public function filterRequest(SoapRequest $request) { if ($this->session === null) { return; } $dom = $request->getContentDocument(); $helper = new FilterHelper($dom); $helper->addNamespace(self::PFX_CLIENT, self::NS_CLIENT); $helper->addNamespace(self::PFX_DTO, self::NS_DTO); $header = $helper->createElement(self::NS_CLIENT, 'SessionHeader'); $helper->addHeaderElement($header); $client = $helper->createElement(self::NS_CLIENT, 'SessionClient'); $header->appendChild($client); $client->appendChild($helper->createElement(self::NS_DTO, 'ClientId', $this->session->getClientId())); $client->appendChild($helper->createElement(self::NS_DTO, 'ConnectedOn', $this->session->getConnectedOn()->format(\DateTime::ATOM))); $client->appendChild($helper->createElement(self::NS_DTO, 'DataPath', $this->session->getDataPath())); $client->appendChild($helper->createElement(self::NS_DTO, 'ExpireOn', $this->session->getExpireOn()->format(\DateTime::ATOM))); $client->appendChild($helper->createElement(self::NS_DTO, 'Id', $this->session->getId())); }
/** * Modify the given request XML. * * @param \BeSimple\SoapCommon\SoapRequest $request SOAP request * * @return void */ public function filterRequest(SoapRequest $request) { // get \DOMDocument from SOAP request $dom = $request->getContentDocument(); // create FilterHelper $filterHelper = new FilterHelper($dom); // add the neccessary namespaces $filterHelper->addNamespace(Helper::PFX_XMLMIME, Helper::NS_XMLMIME); // get xsd:base64binary elements $xpath = new \DOMXPath($dom); $xpath->registerNamespace('XOP', Helper::NS_XOP); $query = '//XOP:Include/..'; $nodes = $xpath->query($query); // exchange attributes if ($nodes->length > 0) { foreach ($nodes as $node) { if ($node->hasAttribute('contentType')) { $contentType = $node->getAttribute('contentType'); $node->removeAttribute('contentType'); $filterHelper->setAttribute($node, Helper::NS_XMLMIME, 'contentType', $contentType); } } } }
/** * Modify the given request XML. * * @param \BeSimple\SoapCommon\SoapRequest $request SOAP request * * @return void */ public function filterRequest(CommonSoapRequest $request) { // get \DOMDocument from SOAP request $dom = $request->getContentDocument(); // locate security header $security = $dom->getElementsByTagNameNS(Helper::NS_WSS, 'Security')->item(0); if (null !== $security) { // is security header still valid? $query = '//' . Helper::PFX_WSU . ':Timestamp/' . Helper::PFX_WSU . ':Expires'; $xpath = new \DOMXPath($dom); $xpath->registerNamespace(Helper::PFX_WSU, Helper::NS_WSU); $expires = $xpath->query($query, $security)->item(0); if (null !== $expires) { $expiresDatetime = \DateTime::createFromFormat(static::DATETIME_FORMAT, $expires->textContent, new \DateTimeZone('UTC')); $currentDatetime = new \DateTime('now', new \DateTimeZone('UTC')); if ($currentDatetime > $expiresDatetime) { throw new \SoapFault('wsu:MessageExpired', 'Security semantics are expired'); } } $usernameToken = $security->getElementsByTagNameNS(Helper::NS_WSS, 'UsernameToken')->item(0); if (null !== $usernameToken) { $usernameTokenUsername = $usernameToken->getElementsByTagNameNS(Helper::NS_WSS, 'Username')->item(0); $usernameTokenPassword = $usernameToken->getElementsByTagNameNS(Helper::NS_WSS, 'Password')->item(0); $password = call_user_func($this->usernamePasswordCallback, $usernameTokenUsername->textContent); if ($usernameTokenPassword->getAttribute('Type') == Helper::NAME_WSS_UTP . '#PasswordDigest') { $nonce = $usernameToken->getElementsByTagNameNS(Helper::NS_WSS, 'Nonce')->item(0); $created = $usernameToken->getElementsByTagNameNS(Helper::NS_WSU, 'Created')->item(0); $password = base64_encode(sha1(base64_decode($nonce->textContent) . $created->textContent . $password, true)); } if (null === $password || $usernameTokenPassword->textContent != $password) { throw new \SoapFault('wsse:FailedAuthentication', 'The security token could not be authenticated or authorized'); } } // add SecurityTokenReference resolver for KeyInfo $keyResolver = array($this, 'keyInfoSecurityTokenReferenceResolver'); XmlSecurityDSig::addKeyInfoResolver(Helper::NS_WSS, 'SecurityTokenReference', $keyResolver); // do we have a reference list in header $referenceList = XmlSecurityEnc::locateReferenceList($security); // get a list of encrypted nodes $encryptedNodes = XmlSecurityEnc::locateEncryptedData($dom, $referenceList); // decrypt them if (null !== $encryptedNodes) { foreach ($encryptedNodes as $encryptedNode) { XmlSecurityEnc::decryptNode($encryptedNode); } } // locate signature node $signature = XmlSecurityDSig::locateSignature($security); if (null !== $signature) { // verify references $options = array('id_ns_prefix' => Helper::PFX_WSU, 'id_prefix_ns' => Helper::NS_WSU); if (XmlSecurityDSig::verifyReferences($signature, $options) !== true) { throw new \SoapFault('wsse:FailedCheck', 'The signature or decryption was invalid'); } // verify signature if (XmlSecurityDSig::verifyDocumentSignature($signature) !== true) { throw new \SoapFault('wsse:FailedCheck', 'The signature or decryption was invalid'); } } $security->parentNode->removeChild($security); } }
/** * Modify the given request XML. * * @param \BeSimple\SoapCommon\SoapRequest $request SOAP request * * @return void */ public function filterRequest(CommonSoapRequest $request) { // get \DOMDocument from SOAP request $dom = $request->getContentDocument(); // create FilterHelper $filterHelper = new FilterHelper($dom); // add the neccessary namespaces $filterHelper->addNamespace(Helper::PFX_WSS, Helper::NS_WSS); $filterHelper->addNamespace(Helper::PFX_WSU, Helper::NS_WSU); $filterHelper->registerNamespace(XmlSecurityDSig::PFX_XMLDSIG, XmlSecurityDSig::NS_XMLDSIG); // init timestamp $dt = new \DateTime('now', new \DateTimeZone('UTC')); $createdTimestamp = $dt->format(self::DATETIME_FORMAT); // create security header $security = $filterHelper->createElement(Helper::NS_WSS, 'Security'); $filterHelper->addHeaderElement($security, true, $this->actor, $request->getVersion()); if (true === $this->addTimestamp || null !== $this->expires) { $timestamp = $filterHelper->createElement(Helper::NS_WSU, 'Timestamp'); $created = $filterHelper->createElement(Helper::NS_WSU, 'Created', $createdTimestamp); $timestamp->appendChild($created); if (null !== $this->expires) { $dt->modify('+' . $this->expires . ' seconds'); $expiresTimestamp = $dt->format(self::DATETIME_FORMAT); $expires = $filterHelper->createElement(Helper::NS_WSU, 'Expires', $expiresTimestamp); $timestamp->appendChild($expires); } $security->appendChild($timestamp); } if (null !== $this->username) { $usernameToken = $filterHelper->createElement(Helper::NS_WSS, 'UsernameToken'); $security->appendChild($usernameToken); $username = $filterHelper->createElement(Helper::NS_WSS, 'Username', $this->username); $usernameToken->appendChild($username); if (null !== $this->password && (null === $this->userSecurityKey || null !== $this->userSecurityKey && !$this->userSecurityKey->hasPrivateKey())) { if (self::PASSWORD_TYPE_DIGEST === $this->passwordType) { $nonce = mt_rand(); $password = base64_encode(sha1($nonce . $createdTimestamp . $this->password, true)); $passwordType = Helper::NAME_WSS_UTP . '#PasswordDigest'; } else { $password = $this->password; $passwordType = Helper::NAME_WSS_UTP . '#PasswordText'; } $password = $filterHelper->createElement(Helper::NS_WSS, 'Password', $password); $filterHelper->setAttribute($password, null, 'Type', $passwordType); $usernameToken->appendChild($password); if (self::PASSWORD_TYPE_DIGEST === $this->passwordType) { $nonce = $filterHelper->createElement(Helper::NS_WSS, 'Nonce', base64_encode($nonce)); $usernameToken->appendChild($nonce); $created = $filterHelper->createElement(Helper::NS_WSU, 'Created', $createdTimestamp); $usernameToken->appendChild($created); } } } if (null !== $this->userSecurityKey && $this->userSecurityKey->hasKeys()) { $guid = 'CertId-' . Helper::generateUUID(); // add token references $keyInfo = null; if (null !== $this->tokenReferenceSignature) { $keyInfo = $this->createKeyInfo($filterHelper, $this->tokenReferenceSignature, $guid, $this->userSecurityKey->getPublicKey()); } $nodes = $this->createNodeListForSigning($dom, $security); $signature = XmlSecurityDSig::createSignature($this->userSecurityKey->getPrivateKey(), XmlSecurityDSig::EXC_C14N, $security, null, $keyInfo); $options = array('id_ns_prefix' => Helper::PFX_WSU, 'id_prefix_ns' => Helper::NS_WSU); foreach ($nodes as $node) { XmlSecurityDSig::addNodeToSignature($signature, $node, XmlSecurityDSig::SHA1, XmlSecurityDSig::EXC_C14N, $options); } XmlSecurityDSig::signDocument($signature, $this->userSecurityKey->getPrivateKey(), XmlSecurityDSig::EXC_C14N); $publicCertificate = $this->userSecurityKey->getPublicKey()->getX509Certificate(true); $binarySecurityToken = $filterHelper->createElement(Helper::NS_WSS, 'BinarySecurityToken', $publicCertificate); $filterHelper->setAttribute($binarySecurityToken, null, 'EncodingType', Helper::NAME_WSS_SMS . '#Base64Binary'); $filterHelper->setAttribute($binarySecurityToken, null, 'ValueType', Helper::NAME_WSS_X509 . '#X509v3'); $filterHelper->setAttribute($binarySecurityToken, Helper::NS_WSU, 'Id', $guid); $security->insertBefore($binarySecurityToken, $signature); // encrypt soap document if (null !== $this->serviceSecurityKey && $this->serviceSecurityKey->hasKeys()) { $guid = 'EncKey-' . Helper::generateUUID(); // add token references $keyInfo = null; if (null !== $this->tokenReferenceEncryption) { $keyInfo = $this->createKeyInfo($filterHelper, $this->tokenReferenceEncryption, $guid, $this->serviceSecurityKey->getPublicKey()); } $encryptedKey = XmlSecurityEnc::createEncryptedKey($guid, $this->serviceSecurityKey->getPrivateKey(), $this->serviceSecurityKey->getPublicKey(), $security, $signature, $keyInfo); $referenceList = XmlSecurityEnc::createReferenceList($encryptedKey); // token reference to encrypted key $keyInfo = $this->createKeyInfo($filterHelper, self::TOKEN_REFERENCE_SECURITY_TOKEN, $guid); $nodes = $this->createNodeListForEncryption($dom); foreach ($nodes as $node) { $type = XmlSecurityEnc::ELEMENT; if ($node->localName == 'Body') { $type = XmlSecurityEnc::CONTENT; } XmlSecurityEnc::encryptNode($node, $type, $this->serviceSecurityKey->getPrivateKey(), $referenceList, $keyInfo); } } } }
/** * Modify the given request XML. * * @param \BeSimple\SoapCommon\SoapRequest $request SOAP request * * @return void */ public function filterRequest(CommonSoapRequest $request) { // get \DOMDocument from SOAP request $dom = $request->getContentDocument(); // create FilterHelper $filterHelper = new FilterHelper($dom); // add the neccessary namespaces $filterHelper->addNamespace(Helper::PFX_WSA, Helper::NS_WSA); $action = $filterHelper->createElement(Helper::NS_WSA, 'Action', $request->getAction()); $filterHelper->addHeaderElement($action); $to = $filterHelper->createElement(Helper::NS_WSA, 'To', $request->getLocation()); $filterHelper->addHeaderElement($to); if (null !== $this->faultTo) { $faultTo = $filterHelper->createElement(Helper::NS_WSA, 'FaultTo'); $filterHelper->addHeaderElement($faultTo); $address = $filterHelper->createElement(Helper::NS_WSA, 'Address', $this->faultTo); $faultTo->appendChild($address); } if (null !== $this->from) { $from = $filterHelper->createElement(Helper::NS_WSA, 'From'); $filterHelper->addHeaderElement($from); $address = $filterHelper->createElement(Helper::NS_WSA, 'Address', $this->from); $from->appendChild($address); } if (null !== $this->messageId) { $messageId = $filterHelper->createElement(Helper::NS_WSA, 'MessageID', $this->messageId); $filterHelper->addHeaderElement($messageId); } if (null !== $this->relatesTo) { $relatesTo = $filterHelper->createElement(Helper::NS_WSA, 'RelatesTo', $this->relatesTo); if (null !== $this->relatesToRelationshipType) { $filterHelper->setAttribute($relatesTo, Helper::NS_WSA, 'RelationshipType', $this->relatesToRelationshipType); } $filterHelper->addHeaderElement($relatesTo); } if (null !== $this->replyTo) { $replyTo = $filterHelper->createElement(Helper::NS_WSA, 'ReplyTo'); $filterHelper->addHeaderElement($replyTo); $address = $filterHelper->createElement(Helper::NS_WSA, 'Address', $this->replyTo); $replyTo->appendChild($address); } foreach ($this->referenceParametersSet as $rp) { $filterHelper->addNamespace($rp['pfx'], $rp['ns']); $parameter = $filterHelper->createElement($rp['ns'], $rp['parameter'], $rp['value']); $filterHelper->setAttribute($parameter, Helper::NS_WSA, 'IsReferenceParameter', 'true'); $filterHelper->addHeaderElement($parameter); } }