From 9bc9410172604662ccabe6148c558b4c9fd8864c Mon Sep 17 00:00:00 2001
From: Andreas Schamberger <mail@andreass.net>
Date: Tue, 20 Aug 2013 22:14:27 +0200
Subject: [PATCH] add BinarySecurityToken resolving to key resolver

---
 src/BeSimple/SoapClient/WsSecurityFilter.php | 15 +++++++++++----
 1 file changed, 11 insertions(+), 4 deletions(-)

diff --git a/src/BeSimple/SoapClient/WsSecurityFilter.php b/src/BeSimple/SoapClient/WsSecurityFilter.php
index 6eab21b..14ec49a 100644
--- a/src/BeSimple/SoapClient/WsSecurityFilter.php
+++ b/src/BeSimple/SoapClient/WsSecurityFilter.php
@@ -15,6 +15,7 @@ namespace BeSimple\SoapClient;
 use ass\XmlSecurity\DSig as XmlSecurityDSig;
 use ass\XmlSecurity\Enc as XmlSecurityEnc;
 use ass\XmlSecurity\Key as XmlSecurityKey;
+use ass\XmlSecurity\Pem as XmlSecurityPem;
 
 use BeSimple\SoapCommon\FilterHelper;
 use BeSimple\SoapCommon\Helper;
@@ -390,10 +391,8 @@ class WsSecurityFilter implements SoapRequestFilter, SoapResponseFilter
         $security = $dom->getElementsByTagNameNS(Helper::NS_WSS, 'Security')->item(0);
         if (null !== $security) {
             // add SecurityTokenReference resolver for KeyInfo
-            if (null !== $this->serviceSecurityKey) {
-                $keyResolver = array($this, 'keyInfoSecurityTokenReferenceResolver');
-                XmlSecurityDSig::addKeyInfoResolver(Helper::NS_WSS, 'SecurityTokenReference', $keyResolver);
-            }
+            $keyResolver = array($this, 'keyInfoSecurityTokenReferenceResolver');
+            XmlSecurityDSig::addKeyInfoResolver(Helper::NS_WSS, 'SecurityTokenReference', $keyResolver);
             // do we have a reference list in header
             $referenceList = XmlSecurityEnc::locateReferenceList($security);
             // get a list of encrypted nodes
@@ -420,6 +419,8 @@ class WsSecurityFilter implements SoapRequestFilter, SoapResponseFilter
                     throw new \SoapFault('wsse:FailedCheck', 'The signature or decryption was invalid');
                 }
             }
+
+            $security->parentNode->removeChild($security);
         }
     }
 
@@ -567,6 +568,12 @@ class WsSecurityFilter implements SoapRequestFilter, SoapResponseFilter
                             $key = XmlSecurityEnc::decryptEncryptedKey($referencedNode, $this->userSecurityKey->getPrivateKey());
 
                             return XmlSecurityKey::factory($algorithm, $key, false, XmlSecurityKey::TYPE_PRIVATE);
+                        } elseif (Helper::NS_WSS === $referencedNode->namespaceURI
+                            && 'BinarySecurityToken' == $referencedNode->localName) {
+
+                            $key = XmlSecurityPem::formatKeyInPemFormat($referencedNode->textContent);
+
+                            return XmlSecurityKey::factory(XmlSecurityKey::RSA_SHA1, $key, false, XmlSecurityKey::TYPE_PUBLIC);
                         } else {
                             //$valueType = $key->getAttribute('ValueType');