我需要使用 PFX 文件和使用 oauth2 的密码连接到公司 API。
我不太熟悉 PFX 文件的使用,也不确定如何使用 PFX 文件和密码连接到 API。我在这里查看了 SO,但没有找到太多可以帮助我入门的东西。我搜索了谷歌,但找到了一些文档和示例代码,但都没有用。我找到了以下代码,但它对我不起作用。有人可以帮我解决这个问题吗?
我找到并正在尝试使用的代码如下:
<?php
$url = "https://myaccounts.domain.com/auth/oauth/v2/token";
$cert_file = 'my_auth.pfx';
$cert_password = '1234567890';
$ch = curl_init();
$options = array(
CURLOPT_RETURNTRANSFER => true,
//CURLOPT_HEADER => true,
CURLOPT_FOLLOWLOCATION => true,
CURLOPT_SSL_VERIFYHOST => false,
CURLOPT_SSL_VERIFYPEER => false,
CURLOPT_USERAGENT => 'Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)',
//CURLOPT_VERBOSE => true,
CURLOPT_URL => $url ,
CURLOPT_SSLCERT => $cert_file ,
CURLOPT_SSLCERTPASSWD => $cert_password ,
);
curl_setopt_array($ch , $options);
$output = curl_exec($ch);
if(!$output)
{
echo "Curl Error : " . curl_error($ch);
}
else
{
echo htmlentities($output);
}
?>
上面的代码给我以下错误:
Curl Error: could not load PEM client certificate, OpenSSL error error:02001002:system library:fopen:No such file or directory, (no key found, wrong pass phrase, or wrong file format?)
key 在同一个目录中,所以我不确定为什么找不到它。也许我错误地使用了 PFX 文件。
最佳答案
我完全错了。根据我阅读的内容和收集到的信息,最好将 PFX 文件转换为 PEM 文件。我使用带有所有必要软件包和 openssl 的 cygwin 来完成此操作。将 PFX 文件转换为 PEM 后,我使用带有必要凭据的 curl 命令连接到我需要从中提取数据的 API。我从 bash shell 运行的命令如下:
curl -i -XPOST -u username:password -k https://myaccounts.domain.com/auth/oauth/v2/token -v --cert my_auth.pem
我收到了以下回复:
* timeout on name lookup is not supported
* Trying 123.123.123.123...
* TCP_NODELAY set
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0* Connected to myaccounts.domain.com (123.123.123.123) port 111 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* Cipher selection: ALL:!EXPORT:!EXPORT40:!EXPORT56:!aNULL:!LOW:!RC4:@STRENGTH
* successfully set certificate verify locations:
* CAfile: C:/Program Files/Git/mingw64/ssl/certs/ca-bundle.crt
CApath: none
* TLSv1.2 (OUT), TLS header, Certificate Status (22):
} [5 bytes data]
* TLSv1.2 (OUT), TLS handshake, Client hello (1):
} [512 bytes data]
* TLSv1.2 (IN), TLS handshake, Server hello (2):
{ [87 bytes data]
* TLSv1.2 (IN), TLS handshake, Certificate (11):
{ [3880 bytes data]
* TLSv1.2 (IN), TLS handshake, Server key exchange (12):
{ [333 bytes data]
* TLSv1.2 (IN), TLS handshake, Request CERT (13):
{ [903 bytes data]
* TLSv1.2 (IN), TLS handshake, Server finished (14):
{ [4 bytes data]
* TLSv1.2 (OUT), TLS handshake, Certificate (11):
} [1291 bytes data]
* TLSv1.2 (OUT), TLS handshake, Client key exchange (16):
} [70 bytes data]
* TLSv1.2 (OUT), TLS handshake, CERT verify (15):
} [264 bytes data]
* TLSv1.2 (OUT), TLS change cipher, Client hello (1):
} [1 bytes data]
* TLSv1.2 (OUT), TLS handshake, Finished (20):
} [16 bytes data]
* TLSv1.2 (IN), TLS change cipher, Client hello (1):
{ [1 bytes data]
* TLSv1.2 (IN), TLS handshake, Finished (20):
{ [16 bytes data]
* SSL connection using TLSv1.2 / ECDHE-RSA-AES256-SHA
* ALPN, server did not agree to a protocol
* Server certificate:
* subject: C=US; ST=My Location; L=ThankYou; O=Automatic Data Processing, Inc.; OU=Testing Labs; CN=myaccounts.domain.com
* start date: Aug 4 00:00:00 2001 GMT
* expire date: Oct 23 01:01:01 2017 GMT
* issuer: C=US; O=My Corporation; OU=My Trust Network; CN=My Class 3 Secure Server CA - G4
* SSL certificate verify ok.
* Server auth using Basic with user '123456'
} [5 bytes data]
> POST /auth/oauth/v2/token HTTP/1.1
> Host: myaccounts.domain.com
> Authorization: Basic veryveryveryveryverylongstringthatwillgoherebecauseitisveryverylong==
> User-Agent: curl/6.12.0
> Accept: */*
>
0 0 0 0 0 0 0 0 --:--:-- 0:00:01 --:--:-- 0{ [5 bytes data]
< HTTP/1.1 200 OK
< MY-CorrelationID: 123456789-adda-1234-a123-1a12345abcde
< Pragma: no-cache
< Cache-Control: no-store, no-cache, private
< Content-Type: application/json;charset=UTF-8
< Content-Length: 127
< Date: Thu, 02 Feb 2017 23:05:46 GMT
< Server: My Accounts
<
{ [127 bytes data]
100 127 100 127 0 0 75 0 0:00:01 0:00:01 --:--:-- 77* Curl_http_done: called premature == 0
100 127 100 127 0 0 75 0 0:00:01 0:00:01 --:--:-- 77HTTP/1.1 200 OK
MY-CorrelationID: 123456789-adda-1234-a123-1a12345abcde
Pragma: no-cache
Cache-Control: no-store, no-cache, private
Content-Type: application/json;charset=UTF-8
Content-Length: 127
Date: Thu, 02 Feb 2017 23:05:46 GMT
Server: My Accounts
{
"access_token":"123456789-1234-1234-1234-12345678901234",
"token_type":"Bearer",
"expires_in":3600,
"scope":"api"
}
* Connection #0 to host myaccounts.domain.com left intact
我还能够使用 postman 验证此连接,并且始终得到相同的响应。
我根据我所做的研究进一步开发满足我需求的解决方案。使用 cURL 的 PHP 解决方案如下。下面是两个函数和一个 if 条件。 if 条件根据访问 token 是否已添加到 session 中来触发适当的函数。如果未添加到 session 中,它将根据需要添加的凭据获取它。如果已添加到 session 中,则继续获取所需的数据。
我使用 php curl 文档来扩展我的 OP:http://php.net/manual/en/book.curl.php
<?php
session_start();
function getAccessCode(){
$curl = curl_init();
// Variables
$apiGrantType = 'client_credentials';
$apiScopes = array('scope1','scope2','scope3'); // Currently not used
$apiUrl = "myaccounts.domain.com/auth/oauth/v2/token?grant_type=" . $apiGrantType;
$authPath = '/var/www/html/domain.com/clients/test/';
$cliendId = 'username'; // Client ID
$clientSecret = 'password'; // Client Secret
$certUserPwd = $cliendId . ":" . $clientSecret; // Client ID:Client Secret
$certFile = $authPath . 'my_auth.pem'; // Private Cert
$certPassword = 'cert-password'; // Cert Password
$apiPost = array(
"grant_type" => $apiGrantType,
"client_id" => $cliendId,
"client_secret" => $clientSecret
);
$apiPostQuery = http_build_query($apiPost);
$apiHeader = array();
// $header Content Length
$apiHeader[] = 'Content-length: 0';
// $header Content Type
$apiHeader[] = 'Content-type: application/json';
// $header 'Client ID:Client Secret' Base64 Encoded
$apiHeader[] = "Authorization: Basic " . base64_encode($cliendId . ":" . $clientSecret); // OAuth,Basic
// cURL Options
$options = array(
CURLOPT_URL => $apiUrl,
CURLOPT_RETURNTRANSFER => true,
CURLOPT_HEADER => false, // true to show header information
CURLINFO_HEADER_OUT => true,
CURLOPT_HTTPGET => false,
CURLOPT_POST => true,
CURLOPT_FOLLOWLOCATION => false,
CURLOPT_VERBOSE => true,
CURLOPT_FOLLOWLOCATION => true,
CURLOPT_SSL_VERIFYHOST => false, // true in production
CURLOPT_SSL_VERIFYPEER => false, // true in production
CURLOPT_TIMEOUT => 30,
CURLOPT_MAXREDIRS => 2,
CURLOPT_HTTPHEADER => $apiHeader,
CURLOPT_USERAGENT => 'Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)',
CURLOPT_HTTPAUTH => CURLAUTH_ANYSAFE, // CURLAUTH_BASIC
CURLOPT_POSTFIELDS => $apiPostQuery,
CURLOPT_USERPWD => $certUserPwd,
CURLOPT_SSLCERTTYPE => 'PEM',
CURLOPT_SSLCERT => $certFile,
CURLOPT_SSLCERTPASSWD => $certPassword
);
curl_setopt_array($curl , $options);
$output = curl_exec($curl);
$json = json_decode($output);
return $json->access_token;
}
function getJobApps($access_token) {
echo '<pre>' . print_r($_SESSION, TRUE) . '</pre>';
/**
* Get Job Applications Data from DOMAIN
*/
$curl = curl_init();
$apiUrl = "https://myaccounts.domain.com/aaaaa/bbbbb";
// $header Authorization
$apiHeader = array('Authorization', 'Bearer ' . $access_token);
$options = array(
CURLOPT_URL => $apiUrl,
CURLOPT_HTTPHEADER => $apiHeader,
CURLOPT_RETURNTRANSFER => true,
CURLOPT_POST => true
);
curl_setopt_array($curl , $options);
$output = curl_exec($curl);
$json = json_decode($output);
echo '<pre>';
print_r($json);
echo '</pre>';
}
// Init Loop
if(isset($_SESSION['access_token'])) {
// Job Applications
$apiData = getJobApps($_SESSION['access_token']);
echo $apiData;
} else {
$access_token = getAccessCode();
$_SESSION['access_token'] = $access_token;
echo '<pre>' . print_r($_SESSION, TRUE) . '</pre>';
header(sprintf("Location: %s", 'http://mywebsite.com/clients/test/test.php'));
die();
}
?>
关于php - 如何使用带有 PFX 文件和密码的 PHP 连接到 API?,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/42006100/