概念 - 我正在制作门户网站,我想在其中添加 aadhaar 身份验证并获取用户详细信息(姓名、出生日期和地址),如果用户允许并验证 OTP,则仅如此。
语言使用 - php、curl
简单示例- EPFO 门户用户输入他的 aadhaar 号码并检查,用户从 UIDAI 接收 OTP。如果有效,则获取姓名、出生日期、地址,就像要在 PHP 中构建的这个简单功能一样。
错误是-
错误号 - 6 无法解析主机:auth.uidai.gov.in;名称或服务未知 这里
我参考下面的链接--
我尝试了下面的代码但不起作用,
<?php
/** * https://uidai.gov.in/images/resource/Aadhaar_Authentication_API-2.5_Revision-1_of_January_2022.pdf */
$adhar_card_no = "123456789012";
function checkurl($adhar_card_no)
{
$host = "https://auth.uidai.gov.in";
$version = "2.5";
$aua = "public";
$asalk = "MAvSQG0jKTW4XxQc2cI-oXZYxYH-zi7IWmsQY1q3JNLlC8VOWOHYGj8";
$uid = str_split($adhar_card_no);
$url = $host."/".$version."/".$aua."/".$uid[0]."/".$uid[1]."/".$asalk;
return $url;
}
$request_url = checkurl($adhar_card_no);
function requestDataBuilder($uid)
{
$encrypted_encoded_session_key = "";
$encrypted_pid_block = "";
$sha256_pid_bloc_encrypted_encoded= "";
$digital_aua_signatrure= "";
$auth_data = [
"uid" => $uid, //Adhaar Card No.
"tid" => "", //Terminal Id for registered device else public
"ac" => "", //10 char unique code, public for testing
"sa" => "", //max length 10, same as ac possible
"ver" => 1.6, //Current version
"txn" => "", //AUA transaction identifier. max length 50, not U*
"lk" => "", //Valid License Key, max length 64
];
$uses_data = [ "pi" => "n", "pa" => "n", "pfa" => "n", "bio" => "n", "bt" => "n", "pin" => "n", "otp" => "n" ];
$tkn_data = [
"type" => "001", //only this option available for now which is mobile no.
"value" => "9595792282" //Mobile no. 10 digit only no prefix
];
$meta_data = [
"udc" => "123456477699", //[vendorcode][date of deployment][serial number] max length 20
"fdc" => "NA", //Fingerprint device code. use NA or NC or given code
"idc" => "NA", //Iris device code, us na or NC
"pip" => "NA", //Public IP address of the device, or NA
"lot" => "P", //G -lat long format. p for pincode format
"lov" => "110025" // value as per G and P- my pin change it
];
$skey_data = [
"ci" => "", //Public key certificate Identifier --mandatory
"ki" => "" //This is for advanced use only, --optional
];
$format = '<Auth uid="'.$auth_data['uid'].'" tid ="'.$auth_data['tid'].'" ac="'.$auth_data['ac'].'" sa="'.$auth_data['sa'].'" ver="'.$auth_data['ver'].'" txn="'.$auth_data['txn'].'" lk="'.$auth_data['lk'].'">';
$format.= '<Uses pi="'.$uses_data['pi'].'" pa="'.$uses_data['pa'].'" pfa="'.$uses_data['pfa'].'" bio="'.$uses_data['bio'].'" bt="'.$uses_data['bt'].'" pin="'.$uses_data['pin'].'" otp="'.$uses_data['otp'].'"/>';
$format.= '<Tkn type="'.$tkn_data['type'].'" value="'.$tkn_data['value'].'"/>';
$format.= '<Meta udc="'.$meta_data['udc'].'" fdc="'.$meta_data['fdc'].'" idc="'.$meta_data['idc'].'" pip="'.$meta_data['pip'].'" lot="'.$meta_data['lot'].'" lov="'.$meta_data['lov'].'"/>';
$format.= '<Skey ci="'.$skey_data['ci'].'" ki="'.$skey_data['ci'].'">'.$encrypted_encoded_session_key.'</Skey>';
$format.= '<Data type="X">'.$encrypted_pid_block.'</Data>';
$format.= '<Hmac>'.$sha256_pid_bloc_encrypted_encoded.'</Hmac>';
$format.= '<Signature>'.$digital_aua_signatrure.'</Signature></Auth>';
return $format;
}
$request_url = checkurl($adhar_card_no);
$data_to_send = requestDataBuilder($adhar_card_no);
//setting the curl parameters.
$ch = curl_init();
$curl_options = [ CURLOPT_URL => $request_url, CURLOPT_VERBOSE => 1, CURLOPT_SSL_VERIFYHOST => 0, CURLOPT_SSL_VERIFYPEER => 0, CURLOPT_POST => 1, CURLOPT_RETURNTRANSFER => 1, CURLOPT_HTTPHEADER => array('Content-Type: application/xml'), CURLOPT_POSTFIELDS => $data_to_send ];
curl_setopt_array($ch, $curl_options);
curl_setopt( $ch, CURLOPT_IPRESOLVE, CURL_IPRESOLVE_V4);
$response = curl_exec($ch);
if (curl_errno($ch)) {
// moving to display page to display curl errors
echo 'Error Number - '.curl_errno($ch).'<br/>';
echo curl_error($ch);
echo '<br/> here';
} else {
echo $response;
print_r($response);
}
curl_close($ch);
?>
此代码未从 aadhaar 获取任何 OTP、姓名、DOB。
请帮助某人,任何建议。
请参考此示例代码。它具有加密XML主体的逻辑。只需从官方文档下载登台/测试证书即可。
<?php
require_once 'xmlseclibs/xmlseclibs.php';
use RobRichards\XMLSecLibs\XMLSecurityDSig;
use RobRichards\XMLSecLibs\XMLSecurityKey;
// certificate file locations
$public_certif = 'uidai_auth_stage.cer';
$stag_sign_file = 'Staging_Signature_PrivateKey.p12';
// set variables
$aadhaar_no = '999999990019';
$api_version = "2.5";
$asa_license_key = "MMxNu7a6589B5x5RahDW-zNP7rhGbZb5HsTRwbi-VVNxkoFmkHGmYKM";
$lk = "MBni88mRNM18dKdiVyDYCuddwXEQpl68dZAGBQ2nsOlGMzC9DkOVL5s";
$ac = "public";
$sa = "public";
$tid = "public";
$txn = "AuthDemoClient:public:".date("Ymdhms");
$ts = date('Y-m-d').'T'.date('H:i:s');
// PID Block
$pid_block='<?xml version="1.0"?><ns2:Pid ts="'.$ts.'" xmlns:ns2="http://www.uidai.gov.in/authentication/uid-auth-request-data/1.0"><ns2:Demo><ns2:Pi ms="E" mv="100" name="Shivshankar Choudhury"/></ns2:Demo></ns2:Pid>';
// generate aes-256 session key
$session_key = openssl_random_pseudo_bytes(32);
// generate auth xml
$auth_xml = '<?xml version="1.0" encoding="UTF-8"?><Auth uid="'.$aadhaar_no.'" ac="'.$ac.'" lk="'.$lk.'" sa="'.$sa.'" tid="'.$tid.'" txn="'.$txn.'" ver="'.$api_version.'" xmlns="http://www.uidai.gov.in/authentication/uid-auth-request/1.0" xmlns:ds="http://www.w3.org/2000/09/xmldsig#"><Uses bio="n" otp="n" pa="n" pfa="n" pi="y" pin="n"/><Meta fdc="NA" idc="NA" lot="P" lov="560094" pip="NA" udc="1122"/><Skey ci="'.certif_expire().'">'.encrypt_session_key($session_key).'</Skey><Data type="X">'.encrypt_pid($pid_block, $session_key).'</Data><Hmac>'.calculate_hmac($pid_block, $session_key).'</Hmac></Auth>';
//echo $auth_xml;
//die();
// $xml=simplexml_load_string($auth_xml) or die("Error: Cannot create object");
//print_r($xml);
// xmldsig the auth xml
$doc = new DOMDocument();
$doc->loadXML($auth_xml);
$objDSig = new XMLSecurityDSig();
$objDSig->setCanonicalMethod(XMLSecurityDSig::C14N);
$objDSig->addReference(
$doc,
XMLSecurityDSig::SHA256,
array(
'http://www.w3.org/2000/09/xmldsig#enveloped-signature',
'http://www.w3.org/2001/10/xml-exc-c14n#'
),
array('force_uri' => true)
);
$objKey = new XMLSecurityKey(XMLSecurityKey::RSA_SHA256, array('type'=>'private'));
openssl_pkcs12_read(file_get_contents($stag_sign_file), $key, "public");
$objKey->loadKey($key["pkey"]);
$objDSig->add509Cert($key["cert"]);
$objDSig->sign($objKey, $doc->documentElement);
// make a request to uidai
$ch = curl_init("http://auth.uidai.gov.in/$api_version/public/".$aadhaar_no[0]."/".$aadhaar_no[0]."/$asa_license_key");
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_POSTFIELDS, $doc->saveXML());
curl_setopt($ch, CURLOPT_HTTPHEADER, array(
"Accept: application/xml",
"Content-Type: application/xml"
));
echo "\nRequest XML\n";
echo $doc->saveXML();
echo "\n\n";
echo "Response from UIDAI\n";
echo htmlspecialchars_decode(curl_exec($ch));
function encrypt_pid($pid_block, $session_key)
{
return encrypt_by_session_key($pid_block, $session_key);
}
function encrypt_by_session_key($data, $session_key)
{
global $public_certif;
$fp=fopen($public_certif, "r");
$pub_key_string=fread($fp,8192);
openssl_public_encrypt($data, $encrypted_data, $pub_key_string, OPENSSL_PKCS1_PADDING);
return $encrypted_data;
}
function generateRandomString($length = 32) {
$characters = '0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ';
$charactersLength = strlen($characters);
$randomString = '';
for ($i = 0; $i < $length; $i++) {
$randomString .= $characters[rand(0, $charactersLength - 1)];
}
return $randomString;
}
function calculate_hmac($data, $session_key)
{
return encrypt_by_session_key(hash('sha256', $data, true), $session_key);
}
function certif_expire()
{
global $public_certif;
$certinfo = openssl_x509_parse(file_get_contents($public_certif));
return date('Ymd', $certinfo['validTo_time_t']);
}
function encrypt_session_key($session_key)
{
global $public_certif;
$pub_key = openssl_pkey_get_public(file_get_contents($public_certif));
$keyData = openssl_pkey_get_details($pub_key);
openssl_public_encrypt($session_key, $encrypted_session_key, $keyData['key'], OPENSSL_PKCS1_PADDING);
return base64_encode($encrypted_session_key);
}
鼓励Surepass和Signzy等私营公司提供API网关。
鉴于 Aadhar 数据的敏感性,政府不允许在这种情况下将其用于测试目的。
虽然我们尝试使用API-Setu,但我们遇到了频繁的服务中断。