Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

signed parts #1428

Open
wants to merge 9 commits into
base: main
Choose a base branch
from
Open

signed parts #1428

wants to merge 9 commits into from

Conversation

blaggacao
Copy link

@blaggacao blaggacao commented Sep 21, 2024
edited
Loading

  • Parse SignedParts for bindings and assign
  • Sign elements required by WSDL
  • Added tests
  • Omitt WSSE header elements from signature

rebase of #747
closes: #497

@mvantellingen This seemed a pretty solid PR and I have concrete use for it on this service: https://vpfe-hab.dian.gov.co/WcfDianCustomerServices.svc?wsdl - clould you kindly consider reviewing this or the original #747 ? In the meantime I can use this PR patch, though. It is unwieldy to implement a custom Signature class.

<wsp:Policy wsu:Id="WSHttpBinding_IWcfDianCustomerServices_policy">
<wsp:ExactlyOne>
<wsp:All>
<sp:TransportBinding xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
...
</sp:TransportBinding>
<sp:EndorsingSupportingTokens xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
<wsp:Policy>
<sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient">
<wsp:Policy>
<sp:RequireThumbprintReference/>
<sp:WssX509V3Token10/>
</wsp:Policy>
</sp:X509Token>
<sp:SignedParts>
<sp:Header Name="To" Namespace="http://www.w3.org/2005/08/addressing"/>
</sp:SignedParts>
</wsp:Policy>
</sp:EndorsingSupportingTokens>
<sp:Wss11 xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
<wsp:Policy>
<sp:MustSupportRefThumbprint/>
</wsp:Policy>
</sp:Wss11>
<sp:Trust10 xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
<wsp:Policy>
<sp:MustSupportIssuedTokens/>
<sp:RequireClientEntropy/>
<sp:RequireServerEntropy/>
</wsp:Policy>
</sp:Trust10>
<wsaw:UsingAddressing/>
</wsp:All>
</wsp:ExactlyOne>
</wsp:Policy>

Edit

There seems to be one issue that I need to use an older URI for sp in my use case:

In [25]: NSMAP
Out[25]:
{'wsdl': 'http://schemas.xmlsoap.org/wsdl/',
 'wsp': 'http://schemas.xmlsoap.org/ws/2004/09/policy',
 'sp': 'http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702',
 'wsu': 'http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd'}

In [26]: NSMAP["sp"] = "http://schemas.xmlsoap.org/ws/2005/07/securitypolicy"

In [28]: doc.xpath('//wsp:Policy//sp:SignedParts', namespaces=NSMAP)
Out[28]: [<Element {http://schemas.xmlsoap.org/ws/2005/07/securitypolicy}SignedParts at 0x7fcd9a279780>]

@blaggacao blaggacao force-pushed the signed_parts branch 2 times, most recently from 94ac51f to 87f213b Compare September 21, 2024 17:14
@blaggacao blaggacao force-pushed the signed_parts branch 2 times, most recently from 251abff to e6267bd Compare September 21, 2024 19:39
@blaggacao blaggacao force-pushed the signed_parts branch 2 times, most recently from 3ec6ccb to 7e385b2 Compare September 21, 2024 20:37
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

wsse does not sign parts required by WSDL
2 participants
@blaggacao @tpazderka