public function filterRequest(SoapRequest $request)
{
if ($this->session === null) {
return;
}
$dom = $request->getContentDocument();
$helper = new FilterHelper($dom);
$helper->addNamespace(self::PFX_CLIENT, self::NS_CLIENT);
$helper->addNamespace(self::PFX_DTO, self::NS_DTO);
$header = $helper->createElement(self::NS_CLIENT, 'SessionHeader');
$helper->addHeaderElement($header);
$client = $helper->createElement(self::NS_CLIENT, 'SessionClient');
$header->appendChild($client);
$client->appendChild($helper->createElement(self::NS_DTO, 'ClientId', $this->session->getClientId()));
$client->appendChild($helper->createElement(self::NS_DTO, 'ConnectedOn', $this->session->getConnectedOn()->format(\DateTime::ATOM)));
$client->appendChild($helper->createElement(self::NS_DTO, 'DataPath', $this->session->getDataPath()));
$client->appendChild($helper->createElement(self::NS_DTO, 'ExpireOn', $this->session->getExpireOn()->format(\DateTime::ATOM)));
$client->appendChild($helper->createElement(self::NS_DTO, 'Id', $this->session->getId()));
}
/**
* Modify the given request XML.
*
* @param \BeSimple\SoapCommon\SoapRequest $request SOAP request
*
* @return void
*/
public function filterRequest(SoapRequest $request)
{
// get \DOMDocument from SOAP request
$dom = $request->getContentDocument();
// create FilterHelper
$filterHelper = new FilterHelper($dom);
// add the neccessary namespaces
$filterHelper->addNamespace(Helper::PFX_XMLMIME, Helper::NS_XMLMIME);
// get xsd:base64binary elements
$xpath = new \DOMXPath($dom);
$xpath->registerNamespace('XOP', Helper::NS_XOP);
$query = '//XOP:Include/..';
$nodes = $xpath->query($query);
// exchange attributes
if ($nodes->length > 0) {
foreach ($nodes as $node) {
if ($node->hasAttribute('contentType')) {
$contentType = $node->getAttribute('contentType');
$node->removeAttribute('contentType');
$filterHelper->setAttribute($node, Helper::NS_XMLMIME, 'contentType', $contentType);
}
}
}
}
/**
* Modify the given request XML.
*
* @param \BeSimple\SoapCommon\SoapRequest $request SOAP request
*
* @return void
*/
public function filterRequest(CommonSoapRequest $request)
{
// get \DOMDocument from SOAP request
$dom = $request->getContentDocument();
// locate security header
$security = $dom->getElementsByTagNameNS(Helper::NS_WSS, 'Security')->item(0);
if (null !== $security) {
// is security header still valid?
$query = '//' . Helper::PFX_WSU . ':Timestamp/' . Helper::PFX_WSU . ':Expires';
$xpath = new \DOMXPath($dom);
$xpath->registerNamespace(Helper::PFX_WSU, Helper::NS_WSU);
$expires = $xpath->query($query, $security)->item(0);
if (null !== $expires) {
$expiresDatetime = \DateTime::createFromFormat(static::DATETIME_FORMAT, $expires->textContent, new \DateTimeZone('UTC'));
$currentDatetime = new \DateTime('now', new \DateTimeZone('UTC'));
if ($currentDatetime > $expiresDatetime) {
throw new \SoapFault('wsu:MessageExpired', 'Security semantics are expired');
}
}
$usernameToken = $security->getElementsByTagNameNS(Helper::NS_WSS, 'UsernameToken')->item(0);
if (null !== $usernameToken) {
$usernameTokenUsername = $usernameToken->getElementsByTagNameNS(Helper::NS_WSS, 'Username')->item(0);
$usernameTokenPassword = $usernameToken->getElementsByTagNameNS(Helper::NS_WSS, 'Password')->item(0);
$password = call_user_func($this->usernamePasswordCallback, $usernameTokenUsername->textContent);
if ($usernameTokenPassword->getAttribute('Type') == Helper::NAME_WSS_UTP . '#PasswordDigest') {
$nonce = $usernameToken->getElementsByTagNameNS(Helper::NS_WSS, 'Nonce')->item(0);
$created = $usernameToken->getElementsByTagNameNS(Helper::NS_WSU, 'Created')->item(0);
$password = base64_encode(sha1(base64_decode($nonce->textContent) . $created->textContent . $password, true));
}
if (null === $password || $usernameTokenPassword->textContent != $password) {
throw new \SoapFault('wsse:FailedAuthentication', 'The security token could not be authenticated or authorized');
}
}
// add SecurityTokenReference resolver for KeyInfo
$keyResolver = array($this, 'keyInfoSecurityTokenReferenceResolver');
XmlSecurityDSig::addKeyInfoResolver(Helper::NS_WSS, 'SecurityTokenReference', $keyResolver);
// do we have a reference list in header
$referenceList = XmlSecurityEnc::locateReferenceList($security);
// get a list of encrypted nodes
$encryptedNodes = XmlSecurityEnc::locateEncryptedData($dom, $referenceList);
// decrypt them
if (null !== $encryptedNodes) {
foreach ($encryptedNodes as $encryptedNode) {
XmlSecurityEnc::decryptNode($encryptedNode);
}
}
// locate signature node
$signature = XmlSecurityDSig::locateSignature($security);
if (null !== $signature) {
// verify references
$options = array('id_ns_prefix' => Helper::PFX_WSU, 'id_prefix_ns' => Helper::NS_WSU);
if (XmlSecurityDSig::verifyReferences($signature, $options) !== true) {
throw new \SoapFault('wsse:FailedCheck', 'The signature or decryption was invalid');
}
// verify signature
if (XmlSecurityDSig::verifyDocumentSignature($signature) !== true) {
throw new \SoapFault('wsse:FailedCheck', 'The signature or decryption was invalid');
}
}
$security->parentNode->removeChild($security);
}
}
/**
* Modify the given request XML.
*
* @param \BeSimple\SoapCommon\SoapRequest $request SOAP request
*
* @return void
*/
public function filterRequest(CommonSoapRequest $request)
{
// get \DOMDocument from SOAP request
$dom = $request->getContentDocument();
// create FilterHelper
$filterHelper = new FilterHelper($dom);
// add the neccessary namespaces
$filterHelper->addNamespace(Helper::PFX_WSS, Helper::NS_WSS);
$filterHelper->addNamespace(Helper::PFX_WSU, Helper::NS_WSU);
$filterHelper->registerNamespace(XmlSecurityDSig::PFX_XMLDSIG, XmlSecurityDSig::NS_XMLDSIG);
// init timestamp
$dt = new \DateTime('now', new \DateTimeZone('UTC'));
$createdTimestamp = $dt->format(self::DATETIME_FORMAT);
// create security header
$security = $filterHelper->createElement(Helper::NS_WSS, 'Security');
$filterHelper->addHeaderElement($security, true, $this->actor, $request->getVersion());
if (true === $this->addTimestamp || null !== $this->expires) {
$timestamp = $filterHelper->createElement(Helper::NS_WSU, 'Timestamp');
$created = $filterHelper->createElement(Helper::NS_WSU, 'Created', $createdTimestamp);
$timestamp->appendChild($created);
if (null !== $this->expires) {
$dt->modify('+' . $this->expires . ' seconds');
$expiresTimestamp = $dt->format(self::DATETIME_FORMAT);
$expires = $filterHelper->createElement(Helper::NS_WSU, 'Expires', $expiresTimestamp);
$timestamp->appendChild($expires);
}
$security->appendChild($timestamp);
}
if (null !== $this->username) {
$usernameToken = $filterHelper->createElement(Helper::NS_WSS, 'UsernameToken');
$security->appendChild($usernameToken);
$username = $filterHelper->createElement(Helper::NS_WSS, 'Username', $this->username);
$usernameToken->appendChild($username);
if (null !== $this->password && (null === $this->userSecurityKey || null !== $this->userSecurityKey && !$this->userSecurityKey->hasPrivateKey())) {
if (self::PASSWORD_TYPE_DIGEST === $this->passwordType) {
$nonce = mt_rand();
$password = base64_encode(sha1($nonce . $createdTimestamp . $this->password, true));
$passwordType = Helper::NAME_WSS_UTP . '#PasswordDigest';
} else {
$password = $this->password;
$passwordType = Helper::NAME_WSS_UTP . '#PasswordText';
}
$password = $filterHelper->createElement(Helper::NS_WSS, 'Password', $password);
$filterHelper->setAttribute($password, null, 'Type', $passwordType);
$usernameToken->appendChild($password);
if (self::PASSWORD_TYPE_DIGEST === $this->passwordType) {
$nonce = $filterHelper->createElement(Helper::NS_WSS, 'Nonce', base64_encode($nonce));
$usernameToken->appendChild($nonce);
$created = $filterHelper->createElement(Helper::NS_WSU, 'Created', $createdTimestamp);
$usernameToken->appendChild($created);
}
}
}
if (null !== $this->userSecurityKey && $this->userSecurityKey->hasKeys()) {
$guid = 'CertId-' . Helper::generateUUID();
// add token references
$keyInfo = null;
if (null !== $this->tokenReferenceSignature) {
$keyInfo = $this->createKeyInfo($filterHelper, $this->tokenReferenceSignature, $guid, $this->userSecurityKey->getPublicKey());
}
$nodes = $this->createNodeListForSigning($dom, $security);
$signature = XmlSecurityDSig::createSignature($this->userSecurityKey->getPrivateKey(), XmlSecurityDSig::EXC_C14N, $security, null, $keyInfo);
$options = array('id_ns_prefix' => Helper::PFX_WSU, 'id_prefix_ns' => Helper::NS_WSU);
foreach ($nodes as $node) {
XmlSecurityDSig::addNodeToSignature($signature, $node, XmlSecurityDSig::SHA1, XmlSecurityDSig::EXC_C14N, $options);
}
XmlSecurityDSig::signDocument($signature, $this->userSecurityKey->getPrivateKey(), XmlSecurityDSig::EXC_C14N);
$publicCertificate = $this->userSecurityKey->getPublicKey()->getX509Certificate(true);
$binarySecurityToken = $filterHelper->createElement(Helper::NS_WSS, 'BinarySecurityToken', $publicCertificate);
$filterHelper->setAttribute($binarySecurityToken, null, 'EncodingType', Helper::NAME_WSS_SMS . '#Base64Binary');
$filterHelper->setAttribute($binarySecurityToken, null, 'ValueType', Helper::NAME_WSS_X509 . '#X509v3');
$filterHelper->setAttribute($binarySecurityToken, Helper::NS_WSU, 'Id', $guid);
$security->insertBefore($binarySecurityToken, $signature);
// encrypt soap document
if (null !== $this->serviceSecurityKey && $this->serviceSecurityKey->hasKeys()) {
$guid = 'EncKey-' . Helper::generateUUID();
// add token references
$keyInfo = null;
if (null !== $this->tokenReferenceEncryption) {
$keyInfo = $this->createKeyInfo($filterHelper, $this->tokenReferenceEncryption, $guid, $this->serviceSecurityKey->getPublicKey());
}
$encryptedKey = XmlSecurityEnc::createEncryptedKey($guid, $this->serviceSecurityKey->getPrivateKey(), $this->serviceSecurityKey->getPublicKey(), $security, $signature, $keyInfo);
$referenceList = XmlSecurityEnc::createReferenceList($encryptedKey);
// token reference to encrypted key
$keyInfo = $this->createKeyInfo($filterHelper, self::TOKEN_REFERENCE_SECURITY_TOKEN, $guid);
$nodes = $this->createNodeListForEncryption($dom);
foreach ($nodes as $node) {
$type = XmlSecurityEnc::ELEMENT;
if ($node->localName == 'Body') {
$type = XmlSecurityEnc::CONTENT;
}
XmlSecurityEnc::encryptNode($node, $type, $this->serviceSecurityKey->getPrivateKey(), $referenceList, $keyInfo);
}
}
}
}
/**
* Modify the given request XML.
*
* @param \BeSimple\SoapCommon\SoapRequest $request SOAP request
*
* @return void
*/
public function filterRequest(CommonSoapRequest $request)
{
// get \DOMDocument from SOAP request
$dom = $request->getContentDocument();
// create FilterHelper
$filterHelper = new FilterHelper($dom);
// add the neccessary namespaces
$filterHelper->addNamespace(Helper::PFX_WSA, Helper::NS_WSA);
$action = $filterHelper->createElement(Helper::NS_WSA, 'Action', $request->getAction());
$filterHelper->addHeaderElement($action);
$to = $filterHelper->createElement(Helper::NS_WSA, 'To', $request->getLocation());
$filterHelper->addHeaderElement($to);
if (null !== $this->faultTo) {
$faultTo = $filterHelper->createElement(Helper::NS_WSA, 'FaultTo');
$filterHelper->addHeaderElement($faultTo);
$address = $filterHelper->createElement(Helper::NS_WSA, 'Address', $this->faultTo);
$faultTo->appendChild($address);
}
if (null !== $this->from) {
$from = $filterHelper->createElement(Helper::NS_WSA, 'From');
$filterHelper->addHeaderElement($from);
$address = $filterHelper->createElement(Helper::NS_WSA, 'Address', $this->from);
$from->appendChild($address);
}
if (null !== $this->messageId) {
$messageId = $filterHelper->createElement(Helper::NS_WSA, 'MessageID', $this->messageId);
$filterHelper->addHeaderElement($messageId);
}
if (null !== $this->relatesTo) {
$relatesTo = $filterHelper->createElement(Helper::NS_WSA, 'RelatesTo', $this->relatesTo);
if (null !== $this->relatesToRelationshipType) {
$filterHelper->setAttribute($relatesTo, Helper::NS_WSA, 'RelationshipType', $this->relatesToRelationshipType);
}
$filterHelper->addHeaderElement($relatesTo);
}
if (null !== $this->replyTo) {
$replyTo = $filterHelper->createElement(Helper::NS_WSA, 'ReplyTo');
$filterHelper->addHeaderElement($replyTo);
$address = $filterHelper->createElement(Helper::NS_WSA, 'Address', $this->replyTo);
$replyTo->appendChild($address);
}
foreach ($this->referenceParametersSet as $rp) {
$filterHelper->addNamespace($rp['pfx'], $rp['ns']);
$parameter = $filterHelper->createElement($rp['ns'], $rp['parameter'], $rp['value']);
$filterHelper->setAttribute($parameter, Helper::NS_WSA, 'IsReferenceParameter', 'true');
$filterHelper->addHeaderElement($parameter);
}
}
