Skip to content

Commit

Permalink
Allow to not encrypt by setting the recipient certificate as optional
Browse files Browse the repository at this point in the history
  • Loading branch information
Aurélien LAJOIE authored and utix committed Nov 26, 2016
1 parent b91484d commit d02ed8d
Show file tree
Hide file tree
Showing 2 changed files with 15 additions and 7 deletions.
4 changes: 2 additions & 2 deletions doc/index.rst
Original file line number Diff line number Diff line change
Expand Up @@ -112,8 +112,8 @@ used to encrypt outgoing messages and verify the signature on incoming
messages.

Note that ``WssePlugin`` is currently hardcoded to sign the ``wsu:Timestamp``
and ``soap:Body`` elements, and to encrypt only the first child of the
``soap:Body`` element. Pull requests to add more flexibility are welcome.
and ``soap:Body`` elements, and to optionally encrypt only the first child of
the ``soap:Body`` element. Pull requests to add more flexibility are welcome.


Standalone functions
Expand Down
18 changes: 13 additions & 5 deletions wsse/suds.py
Original file line number Diff line number Diff line change
Expand Up @@ -10,9 +10,10 @@
class WssePlugin(MessagePlugin):
"""Suds message plugin that performs WS-Security signing and encryption.
Encrypts and signs outgoing messages (the soap:Body and the wsu:Timestamp
security token, which must be present); decrypts and verifies signature on
incoming messages.
Encrypts (optional) and signs outgoing messages (the soap:Body and the
wsu:Timestamp security token, which must be present); decrypts and verifies
signature on incoming messages.
Encryption is done if their_certfile is set.
Uses X509 certificates for both encryption and signing. Requires our cert
and its private key, and their cert (all as file paths).
Expand All @@ -39,7 +40,13 @@ class WssePlugin(MessagePlugin):
only the first child element of the soap:Body will be encrypted).
"""
def __init__(self, keyfile, certfile, their_certfile):
def __init__(self, keyfile, certfile, their_certfile = None):
"""
@param keyfile path to the private key to sign the content
@param certfile path to the certificate to sign the content
@param their_certfile Optional, path to the recipient certificate to
encrypt, if not set no encryption is done
"""
self.keyfile = keyfile
self.certfile = certfile
self.their_certfile = their_certfile
Expand All @@ -48,7 +55,8 @@ def sending(self, context):
"""Sign and encrypt outgoing message envelope."""
context.envelope = sign(
context.envelope, self.keyfile, self.certfile)
context.envelope = encrypt(context.envelope, self.their_certfile)
if their_certfile != None:
context.envelope = encrypt(context.envelope, self.their_certfile)

def received(self, context):
"""Decrypt and verify signature of incoming reply envelope."""
Expand Down

0 comments on commit d02ed8d

Please sign in to comment.