I'm unable to make an encrypted SOAP request in PHP. As per the documentation, I encrypted each request to the payment gateway. I generated a CSR & sent it to the authority for the certificate. They sent back me the domain certificate & CA certificate. The biggest problem is that the documentation is not meant for PHP. As per the document:
The web service is protected with WS-Security Sign and encryption
policy
After searching a long time I found a helper class from Git but whenever I try to connect I get the following error:
General security error (No certificates were found for decryption (KeyId))
FaultCode : wsse:InvalidSecurity
I tried to set SSL header as follows:
$contextOptions = array(
'ssl' => array(
'verify_peer' => false,
'verify_peer_name' => false,
'cafile' => '../../certs/CA.cer',
'local_cert' => '../../certs/server.cer',
'local_pk' => '../../certs/private_key.key',
'verify_depth' => 0,
'allow_self_signed'=>true,
)
);
$sslContext = stream_context_create($contextOptions);
Update
I defined the keys as :
define('PRIVATE_KEY', 'server_prvate_key.key');
define('CERT_FILE', 'domain_cert.cer');
define('SERVICE_CERT', 'CA.cer');
Anything wrong with this definition (please see the above GIT link)?
Are you tried using curl?
Use the following option to set your certificate:
curl_setopt($ch,CURLOPT_CAINFO, 'CA.cer' );
curl_setopt($ch,CURLOPT_SSLCERT, 'domain_cert.cer' );
curl_setopt($ch,CURLOPT_SSLKEY, 'server_prvate_key.key' );
curl_setopt($ch,CURLOPT_SSLCERTPASSWD, 'certificate_password' ); //if have
I use encrypted connection to payment gateways and other services using curl and works like a charm.
Related
Other similar questions have not helped me resolve this.
I have to retrieve a WSDL file using a client certificate + private key combination from my webserver calling another external SOAP API.
$wsdl = 'https://www.example.com?wsdl';
$endpoint = 'https://www.example.com';
$sslContext = stream_context_create($contextOptions);
$options = [
'local_cert' => '/var/www/combo.pem',
'passphrase' => 'Pass1',
'cache_wsdl' => WSDL_CACHE_MEMORY,
'trace' => 1,
'stream_context' => stream_context_create([
'ssl' => [
'ciphers' => 'RC4-SHA',
'verify_peer' => false,
'verify_peer_name' => false,
'allow_self_signed' => true
]
])
];
try{
$soapClient = new SoapClient($wsdl, $options);
}
catch(Exception $e)
{
var_dump($e);
}
The error I'm getting is:
SOAP-ERROR: Parsing WSDL: Couldn't load from '..domain..' : failed to load external entity "..domain..?wsdl"
I tried numerous settings and none of them made any difference to this response. I tried no settings, empty array.
What has worked:
Establishing a raw connection via CURL, so the certificate file is fine
Retrieving WSDL information from SoapUI, so the WSDL destination is correct and the certificate file was okay
phpinfo() returns SoapClient is enabled, OpenSSL is enabled. What else could I try or check?
SOAP error could come from invalid character encoding or maybe some HTTP header missing like 'User-Agent' when you query the remote server.
Try to adding User-Agent to options like the sample below.
$options = array(
'http' => array(
'user_agent' => 'PHP_Embedded_Soap_Client'
)
);
PS: I would not recommend to strict ciphers to: RC4-SHA
I wanted to comment this but based on others' suggestions of using file_get_contents and your reply mentioning that it returned false, I'm now kind of sure it's more of a connection problem. Please check followings:
It's obvious that your actual $wsdl value is different than what is posted but please make sure that .com?wsdl is not happening in your code. it should be .com/?wsdl.
Check your DNS settings. A lookup through dnslookup can help identify problem.
Make sure date & time setting of server is correct. It can lead to SSL errors.
If none of above helped. You might consider downloading WSDL content with other tools (such as cURL) and on different machines to identify the cause of problem.
I've been trying to use the European Union's website to validate TIN numbers (Europa TIN validation website - there is a WSDL available at the bottom of the page)
The problem I'm having is that when I try to make a new SoapClient the function fails immediately when building the client. At first I was having a "Failed to load external entity" and I assumed it was because the WSDL has a secure connection. After searching around I found some answers that said that the problem could have to do with the certificate being outdated and the most recent versions of PHP throw errors in that case, so I disabled certificate validation with:
// Stream context due to certificate problems
$streamContext = stream_context_create(array(
'ssl' => array(
'verify_peer' => false,
'verify_peer_name' => false,
'allow_self_signed' => true
)
));
But now I'm getting another error: "failed to open stream: HTTP Request failed! HTTP/1.1 502 Bad Gateway". Any thoughts about how to solve this issue? If I remove "https://" from the link I get the same result as before with the "failed to load external entity" message.
Now here's the real brain picker. If I try to use chrome's extension "Boomerang" to test SOAP calls on the WSDL it works absolutely perfectly, so I have no idea what's wrong here... Anyone can easily try this by attempting to make a soap call in a PHP file.
Here's the full code:
public static function validateTIN($tin) {
// Stream context due to certificate problems
$streamContext = stream_context_create(array(
'ssl' => array(
'verify_peer' => false,
'verify_peer_name' => false,
'allow_self_signed' => true
)
));
// Create our soap client
$client = new SoapClient('https://ec.europa.eu/taxation_customs/tin/checkTinService.wsdl', array(
'exceptions' => 0,
'trace' => 1,
'connection_timeout' => 1800,
'stream_context' => $streamContext
));
dd($client->__getFunctions());
return true;
}
After spending hours researching and trying to figure out the problem I found a 2 years old post that somehow served my purpose.
Unfortunately I can't mark this as duplicate so I'll just link it here: SOAP error parsing wsl couldn't load from but works on wamp
I couldn't find this question because Google didn't tag it as using the Europa services.
Either way, my problem was that I needed to specify my user agent explicitly because Europa web services are too outdated and can't resolve IPv6 requests, only IPv4. Like so:
$opts = array(
'http'=>array(
'user_agent' => 'PHPSoapClient'
)
);
$context = stream_context_create($opts);
$client = new SoapClient('http://ec.europa.eu/taxation_customs/vies/checkVatService.wsdl',
array('stream_context' => $context,
'cache_wsdl' => WSDL_CACHE_NONE));
$result = $client->checkVat(array(
'countryCode' => 'DK',
'vatNumber' => '47458714'
));
The example uses the CheckVAT SOAP function but it works just as well for the CheckTIN function.
I'm successfully enabling encryption during an SMTP+STARTTLS transaction, but I'd like to find out some details about the TLS connection that was made. Encryption is enabled like this, after successfully opening the stream connection:
$encrypted = stream_socket_enable_crypto(
$smtp_conn,
true,
STREAM_CRYPTO_METHOD_TLS_CLIENT | STREAM_CRYPTO_METHOD_TLSv1_2_CLIENT | STREAM_CRYPTO_METHOD_TLSv1_1_CLIENT
);
$encrypted just contains true, which doesn't tell me much. I'm trying to find out where I can get at things like the TLS version, domain, public cert, key exchange mechanism, verification status, hash and cipher used in the connection. It must be a property of the stream the encryption is enabled on, so I've been looking in things like stream_get_meta_data but that only contains this:
[
'timed_out' => false,
'blocked' => true,
'eof' => false,
'stream_type' => 'tcp_socket/ssl',
'mode' => 'r+',
'unread_bytes' => 0,
'seekable' => false,
]
I've also looked in stream_context_get_params and stream_context_get_options but neither contain anything interesting.
In NodeJS the place to look would be in the TLS module, which contains exactly the kind of things I'm looking for.
Where might I find more TLS info from PHP?
I have a PHP script trying to connect to a WSDL.
I need to allow self signed AND give basic auth details.
Using SOAP UI, when I connect to the WSDL I am prompted for username / password.
I got this working.
I also found out that each request also requires basic auth (so on the request screen, I have to select Auth, then basic, enter same credentials as I used on the prompt).
How to I do this auth in PHP
As I said, I can connect, not a problem, I seem to kill the service or timeout if I try to make a request
<?php
$context = stream_context_create(array(
'ssl' => array(
'verify_peer' => false,
'verify_peer_name' => false,
'allow_self_signed' => true
)
));
$data = array(
'columnA' => 'dataA',
'columnB' => 'dataB',
'columnC' => 'dataC');
$url = 'https://111.111.111.111:1234/dir/file';
$login = 'username';
$pwd = 'password';
$client = new soapClient(null, array(
'location' => $url,
'uri' => '',
'login' => $login,
'password' => $pwd,
'stream_context' => $context
));
echo "\n\r---connected---\n\r";
$result = $client ->requestName($data);
print_r($result);
?>
My output is
---connected---
Then it seems to hang.
I have tried wrapping it round a try catch and I had the same result.
Any suggestions??
From the Manual soapclient support the http basic auth.
For HTTP authentication, the login and password options can be used to
supply credentials. For making an HTTP connection through a proxy
server, the options proxy_host, proxy_port, proxy_login and
proxy_password are also available. For HTTPS client certificate
authentication use local_cert and passphrase options. An
authentication may be supplied in the authentication option. The
authentication method may be either SOAP_AUTHENTICATION_BASIC
(default) or SOAP_AUTHENTICATION_DIGEST.
$wsdl = "http://example/services/Service?wsdl";
$option = array(
"trace"=>1,
"login"=>"admin",
"password"=>"admin",
);
$client = new SoapClient($wsdl,$option);
But when I initiate the soapclient, it will throw this error
Exception: Unauthorized
I also have tried to put the auth in the url, like
$wsdl = "http://admin:admin#example/services/Service?wsdl";
But it also doesn't works.
Finally I solved it by add authentication to the option. The manual says the authentication default value is the basic auth, but only when I explicitly set it, it can work.
$option = array(
"trace"=>1,
"login"=>"admin",
"password"=>"admin",
"authentication"=>SOAP_AUTHENTICATION_BASIC
);
Try url encoding your username and password inside the url that you are using:
$url = 'http://'.urlencode('yourLogin').':'.urlencode('yourPassword').'#111.111.111.111:1234/dir/file';
Also I don't see you make use of the wsdl in your code example. You can always download a copy of the wsdl locally and then reference that local copy. You can download the wsdl anyway you want (with php, curl, manually).
my first time doing a SOAP Request fails and fails again.
I have to send some Data via SOAP but i dont get a stable connection.
I use the SOAP Extension of PHP. My Code looks like the following.
$certificate = file_get_contents(DATA_PATH.'/modules/va/misc/CKTC.cer');
$options = array(
'uri' => 'https://data2.kroschke.net/service/MeinAutoUeberfuehrungen',
'allow_self_signed' => true,
'verify_peer' => true,
'local_cert' => $certificate,
'trace' => 1,
'exceptions' => true,
);
$wsdl = 'https://data2.kroschke.net/service/MeinAutoUeberfuehrungen?WSDL';
$SOAPClient = new SoapClient($wsdl, $options);
fb($SOAPClient->__getFunctions());
Now my Problem is, that the SOAP Request always runs into a timeout.
I checked my php settings and SOAP and OpenSSL are activated.
I also tried it with a .pem instead of a .cer File. Same Problem.
This is what i get all the time:
Warning: SoapClient::SoapClient(https://data2.kroschke.net/service/MeinAutoUeberfuehrungen?WSDL): failed to open stream: Connection timed out in
Anyone who can help?
PS: Dont mind the fb() Function. Just a function to print everything into FireBug.
just try to open https://data2.kroschke.net or https://data2.kroschke.net/service/MeinAutoUeberfuehrungen?WSDL in you browser: you'll get a timeout, too.
the best solution would be to get in contact with the provider of that soap-server (kroschke.com/kroschke.de ?) and ask them why their server is down or seems to hang.
EDIT:
this doesn't seem to be the problem, so your only option is to set the timeout to a higher value. for this, just add connection_timeout (value in seconds) to your options:
$options = array(
'uri' => 'https://data2.kroschke.net/service/MeinAutoUeberfuehrungen',
'allow_self_signed' => true,
'verify_peer' => true,
'local_cert' => $certificate,
'trace' => 1,
'exceptions' => true,
'connection_timeout'=> 30
);
if it still times out, set the value even higher - if it still times out then, try to test the soap-communication with a program like soapUI before implementing it with PHP - if you get problems with soapUI, too, contact the provider of that soap-server and ask why their methods take such a long time.
for more information, take a look at the soapclient and it's options.