a /$Z|(@sdZddlmZddlZejdkr*eZZddlZddl m Z ddl Z ddl Z ddl Z ddlZddlmZmZmZmZddlmZddlZddlZdd l mZd d Zd Zd ZdZdZdZdZGdddZ Gddde Z!dZ"GdddZ#dS)zFPythonic simple SOAP Client plugins for WebService Security extensions)unicode_literalsN3)Decimal) __author__ __copyright__ __license__ __version__)SimpleXMLElement)sha1cCsdddt|DS)Ncss$|]}ttjtjVqdSN)randomZ SystemRandomZchoicestringZascii_uppercaseZdigits).0_r3/usr/lib/python3/dist-packages/pysimplesoap/wsse.py $zrandombytes..)joinrange)Nrrr randombytes#srzQhttp://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsdzRhttp://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsdz"http://www.w3.org/2000/09/xmldsig#zUhttp://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3z^http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binaryzahttp://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordDigestc@s*eZdZdZd ddZddZddZd S) UsernameTokenzGWebService Security extension to add a basic credentials to xml requestr cCsd||di|_dS)Nwsse:UsernameToken) wsse:Username wsse:Password)token)selfusernamepasswordrrr__init__3s zUsernameToken.__init__c CsF|d|d}d} | |vr"|| |_|j| |jdddt|| d<dS)z)Add basic credentials to outgoing messageHeaderns wsse:SecurityF)r%Zadd_children_ns xmlns:wsseN)rZmarshallWSSE_URI) rclientrequestmethodargskwargsheaderssoap_uriheaderkrrr preprocess;s   zUsernameToken.preprocesscCsdS)zAnalyze incoming credentialsNr)rr)responser+r,r-r.r/rrr postprocessHszUsernameToken.postprocessN)r r )__name__ __module__ __qualname____doc__r"r2r4rrrrr0s  rc@s"eZdZdZd ddZddZdS) UsernameDigestTokenz WebService Security extension to add a http digest credentials to xml request drift -> time difference from the server in seconds, needed for 'Created' header r rcCs||_||_tj|d|_dS)N)Zseconds)r r!datetimeZ timedeltadrift)rr r!r;rrrr"SszUsernameDigestToken.__init__cCs|d|d}|jddd} t| d<t| d<| jddd} | jd|jddtj|jd } | jd | ddtd } | jd | d dddd} t | d<t }| | | |j |}| jd| d dddd}t|d<dS)Nr#r$r&Fr' xmlns:wsurrZz wsu:Createdz wsse:Noncebase64 EncodingTyperType)Z add_childr(WSU_URIr r:Zutcnowr;Z isoformatrencodeBase64Binary_URIr updater!digestPasswordDigest_URI)rr)r*r+r,r-r.r/r0wsseZ usertokenZcreatedZnonceZ wssenonceZsha1objrGr!rrrr2Xs  zUsernameDigestToken.preprocessN)r r r)r5r6r7r8r"r2rrrrr9Ms r9aZ %(certificate)s %(signed_info)s %(signature_value)s c@s4eZdZdZd ddZddZdd Zdd d ZdS)BinaryTokenSignaturezEWebService Security extension to add a basic signature to xml requestr NcCs0dddt|D|_||_||_||_dS)Nr cSsg|]}|ds|qS)z---) startswith)rlinerrr s z1BinaryTokenSignature.__init__..)ropen certificate private_keyr!cacert)rrOrPr!rQrrrr"szBinaryTokenSignature.__init__cCs|d|d}|d|d} d|d<t|d<|ddD]\} } | dr4| || <q4t|} d d lm} | | d |j|j}|j|d <t t |}| |dS) zSign the outgoing SOAP requestBodyr$r#zid-14wsu:Idr<Nxmlnsrxmlsecz#id-14rO) rCrKreprr rVZrsa_signrPr!rOr BIN_TOKEN_TMPLZ import_node)rr)r*r+r,r-r.r/bodyr0attrvalueref_xmlrVvarsrIrrrr2s       zBinaryTokenSignature.preprocesscCsddlm}|d|d} |d|d} | dtd} | dtd} || dt|| d tt| d } |j| d d }|j st d n|j |j | d d st d|| dt| d}| dtd}|dtd}|dtd}||dtddd|||dtddtd||dtddtddtd|ddD]\}}|drH|| |<qH|t| }||}t|dtddtd}||krt dt|d<t|}||t||}|st d dS)!z-Verify the signature of the incoming responserrUrRr$r#ZSecurityZBinarySecurityTokenrAZ ValueTyper?T)Zbinaryz/No CA provided, WSSE not validating certificatez"WSSE certificate validation failedr<rSZ SignatureZ SignedInfoZSignatureValueZ ReferenceZURI#ZSignatureMethodZ Algorithmzrsa-sha1Z DigestMethodr NrTZ DigestValuezWSSE SHA1 hash digests mismatchz+WSSE RSA-SHA1 signature verification failed)r rVr(_BinaryTokenSignature__checkrE X509v3_URIstrdecodeZx509_extract_rsa_public_keyrQwarningswarnZ x509_verify RuntimeErrorrC XMLDSIG_URIrKZ canonicalizerWZsha1_hash_digestZ rsa_verify)rr)r3r+r,r-r.r/rVrYr0rIZcertZcert_derZ public_keyZref_uriZ signatureZ signed_infoZsignature_valuerZr[r\Z computed_hashZ digest_valueZxmlokrrrr4sL             z BinaryTokenSignature.postprocessWSSE sanity check failedcCs||krt|dSr )re)rr[ZexpectedmsgrrrZ__checkszBinaryTokenSignature.__check)r r NN)rh)r5r6r7r8r"r2r4r_rrrrrJs  4rJ)$r8Z __future__rsysversionraZ basestringZunicoder:ZdecimalrosZloggingZhashlibrcr rrrr Z simplexmlr rrr rr(rCrfr`rErHrr9rXrJrrrr s4     "