Consuming SSL secured web services

[Silvano Girardi Jr]

Lady and Gentlemen :)

I am trying to consume a SSL secured web service and I need to use a
certificate to even get to the WSDL.

I was doing changes in the SCA_Bindings_soap_Proxy to accept the
local_cert and passphrase, but after the first attempt I realized that
it may not be enough to do the job, as I believe the SDO_DAS_XML is
responsible for parsing the contents of the WSDL and thus it needs to
use the certificate as well.

Please let me know if I am wrong in my assumption, otherwise, does
anyone know a way to get around this problem? (So far I am trying to
download all the WSDL by hand and modifying the "import"s in the XSD's
to point to my server. No luck so far.)

Appreciate you help. This is a high priority for me.

Thanks,
Silvano

[silvanojr]

Adding the error message.

[19-Nov-2008 12:42:27] PHP Fatal error: Uncaught
SCA_RuntimeException: SDO_Exception in setWSDLTypes :
SDO_DAS_XML::create - Unable to parse the supplied xsd file
1 parse error(s) occurred when parsing the file 'https://URL/WS.wsdl':
1. xmlSAXUserParseFile returned an error -1

thrown in /usr/share/pear/SCA/Bindings/soap/Proxy.php on line 104

Silvano

[Matthew Peters]

The way I _think_ this works (though it is 2 years since I last looked
at this bit of the code) is as follows:
1. the Soap_Proxy calls setWSDLTypes
2. setWSDLTypes calls the SDO_DAS_XML::create (as shown in the message
below)
3. the SDO_DAS_XML code calls the Tuscany SDO code passing the URL
4. The Tuscany SDO code calls fopen() or something similar
5. This is picked up by the PHP file wrapper (see e.g. http://uk3.php.net/fopen)
6. PHP looks at the scheme (hhtps) and handles the open

So, I _think_ this comes down to the same behaviour that you would get
from fopen directly from PHP.

So, does
fopen('https://URL/WS.wsdl');
work?

Matthew

[Silvano Girardi Jr]

On Thu, Nov 20, 2008 at 4:36 PM, Matthew Peters
<matthew....@googlemail.com> wrote:
>
> The way I _think_ this works (though it is 2 years since I last looked
> at this bit of the code) is as follows:
> 1. the Soap_Proxy calls setWSDLTypes
> 2. setWSDLTypes calls the SDO_DAS_XML::create (as shown in the message
> below)
> 3. the SDO_DAS_XML code calls the Tuscany SDO code passing the URL
> 4. The Tuscany SDO code calls fopen() or something similar
> 5. This is picked up by the PHP file wrapper (see e.g. http://uk3.php.net/fopen)
> 6. PHP looks at the scheme (hhtps) and handles the open
>
> So, I _think_ this comes down to the same behaviour that you would get
> from fopen directly from PHP.
>
> So, does
> fopen('https://URL/WS.wsdl');
> work?

Nope.

"failed to open stream: HTTP request failed! HTTP/1.1 403 Forbidden"

Because it requires the certificate as well.

Silvano

[Matthew Peters]

OK so that's useful information and makes sense. How would you go
about connecting to an https URL from PHP? I have never tried it. Is
there a way to give the userid and password to the file wrapper?

Matthew

[Caroline Maynard]

Matthew Peters wrote:
> OK so that's useful information and makes sense. How would you go
> about connecting to an https URL from PHP? I have never tried it. Is
> there a way to give the userid and password to the file wrapper?

I've forgotten a lot of what I knew about this too, but Matthew's
approach of getting the connection working first without SCA is a good
one. The first obvious question is do you have OpenSSL compiled in?

[Silvano Girardi Jr]

On Sun, Nov 23, 2008 at 6:49 PM, Matthew Peters
<matthew....@googlemail.com> wrote:
>
> OK so that's useful information and makes sense. How would you go
> about connecting to an https URL from PHP? I have never tried it. Is
> there a way to give the userid and password to the file wrapper?
>
> Matthew

For this specific case I need to get it via cURL, where I can specify the cert:

curl_setopt($res_curl, CURLOPT_SSL_VERIFYPEER, 1);
curl_setopt($res_curl, CURLOPT_SSLCERT, "/path/to/cert.crt");

or, like I resolved, using the SoapClient, but it was a pain to
convert all XSD types into classes. I'd love to be able to use SCA_SDO
with cases like these, so count on me to try to get this thing working
with SCA.

I wonder if there is any way to specify the certificate to PHP
somewhere else, so it would work with fopen() as well.

Silvano

[Silvano Girardi Jr]

Yes, I do :)

Silvano

> >
>

[Matthew Peters]

I wonder too. I suggest one of us put a question on one of the PHP
mailing lists, or maybe on the page to do with fopen(). Are you happy
to do that, Silvano?

Matthew

[Silvano Girardi Jr]

On Tue, Nov 25, 2008 at 7:58 AM, Matthew Peters
<matthew....@googlemail.com> wrote:
>
> I wonder too. I suggest one of us put a question on one of the PHP
> mailing lists, or maybe on the page to do with fopen(). Are you happy
> to do that, Silvano?

Yes. I will talk to the core developers directly.

I will let you know.

Silvano

[Rob]

On 25 Nov, 04:47, "Silvano Girardi Jr" <silvan...@gmail.com> wrote:
> On Tue, Nov 25, 2008 at 7:58 AM, Matthew Peters
>

> <matthew.f.pet...@googlemail.com> wrote:
>
> > I wonder too. I suggest one of us put a question on one of the PHP
> > mailing lists, or maybe on the page to do with fopen(). Are you happy
> > to do that, Silvano?
>
> Yes. I will talk to the core developers directly.
>
> I will let you know.
>
> Silvano
>
> > On Nov 24, 3:40 pm, "Silvano Girardi Jr" <silvan...@gmail.com> wrote:
>
> >> I wonder if there is any way to specify the certificate to PHP
> >> somewhere else, so it would work with fopen() as well.

Hey all, while not all that active around here, I still lurk and try
to follow whats going on around here :)

Have you tried creating a stream context and setting the SSL options
there?
not only can this be passed to fopen, but it should also work if you
set it as the default stream context as well.

Rob