public function testSigEnc()
{
$sc = new BeSimpleSoapClient(__DIR__ . '/Fixtures/WsSecuritySigEnc.wsdl', $this->options);
$wssFilter = new BeSimpleWsSecurityFilter();
// user key for signature and encryption
$securityKeyUser = new BeSimpleWsSecurityKey();
$securityKeyUser->addPrivateKey(XmlSecurityKey::RSA_SHA1, __DIR__ . '/Fixtures/clientkey.pem', true);
$securityKeyUser->addPublicKey(XmlSecurityKey::RSA_SHA1, __DIR__ . '/Fixtures/clientcert.pem', true);
$wssFilter->setUserSecurityKeyObject($securityKeyUser);
// service key for encryption
$securityKeyService = new BeSimpleWsSecurityKey();
$securityKeyService->addPrivateKey(XmlSecurityKey::TRIPLEDES_CBC);
$securityKeyService->addPublicKey(XmlSecurityKey::RSA_1_5, __DIR__ . '/Fixtures/servercert.pem', true);
$wssFilter->setServiceSecurityKeyObject($securityKeyService);
// TOKEN_REFERENCE_SUBJECT_KEY_IDENTIFIER | TOKEN_REFERENCE_SECURITY_TOKEN | TOKEN_REFERENCE_THUMBPRINT_SHA1
$wssFilter->setSecurityOptionsSignature(BeSimpleWsSecurityFilter::TOKEN_REFERENCE_SECURITY_TOKEN);
$wssFilter->setSecurityOptionsEncryption(BeSimpleWsSecurityFilter::TOKEN_REFERENCE_THUMBPRINT_SHA1);
$soapKernel = $sc->getSoapKernel();
$soapKernel->registerFilter($wssFilter);
$gb = new getBook();
$gb->isbn = '0061020052';
$result = $sc->getBook($gb);
$this->assertInstanceOf('BeSimple\\SoapClient\\Tests\\ServerInterop\\Fixtures\\BookInformation', $result->getBookReturn);
$ab = new addBook();
$ab->isbn = '0445203498';
$ab->title = 'The Dragon Never Sleeps';
$ab->author = 'Cook, Glen';
$ab->type = 'scifi';
$this->assertTrue((bool) $sc->addBook($ab));
// getBooksByType("scifi");
}
public function testAddPublicKeyNoFile()
{
$wsk = new WsSecurityKey();
$filename = __DIR__ . DIRECTORY_SEPARATOR . 'Fixtures/clientcert.pem';
$wsk->addPublicKey(\ass\XmlSecurity\Key::RSA_SHA1, file_get_contents($filename), false);
$this->assertTrue($wsk->hasPublicKey());
$this->assertInstanceOf('ass\\XmlSecurity\\Key', $wsk->getPublicKey());
}
/**
* Modify the given request XML.
*
* @param \BeSimple\SoapCommon\SoapRequest $request SOAP request
*
* @return void
*/
public function filterRequest(CommonSoapRequest $request)
{
// get \DOMDocument from SOAP request
$dom = $request->getContentDocument();
// create FilterHelper
$filterHelper = new FilterHelper($dom);
// add the neccessary namespaces
$filterHelper->addNamespace(Helper::PFX_WSS, Helper::NS_WSS);
$filterHelper->addNamespace(Helper::PFX_WSU, Helper::NS_WSU);
$filterHelper->registerNamespace(XmlSecurityDSig::PFX_XMLDSIG, XmlSecurityDSig::NS_XMLDSIG);
// init timestamp
$dt = new \DateTime('now', new \DateTimeZone('UTC'));
$createdTimestamp = $dt->format(self::DATETIME_FORMAT);
// create security header
$security = $filterHelper->createElement(Helper::NS_WSS, 'Security');
$filterHelper->addHeaderElement($security, true, $this->actor, $request->getVersion());
if (true === $this->addTimestamp || null !== $this->expires) {
$timestamp = $filterHelper->createElement(Helper::NS_WSU, 'Timestamp');
$created = $filterHelper->createElement(Helper::NS_WSU, 'Created', $createdTimestamp);
$timestamp->appendChild($created);
if (null !== $this->expires) {
$dt->modify('+' . $this->expires . ' seconds');
$expiresTimestamp = $dt->format(self::DATETIME_FORMAT);
$expires = $filterHelper->createElement(Helper::NS_WSU, 'Expires', $expiresTimestamp);
$timestamp->appendChild($expires);
}
$security->appendChild($timestamp);
}
if (null !== $this->username) {
$usernameToken = $filterHelper->createElement(Helper::NS_WSS, 'UsernameToken');
$security->appendChild($usernameToken);
$username = $filterHelper->createElement(Helper::NS_WSS, 'Username', $this->username);
$usernameToken->appendChild($username);
if (null !== $this->password && (null === $this->userSecurityKey || null !== $this->userSecurityKey && !$this->userSecurityKey->hasPrivateKey())) {
if (self::PASSWORD_TYPE_DIGEST === $this->passwordType) {
$nonce = mt_rand();
$password = base64_encode(sha1($nonce . $createdTimestamp . $this->password, true));
$passwordType = Helper::NAME_WSS_UTP . '#PasswordDigest';
} else {
$password = $this->password;
$passwordType = Helper::NAME_WSS_UTP . '#PasswordText';
}
$password = $filterHelper->createElement(Helper::NS_WSS, 'Password', $password);
$filterHelper->setAttribute($password, null, 'Type', $passwordType);
$usernameToken->appendChild($password);
if (self::PASSWORD_TYPE_DIGEST === $this->passwordType) {
$nonce = $filterHelper->createElement(Helper::NS_WSS, 'Nonce', base64_encode($nonce));
$usernameToken->appendChild($nonce);
$created = $filterHelper->createElement(Helper::NS_WSU, 'Created', $createdTimestamp);
$usernameToken->appendChild($created);
}
}
}
if (null !== $this->userSecurityKey && $this->userSecurityKey->hasKeys()) {
$guid = 'CertId-' . Helper::generateUUID();
// add token references
$keyInfo = null;
if (null !== $this->tokenReferenceSignature) {
$keyInfo = $this->createKeyInfo($filterHelper, $this->tokenReferenceSignature, $guid, $this->userSecurityKey->getPublicKey());
}
$nodes = $this->createNodeListForSigning($dom, $security);
$signature = XmlSecurityDSig::createSignature($this->userSecurityKey->getPrivateKey(), XmlSecurityDSig::EXC_C14N, $security, null, $keyInfo);
$options = array('id_ns_prefix' => Helper::PFX_WSU, 'id_prefix_ns' => Helper::NS_WSU);
foreach ($nodes as $node) {
XmlSecurityDSig::addNodeToSignature($signature, $node, XmlSecurityDSig::SHA1, XmlSecurityDSig::EXC_C14N, $options);
}
XmlSecurityDSig::signDocument($signature, $this->userSecurityKey->getPrivateKey(), XmlSecurityDSig::EXC_C14N);
$publicCertificate = $this->userSecurityKey->getPublicKey()->getX509Certificate(true);
$binarySecurityToken = $filterHelper->createElement(Helper::NS_WSS, 'BinarySecurityToken', $publicCertificate);
$filterHelper->setAttribute($binarySecurityToken, null, 'EncodingType', Helper::NAME_WSS_SMS . '#Base64Binary');
$filterHelper->setAttribute($binarySecurityToken, null, 'ValueType', Helper::NAME_WSS_X509 . '#X509v3');
$filterHelper->setAttribute($binarySecurityToken, Helper::NS_WSU, 'Id', $guid);
$security->insertBefore($binarySecurityToken, $signature);
// encrypt soap document
if (null !== $this->serviceSecurityKey && $this->serviceSecurityKey->hasKeys()) {
$guid = 'EncKey-' . Helper::generateUUID();
// add token references
$keyInfo = null;
if (null !== $this->tokenReferenceEncryption) {
$keyInfo = $this->createKeyInfo($filterHelper, $this->tokenReferenceEncryption, $guid, $this->serviceSecurityKey->getPublicKey());
}
$encryptedKey = XmlSecurityEnc::createEncryptedKey($guid, $this->serviceSecurityKey->getPrivateKey(), $this->serviceSecurityKey->getPublicKey(), $security, $signature, $keyInfo);
$referenceList = XmlSecurityEnc::createReferenceList($encryptedKey);
// token reference to encrypted key
$keyInfo = $this->createKeyInfo($filterHelper, self::TOKEN_REFERENCE_SECURITY_TOKEN, $guid);
$nodes = $this->createNodeListForEncryption($dom);
foreach ($nodes as $node) {
$type = XmlSecurityEnc::ELEMENT;
if ($node->localName == 'Body') {
$type = XmlSecurityEnc::CONTENT;
}
XmlSecurityEnc::encryptNode($node, $type, $this->serviceSecurityKey->getPrivateKey(), $referenceList, $keyInfo);
}
}
}
}
/**
* Tries to resolve a key from the given \DOMElement.
*
* @param \DOMElement $node Node where to resolve the key
* @param string $algorithm XML security key algorithm
*
* @return \ass\XmlSecurity\Key|null
*/
public function keyInfoSecurityTokenReferenceResolver(\DOMElement $node, $algorithm)
{
foreach ($node->childNodes as $key) {
if (Helper::NS_WSS === $key->namespaceURI) {
switch ($key->localName) {
case 'KeyIdentifier':
return $this->serviceSecurityKey->getPublicKey();
case 'Reference':
$uri = $key->getAttribute('URI');
$referencedNode = $this->getReferenceNodeForUri($node, $uri);
if (XmlSecurityEnc::NS_XMLENC === $referencedNode->namespaceURI && 'EncryptedKey' == $referencedNode->localName) {
$key = XmlSecurityEnc::decryptEncryptedKey($referencedNode, $this->userSecurityKey->getPrivateKey());
return XmlSecurityKey::factory($algorithm, $key, false, XmlSecurityKey::TYPE_PRIVATE);
} elseif (Helper::NS_WSS === $referencedNode->namespaceURI && 'BinarySecurityToken' == $referencedNode->localName) {
$key = XmlSecurityPem::formatKeyInPemFormat($referencedNode->textContent);
return XmlSecurityKey::factory(XmlSecurityKey::RSA_SHA1, $key, false, XmlSecurityKey::TYPE_PUBLIC);
}
}
}
}
return null;
}
use BeSimple\SoapClient\Tests\ServerInterop\Fixtures\addBook;
use BeSimple\SoapClient\Tests\ServerInterop\Fixtures\addBookResponse;
use BeSimple\SoapClient\Tests\ServerInterop\Fixtures\BookInformation;
$options = array('soap_version' => SOAP_1_2, 'features' => SOAP_SINGLE_ELEMENT_ARRAYS, 'trace' => true, 'classmap' => array('getBook' => 'BeSimple\\SoapClient\\Tests\\ServerInterop\\Fixtures\\getBook', 'getBookResponse' => 'BeSimple\\SoapClient\\Tests\\ServerInterop\\Fixtures\\getBookResponse', 'getBooksByType' => 'BeSimple\\SoapClient\\Tests\\ServerInterop\\Fixtures\\getBooksByType', 'getBooksByTypeResponse' => 'BeSimple\\SoapClient\\Tests\\ServerInterop\\Fixtures\\getBooksByTypeResponse', 'addBook' => 'BeSimple\\SoapClient\\Tests\\ServerInterop\\Fixtures\\addBook', 'addBookResponse' => 'BeSimple\\SoapClient\\Tests\\ServerInterop\\Fixtures\\addBookResponse', 'BookInformation' => 'BeSimple\\SoapClient\\Tests\\ServerInterop\\Fixtures\\BookInformation'));
$sc = new BeSimpleSoapClient(__DIR__ . '/Fixtures/WsSecuritySigEnc.wsdl', $options);
//var_dump($sc->__getFunctions());
//var_dump($sc->__getTypes());
try {
$wssFilter = new BeSimpleWsSecurityFilter();
// user key for signature and encryption
$securityKeyUser = new BeSimpleWsSecurityKey();
$securityKeyUser->addPrivateKey(XmlSecurityKey::RSA_SHA1, __DIR__ . '/Fixtures/clientkey.pem', true);
$securityKeyUser->addPublicKey(XmlSecurityKey::RSA_SHA1, __DIR__ . '/Fixtures/clientcert.pem', true);
$wssFilter->setUserSecurityKeyObject($securityKeyUser);
// service key for encryption
$securityKeyService = new BeSimpleWsSecurityKey();
$securityKeyService->addPrivateKey(XmlSecurityKey::TRIPLEDES_CBC);
$securityKeyService->addPublicKey(XmlSecurityKey::RSA_1_5, __DIR__ . '/Fixtures/servercert.pem', true);
$wssFilter->setServiceSecurityKeyObject($securityKeyService);
// TOKEN_REFERENCE_SUBJECT_KEY_IDENTIFIER | TOKEN_REFERENCE_SECURITY_TOKEN | TOKEN_REFERENCE_THUMBPRINT_SHA1
$wssFilter->setSecurityOptionsSignature(BeSimpleWsSecurityFilter::TOKEN_REFERENCE_SECURITY_TOKEN);
$wssFilter->setSecurityOptionsEncryption(BeSimpleWsSecurityFilter::TOKEN_REFERENCE_THUMBPRINT_SHA1);
$soapKernel = $sc->getSoapKernel();
$soapKernel->registerFilter($wssFilter);
$gb = new getBook();
$gb->isbn = '0061020052';
$result = $sc->getBook($gb);
var_dump($result->getBookReturn);
$ab = new addBook();
$ab->isbn = '0445203498';
$ab->title = 'The Dragon Never Sleeps';