def test_sign_timestamp_if_present(): envelope = load_xml(""" <soap-env:Envelope xmlns:ns0="http://example.com/stockquote.xsd" xmlns:soap="https://schemas.xmlsoap.org/wsdl/soap/" xmlns:soap-env="https://schemas.xmlsoap.org/soap/envelope/" xmlns:wsdl="https://schemas.xmlsoap.org/wsdl/" xmlns:wsu="https://schemas.xmlsoap.org/ws/2003/06/utility" xmlns:xsd="https://www.w3.org/2001/XMLSchema"> <soap-env:Header xmlns:ns0="https://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"> <ns0:Security> <wsu:Timestamp xmlns:wsu="https://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"> <wsu:Created>2018-11-18T15:44:27Z</wsu:Created> <wsu:Expires>2018-11-18T15:54:27Z</wsu:Expires> </wsu:Timestamp> </ns0:Security> </soap-env:Header> <soap-env:Body> <ns0:TradePriceRequest> <tickerSymbol>foobar</tickerSymbol> <ns0:country/> </ns0:TradePriceRequest> </soap-env:Body> </soap-env:Envelope> """) signature.sign_envelope(envelope, KEY_FILE, KEY_FILE) signature.verify_envelope(envelope, KEY_FILE)
def test_sign(digest_method, signature_method, expected_digest_href, expected_signature_href): envelope = load_xml(""" <soapenv:Envelope xmlns:tns="http://tests.python-zeep.org/" xmlns:wsdl="https://schemas.xmlsoap.org/wsdl/" xmlns:soapenv="https://schemas.xmlsoap.org/soap/envelope/" xmlns:soap="https://schemas.xmlsoap.org/wsdl/soap/"> <soapenv:Header></soapenv:Header> <soapenv:Body> <tns:Function> <tns:Argument>OK</tns:Argument> </tns:Function> </soapenv:Body> </soapenv:Envelope> """) signature.sign_envelope( envelope, KEY_FILE, KEY_FILE, signature_method=getattr(xmlsec_installed.Transform, signature_method), digest_method=getattr(xmlsec_installed.Transform, digest_method), ) signature.verify_envelope(envelope, KEY_FILE) digests = envelope.xpath("//ds:DigestMethod", namespaces={"ds": ns.DS}) assert len(digests) for digest in digests: assert digest.get("Algorithm") == expected_digest_href signatures = envelope.xpath("//ds:SignatureMethod", namespaces={"ds": ns.DS}) assert len(signatures) for sig in signatures: assert sig.get("Algorithm") == expected_signature_href
def test_verify_error(): envelope = load_xml( """ <soapenv:Envelope xmlns:tns="http://tests.python-zeep.org/" xmlns:wsdl="http://schemas.xmlsoap.org/wsdl/" xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:soap="http://schemas.xmlsoap.org/wsdl/soap/"> <soapenv:Header></soapenv:Header> <soapenv:Body> <tns:Function> <tns:Argument>OK</tns:Argument> </tns:Function> </soapenv:Body> </soapenv:Envelope> """ ) signature.sign_envelope(envelope, KEY_FILE, KEY_FILE) nsmap = {"tns": "http://tests.python-zeep.org/"} for elm in envelope.xpath("//tns:Argument", namespaces=nsmap): elm.text = "NOT!" with pytest.raises(SignatureVerificationFailed): signature.verify_envelope(envelope, KEY_FILE)
def test_sign_timestamp_if_present( digest_method, signature_method, expected_digest_href, expected_signature_href, ): envelope = load_xml( """ <soap-env:Envelope xmlns:ns0="http://example.com/stockquote.xsd" xmlns:soap="http://schemas.xmlsoap.org/wsdl/soap/" xmlns:soap-env="http://schemas.xmlsoap.org/soap/envelope/" xmlns:wsdl="http://schemas.xmlsoap.org/wsdl/" xmlns:wsu="http://schemas.xmlsoap.org/ws/2003/06/utility" xmlns:xsd="http://www.w3.org/2001/XMLSchema"> <soap-env:Header xmlns:ns0="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"> <ns0:Security> <wsu:Timestamp xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"> <wsu:Created>2018-11-18T15:44:27Z</wsu:Created> <wsu:Expires>2018-11-18T15:54:27Z</wsu:Expires> </wsu:Timestamp> </ns0:Security> </soap-env:Header> <soap-env:Body> <ns0:TradePriceRequest> <tickerSymbol>foobar</tickerSymbol> <ns0:country/> </ns0:TradePriceRequest> </soap-env:Body> </soap-env:Envelope> """ ) signature.sign_envelope( envelope, KEY_FILE, KEY_FILE, None, signature_method=getattr(xmlsec_installed.Transform, signature_method), digest_method=getattr(xmlsec_installed.Transform, digest_method), ) signature.verify_envelope(envelope, KEY_FILE) digests = envelope.xpath("//ds:DigestMethod", namespaces={"ds": ns.DS}) assert len(digests) for digest in digests: assert digest.get("Algorithm") == expected_digest_href signatures = envelope.xpath("//ds:SignatureMethod", namespaces={"ds": ns.DS}) assert len(signatures) for sig in signatures: assert sig.get("Algorithm") == expected_signature_href
def test_sign_pw(): envelope = load_xml(""" <soapenv:Envelope xmlns:tns="http://tests.python-zeep.org/" xmlns:wsdl="https://schemas.xmlsoap.org/wsdl/" xmlns:soapenv="https://schemas.xmlsoap.org/soap/envelope/" xmlns:soap="https://schemas.xmlsoap.org/wsdl/soap/"> <soapenv:Header></soapenv:Header> <soapenv:Body> <tns:Function> <tns:Argument>OK</tns:Argument> </tns:Function> </soapenv:Body> </soapenv:Envelope> """) signature.sign_envelope(envelope, KEY_FILE_PW, KEY_FILE_PW, "geheim") signature.verify_envelope(envelope, KEY_FILE_PW)
def test_sign_pw(): envelope = load_xml(""" <soapenv:Envelope xmlns:tns="http://tests.python-zeep.org/" xmlns:wsdl="http://schemas.xmlsoap.org/wsdl/" xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:soap="http://schemas.xmlsoap.org/wsdl/soap/"> <soapenv:Header></soapenv:Header> <soapenv:Body> <tns:Function> <tns:Argument>OK</tns:Argument> </tns:Function> </soapenv:Body> </soapenv:Envelope> """) signature.sign_envelope(envelope, KEY_FILE_PW, KEY_FILE_PW, 'geheim') signature.verify_envelope(envelope, KEY_FILE_PW)
def test_verify_error(): envelope = load_xml(""" <soapenv:Envelope xmlns:tns="http://tests.python-zeep.org/" xmlns:wsdl="http://schemas.xmlsoap.org/wsdl/" xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:soap="http://schemas.xmlsoap.org/wsdl/soap/"> <soapenv:Header></soapenv:Header> <soapenv:Body> <tns:Function> <tns:Argument>OK</tns:Argument> </tns:Function> </soapenv:Body> </soapenv:Envelope> """) signature.sign_envelope(envelope, KEY_FILE, KEY_FILE) nsmap = {'tns': 'http://tests.python-zeep.org/'} for elm in envelope.xpath('//tns:Argument', namespaces=nsmap): elm.text = 'NOT!' with pytest.raises(SignatureVerificationFailed): signature.verify_envelope(envelope, KEY_FILE)