def egress(self, envelope, http_headers, operation, binding_options): """Apply the ws-addressing headers to the given envelope.""" wsa_action = operation.input.abstract.wsa_action if not wsa_action: wsa_action = operation.soapaction header = get_or_create_header(envelope) headers = [ WSA.Action(wsa_action), WSA.MessageID('urn:uuid:' + str(uuid.uuid4())), WSA.To(binding_options['address']), ] header.extend(headers) # the top_nsmap kwarg was added in lxml 3.5.0 if etree.LXML_VERSION[:2] >= (3, 5): etree.cleanup_namespaces( header, keep_ns_prefixes=header.nsmap, top_nsmap=self.nsmap) else: etree.cleanup_namespaces( header, keep_ns_prefixes=header.nsmap) return envelope, http_headers
def egress(self, envelope, http_headers, operation, binding_options): """Apply the ws-addressing headers to the given envelope.""" wsa_action = operation.input.abstract.wsa_action if not wsa_action: wsa_action = operation.soapaction header = get_or_create_header(envelope) headers = [ WSA.Action(wsa_action), WSA.MessageID('urn:uuid:' + str(uuid.uuid4())), WSA.To(binding_options['address']), ] header.extend(headers) # the top_nsmap kwarg was added in lxml 3.5.0 if etree.LXML_VERSION[:2] >= (3, 5): etree.cleanup_namespaces( envelope, top_nsmap={ 'wsa': 'http://www.w3.org/2005/08/addressing' }) else: etree.cleanup_namespaces(envelope) return envelope, http_headers
def get_security_header(doc): """Return the security header. If the header doesn't exist it will be created. """ header = get_or_create_header(doc) security = header.find("wsse:Security", namespaces=NSMAP) if security is None: security = WSSE.Security() header.append(security) return security
def get_security_header(doc): """Return the security header. If the header doesn't exist it will be created. """ header = get_or_create_header(doc) security = header.find('wsse:Security', namespaces=NSMAP) if security is None: security = WSSE.Security() header.append(security) return security
def test_sign_header_item(self): envelope = load_xml(HEADER_ENVELOPE) sig_header = [{'Namespace': 'http://tests.python-zeep.org/', 'Name': 'Item'}] security, _, _ = _signature_prepare(envelope, self.key, None, None, signatures={'body': False, 'everything': False, 'header': sig_header}) signature = security.find(QName(ns.DS, 'Signature')) # Get all references refs = signature.xpath('ds:SignedInfo/ds:Reference/@URI', namespaces={'ds': ns.DS}) ID = QName(ns.WSU, 'Id') self.assertIn('#' + security.find(QName(ns.WSU, 'Timestamp')).attrib[ID], refs) header = get_or_create_header(envelope) self.assertIn('#' + header.find(QName('http://tests.python-zeep.org/', 'Item')).attrib[ID], refs)
def test_sign_everything(self): envelope = load_xml(HEADER_ENVELOPE) security, _, _ = _signature_prepare(envelope, self.key, None, None, signatures={'body': False, 'everything': True, 'header': []}) signature = security.find(QName(ns.DS, 'Signature')) # Get all references refs = signature.xpath('ds:SignedInfo/ds:Reference/@URI', namespaces={'ds': ns.DS}) ID = QName(ns.WSU, 'Id') # All header items should be signed for element in get_or_create_header(envelope): if element.nsmap.get(element.prefix) not in OMITTED_HEADERS: self.assertIn('#' + element.attrib[ID], refs) # Body is signed self.assertIn('#' + envelope.find(QName(ns.SOAP_ENV_11, 'Body')).attrib[ID], refs) self.assertIn('#' + security.find(QName(ns.WSU, 'Timestamp')).attrib[ID], refs)
def _signature_prepare(envelope, key, signature_method, digest_method, expires_dt=None): """Prepare envelope and sign.""" soap_env = detect_soap_env(envelope) # Create the Signature node. signature = xmlsec.template.create( envelope, xmlsec.Transform.EXCL_C14N, signature_method or xmlsec.Transform.RSA_SHA1, ) # Add a KeyInfo node with X509Data child to the Signature. XMLSec will fill # in this template with the actual certificate details when it signs. key_info = xmlsec.template.ensure_key_info(signature) x509_data = xmlsec.template.add_x509_data(key_info) xmlsec.template.x509_data_add_issuer_serial(x509_data) xmlsec.template.x509_data_add_certificate(x509_data) # Insert the Signature node in the wsse:Security header. security = get_security_header(envelope) security.insert(0, signature) # Perform the actual signing. ctx = xmlsec.SignatureContext() ctx.key = key header = get_or_create_header(envelope) # DIAN _sign_node(ctx, signature, header.find(QName(ns.WSA, "To")), digest_method) _append_timestamp(security, expires_dt=expires_dt) timestamp = security.find(QName(ns.WSU, "Timestamp")) if timestamp != None: _sign_node(ctx, signature, timestamp, digest_method) ctx.sign(signature) # Place the X509 data inside a WSSE SecurityTokenReference within # KeyInfo. The recipient expects this structure, but we can't rearrange # like this until after signing, because otherwise xmlsec won't populate # the X509 data (because it doesn't understand WSSE). sec_token_ref = etree.SubElement(key_info, QName(ns.WSSE, "SecurityTokenReference")) return security, sec_token_ref, x509_data
def egress(self, envelope, http_headers, operation, binding_options): """Extend the ws-addressing headers to the given envelope.""" wsa_action = operation.abstract.wsa_action if not wsa_action: wsa_action = operation.soapaction header = get_or_create_header(envelope) headers = [ WSA.From(WSA.Address(self.__from_address)), ] header.extend(headers) # the top_nsmap kwarg was added in lxml 3.5.0 if etree.LXML_VERSION[:2] >= (3, 5): etree.cleanup_namespaces( header, keep_ns_prefixes=header.nsmap, top_nsmap=self.nsmap ) else: etree.cleanup_namespaces(header) return envelope, http_headers
def egress(self, envelope, http_headers, operation, binding_options): """Apply the ws-addressing headers to the given envelope.""" wsa_action = operation.abstract.wsa_action if not wsa_action: wsa_action = operation.soapaction header = get_or_create_header(envelope) headers = [ WSA.Action(wsa_action), WSA.MessageID("urn:uuid:" + str(uuid.uuid4())), WSA.To(binding_options["address"]), ] header.extend(headers) # the top_nsmap kwarg was added in lxml 3.5.0 if etree.LXML_VERSION[:2] >= (3, 5): etree.cleanup_namespaces(header, keep_ns_prefixes=header.nsmap, top_nsmap=self.nsmap) else: etree.cleanup_namespaces(header) return envelope, http_headers