PHP - Curitiba WS semrpe returns 403

Asked

Viewed 331 times

0

I am trying to send an NFS-e (XML, RPS batch) through the Curitiba webservice, but the connection with Curl always returns error 403 (without permission). I have linked the certificate in the City Hall System (ISS). Follow the settings below:

Curl settings

curl_setopt($ch, CURLOPT_URL, $endpoint);
    curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, 60);
    curl_setopt($ch, CURLOPT_TIMEOUT, 60);
    curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
    curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 2);
    curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, true);

    curl_setopt($ch, CURLOPT_SSLCERT, "{$path}_cert.pem");
    curl_setopt($ch, CURLOPT_SSLKEY, "{$path}_priKEY.pem");
    curl_setopt($ch, CURLOPT_KEYPASSWD, '******'); // senha do certificado

    curl_setopt($ch, CURLOPT_POSTFIELDS, $xml);
    curl_setopt($ch, CURLOPT_HTTPHEADER, $headers);

Headers

    $headers = [
        'POST /Iss.NfseWebService/nfsews.asmx HTTP/1.1',
        'Host: isscuritiba.curitiba.pr.gov.br',
        'Content-Type: text/xml; charset=utf-8',
        'Content-Length: ' . strlen($xml),
        'SOAPAction: http://www.e-governeapps2.com.br/RecepcionarLoteRps'
    ];

XML Uploaded (with test data)

<?xml version="1.0" encoding="utf-8"?>
<soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">   
  <soap:Body>
    <RecepcionarLoteRps xmlns="http://www.e-governeapps2.com.br/">
        <EnviarLoteRpsEnvio>
            <LoteRps>
                <NumeroLote>1</NumeroLote>
                <Cnpj>00000000000000</Cnpj>
                <InscricaoMunicipal/>
                <QuantidadeRps>1</QuantidadeRps>
                <ListaRps>
                    <Rps>
                        <InfRps>
                            <IdentificacaoRps>
                                <Numero>1</Numero>
                                <Serie>A</Serie>
                                <Tipo>1</Tipo>
                            </IdentificacaoRps>
                            <DataEmissao>2018-08-30 04:11:00T00:00:00</DataEmissao>
                            <NaturezaOperacao>1</NaturezaOperacao>
                            <RegimeEspecialTributacao>2</RegimeEspecialTributacao>
                            <OptanteSimplesNacional>1</OptanteSimplesNacional>
                            <IncentivadorCultural>2</IncentivadorCultural>
                            <Status>1</Status>
                            <Servico>
                                <Valores>
                                    <ValorServicos>1.00</ValorServicos>
                                    <ValorDeducoes>0</ValorDeducoes>
                                    <ValorPis>0</ValorPis>
                                    <ValorCofins>0</ValorCofins>
                                    <ValorInss>0</ValorInss>
                                    <ValorIr>0</ValorIr>
                                    <ValorCsll>0</ValorCsll>
                                    <IssRetido>2</IssRetido>
                                    <ValorIss>0</ValorIss>
                                    <ValorIssRetido>0</ValorIssRetido>
                                    <OutrasRetencoes>0</OutrasRetencoes>
                                    <BaseCalculo>1.00</BaseCalculo>
                                    <Aliquota>0</Aliquota>
                                    <ValorLiquidoNfse>1.00</ValorLiquidoNfse>
                                    <DescontoIncondicionado>0</DescontoIncondicionado>
                                    <DescontoCondicionado>0</DescontoCondicionado>
                                </Valores>
                                <ItemListaServico>701</ItemListaServico>
                                <CodigoCnae>0</CodigoCnae>
                                <Discriminacao>Auditoria Ambiental</Discriminacao>
                                <CodigoMunicipio>0000000</CodigoMunicipio>
                            </Servico>
                            <Prestador>
                                <Cnpj>00000000000000</Cnpj>
                                <InscricaoMunicipal/>
                            </Prestador>
                            <Tomador>
                                <IdentificacaoTomador>
                                    <CpfCnpj>
                                        <Cnpj>00000000000000</Cnpj>
                                    </CpfCnpj>
                                </IdentificacaoTomador>
                                <RazaoSocial>EMPRESA TESTE LTDA</RazaoSocial>
                                <Endereco>
                                    <Endereco>TESTE</Endereco>
                                    <Numero>00</Numero>
                                    <Complemento/>
                                    <Bairro>TESTE</Bairro>
                                    <CodigoMunicipio>0000000</CodigoMunicipio>
                                    <Uf>PR</Uf>
                                    <Cep>00000000</Cep>
                                </Endereco>
                                <Contato>
                                    <Telefone>11111111111</Telefone>
                                    <Email>[email protected]</Email>
                                </Contato>
                            </Tomador>
                        </InfRps>
                    </Rps>
                </ListaRps>
            </LoteRps>
            <Signature Id="NfsSignature">
                <SignedInfo>
                    <CanonicalizationMethod Algorithm="http://www.w3.org/2006/12/xml-c14n11"/>
                    <SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
                    <Reference URI="http://www.w3.org/TR/2000/REC-xhtml1-20000126/">
                        <Transforms>
                            <Transform Algorithm="http://www.w3.org/2006/12/xml-c14n11"/></Transforms>
                        <DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
                        <DigestValue>Y2ZhNTExODY1OGRlOGU0MDI5NzU5MzZhMTVlMDVlYThhZTc5ZjcwYTA4NzQxYjIxMjQ0NTY3ZWE4YWVlNTIyOQ==</DigestValue>
                    </Reference>
                </SignedInfo>
                <SignatureValue>gJqmDLOaY4YdNEELf2c+hkrxcbz3x2og69YgiqtGR9zt0B+CzRodYoXB5euTB014sgHoCJejaBKwBaBq6BuLBmxUm02F4Lt8ApxQQF+e7561AcAV00YVb6nfILz4dzX32H8CjTYqK0cKONjYzAdNJinCpxybMEeS/6nkKS7vRmXgN18g7t1HUHvgWpirlYJ7mGeigFgYeUmd0JEmaycWyMtOzDhWq8KYeSFfP3Y/HlHQpMX6zh7tRw2oVlRCJQnRazedzLNY74gcZjd8fX5YrqERK6ExhhALJH8BGVg5uwhHC8llvO5EPnRSHTXkcqrBZihF/1LKbTvqQgjTCIiQPQ==</SignatureValue>
                <KeyInfo>
                    <X509Data>
                        <X509Certificate>MIIHwDCCBaigAwIBAgIQKPorJVJCMiKfm+A1xBpgjTANBgkqhkiG9w0BAQsFADBxMQswCQYDVQQGEwJCUjETMBEGA1UEChMKSUNQLUJyYXNpbDE2MDQGA1UECxMtU2VjcmV0YXJpYSBkYSBSZWNlaXRhIEZlZGVyYWwgZG8gQnJhc2lsIC0gUkZCMRUwEwYDVQQDEwxBQyBCUiBSRkIgRzQwHhcNMTgwNjI2MTc1ODU0WhcNMTkwNjI2MTc1ODU0WjCB7DELMAkGA1UEBhMCQlIxEzARBgNVBAoMCklDUC1CcmFzaWwxCzAJBgNVBAgMAlBSMREwDwYDVQQHDAhDdXJpdGliYTE2MDQGA1UECwwtU2VjcmV0YXJpYSBkYSBSZWNlaXRhIEZlZGVyYWwgZG8gQnJhc2lsIC0gUkZCMRYwFAYDVQQLDA1SRkIgZS1DTlBKIEExMSQwIgYDVQQLDBtBdXRlbnRpY2FkbyBwb3IgQVIgQ0VSVFBMVVMxMjAwBgNVBAMMKUdFT1BBUkFOQSBDT05TVUxUT1JJQSBMVERBOjA0NDI2Nzg4MDAwMTUzMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv0h3OZuHK+dwDj1dfLbhg355CNWWVD/mK0dJtN+aorRHOfA0Cb09CQ4AIXox/9aiD0P2IOxFNuvKCpFFR9fVNdJlbK+aBJwpjsChAN+zJRdajutvM+3xmWNOWZ8CX7Lhz19SB4LB7L9Q5Lf14UP24IguUA3WA4EawLVdrSIZgGJiRd6GDYr9WLRRPD47b94picGQL6ezeeeGuppOd4/jeFJxqC8cmzkFHofeRxViNRQVYzY1h+fRJdEU30YbX7SEH3ZAhSdzY4mgA2NWCHnGZKF9e4V6M4q8/3JWpZxdHU33b/dDAKH7G7vf0IZ8Z3R3DdW9rhY+zRYr8K2qEKAJXQIDAQABo4IC1jCCAtIwgb4GA1UdEQSBtjCBs6A4BgVgTAEDBKAvBC0wNDA1MTk2MDQ5MTIxNTI5OTQ5MDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDCgJgYFYEwBAwKgHQQbU0VSR0lPIENBUkxPUyBNVURSRUkgU0NIT1RUoBkGBWBMAQMDoBAEDjA0NDI2Nzg4MDAwMTUzoBcGBWBMAQMHoA4EDDAwMDAwMDAwMDAwMIEbbHVjYWNvbnRhYmlsaWRhZGVAZ21haWwuY29tMAkGA1UdEwQCMAAwHwYDVR0jBBgwFoAUdb8gigSrtNF55L3vJhGgQTbY9L0wbAYDVR0gBGUwYzBhBgZgTAECARswVzBVBggrBgEFBQcCARZJaHR0cDovL2ljcC1icmFzaWwuYWNici5jb20uYnIvcmVwb3NpdG9yaW8vZHBjL0FDX0JSX1JGQi9EUENfQUNfQlJfUkZCLnBkZjCBqQYDVR0fBIGhMIGeMEugSaBHhkVodHRwOi8vaWNwLWJyYXNpbC5hY2JyLm9yZy5ici9yZXBvc2l0b3Jpby9sY3IvQUNCUlJGQkc0L0xhdGVzdENSTC5jcmwwT6BNoEuGSWh0dHA6Ly9pY3AtYnJhc2lsLm91dHJhbGNyLmNvbS5ici9yZXBvc2l0b3Jpby9sY3IvQUNCUlJGQkc0L0xhdGVzdENSTC5jcmwwDgYDVR0PAQH/BAQDAgXgMB0GA1UdJQQWMBQGCCsGAQUFBwMCBggrBgEFBQcDBDCBmQYIKwYBBQUHAQEEgYwwgYkwUwYIKwYBBQUHMAKGR2h0dHA6Ly9pY3AtYnJhc2lsLmFjYnIub3JnLmJyL3JlcG9zaXRvcmlvL2NlcnRpZmljYWRvcy9BQ19CUl9SRkJfRzQucDdjMDIGCCsGAQUFBzABhiZodHRwOi8vb2NzcC1hYy1ici1yZmIuY2VydGlzaWduLmNvbS5icjANBgkqhkiG9w0BAQsFAAOCAgEA6lmI66NY7nMxpm1cyyRSxV+GwyLNMr6GOn2IoNFOLuFaDXW9e80aA6tm0aK00nLmzdxWAA8b6AFkELxdZygLp1d2DziQnBIsovEPU4UNB5nZ3SwZ1l/DVZ1GIRSNVm3KscKOqUoqc2iVszPUdMN4kiShHRZ3Qzi/+xa90ptU1FobuDLzsQgc8VtY7jjT8MfnGwiONPUD2eCt6bT/sPQMtB173SkXdEXWkCiB4qeP6Tv655yBcr8L1SPBVRdglQuj0w5B+zQa1dUz26w/lT5jXS5slFQFV98hcCBvV61M25Dyvndthm8+/w1rS8tbKuBb/TL9v+DKgdA86Wf4UoPfKfueYw2ibvmYBgSaKZ10bVUj6QDf6hMx5YYVzR/6IA8ienpTP3o2Ca7OSAB8JnqD5O2DGTgCkMvMBq9jpSZSBWUnmymiwQWTPnbbYj4H4XgK0nBNX6VYvwRlUxEnwhjEqk9RTYfU5k8PM3MZbzVOoSrANWu72N6r2TxEam4RNEUNNWFRESuS4GwpkRMEJd4sJ8CG7yL+7oeOyajax+88xQJ07oRUMUJUYZV+d7GqRTgfErd29pL63N9UkEhIyHfw4ysUlCYSwoghvOB8EUiM576rRS4qXMUwHqePVm0K5ci4IgreHcnfcq2Rz5o6hHndIwRiREiAbjpCYdzFhDxooow=</X509Certificate>
                    </X509Data>
                </KeyInfo>
            </Signature>
        </EnviarLoteRpsEnvio>
    </RecepcionarLoteRps>
  </soap:Body>
</soap:Envelope>

WS link to specifications: https://isscuritiba.curitiba.pr.gov.br/Iss.NfseWebService/nfsews.asmx?op=RecepcionarLoteRps

Any tips to solve this problem?

  • 2

    Hello dear Bigboss, 403 probably has nothing to do with security certificates, the problem should be in the authentication layer of the application. Check that the authentication data passed in your xml is correct.

  • @Guilhermenascimento added the uploaded XML. So there’s nothing wrong with the above settings?

  • @Guilhermenascimento I believe these are all the tags required by WS. Authentication would not be the signature tags?

  • @Guilhermenascimento I remove the SOAP Tagas patterns and added the xmlsn attribute that was missing. (all other tags were already in the first example)

  • @Guilhermenascimento thank you for your help, I really don’t know so much about SOAP. I added the SOAP Tagas included in the real XML (envelope and body), also added the link to the specifications required by WS.

  • Bigboss I think I found the problem, I formulated an answer, because I wouldn’t get to just comment. I hope this is it.

Show 1 more comment

2 answers

1


Updating the correct answer to the problem:

Actually the endpoint must be yes HTTPS, the endpoint with HTTP exists but does not work to transmit the RPS files (NFS-e), strangely it can be used to validate the XML sent, so got that error response in the tag according to Guilherme’s reply. also using endpoint on HTTP it is not possible to send the certificate, which is required for authentication on WS.

And the problem with error 403 (access prohibited) is actually with the certificate sent. The Certificate must be exactly the same imported in the ISS system (WS of Curitiba). It cannot be the original certificate (.pfx, P12, etc.), it must be the same file exported by Internet Explorer (with private key and all extensions).

Best explained in this other question: Curitiba Ws problem in sending the certificate

In the $headers, it is not necessary to send the "host" as pârametro.

$headers = [
    'Content-Type: text/xml; charset=utf-8',
    'Content-Length: ' . strlen($xml),
    'SOAPAction: http://www.e-governeapps2.com.br/RecepcionarLoteRps'
];

Also explaining the tag error (returned by XML validation at HTTP endpoint), the expected date and time format by WS is "yyyy-mm-ddThh:ii:ss", example: "2019-04-01T10:00:00".

For those who are interested or have the same problem, there is this API under development that is working to send the RPS to the WS of Curitiba: sped-nfe-egoverne

1

I’m not sure, but I think this is wrong:

$headers = [
    'POST /Iss.NfseWebService/nfsews.asmx HTTP/1.1', <---- ISTO

There is no reason to send the "VERB" in headers, the Url itself already generates the "verb", this path /Iss.NfseWebService/nfsews.asmx should be part of "endpoint" (URL), should be something like this:

$headers = [
    'Host: isscuritiba.curitiba.pr.gov.br',
    'Content-Type: text/xml; charset=utf-8',
    'Content-Length: ' . strlen($xml),
    'SOAPAction: http://www.e-governeapps2.com.br/RecepcionarLoteRps'
];

$endpoint = 'https://isscuritiba.curitiba.pr.gov.br/Iss.NfseWebService/nfsews.asmx';

curl_setopt($ch, CURLOPT_URL, $endpoint);
curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, 60);
curl_setopt($ch, CURLOPT_TIMEOUT, 60);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 2);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, true);

curl_setopt($ch, CURLOPT_SSLCERT, "{$path}_cert.pem");
curl_setopt($ch, CURLOPT_SSLKEY, "{$path}_priKEY.pem");
curl_setopt($ch, CURLOPT_KEYPASSWD, '******'); // senha do certificado

curl_setopt($ch, CURLOPT_POSTFIELDS, $xml);
curl_setopt($ch, CURLOPT_HTTPHEADER, $headers);

I put the endpoint https://isscuritiba.curitiba.pr.gov.br/, I’m not sure if this is the domain, just deduced by host:.

I did not find in the documentation that claims that HTTPS is required, without using HTTPS I was able to get the result by doing this:

$headers = [
    'Host: isscuritiba.curitiba.pr.gov.br',
    'Content-Type: text/xml; charset=utf-8',
    'Content-Length: ' . strlen($xml),
    'SOAPAction: http://www.e-governeapps2.com.br/RecepcionarLoteRps'
];

$endpoint = 'http://isscuritiba.curitiba.pr.gov.br/Iss.NfseWebService/nfsews.asmx';

$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, $endpoint);
curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, 60);
curl_setopt($ch, CURLOPT_TIMEOUT, 60);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 2);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, true);

curl_setopt($ch, CURLOPT_POSTFIELDS, $xml);
curl_setopt($ch, CURLOPT_HTTPHEADER, $headers);

$resposta = curl_exec($ch);
$status = curl_getinfo($ch, CURLINFO_HTTP_CODE);

echo "Resposta HTTP: $status<br>\n",
     "Resposta do SOAP: ", htmlespecialchars($resposta);

I got this:

Resposta HTTP: 500
Resposta do SOAP: <?xml version="1.0" encoding="utf-8"?><soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema"><soap:Body><soap:Fault><faultcode>soap:Client</faultcode><faultstring>Server was unable to read request. ---&gt; There is an error in XML document (19, 72). ---&gt; The string '2018-08-30 04:11:00T00:00:00' is not a valid AllXsd value.</faultstring><detail /></soap:Fault></soap:Body></soap:Envelope>

Being the mistake:

There is an error in XML Document (19, 72). ---> The string '2018-08-30 04:11:00T00:00:00' is not a Valid Allxsd value.

That is the problem in this line of your XML:

<DataEmissao>2018-08-30 04:11:00T00:00:00</DataEmissao>
  • I tried these changes and it didn’t work, keeps returning 403. I will try to contact the support of the city and hope to answer, since it is not possible to find more recent documentation than 2013 :/

  • @Bigboss tries to send without https, like this 'http://isscuritiba.curitiba.pr.gov.br/Iss.NfseWebService/nfsews.asmx'; and removes lines containing CURLOPT_SSLCERT, CURLOPT_SSLKEY and CURLOPT_KEYPASSWD

  • @Bigboss tested here and it seems that it worked by replacing HTTPS by HTTP, I did not find in the documentation whether HTTPS is required or not, yet I managed to get the following error message Server was unable to read request. ---> There is an error in XML document (19, 72). ---> The string '2018-08-30 04:11:00T00:00:00' is not a valid AllXsd value, edited the answer.

  • thanks for the help. It worked by switching from HTTPS to HTTP, and keeping the POST on headers (I don’t really know if it makes a difference). Now I have another problem with the certificate, but this is another thing rs

  • If you can edit your reply and add the HTTP part it might help someone with the same question in the future :)

Browser other questions tagged

You are not signed in. Login or sign up in order to post.