Not getting correct header format for signed request message

[Rudolf Nones]

Hi!

I am realizing a soap client in php which connects to a java server. I got some sample files and documentation on how to realize that from the company that has the server. Also they told me it just will work in java. :-)

Therefore I found your classes and think, that I can do it with them. But I do not get exactly the same output as the exmaple request looks like.

The example looks like that:

<?xml version="1.0" encoding="UTF-8"?>

<SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/">

<SOAP-ENV:Header>

<wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" SOAP-ENV:mustUnderstand="1">

<wsse:BinarySecurityToken xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
EncodingType="http://docs.oasisopen.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary"

ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-tokenprofile-1.0#X509v3"
wsu:Id="XWSSGID-1228983064922-2083150424">

Tokenvalue comes here (encoded client certificate)

</wsse:BinarySecurityToken>

<ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">

<ds:SignedInfo>

<ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xmlexc-c14n#"/>

<ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsasha1"/>
<ds:Reference URI="#XWSSGID-1228983066435886564840">

<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<ds:DigestValue>...Digest Value comes here...</ds:DigestValue>

</ds:Reference>

<ds:Reference URI="#XWSSGID-1228983066435569450084">

<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<ds:DigestValue>...Digest Value comes here...</ds:DigestValue>

</ds:Reference>

</ds:SignedInfo>

<ds:SignatureValue>

... Signature Value comes here
(encoded from request message and timestamp?)

</ds:SignatureValue>

<ds:KeyInfo>

<wsse:SecurityTokenReference xmlns:wsu="http://docs.oasisopen.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
wsu:Id="XWSSGID-1228983066104-1256849878">

<wsse:Reference URI="#XWSSGID-1228983064922-2083150424"
ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wssx509-token-profile-1.0#X509v3"/>
</wsse:SecurityTokenReference>

</ds:KeyInfo>

</ds:Signature>

<wsu:Timestamp xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss- wssecurity-utility-1.0.xsd" wsu:Id="XWSSGID-1228983066435569450084">

<wsu:Created>2008-12-11T08:11:05.674Z</wsu:Created>
<wsu:Expires>2008-12-11T08:11:10.674Z</wsu:Expires>

</wsu:Timestamp>

</wsse:Security>

</SOAP-ENV:Header>

<SOAP-ENV:Body xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurityutility-1.0.xsd" wsu:Id="XWSSGID-1228983066435886564840">

<rqn:Requestname xmlns:rqn="http://......">

...payload comes here...

</rqn:Requestname>

</SOAP-ENV:Body>

</SOAP-ENV:Envelope>

Do you have any hints for me on how that can be done?

If there are any code changes necessary, of course we can talk about the estimated work and how we can deal with that.

Hope you can help me...thanks a lot in advance!

R. Nones

[Simson Parlindungan]

Hi,

This library does create the security header for the request

it took me also several days to make it works.

Regards,

here some example:

<?php

define('PRIVATE_KEY', '/home/mso/ssl/united.key');

define('CERT_FILE', '/home/mso/ssl/united.pem');

define('LOCAL_CRT', '/home/mso/ssl/localcert.pem');

require __DIR__ . '/vendor/autoload.php';

use RobRichards\WsePhp\WSASoap;

use RobRichards\WsePhp\WSSESoap;

use RobRichards\XMLSecLibs\XMLSecurityKey;

class MySoap extends SoapClient

{

    public function __doRequest($request, $location, $saction, $version)

    {

        $dom = new DOMDocument();

        $dom->loadXML($request);

        $objWSA = new WSASoap($dom);

        $objWSA->addAction($saction);

        $objWSA->addTo($location);

        $objWSA->addMessageID();

        $objWSA->addReplyTo();

        $dom                     = $objWSA->getDoc();

        $objWSSE                 = new WSSESoap($dom);

        /* Sign all headers to include signing the WS-Addressing headers */

        $objWSSE->signAllHeaders = true;

        $objWSSE->addTimestamp();

        /* create new XMLSec Key using RSA SHA-1 and type is private key */

        $objKey = new XMLSecurityKey(XMLSecurityKey::RSA_SHA1, array(

            'type' => 'private'

        ));

        /* load the private key from file - last arg is bool if key in file (true) or is string (FALSE) */

        $objKey->loadKey(PRIVATE_KEY, true);

        /* Sign the message - also signs appropraite WS-Security items */

        $objWSSE->signSoapDoc($objKey);

        /* Add certificate (BinarySecurityToken) to the message and attach pointer to Signature */

        $token = $objWSSE->addBinaryToken(file_get_contents(CERT_FILE));

        $objWSSE->attachTokentoSig($token);

        $request = $objWSSE->saveXML();

        /* Uncomment here if you wish to write your xml request to a file)

        $filename = time() . '.xml';

        sleep(2);

        writetoFile($request, $filename);

        */

        return parent::__doRequest($request, $location, $saction, $version);

    }

}

$sc = new MySoap($wsdl, array(

    'trace' => 1,

    'local_cert' => LOCAL_CRT

));

 $data  = array('data1' => 'value2);

 $out = $sc->Requestname($data);

this will generate signature and token value together with all wsse-security value.

hope this help you to start.

[Rudolf Nones]

Hi!

This made a real big step into the right direction - a real big thank you for that example.

Regards, Rudi

[Simson Parlindungan]

Glad that it can help you.

[Rudolf Nones]

Hi!

Below you may find my actual script. 2 days before everything went well, actually I am not able anymore to load the wsdl-file correctly.

I tried the following:

- From server where the file originally is located (worked once)

- locally from server where script is located

- as string in variable

Error: SoapFault exception: [WSDL] SOAP-ERROR: Parsing WSDL: Couldn't load from '...xml string...'

Error when I tried using an url: SoapFault exception: [WSDL] SOAP-ERROR: Parsing WSDL: Couldn't load from 'https://....wsdl' : failed to load external entity 

The wsdl is reachable via browser and can be opened via get_file_contents.

My code looks like that:

<?php

include __DIR__ . "/src/WSASoap.php";
include __DIR__ . "/src/WSSESoap.php";
include __DIR__ . "/src/xmlseclibs.php";

$privateKey = __DIR__ . "/keystore/my.key";
$myCert = __DIR__ . "/keystore/my_cert.cert";
$serverCert = __DIR__ . "/keystore/cacert.cert";

define('PRIVATE_KEY', $privateKey);
define('CERT_FILE', $myCert);


class MySoap extends SoapClient

{

    public function __doRequest($request, $location, $saction, $version, $one_way = NULL)

    {
       
        $dom = new DOMDocument();

        $dom->loadXML($request);

        $objWSA = new WSASoap($dom);

        $objWSA->addAction($saction);

        $objWSA->addTo($location);

        $objWSA->addMessageID();

        $objWSA->addReplyTo();

        $dom_x = $objWSA->getDoc();

        $objWSSE = new WSSESoap($dom_x);

        /* Sign all headers to include signing the WS-Addressing headers */

        $objWSSE->signAllHeaders = false;

        $objWSSE->addTimestamp();

        /* create new XMLSec Key using RSA SHA-1 and type is private key */

        $objKey = new XMLSecurityKey(XMLSecurityKey::RSA_SHA1, array(

            'type' => 'private'

        ));

        /* load the private key from file - last arg is bool if key in file (true) or is string (FALSE) */

        $objKey->loadKey(PRIVATE_KEY, true);

        /* Sign the message - also signs appropraite WS-Security items */

        $objWSSE->signSoapDoc($objKey);

        /* Add certificate (BinarySecurityToken) to the message and attach pointer to Signature */

        $token = $objWSSE->addBinaryToken(file_get_contents(CERT_FILE), false);

        $objWSSE->attachTokentoSig($token);

        $request = $objWSSE->saveXML();

     

        /* Write response to a file */

        $filename = 'test_' . time() . '.xml';

        sleep(2);

        file_put_contents($filename, $request);

       

        //return parent::__doRequest($request, $location, $saction, $version);

    }

}

$wsdl = "https://path_to_wsdl_file.wsdl";
   
$soap = new MySoap($wsdl, array(
   
    'trace' => 1,
    'local_cert' => $serverCert
   
));


/* build payload */

 $data = array(
     
                'xyz'        => "123456789",
                'abc'        => "false"                  
    );


/* call method */


$out = $soap->mehtodname($data);


print_r($out);

Actually I think I've tried everything I found to solve that. The most mysterious thing is, that it worked some days ago.

Hopefully you have an idea how I can solve that.

Thank you in advance!

[Simson Parlindungan]

try to download the wsdl to your local file

normally it has http binding files

--
You received this message because you are subscribed to the Google Groups "wse-php" group.
To unsubscribe from this group and stop receiving emails from it, send an email to wse-php+u...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/wse-php/41f2f9d4-730c-46ef-a891-ed8007e2d6fb%40googlegroups.com.

[Rudolf Nones]

Why ever that works now - it did not until now.

Ok, the xml is written into file, if I do the request , the following error occurs.

PHP Fatal error:  Uncaught SoapFault exception: [HTTP] Could not connect to host in /...../test/soap/test3.php(79): SoapClient->__doRequest('<?xml version="...', 'https://...', '', 1)

#1 [internal function]: MySoap->__doRequest('<?xml version="...', 'https://...', '', 1, 0)

#2 /.../test/soap/test3.php(115): SoapClient->__call('Methodname', Array)

#3 {main}

thrown in /.../test/soap/test3.php on line 79

The guys from the server said, that this must be a problem of my server. an idea was, that my server cannot deal with their ssl certificate. But how can I tell my server how to deal with that...

But I thin we are getting closer :-)