Signature in SOAP message is part of WS-Security.
You can read the specification here:
http://schemas.xmlsoap.org/specs/ws-security/ws-security.htm#ws-security__toc6201557
And here is a capture of a SOAP message with signature.
How to sign the SOAP messages:
Fortunately, a guy named András Veres-Szentkirályi from Europe, post the solution in "suds mailing list"
http://lists.fedoraproject.org/pipermail/suds/2011-December/001606.html
and, he put the detail in his master thesis:
http://vsza.hu/thesis-beta.pdf
Code is here, work as a plugin in suds:
https://github.com/dnet/SudsSigner
Install dependence:
apt-get update apt-get install gcc python-dev python-lxml python-libxml2 libxml2-dev libxmlsec1-dev python-suds python-openssl git clone https://github.com/dnet/pyxmlsec.git cd pyxmlsec python ./setup.py build (select openssl as crypto engines) sudo python ./setup.py install
Addition:
I met an Error in <plugin.py>,line 56, it seems no method "get_signature_algorithm()" in "cert" object which is actually a "X509" (http://packages.python.org/pyOpenSSL/openssl-x509.html) instance.
The OpenSSL document is based on version 0.13, while I'm using version 0.10 which without this method.
Well, it's not a big problem, since I know the exactly signature_algorithm my certification using, I just hard code the line 56 as:
algo = "rsa", #self.cert.get_signature_algorithm()
--------------
OK, now your code should looks like:
signer = SignerPlugin(r"/xxxx.pem") c = Client(url, transport = ssltrans, prettyxml=True, plugins=[signer])
over.
No comments:
Post a Comment