Community discussion forum

XML / SOAP PHP & C++

• • Reply

  5 years ago

  by weeb

  weeb

  , United States

  Joined 5 years ago
  The problem can be stated as follows:
  
  Windows application
  -------------------
  Automatically generates entire SOAP message. It uses the selected X509 certificate, (by default) signs the entire message body and adds the corresponding signature to the SOAP header.
  
  PHP application
  ---------------
  
  calls openssl_verify() using 3 parameters:
  
  data - the part of SOAP message that was signed
  signature - the corresponding signature
  public key - the public key from the X509 certificate
  
  All would seem 100% logical however when break things down problems start.
  
  What exactly is the 'data' that is signed. We need to know this so we can verify at server. Does it include nested tags or just their contents? Is it binary or base 64 encoded?
  
  Similarly with 'signature', we have found documentation stating under some circumstances it should be byte reversed because windows sends in wrong order, however we have no control over how signature is transmitted, this is done automatically by SOAP toolkit
  
  Finally, not sure that windows generated & PHP certificates are entirely compatible.
  
  Please note that I am aware that in theory all these questions are individually answerable but put together they provide a nightmare combination of variables to the first time soap visitor. Any help much appreciated.
  
  Thanks in advance!
  Report abuse