Allow to not encrypt by setting the recipient certificate as optional

orcasgit · Nov 26, 2016 · 2c1f455 · 2c1f455
1 parent b91484d
commit 2c1f455
Show file tree

Hide file tree

Showing 2 changed files with 23 additions and 8 deletions.
diff --git a/doc/index.rst b/doc/index.rst
@@ -112,8 +112,8 @@ used to encrypt outgoing messages and verify the signature on incoming
 messages.
 
 Note that ``WssePlugin`` is currently hardcoded to sign the ``wsu:Timestamp``
-and ``soap:Body`` elements, and to encrypt only the first child of the
-``soap:Body`` element. Pull requests to add more flexibility are welcome.
+and ``soap:Body`` elements, and to optionally encrypt only the first child of
+the ``soap:Body`` element. Pull requests to add more flexibility are welcome.
 
 
 Standalone functions

diff --git a/wsse/suds.py b/wsse/suds.py
@@ -2,6 +2,9 @@
 from __future__ import absolute_import
 
 from suds.plugin import MessagePlugin
+from logging import getLogger
+log = getLogger(__name__)
+
 
 from .encryption import encrypt, decrypt
 from .signing import sign, verify
@@ -10,9 +13,10 @@
 class WssePlugin(MessagePlugin):
     """Suds message plugin that performs WS-Security signing and encryption.
 
-    Encrypts and signs outgoing messages (the soap:Body and the wsu:Timestamp
-    security token, which must be present); decrypts and verifies signature on
-    incoming messages.
+    Encrypts (optional) and signs outgoing messages (the soap:Body and the
+    wsu:Timestamp security token, which must be present); decrypts and verifies
+    signature on incoming messages.
+    Encryption is done if their_certfile is set.
 
     Uses X509 certificates for both encryption and signing. Requires our cert
     and its private key, and their cert (all as file paths).
@@ -39,19 +43,30 @@ class WssePlugin(MessagePlugin):
     only the first child element of the soap:Body will be encrypted).
 
     """
-    def __init__(self, keyfile, certfile, their_certfile):
+    def __init__(self, keyfile, certfile, their_certfile = None):
+        """
+        @param keyfile         path to the private key to sign the content
+        @param certfile        path to the certificate to sign the content
+        @param their_certfile  Optional, path to the recipient certificate to
+                               encrypt, if not set no encryption is done
+        """
         self.keyfile = keyfile
         self.certfile = certfile
         self.their_certfile = their_certfile
+        log.info("WSSE plugin initialized")
 
     def sending(self, context):
         """Sign and encrypt outgoing message envelope."""
         context.envelope = sign(
             context.envelope, self.keyfile, self.certfile)
-        context.envelope = encrypt(context.envelope, self.their_certfile)
+        if their_certfile:
+            log.debug("Encrypt the body")
+            context.envelope = encrypt(context.envelope, self.their_certfile)
 
     def received(self, context):
         """Decrypt and verify signature of incoming reply envelope."""
         if context.reply:
-            context.reply = decrypt(context.reply, self.keyfile)
+            if their_certfile:
+                log.debug("Decrypt the body")
+                context.reply = decrypt(context.reply, self.keyfile)
             verify(context.reply, self.their_certfile)