Skip to content

Instantly share code, notes, and snippets.

@brankoajzele

brankoajzele/fiskalizacija.php

Last active December 1, 2022 17:26
Show Gist options
  • Save brankoajzele/4594489 to your computer and use it in GitHub Desktop.
Save brankoajzele/4594489 to your computer and use it in GitHub Desktop.
Download ZIP
Kompletan primjer fiskalizacije (Croatian fiscalization act/law).
Raw
fiskalizacija.php
<?php
/**
* @author Branko Ajzele <[email protected], http://foggyline.net>
*/
$XMLRequestType = 'RacunZahtjev'; /* RacunZahtjev OR PoslovniProstorZahtjev */
/*************************************************************************************/
/********** STEP_1: Handle the FINA aplikativni certificate in .pfx format **********/
/*************************************************************************************/
$certificate = null;
$certificatePass = 'MyCertPassHere';
$pfxCertificate = '/Users/branko/Downloads/fiskal1-demo-aplikativni.pfx';
openssl_pkcs12_read(file_get_contents($pfxCertificate), $certificate, $certificatePass);
$publicCertificate = $certificate['cert'];
$privateKey = $certificate['pkey'];
$privateKeyResource = openssl_pkey_get_private($privateKey, $certificatePass);
$publicCertificateData = openssl_x509_parse($publicCertificate);
/****************************************************************************/
/********** STEP_2: Handle the FINA CA certificate in .cer format **********/
/****************************************************************************/
$certificateCAcer = '/Users/branko/Downloads/democacert.cer';
$certificateCAcerContent = file_get_contents($certificateCAcer);
/* Convert .cer to .pem, cURL uses .pem */
$certificateCApemContent = '-----BEGIN CERTIFICATE-----'.PHP_EOL
.chunk_split(base64_encode($certificateCAcerContent), 64, PHP_EOL)
.'-----END CERTIFICATE-----'.PHP_EOL;
$certificateCApem = $certificateCAcer.'.pem';
file_put_contents($certificateCApem, $certificateCApemContent);
/*****************************************************/
/********** STEP_3: Calculate Zastitni Kod **********/
/*****************************************************/
$oib = '11111111111';
$dt = new DateTime('now');
$datumVrijemeIzdavanjaRacuna = $dt->format('d.m.Y H:i:s'); /* use invoice created_at datetime here */
$brojcanaOznakaRacuna = '23'; /* 23/MAGE5/1 */
$oznakaPoslovnogProstora = 'MAGE5'; /* 23/MAGE5/1 */
$oznakaNaplatnogUredaja = '1'; /* 23/MAGE5/1 */
$ukupniIznosRacuna = '182.50';
$ZastKodUnsigned = '';
$ZastKodUnsigned .= $oib;
$ZastKodUnsigned .= $datumVrijemeIzdavanjaRacuna;
$ZastKodUnsigned .= $brojcanaOznakaRacuna;
$ZastKodUnsigned .= $oznakaPoslovnogProstora;
$ZastKodUnsigned .= $oznakaNaplatnogUredaja;
$ZastKodUnsigned .= $ukupniIznosRacuna;
$ZastKodSignature = null;
openssl_sign($ZastKodUnsigned, $ZastKodSignature, $privateKeyResource, OPENSSL_ALGO_SHA1);
$ZastKod = md5($ZastKodSignature);
/************************************************/
/********** STEP_4: Calculate UUID v4 **********/
/************************************************/
function UUIDv4() {
return sprintf('%04x%04x-%04x-%04x-%04x-%04x%04x%04x',
mt_rand(0, 0xffff), mt_rand(0, 0xffff),
mt_rand(0, 0xffff),
mt_rand(0, 0x0fff) | 0x4000,
mt_rand(0, 0x3fff) | 0x8000,
mt_rand(0, 0xffff), mt_rand(0, 0xffff), mt_rand(0, 0xffff)
);
}
$UUID = UUIDv4();
/*****************************************************************************************************/
/********** STEP_5: Prepare/Build pure request XML (RacunZahtjev OR PoslovniProstorZahtjev) **********/
/*****************************************************************************************************/
$UriId = uniqid();
if ($XMLRequestType == 'RacunZahtjev') {
$ns = 'tns';
$writer = new XMLWriter();
$writer->openMemory();
//$writer->startDocument('1.0', 'UTF-8');
$writer->setIndent(4);
$writer->startElementNs($ns, 'RacunZahtjev', 'http://www.apis-it.hr/fin/2012/types/f73');
$writer->writeAttribute('Id', $UriId);
$writer->startElementNs($ns, 'Zaglavlje', null);
$writer->writeElementNs($ns, 'IdPoruke', null, $UUID);
$writer->writeElementNs($ns, 'DatumVrijeme', null, date('d.m.Y\TH:i:s'));
$writer->endElement(); /* #Zaglavlje */
$writer->startElementNs($ns, 'Racun', null);
$writer->writeElementNs($ns, 'Oib', null, $oib);
$writer->writeElementNs($ns, 'USustPdv', null, '1');
$writer->writeElementNs($ns, 'DatVrijeme', null, $dt->format('d.m.Y\TH:i:s'));
$writer->writeElementNs($ns, 'OznSlijed', null, 'P'); /* P ili N => P na nivou Poslovnog prostora, N na nivou naplatnog uredaja */
$writer->startElementNs($ns, 'BrRac', null);
$writer->writeElementNs($ns, 'BrOznRac', null, $brojcanaOznakaRacuna);
$writer->writeElementNs($ns, 'OznPosPr', null, $oznakaPoslovnogProstora);
$writer->writeElementNs($ns, 'OznNapUr', null, $oznakaNaplatnogUredaja);
$writer->endElement(); /* #BrRac */
$writer->startElementNs($ns, 'Pdv', null);
$writer->startElementNs($ns, 'Porez', null);
$writer->writeElementNs($ns, 'Stopa', null, '25.00');
$writer->writeElementNs($ns, 'Osnovica', null, '100.00');
$writer->writeElementNs($ns, 'Iznos', null, '25.00');
$writer->endElement(); /* #Porez */
$writer->startElementNs($ns, 'Porez', null);
$writer->writeElementNs($ns, 'Stopa', null, '5.00');
$writer->writeElementNs($ns, 'Osnovica', null, '50.00');
$writer->writeElementNs($ns, 'Iznos', null, '7.50');
$writer->endElement(); /* #Porez */
$writer->endElement(); /* #Pdv */
$writer->writeElementNs($ns, 'IznosUkupno', null, $ukupniIznosRacuna);
$writer->writeElementNs($ns, 'NacinPlac', null, 'G');
$writer->writeElementNs($ns, 'OibOper', null, $oib);
$writer->writeElementNs($ns, 'ZastKod', null, $ZastKod);
$writer->writeElementNs($ns, 'NakDost', null, '0');
$writer->endElement(); /* #Racun */
$writer->endElement(); /* #RacunZahtjev */
//$writer->endDocument();
$XMLRequest = $writer->outputMemory();
}
if ($XMLRequestType == 'PoslovniProstorZahtjev') {
$ns = 'tns';
$writer = new XMLWriter();
$writer->openMemory();
//$writer->startDocument('1.0', 'UTF-8');
$writer->setIndent(4);
$writer->startElementNs($ns, 'PoslovniProstorZahtjev', 'http://www.apis-it.hr/fin/2012/types/f73');
$writer->writeAttribute('Id', $UriId);
$writer->startElementNs($ns, 'Zaglavlje', null);
$writer->writeElementNs($ns, 'IdPoruke', null, UUIDv4());
$writer->writeElementNs($ns, 'DatumVrijeme', null, date('d.m.Y\TH:i:s'));
$writer->endElement(); /* #Zaglavlje */
$writer->startElementNs($ns, 'PoslovniProstor', null);
$writer->writeElementNs($ns, 'Oib', null, $oib);
$writer->writeElementNs($ns, 'OznPoslProstora', null, $oznakaPoslovnogProstora);
$writer->startElementNs($ns, 'AdresniPodatak', null);
$writer->startElementNs($ns, 'Adresa', null);
$writer->writeElementNs($ns, 'Ulica', null, 'Otokara Kersovanija 4');
$writer->writeElementNs($ns, 'KucniBroj', null, '45');
$writer->writeElementNs($ns, 'KucniBrojDodatak', null, 'B');
$writer->writeElementNs($ns, 'BrojPoste', null, '31000');
$writer->writeElementNs($ns, 'Naselje', null, 'Osijek');
$writer->writeElementNs($ns, 'Opcina', null, 'Osijek');
$writer->endElement(); /* #Adresa */
$writer->endElement(); /* #AdresniPodatak */
$writer->writeElementNs($ns, 'RadnoVrijeme', null, 'Pon-Sub: 08:00-21:00, Ned: 09:00-14:00');
$writer->writeElementNs($ns, 'DatumPocetkaPrimjene', null, '04.01.2013');
$writer->writeElementNs($ns, 'SpecNamj', null, '79343687407'); /* YOUR DEVELOPMENT COMPANY OIB ALWAYS */
$writer->endElement(); /* #PoslovniProstor */
$writer->endElement(); /* #PoslovniProstorZahtjev */
//$writer->endDocument();
$XMLRequest = $writer->outputMemory();
}
/*******************************************************************/
/********** STEP_6: Sign $XMLRequest XML via certificate **********/
/*******************************************************************/
$XMLRequestDOMDoc = new DOMDocument();
$XMLRequestDOMDoc->loadXML($XMLRequest);
$canonical = $XMLRequestDOMDoc->C14N();
$DigestValue = base64_encode(hash('sha1', $canonical, true));
$rootElem = $XMLRequestDOMDoc->documentElement;
$SignatureNode = $rootElem->appendChild(new DOMElement('Signature'));
$SignatureNode->setAttribute('xmlns','http://www.w3.org/2000/09/xmldsig#');
$SignedInfoNode = $SignatureNode->appendChild(new DOMElement('SignedInfo'));
$SignedInfoNode->setAttribute('xmlns','http://www.w3.org/2000/09/xmldsig#');
$CanonicalizationMethodNode = $SignedInfoNode->appendChild(new DOMElement('CanonicalizationMethod'));
$CanonicalizationMethodNode->setAttribute('Algorithm','http://www.w3.org/2001/10/xml-exc-c14n#');
$SignatureMethodNode = $SignedInfoNode->appendChild(new DOMElement('SignatureMethod'));
$SignatureMethodNode->setAttribute('Algorithm','http://www.w3.org/2000/09/xmldsig#rsa-sha1');
$ReferenceNode = $SignedInfoNode->appendChild(new DOMElement('Reference'));
$ReferenceNode->setAttribute('URI', sprintf('#%s', $UriId));
$TransformsNode = $ReferenceNode->appendChild(new DOMElement('Transforms'));
$Transform1Node = $TransformsNode->appendChild(new DOMElement('Transform'));
$Transform1Node->setAttribute('Algorithm','http://www.w3.org/2000/09/xmldsig#enveloped-signature');
$Transform2Node = $TransformsNode->appendChild(new DOMElement('Transform'));
$Transform2Node->setAttribute('Algorithm', 'http://www.w3.org/2001/10/xml-exc-c14n#');
$DigestMethodNode = $ReferenceNode->appendChild(new DOMElement('DigestMethod'));
$DigestMethodNode->setAttribute('Algorithm','http://www.w3.org/2000/09/xmldsig#sha1');
$ReferenceNode->appendChild(new DOMElement('DigestValue', $DigestValue));
$SignedInfoNode = $XMLRequestDOMDoc->getElementsByTagName('SignedInfo')->item(0);
$X509Issuer = $publicCertificateData['issuer'];
$X509IssuerName = sprintf('OU=%s,O=%s,C=%s', $X509Issuer['OU'], $X509Issuer['O'], $X509Issuer['C']);
$X509IssuerSerial = $publicCertificateData['serialNumber'];
$publicCertificatePureString = str_replace('-----BEGIN CERTIFICATE-----', '', $publicCertificate);
$publicCertificatePureString = str_replace('-----END CERTIFICATE-----', '', $publicCertificatePureString);
$SignedInfoSignature = null;
if (!openssl_sign($SignedInfoNode->C14N(true), $SignedInfoSignature, $privateKeyResource, OPENSSL_ALGO_SHA1)) {
throw new Exception('Unable to sign the request');
}
$SignatureNode = $XMLRequestDOMDoc->getElementsByTagName('Signature')->item(0);
$SignatureValueNode = new DOMElement('SignatureValue', base64_encode($SignedInfoSignature));
$SignatureNode->appendChild($SignatureValueNode);
$KeyInfoNode = $SignatureNode->appendChild(new DOMElement('KeyInfo'));
$X509DataNode = $KeyInfoNode->appendChild(new DOMElement('X509Data'));
$X509CertificateNode = new DOMElement('X509Certificate', $publicCertificatePureString);
$X509DataNode->appendChild($X509CertificateNode);
$X509IssuerSerialNode = $X509DataNode->appendChild(new DOMElement('X509IssuerSerial'));
$X509IssuerNameNode = new DOMElement('X509IssuerName',$X509IssuerName);
$X509IssuerSerialNode->appendChild($X509IssuerNameNode);
$X509SerialNumberNode = new DOMElement('X509SerialNumber',$X509IssuerSerial);
$X509IssuerSerialNode->appendChild($X509SerialNumberNode);
/*************************************************************/
/********** STEP_7: Add SOAP envelope to signed XML **********/
/*************************************************************/
$envelope = new DOMDocument();
$envelope->loadXML('<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/">
<soapenv:Body></soapenv:Body>
</soapenv:Envelope>');
$envelope->encoding = 'UTF-8';
$envelope->version = '1.0';
$XMLRequestTypeNode = $XMLRequestDOMDoc->getElementsByTagName($XMLRequestType)->item(0);
$XMLRequestTypeNode = $envelope->importNode($XMLRequestTypeNode, true);
$envelope->getElementsByTagName('Body')->item(0)->appendChild($XMLRequestTypeNode);
/* Final, signed XML request */
$payload = $envelope->saveXML();
/******************************************************************************/
/********** STEP_8: Execute POST request with signed XML towards CIS **********/
/******************************************************************************/
$ch = curl_init();
$options = array(
CURLOPT_URL => 'https://cistest.apis-it.hr:8449/FiskalizacijaServiceTest',
CURLOPT_CONNECTTIMEOUT => 5,
CURLOPT_TIMEOUT => 5,
CURLOPT_RETURNTRANSFER => true,
CURLOPT_POST => true,
CURLOPT_POSTFIELDS => $payload,
CURLOPT_SSL_VERIFYHOST => 2,
CURLOPT_SSL_VERIFYPEER => true,
CURLOPT_CAINFO => $certificateCApem,
);
curl_setopt_array($ch, $options);
$response = curl_exec($ch);
if ($response) {
$code = curl_getinfo($ch, CURLINFO_HTTP_CODE);
$DOMResponse = new DOMDocument();
$DOMResponse->loadXML($response);
if ($code === 200) {
/* For RacunZahtjev */
$Jir = $DOMResponse->getElementsByTagName('Jir')->item(0);
if ($Jir) {
echo $Jir->nodeValue;
}
/* For RacunZahtjev && PoslovniProstorZahtjev */
echo $response;
} else {
$SifraGreske = $DOMResponse->getElementsByTagName('SifraGreske')->item(0);
$PorukaGreske = $DOMResponse->getElementsByTagName('PorukaGreske')->item(0);
if ($SifraGreske && $PorukaGreske) {
throw new Exception(sprintf('%s: %s', $SifraGreske->nodeValue, $PorukaGreske->nodeValue));
} else {
throw new Exception(sprintf('HTTP response code %s not suited for further actions.', $code));
}
}
} else {
throw new Exception(curl_error($ch));
}
curl_close($ch);
@rb3606
Copy link

rb3606 commented Jul 7, 2020

Where to find pfx key ?

@Substractive
Copy link

Not sure if it's the case here but watch out for serial number that goes into X509SerialNumber element, newer certs can throw s001 error.
Message example:

"Poruka nije u skladu s XML shemom : cvc-simple-type 1: element {http://www.w3.org/2000/09/xmldsig#}X509SerialNumber value '0x' is not a valid instance of type {http://www.w3.org/2001/XMLSchema}integer".

I solved it by using bcmath to get proper integer value (hex to dec conversion) and so far it looks good. As time passed IsssuerSerial num incremented quite a bit.
Encountered this with one cert, hope this can help someone in case this error pops.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment