Apparently, this PR breaks the Windows build of ext/soap. Can you please have a look?

The error seems to be:

error LNK2019: unresolved external symbol __imp_xmlOutputBufferGetContent
error LNK2019: unresolved external symbol __imp_xmlOutputBufferGetSize

I was able to fix this issue with my local Windows build by adding a following to config.w32 file:

} else {
 if (!CHECK_LIB('libxml2.lib', 'soap')) {
 WARNING("soap support can't be enabled, libxml is not found");
 }
}

Unfortunately I'm not that familiar with PHPs Windows build system, so I can't say was that the best possible solution.

I was able to fix this issue with my local Windows build by adding a following to config.w32 file:

Ah, I see, thanks! I think instead of that, the missing functions should be declared in php_libxml2.def.

Thanks! I added missing declarations to php_libxml2.def and removed CHECK_LIB from w32.

Hi Jahyvari,

+1 for WSS support. I think __setWSS does two things.

a) it creates SOAP header
b) it injects SOAP header to SOAP message

Imho I would create factory method which creates WSS SOAP header. Returned header could be used in __soapCall.

$client = new SoapClient("my.wsdl");
$wssSoapHeader = $client->__createSoapWssHeader(array( // New function to SoapClient: reateSoapWssHeader
 "digest_method" => SOAP_WSS_DIGEST_METHOD_SHA256, // New constants: SOAP_WSS_DIGEST_METHOD_SHA1, SOAP_WSS_DIGEST_METHOD_SHA256 & SOAP_WSS_DIGEST_METHOD_SHA512
 "wss_version" => SOAP_WSS_VERSION_1_1, // New constants: SOAP_WSS_VERSION_1_0 & SOAP_WSS_VERSION_1_1
 "add_timestamp" => true,
 "timestamp_expires" => 300,
 "x509_binsectoken" => file_get_contents("cert.der"),
 "signfunc" => function($data) {
 $signature = "";
 openssl_sign(
 $data,
 $signature,
 openssl_pkey_get_private("file://priv.key"),
 OPENSSL_ALGO_SHA1
 );
 return $signature;
 }
));
$client->__soapCall("SomeFunction", [$a, $b, $c], null, $wssSoapHeader);

For direct soap method call

$client->testFunction(array(
 "Param1" => "foo",
 "Param2" => "bar"
));

which require wss header existing __setSoapHeaders method could be used. If I am not wrong.

which require wss header existing __setSoapHeaders method could be used. If I am not wrong.

Hi, thanks for feedback! __setSoapHeaders can be used for static WSS headers (plain username and password). But when there is a need for signed SOAP messages, then the signature varies between SOAP calls because it is calculated from SOAP Body (and timestamp if used). And therefore signature can be injected/calculated only after the SOAP Body has been constructed.

Thanks for response and clarification. I am not familiar with WSS.

If I may make a request: would it be possible for the final output to be canonicalized XML with no comments, to make life a bit easier on consumers?

If I may make a request: would it be possible for the final output to be canonicalized XML with no comments, to make life a bit easier on consumers?

The example output above was manually pretty printed and commented for clarity purposes. Actual output format is the same as before = minified XML without comments.

There has not been any recent activity in this PR. It will automatically be closed in 7 days if no further action is taken.

There has not been any recent activity in this PR. It will automatically be closed in 7 days if no further action is taken.

Hi. Is there anything else what I should do for this PR, or could this go to be Reviewed?

Apology for this not getting any review. I noticed this issue yesterday when going through 8.2 milestone and needed to look to some other things as well. I had a quick look but unfortunately it's too big to get properly reviewed for PHP 8.2 at this time (feature freeze is end of today).

I will try to look more to the SOAP issues as the extension has been quite neglected. I will do my best to get this at least to 8.3. If you could rebase it in the meantime and get the pipeline green, that would be great.

Apology for this not getting any review. I noticed this issue yesterday when going through 8.2 milestone and needed to look to some other things as well. I had a quick look but unfortunately it's too big to get properly reviewed for PHP 8.2 at this time (feature freeze is end of today).

I will try to look more to the SOAP issues as the extension has been quite neglected. I will do my best to get this at least to 8.3. If you could rebase it in the meantime and get the pipeline green, that would be great.

Hi. Thanks for getting back to this. I rebased the PR.

Hello Jahyvari,
as I wrote before I am not familiar with WSS.

I have few suggestions.

Your proposal is add __setWss method with plenty of params.
It is unclear which params are required. Which values should be passed and so on.

What about create a class eg.

class WssSigner
{
 //...
 //...
 public function __construct(
 string $digestMethod,
 string $wssVersion,
 bool $addTimestamp,
 int $expires,
 string x509BinSecToken,
 callable $callback
 ) {
 //...
 }
 // I am not sure about in/out typehints
 public function sign(string $request): string
 {
 //...
 }
}
and then pass the instance into soapClient:
$signer = new WssSigner(
 SOAP_WSS_DIGEST_METHOD_SHA256,
 SOAP_WSS_VERSION_1_1,
 true,
 300,
 file_get_contents("cert.der"),
 function($data) {
 $signature = "";
 openssl_sign(
 $data,
 $signature,
 openssl_pkey_get_private("file://priv.key"),
 OPENSSL_ALGO_SHA1
 );
 return $signature;
 }
);
$client = new SoapClient("my.wsdl");
$client->__setWSS($signer);

If WssSigner was very variable on input params than I would create WssSigner interface with concrete implementations.

I think my proposal has much better type hinting and as bonus it could be used standalone.

What about create a class eg.

Yep, I agree. That could be better for the type hinting. I think that I based the current function signature to SoapClient's constructor which takes the options as an array.