def buildSymmetricKey(block_encryption_algorithm=BLOCK_ENCRYPTION_AES128_CBC): sym_key = Object() block_encryption_props = blockEncryptionProperties[block_encryption_algorithm] sym_key.sym_key = ''.join([chr(random.getrandbits(8)) for i in range(0, block_encryption_props['key_size'])]) sym_key.iv = ''.join([chr(random.getrandbits(8)) for i in range(0, block_encryption_props['iv_size'])]) sym_key.block_encryption_algorithm = block_encryption_algorithm return sym_key
print(('person=\n%s' % (person, ))) # # add the person (using the webservice) # print('addPersion()') result = client.service.addPerson(person) print(('\nreply(\n%s\n)\n' % (str(result), ))) # # Async # client.options.nosend = True reply = '<?xml version="1.0" encoding="utf-8"?><soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"><soapenv:Body><ns1:addPersonResponse soapenv:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/" xmlns:ns1="http://basic.suds.fedora.org"><addPersonReturn xsi:type="xsd:string">person (jeffӒ,ortel) at age 43 with phone numbers (410-555-5138,919-555-4406,205-777-1212, and pets (Chance,) - added.</addPersonReturn></ns1:addPersonResponse></soapenv:Body></soapenv:Envelope>' request = client.service.addPerson(person) result = request.succeeded(reply) error = Object() error.httpcode = '500' client.options.nosend = False # request.failed(error) # # # create a new name object used to update the person # newname = client.factory.create('ns0:Name') newname.first = 'Todd' newname.last = None # # create AnotherPerson using Person # ap = client.factory.create('ns0:AnotherPerson')
def visitOther(self, elt): policy = self.policy wsdl_policy = self.wsdl_policy if elt.name == 'TransportBinding' or elt.name == 'SymmetricBinding' or elt.name == 'AsymmetricBinding': self.bindingType = elt.name binding = elt.getChild('Policy') policy.wsseEnabled = True if binding.getChild("IncludeTimestamp") is not None: policy.includeTimestamp = True if binding.getChild("EncryptBeforeSigning") is not None: policy.encryptThenSign = True if binding.getChild("EncryptSignature") is not None: if policy.encryptThenSign: self.secondPassEncryptedParts.append(('signature', )) else: self.baseEncryptedParts.append(('signature', )) if binding.getChild("OnlySignEntireHeadersAndBody") is not None: policy.onlySignEntireHeadersAndBody = True if binding.getChild("ProtectTokens") is not None: policy.protectTokens = True if binding.getChild("Layout") is not None: layout = binding.getChild("Layout").getChild("Policy")[0] policy.headerLayout = layout.name if elt.name == 'TransportBinding': transport_token = binding.getChild("TransportToken") if transport_token is not None: if transport_token.getChild("Policy").getChild( "HttpsToken") is not None: https_token = transport_token.getChild( "Policy").getChild("HttpsToken") client_cert_req = https_token.get( "RequireClientCertificate") if client_cert_req is None or client_cert_req == "false": policy.clientCertRequired = False elif client_cert_req == "true": policy.clientCertRequired = True if binding.getChild( "InitiatorToken") is not None or binding.getChild( "ProtectionToken") is not None: token = binding.getChild("InitiatorToken") or binding.getChild( "ProtectionToken") if token.getChild("Policy").getChild("X509Token") is not None: signature = Object() signature.signedParts = self.buildParts( token.getChild("Policy").getChild("SignedParts")) signature.signedParts.append(('timestamp', )) # This would technically be the correct behavior, but WCF specifies that thumbprint references # are supported, but it can't use them for a primary signature. Support for BinarySecurityTokens # is always required, so just use them #if token.getChild("Policy").getChild("X509Token").getChild("Policy").getChild("RequireThumbprintReference") is not None: # signature.keyReference = KEY_REFERENCE_FINGERPRINT #elif token.getChild("Policy").getChild("X509Token").getChild("Policy").getChild("RequireIssuerSerialReference") is not None: # signature.keyReference = KEY_REFERENCE_ISSUER_SERIAL #else: # signature.keyReference = KEY_REFERENCE_BINARY_SECURITY_TOKEN if elt.name == 'AsymmetricBinding': signature.keyReference = KEY_REFERENCE_BINARY_SECURITY_TOKEN signature.signatureAlgorithm = SIGNATURE_RSA_SHA1 elif elt.name == 'SymmetricBinding': signature.keyReference = KEY_REFERENCE_ENCRYPTED_KEY signature.signatureAlgorithm = SIGNATURE_HMAC_SHA1 policy.signatures[0] = signature if (binding.getChild("InitiatorToken") is not None and binding.getChild("RecipientToken") is not None) or \ binding.getChild("ProtectionToken") is not None: key = Object() token = binding.getChild("RecipientToken") or binding.getChild( "ProtectionToken") if token.getChild("Policy").getChild("X509Token").getChild( "Policy").getChild( "RequireThumbprintReference") is not None: key.keyReference = KEY_REFERENCE_FINGERPRINT elif token.getChild("Policy").getChild("X509Token").getChild( "Policy").getChild( "RequireIssuerSerialReference") is not None: key.keyReference = KEY_REFERENCE_ISSUER_SERIAL else: key.keyReference = KEY_REFERENCE_ISSUER_SERIAL if elt.name == 'AsymmetricBinding': key.includeRefList = True elif elt.name == 'SymmetricBinding': key.includeRefList = False key.encryptedParts = self.buildParts( token.getChild("Policy").getChild("EncryptedParts")) key.secondPassEncryptedParts = [] policy.keys.append(key) if policy.blockEncryption is None: algorithm_suite = binding.getChild("AlgorithmSuite") if algorithm_suite is not None: if algorithm_suite.getChild("Policy") is not None: algorithm_policy_name = algorithm_suite.getChild( "Policy").getChildren()[0].name if "Basic128" in algorithm_policy_name: policy.blockEncryption = BLOCK_ENCRYPTION_AES128_CBC elif "Basic192" in algorithm_policy_name: policy.blockEncryption = BLOCK_ENCRYPTION_AES192_CBC elif "Basic256" in algorithm_policy_name: policy.blockEncryption = BLOCK_ENCRYPTION_AES256_CBC elif "TripleDes" in algorithm_policy_name: policy.blockEncryption = BLOCK_ENCRYPTION_3DES_CBC if "Sha256" in algorithm_policy_name: policy.digestAlgorithm = DIGEST_SHA256 else: policy.digestAlgorithm = DIGEST_SHA1 if "Rsa15" in algorithm_policy_name: policy.keyTransport = KEY_TRANSPORT_RSA_1_5 else: policy.keyTransport = KEY_TRANSPORT_RSA_OAEP if elt.name.endswith("Tokens") and self.initiator: type = None index = None if elt.getChild("Policy").getChild("UsernameToken") is not None: token = Object() policy.tokens.append(token) type = 'token' index = len(policy.tokens) - 1 if 'Endorsing' in elt.name and elt.getChild("Policy").getChild( "X509Token") is not None: signature = Object() signature.signedParts = self.buildParts( elt.getChild("Policy").getChild("SignedParts")) signature.signatureAlgorithm = SIGNATURE_RSA_SHA1 if wsdl_policy.binding_type == 'TransportBinding': signature.signedParts.append(('timestamp', )) else: signature.signedParts.append(('primary_signature', )) if policy.protectTokens: signature.signedParts.append(('token', 'self')) # This would technically be the correct behavior, but WCF specifies that thumbprint references # are supported, but it can't use them for a primary signature. Support for BinarySecurityTokens # is always required, so just use them #if elt.getChild("Policy").getChild("X509Token").getChild("Policy").getChild("RequireThumbprintReference") is not None: # signature.keyReference = KEY_REFERENCE_FINGERPRINT #elif elt.getChild("Policy").getChild("X509Token").getChild("Policy").getChild("RequireIssuerSerialReference") is not None: # signature.keyReference = KEY_REFERENCE_ISSUER_SERIAL #else: # signature.keyReference = KEY_REFERENCE_BINARY_SECURITY_TOKEN signature.keyReference = KEY_REFERENCE_BINARY_SECURITY_TOKEN policy.signatures.append(signature) type = 'signature' index = len(policy.signatures) - 1 if 'Signed' in elt.name and wsdl_policy.binding_type <> 'TransportBinding' and type is not None: self.baseSignedParts.append(('token', type, index)) if 'Encrypted' in elt.name and wsdl_policy.binding_type <> 'TransportBinding' and type is not None: self.baseEncryptedParts.append(('token', type, index)) if (elt.name == "Addressing" or elt.name == "UsingAddressing") and policy.addressing <> True: if self.optional == False: policy.addressing = True else: policy.addressing = None # use what the user specifies if elt.name == "SignedParts": self.baseSignedParts.extend(self.buildParts(elt)) elif elt.name == "EncryptedParts": self.baseEncryptedParts.extend(self.buildParts(elt)) if elt.name == "Wss10": policy.wsse11 = False elif elt.name == "Wss11": policy.wsse11 = True