Reputation: 124
I need to sign outgoing soap requests
I am trying to send signed soap requests but seem to be missing something.
I tried the wso2 library but that won't work on ubuntu 14.04 with php7.0
I then tried this one : https://github.com/LinioIT/wse-php but keep getting
ERR_025: Verification failure: No signature in the WS-Security message for the configured soap actor/role ""! in SoapClient->__call()
I tested this in soapUI and got it working but can't translate it to PHP
Here's my code:
<?php
$wsdl = "/***/GeefOnderneming.wsdl";
$cafile = "/var/www/src/cert/CA_cat_inv.pem";
$location = "https://***.be/GeefOndernemingDienst-02.00";
$uri = "http://***.be";
$local_cert = "/var/www/src/cert/cert_priv_pub.pem";
$soap = new SoapWsController($wsdl, [
'local_cert' => $local_cert,
'cafile' => $cafile,
'location' => $location,
'uri' => $uri,
'connection_timeout' => 10,
]);
$theResponse = $soap->geefOnderneming(
$payload
);
SoapWsController is extended from the default SoapClient: I am not sure wether the define's are correct, I've tried a lot of options
namespace Drupal\vlaio_dossiers\Controller;
use DOMDocument;
use SoapClient;
use XMLSecurity\WSSESoap;
use XMLSecurity\XMLSecurityKey;
define('PRIVATE_KEY', '/***/key_ecc_private.pem');
define('SERVICE_CERT', '/***/cert_priv_pub.pem');
define('CERT_FILE', '/***/certificate.pem');
class SoapWsController extends SoapClient {
public function __doRequest($request, $location, $saction, $version,$one_way = NULL)
{
$doc = new DOMDocument('1.0');
$doc->loadXML($request);
$objWSSE = new WSSESoap($doc);
/* add Timestamp with no expiration timestamp */
$objWSSE->addTimestamp();
/* create new XMLSec Key using AES256_CBC and type is private key */
$objKey = new XMLSecurityKey(XMLSecurityKey::RSA_SHA1, array('type' => 'private'));
/* load the private key from file - last arg is bool if key in file (true) or is string (false) */
$objKey->loadKey(PRIVATE_KEY, true);
/* Sign the message - also signs appropiate WS-Security items */
$options = array("insertBefore" => false);
$objWSSE->signSoapDoc($objKey, $options);
/* Add certificate (BinarySecurityToken) to the message */
$token = $objWSSE->addBinaryToken(file_get_contents(CERT_FILE));
/* Attach pointer to Signature */
$objWSSE->attachTokentoSig($token);
$objKey = new XMLSecurityKey(XMLSecurityKey::AES256_CBC);
$objKey->generateSessionKey();
$siteKey = new XMLSecurityKey(XMLSecurityKey::RSA_OAEP_MGF1P, array('type' => 'public'));
$siteKey->loadKey(SERVICE_CERT, true, true);
$options = array("KeyInfo" => array("X509SubjectKeyIdentifier" => true));
$objWSSE->encryptSoapDoc($siteKey, $objKey, $options);
$retVal = parent::__doRequest($objWSSE->saveXML(), $location, $saction, $version);
$doc = new DOMDocument();
$doc->loadXML($retVal);
$options = array("keys" => array("private" => array("key" => PRIVATE_KEY, "isFile" => true, "isCert" => false)));
$objWSSE->decryptSoapDoc($doc, $options);
return $doc->saveXML();
}
}
Upvotes: 1
Views: 1997
Answers (1)
Reputation: 36
I have a similar problem as yours. I finally solve it by using https://github.com/robrichards/xmlseclibs. Please ensure that you are using the latest version of xmlseclibs.
Upvotes: 0
Related Questions
- Trying to digitally sign SOAP call with x.509 certificate in PHP
- How to submit SOAP request with auth headers in PHP?
- How to sign SOAP message in php
- How can I implement WS-Security 1.0 in PHP5 using certificates?
- How to sign outgoing soap request without using wsf/php?
- Creating a SOAP header with PHP using SoapClient with security mode "TransportWithMessageCredential“
- How to authenticate non-wsdl soap in PHP
- How to set SOAP header on PHP to authenticate a web service?
- How can i sign soap headers in WCF client
- Sign SOAP using certificate (WSE)