soap-sign-encrypt example
357 views
Skip to first unread message
magnusc...@gmail.com
Apr 3, 2015, 1:03:03 PM4/3/15
to wse...@googlegroups.com
hi all...
i was looking into the soap-sign-encrypt.php example. in the setup section on top there are 3 lines like this:
define('PRIVATE_KEY', 'priv_key.pem');
define('CERT_FILE', 'pub_key.pem');
define('SERVICE_CERT', 'sitekey_pub.cer');
i think i get the first 2. the PRIVATE_KEY and the CERT_FILE - which i think is the signed cert i got back from the other side after sending them my scr.
not sure which one the SERVICE_CERT is....
also in that same file there is a call to $sc->callmethod(1) - my guess is that is __doRequest from the mySoap class. if that is correct where are the attributes ($request, $location, $saction, $version) coming from?
thanks.
Rob Richards
Apr 3, 2015, 1:26:44 PM4/3/15
to wse...@googlegroups.com
The SERVICE_CERT is the public key of the recipient. This is needed
to encrypt the data which then can only be decrypted by the
recipient.
Those attributes come from the base SoapClient class:
http://php.net/manual/en/class.soapclient.php
Rob
Those attributes come from the base SoapClient class:
http://php.net/manual/en/class.soapclient.php
Rob
ad...@tpgny.com
Apr 7, 2015, 9:37:12 AM4/7/15
to wse...@googlegroups.com
thank you for the reply...
so if i understand the code in soap-sign-encrypt.php correctly then this part:
wsdl = <wsdl location>;
$sc = new mySoap($wsdl);
try {
$out = $sc->callmethod(1);
var_dump($out);
} catch (SoapFault $fault) {
var_dump($fault);
}
i can replace with:
$cert = '/path/to/ssl/cert.pem';
$wsdl = 'https://endpoint.com/Service.asmx?WSDL';
$client_options = array( 'trace' => TRUE ,'exceptions' => TRUE ,'cache_wsdl' => WSDL_CACHE_NONE ,'local_cert' => $cert );
$param = array( "wsdl_paramter" => "value");
$sc = new mySoap($wsdl, $client_options);
try {
$out = $sc->wsdlFunctionToCall($param);
var_dump($out);
} catch (SoapFault $fault) {
var_dump($fault);
}
and this should be it, correct?
thanks...
Rob Richards
Apr 7, 2015, 9:44:12 AM4/7/15
to wse...@googlegroups.com
It all depends upon what you are trying to do.
Using that code will use to cert to authenticate with the server via TLS. Has nothing to do with WS-Security functionality.
When using the constants:
Using that code will use to cert to authenticate with the server via TLS. Has nothing to do with WS-Security functionality.
When using the constants:
define('PRIVATE_KEY', 'priv_key.pem');
define('CERT_FILE', 'pub_key.pem');
define('SERVICE_CERT', 'sitekey_pub.cer');
PRIVATE_KEY is used to sign the SOAP message
CERT_FILE is used to attach to the SOAP message so the receiver can access it quickly. It is up to the receiver to validate your public key or even discard it and use whatever they consider the source of truth for it is.
SERVICE_CERT is used if you want to encrypt parts of the SOAP message. This is the receiver's public key as PKI is asymmetrical so only the private key can decrypt content encrypted with public key and vice-versa
Rob
CERT_FILE is used to attach to the SOAP message so the receiver can access it quickly. It is up to the receiver to validate your public key or even discard it and use whatever they consider the source of truth for it is.
SERVICE_CERT is used if you want to encrypt parts of the SOAP message. This is the receiver's public key as PKI is asymmetrical so only the private key can decrypt content encrypted with public key and vice-versa
Rob
Reply all
Reply to author
Forward
0 new messages