PHP + SHA256 + cert + headache

[JavierC]

Hello,

I need to sign a XML document.

This is XML structure:

<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:smk="http://****.es" xmlns:oper="http://****.es/OperationCode" xmlns:typ="http:/***.es/Types">

   <soapenv:Header/>

   <soapenv:Body>

      <smk:operationCode>

         <oper:operationCodeRequest>

            <typ:Id>?</typ:Id>

            <typ:Date>?</typ:Date>

            <typ:Code>?</typ:Code>

            <oper:Val>?</oper:Val>

         </oper:operationCodeRequest>

      </smk:operationCode>

   </soapenv:Body>

</soapenv:Envelope>

And this is XML I need:

<soapenv:Envelope xmlns:oper="http://***.es/OperationStatus" xmlns:smk="http://***.es" 

xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:typ="http://***.es/Types">

   <soapenv:Header>   <wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">

   <wsse:BinarySecurityToken EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3" wsu:Id="X509-194D65A85DD46269DF..">MII...znqx</wsse:BinarySecurityToken>

   <ds:Signature Id="SIG-194D65A85DD46269DF..." xmlns:ds="http://www.w3.org/2000/09/xmldsig#">

   <ds:SignedInfo>

   <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">

    <ec:InclusiveNamespaces PrefixList="oper smk soapenv typ" xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#"/>

   </ds:CanonicalizationMethod>

   <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>

   <ds:Reference URI="#id-194D65A85DD46269DF1..">

    <ds:Transforms>

    <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">

      <ec:InclusiveNamespaces PrefixList="oper smk typ" xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#"/>

    </ds:Transform>

    </ds:Transforms>

    <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>

    <ds:DigestValue>rmJDCesz4UZvAM6auZ1S...v4=</ds:DigestValue>

   </ds:Reference>

   </ds:SignedInfo>

   <ds:SignatureValue>wtd...uA==</ds:SignatureValue>

<ds:KeyInfo Id="KI-194D65A85DD46269DF...">

 <wsse:SecurityTokenReference wsu:Id="STR-194D65A85DD46269DF...">

  <wsse:Reference URI="#X509-194D65A85DD46269DF.." ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3"/>

 </wsse:SecurityTokenReference>

 </ds:KeyInfo>

 </ds:Signature>

 </wsse:Security>

 </soapenv:Header>

   <soapenv:Body wsu:Id="id-194D65A85DD46269DF154659593688649" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">

      <smk:operationCode>

         <oper:operationCodeRequest>

            <typ:Id>?</typ:Id>

            <typ:Date>?</typ:Date>

            <typ:Code>?</typ:Code>

            <oper:Val>?</oper:Val>

         </oper:operationCodeRequest>

      </smk:operationCode>

   </soapenv:Body>

</soapenv:Envelope>

Anybody can helpme? How to start? Thanks

[Rob]

Take a look at the soap-wsa-example.php.

You need to pass the option $options['algorithm'] = XMLSecurityDSig::SHA256 to the signSoapDoc() method

Rob

$options['algorithm'] = XMLSecurityDSig::SHA256