From d02ed8d0fb91d198977203c04c3e60ebad64992a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Aur=C3=A9lien=20LAJOIE?= Date: Sat, 26 Nov 2016 15:37:21 +0100 Subject: [PATCH] Allow to not encrypt by setting the recipient certificate as optional --- doc/index.rst | 4 ++-- wsse/suds.py | 18 +++++++++++++----- 2 files changed, 15 insertions(+), 7 deletions(-) diff --git a/doc/index.rst b/doc/index.rst index 14dbb5f..28e4d68 100644 --- a/doc/index.rst +++ b/doc/index.rst @@ -112,8 +112,8 @@ used to encrypt outgoing messages and verify the signature on incoming messages. Note that ``WssePlugin`` is currently hardcoded to sign the ``wsu:Timestamp`` -and ``soap:Body`` elements, and to encrypt only the first child of the -``soap:Body`` element. Pull requests to add more flexibility are welcome. +and ``soap:Body`` elements, and to optionally encrypt only the first child of +the ``soap:Body`` element. Pull requests to add more flexibility are welcome. Standalone functions diff --git a/wsse/suds.py b/wsse/suds.py index 3fe1d11..ba5ab15 100644 --- a/wsse/suds.py +++ b/wsse/suds.py @@ -10,9 +10,10 @@ class WssePlugin(MessagePlugin): """Suds message plugin that performs WS-Security signing and encryption. - Encrypts and signs outgoing messages (the soap:Body and the wsu:Timestamp - security token, which must be present); decrypts and verifies signature on - incoming messages. + Encrypts (optional) and signs outgoing messages (the soap:Body and the + wsu:Timestamp security token, which must be present); decrypts and verifies + signature on incoming messages. + Encryption is done if their_certfile is set. Uses X509 certificates for both encryption and signing. Requires our cert and its private key, and their cert (all as file paths). @@ -39,7 +40,13 @@ class WssePlugin(MessagePlugin): only the first child element of the soap:Body will be encrypted). """ - def __init__(self, keyfile, certfile, their_certfile): + def __init__(self, keyfile, certfile, their_certfile = None): + """ + @param keyfile path to the private key to sign the content + @param certfile path to the certificate to sign the content + @param their_certfile Optional, path to the recipient certificate to + encrypt, if not set no encryption is done + """ self.keyfile = keyfile self.certfile = certfile self.their_certfile = their_certfile @@ -48,7 +55,8 @@ def sending(self, context): """Sign and encrypt outgoing message envelope.""" context.envelope = sign( context.envelope, self.keyfile, self.certfile) - context.envelope = encrypt(context.envelope, self.their_certfile) + if their_certfile != None: + context.envelope = encrypt(context.envelope, self.their_certfile) def received(self, context): """Decrypt and verify signature of incoming reply envelope."""