GET HTTPHEADERS - WSSE Authentication

General PHP Help
#1

Hello,

I’m in trouble with WSSE Authentication in PHP. I found a good client and server file for my tests and works fine, but I receive the call in other way, so I must configure my serverside for receiving the right header with username, psw, nonce and created time.

The call:

[php]<?php
class TokenGenerator {
public static function generateToken($username, $password) {
$nonce = self::generateNonce ();

	$created = date ( 'Y-m-d\TH:i:sP' );
	$digest = base64_encode ( sha1 ( $nonce . $created . $password, TRUE ) );
	$token = sprintf ( 'UsernameToken Username="%s", PasswordDigest="%s", Nonce="%s", Created="%s"', $username, $digest, $nonce, $created );
	return $token;
}

private static function generateNonce($bits = 256) {
	$bytes = ceil ( $bits / 8 ) * microtime ();
	$return = '';

	for($i = 0; $i < $bytes; $i ++)
		$return .= chr ( mt_rand ( 0, 255 ) );

	return md5 ( $return );
}

}

$xwsse = TokenGenerator::generateToken ( ‘username’, ‘RC&EWoiQ7#!!’ ); // ### GENERO IL TOKEN
$httpRequest = new \HttpRequest (
http://XXXX/’,
\HttpRequest::METH_POST, [
‘headers’ => [
‘Content-Type’ => ‘application/x-www-form-urlencoded; charset=UTF-8’,
‘Accept-Charset’ => ‘UTF-8’,
‘X-Wsse’ => $xwsse
],
‘protocol’ => HTTP_VERSION_1_2
]
);

$httpRequest->setPostFields ( [
‘userName’ => ‘testAgentnip’,
‘phoneNumber’ => ‘3474875366’,
‘customer’ => ‘112233’
] ) or die ( ‘Errore’ );

try {
$result = $httpRequest->send()->getBody ();
echo $result;
} catch ( \HttpException $ex ) {
error_log ( 'ERRORE CHIAMATA HTTP => ’ . $ex->getMessage () );
}[/php]

Now I need a page which receive this kind of header.

I’ve been looking for getallheaders() function, but still doesn’t work

Help me!

#2

Well, I have little experience in WSSE, but, had this tutorial flagged to read in depth at some point. It might
be able to help you. The part you are interested in is the "listener’ section. ( I am guessing… )

Hope this helps… http://symfony.com/doc/current/cookbook/security/custom_authentication_provider.html

#3

I read everything. unfortunately I have PHP 5.2.5 and I can’t add libraries or other stuff (Sinfoni in this case), so I’m finding an alternative solution.

But I’m completely lost in the listener.

[php]$headers = getallheaders();
echo “

headers=”.print_r($headers, true)."
";

if (!function_exists(‘getallheaders’))
{
function getallheaders()
{
$headers = ‘’;
foreach ($SERVER as $name => $value)
{
if (substr($name, 0, 5) == 'HTTP’)
{
$headers[str_replace(’ ‘, ‘-’, ucwords(strtolower(str_replace(’_’, ’ ', substr($name, 5)))))] = $value;
}
}
return $headers;
}
} [/php]

How can I do the check from the call and the listener?

Can you help me?

#4

Well, perhaps I should ask what you are attempting to do. You mentioned:

I'm in trouble with WSSE Authentication in PHP. I found a good client and server file for my tests and works fine, but I receive the call in other way, so I must configure my serverside for receiving the right header with username, psw, nonce and created time.
From what I understand about WSSE, you set up the server with it and then the website uses the WSSE authentication to allow access to it. Therefore, you need your code to just match up with whatever you did for the setup on the server. What server are you using for the WSSE server and have you logged into the control panel on the server for WSSE and set the defaults and options? If so, you know the layout of the needed info to send to it to get authentication and access. If you set up your own listener on the server, you can create your own, but, you still need to communication with the WSSE server, so it might be easier to just set it up to match the correct server needs.

Doubt this helps at all… Which WSSE server do you have set up?

Sponsor our Newsletter | Privacy Policy | Terms of Service