[Soap-Python] WSSE security

Mariano Reingart reingart at gmail.com
Tue Apr 28 00:10:37 CEST 2015


Hi Paul:

You can see a proof of concept developed for Uruguay electronic invoicing
webservice:

https://github.com/reingart/py_efactura_uy/blob/master/prueba.py#L101

The relevant code would be:

from pysimplesoap.client import SoapClient
from pysimplesoap.wsse import BinaryTokenSignature

client = SoapClient(...)

plugin = BinaryTokenSignature(certificate="certificado.crt",
                              private_key="private.key",
                              password=None,
                              cacert="CorreoUruguayoCA.crt",
                              )
client.plugins += [plugin]

Of course you'll have to change the certificate, private key and
certification authority. You can use a password if the private key has a
pass-phrase.
Then you can call remote methods as usual, both using "raw" arbitrary
request or WSDL parsed methods, for more info see:

https://code.google.com/p/pysimplesoap/wiki/SoapClient

You're right, the Google Code wiki is not updated as it will be taken down,
but I didn't have time to move it to GitHub yet.
But, you can download the latest development code (including WSSE support)
from there:

https://github.com/pysimplesoap/pysimplesoap

Finally, compared to the suds, pysimplesoap implementation is more ad-hoc
and you could easily debug it and adapt the xml generated or signing phase,
if required (so far it should work out of the box, but I've seen at least a
specific server that responds with a special xml canonicalization
method/transformation that needs some work).
Also, the idea of pysimplesoap is to facilitate experimentation and
learning from webservices internals, xml security, etc.

In the other side, the suds plug-in seems to be using dm.xmlsec.binding
(depending on XMLSec C library, that is very complex and include more
dependencies, as far I could analyze) and PyOpenSSL (that is is a rather
thin wrapper around (a subset of) the OpenSSL library, according their own
documentation)
pysimplesoap uses just M2Crypto (that is more complete to PyOpenSSL but
you'll have to check python3 experimental support if you need it, AFAIK).
Note that lxml dependency is optional.
There is even a pure python implementation of a c14n.py module
(canonicalization) in pysimplesoap (taken form others projects IIRC), that
I'm trying to migrate to Python 3 and enhance, to avoid lxml dependency at
all.

Best regards

Mariano Reingart
http://www.sistemasagiles.com.ar
http://reingart.blogspot.com

On Mon, Apr 27, 2015 at 12:06 PM, Paul Tomblin <ptomblin at xcski.com> wrote:

> I need to talk to a web service that requires wsse:BinarySecurityToken,
> ds:Security, wsse:UsernameToken and wsu:Timestamp headers. I see that the
> latest version of pysimplesoap on python.org has some sort of plugin
> architecture and a wsse.py for at least some of these headers, but I don't
> see any documentation on how to use them. The Google Code page doesn't have
> the wsse.py file, and so obviously nothing in their Wiki.
>
> Can somebody point me to documentation or examples?
>
>
> --
> http://www.linkedin.com/in/paultomblin
> http://careers.stackoverflow.com/ptomblin
>
> _______________________________________________
> Soap mailing list
> Soap at python.org
> https://mail.python.org/mailman/listinfo/soap
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.python.org/pipermail/soap/attachments/20150427/003fddce/attachment.html>


More information about the Soap mailing list