python-zeep icon indicating copy to clipboard operation
python-zeep copied to clipboard

Published 20 hours ago verified publisher icon mvantellingen

signed parts

Open blaggacao opened this issue 1 year ago • 0 comments

  • Parse SignedParts for bindings and assign
  • Sign elements required by WSDL
  • Added tests
  • Omitt WSSE header elements from signature

rebase of #747 closes: #497

@mvantellingen This seemed a pretty solid PR and I have concrete use for it on this service: https://vpfe-hab.dian.gov.co/WcfDianCustomerServices.svc?wsdl - clould you kindly consider reviewing this or the original #747 ? In the meantime I can use this PR patch, though. It is unwieldy to implement a custom Signature class.

<wsp:Policy wsu:Id="WSHttpBinding_IWcfDianCustomerServices_policy">
<wsp:ExactlyOne>
<wsp:All>
<sp:TransportBinding xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
...
</sp:TransportBinding>
<sp:EndorsingSupportingTokens xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
<wsp:Policy>
<sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient">
<wsp:Policy>
<sp:RequireThumbprintReference/>
<sp:WssX509V3Token10/>
</wsp:Policy>
</sp:X509Token>
<sp:SignedParts>
<sp:Header Name="To" Namespace="http://www.w3.org/2005/08/addressing"/>
</sp:SignedParts>
</wsp:Policy>
</sp:EndorsingSupportingTokens>
<sp:Wss11 xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
<wsp:Policy>
<sp:MustSupportRefThumbprint/>
</wsp:Policy>
</sp:Wss11>
<sp:Trust10 xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
<wsp:Policy>
<sp:MustSupportIssuedTokens/>
<sp:RequireClientEntropy/>
<sp:RequireServerEntropy/>
</wsp:Policy>
</sp:Trust10>
<wsaw:UsingAddressing/>
</wsp:All>
</wsp:ExactlyOne>
</wsp:Policy>

Edit

There seems to be one issue that I need to use an older URI for sp in my use case:

In [25]: NSMAP
Out[25]:
{'wsdl': 'http://schemas.xmlsoap.org/wsdl/',
 'wsp': 'http://schemas.xmlsoap.org/ws/2004/09/policy',
 'sp': 'http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702',
 'wsu': 'http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd'}

In [26]: NSMAP["sp"] = "http://schemas.xmlsoap.org/ws/2005/07/securitypolicy"

In [28]: doc.xpath('//wsp:Policy//sp:SignedParts', namespaces=NSMAP)
Out[28]: [<Element {http://schemas.xmlsoap.org/ws/2005/07/securitypolicy}SignedParts at 0x7fcd9a279780>]

blaggacao avatar Sep 21 '24 15:09 blaggacao