I have gotten quite a few messages over the past month or so concerning implementing WSSE with ext/soap. Unfortunately I have had little to no time to write up anything on this or the other XML Security topics. If my time doesnt free up, you might have to wait until my presentation in Toronto. Until then here is some very basic, crude and unorganized code that should get anyone needing this functionality started.
XML Canonicaliztion functions C14N() and C14NFile() have been added to DOM for PHP 5.2. Until this is released, I wrote some functionality to perform basic exclusive canonical XML (So far it has worked fine with all the Soap services implemeting WSSE I have encountered as well as XML using XMLDSIG). When used within a system running PHP 5.2 it will use the functionality built into the DOM extension rather than the custom implementation.
Creation of WSU Timestamp/Created element within Security structure
Exclusive canonicalization is used for transforms
creates digest for Timestamp and SOAP Body using sha1 algorithm
creates signature using rsa-sha1 (X.509 certificate)
creation of BinarySecurityToken element to carry the public cert within SOAP message
This code is very crude, unorganized and built quickly using brute force - So if you dont like it, then dont use it - but dont bitch to me about it . Much cleaner and feature rich code will be available for my XML Security presentation in Toronto, but due to the number of requests for help on this subject I am making this code available as is in its current state. It was pieced together from code from a much larger system and may contain typos. Overall the code should work fine though you should change the way the certificates and passwords are included within the example code.