array( user-agent => Mozilla/6.0 (Windows; U; Windows NT 7.0; en-US; rv:1.9.0.8) Gecko/2009032609 Firefox/3.0.9 (.NET CLR 3.5.30729) )
  )
);
$c = file_get_contents( http://docs.php.net/fopen , 0, $context);

When making a https request both the http and the ssl options are used

$context = stream_context_create(
  array(
     http =>array(  ...http-wrapper options here ),
     ssl =>array(  ...ssl-wrapper options here )
  )
);

The https server might require you to authenticate before allowing access to a resource. A client certificate has to be send with the request and the server decides whether it s acceptable or not. The context parameter ssl.local_cert allows you to specify the client certificate that is used in the request. The cert file may be password protected. In that case you have to provide the password as ssl.passphrase

$context = stream_context_create(
  array(
     ssl =>array(
       local_cert => xyz/VolkerCA/UserVolker.pem ,
       passphrase => my secret passphrase 
    )
  )
);
$c = file_get_contents( https://hermes..../ssl/test.php , 0, $context);

On the other hand you might (also) want to make sure that the server really is what it claims to be. How it s decided whether a (server) certificate is acceptable/valid/trustworthy is a bit beyond this post. http://docs.php.net/book.openssl
Set ssl.verify_peer=true and pass the information where to find the verification data as ssl.cafile

$context = stream_context_create(
  array(
     ssl =>array(
       local_cert => xyz/VolkerCA/UserVolker.pem ,
       passphrase => my secret passphrase ,
       verify_peer =>true,
       cafile => xyz/VolkerCA/VolkerCA.pem 
    )
  )
);
$c = file_get_contents( https://hermes..../ssl/test.php , 0, $context);




相关问题
Brute-force/DoS prevention in PHP [closed]

I am trying to write a script to prevent brute-force login attempts in a website I m building. The logic goes something like this: User sends login information. Check if username and password is ...

please can anyone check this while loop and if condition

<?php $con=mysql_connect("localhost","mts","mts"); if(!con) { die( unable to connect . mysql_error()); } mysql_select_db("mts",$con); /* date_default_timezone_set ("Asia/Calcutta"); $date = ...

定值美元

如何确认来自正确来源的数字。

Generating a drop down list of timezones with PHP

Most sites need some way to show the dates on the site in the users preferred timezone. Below are two lists that I found and then one method using the built in PHP DateTime class in PHP 5. I need ...

Text as watermarking in PHP

I want to create text as a watermark for an image. the water mark should have the following properties front: Impact color: white opacity: 31% Font style: regular, bold Bevel and Emboss size: 30 ...

How does php cast boolean variables?

How does php cast boolean variables? I was trying to save a boolean value to an array: $result["Users"]["is_login"] = true; but when I use debug the is_login value is blank. and when I do ...