CDATA Zone - Services

WS-* for PHP

nospam@example.com (Rob Richards) — Fri, 19 Mar 2010 08:49:00 -0400

Support for dealing with encrypted SOAP messages was a feature that had been missing from my WS-* libraries pretty much due to my lack of time to implement it. When people ask for help interoperating with a SOAP server that requires encryption I typically just point them over to the WSF project. The problem has been that in many cases people are unable to install that framework, as they don't control the servers, or more recently I have gotten reports that they simply could not get it to work. Either it didn't support what they needed, wouldn't compile, or simple wouldn't work with even simple SOAP requests. I decided to finally set aside some time and implement the encryption/decryption portion of the library. Note that it was developed against some WCF services implementing message level security, so your mileage might vary against other platforms. Bug reports would be fastest way of getting any of those issues dealt with.

As part of the recent changes, I also finally got around to creating an official project for the libraries rather than just being ad-hoc files people pulled from my web site. The libraries are now officially part of the wse-php project hosted over at Google Code. It was a toss up between that and GitHub, but I really wanted to play around with Mercurial since I already use Git over at the Gnome project. Currently the libraries provide support for a portion of WS-Addressing and WS-Security that can be used with ext/soap in PHP. As time goes on I plan to add some support for simplified configuration of messaging as well as some other of the WS-* specs that might be useful when interoperating with other SOAP servers.

Xmlseclibs 1.2.2 Released

nospam@example.com (Rob Richards) — Mon, 11 Jan 2010 09:02:00 -0500

After quite some time, version 1.2.2 has finally been released. It can be downloaded at: http://xmlseclibs.googlecode.com/files/xmlseclibs-1.2.2.tar.gz

Changes include:

Features:
- Add support XPath support when creating signature. Provides support for
working with EBXML documents.
- Add reference option to force creation of URI attribute. For use
when adding a DOM Document where by default no URI attribute is added.
- Add support for RSA-SHA256

Bug Fixes:
- fix bug #5: createDOMDocumentFragment() in decryptNode when data is node
content (patch by Francois Wang)

Please submit any bugs or feature requests into the Issue Tracker.

Streaming XML

nospam@example.com (Rob Richards) — Thu, 28 May 2009 07:21:00 -0400

Another php|tek has come and gone. Although a bit behind, I finally got my slides online for my Streaming XML talk. I lingered a little too long on a few topics so the XMLWriter portion was a bit rushed. If anyone has questions on any of the topics, feel free to drop me a line. I did promise a few people I would write a bit about XMLReader and XMLWriter, but it's slow going as I try to find the time. Hopefully in the not to distant future I can get to this. This Dad thing is really time consuming

OAuth Signature Validation Tool

nospam@example.com (Rob Richards) — Wed, 07 Jan 2009 07:26:00 -0500

While working on OAuth implementations for our clients at Mashery, one of the biggest issues I see developers running into is how to debug and fix invalid signature errors. There are numerous OAuth libraries out there, in fact we even have our own, so how do you determine which side is really generating the correct signature and which has a flaw in the logic? I find that using a third party library is a great way to quickly zero in on which side is at the root of the issue. The problem, however, is there are no readily available tools to do this. I have found a number of test applications, but they pretty much are for testing wether a consumer library/app is working correctly against them.

We mostly deal with providing the service provider side of OAuth, meaning numerous different endpoints, so these tools were of little help. I ended up writing a down and dirty signature generation app using the C# OAuth library (so Windows only folks). It will generate a signature based on the different OAuth parameters you enter. You can use this to compare the signature it generates to that from your consumer app or service provider. Full source code and more detailed information can be found on the Mashery Customer Solutions site. Time permitting, I may continue to add features to this tool. Hopefully others find this useful as well.

Source and Binaries: OAuth Signature Validation Tool