0

Hello all :) I have an Axis2 WebService with incoming request signing enabled (Rampart module using Signature in InflowSecurity setting). I'm trying to call it in PHP, using a local certificate:

$client = new SoapClient(
    "http://localhost:8081/axis2/services/SomeWebService?wsdl", 
    array(
        "local_cert" => "C:\ws\MyProject\php\cert.pem",
        "trace" => 1));

var_dump($client->__soapCall(
    "someFunction", 
    array("someParameter" => "blabla"))); // line X

Content of cert.pem:

-----BEGIN CERTIFICATE-----
....
-----END CERTIFICATE-----

This is the error I get:

Fatal error: Uncaught SoapFault exception: [soapenv:Server] 
org.apache.ws.security.components.crypto.Merlin cannot create instance in 
C:\ws\MyProject\php\index.php:X

The thing is org.apache.ws.security.components.crypto.Merlin is a server-side Exception (that I also get in the server logs); but when I remove "local_cert" => "C:\ws\MyProject\php\cert.pem" or change it to "local_cert" => "C:\ws\MyProject\php\thereisnofilehere.pem" I get the exact same error.

Which tells me PHP does not use the certificate at all. Or, am I missing something here? How do I make sure PHP uses the certificate to sign the request?

BenoitParis
  • 3,166
  • 4
  • 29
  • 56
  • A) Is the cert.pem in the correct format? B) Is the cert missing a passphrase? – denormalizer May 17 '13 at 07:18
  • @superspace I'm able to call the webservice using a Java client with this certificate; so I think this certificate is enough for the job. Anyway thanks for the concern :) I should remove this question, I ended up implementing the security I wanted with a simple SHA256 hash that I manually put in the SOAP header (which I manually parse server side also). I was trying to use the WS-Security norm (rampart module in Axis2-Java), which is not implemented in PHP. WSO2 company has a PHP implementation, but they not longer maintain it :/ So I just abandonned the WS-Security norm altogether. – BenoitParis May 17 '13 at 08:32

0 Answers0