def egress(self, envelope, http_headers, operation, binding_options):
"""Apply the ws-addressing headers to the given envelope."""
wsa_action = operation.input.abstract.wsa_action
if not wsa_action:
wsa_action = operation.soapaction
header = get_or_create_header(envelope)
headers = [
WSA.Action(wsa_action),
WSA.MessageID('urn:uuid:' + str(uuid.uuid4())),
WSA.To(binding_options['address']),
]
header.extend(headers)
# the top_nsmap kwarg was added in lxml 3.5.0
if etree.LXML_VERSION[:2] >= (3, 5):
etree.cleanup_namespaces(
header,
keep_ns_prefixes=header.nsmap,
top_nsmap=self.nsmap)
else:
etree.cleanup_namespaces(
header,
keep_ns_prefixes=header.nsmap)
return envelope, http_headers
def egress(self, envelope, http_headers, operation, binding_options):
"""Apply the ws-addressing headers to the given envelope."""
wsa_action = operation.input.abstract.wsa_action
if not wsa_action:
wsa_action = operation.soapaction
header = get_or_create_header(envelope)
headers = [
WSA.Action(wsa_action),
WSA.MessageID('urn:uuid:' + str(uuid.uuid4())),
WSA.To(binding_options['address']),
]
header.extend(headers)
# the top_nsmap kwarg was added in lxml 3.5.0
if etree.LXML_VERSION[:2] >= (3, 5):
etree.cleanup_namespaces(
envelope, top_nsmap={
'wsa': 'http://www.w3.org/2005/08/addressing'
})
else:
etree.cleanup_namespaces(envelope)
return envelope, http_headers
def get_security_header(doc):
"""Return the security header. If the header doesn't exist it will be
created.
"""
header = get_or_create_header(doc)
security = header.find("wsse:Security", namespaces=NSMAP)
if security is None:
security = WSSE.Security()
header.append(security)
return security
def get_security_header(doc):
"""Return the security header. If the header doesn't exist it will be
created.
"""
header = get_or_create_header(doc)
security = header.find('wsse:Security', namespaces=NSMAP)
if security is None:
security = WSSE.Security()
header.append(security)
return security
def test_sign_header_item(self):
envelope = load_xml(HEADER_ENVELOPE)
sig_header = [{'Namespace': 'http://tests.python-zeep.org/', 'Name': 'Item'}]
security, _, _ = _signature_prepare(envelope, self.key, None, None,
signatures={'body': False, 'everything': False, 'header': sig_header})
signature = security.find(QName(ns.DS, 'Signature'))
# Get all references
refs = signature.xpath('ds:SignedInfo/ds:Reference/@URI', namespaces={'ds': ns.DS})
ID = QName(ns.WSU, 'Id')
self.assertIn('#' + security.find(QName(ns.WSU, 'Timestamp')).attrib[ID], refs)
header = get_or_create_header(envelope)
self.assertIn('#' + header.find(QName('http://tests.python-zeep.org/', 'Item')).attrib[ID], refs)
def test_sign_everything(self):
envelope = load_xml(HEADER_ENVELOPE)
security, _, _ = _signature_prepare(envelope, self.key, None, None,
signatures={'body': False, 'everything': True, 'header': []})
signature = security.find(QName(ns.DS, 'Signature'))
# Get all references
refs = signature.xpath('ds:SignedInfo/ds:Reference/@URI', namespaces={'ds': ns.DS})
ID = QName(ns.WSU, 'Id')
# All header items should be signed
for element in get_or_create_header(envelope):
if element.nsmap.get(element.prefix) not in OMITTED_HEADERS:
self.assertIn('#' + element.attrib[ID], refs)
# Body is signed
self.assertIn('#' + envelope.find(QName(ns.SOAP_ENV_11, 'Body')).attrib[ID], refs)
self.assertIn('#' + security.find(QName(ns.WSU, 'Timestamp')).attrib[ID], refs)
def _signature_prepare(envelope,
key,
signature_method,
digest_method,
expires_dt=None):
"""Prepare envelope and sign."""
soap_env = detect_soap_env(envelope)
# Create the Signature node.
signature = xmlsec.template.create(
envelope,
xmlsec.Transform.EXCL_C14N,
signature_method or xmlsec.Transform.RSA_SHA1,
)
# Add a KeyInfo node with X509Data child to the Signature. XMLSec will fill
# in this template with the actual certificate details when it signs.
key_info = xmlsec.template.ensure_key_info(signature)
x509_data = xmlsec.template.add_x509_data(key_info)
xmlsec.template.x509_data_add_issuer_serial(x509_data)
xmlsec.template.x509_data_add_certificate(x509_data)
# Insert the Signature node in the wsse:Security header.
security = get_security_header(envelope)
security.insert(0, signature)
# Perform the actual signing.
ctx = xmlsec.SignatureContext()
ctx.key = key
header = get_or_create_header(envelope)
# DIAN
_sign_node(ctx, signature, header.find(QName(ns.WSA, "To")), digest_method)
_append_timestamp(security, expires_dt=expires_dt)
timestamp = security.find(QName(ns.WSU, "Timestamp"))
if timestamp != None:
_sign_node(ctx, signature, timestamp, digest_method)
ctx.sign(signature)
# Place the X509 data inside a WSSE SecurityTokenReference within
# KeyInfo. The recipient expects this structure, but we can't rearrange
# like this until after signing, because otherwise xmlsec won't populate
# the X509 data (because it doesn't understand WSSE).
sec_token_ref = etree.SubElement(key_info,
QName(ns.WSSE, "SecurityTokenReference"))
return security, sec_token_ref, x509_data
def egress(self, envelope, http_headers, operation, binding_options):
"""Extend the ws-addressing headers to the given envelope."""
wsa_action = operation.abstract.wsa_action
if not wsa_action:
wsa_action = operation.soapaction
header = get_or_create_header(envelope)
headers = [
WSA.From(WSA.Address(self.__from_address)),
]
header.extend(headers)
# the top_nsmap kwarg was added in lxml 3.5.0
if etree.LXML_VERSION[:2] >= (3, 5):
etree.cleanup_namespaces(
header, keep_ns_prefixes=header.nsmap, top_nsmap=self.nsmap
)
else:
etree.cleanup_namespaces(header)
return envelope, http_headers
def egress(self, envelope, http_headers, operation, binding_options):
"""Apply the ws-addressing headers to the given envelope."""
wsa_action = operation.abstract.wsa_action
if not wsa_action:
wsa_action = operation.soapaction
header = get_or_create_header(envelope)
headers = [
WSA.Action(wsa_action),
WSA.MessageID("urn:uuid:" + str(uuid.uuid4())),
WSA.To(binding_options["address"]),
]
header.extend(headers)
# the top_nsmap kwarg was added in lxml 3.5.0
if etree.LXML_VERSION[:2] >= (3, 5):
etree.cleanup_namespaces(header,
keep_ns_prefixes=header.nsmap,
top_nsmap=self.nsmap)
else:
etree.cleanup_namespaces(header)
return envelope, http_headers
