Monday, July 3. 2006
WSSE and ext/soap
I have gotten quite a few messages over the past month or so concerning implementing WSSE with ext/soap. Unfortunately I have had little to no time to write up anything on this or the other XML Security topics. If my time doesnt free up, you might have to wait until my presentation in Toronto. Until then here is some very basic, crude and unorganized code that should get anyone needing this functionality started.
Update (9/15/2006): New libraries and sample files are available. Please see the entry Slides from PHP|Works 2006
XML Canonicaliztion functions C14N() and C14NFile() have been added to DOM for PHP 5.2. Until this is released, I wrote some functionality to perform basic exclusive canonical XML (So far it has worked fine with all the Soap services implemeting WSSE I have encountered as well as XML using XMLDSIG). When used within a system running PHP 5.2 it will use the functionality built into the DOM extension rather than the custom implementation.
For WSSE, here is a class extending SoapClient that can be used to add basic WSSE functionality to a soap request. It requires an additional xmldsig template file. The example code provides the following:
Disclaimer:
This code is very crude, unorganized and built quickly using brute force - So if you dont like it, then dont use it - but dont bitch to me about it
. Much cleaner and feature rich code will be available for my XML Security presentation in Toronto, but due to the number of requests for help on this subject I am making this code available as is in its current state. It was pieced together from code from a much larger system and may contain typos. Overall the code should work fine though you should change the way the certificates and passwords are included within the example code.
Update (9/15/2006): New libraries and sample files are available. Please see the entry Slides from PHP|Works 2006
XML Canonicaliztion functions C14N() and C14NFile() have been added to DOM for PHP 5.2. Until this is released, I wrote some functionality to perform basic exclusive canonical XML (So far it has worked fine with all the Soap services implemeting WSSE I have encountered as well as XML using XMLDSIG). When used within a system running PHP 5.2 it will use the functionality built into the DOM extension rather than the custom implementation.
For WSSE, here is a class extending SoapClient that can be used to add basic WSSE functionality to a soap request. It requires an additional xmldsig template file. The example code provides the following:
- Creation of WSSE Security header
- Creation of WSU Timestamp/Created element within Security structure
- Exclusive canonicalization is used for transforms
- creates digest for Timestamp and SOAP Body using sha1 algorithm
- creates signature using rsa-sha1 (X.509 certificate)
- creation of BinarySecurityToken element to carry the public cert within SOAP message
Disclaimer:
This code is very crude, unorganized and built quickly using brute force - So if you dont like it, then dont use it - but dont bitch to me about it
. Much cleaner and feature rich code will be available for my XML Security presentation in Toronto, but due to the number of requests for help on this subject I am making this code available as is in its current state. It was pieced together from code from a much larger system and may contain typos. Overall the code should work fine though you should change the way the certificates and passwords are included within the example code.
Trackbacks
Trackback specific URI for this entry
No Trackbacks
Pro PHP XML and Web Services
