How to calculate wsse nonce?

I am getting an error while trying to send a soap request (soapCall) to the server.

Fatal error: Uncaught SoapFault exception: [ns1:InvalidSecurity] An error was discovered processing the <wsse:Security> header

I need to send the ws-security header

<wsse:Security soapenv:mustUnderstand="1" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">

<wsse:UsernameToken wsu:Id="UsernameToken-1" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">

<wsse:Username>userID</wsse:Username>

<wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">passwd</wsse:Password>

<wsse:Nonce EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary">ZTQ3YmJjZmM1ZTU5ODg3YQ==</wsse:Nonce>

<wsu:Created>2013-07-05T19:55:36.458Z</wsu:Created>

</wsse:UsernameToken>
</wsse:Security>

After a lot of research I think the issue I got is the nonce didnt meet the requirement. As I am making up the soap header looks like the example I got. The only unknown element is to calculating this nonce...

From the example nonce I got, its a set of 24 numbers + alphabet + special character

Something like this

ZTQ3YmJjZmM1ZTU5ODg3YQ==

But however, I am not too sure how do you calculate the wsse nonce from php...is there any standard?

the code I had

$nonce = sha1(mt_rand());

Result

dabddf9dbd95b490ace429f7ad6b55c3418cdd58

which is something completely different than the example...and I believe this is the reason why this code is not working.

So I am doing more research and now I am using this

$NASC = substr(md5(uniqid('the_password_i_am _using', true)), 0, 16);
$nonce = base64_encode($NASC); 

Result

NzJlMDQ4OTAyZWIxYWU5ZA==

Now, it looks similar to the example but I still getting that error showed from the beginning.

Can someone give me a hand please?

some further testing with soapUI.

same userID and passwd, set the passwordtype to passwordtext

and it is working.

is anyone know how do the soapUI calculate the nonce? or have any idea how soapUI passing the ws-security?

I like it, but you're going to confuse the kiddo's with C# on a PHP question lol.

Just an idea, not language specific solution... I hope it helped

Thanks, but still no luck, I still couldnt connect to the external server. <soap:address location="https:...is this mean that I will have to include the ssl detail from the server?

Can you paste the complete error? To quickly test if the certificate is your problem, set CURLOPT_SSL_VERIFYPEER to FALSE and make a cURL request. Do you have access to your PHP logs? Check there for more information. There are a lot of variables regarding SSL: Is the SOAP server's SSL Certificate publicly signed (StartSSL, GoDaddy, etc)? If not, you'll need to download a copy and install it locally. Does phpinfo() report that you have OpenSSL installed? If you're on Windows, do you have the CA Bundle installed correctly for cURL / OpenSSL (curl.haxx.se/docs/sslcerts.html)?

This helped me to implement it in Java.. and it does work! So the language is indeed not so important and the kiddo is happy ;-)