Wsse.php

<?php
 
namespace Http\Message\Authentication;
 
use Http\Message\Authentication;
use Psr\Http\Message\RequestInterface;
 
final class Wsse implements Authentication
{
    private $username;
 
    private $password;
 
    public function __construct($username, $password)
    {
        $this->username = $username;
        $this->password = $password;
    }
 
    public function authenticate(RequestInterface $request)
    {
        // TODO: generate better nonce?
        $nonce = substr(md5(uniqid(uniqid().'_', true)), 0, 16);
        $created = date('c');
        $digest = base64_encode(sha1(base64_decode($nonce).$created.$this->password, true));
 
        $wsse = sprintf(
            'UsernameToken Username="%s", PasswordDigest="%s", Nonce="%s", Created="%s"',
            $this->username,
            $digest,
            $nonce,
            $created
        );
 
        return $request
            ->withHeader('Authorization', 'WSSE profile="UsernameToken"')
            ->withHeader('X-WSSE', $wsse)
        ;
    }
}