def buildSymmetricKey(block_encryption_algorithm=BLOCK_ENCRYPTION_AES128_CBC):
sym_key = Object()
block_encryption_props = blockEncryptionProperties[block_encryption_algorithm]
sym_key.sym_key = ''.join([chr(random.getrandbits(8)) for i in range(0, block_encryption_props['key_size'])])
sym_key.iv = ''.join([chr(random.getrandbits(8)) for i in range(0, block_encryption_props['iv_size'])])
sym_key.block_encryption_algorithm = block_encryption_algorithm
return sym_key
print(('person=\n%s' % (person, )))
#
# add the person (using the webservice)
#
print('addPersion()')
result = client.service.addPerson(person)
print(('\nreply(\n%s\n)\n' % (str(result), )))
#
# Async
#
client.options.nosend = True
reply = '<?xml version="1.0" encoding="utf-8"?><soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"><soapenv:Body><ns1:addPersonResponse soapenv:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/" xmlns:ns1="http://basic.suds.fedora.org"><addPersonReturn xsi:type="xsd:string">person (jeffӒ,ortel) at age 43 with phone numbers (410-555-5138,919-555-4406,205-777-1212, and pets (Chance,) - added.</addPersonReturn></ns1:addPersonResponse></soapenv:Body></soapenv:Envelope>'
request = client.service.addPerson(person)
result = request.succeeded(reply)
error = Object()
error.httpcode = '500'
client.options.nosend = False
# request.failed(error)
#
#
# create a new name object used to update the person
#
newname = client.factory.create('ns0:Name')
newname.first = 'Todd'
newname.last = None
#
# create AnotherPerson using Person
#
ap = client.factory.create('ns0:AnotherPerson')
def visitOther(self, elt):
policy = self.policy
wsdl_policy = self.wsdl_policy
if elt.name == 'TransportBinding' or elt.name == 'SymmetricBinding' or elt.name == 'AsymmetricBinding':
self.bindingType = elt.name
binding = elt.getChild('Policy')
policy.wsseEnabled = True
if binding.getChild("IncludeTimestamp") is not None:
policy.includeTimestamp = True
if binding.getChild("EncryptBeforeSigning") is not None:
policy.encryptThenSign = True
if binding.getChild("EncryptSignature") is not None:
if policy.encryptThenSign:
self.secondPassEncryptedParts.append(('signature', ))
else:
self.baseEncryptedParts.append(('signature', ))
if binding.getChild("OnlySignEntireHeadersAndBody") is not None:
policy.onlySignEntireHeadersAndBody = True
if binding.getChild("ProtectTokens") is not None:
policy.protectTokens = True
if binding.getChild("Layout") is not None:
layout = binding.getChild("Layout").getChild("Policy")[0]
policy.headerLayout = layout.name
if elt.name == 'TransportBinding':
transport_token = binding.getChild("TransportToken")
if transport_token is not None:
if transport_token.getChild("Policy").getChild(
"HttpsToken") is not None:
https_token = transport_token.getChild(
"Policy").getChild("HttpsToken")
client_cert_req = https_token.get(
"RequireClientCertificate")
if client_cert_req is None or client_cert_req == "false":
policy.clientCertRequired = False
elif client_cert_req == "true":
policy.clientCertRequired = True
if binding.getChild(
"InitiatorToken") is not None or binding.getChild(
"ProtectionToken") is not None:
token = binding.getChild("InitiatorToken") or binding.getChild(
"ProtectionToken")
if token.getChild("Policy").getChild("X509Token") is not None:
signature = Object()
signature.signedParts = self.buildParts(
token.getChild("Policy").getChild("SignedParts"))
signature.signedParts.append(('timestamp', ))
# This would technically be the correct behavior, but WCF specifies that thumbprint references
# are supported, but it can't use them for a primary signature. Support for BinarySecurityTokens
# is always required, so just use them
#if token.getChild("Policy").getChild("X509Token").getChild("Policy").getChild("RequireThumbprintReference") is not None:
# signature.keyReference = KEY_REFERENCE_FINGERPRINT
#elif token.getChild("Policy").getChild("X509Token").getChild("Policy").getChild("RequireIssuerSerialReference") is not None:
# signature.keyReference = KEY_REFERENCE_ISSUER_SERIAL
#else:
# signature.keyReference = KEY_REFERENCE_BINARY_SECURITY_TOKEN
if elt.name == 'AsymmetricBinding':
signature.keyReference = KEY_REFERENCE_BINARY_SECURITY_TOKEN
signature.signatureAlgorithm = SIGNATURE_RSA_SHA1
elif elt.name == 'SymmetricBinding':
signature.keyReference = KEY_REFERENCE_ENCRYPTED_KEY
signature.signatureAlgorithm = SIGNATURE_HMAC_SHA1
policy.signatures[0] = signature
if (binding.getChild("InitiatorToken") is not None and binding.getChild("RecipientToken") is not None) or \
binding.getChild("ProtectionToken") is not None:
key = Object()
token = binding.getChild("RecipientToken") or binding.getChild(
"ProtectionToken")
if token.getChild("Policy").getChild("X509Token").getChild(
"Policy").getChild(
"RequireThumbprintReference") is not None:
key.keyReference = KEY_REFERENCE_FINGERPRINT
elif token.getChild("Policy").getChild("X509Token").getChild(
"Policy").getChild(
"RequireIssuerSerialReference") is not None:
key.keyReference = KEY_REFERENCE_ISSUER_SERIAL
else:
key.keyReference = KEY_REFERENCE_ISSUER_SERIAL
if elt.name == 'AsymmetricBinding':
key.includeRefList = True
elif elt.name == 'SymmetricBinding':
key.includeRefList = False
key.encryptedParts = self.buildParts(
token.getChild("Policy").getChild("EncryptedParts"))
key.secondPassEncryptedParts = []
policy.keys.append(key)
if policy.blockEncryption is None:
algorithm_suite = binding.getChild("AlgorithmSuite")
if algorithm_suite is not None:
if algorithm_suite.getChild("Policy") is not None:
algorithm_policy_name = algorithm_suite.getChild(
"Policy").getChildren()[0].name
if "Basic128" in algorithm_policy_name:
policy.blockEncryption = BLOCK_ENCRYPTION_AES128_CBC
elif "Basic192" in algorithm_policy_name:
policy.blockEncryption = BLOCK_ENCRYPTION_AES192_CBC
elif "Basic256" in algorithm_policy_name:
policy.blockEncryption = BLOCK_ENCRYPTION_AES256_CBC
elif "TripleDes" in algorithm_policy_name:
policy.blockEncryption = BLOCK_ENCRYPTION_3DES_CBC
if "Sha256" in algorithm_policy_name:
policy.digestAlgorithm = DIGEST_SHA256
else:
policy.digestAlgorithm = DIGEST_SHA1
if "Rsa15" in algorithm_policy_name:
policy.keyTransport = KEY_TRANSPORT_RSA_1_5
else:
policy.keyTransport = KEY_TRANSPORT_RSA_OAEP
if elt.name.endswith("Tokens") and self.initiator:
type = None
index = None
if elt.getChild("Policy").getChild("UsernameToken") is not None:
token = Object()
policy.tokens.append(token)
type = 'token'
index = len(policy.tokens) - 1
if 'Endorsing' in elt.name and elt.getChild("Policy").getChild(
"X509Token") is not None:
signature = Object()
signature.signedParts = self.buildParts(
elt.getChild("Policy").getChild("SignedParts"))
signature.signatureAlgorithm = SIGNATURE_RSA_SHA1
if wsdl_policy.binding_type == 'TransportBinding':
signature.signedParts.append(('timestamp', ))
else:
signature.signedParts.append(('primary_signature', ))
if policy.protectTokens:
signature.signedParts.append(('token', 'self'))
# This would technically be the correct behavior, but WCF specifies that thumbprint references
# are supported, but it can't use them for a primary signature. Support for BinarySecurityTokens
# is always required, so just use them
#if elt.getChild("Policy").getChild("X509Token").getChild("Policy").getChild("RequireThumbprintReference") is not None:
# signature.keyReference = KEY_REFERENCE_FINGERPRINT
#elif elt.getChild("Policy").getChild("X509Token").getChild("Policy").getChild("RequireIssuerSerialReference") is not None:
# signature.keyReference = KEY_REFERENCE_ISSUER_SERIAL
#else:
# signature.keyReference = KEY_REFERENCE_BINARY_SECURITY_TOKEN
signature.keyReference = KEY_REFERENCE_BINARY_SECURITY_TOKEN
policy.signatures.append(signature)
type = 'signature'
index = len(policy.signatures) - 1
if 'Signed' in elt.name and wsdl_policy.binding_type <> 'TransportBinding' and type is not None:
self.baseSignedParts.append(('token', type, index))
if 'Encrypted' in elt.name and wsdl_policy.binding_type <> 'TransportBinding' and type is not None:
self.baseEncryptedParts.append(('token', type, index))
if (elt.name == "Addressing" or elt.name
== "UsingAddressing") and policy.addressing <> True:
if self.optional == False:
policy.addressing = True
else:
policy.addressing = None # use what the user specifies
if elt.name == "SignedParts":
self.baseSignedParts.extend(self.buildParts(elt))
elif elt.name == "EncryptedParts":
self.baseEncryptedParts.extend(self.buildParts(elt))
if elt.name == "Wss10":
policy.wsse11 = False
elif elt.name == "Wss11":
policy.wsse11 = True
