Trying to digitally sign SOAP call with x.509 certificate in PHP Trying to digitally sign SOAP call with x.509 certificate in PHP php php

Trying to digitally sign SOAP call with x.509 certificate in PHP


php xml web-services soap ws-security

From what I can see, you're using a wrong key type: it should be XMLSecurityKey::DSA_SHA1, but you're using XMLSecurityKey::RSA_SHA1. The first one is not supported by the lib, BTW. But it can still be solved. Below you can find the code I used to test this.

  1. Generate keys (great hint):
openssl dsa -in dsakey.privateopenssl req -x509 -new -days 3650 -key dsakey.private -out dsakey.certopenssl dsa -in dsakey.private -pubout -out dsakey.pub
  1. Patch the lib:

in vendor/robrichards/xmlseclibs/src/XMLSecurityKey.php line 216 add the following case block:

case (self::DSA_SHA1):  $this->cryptParams['library'] = 'openssl';  $this->cryptParams['method']  = 'http://www.w3.org/2000/09/xmldsig#dsa-sha1';  $this->cryptParams['padding'] = OPENSSL_PKCS1_PADDING;  $this->cryptParams['digest']  = OPENSSL_ALGO_SHA1;  if (is_array($params) && ! empty($params['type'])) {    if ($params['type'] == 'public' || $params['type'] == 'private') {      $this->cryptParams['type'] = $params['type'];      break;    }  }  throw new Exception('Certificate "type" (private/public) must be passed via parameters');break;
  1. Run the signing functioniality:

use RobRichards\WsePhp\WSSESoap;use RobRichards\XMLSecLibs\XMLSecurityKey;$doc = new DOMDocument('1.0');$doc->loadXML(file_get_contents('/request.xml'));$objWSSE = new WSSESoap($doc);$objWSSE->addTimestamp();$objKey = new XMLSecurityKey(XMLSecurityKey::DSA_SHA1, ['type' => 'private']);$objKey->loadKey('/dsakey.private', true);$options = ['insertBefore' => true];$objWSSE->signSoapDoc($objKey, $options);$token = $objWSSE->addBinaryToken(file_get_contents('/dsakey.cret'));$objWSSE->attachTokentoSig($token);echo $doc->saveXML();
Expand snippet