Skip to content

Commit

Permalink
Merge pull request #257 from veewee/wsse-sign-binary-token
Browse files Browse the repository at this point in the history 
WSSE Make sure BinarySecurityToken is singed as well
  • Loading branch information
@veewee
veewee authored Oct 14, 2019
2 parents 84ea6c5 + a75c1fc commit 42a39af
Show file tree
Hide file tree
Showing 2 changed files with 10 additions and 8 deletions.
6 changes: 4 additions & 2 deletions src/Phpro/SoapClient/Middleware/WsseMiddleware.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -143,13 +143,15 @@ public function beforeRequest(callable $handler, RequestInterface $request): Pro
$wsse->addUserToken($this->userTokenName, $this->userTokenPassword, $this->userTokenDigest);
}

// Add certificate (BinarySecurityToken) to the message
$token = $wsse->addBinaryToken(file_get_contents($this->publicKeyFile));

// Create new XMLSec Key using the dsigType and type is private key
$key = new XMLSecurityKey($this->digitalSignMethod, ['type' => 'private']);
$key->loadKey($this->privateKeyFile, true);
$wsse->signSoapDoc($key);

// Add certificate (BinarySecurityToken) to the message and attach pointer to Signature:
$token = $wsse->addBinaryToken(file_get_contents($this->publicKeyFile));
// Attach token pointer to Signature:
$wsse->attachTokentoSig($token);

// Add end-to-end encryption if configured:
Expand Down
12 changes: 6 additions & 6 deletions test/PhproTest/SoapClient/Unit/Middleware/WsseMiddlewareTest.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -85,10 +85,10 @@ function it_adds_Wsse_to_the_request_xml()
$this->assertEquals($xml->xpath('//wsse:Security/ds:Signature/ds:SignedInfo')->length, 1, 'No DS SignedInfo Signature tag');
$this->assertEquals($xml->xpath('//wsse:Security/ds:Signature/ds:SignedInfo/ds:CanonicalizationMethod')->length, 1, 'No DS SignedInfo CanonicalizationMethod Signature tag');
$this->assertEquals($xml->xpath('//wsse:Security/ds:Signature/ds:SignedInfo/ds:SignatureMethod')->length, 1, 'No DS SignedInfo SignatureMethod Signature tag');
$this->assertEquals($xml->xpath('//wsse:Security/ds:Signature/ds:SignedInfo/ds:Reference')->length, 1, 'No DS SignedInfo Reference Signature tag');
$this->assertEquals($xml->xpath('//wsse:Security/ds:Signature/ds:SignedInfo/ds:Reference/ds:Transforms/ds:Transform')->length, 1, 'No DS SignedInfo Reference Transform Signature tag');
$this->assertEquals($xml->xpath('//wsse:Security/ds:Signature/ds:SignedInfo/ds:Reference/ds:DigestMethod')->length, 1, 'No DS SignedInfo Reference DigestMethod Signature tag');
$this->assertEquals($xml->xpath('//wsse:Security/ds:Signature/ds:SignedInfo/ds:Reference/ds:DigestValue')->length, 1, 'No DS SignedInfo Reference DigestValue Signature tag');
$this->assertEquals($xml->xpath('//wsse:Security/ds:Signature/ds:SignedInfo/ds:Reference')->length, 2, 'No DS SignedInfo Reference Signature tags');
$this->assertEquals($xml->xpath('//wsse:Security/ds:Signature/ds:SignedInfo/ds:Reference/ds:Transforms/ds:Transform')->length, 2, 'No DS SignedInfo Reference Transform Signature tag');
$this->assertEquals($xml->xpath('//wsse:Security/ds:Signature/ds:SignedInfo/ds:Reference/ds:DigestMethod')->length, 2, 'No DS SignedInfo Reference DigestMethod Signature tag');
$this->assertEquals($xml->xpath('//wsse:Security/ds:Signature/ds:SignedInfo/ds:Reference/ds:DigestValue')->length, 2, 'No DS SignedInfo Reference DigestValue Signature tag');
$this->assertEquals($xml->xpath('//wsse:Security/ds:Signature/ds:SignatureValue')->length, 1, 'No DS SignatureValue Signature tag');
$this->assertEquals($xml->xpath('//wsse:Security/ds:Signature/ds:KeyInfo')->length, 1, 'No DS KeyInfo Signature tag');
$this->assertEquals($xml->xpath('//wsse:Security/ds:Signature/ds:KeyInfo/wsse:SecurityTokenReference/wsse:Reference')->length, 1, 'No DS KeyInfo SecurityTokenReference Signature tag');
Expand Down Expand Up @@ -140,7 +140,7 @@ function it_is_possible_to_sign_all_headers()
$soapBody = (string)$this->mockClient->getRequests()[0]->getBody();
$xml = $this->fetchSoapXml($soapBody);

$this->assertEquals(5, $xml->xpath('//wsse:Security/ds:Signature/ds:SignedInfo/ds:Reference')->length, 'Not all headers are signed!');
$this->assertEquals(6, $xml->xpath('//wsse:Security/ds:Signature/ds:SignedInfo/ds:Reference')->length, 'Not all headers are signed!');
$this->assertEquals(1, $xml->xpath('//wsa:Action[@wsu:Id]')->length, 'No signed WSA:Action.');
$this->assertEquals(1, $xml->xpath('//wsa:To[@wsu:Id]')->length, 'No signed WSA:To.');
$this->assertEquals(1, $xml->xpath('//wsa:MessageID[@wsu:Id]')->length, 'No signed WSA:MessageID.');
Expand Down Expand Up @@ -181,7 +181,7 @@ function it_is_possible_to_specify_a_user_token()
$xml = $this->fetchSoapXml($soapBody);

// Check defaults:
$this->assertEquals(2, $xml->xpath('//wsse:Security/ds:Signature/ds:SignedInfo/ds:Reference')->length, 'UserToken not signed!');
$this->assertEquals(3, $xml->xpath('//wsse:Security/ds:Signature/ds:SignedInfo/ds:Reference')->length, 'UserToken not signed!');
$this->assertEquals($xml->xpath('//soap:Header/wsse:Security/wsse:UsernameToken')->length, 1, 'No WSSE UsernameToken tag');
$this->assertEquals(1, $xml->xpath('//wsse:Security/wsse:UsernameToken[@wsu:Id]')->length, 'UserToken not signed!');
$this->assertEquals($xml->xpath('//wsse:Security/wsse:UsernameToken/wsse:Username')->length, 1, 'No WSSE UserName tag');
Expand Down

0 comments on commit 42a39af

Please sign in to comment.