How to use wse-php library to connect to secured webservices via SOAP

Question

I have a script that is supposed to connect to webservice using WS-Security. Currently - in my script, I built a soap XML and sent it to the webservice endpoint but I'm getting an xml response saying "Client Internal Error".

Here's the code that I'm using:

<?php
function sendXMLRequest($url, $params)
{
    $ch = curl_init();
    curl_setopt($ch, CURLOPT_HTTPHEADER, Array("Content-Type: application/soap+xml"));
    curl_setopt($ch, CURLOPT_URL, $url);
    curl_setopt($ch, CURLOPT_POST, 1);
    curl_setopt($ch, CURLOPT_POSTFIELDS, $params);
    curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
    curl_setopt ($ch, CURLOPT_SSL_VERIFYPEER, FALSE);
    ob_start();
    $response = curl_exec($ch);
    $info = curl_getinfo($ch);
    if ($response === false || $info['http_code'] != 200) {
      $output = "No cURL data returned for $url [". $info['http_code']. "]";
      if (curl_error($ch))
        $output .= "\n". curl_error($ch);
      $response .= $output;
     }
    ob_end_clean();
    curl_close($ch);    
    return $response;
}
/* $currentTime = time();
$timestamp = gmdate('Y-m-d\TH:i:s', $currentTime).'Z';
$nonce = mt_rand();
$non = base64_encode(pack('H*',$nonce)); */
$username = 'derek';
$password = 'Momentum1';
$wsdl = "http://localhost/test/wsdl-src/CRMLeadService.wsdl";
$momurl = "https://integrationdev.momentum.co.za/sales/CRMService/CRMLeadService_v1_0/";

echo("Post to URL: {$momurl}\n");

$xml = '<?xml version="1.0" encoding="utf-8"?>';
$xml .= '<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:v1="http://www.momentum.co.za/crm/service/application/CRMLeadService/v1.0" xmlns:v11="http://www.momentum.co.za/crm/service/type/application/Lead/v1.0" xmlns:v12="http://www.momentum.co.za/crm/service/type/TitleType/v1.0" xmlns:v13="http://www.momentum.co.za/crm/service/type/LanguageType/v1.0" xmlns:v14="http://www.momentum.co.za/crm/service/type/PreferredContactMethodType/v1.0" xmlns:v15="http://www.momentum.co.za/crm/service/type/CampaignType/v1.0" xmlns:v16="http://www.momentum.co.za/crm/service/type/ProductCategoryType/v1.0">';
$xml .= '<soapenv:Header>';
$xml .= '<wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">';
$xml .= '<wsse:UsernameToken wsu:Id="UsernameToken-45">';
$xml .= '<wsse:Username>'.$username.'</wsse:Username>';
$xml .= '<wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">'.$password.'</wsse:Password>';
$xml .= '</wsse:UsernameToken>';
$xml .= '</wsse:Security>';
$xml .= '</soapenv:Header>';
$xml .= '<soapenv:Body>';
$xml .= '<v1:CreateLeadRequest>';
$xml .= '<createLead>';
$xml .= '<v11:LeadSourceId>23627e70-a29e-e211-b8a8-005056b81ebe</v11:LeadSourceId>';
$xml .= '<v11:AffiliateLeadReference>852800020</v11:AffiliateLeadReference>';
$xml .= '<v11:Title>';
$xml .= '<v12:Code>852800018</v12:Code>';
$xml .= '</v11:Title>';
$xml .= '<v11:Initials>MD</v11:Initials>';
$xml .= '<v11:PreferredName>Marius</v11:PreferredName>';
$xml .= '<v11:FirstName>Marius</v11:FirstName>';
$xml .= '<v11:LastName>Drew</v11:LastName>';
$xml .= '<v11:PreferredCorrespondenceLanguage>';
$xml .= '<v13:Code>852800001</v13:Code>';
$xml .= '</v11:PreferredCorrespondenceLanguage>';
$xml .= '<v11:PreferredCommunicationMethod>';
$xml .= '<v14:Code>852800000</v14:Code>';
$xml .= '</v11:PreferredCommunicationMethod>';
$xml .= '<v11:Campaign>';
$xml .= '<v15:Code>95D9042A-440E-E311-A5EB-005056B81EA5</v15:Code>';
$xml .= '</v11:Campaign>';
$xml .= '<v11:HomePhoneNumber>0723621762</v11:HomePhoneNumber>';
$xml .= '<v11:BusinessPhoneNumber>0723621762</v11:BusinessPhoneNumber>';
$xml .= '<v11:MobilePhoneNumber>0723621762</v11:MobilePhoneNumber>';
$xml .= '<v11:EmailAddress>mdrew@gmail.com</v11:EmailAddress>';
$xml .= '<v11:Notes>IMU</v11:Notes><v11:ProductCategories>';
$xml .= '<v16:Code>d000083d-229c-e211-b8a8-005056b81ebe</v16:Code>';
$xml .= '</v11:ProductCategories>';
$xml .= '</createLead>';
$xml .= '</v1:CreateLeadRequest>';
$xml .= '</soapenv:Body>';
$xml .= '</soapenv:Envelope>';

echo $resp = sendXMLRequest($momurl, $xml);
?>

When I was searching on the internet, I found this library called wse-php and I think I could definitely use this. The problem is, I don't know hoe to use it. There's not much information given on how to use it. Maybe someone here have already used this... please help. Thanks.

PS: Here's the link to the WSDL and XSD files if you need them:

http://sdrv.ms/16KC8o4

Answer 1

You need this:

https://gist.github.com/Turin86/5569152

It modifies the SoapHeader class build into PHP to support WS-Security, including PasswordType (if not digest). This is the code I used to make it work:

//include the soap class before this call

$wsdl = "wsdl";
$momurl = "location";

//Perform Request
$username = '***';
$password = '***';
$client = new WSSoapClient($wsdl, array('location' => $momurl));
$client->__setUsernameToken($username,$password,'PasswordText');
$client->__setSoapHeaders($header);

try { 
    $result = $client-> //make soap call
} catch (Exception $e) { 
    $msgs = $e->getMessage();
    echo "Error: $msgs"; 
} 

If you need anything further, let me know.

Answer 2

Below is from PHP documentation you can try, if it works, please give credit to author (bhargav dot khatana at gmail dot com)... I placed this here as I am not sure if it will work, and I do not want to paste this on the comment, and there is no link directly to the code... and it is 3 years old.

Step1: Create two classes to create a structure for WSSE headers

<?php 
class clsWSSEAuth { 
          private $Username; 
          private $Password;  
        function __construct($username, $password) { 
                 $this->Username=$username; 
                 $this->Password=$password; 
              } 
} 

class clsWSSEToken { 
        private $UsernameToken; 
        function __construct ($innerVal){ 
            $this->UsernameToken = $innerVal; 
        } 
} 
?> 

Step2: Create Soap Variables for UserName and Password 

<?php 
$username = 1111; 
$password = 1111; 

//Check with your provider which security name-space they are using. 
$strWSSENS = "http://schemas.xmlsoap.org/ws/2002/07/secext"; 

$objSoapVarUser = new SoapVar($username, XSD_STRING, NULL, $strWSSENS, NULL, $strWSSENS); 
$objSoapVarPass = new SoapVar($password, XSD_STRING, NULL, $strWSSENS, NULL, $strWSSENS); 
?> 

Step3: Create Object for Auth Class and pass in soap var 

<?php 
$objWSSEAuth = new clsWSSEAuth($objSoapVarUser, $objSoapVarPass); 
?> 

Step4: Create SoapVar out of object of Auth class 

<?php 
$objSoapVarWSSEAuth = new SoapVar($objWSSEAuth, SOAP_ENC_OBJECT, NULL, $strWSSENS, 'UsernameToken', $strWSSENS); 
?> 

Step5: Create object for Token Class 

<?php 
$objWSSEToken = new clsWSSEToken($objSoapVarWSSEAuth); 
?> 

Step6: Create SoapVar out of object of Token class 

<?php 
$objSoapVarWSSEToken = new SoapVar($objWSSEToken, SOAP_ENC_OBJECT, NULL, $strWSSENS, 'UsernameToken', $strWSSENS); 
?> 

Step7: Create SoapVar for 'Security' node 

<?php 
$objSoapVarHeaderVal=new SoapVar($objSoapVarWSSEToken, SOAP_ENC_OBJECT, NULL, $strWSSENS, 'Security', $strWSSENS); 
?> 

Step8: Create header object out of security soapvar 

<?php 
$objSoapVarWSSEHeader = new SoapHeader($strWSSENS, 'Security', $objSoapVarHeaderVal,true, 'http://abce.com'); 

//Third parameter here makes 'mustUnderstand=1 
//Forth parameter generates 'actor="http://abce.com"' 
?> 

Step9: Create object of Soap Client 

<?php 
$objClient = new SoapClient($WSDL, $arrOptions); 
?> 

Step10: Set headers for soapclient object 

<?php 
$objClient->__setSoapHeaders(array($objSoapVarWSSEHeader)); 
?> 

Step 11: Final call to method 

<?php 
$objResponse = $objClient->__soapCall($strMethod, $requestPayloadString); 
?>