Saturday, December 31, 2011

Sign SOAP messages with suds

What's the Signature
Signature in SOAP message is part of WS-Security.
You can read the specification here:
http://schemas.xmlsoap.org/specs/ws-security/ws-security.htm#ws-security__toc6201557

And here is a capture of a SOAP message with signature.


How to sign the SOAP messages:
Fortunately, a guy named András Veres-Szentkirályi from Europe, post the solution in "suds mailing list"
http://lists.fedoraproject.org/pipermail/suds/2011-December/001606.html

and, he put the detail in his master thesis:
http://vsza.hu/thesis-beta.pdf

Code is here, work as a plugin in suds:
https://github.com/dnet/SudsSigner


Install dependence:
apt-get update
apt-get install gcc python-dev python-lxml python-libxml2 libxml2-dev libxmlsec1-dev python-suds python-openssl
git clone https://github.com/dnet/pyxmlsec.git
cd pyxmlsec
python ./setup.py build (select openssl as crypto engines)
sudo python ./setup.py install



Addition:
I met an Error in <plugin.py>,line 56, it seems no method "get_signature_algorithm()" in "cert" object which is actually a "X509" (http://packages.python.org/pyOpenSSL/openssl-x509.html) instance.

The OpenSSL document is based on version 0.13, while I'm using version 0.10 which without this method.

Well, it's not a big problem, since I know the exactly signature_algorithm my certification using, I just hard code the line 56 as:
algo = "rsa", #self.cert.get_signature_algorithm()


--------------
OK, now your code should looks like:
signer = SignerPlugin(r"/xxxx.pem")
c = Client(url, transport = ssltrans, prettyxml=True, plugins=[signer])

over.

No comments:

Post a Comment