'PHP soap wrong digest hash

I'm trying to send a SOAP message from PHP to a server, and I'm stuck at generating a SHA256 hash of the data being sent. Here is an example request provided by server owner:

<soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/">
    <SOAP-ENV:Header xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/">
        <wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" soap:mustUnderstand="1">
            <wsse:BinarySecurityToken EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3" wsu:Id="X509-16FE2A6FC1AFE42BE9146412186273511">...</wsse:BinarySecurityToken>
            <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#" Id="SIG-16FE2A6FC1AFE42BE9146412186273615">
                <ds:SignedInfo>
                    <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">...</ds:CanonicalizationMethod>
                    <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
                    <ds:Reference URI="#id-16FE2A6FC1AFE42BE9146412186273614">
                        <ds:Transforms>
                            <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
                                <ec:InclusiveNamespaces xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#" PrefixList=""/>
                            </ds:Transform>
                        </ds:Transforms>
                        <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
                        <ds:DigestValue>/CJj9686ARgbV/YmDrr+1yhcaJuXu022cADK/M8efQs=</ds:DigestValue>
                    </ds:Reference>
                </ds:SignedInfo>
                <ds:SignatureValue>
                    Ii+W0EB2V6GJo4jMGwK1HCRdt6+r9TkgfhXyAuY8FNCXhPOtfoUi/Bw31U4Hm7SLscM/8klrQI3Z2vSfdNe3oDi1cm2Qouv1sOBK17VSg/IgKN92BC8kUaoF5W5ZBEcZr0WHjDWasSYEerZQ3Q+ZIJzt6cbS+cLZfQkLFg1UDOi5qLUkWE1pQ9AVYCvwrOFj/hFQx5koQTpigyG/DPlyoh2xOh/DAh6U/P5p+IiQwwCMdo1Rh2czUVpRCr3Cnz97AlQ8G6IGAtWNykXorVYZ1tGnXEaRngzjsn5RE/zCcRkqRpFaiEQuYly1I6YtFOEYIPXskE5oMZkCLINebu1Law==
                </ds:SignatureValue>
                <ds:KeyInfo Id="KI-16FE2A6FC1AFE42BE9146412186273512">
                    <wsse:SecurityTokenReference xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="STR-16FE2A6FC1AFE42BE9146412186273513">
                        <wsse:Reference URI="#X509-16FE2A6FC1AFE42BE9146412186273511" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3"/>
                    </wsse:SecurityTokenReference>
                </ds:KeyInfo>
            </ds:Signature>
        </wsse:Security>
    </SOAP-ENV:Header>
    <soap:Body xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="id-16FE2A6FC1AFE42BE9146412186273614">
        <Trzba xmlns="http://fs.mfcr.cz/eet/schema/v2">
            <Hlavicka dat_odesl="2016-09-19T19:06:37+01:00" prvni_zaslani="false" uuid_zpravy="9edeb22b-4234-4047-869c-3a76f86c20d3"/>
            <Data celk_trzba="34113.00" cerp_zuct="679.00" cest_sluz="5460.00" dan1="-172.39" dan2="-530.73" dan3="975.65" dat_trzby="2016-01-05T00:30:12+01:00" dic_popl="CZ00000019" id_pokl="/5546/RO24" id_provoz="273" porad_cis="0/6460/ZQ42" pouzit_zboz1="784.00" pouzit_zboz2="967.00" pouzit_zboz3="189.00" rezim="0" urceno_cerp_zuct="324.00" zakl_dan1="-820.92" zakl_dan2="-3538.20" zakl_dan3="9756.46" zakl_nepodl_dph="3036.00"/>
            <KontrolniKody>
                <pkp cipher="RSA2048" digest="SHA256" encoding="base64">
                    W7UlA4hXNsDLvCj/eeRAYeOAsNsgMSdltcJNIW98KQRsfspTMW0Lr/OGQgRHZfO5KjolZgzN3k9mgzrVoX2+N90fCNEnOri2kjrW5vzTgMK6OZ9IryAEg0xFZjjjCQ0qKsQsVi8OLQOn3ZnN/BUGG2SIduER+iIOrhfOmes7OXaa5/2jQSfPTHZHZ/Bxhqld3gL4PHvd7sevZYUupHpE1fM7Uw1+lu8i1YOdghZoMyOfKw7FcqvRJpHrW/JZL5Dr5iCgu5ClmhZrb3hZavsxlDG7P2cUhSQgmEVTxJ2n38q/Cf91KE8e52SODN4Q8BfncXpmtkQ7Go3KsRsY3xN7xg==
                </pkp>
                <bkp digest="SHA1" encoding="base16">1F1A2D90-4EAD34A8-411CFB0B-EB17616E-B2CE8114</bkp>
            </KontrolniKody>
        </Trzba>
    </soap:Body>
</soap:Envelope>

And here my code:

$text = '<Trzba xmlns="http://fs.mfcr.cz/eet/schema/v2"><Hlavicka dat_odesl="2016-09-19T19:06:37+01:00" prvni_zaslani="false" uuid_zpravy="9edeb22b-4234-4047-869c-3a76f86c20d3"/><Data celk_trzba="34113.00" cerp_zuct="679.00" cest_sluz="5460.00" dan1="-172.39" dan2="-530.73" dan3="975.65" dat_trzby="2016-01-05T00:30:12+01:00" dic_popl="CZ00000019" id_pokl="/5546/RO24" id_provoz="273" porad_cis="0/6460/ZQ42" pouzit_zboz1="784.00" pouzit_zboz2="967.00" pouzit_zboz3="189.00" rezim="0" urceno_cerp_zuct="324.00" zakl_dan1="-820.92" zakl_dan2="-3538.20" zakl_dan3="9756.46" zakl_nepodl_dph="3036.00"/><KontrolniKody><pkp cipher="RSA2048" digest="SHA256" encoding="base64">W7UlA4hXNsDLvCj/eeRAYeOAsNsgMSdltcJNIW98KQRsfspTMW0Lr/OGQgRHZfO5KjolZgzN3k9mgzrVoX2+N90fCNEnOri2kjrW5vzTgMK6OZ9IryAEg0xFZjjjCQ0qKsQsVi8OLQOn3ZnN/BUGG2SIduER+iIOrhfOmes7OXaa5/2jQSfPTHZHZ/Bxhqld3gL4PHvd7sevZYUupHpE1fM7Uw1+lu8i1YOdghZoMyOfKw7FcqvRJpHrW/JZL5Dr5iCgu5ClmhZrb3hZavsxlDG7P2cUhSQgmEVTxJ2n38q/Cf91KE8e52SODN4Q8BfncXpmtkQ7Go3KsRsY3xN7xg==</pkp><bkp digest="SHA1" encoding="base16">1F1A2D90-4EAD34A8-411CFB0B-EB17616E-B2CE8114</bkp></KontrolniKody></Trzba>';

$doc = new DOMDocument();
$doc->loadXML($text);

$text = $doc->C14N(true, true);

$hash = base64_encode(hash('sha256', $text, true));

echo $hash;

But I'm getting this hash: sQMcQ4plFh9J9ovXzCUmVcMPofSWlr93Ag+72o8761o=, however according to the example document, I should get this: /CJj9686ARgbV/YmDrr+1yhcaJuXu022cADK/M8efQs=.

So, what am I doing wrong?

phpxmlsoaphash


Solution 1:[1]

I know this post is old but...

But I write here because I have the same issue even I use base64_encode() I find a digested value but not the same as example.

But I don't know if I must encode my data on UTF-8 before like that

$digestedValue = base64_encode(hash('sha256',utf8_encode($doxXml->C14N()),true));

Or like that with another function

$digestedValue = base64_encode(openssl_digest(utf8_encode($doxXml->C14N()),'sha256',true));

Using encode_utf8() changes the digested value if any characters that need to be encoded in UTF8 are present... So... Should we use... or not?

Sources

This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.

Source: Stack Overflow

Solution Source
Solution 1

Related Questions