Google Answers Logo
View Question
Q: SOAP Envelope Security Question - Digital Certificates - PHP ( No Answer,   0 Comments )
Subject: SOAP Envelope Security Question - Digital Certificates - PHP
Category: Computers > Security
Asked by: truckmovers-ga
List Price: $50.00
Posted: 15 Jun 2006 11:33 PDT
Expires: 22 Jun 2006 13:43 PDT
Question ID: 738456
We're new to SOAP processing and are trying to be a 'client' of a SOAP
transaction that requires a digital signature.  We are confused by
some of the content of the resulting SOAP envelope we're sending.  I'm
providing a small subset (two snippets) of the XML below:

<ds:Reference URI="#wsse-c6c4c000-fbe0-11da-a69f-8368d93ad33d">
<ds:Transform Algorithm=""/>
<ds:DigestMethod Algorithm=""/>

<wsu:Timestamp xmlns:wsu="">
<wsu:Created wsu:Id="wsse-c6c4c000-fbe0-11da-a69f-8368d93ad33d">2006-06-14T20:02:58Z

Again, we're clueless, but we're betting that the URI mentioned in the
first snippet and the 'wsu:Id' mentioned in the second indicate that
these two pieces of XML 'relate' to each other.

If so, how does the DigestValue value in the first snippet get
created?  Is it somehow a hash (SHA1, base64, ?) of the timestamp
value mentioned in the second snippet?  Are there other 'components'
of the SOAP request (not shown here) that influence the DigestValues
that get created?

In case you're wondering, we're trying to process this request via
PHP5, and PHP5 has built-in SOAP capabilities, but no capabilities to
work with digital signatures (WSS).  We're hoping we can somehow
hand-build the 'signature' portion of the SOAP request, but can't
figure out how a valid request gets built in the first place.

We're hoping if we can start to decipher some of the pieces (like the
DigestValue mentioned above), we'll get a handle on things.

An answer to this question is not simple 'you can't do that in PHP --
use Java'.  An answer to this question sheds some like on the XML
mentioned above.

There is no answer at this time.

There are no comments at this time.

Important Disclaimer: Answers and comments provided on Google Answers are general information, and are not intended to substitute for informed professional medical, psychiatric, psychological, tax, legal, investment, accounting, or other professional advice. Google does not endorse, and expressly disclaims liability for any product, manufacturer, distributor, service or service provider mentioned or any opinion expressed in answers or comments. Please read carefully the Google Answers Terms of Service.

If you feel that you have found inappropriate content, please let us know by emailing us at with the question ID listed above. Thank you.
Search Google Answers for
Google Answers  

Google Home - Answers FAQ - Terms of Service - Privacy Policy