def test_sign_timestamp_if_present():
envelope = load_xml("""
<soap-env:Envelope
xmlns:ns0="http://example.com/stockquote.xsd"
xmlns:soap="https://schemas.xmlsoap.org/wsdl/soap/"
xmlns:soap-env="https://schemas.xmlsoap.org/soap/envelope/"
xmlns:wsdl="https://schemas.xmlsoap.org/wsdl/"
xmlns:wsu="https://schemas.xmlsoap.org/ws/2003/06/utility"
xmlns:xsd="https://www.w3.org/2001/XMLSchema">
<soap-env:Header xmlns:ns0="https://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
<ns0:Security>
<wsu:Timestamp xmlns:wsu="https://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
<wsu:Created>2018-11-18T15:44:27Z</wsu:Created>
<wsu:Expires>2018-11-18T15:54:27Z</wsu:Expires>
</wsu:Timestamp>
</ns0:Security>
</soap-env:Header>
<soap-env:Body>
<ns0:TradePriceRequest>
<tickerSymbol>foobar</tickerSymbol>
<ns0:country/>
</ns0:TradePriceRequest>
</soap-env:Body>
</soap-env:Envelope>
""")
signature.sign_envelope(envelope, KEY_FILE, KEY_FILE)
signature.verify_envelope(envelope, KEY_FILE)
def test_sign(digest_method, signature_method, expected_digest_href,
expected_signature_href):
envelope = load_xml("""
<soapenv:Envelope
xmlns:tns="http://tests.python-zeep.org/"
xmlns:wsdl="https://schemas.xmlsoap.org/wsdl/"
xmlns:soapenv="https://schemas.xmlsoap.org/soap/envelope/"
xmlns:soap="https://schemas.xmlsoap.org/wsdl/soap/">
<soapenv:Header></soapenv:Header>
<soapenv:Body>
<tns:Function>
<tns:Argument>OK</tns:Argument>
</tns:Function>
</soapenv:Body>
</soapenv:Envelope>
""")
signature.sign_envelope(
envelope,
KEY_FILE,
KEY_FILE,
signature_method=getattr(xmlsec_installed.Transform, signature_method),
digest_method=getattr(xmlsec_installed.Transform, digest_method),
)
signature.verify_envelope(envelope, KEY_FILE)
digests = envelope.xpath("//ds:DigestMethod", namespaces={"ds": ns.DS})
assert len(digests)
for digest in digests:
assert digest.get("Algorithm") == expected_digest_href
signatures = envelope.xpath("//ds:SignatureMethod",
namespaces={"ds": ns.DS})
assert len(signatures)
for sig in signatures:
assert sig.get("Algorithm") == expected_signature_href
def test_verify_error():
envelope = load_xml(
"""
<soapenv:Envelope
xmlns:tns="http://tests.python-zeep.org/"
xmlns:wsdl="http://schemas.xmlsoap.org/wsdl/"
xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/"
xmlns:soap="http://schemas.xmlsoap.org/wsdl/soap/">
<soapenv:Header></soapenv:Header>
<soapenv:Body>
<tns:Function>
<tns:Argument>OK</tns:Argument>
</tns:Function>
</soapenv:Body>
</soapenv:Envelope>
"""
)
signature.sign_envelope(envelope, KEY_FILE, KEY_FILE)
nsmap = {"tns": "http://tests.python-zeep.org/"}
for elm in envelope.xpath("//tns:Argument", namespaces=nsmap):
elm.text = "NOT!"
with pytest.raises(SignatureVerificationFailed):
signature.verify_envelope(envelope, KEY_FILE)
def test_sign_timestamp_if_present(
digest_method,
signature_method,
expected_digest_href,
expected_signature_href,
):
envelope = load_xml(
"""
<soap-env:Envelope
xmlns:ns0="http://example.com/stockquote.xsd"
xmlns:soap="http://schemas.xmlsoap.org/wsdl/soap/"
xmlns:soap-env="http://schemas.xmlsoap.org/soap/envelope/"
xmlns:wsdl="http://schemas.xmlsoap.org/wsdl/"
xmlns:wsu="http://schemas.xmlsoap.org/ws/2003/06/utility"
xmlns:xsd="http://www.w3.org/2001/XMLSchema">
<soap-env:Header xmlns:ns0="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
<ns0:Security>
<wsu:Timestamp xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
<wsu:Created>2018-11-18T15:44:27Z</wsu:Created>
<wsu:Expires>2018-11-18T15:54:27Z</wsu:Expires>
</wsu:Timestamp>
</ns0:Security>
</soap-env:Header>
<soap-env:Body>
<ns0:TradePriceRequest>
<tickerSymbol>foobar</tickerSymbol>
<ns0:country/>
</ns0:TradePriceRequest>
</soap-env:Body>
</soap-env:Envelope>
"""
)
signature.sign_envelope(
envelope,
KEY_FILE,
KEY_FILE,
None,
signature_method=getattr(xmlsec_installed.Transform, signature_method),
digest_method=getattr(xmlsec_installed.Transform, digest_method),
)
signature.verify_envelope(envelope, KEY_FILE)
digests = envelope.xpath("//ds:DigestMethod", namespaces={"ds": ns.DS})
assert len(digests)
for digest in digests:
assert digest.get("Algorithm") == expected_digest_href
signatures = envelope.xpath("//ds:SignatureMethod", namespaces={"ds": ns.DS})
assert len(signatures)
for sig in signatures:
assert sig.get("Algorithm") == expected_signature_href
def test_sign_pw():
envelope = load_xml("""
<soapenv:Envelope
xmlns:tns="http://tests.python-zeep.org/"
xmlns:wsdl="https://schemas.xmlsoap.org/wsdl/"
xmlns:soapenv="https://schemas.xmlsoap.org/soap/envelope/"
xmlns:soap="https://schemas.xmlsoap.org/wsdl/soap/">
<soapenv:Header></soapenv:Header>
<soapenv:Body>
<tns:Function>
<tns:Argument>OK</tns:Argument>
</tns:Function>
</soapenv:Body>
</soapenv:Envelope>
""")
signature.sign_envelope(envelope, KEY_FILE_PW, KEY_FILE_PW, "geheim")
signature.verify_envelope(envelope, KEY_FILE_PW)
def test_sign_pw():
envelope = load_xml("""
<soapenv:Envelope
xmlns:tns="http://tests.python-zeep.org/"
xmlns:wsdl="http://schemas.xmlsoap.org/wsdl/"
xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/"
xmlns:soap="http://schemas.xmlsoap.org/wsdl/soap/">
<soapenv:Header></soapenv:Header>
<soapenv:Body>
<tns:Function>
<tns:Argument>OK</tns:Argument>
</tns:Function>
</soapenv:Body>
</soapenv:Envelope>
""")
signature.sign_envelope(envelope, KEY_FILE_PW, KEY_FILE_PW, 'geheim')
signature.verify_envelope(envelope, KEY_FILE_PW)
def test_verify_error():
envelope = load_xml("""
<soapenv:Envelope
xmlns:tns="http://tests.python-zeep.org/"
xmlns:wsdl="http://schemas.xmlsoap.org/wsdl/"
xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/"
xmlns:soap="http://schemas.xmlsoap.org/wsdl/soap/">
<soapenv:Header></soapenv:Header>
<soapenv:Body>
<tns:Function>
<tns:Argument>OK</tns:Argument>
</tns:Function>
</soapenv:Body>
</soapenv:Envelope>
""")
signature.sign_envelope(envelope, KEY_FILE, KEY_FILE)
nsmap = {'tns': 'http://tests.python-zeep.org/'}
for elm in envelope.xpath('//tns:Argument', namespaces=nsmap):
elm.text = 'NOT!'
with pytest.raises(SignatureVerificationFailed):
signature.verify_envelope(envelope, KEY_FILE)
