[Soap-Python] WS-Security with certificates?
Mariano Reingart
reingart at gmail.com
Tue Sep 18 20:02:31 CEST 2012
Hello Israel:
There is a new patch to allow arbitrary xml headers made by remco.boerma (cc'd)
http://code.google.com/p/pysimplesoap/issues/detail?id=78
Does it address your problem?
Sorry, I didn't have enought time to see this in detail, but as AFAIK
it should be doable with pysimplesoap (including the encription part
if required),
Best regards,
Mariano Reingart
http://www.sistemasagiles.com.ar
http://reingart.blogspot.com
On Fri, Sep 7, 2012 at 2:33 PM, Israel Brewster <israel at eraalaska.net> wrote:
> Yep. Here you go - the sample request provided by the company I'm trying to work with. It's kinda ugly, but hopefully helpful in finding a solution. As this is the public example they post on their website, I figure it should be fairly safe to share
>
> <?xml version='1.0' encoding='utf-8'?>
> <soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#" xmlns:wsa="http://www.w3.org/2005/08/addressing">
> <soapenv:Header>
> <wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" soapenv:mustUnderstand="1">
> <wsu:Timestamp xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="Timestamp-1702354">
> <wsu:Created>2012-08-02T15:38:14.062Z</wsu:Created>
> <wsu:Expires>2012-08-02T15:43:14.062Z</wsu:Expires>
> </wsu:Timestamp>
> <xenc:EncryptedKey Id="EncKeyId-4736426">
> <xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-1_5" />
> <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
> <wsse:SecurityTokenReference>
> <wsse:KeyIdentifier EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509SubjectKeyIdentifier">aU53M6ufa/yIi/8Cf0SYnDqFNxg=</wsse:KeyIdentifier>
> </wsse:SecurityTokenReference>
> </ds:KeyInfo>
> <xenc:CipherData>
> <xenc:CipherValue>Ra4sTc78C9XUm1Fr/PnCF8GzLKcQsvp4zU0AZIcsh4N9LfczMKmfGAHWiYi7uATIAcAHs1t6diqhrzndLB9q0j1fjRowCNszQ4cgCIuKKeqzAXVA1ZkT7h63hZu0Je6mhXD00VCK40FG8p+VumZw8sVASSj1lPrrTqTQR6mZMsM=</xenc:CipherValue>
> </xenc:CipherData>
> <xenc:ReferenceList>
> <xenc:DataReference URI="#EncDataId-24737685" />
> </xenc:ReferenceList>
> </xenc:EncryptedKey>
> <wsse:BinarySecurityToken xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3" wsu:Id="CertId-11497308"> [x509 encoded certificate goes here] </wsse:BinarySecurityToken>
> <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#" Id="Signature-32961147">
> <ds:SignedInfo>
> <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
> <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" />
> <ds:Reference URI="#id-24737685">
> <ds:Transforms>
> <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
> </ds:Transforms>
> <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
> <ds:DigestValue>CcedwmiGz5BM/IMhSiHt8yVSIU8=</ds:DigestValue>
> </ds:Reference>
> </ds:SignedInfo>
> <ds:SignatureValue>ITjzmx37JQs/8E+TdSXfApXCU96hLF/t2U6V7B39ZIc6y7oQpWDU4Xpqib63WUZEvoMtOWMeK/vl bJLoHVgwV/zkcBguEMGOTRSbJwQ7kfl15samDKXLy7I2/pN8hpV7b+AqM1xnM6xmhbljl7Xu0ou0 /PbebqE+GciDO6IVvSs=</ds:SignatureValue>
> <ds:KeyInfo Id="KeyId-7364874">
> <wsse:SecurityTokenReference xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="STRId-4101839">
> <wsse:Reference URI="#CertId-11497308" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3" />
> </wsse:SecurityTokenReference>
> </ds:KeyInfo>
> </ds:Signature>
> </wsse:Security>
> <wsa:To>http://int2.myidtravel.com/ws/services/UploadService</wsa:To>
> <wsa:MessageID>urn:uuid:13C80BD4B1F84AE17F1343921893115</wsa:MessageID>
> <wsa:Action>urn:StaffProfilesUpload</wsa:Action>
> </soapenv:Header>
> <soapenv:Body xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="id-24737685">
> <xenc:EncryptedData Id="EncDataId-24737685" Type="http://www.w3.org/2001/04/xmlenc#Content">
> <xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc" />
> <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
> <wsse:SecurityTokenReference xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
> <wsse:Reference URI="#EncKeyId-4736426" />
> </wsse:SecurityTokenReference>
> </ds:KeyInfo>
> <xenc:CipherData>
> <xenc:CipherValue>rSpEJkpoaveOKLvNV2EdY38XcwXMMdqRyVHL0+x0x8Pn9jW0oiNr54AP/I5k4OX7kPTisoD1ZccT agFspo8zKeNZZmEMJcecjV5m7AdeCtpKrhJ6thTM6GC//7bzw5AlRwtqHmnpiI2qMXE5hZDoeCGm umyqfxNy0gvNKaYAHKsTe92PDWo96oKgcBEtiToP5vpEYvfxjGjXQYjAsX/i2Ni9KSr0aFZvTDio 89lZJF1nQkcb237pjStKXF7w6uqLzgckDPVtbx4eTg28pPim6u/pLBjGIFGOR8KFOyNJ6UZC1Atw SXmdFGzD2pySmoAxm1Ue9G9ohK34SR+0bRWoATPrEMXqKJ3M63mgbF4xcyDulLAkuJt5Z8Myeljh sPJKfWWpjaUCTn3ynlU5fXwYMA/WdTDlq4ddq7NprfNf2gP7eCz7E1sPNrC9b5DcMiqrkQgK61y2 TTVGAozhb4plrawDithPjiVLERuJkL7ce4JbDGFyGkF4Bl5Tkwsf7NYOk46jR1LYM5XhAxqDJpI6 bb+t3f+7P7cqN7PUqYGFEGrZWtizZkDS6Wk7v0y6N3xHFTrswcQcwCu/qqxF+yUaCtw4UInkMkLA cjCgRNzPzqPWocvrgBWu18PjEW1nW3lMqqFWu8DvBcjXyN/QqnJpMIuGA/9++Rp3rHl2+IS0BVpV FaFn8bA6ju151ZaIttfktss7HfHZZ5mMDXmA33trekcgtZCmdL4mjMpAGcMVYpAWT5eCNVbfJpa9 mr6c+Ir514uq6S38o/eOHrUx49UTEXhN0IET288yhMdTp58ztAAvGuwbQA0qPX5CcnEbDP0Sm/OF EDLHJz+CCVWPrzJZh7+s8/kMGZkTmk7q8qTXG5tV3+zWGiHTW5aoA2xOT8jvcx30Cjp+HTECURKw rZF+m7x9dFrtAOnAPpiD8zmkDY+1+eLMnmQ4Dp94bJHi3ekKJ0xpplK5cV+MuvKfmYGkOAI+VaWJ WCriZfI88dh6+CneVUJHKMkNJxN5CJj2aY7868fOQdC0ZZzN4ujuSnrBeDDeJh26JuAziL5UZQ1E yJqpjv8VxBQDJUe8aEg6jMYF6kfE56yx+rR3qjzwiVQSSBRSQ3dQRG7/KIs+dhOg9N0k6nB3wA9E 11xcekz8Vt7I7GZH/Ye4/9xM21ATtHsdJ8mJB7Sy7Sxs0JgKE53B6FzAG+WD5OOYOcN2ZifXymTn JAR0jH0Ue58gx2pTV4pwxcZ+68i/194gWGcFezFiFGccy8KP2XsmZIdBRJjbrN+PZP2T5d6Dht56 eJkzDCB+PNwc26rFVFBp2ZyZNLWmbq5qJ9cYpqhsi6qHGll7VWkTP8G2U2S1Uxq5u8Thf7D6K5Te rSiHJiVTIdbYUIJ75TmnRhoitYQj3NbDGPIz6/TZfVCeLFA1WG9+6yunRO/N5VhUp0oec0kxe7p9 SdXK76v7BbkLoLotddXLUI4lidj0ejzB955bW9oUqh3ILH6gd6OJHDM8OHu29Cza79ZE2OURBhG9 6Jr26MAlKLQ2+yLUzEFfZAR+iwmGsAWppEXHFXFybKxtslegePxFmZ7TXmel7eE3VsNSX0kx6oYT 64c0</xenc:CipherValue>
> </xenc:CipherData>
> </xenc:EncryptedData>
> </soapenv:Body>
> </soapenv:Envelope>
> -----------------------------------------------
> Israel Brewster
> Computer Support Technician II
> Era Alaska
> 5245 Airport Industrial Rd
> Fairbanks, AK 99709
> (907) 450-7250 x7293
> -----------------------------------------------
>
>
>
> On Sep 7, 2012, at 7:14 AM, Mariano Reingart wrote:
>
>> Hello Israel:
>>
>> Do you have any example of a WS-Security with certificate data.
>> And XML request message would be useful.
>>
>> Best regards,
>>
>> Mariano Reingart
>> http://www.sistemasagiles.com.ar
>> http://reingart.blogspot.com
>>
>>
>> On Thu, Sep 6, 2012 at 6:39 PM, Israel Brewster <israel at eraalaska.net> wrote:
>>> I am trying to figure out how to create a SOAP client for a service that
>>> requires WS-Security and uses certificates for authentication. Looking at
>>> the sample request they provided, it looks as though the wise security
>>> header contains the key, certificate, and some sort of signature. However,
>>> in looking online, all I can seem to find are examples of using WS-Security
>>> with a username and password. Are there any SAOP libraries available that
>>> provide support for WS-Security with certificates and signatures? Thanks.
>>>
>>> -----------------------------------------------
>>> Israel Brewster
>>> Computer Support Technician II
>>> Era Alaska
>>> 5245 Airport Industrial Rd
>>> Fairbanks, AK 99709
>>> (907) 450-7250 x7293
>>> -----------------------------------------------
>>>
>>>
>>>
>>>
>>> _______________________________________________
>>> Soap mailing list
>>> Soap at python.org
>>> http://mail.python.org/mailman/listinfo/soap
>>>
>
>
More information about the Soap
mailing list