Saturday, December 31, 2011

Sign SOAP messages with suds

What's the Signature
Signature in SOAP message is part of WS-Security.
You can read the specification here:

And here is a capture of a SOAP message with signature.

How to sign the SOAP messages:
Fortunately, a guy named András Veres-Szentkirályi from Europe, post the solution in "suds mailing list"

and, he put the detail in his master thesis:

Code is here, work as a plugin in suds:

Install dependence:
apt-get update
apt-get install gcc python-dev python-lxml python-libxml2 libxml2-dev libxmlsec1-dev python-suds python-openssl
git clone
cd pyxmlsec
python ./ build (select openssl as crypto engines)
sudo python ./ install

I met an Error in <>,line 56, it seems no method "get_signature_algorithm()" in "cert" object which is actually a "X509" ( instance.

The OpenSSL document is based on version 0.13, while I'm using version 0.10 which without this method.

Well, it's not a big problem, since I know the exactly signature_algorithm my certification using, I just hard code the line 56 as:
algo = "rsa", #self.cert.get_signature_algorithm()

OK, now your code should looks like:
signer = SignerPlugin(r"/xxxx.pem")
c = Client(url, transport = ssltrans, prettyxml=True, plugins=[signer])


No comments:

Post a Comment