Skip to content

Commit

Permalink
Sign timestamp only when the tag is set
Browse files Browse the repository at this point in the history
  • Loading branch information
@utix
utix committed Dec 1, 2016
1 parent 5a25072 commit 0651987
Show file tree
Hide file tree
Showing 2 changed files with 9 additions and 7 deletions.
11 changes: 6 additions & 5 deletions doc/index.rst
View file
Original file line number Diff line number Diff line change
Expand Up @@ -100,9 +100,9 @@ list of ``plugins`` passed to a new ``Client`` instance::
)

``WssePlugin`` requires that the outgoing messages already have a
``wsse:Security`` element in the ``soap:Header`` with a ``wsu:Timestamp``
token. Suds can do this via its ``Security`` and ``Timestamp`` objects, as
shown in the above example.
``wsse:Security`` element in the ``soap:Header`` with an optional
``wsu:Timestamp`` token. Suds can do this via its ``Security`` and
``Timestamp`` objects, as shown in the above example.

In the example, ``our_keyfile_path``, ``our_certfile_path``, and
``their_certfile_path`` should all be absolute filesystem paths to X509
Expand All @@ -112,8 +112,9 @@ used to encrypt outgoing messages and verify the signature on incoming
messages.

Note that ``WssePlugin`` is currently hardcoded to sign the ``wsu:Timestamp``
and ``soap:Body`` elements, and to optionally encrypt only the first child of
the ``soap:Body`` element. Pull requests to add more flexibility are welcome.
(if it is present) and ``soap:Body`` elements, and to optionally encrypt only
the first child of the ``soap:Body`` element.
Pull requests to add more flexibility are welcome.


Standalone functions
Expand Down
5 changes: 3 additions & 2 deletions wsse/signing.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -20,7 +20,7 @@ def sign(envelope, keyfile, certfile):
"""Sign given SOAP envelope with WSSE sig using given key and cert.
Sign the wsu:Timestamp node in the wsse:Security header and the soap:Body;
both must be present.
Timestamp is optional, Body must be present.
Add a ds:Signature node in the wsse:Security header containing the
signature.
Expand Down Expand Up @@ -135,7 +135,8 @@ def sign(envelope, keyfile, certfile):
ctx = xmlsec.SignatureContext()
ctx.key = key
_sign_node(ctx, signature, doc.find(ns(SOAP_NS, 'Body')))
_sign_node(ctx, signature, security.find(ns(WSU_NS, 'Timestamp')))
if security.find(ns(WSU_NS, 'Timestamp')):
_sign_node(ctx, signature, security.find(ns(WSU_NS, 'Timestamp')))
ctx.sign(signature)

# Place the X509 data inside a WSSE SecurityTokenReference within
Expand Down

0 comments on commit 0651987

Please sign in to comment.