如何解决如何使用python请求带有签名的SOAP服务?
我正在尝试使用证书签名调用 SOAP 服务。这里服务器有自己的证书,需要与请求相同的证书签名。我不确定这是如何工作的,因为我是这种情况的新手。
到目前为止,我已经尝试过普通的 requests
方法,但没有奏效。现在我正在使用 zeep
库。在这方面,我也覆盖了 BinarySignature
类,因为它在 git 的问题中建议。
这是我的代码:
from zeep import Client as cl
from requests import Session
from zeep.transports import Transport
from zeep.plugins import HistoryPlugin
from lxml import etree
import zeep
from zeep.wsse.signature import Signature,BinarySignature
import uuid
import OpenSSL
import base64
from zeep.wsse import utils
from datetime import datetime,timedelta
class SelfBinarySignature(BinarySignature):
def apply(self,envelope,headers):
security = utils.get_security_header(envelope)
created = datetime.utcnow()
expired = created + timedelta(seconds=1 * 60)
timestamp = utils.WSU('Timestamp')
timestamp.append(utils.WSU('Created',created.replace(microsecond=0).isoformat()+'Z'))
timestamp.append(utils.WSU('Expires',expired.replace(microsecond=0).isoformat()+'Z'))
security.append(timestamp)
super().apply(envelope,headers)
return envelope,headers
def verify(self,envelope):
return envelope
def create_csr(common_name,country=None,state=None,city=None,organization=None,organizational_unit=None,email_address=None):
key = OpenSSL.crypto.PKey()
key.generate_key(OpenSSL.crypto.TYPE_RSA,2048)
req = OpenSSL.crypto.X509()
req.get_subject().CN = common_name
if organizational_unit:
req.get_subject().OU = organizational_unit
if organization:
req.get_subject().O = organization
if city:
req.get_subject().L = city
if state:
req.get_subject().ST = state
if country:
req.get_subject().C = country
if email_address:
req.get_subject().emailAddress = email_address
req.set_serial_number(1000)
req.gmtime_adj_notBefore(0)
req.gmtime_adj_notAfter(10*365*24*60*60)
req.set_issuer(req.get_subject())
req.set_pubkey(key)
req.sign(key,'sha256')
private_key = OpenSSL.crypto.dump_privatekey(
OpenSSL.crypto.FILETYPE_PEM,key)
public_key = OpenSSL.crypto.dump_publickey(OpenSSL.crypto.FILETYPE_PEM,key)
csr = OpenSSL.crypto.dump_certificate(
OpenSSL.crypto.FILETYPE_PEM,req)
out_keys = {
"private key" : private_key,"public key": public_key,"certificate": csr,"reqest": req
}
return out_keys
certificate = create_csr(common_name="CN",organizational_unit="OU",organization="ORG",city="Mumbai",state="MH",country="IN"
)
with open('cert.pem',"wb") as f:
f.write(certificate['certificate'])
with open('public.pem',"wb") as f:
f.write(certificate['public key'])
with open('private.pem',"wb") as f:
f.write(certificate['private key'])
# url="https://my.server.soap/Service?WDSL"
url = "https://my.server.soap/Service?WSDL"
history = HistoryPlugin()
session = Session()
# This line returns error:
#ssl.SSLCertVerificationError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: self signed certificate in certificate chain (_ssl.c:1123)
# session.verify = 'server.crt'
#So to try further,I modified value to:
session.verify = True
transport = Transport(session=session)
client = cl(url,transport=transport,plugins=[history],wsse=SelfBinarySignature("private.pem","cert.pem"))
# This line returns error:
# Security token failed to validate. weblogic.xml.crypto.wss.SecurityTokenValidateResult
client.service.sayHello("Test")
版权声明:本文内容由互联网用户自发贡献,该文观点与技术仅代表作者本人。本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌侵权/违法违规的内容, 请发送邮件至 dio@foxmail.com 举报,一经查实,本站将立刻删除。