php 如何通过UIDAI执行Aadhaar eKYC身份验证,并在用户许可和OTP验证完成的情况下检索用户详细信息(姓名,出生日期,地址)?

niknxzdl  于 2023-09-29  发布在  PHP
关注(0)|答案(2)|浏览(98)

bounty已结束。回答此问题可获得+200声望奖励。赏金宽限期19小时后结束。MAYUR SANCHETI提请更多注意这个问题:需要适当的程序,还是这个解决不了,我试过没有。代码,deepvue.tech,surepass,signzy是如何工作的,我和UIDAI客户服务谈过,但他们忽略了这样的API,他们告诉这不是公共API。请帮帮忙。
概念-我做的门户网站,我想添加aadhaar身份验证,并获得用户的详细信息(名称,出生日期和地址),如果用户允许,并验证OTP然后才。
语言使用- php,curl
**简单示例-**EPFO门户用户输入他的aadhaar号码并检查,用户从UIDAI接收OTP。如果有效则获取姓名、生日、地址,像这样简单的功能要在PHP中构建。
错误为-

错误编号-6无法解析主机:auth.uidai.gov.in;此处不知道名称或服务

我参考下面的链接--

  1. https://uidai.gov.in/images/resource/Aadhaar_Authentication_API-2.5_Revision-1_of_January_2022.pdf
  2. https://www.uidai.gov.in/en/916-developer-section/data-and-downloads-section/11350-testing-data-and-license-keys.html
  3. uidai.gov.in/images/resource/aadhaar_otp_request_api_2_5.pdf
    1.类似的功能已经存在于https://unifiedportal-mem.epfindia.gov.in/memberinterface/-验证aadhaar,并获得他的详细信息,一旦用户允许,我需要类似的功能,当用户允许,然后只得到姓名,出生日期,地址。

我试了下面的代码,但没有工作,

<?php
/** * https://uidai.gov.in/images/resource/Aadhaar_Authentication_API-2.5_Revision-1_of_January_2022.pdf */
$adhar_card_no = "123456789012";
 
function checkurl($adhar_card_no)
{
    $host = "https://auth.uidai.gov.in";
    $version = "2.5";
    $aua = "public";
    $asalk = "MAvSQG0jKTW4XxQc2cI-oXZYxYH-zi7IWmsQY1q3JNLlC8VOWOHYGj8";
    $uid = str_split($adhar_card_no);
    $url =  $host."/".$version."/".$aua."/".$uid[0]."/".$uid[1]."/".$asalk;
    return $url;
}

$request_url = checkurl($adhar_card_no);

function requestDataBuilder($uid)
{
    $encrypted_encoded_session_key = "";
    $encrypted_pid_block = "";
    $sha256_pid_bloc_encrypted_encoded= "";
    $digital_aua_signatrure= "";
  
    $auth_data = [
        "uid" => $uid, //Adhaar Card No.
        "tid" => "", //Terminal Id for registered device else public
        "ac" => "", //10 char unique code, public for testing
        "sa" => "", //max length 10, same as ac possible
        "ver" => 1.6, //Current version
        "txn" => "", //AUA transaction  identifier. max length 50, not U*
        "lk" => "", //Valid License Key, max length 64
    ];
    $uses_data = [ "pi" => "n", "pa" => "n", "pfa" => "n", "bio" => "n", "bt" => "n", "pin" => "n", "otp" => "n" ];
    
    $tkn_data = [
        "type" => "001", //only this option available for now which is mobile no.
        "value" => "9595792282" //Mobile no. 10 digit only no prefix
    ];
    $meta_data = [
        "udc" => "123456477699", //[vendorcode][date of deployment][serial number] max length 20
        "fdc" => "NA", //Fingerprint device code. use NA or NC or given code
        "idc" => "NA", //Iris device  code,  us na or NC
        "pip" => "NA", //Public IP address of the device, or NA
        "lot" => "P", //G -lat long format. p for pincode format
        "lov" => "110025" // value as per G and P- my pin change it
    ];
    $skey_data = [
        "ci" => "", //Public key certificate Identifier --mandatory
        "ki" => "" //This is for advanced use only, --optional
    ];

    $format = '<Auth uid="'.$auth_data['uid'].'" tid ="'.$auth_data['tid'].'" ac="'.$auth_data['ac'].'" sa="'.$auth_data['sa'].'" ver="'.$auth_data['ver'].'" txn="'.$auth_data['txn'].'" lk="'.$auth_data['lk'].'">';
    $format.= '<Uses pi="'.$uses_data['pi'].'" pa="'.$uses_data['pa'].'" pfa="'.$uses_data['pfa'].'" bio="'.$uses_data['bio'].'" bt="'.$uses_data['bt'].'" pin="'.$uses_data['pin'].'" otp="'.$uses_data['otp'].'"/>';
    $format.= '<Tkn type="'.$tkn_data['type'].'" value="'.$tkn_data['value'].'"/>';
    $format.= '<Meta udc="'.$meta_data['udc'].'" fdc="'.$meta_data['fdc'].'" idc="'.$meta_data['idc'].'" pip="'.$meta_data['pip'].'" lot="'.$meta_data['lot'].'" lov="'.$meta_data['lov'].'"/>';
    $format.= '<Skey ci="'.$skey_data['ci'].'" ki="'.$skey_data['ci'].'">'.$encrypted_encoded_session_key.'</Skey>';
    $format.= '<Data type="X">'.$encrypted_pid_block.'</Data>';
    $format.= '<Hmac>'.$sha256_pid_bloc_encrypted_encoded.'</Hmac>';
    $format.= '<Signature>'.$digital_aua_signatrure.'</Signature></Auth>';
    return $format;

}
$request_url = checkurl($adhar_card_no);
$data_to_send = requestDataBuilder($adhar_card_no);
//setting the curl parameters.
$ch = curl_init();
$curl_options = [ CURLOPT_URL => $request_url, CURLOPT_VERBOSE => 1, CURLOPT_SSL_VERIFYHOST => 0, CURLOPT_SSL_VERIFYPEER => 0, CURLOPT_POST => 1, CURLOPT_RETURNTRANSFER => 1, CURLOPT_HTTPHEADER => array('Content-Type: application/xml'), CURLOPT_POSTFIELDS => $data_to_send ];


curl_setopt_array($ch, $curl_options);
curl_setopt( $ch, CURLOPT_IPRESOLVE, CURL_IPRESOLVE_V4);
$response = curl_exec($ch);

if (curl_errno($ch)) {
// moving to display page to display curl errors
    echo 'Error Number - '.curl_errno($ch).'<br/>';
    echo curl_error($ch);
    echo '<br/> here'; 
} else {
    
    echo $response;
    print_r($response);

}
curl_close($ch);
?>

此代码没有从aadhaar获得任何OTP,名称,DOB。
请帮助别人,任何建议。

elcex8rz

elcex8rz1#

请参考此示例代码。它具有加密XML主体的逻辑。只需从official documentation.下载暂存/测试证书

<?php
require_once 'xmlseclibs/xmlseclibs.php';
use RobRichards\XMLSecLibs\XMLSecurityDSig;
use RobRichards\XMLSecLibs\XMLSecurityKey;

// certificate file locations
$public_certif = 'uidai_auth_stage.cer';
$stag_sign_file = 'Staging_Signature_PrivateKey.p12';

// set variables
$aadhaar_no = '999999990019';
$api_version = "2.5";
$asa_license_key = "MMxNu7a6589B5x5RahDW-zNP7rhGbZb5HsTRwbi-VVNxkoFmkHGmYKM";
$lk = "MBni88mRNM18dKdiVyDYCuddwXEQpl68dZAGBQ2nsOlGMzC9DkOVL5s";
$ac = "public";
$sa = "public";
$tid = "public";
$txn = "AuthDemoClient:public:".date("Ymdhms");
$ts = date('Y-m-d').'T'.date('H:i:s');

// PID Block
$pid_block='<?xml version="1.0"?><ns2:Pid ts="'.$ts.'" xmlns:ns2="http://www.uidai.gov.in/authentication/uid-auth-request-data/1.0"><ns2:Demo><ns2:Pi ms="E" mv="100" name="Shivshankar Choudhury"/></ns2:Demo></ns2:Pid>';

// generate aes-256 session key
$session_key = openssl_random_pseudo_bytes(32);

// generate auth xml
$auth_xml = '<?xml version="1.0" encoding="UTF-8"?><Auth uid="'.$aadhaar_no.'" ac="'.$ac.'" lk="'.$lk.'" sa="'.$sa.'" tid="'.$tid.'" txn="'.$txn.'" ver="'.$api_version.'" xmlns="http://www.uidai.gov.in/authentication/uid-auth-request/1.0" xmlns:ds="http://www.w3.org/2000/09/xmldsig#"><Uses bio="n" otp="n" pa="n" pfa="n" pi="y" pin="n"/><Meta fdc="NA" idc="NA" lot="P" lov="560094" pip="NA" udc="1122"/><Skey ci="'.certif_expire().'">'.encrypt_session_key($session_key).'</Skey><Data type="X">'.encrypt_pid($pid_block, $session_key).'</Data><Hmac>'.calculate_hmac($pid_block, $session_key).'</Hmac></Auth>';

//echo $auth_xml;
 //die();
// $xml=simplexml_load_string($auth_xml) or die("Error: Cannot create object");
//print_r($xml);

// xmldsig the auth xml
$doc = new DOMDocument();
$doc->loadXML($auth_xml);
$objDSig = new XMLSecurityDSig();
$objDSig->setCanonicalMethod(XMLSecurityDSig::C14N);
$objDSig->addReference(
    $doc,
    XMLSecurityDSig::SHA256,
    array(
        'http://www.w3.org/2000/09/xmldsig#enveloped-signature',
        'http://www.w3.org/2001/10/xml-exc-c14n#'
    ),
    array('force_uri' => true)
);
$objKey = new XMLSecurityKey(XMLSecurityKey::RSA_SHA256, array('type'=>'private'));
openssl_pkcs12_read(file_get_contents($stag_sign_file), $key, "public");
$objKey->loadKey($key["pkey"]);
$objDSig->add509Cert($key["cert"]);
$objDSig->sign($objKey, $doc->documentElement);

// make a request to uidai
$ch = curl_init("http://auth.uidai.gov.in/$api_version/public/".$aadhaar_no[0]."/".$aadhaar_no[0]."/$asa_license_key");
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_POSTFIELDS, $doc->saveXML());
curl_setopt($ch, CURLOPT_HTTPHEADER, array(
  "Accept: application/xml",
  "Content-Type: application/xml"
));
echo "\nRequest XML\n";
echo $doc->saveXML();
echo "\n\n";
echo "Response from UIDAI\n";
echo htmlspecialchars_decode(curl_exec($ch));


function encrypt_pid($pid_block, $session_key)
{
    return encrypt_by_session_key($pid_block, $session_key);
}

function encrypt_by_session_key($data, $session_key)
{
    global $public_certif;
    $fp=fopen($public_certif, "r");
    $pub_key_string=fread($fp,8192);
    openssl_public_encrypt($data, $encrypted_data, $pub_key_string, OPENSSL_PKCS1_PADDING);
    return $encrypted_data;
    }
function generateRandomString($length = 32) {
    $characters = '0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ';
    $charactersLength = strlen($characters);
    $randomString = '';
    for ($i = 0; $i < $length; $i++) {
        $randomString .= $characters[rand(0, $charactersLength - 1)];
    }
    return $randomString;

}

function calculate_hmac($data, $session_key)
{
    return encrypt_by_session_key(hash('sha256', $data, true), $session_key);
}

function certif_expire()
{
    global $public_certif;
    $certinfo = openssl_x509_parse(file_get_contents($public_certif));
    return date('Ymd', $certinfo['validTo_time_t']);
}

function encrypt_session_key($session_key)
{
    global $public_certif;
    $pub_key = openssl_pkey_get_public(file_get_contents($public_certif));
    $keyData = openssl_pkey_get_details($pub_key);
    openssl_public_encrypt($session_key, $encrypted_session_key, $keyData['key'], OPENSSL_PKCS1_PADDING);
    return base64_encode($encrypted_session_key);
}
liwlm1x9

liwlm1x92#

鼓励私营公司,如Surepass和Signzy,提供API网关。
鉴于Aadhar数据的敏感性,政府不允许将其用于这种情况下的测试目的。
虽然我们尝试使用API-Setu,但我们经常遇到服务中断。

相关问题