WSF/PHP security API now has the pkcs12 key store support. Previously when implementing a service or a client that uses WS-Security, Sometimes it is necessary to make the service limited to a number of pre approved clients. To allow this functionality, it is necessary to obtain the approved clients public keys and store them in a key store file in addition to the private key used by the service. PKCS12 is the commonly used file format to store X.509 private keys and public key certificates protected by a password.
Following is the API for using a PKCS12 Key store file.
WSSecurityToken object accepts an options array in its constructor. We added a new option "PKCS12KeyStore" for specifying the key store file as a string. Following is an example service using a key store file.
$returnMessage = new WSMessage($inMessage->str);
$keystore = file_get_contents("../keys/bob_kstore.p12");
$operations = array("echoString" => "echoFunction");
$sec_array = array("encrypt" => TRUE,
"algorithmSuite" => "Basic256Rsa15",
"securityTokenReference" => "IssuerSerial");
$actions = array("http://php.axis2.org/samples/echoString" => "echoString");
$policy = new WSPolicy(array("security"=> $sec_array));
$sec_token = new WSSecurityToken(array("PKCS12KeyStore" => $keystore,
$svr = new WSService(array("actions" => $actions,
"operations" => $operations,
"policy" => $policy,
"securityToken" => $sec_token));
Note how the PKCS12 key store file is obtained as an string using the file_get_contents function and specified using the option "PKCS12KeyStore" option.