Ejemplo n.º 1
0
 def _client(self):
     timestamp_token = utils.WSU('Timestamp')
     # created = datetime.now()
     created = datetime.utcnow()
     expires = created + timedelta(seconds=70)
     timestamp_token.append(
         utils.WSU('Created', utils.get_timestamp(created)))
     timestamp_token.append(
         utils.WSU('Expires', utils.get_timestamp(expires)))
     return Client(self.WSDL_URI,
                   wsse=UsernameToken(self.username,
                                      self.password,
                                      use_digest=True,
                                      timestamp_token=timestamp_token,
                                      created=created))
    def _create_password_digest(self):
        if self.nonce:
            nonce = self.nonce.encode("utf-8")
        else:
            nonce = os.urandom(16)
        timestamp = utils.get_timestamp(self.created, self.zulu_timestamp)

        if isinstance(self.password, six.string_types):
            password = self.password.encode("utf-8")
        else:
            password = self.password

        # digest = Base64 ( SHA-1 ( nonce + created + password ) )
        if not self.password_digest and self.hash_password:
            digest = base64.b64encode(
                hashlib.sha1(nonce + timestamp.encode("utf-8") + hashlib.sha1(password).digest()).digest()
            ).decode("ascii")
        elif not self.password_digest:
            digest = base64.b64encode(
                hashlib.sha1(nonce + timestamp.encode("utf-8") + password).digest()
            ).decode("ascii")
        else:
            digest = self.password_digest

        return [
            utils.WSSE.Password(
                digest, Type="%s#PasswordDigest" % self.username_token_profile_ns
            ),
            utils.WSSE.Nonce(
                base64.b64encode(nonce).decode("utf-8"),
                EncodingType="%s#Base64Binary" % self.soap_message_secutity_ns,
            ),
            utils.WSU.Created(timestamp),
        ]
Ejemplo n.º 3
0
    def _create_password_digest(self):
        if self.nonce:
            nonce = self.nonce.encode('utf-8')
        else:
            nonce = os.urandom(16)
        timestamp = utils.get_timestamp(self.created)

        # digest = Base64 ( SHA-1 ( nonce + created + password ) )
        if not self.password_digest:
            digest = base64.b64encode(
                hashlib.sha1(nonce + timestamp.encode('utf-8') +
                             self.password.encode('utf-8')).digest()).decode(
                                 'ascii')
        else:
            digest = self.password_digest

        return [
            WSSE.Password(digest,
                          Type='%s#PasswordDigest' %
                          self.username_token_profile_ns),
            WSSE.Nonce(base64.b64encode(nonce).decode('utf-8'),
                       EncodingType='%s#Base64Binary' %
                       self.soap_message_secutity_ns),
            WSU.Created(timestamp)
        ]
Ejemplo n.º 4
0
    def _create_password_digest(self):
        if self.nonce:
            nonce = self.nonce.encode('utf-8')
        else:
            nonce = os.urandom(16)
        timestamp = utils.get_timestamp(self.created)

        # digest = Base64 ( SHA-1 ( nonce + created + password ) )
        if not self.password_digest:
            digest = base64.b64encode(
                hashlib.sha1(
                    nonce + timestamp.encode('utf-8') +
                    self.password.encode('utf-8')
                ).digest()
            ).decode('ascii')
        else:
            digest = self.password_digest

        return [
            utils.WSSE.Password(
                digest,
                Type='%s#PasswordDigest' % self.username_token_profile_ns
            ),
            utils.WSSE.Nonce(
                base64.b64encode(nonce).decode('utf-8'),
                EncodingType='%s#Base64Binary' % self.soap_message_secutity_ns
            ),
            utils.WSU.Created(timestamp)
        ]
Ejemplo n.º 5
0
    def _create_password_digest(self):
        if self.nonce:
            nonce = self.nonce.encode('utf-8')
        else:
            nonce = os.urandom(16)
        timestamp = utils.get_timestamp(self.created)

        # digest = Base64 ( SHA-1 ( nonce + created + password ) )
        if not self.password_digest:
            digest = base64.b64encode(
                hashlib.sha1(
                    nonce + timestamp.encode('utf-8') +
                    self.password.encode('utf-8')
                ).digest()
            ).decode('ascii')
        else:
            digest = self.password_digest

        return [
            WSSE.Password(
                digest, Type='%s#PasswordDigest' % self.namespace
            ),
            WSSE.Nonce(base64.b64encode(nonce).decode('utf-8')),
            WSU.Created(timestamp)
        ]
Ejemplo n.º 6
0
    def _create_password_digest(self):
        nonce = os.urandom(16)
        timestamp = utils.get_timestamp()

        # digest = Base64 ( SHA-1 ( nonce + created + password ) )
        digest = base64.b64encode(
            hashlib.sha1(nonce + timestamp.encode('utf-8') +
                         self.password.encode('utf-8')).digest())

        return [
            WSSE.Password(digest.decode('ascii'),
                          Type='%s#PasswordDigest' % self.namespace),
            WSSE.Nonce(base64.b64encode(nonce).decode('ascii')),
            WSU.Created(timestamp)
        ]
Ejemplo n.º 7
0
def _signature_prepare(envelope,
                       key,
                       signature_method,
                       digest_method,
                       signatures=None):
    """Prepare all the data for signature.

    Mostly copied from zeep.wsse.signature.
    """
    soap_env = detect_soap_env(envelope)
    # Create the Signature node.
    signature = xmlsec.template.create(
        envelope,
        xmlsec.Transform.EXCL_C14N,  # type: ignore
        signature_method or xmlsec.Transform.RSA_SHA1)  # type: ignore

    # Add a KeyInfo node with X509Data child to the Signature. XMLSec will fill
    # in this template with the actual certificate details when it signs.
    key_info = xmlsec.template.ensure_key_info(signature)
    x509_data = xmlsec.template.add_x509_data(key_info)
    xmlsec.template.x509_data_add_issuer_serial(x509_data)
    xmlsec.template.x509_data_add_certificate(x509_data)

    # Insert the Signature node in the wsse:Security header.
    security = get_security_header(envelope)
    security.insert(0, signature)

    # Prepare Timestamp
    timestamp = Element(QName(ns.WSU, 'Timestamp'))
    created = Element(QName(ns.WSU, 'Created'))
    created.text = get_timestamp()
    expires = Element(QName(ns.WSU, 'Expires'))
    expires.text = get_timestamp(datetime.datetime.utcnow() +
                                 datetime.timedelta(minutes=5))
    timestamp.append(created)
    timestamp.append(expires)
    security.insert(0, timestamp)

    # Perform the actual signing.
    ctx = xmlsec.SignatureContext()
    ctx.key = key
    # Sign default elements
    _sign_node(ctx, signature, security.find(QName(ns.WSU, 'Timestamp')),
               digest_method)

    # Sign elements defined in WSDL
    if signatures is not None:
        if signatures['body'] or signatures['everything']:
            _sign_node(ctx, signature, envelope.find(QName(soap_env, 'Body')),
                       digest_method)
        header = get_or_create_header(envelope)
        if signatures['everything']:
            for node in header.iterchildren():
                # Everything doesn't mean everything ...
                if node.nsmap.get(node.prefix) not in OMITTED_HEADERS:
                    _sign_node(ctx, signature, node, digest_method)
        else:
            for node in signatures['header']:
                _sign_node(ctx, signature,
                           header.find(QName(node['Namespace'], node['Name'])),
                           digest_method)

    # Remove newlines from signature...
    for element in signature.iter():
        if element.text is not None and '\n' in element.text:
            element.text = element.text.replace('\n', '')
        if element.tail is not None and '\n' in element.tail:
            element.tail = element.tail.replace('\n', '')

    ctx.sign(signature)

    # Place the X509 data inside a WSSE SecurityTokenReference within
    # KeyInfo. The recipient expects this structure, but we can't rearrange
    # like this until after signing, because otherwise xmlsec won't populate
    # the X509 data (because it doesn't understand WSSE).
    sec_token_ref = SubElement(key_info,
                               QName(ns.WSSE, 'SecurityTokenReference'))
    return security, sec_token_ref, x509_data