MCEDT EBS
318 views
Skip to first unread message
aberdatsoul
May 5, 2015, 7:23:20 PM5/5/15
to wse...@googlegroups.com
Has anyone used this package to interact with the Medical Claims Electronic Data Transfer (MCEDT) via Electronic Business Services (EBS); http://www.health.gov.on.ca/en/pro/publications/ohip/docs/techspec_mcedt_ebs.pdf.
I have been trying to figure out how to get all this working, and I created a self-signed certificate in wamp via:
openssl genrsa -out server.key 4096
openssl req -new -x509 -nodes -sha1 -days 365 -key server.key -out server.crt
I then modified one of the examples that came with this package to create the request the documentation is looking for:
But the service replies with a fault: Authorization failed; contact your technical support or software vendor.
I contact the Ministry of Health and they said it is a problem with the certificate.
The documentation seems to suggest I send my Public Key in the request so they can encrypt the response. I was also provided a 3 .pem files, along with the WSDL I reference, one of which I use as the CERT_FILE. I tried changing some code so I use the Public Key I generated:
...but I get the following errors:
Warning: openssl_sign(): supplied key param is a public key in ...\wse-php-master\xmlseclibs.php on line 453
Warning: openssl_sign(): supplied key param cannot be coerced into a private key in ...\wse-php-master\xmlseclibs.php on line 453
** My question is has anyone implemented a solution for MCEDT EBS using this package, and if so what am I doing wrong in terms of the request signing/securing and/or creating the cert?
Thanks!!
I have been trying to figure out how to get all this working, and I created a self-signed certificate in wamp via:
openssl genrsa -out server.key 4096
openssl req -new -x509 -nodes -sha1 -days 365 -key server.key -out server.crt
I then modified one of the examples that came with this package to create the request the documentation is looking for:
class mySoap extends SoapClient {
private $_username;
private $_password;
private $_digest;
function addUserToken($username, $password, $digest = false) {
$this->_username = $username;
$this->_password = $password;
$this->_digest = $digest;
}
function __doRequest($request, $location, $saction, $version, $one_way = null) {
$doc = new DOMDocument('1.0');
$doc->loadXML($request);
$doc->createAttributeNS('http://msa.ebs.health.ontario.ca/', 'msa:MSA');
$objWSSE = new WSSESoap($doc);
/* Sign all headers to include signing the WS-Addressing headers */
$objWSSE->signAllHeaders = TRUE;
/* add Timestamp with no expiration timestamp */
$objWSSE->addTimestamp();
$objWSSE->addUserToken($this->_username, $this->_password, $this->_digest);
/* create new XMLSec Key using AES256_CBC and type is private key */
$objKey = new XMLSecurityKey(XMLSecurityKey::RSA_SHA1, array('type' => 'private'));
/* load the private key from file - last arg is bool if key in file (TRUE) or is string (FALSE) */
$objKey->loadKey(PRIVATE_KEY, true);
/* Sign the message - also signs appropiate WS-Security items */
$options = array("insertBefore" => FALSE);
$objWSSE->signSoapDoc($objKey, $options);
/* Add certificate (BinarySecurityToken) to the message */
$token = $objWSSE->addBinaryToken(file_get_contents(CERT_FILE));
/* Attach pointer to Signature */
$objWSSE->attachTokentoSig($token);
$xml = $objWSSE->saveXML();
$retVal = parent::__doRequest($xml, $location, $saction, $version, $one_way);
$doc = new DOMDocument('1.0');
$doc->loadXML($retVal);
$options = array("keys" => array("private" => array("key" => PRIVATE_KEY, "isFile" => TRUE, "isCert" => FALSE)));
$objWSSE->decryptSoapDoc($doc, $options);
return $doc->saveXML();
}
}But the service replies with a fault: Authorization failed; contact your technical support or software vendor.
I contact the Ministry of Health and they said it is a problem with the certificate.
The documentation seems to suggest I send my Public Key in the request so they can encrypt the response. I was also provided a 3 .pem files, along with the WSDL I reference, one of which I use as the CERT_FILE. I tried changing some code so I use the Public Key I generated:
$objKey = new XMLSecurityKey(XMLSecurityKey::RSA_SHA1, array('type' => 'public'));
$objKey->loadKey(PUBLIC_KEY, true, true);...but I get the following errors:
Warning: openssl_sign(): supplied key param is a public key in ...\wse-php-master\xmlseclibs.php on line 453
Warning: openssl_sign(): supplied key param cannot be coerced into a private key in ...\wse-php-master\xmlseclibs.php on line 453
** My question is has anyone implemented a solution for MCEDT EBS using this package, and if so what am I doing wrong in terms of the request signing/securing and/or creating the cert?
Thanks!!
Rob
May 20, 2015, 12:18:06 PM5/20/15
to wse...@googlegroups.com, brett...@gmail.com
The private key is used to sign the document. By including your public key, they most likely mean to attach it to the request which is done via these lines:
/* Add certificate (BinarySecurityToken) to the message */
$token = $objWSSE->addBinaryToken(file_get_contents(CERT_FILE));
/* Attach pointer to Signature */
$objWSSE->attachTokentoSig($token);
$token = $objWSSE->addBinaryToken(file_get_contents(CERT_FILE));
/* Attach pointer to Signature */
$objWSSE->attachTokentoSig($token);
What are the pem files they sent you? I assume those are your keys to use for authentication and maybe their public key as well?
aberdatsoul
May 27, 2015, 10:50:08 AM5/27/15
to wse...@googlegroups.com, brett...@gmail.com
They sent me 3:
Entrust L1C Chain Certificate.arm
Entrust.netCertificationAuthority(2048).arm
go-pki_cacert.arm
But I still need to create the proper self-signed certificate to send with the request, I am just unsure as to the absolute correct command to use to generate it. Something along the lines of: https://msdn.microsoft.com/en-us/library/ff650751.aspx
However, I am not even sure if the integration to MC EDT EBS is even possible via PHP (there are examples online using C#). Have you or anyone else created this integration using PHP? If so, providing the commands to make the correct self-signed cert may be a giant leap forward.
Entrust L1C Chain Certificate.arm
Entrust.netCertificationAuthority(2048).arm
go-pki_cacert.arm
But I still need to create the proper self-signed certificate to send with the request, I am just unsure as to the absolute correct command to use to generate it. Something along the lines of: https://msdn.microsoft.com/en-us/library/ff650751.aspx
However, I am not even sure if the integration to MC EDT EBS is even possible via PHP (there are examples online using C#). Have you or anyone else created this integration using PHP? If so, providing the commands to make the correct self-signed cert may be a giant leap forward.
aberdatsoul
Jun 3, 2015, 3:53:02 PM6/3/15
to wse...@googlegroups.com
Here are the commands I currently use to create the self-signed cert via openssl:
set OPENSSL_CONF=c:/wamp/bin/apache/apache2.4.9/conf/openssl.cnf
Generate private key:
openssl genrsa -out mcedt.pem 2048
Generate CSR: (In the "Common Name" set the domain of your service provider app)
openssl req -new -key mcedt.pem -out mcedt.csr
Generate Self Signed Cert
openssl x509 -req -days 365 -in mcedt.csr -signkey mcedt.pem -out mcedt.crt
I also tried with a 4096bit version but that didn't work either: openssl genrsa -out mcedt.pem 4096
I have also made attempts to create the certs via makecert, but the end result didn't seem to differ from the openssl method.
Once those certs are created, I use the mcedt.crt as the PUBLIC_KEY and mcedt.pem ad the PRIVATE_KEY within __doRequest:
set OPENSSL_CONF=c:/wamp/bin/apache/apache2.4.9/conf/openssl.cnf
Generate private key:
openssl genrsa -out mcedt.pem 2048
Generate CSR: (In the "Common Name" set the domain of your service provider app)
openssl req -new -key mcedt.pem -out mcedt.csr
Generate Self Signed Cert
openssl x509 -req -days 365 -in mcedt.csr -signkey mcedt.pem -out mcedt.crt
I also tried with a 4096bit version but that didn't work either: openssl genrsa -out mcedt.pem 4096
I have also made attempts to create the certs via makecert, but the end result didn't seem to differ from the openssl method.
Once those certs are created, I use the mcedt.crt as the PUBLIC_KEY and mcedt.pem ad the PRIVATE_KEY within __doRequest:
$objKey = new XMLSecurityKey(XMLSecurityKey::RSA_SHA1, array('type' => 'private'));
$objKey->loadKey(PRIVATE_KEY, true);
$options = array("insertBefore" => FALSE);
$objWSSE->signSoapDoc($objKey, $options);
$token = $objWSSE->addBinaryToken(file_get_contents(PUBLIC_KEY));
Code examples above can be seen in context by looking at my first post within this thread and changing CERT_FILE to PUBLIC_KEY.
Thanks!
Rob
Jun 15, 2015, 9:08:22 AM6/15/15
to wse...@googlegroups.com, brett...@gmail.com
I don't think you are going to be able to use this library unless you are doing very basic things. According to the document link, it requires the use of MTOM to transport documents which this library does not support.
Vinoth Kumar
Feb 12, 2016, 6:17:03 AM2/12/16
to wse-php
Got result getTypeList by this library. Just change $sc = new mySoap(https://ws.conf.ebs.health.gov.on.ca:1441/EDTService/EDTService?wsdl,array("trace" => 1,"exceptions" => 1,"connection_timeout"=>2000,"location"=>"https://ws.conf.ebs.health.gov.on.ca:1441/EDTService/EDTService"));
Jonathan Davis
Feb 7, 2018, 7:44:47 AM2/7/18
to wse-php
Did you ever solve this problem?
Reply all
Reply to author
Forward
0 new messages