Signature in header and message encryption.

[Jose Augusto Freire]

Hello everyone!

I have been trying to mount a soap file for sending to a client using the public and private certificate, having an addition of authentication in the custom header and encryption in the message.

I got to mount and go through the validations, but at the moment I'm encountering an error merging the signature of the header with the encryption, maybe it's some confusion on my part due to lack of knowledge, since I'm using two api to perform this process in XmlSecLibs And WsePhp.

Here's part of my code:

require_once '../vendor/autoload.php';

use RobRichards\XMLSecLibs\XMLSecurityDSig;

use RobRichards\XMLSecLibs\XMLSecurityKey;

use RobRichards\XMLSecLibs\XMLSecEnc;

use RobRichards\WsePhp\WSSESoap;

use RobRichards\WsePhp\WSASoap;

...

define('PRIVATE_KEY', $priKeyFile);

define('CERT_FILE', $pubKeyFile);

define('SERVICE_CERT', $CertPublico);

...

   $doc = new DOMDocument('1.0');

   

   $doc->load($arquivoXML);    

   $doc->encoding = 'utf-8';

   ## Create a new (private) Security key

   $objKeyPri = new XMLSecurityKey(XMLSecurityKey::RSA_SHA1, array('type'=>'private'));

   //$objKeyPri->passphrase = '<senha>';

   $objKeyPri->loadKey(PRIVATE_KEY, TRUE);

   ## Create a new Security object 

   $objDSig = new XMLSecurityDSig();

   

   ## Use the c14n exclusive canonicalization

   $objDSig->setCanonicalMethod(XMLSecurityDSig::EXC_C14N);

   

   ## Sign using SHA1

   $objDSig->addReference(

       $doc, 

       XMLSecurityDSig::SHA1, 

       array('http://www.w3.org/2000/09/xmldsig#enveloped-signature')

   );

   $objDSig->sign($objKeyPri);

   ## Add the associated public key to the signature

   $objDSig->add509Cert(file_get_contents(CERT_FILE));

   ## Append the signature to the XML

   $objDSig->appendSignature($doc->documentElement);

   ## WS-Security

   $objWSSE = new WSSESoap($doc);

   

   $objWSSE->addTimestamp();

   

$objWSSE->signAllHeaders = true;

   ## Sign the message - also signs appropriate WS-Security items 

   $options = array("insertBefore" => TRUE);

   $objWSSE->signSoapDoc($objKeyPri, $options);

   

   ## Add certificate (BinarySecurityToken) to the message

   $token = $objWSSE->addBinaryToken(file_get_contents(CERT_FILE));

   

   ## Attach pointer to Signature 

   $objWSSE->attachTokentoSig($token);

   

   $objKey = new XMLSecurityKey(XMLSecurityKey::AES128_CBC);

   $objKey->generateSessionKey();

   $siteKey = new XMLSecurityKey(XMLSecurityKey::RSA_1_5, array('type' => 'public'));

   $siteKey->loadKey(SERVICE_CERT, true, true);

   $options = array("KeyInfo" => array("X509SubjectKeyIdentifier" => true));

   $objWSSE->encryptSoapDoc($siteKey, $objKey, $options);

   $soapfile = $objWSSE->saveXML();

My return:

HTTP/1.0 200 Connection established

HTTP/1.1 100 Continue

X-Note: Gateway Ack

HTTP/1.1 500 Internal Server Error

Content-Type: text/xml

X-Backside-Transport: FAIL FAIL

Connection: close

<?xml version="1.0" encoding="UTF-8"?>

<env:Envelope xmlns:env="http://schemas.xmlsoap.org/soap/envelope/"><env:Body><env:Fault><faultcode>env:Client</faultcode><faultstring>*ASN.1 parse of certificate failed* (from client)</faultstring></env:Fault></env:Body></env:Envelope>

In the attachment follows the file that I generated.