如何解决Zeep SOAP 签名,安全策略
我正在尝试向服务发布正确的请求。
这是它的 WSDL
这是我的代码
session = Session()
# session.verify = False
signature = Signature(
key_file=private_key,certfile=certificate,# optional_password
)
timestamp_token = WSU.Timestamp()
today_datetime = datetime.datetime.today()
expires_datetime = today_datetime + datetime.timedelta(minutes=10)
timestamp_elements = [
WSU.Created(today_datetime.strftime("%Y-%m-%dT%H:%M:%sZ")),WSU.Expires(expires_datetime.strftime("%Y-%m-%dT%H:%M:%sZ"))
]
timestamp_token.extend(timestamp_elements)
client = Client(
wsdl=wsdl,settings=Settings(strict=False,xml_huge_tree=True),wsse=[timestamp_token,signature],transport=Transport(session=session)
)
response = client.service.verarbeiteXKfz(
**params_0707,)
这是我得到的错误
Traceback (most recent call last):
File "main.py",line 92,in <module>
main()
File ".venv/lib/python3.9/site-packages/click/core.py",line 829,in __call__
return self.main(*args,**kwargs)
File ".venv/lib/python3.9/site-packages/click/core.py",line 782,in main
rv = self.invoke(ctx)
File ".venv/lib/python3.9/site-packages/click/core.py",line 1066,in invoke
return ctx.invoke(self.callback,**ctx.params)
File ".venv/lib/python3.9/site-packages/click/core.py",line 610,in invoke
return callback(*args,**kwargs)
File "main.py",line 78,in main
response = client.service.verarbeiteXKfz(
File ".venv/lib/python3.9/site-packages/zeep/proxy.py",line 46,in __call__
return self._proxy._binding.send(
File ".venv/lib/python3.9/site-packages/zeep/wsdl/bindings/soap.py",line 123,in send
envelope,http_headers = self._create(
File ".venv/lib/python3.9/site-packages/zeep/wsdl/bindings/soap.py",line 98,in _create
envelope,http_headers = wsse.apply(envelope,http_headers)
AttributeError: 'lxml.etree._Element' object has no attribute 'apply'
鉴于参数现在通过 zeep 验证(即它们匹配操作的签名),我相信问题出在其他地方。
例如,我认为 WSDL 突出显示很重要
<wsp:Policy xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy" xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702" wsu:Id="asymmetricSignaturePolicy">
<!-- ! ! ! ! ! ! ! ! -->
<!-- Important -->
<!-- ! ! ! ! ! ! ! ! -->
<!-- You have to use {http://www.w3.org/2001/04/xmldsig-more#rsa-sha256} -->
<!-- as signature algorithm. Since this is not part of the ws-policy specification -->
<!-- you have to take care about this at application level -->
<!-- Any other signature algorithm will be rejected! -->
这是问题吗?我怎样才能做到这一点?
我现在尝试改用 BinarySignature,但它产生相同的错误,即使它具有 apply 方法
跟进:
我现在已经将 Signature 子类化为
class IkfzSignature(Signature):
def apply(self,envelope,headers):
security = utils.get_security_header(envelope)
timestamp_token = WSU.Timestamp()
creation = datetime.Now()
expiration = creation + timedelta(seconds=61)
timestamp_token.append(WSU.Created(utils.get_timestamp(creation)))
timestamp_token.append(WSU.Expires(utils.get_timestamp(expiration)))
security.append(timestamp_token)
# headers['Content-Type'] = 'application/soap+xml;charset=UTF-8'
return envelope,headers
def verify(self,envelope):
pass
我现在收到时间戳错误:
raise Fault(
zeep.exceptions.Fault: A security error was encountered when verifying the message Caused by: Invalid timestamp: The message timestamp is out of range
这个问题仍然悬而未决,因为我忽略这是由于时间戳以一种方式或另一种方式设置错误(签名或“值”)
版权声明:本文内容由互联网用户自发贡献,该文观点与技术仅代表作者本人。本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌侵权/违法违规的内容, 请发送邮件至 dio@foxmail.com 举报,一经查实,本站将立刻删除。
