CODEWITHSUNDEEP
phpsoapopenssl
Linesofcode
Linesofcode

Reputation: 5891

PHP Soap fill header credentials

I'm connecting by Soap to a webservice and I need to fill the header credentials in order to login.

$user_id        = 'MyUserId';
$unique_key     = $this->getUniqueKey();
$base_password  = $this->getFieldBase('MyPassword', $uniqueKey);
$base_date      = $this->getFieldBase(gmdate('Y-m-d\TH:i:s\.00\Z'), $unique_key);
$nonce          = $this->getFieldNonce($unique_key, '.myPemFile.pem');

<wss:UsernameToken>
    <wss:Username>' . $user_id . '</wss:Username>
    <wss:Password>' . $base_password . '</wss:Password>
    <wss:Nonce>' . $nonce . '</wss:Nonce>
    <wss:Created>' . $base_date . '</wss:Created>
</wss:UsernameToken>

All values (except username) as to follow a structure.

enter image description here enter image description here enter image description here

I have this working for a 5.6 PHP project but now I need to adapt it to a PHP 7 project, and that means I can no longer use mcrypt_encrypt() because it's deprecated and therefore I need to use openssl_encrypt()

My current functions are:

private function getFieldBase($data, $key)
{
    $ivsize         = openssl_cipher_iv_length('AES-128-ECB');
    $iv             = openssl_random_pseudo_bytes($ivsize);
    $ciphertext     = openssl_encrypt($data, 'AES-128-ECB', $key, 0, $iv);  

    return trim(base64_encode($ciphertext));
}

private function getFieldNonce($data, $pbkey)
{
    openssl_public_encrypt($data, $crypttext, openssl_pkey_get_public(file_get_contents($pbkey)));

    return base64_encode($crypttext);
}

private function getUniqueKey() 
{
   return substr(md5(uniqid(microtime())), 0, 16);
}

The problem is that when connecting to the Webservice I receive the error:

Rejected: Error: The key session is invalid. It was not possible to decipher the field Created

Which tells me that my getFieldBase() function is wrong.

Upvotes: 1

Views: 265

Answers (1)

Linesofcode
Linesofcode

Reputation: 5891

Solved.

The parameter RAW_OUTPUT must be true within the function openssl_encrypt.

private function getFieldBase($data, $key)
{
    $ivsize     = openssl_cipher_iv_length('AES-128-ECB');
    $iv         = openssl_random_pseudo_bytes($ivsize);
    $ciphertext = openssl_encrypt($data, 'AES-128-ECB', $key, TRUE, $iv);   

    return base64_encode($ciphertext);
}

Upvotes: 1

Related Questions