Python使用BinarySecurityToken签署SOAP请求

2024-05-08 21:38:40 发布

您现在位置:Python中文网/ 问答频道 /正文

我试图用python用证书签署SOAP请求。我尝试过pythonzeep及其Signature方法和pywsse的sud。两者都没有给我预期的结果。在

Zeep给了我:

<soap-env:Envelope xmlns:soap-env="http://schemas.xmlsoap.org/soap/envelope/" xmlns:wst="http://schemas.xmlsoap.org/ws/2005/02/trust" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
  <soap-env:Header>
    <wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
      <Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
<SignedInfo>
<CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
<SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
<Reference URI="#id-2790286f-721f-4f62-88bf-7e6b1f160e09">
<Transforms>
<Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
</Transforms>
<DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<DigestValue> DATA </DigestValue>
</Reference>
<Reference URI="#id-597e9b96-07e2-4ee8-9ba8-071d97851456">
<Transforms>
<Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
</Transforms>
<DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<DigestValue> DATA </DigestValue>
</Reference>
</SignedInfo>
<SignatureValue> DATA </SignatureValue>
<KeyInfo>
<wsse:SecurityTokenReference><X509Data>
<X509IssuerSerial>
<X509IssuerName> DATA </X509IssuerName>
<X509SerialNumber> DATA </X509SerialNumber>
</X509IssuerSerial>
<X509Certificate> DATA </X509Certificate>
</X509Data>
</wsse:SecurityTokenReference></KeyInfo>
</Signature>
      <wsu:Timestamp wsu:Id="id-597e9b96-07e2-4ee8-9ba8-071d97851456">
        <wsu:Created>2017-10-27T09:41:01+00:00</wsu:Created>
        <wsu:Expires>2017-10-27T10:41:01+00:00</wsu:Expires>
      </wsu:Timestamp>
    </wsse:Security>
  </soap-env:Header>
  <soap-env:Body wsu:Id="id-2790286f-721f-4f62-88bf-7e6b1f160e09">
    <wst:RequestSecurityToken>
      <wst:TokenType>http://schemas.xmlsoap.org/ws/2005/02/sc/sct</wst:TokenType>
<wst:RequestType>http://schemas.xmlsoap.org/ws/2005/02/trust/Issue</wst:RequestType>
    </wst:RequestSecurityToken>
  </soap-env:Body>
</soap-env:Envelope>

而suds python wsse提供了:

^{pr2}$

不过,我需要一个看起来更像是两者混合的请求:

<soapenv:Envelope
xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/"
xmlns:wst="http://schemas.xmlsoap.org/ws/2005/02/trust">
<soapenv:Header>
    <wsse:Security
        xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"
        xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
        <wsse:BinarySecurityToken EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3" wsu:Id="X509-B0D6288D1BAB6D839515090888163762"> DATA </wsse:BinarySecurityToken>
        <ds:Signature Id="SIG-B0D6288D1BAB6D839515090888164186"
            xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
            <ds:SignedInfo>
                <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
                    <ec:InclusiveNamespaces PrefixList="soapenv wst"
                        xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                    </ds:CanonicalizationMethod>
                    <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
                    <ds:Reference URI="#TS-B0D6288D1BAB6D839515090888163021">
                        <ds:Transforms>
                            <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
                                <ec:InclusiveNamespaces PrefixList="wsse soapenv wst"
                                    xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                                </ds:Transform>
                            </ds:Transforms>
                            <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
                            <ds:DigestValue> DATA </ds:DigestValue>
                        </ds:Reference>
                        <ds:Reference URI="#id-B0D6288D1BAB6D839515090888164135">
                            <ds:Transforms>
                                <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
                                    <ec:InclusiveNamespaces PrefixList="wst"
                                        xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                                    </ds:Transform>
                                </ds:Transforms>
                                <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
                                <ds:DigestValue> DATA </ds:DigestValue>
                            </ds:Reference>
                            <ds:Reference URI="#X509-B0D6288D1BAB6D839515090888163762">
                                <ds:Transforms>
                                    <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
                                        <ec:InclusiveNamespaces PrefixList=""
                                            xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                                        </ds:Transform>
                                    </ds:Transforms>
                                    <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
                                    <ds:DigestValue> DATA </ds:DigestValue>
                                </ds:Reference>
                            </ds:SignedInfo>
                            <ds:SignatureValue> DATA </ds:SignatureValue>
                            <ds:KeyInfo Id="KI-B0D6288D1BAB6D839515090888164053">
                                <wsse:SecurityTokenReference wsu:Id="STR-B0D6288D1BAB6D839515090888164074">
                                    <wsse:Reference URI="#X509-B0D6288D1BAB6D839515090888163762" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3"/>
                                </wsse:SecurityTokenReference>
                            </ds:KeyInfo>
                        </ds:Signature>
                        <wsu:Timestamp wsu:Id="TS-B0D6288D1BAB6D839515090888163021">
                            <wsu:Created>2017-10-27T07:20:16.301Z</wsu:Created>
                            <wsu:Expires>2017-10-27T07:20:26.301Z</wsu:Expires>
                        </wsu:Timestamp>
                    </wsse:Security>
                </soapenv:Header>
                <soapenv:Body wsu:Id="id-B0D6288D1BAB6D839515090888164135"
                    xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
                    <wst:RequestSecurityToken>
                        <wst:TokenType>http://schemas.xmlsoap.org/ws/2005/02/sc/sct</wst:TokenType>
                        <wst:RequestType>http://schemas.xmlsoap.org/ws/2005/02/trust/Issue</wst:RequestType>
                    </wst:RequestSecurityToken>
                </soapenv:Body>
            </soapenv:Envelope>

在python中有没有简单的方法可以用BinarySecurityToken签署SOAP信封?第一个信封和最后一个信封之间是否有适当的区别,或者两者都有效?在


Tags: orghttpwwwdsxmlalgorithmexcoasis