I am doing some work writing a PHP-based SOAP client application that uses the SOAP libraries native to PHP5. I need to send a an HTTP cookie and an additional HTTP header as part of the request. The cookie part is no problem:
Code:
$client = new SoapClient($webServiceURI, array("exceptions" => 0, "trace" => 1, "encoding" => $phpInternalEncoding));
$client->__setCookie($kkey, $vvalue);
My problem is the HTTP header. I was hoping there would have been a function named
__setHeader
or
__setHttpHeader
in the SOAP libraries. But no such luck.
Anyone else dealt with this? Is there a workaround? Would a different SOAP library be easier to work with? Thanks.
(I found this unanswerd question here http://www.phpfreaks.com/forums/index.php?topic=125387.0, I copied it b/c i've the same issue)
Try setting a stream context for the soap client:
$client = new SoapClient($webServiceURI, array(
"exceptions" => 0,
"trace" => 1,
"encoding" => $phpInternalEncoding,
'stream_context' => stream_context_create(array(
'http' => array(
'header' => 'SomeCustomHeader: value'
),
)),
));
This answer is the proper way to do it in PHP 5.3+ SoapClient set custom HTTP Header
However, PHP 5.2 does not take all of the values from the stream context into consideration. To get around this, you can make a subclass that handles it for you (in a hacky way, but it works).
class SoapClientBackport extends SoapClient {
public function __construct($wsdl, $options = array()){
if($options['stream_context'] && is_resource($options['stream_context'])){
$stream_context_options = stream_context_get_options($options['stream_context']);
$user_agent = (isset($stream_context_options['http']['user_agent']) ? $stream_context_options['http']['user_agent'] : "PHP-SOAP/" . PHP_VERSION) . "\r\n";
if(isset($stream_context_options['http']['header'])){
if(is_string($stream_context_options['http']['header'])){
$user_agent .= $stream_context_options['http']['header'] . "\r\n";
}
else if(is_array($stream_context_options['http']['header'])){
$user_agent .= implode("\r\n", $stream_context_options['http']['header']);
}
}
$options['user_agent'] = $user_agent;
}
parent::__construct($wsdl, $options);
}
}
I ran into a situation where I had to provide a hash of all the text of the soap request in the HTTP header of the request for authentication purposes. I accomplished this by subclassing SoapClient and using the stream_context option to set the header:
class AuthenticatingSoapClient extends SoapClient {
private $secretKey = "secretKeyString";
private $context;
function __construct($wsdl, $options) {
// Create the stream_context and add it to the options
$this->context = stream_context_create();
$options = array_merge($options, array('stream_context' => $this->context));
parent::SoapClient($wsdl, $options);
}
// Override doRequest to calculate the authentication hash from the $request.
function __doRequest($request, $location, $action, $version, $one_way = 0) {
// Grab all the text from the request.
$xml = simplexml_load_string($request);
$innerText = dom_import_simplexml($xml)->textContent;
// Calculate the authentication hash.
$encodedText = utf8_encode($innerText);
$authHash = base64_encode(hash_hmac("sha256", $encodedText, $this->secretKey, true));
// Set the HTTP headers.
stream_context_set_option($this->context, array('http' => array('header' => 'AuthHash: '. $authHash)));
return (parent::__doRequest($request, $location, $action, $version, $one_way));
}
}
Maybe someone searching will find this useful.
its easy to implement in nuSoap:
NUSOAP.PHP
add to class nusoap_base:
var additionalHeaders = array();
then goto function send of the same class
and add
foreach ($this->additionalHeaders as $key => $value) {
$http->setHeader($key, $value);
}
somewhere around (just before)
$http->setSOAPAction($soapaction); (line 7596)
now you can easy set headers:
$soapClient = new nusoap_client('wsdl adress','wsdl');
$soapClient->additionalHeaders = array('key'=>'val','key2'=>'val');
The SoapClient::__soapCall method has an $input_headers argument, which takes an array of SoapHeaders.
You could also use Zend Framework's SOAP client, which provides an addSoapInputHeader convenience method.
Related
I am trying to add WSSE Security headers to a SOAP XML message that is created from PHP's SoapServer::handle(). This should be done using SoapServer::addSoapHeaders(new SoapHeaders(...)), but I am unsure how to set specific WSSE security headers to the response by using robrichards/wse-php package.
Firstly the SoapServer is created. Then the incoming request gets handled, which return some stdClass with data that the handle() function presumably automatically converts to a XML SOAP envelope. This is wrapped in Laravel's Illuminate\Http\Response object and returned.
ini_set('soap.wsdl_cache_enabled', 0);
ini_set('soap.wsdl_cache_ttl', 0);
ini_set('default_socket_timeout', 80);
header("Connection: close");
$soap = $this->createSoapServer();
ob_start();
// Response automatically becomes a XML, because of soap->handle() from PHP's SoapServer.
$response = new Response($soap->handle($xml_request), 200);
$response->header('Content-Type', 'text/xml');
return $response;
Within the createSoapServer() function I create a SoapServer and want to add WSSE Security headers to the SoapServer using addSoapHeaders(). The headers I need to add are all present withing an empty soap envelope in the headers_xml variable $headers_xml = $objWSSE->saveXML();.
I don't know how to get these headers separately.
I wish to know how to add these headers to the XML response created by the SoapServer. I should be able to add them using addSoapHeaders(), though I do not know how.
private function createSoapServer($soap_settings = []) {
$soap_settings = $this->assembleSoapSettings($soap_settings);
$wsdl_path = $soap_settings['wsdl_path'];
// Set soap's own options
$soap_settings['soap_options'] = array_merge([
WSDL_CACHE_NONE,
SOAP_SINGLE_ELEMENT_ARRAYS,
'trace' => !$this->isProduction,
'exceptions' => true,
'cache_wsdl' => WSDL_CACHE_NONE,
'use' => SOAP_LITERAL,
'connection_timeout' => 80,
'soap_version' => SOAP_1_2,
], $soap_settings['soap_options']);
$soap = new SoapServer($wsdl_path,
array_merge([
'location' => $soap_settings['soap_location'],
'local_cert' => $soap_settings['ssl_cert_path'],
'passphrase' => $soap_settings['ssl_cert_password'],
], $soap_settings['soap_options'])
);
// Sets the server php class where the incoming request gets handled.
$soap->setClass($service_server);
// Retrieve empty XML envenlope to set headers in.
// NOTICE: This is not the correct approach,
$request = file_get_contents(app_path('Connect/Register/empty_soap.xml'));
$options = $this->soapclient_options;
$dom = new DOMDocument('1.0');
$dom->loadXML($request);
$objWSA = new WSASoap($dom, WSASoap::WSANS_2005);
Log::channel('soap-response')->info("Hit 3");
/** Add Addressing */
$objWSA->addFrom($options['wsa_addressing_from']);
$objWSA->addTo($options['wsa_addressing_to']);
$objWSA->addAction($options['wsaAction']);
/** Set needed soap header settings */
$objWSA->addMessageID();
$dom = $objWSA->getDoc();
/* Sign all headers to include signing the WS-Addressing headers */
$objWSSE = new WSSESoap($dom);
$objWSSE->signAllHeaders = true;
$objWSSE->addTimestamp();
/* create new XMLSec Key using RSA SHA256 and type is private key */
$objKey = new XMLSecurityKey(XMLSecurityKey::RSA_SHA256, array('type' => 'private'));
/* load the private key from file*/
if (isset($options['ssl_private_key_passphrase'])) {
$objKey->passphrase = $options['ssl_private_key_passphrase'];
}
$objKey->loadKey($options['ssl_private_key_path'], true);
/* Sign the message - also signs appropraite WS-Security items */
$objWSSE->signSoapDoc($objKey,
[
'algorithm' => XMLSecurityDSig::SHA256,
'insertBefore' => false,
]
);
/* Add certificate (BinarySecurityToken) to the message and attach pointer to Signature */
$token = $objWSSE->addBinaryToken(file_get_contents($options['ssl_cert_path']));
$objWSSE->attachTokentoSig($token);
/** NOTICE: Problem here! How to get correct type of headers to put into 'addSoapHeaders' of PHP's SoapServer */
$headers_xml = $objWSSE->saveXML();
$soap->addSoapHeaders(new SoapHeader("ns", $headers_xml, "value"));
return $soap;
}
(Please tell if this question is badly formatted or missing information, as this is my first time writing.)
I have to do requets to a SOAP API with PHP and I need the following SOAP-Header structure:
<soapenv:Header>
<ver:authentication>
<pw>xxx</pw>
<user>xxx</user>
</ver:authentication>
</soapenv:Header>
How can I build this header?
I tried
$auth = [
"ver:authentication" => [
"pw" => $this->pw,
"user" => $this->user
]
];
$options = [];
$options["trace"] = TRUE;
$options["cache_wsdl"] = WSDL_CACHE_NONE;
$options["compression"] = SOAP_COMPRESSION_ACCEPT | SOAP_COMPRESSION_GZIP;
$client = new SoapClient("www.my-url.com/wsdl", $options);
$header = new SoapHeader("www.my-url.com", "authentication", $auth, false);
$client->__setSoapHeaders($header);
but it does not work. The respons is "failure" which I get, when the header structure is incorrect...
please help
the solution could be object driven. In the following code an example is given. Please keep in mind, that the following code is not testet.
class Authentication
{
protected $user;
protected $pw;
public function getUser() : ?string
{
return $this->user;
}
public function setUser(string $user) : Authentication
{
$this->user = $user;
return $this;
}
public function getPw() : string
{
return $this->pw;
}
public function setPw(string $pw) : Authentication
{
$this->pw = $pw;
return $this;
}
}
The above shown class is a simple entity, which contains two properties $user fpr the username and $pw for the password. Further it contains the getter and setter functions for retrieving or setting the values for the two properties.
For the next step just fill the class with data and store it in a SoapVar object.
$authentication = (new Authentication())
->setUser('Username')
->setPw('YourEncodedPassword');
$soapEncodedObject = new \SoapVar(
$authentication,
SOAP_ENC_OBJECT,
null,
null,
'authentication',
'http://www.example.com/namespace'
);
As you can see above, your authentication class will be stored as soap var object. It is encoded as soap object. The only thing you have to do is setting the namespace for this object. In your given example it is ver:. With this namespace prefix somewhere in your wsdl file a namespace is noted. You have to find out this namespace url and just replace the example url http://www.example.com/namespace with the right url noted in your wsdl.
The next step is setting this as soap header. That 's quite simple.
try {
$client = new SoapClient('http://www.example.com/?wsdl', [
'trace' => true,
'exception' => true,
'cache_wsdl' => WSDL_CACHE_NONE,
'compression' => SOAP_COMPRESSION_ACCEPT | SOAP_COMPRESSION_GZIP,
]);
// set the soap header
$header = new SoapHeader('http://www.example.com/namespace', 'authentication', $authentication, false);
$client->setSoapHeaders($header);
// send the request
$result = $client->someWsdlFunction($params);
} catch (SoapFault $e) {
echo "<pre>";
var_dump($e);
echo "</pre>";
if ($client) {
echo "<pre>";
var_dump($client->__getLastRequest());
echo "</pre>";
echo "<pre>";
var_dump($client->__getLastResponse());
echo "</pre>";
}
}
As you can see it 's a bit different from your given example. Instead of an array it 's the soap encoded authentication object, that is given to the soap header class. For failure purposes there is a try/catch block around your soap client. In that case you can identify the error and if the client was initiated correctly, you can also see the last request and last response in xml.
I hope, that I helped you. ;)
I would strongly advise you 2 things:
Use a WSDL to PHP generator in order to properly construct your request. In addition, it will ease you the response handling. Everything is then using the OOP which is much better. Take a look to the PackageGenerator project.
Use the WsSecurity project in order to easily add your dedicated SoapHeader without wondering how to construct it neither.
I have a client call with a WSSE Security Header:
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/">
<soapenv:Header><wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"><wsse:UsernameToken wsu:Id="UsernameToken-7BCCD9337425FBA038149772606059420"><wsse:Username>USERNAME</wsse:Username><wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">PASSWORD</wsse:Password><wsse:Nonce EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary">NONCE</wsse:Nonce><wsu:Created>2017-06-17T19:01:00.594Z</wsu:Created></wsse:UsernameToken></wsse:Security></soapenv:Header>
<soapenv:Body>
<ns:FUNCTION/>
</soapenv:Body>
</soapenv:Envelope>
As SoapServer I have a simple one:
// the SOAP Server options
$options=array(
'trace' => true
, 'cache_wsdl' => 0
, 'soap_version' => SOAP_1_1
, 'encoding' => 'UTF-8'
);
$wsdl = 'http://localhost/index.php?wsdl';
$server = new \SoapServer($wsdl, $options);
$server->setClass('ServerClass');
$server->handle();
$response = ob_get_clean();
echo $response;
As soon the property MustUnderstand = 1, then I become from the server the exception: Header not understood.
How to understand the header?
How to make the WSSE validation on the SoapServer side?
The solution is very tricky! I don't know why is this handled by this way from the SoapServer, but here is the solution:
class ServerClass {
public function Security($data) {
// ... do nothing
}
public function myFunction(){
// here the body function implementation
}
}
We need to define a function in our class, which is handling the soap request with the name of the header tag, which is holding the soap:mustUnderstand property. The function doesn't need to be implemented in some way.
That's all!
Mutatos' question / answer got me on the right track. I was working outside of a class structure so what worked for me was the following:
function Security($data)
{
$username = $data->UsernameToken->Username;
$password = $data->UsernameToken->Password;
//check security credentials here
}
$server = new SoapServer("schema/wsdls/FCI_BookingPullService.wsdl", array('soap_version' => SOAP_1_2));
$server->addFunction("Security");
$server->handle();
Essentially a function with the same name as the SOAP header "<wsse:Security>" (ignore the namespace) is being defined, then telling the server to use that to process the header with the 'addFunction' method.
Not ideal from a scope point of view, if that's an issue, try the class approach.
Consider this example SOAP Client script:
$SOAP = new SoapClient($WDSL); // Create a SOAP Client from a WSDL
// Build an array of data to send in the request.
$Data = array('Something'=>'Some String','SomeNumber'=>22);
$Response = $SOAP->DoRemoteFunction($Data); // Send the request.
On the last line, PHP takes the arguments from the array you specified, and, using the WSDL, builds the XML request to send, then sends it.
How can I get PHP to show me the actual XML it's built?
I'm troubleshooting an application and need to see the actual XML of the request.
Use getLastRequest. It returns the XML sent in the last SOAP request.
echo "REQUEST:\n" . $SOAP->__getLastRequest() . "\n";
And remember, this method works only if the SoapClient object was created with the trace option set to TRUE. Therefore, when creating the object, use this code:
$SOAP = new SoapClient($WDSL, array('trace' => 1));
$SOAP = new SoapClient($WSDL, array('trace' => true));
$Response = $SOAP->DoRemoteFunction($Data);
echo "REQUEST:\n" . htmlentities($SOAP->__getLastRequest()) . "\n";
This will not only print the last request but also make the XML tags visible in the browser.
If you'd like to view the request without actually making a connection, you can override SoapClient's __doRequest method to return the XML:
class DummySoapClient extends SoapClient {
function __construct($wsdl, $options) {
parent::__construct($wsdl, $options);
}
function __doRequest($request, $location, $action, $version, $one_way = 0) {
return $request;
}
}
$SOAP = new DummySoapClient('http://example.com/?wsdl', array('trace' => true));
echo $SOAP->GetRequestDetail($params);
Extending Quinn's answer, you can also just log the request before you perform the request.
class SoapClientDebug extends SoapClient
{
public function __doRequest($request, $location, $action, $version, $one_way = 0)
{
error_log("REQUEST:\n" .$request . "\n");
error_log("LOCATION:\n" .$location . "\n");
error_log("ACTION:\n" .$action . "\n");
error_log("VERSION:\n" .$version . "\n");
error_log("ONE WAY:\n" .$one_way . "\n");
return parent::__doRequest($request, $location, $action, $version, $one_way);
}
}
You need to enable tracing when you create your SoapClient. Like so:
$SOAP = new SoapClient($WSDL, array('trace' => true));
$Data = array('Something'=>'Some String','SomeNumber'=>22);
Then call the __getLastRequest method after you've made a service call to see the XML.
$Response = $SOAP->DoRemoteFunction($Data);
echo $SOAP->__getLastRequest();
This will output the request XML.
More reading: http://www.php.net/manual/en/soapclient.getlastrequest.php
if you are running the client locally, Fiddler is a great implementation agnostic way of looking at the messages on the wire.
If you are running it remotely then you could use something like Apache TCPMON Standalone or through eclipse*
*just linking to the first hit from Google
The problem with Quinn Comendant's answer, that $request from __doRequest() will then be processed by __call() and the user will see an array of parameters instead of real xml request. To prevent this, such workaround can be used:
class DummySoapClient extends SoapClient {
function __construct($wsdl, $options) {
parent::__construct($wsdl, $options);
}
function __doRequest($request, $location, $action, $version, $one_way = 0) {
throw new Exception($request);
}
function __call($function_name, $arguments)
{
try {
parent::__call($function_name, $arguments);
} catch (Exception $e) {
return $e->getMessage();
}
}
}
Option trace is not necessary here, because we do not call __getLastRequest() or other relevant functions.
If I run this
$HostTransactionInfo = new HostTransactionInfo(); // std Object
$HostTransactionInfo->SecurenetID = $cc->merchant->data[$this->name]['secure_net_id'];
$HostTransactionInfo->SecureKey = $cc->merchant->data[$this->name]['secure_key'];
$HostTransactionInfo->Test = self::TEST;
$securenet = new SoapClient(self::WSDL, array('features' => SOAP_SINGLE_ELEMENT_ARRAYS));
$host_trans_info = new SoapVar($HostTransactionInfo, SOAP_ENC_OBJECT);
var_dump($host_trans_info);
$save = $securenet->Process_Save($host_trans_info);
I receive this on every variation: "Server was unable to process request. ---> Object reference not set to an instance of an object."
My SoapClient::__getTypes() request gives me this:
array(
[2] => struct HostTransactionInfo {
string SecurenetID;
string SecureKey;
string Test;
}
[6] => struct Process_Save {
HostTransactionInfo oTi;
}
)
My SoapClient::__getFunctions() request gives me this:
array (
[2] => Process_SaveResponse Process_Save(Process_Save $parameters)
)
Does anyone have any clue as to what I'm doing wrong?
The error is returned by the securenet webservice. Why not contact their support?
But in any case, the server should return a more informative message than "Object reference not set to an instance of an object". The fact that their code dereferences null pointers when it gets some unexpected input doesn't bode well for something that's supposed to be a "secure" payment system.
Please check the XML request that is sent to the server and the XML response you get back:
// ...
$securenet = new SoapClient(self::WSDL, array(
'features' => SOAP_SINGLE_ELEMENT_ARRAYS,
'trace' => true // that's important for the debugging methods to work
));
// ...
$save = $securenet->Process_Save($host_trans_info);
var_dump($securenet-> __getLastRequestHeaders());
var_dump($securenet-> __getLastRequest());
var_dump($securenet-> __getLastResponseHeaders());
var_dump($securenet-> __getLastResponse());
This will help to get you an overview of what's happening on the wire. If you can rule out any server-related problem, the error will most likely be related to a XML-SOAP-request that is not in the required format.
Hi this might be to late for the original asker, But for anyone who may have the same error ...
this is a trick i learned when i was working with M$.Net or C# (CVS) or any other flavor of M$ Soap servers... M$ changes something in the envelope and that is where things go wrong...
class MSSoapClient extends SoapClient {
function __doRequest($request, $location, $action, $version) {
$namespace = "http://tempuri.org/";
$request = preg_replace('/<ns1:(\w+)/', '<$1 xmlns="'.$namespace.'"', $request, 1);
$request = preg_replace('/<ns1:(\w+)/', '<$1', $request);
$request = str_replace(array('/ns1:', 'xmlns:ns1="'.$namespace.'"'), array('/', ''), $request);
// parent call
return parent::__doRequest($request, $location, $action, $version);
}
}
This will correct the envelope and correct the error in most cases... look at the variable $namespace = "http://tempuri.org/"; make sure this is correct based on the WSDL file
I dont know if this will fix the USER's error but it might help others with similar errors