nodes-php / nemid Goto Github PK

When generating certifikateAndPrivateKey I'm not prompted to input a password apart from the import password - am I missing something?

openssl pkcs12 -in path.p12 -out certicateAndPrivateKey.pem -nocerts -nodes

Does this package work with the javascript solution?

What do I input for serviceID? Is it the same as EntityID you make for the metadata file uploaded to https://administration.nemlog-in.dk?

All the old core classes from previous drupal plugin is very php 4. We already refactored the to objects from arrays. But there is still a lot..

It seems the configuration needs one or more values in login -> certificationDigests but I can't seem to find any mention of this in the README file - where do I obtain this value?

Hi,

The code doesn't work for me and I think it's because of my certificate. Where do I find my certificate? Can I use anyone of these?
https://www.nets.eu/dk-da/kundeservice/nemid-tjenesteudbyder/NemID-tjenesteudbyderpakken/Pages/OCES-II-certifikat-eksempler.aspx

• Christian

Fatal error: Uncaught Nodes\NemId\Login\CertificationCheck\Exceptions\InvalidCertificateException: Certificate chain not signed by any trustedroots in /var/www/html/test/nemid/src/Login/CertificationCheck/CertificationCheck.php:212 Stack trace: #0 /var/www/html/test/nemid/src/Login/CertificationCheck/CertificationCheck.php(100): Nodes\NemId\Login\CertificationCheck\CertificationCheck->simpleVerifyCertificateChain(Array) #1 /var/www/html/test/nemid/validateCPR.php(21): Nodes\NemId\Login\CertificationCheck\CertificationCheck->checkAndReturnCertificate('<?xml version="...') #2 {main} thrown in /var/www/html/test/nemid/src/Login/CertificationCheck/CertificationCheck.php on line 212

In browser I have logged with test user and got base64 response
using that response I am trying to call pidCprRequest()
Please let me know if anything missing

Here is my code.
$response = base64_decode($base64Response);
require DIR.'/vendor/autoload.php';
ini_set('display_errors', 1);
error_reporting(E_ALL & ~E_WARNING & ~E_NOTICE & ~E_DEPRECATED & ~E_STRICT & ~E_USER_NOTICE & ~E_USER_DEPRECATED);
$response = "base 64 response after login using nemid and password";
$check = CertificationCheck::isXml($response);

$config = include DIR.'/config/nemid.php';

$config['test'] = true;
$config['login']['testSettings']['privateKeyPassword'] = 'Test1234';
$config['login']['testSettings']['privateKeyLocation'] = DIR.'/testcertificates/test_private.pem';
$config['login']['testSettings']['certificateLocation'] = DIR.'/testcertificates/test_public.pem';
$userCertificate = new CertificationCheck($config);

$certificate = $userCertificate->checkAndReturnCertificate($response);

$certificate->getSubject()->getName();

$pid = $certificate->getSubject()->getPid();

$pidCprMatch = new PidCprMatch(config('nodes.nemid'));

$response = $pidCprMatch->pidCprRequest($pid, $certificate);

$isCPRValid = $response->didMatch();
print_r($isCPRValid);

I had this error too and found this: https://digitaliser.dk/forum/2976395

The problem I had and looking at your code, seems you still have is:

The signed data should of the base64 bit hash of the normalizes string. (Not the normalized string itself).
Also (I'm in C#) I have to do rsa.SignHash (not rsa.SignData).

Hope this help, if you still having problems.

Hi
I want to use your library in a php project. I have created the .pem certificates with openssl.exe on a windows 10 machine but this line:
openssl_pkey_get_private($this->settings->getPrivateKey(), $this->settings->getPrivateKeyPassword());

in Login.php gives me no output. I have checked that $this->settings->getPrivateKey() contains the certificate string and $this->settings->getPrivateKeyPassword() contains my password. Has this something to do with PHP version on the server ??

The config should be passed in once, through a service provider

Using a test certificate and a test user, when checkOscp is enabled i get the following error:
Failed to check certificate: cURL error 56: Recv failure: Connection reset by peer (see https://curl.haxx.se/libcurl/c/libcurl-errors.html)

I have not tried this against the production environment, so I'm not sure if it's related to using the test environment.

Did a bit of debugging, and it seems it tries to send the request to: http://ocsp.systemtest34.trust2408.com/responder if that helps.

Hi

The package needs to be updated with PSR-4 compliance, Composer 1.x warns about the issue, and Composer 2.0 was already released. I can update the package, but it should be a new major release. I already have a fork with some issues fixed. Are you interested in a pull request or you consider the package abandoned? Thanks!

Deprecation Notice: Class Nodes\NemId\PidCprMatch\Settings located in ./vendor/nodes/nemid/src/Webservice/Settings.php does not comply with psr-4 autoloading standard. It will not autoload anymore in Composer v2.0. in phar:///usr/local/bin/composer/src/Composer/Autoload/ClassMapGenerator.php:201
Deprecation Notice: Class Nodes\NemId\PidCprMatch\Responses\Response located in ./vendor/nodes/nemid/src/Webservice/PidCprMatch/Responses/Response.php does not comply with psr-4 autoloading standard. It will not autoload anymore in Composer v2.0. in phar:///usr/local/bin/composer/src/Composer/Autoload/ClassMapGenerator.php:201
Deprecation Notice: Class Nodes\NemId\PidCprMatch\PidCprMatch located in ./vendor/nodes/nemid/src/Webservice/PidCprMatch/PidCprMatch.php does not comply with psr-4 autoloading standard. It will not autoload anymore in Composer v2.0. in phar:///usr/local/bin/composer/src/Composer/Autoload/ClassMapGenerator.php:201

I'm getting following error in the console on test environment:
(index):35 Uncaught DOMException: Failed to execute 'postMessage' on 'Window': Invalid target origin '{https://appletk.danid.dk/}' in a call to 'postMessage'.
at onNemIDMessage (http://localhost/NemID/:35:18)

When trying to get the iFrame to work, i keep getting a consistent APP001 error from the iFrame. I've verified that my parameters are fine through the developer site, and tried additional ways of including the parameters, to make sure i didn't malform them somewhere along the way.

Is the Origin a necessity when using the iFrame, or do you know if it's a possible error with running it in a localhost environment?

It would be great if anyone has any info on how to do the same with a Rid (subjectSerialNumber) instead of Pid?

Why is there no implementation of LDAP?