Changeset 1663
 Timestamp:
 02/11/06 17:46:12 (14 years ago)
 File:

 1 edited
Legend:
 Unmodified
 Added
 Removed

TI12security/trunk/python/Tests/SimpleCA/wsSecurity.py
r1649 r1663 102 102 soapWriter._header.setNamespaceAttribute('wsu', _WSU.UTILITY) 103 103 soapWriter._header.setNamespaceAttribute('ds', DSIG.BASE) 104 soapWriter._header.setNamespaceAttribute('ec', DSIG.C14N_EXCL) 104 105 105 106 # TODO: Put in a check to make sure <wsse:security> isn't already … … 120 121 121 122 # Add ID so that the binary token can be included in the signature 122 #binSecTokElem.node.setAttribute('wsu:Id', "binaryToken")123 binSecTokElem.node.setAttribute('wsu:Id', "binaryToken") 123 124 124 125 binSecTokElem.createAppendTextNode(x509CertStr) … … 134 135 135 136 # Signed Info  Canonicalization method 137 signedInfoC14nKw = {} 138 signedInfoC14nKw['unsuppressedPrefixes'] = ['xsi', 'xsd', 'SOAPENV', 'ds', 'wsse'] 136 139 c14nMethodElem = signedInfoElem.createAppendElement(DSIG.BASE, 137 140 'CanonicalizationMethod') 138 c14nMethodElem.node.setAttribute('Algorithm', DSIG.C14N) 141 c14nMethodElem.node.setAttribute('Algorithm', DSIG.C14N_EXCL) 142 c14nInclNamespacesElem = c14nMethodElem.createAppendElement(\ 143 DSIG.C14N_EXCL, 144 'InclusiveNamespaces') 145 c14nInclNamespacesElem.node.setAttribute('PrefixList', 146 ' '.join(signedInfoC14nKw['unsuppressedPrefixes'])) 139 147 140 148 # Signed Info  Signature method … … 179 187 contextNode=docNode, 180 188 context=ctxt) 181 189 190 # Leave out token 191 idNodes = [idNodes[1]] 192 182 193 # 1) Reference Generation 183 194 # 184 195 # Find references 196 c14nKw = {} 197 c14nKw['unsuppressedPrefixes'] = ['xmlns', 'xsi', 'xsd', 'SOAPENV', 'wsu', 'wsse', 'ns1'] 185 198 for idNode in idNodes: 186 199 … … 190 203 191 204 # Canonicalize reference 192 c14nRef = Canonicalize(idNode )205 c14nRef = Canonicalize(idNode, **c14nKw) 193 206 194 207 # Calculate digest for reference and base 64 encode … … 204 217 205 218 # Use ds:Transforms or wsse:TransformationParameters? 206 #transformsElem = refElem.createAppendElement(DSIG.BASE,207 #'Transforms')208 # transformElem = tranformsElem.createAppendElement(DSIG.BASE,209 #'Transform')219 transformsElem = refElem.createAppendElement(DSIG.BASE, 220 'Transforms') 221 transformElem = transformsElem.createAppendElement(DSIG.BASE, 222 'Transform') 210 223 # transformElem.node.setAttribute('Algorithm', DSIG.C14N) 224 transformElem.node.setAttribute('Algorithm', DSIG.C14N_EXCL) 225 226 inclNamespacesElem = transformElem.createAppendElement(\ 227 DSIG.C14N_EXCL, 228 'InclusiveNamespaces') 229 inclNamespacesElem.node.setAttribute('PrefixList', 230 ' '.join(c14nKw['unsuppressedPrefixes'])) 211 231 212 232 # Digest Method … … 243 263 # to include namespace declarations for namespaces referenced in a doc 244 264 # subset  yes to 2) 245 c14nSignedInfo = signedInfoElem.canonicalize() 265 #c14nSignedInfo = signedInfoElem.canonicalize() 266 c14nSignedInfo = Canonicalize(signedInfoElem.node, **signedInfoC14nKw) 246 267 247 268 # Calculate digest of SignedInfo … … 269 290 # import pdb;pdb.set_trace() 270 291 print "Signature Generated" 292 print str(soapWriter) 271 293 272 294 … … 320 342 transforms = getElements(transformsNode, "Transform") 321 343 322 algorithm = transforms[0].getAttributeNodeNS(None,344 refAlgorithm = transforms[0].getAttributeNodeNS(None, 323 345 "Algorithm").value 324 346 except Exception, e: 325 # Check for ds:CanonicalizationMethod treid for earlier326 algorithm = c14nMethodNode.getAttributeNodeNS(None,327 "Algorithm").value347 raise VerifyError, \ 348 'failed to get transform algorithm for <ds:Reference URI="%s">'%\ 349 (refURI, str(e)) 328 350 329 351 # Add extra keyword for Exclusive canonicalization method 330 352 c14nKw = {} 331 if algorithm == DSIG.C14N_EXCL:353 if refAlgorithm == DSIG.C14N_EXCL: 332 354 try: 333 355 inclusiveNS = getElements(transforms[0], … … 341 363 raise VerifyError, \ 342 364 'failed to handle transform (%s) in <ds:Reference URI="%s">'%\ 343 (transforms[0], uri)365 (transforms[0], refURI) 344 366 345 367 # Canonicalize the reference data and calculate the digest … … 371 393 context=ctxt)[0] 372 394 373 # Get the canonicalization method  change later to check this and 374 # make sure it's an algorithm supported by this code 375 c14nMethodNode = getElements(signedInfoNode, 376 "CanonicalizationMethod")[0] 377 378 algorithm = c14nMethodNode.getAttributeNodeNS(None, 'Algorithm').value 379 if algorithm != DSIG.C14N: 380 raise VerifyError, \ 381 "Only \"%s\" canonicalization algorithm supported" % DSIG.C14N 395 import pdb;pdb.set_trace() 396 # Get algorithm used for canonicalization of the SignedInfo 397 # element. Nb. This is NOT necessarily the same as that used to 398 # canonicalize the reference elements checked above! 399 signedInfoC14nAlg = c14nMethodNode.getAttributeNodeNS(None, 400 "Algorithm").value 401 signedInfoC14nKw = {} 402 if signedInfoC14nAlg == DSIG.C14N_EXCL: 403 try: 404 inclusiveNS = getElements(c14nMethodNode, 405 "InclusiveNamespaces") 382 406 407 pfxListAttNode = inclusiveNS[0].getAttributeNodeNS(None, 408 'PrefixList') 409 signedInfoC14nKw['unsuppressedPrefixes'] = \ 410 pfxListAttNode.value.split() 411 except Exception, e: 412 raise VerifyError, \ 413 'failed to handle exclusive canonicalisation for SignedInfo: %s' %\ 414 str(e) 415 383 416 # Canonicalize the SignedInfo node and take digest 384 c14nSignedInfo = Canonicalize(signedInfoNode )417 c14nSignedInfo = Canonicalize(signedInfoNode, **signedInfoC14nKw) 385 418 signedInfoDigestValue = sha(c14nSignedInfo).digest() 386 419 … … 398 431 399 432 400 # Read X.509 Cert from wsse:BinarySecurityToken node 401 #  leave out for now and read direct from hard coded pem file 402 x509Cert = X509.load_cert(self.__certFilePath) 433 # Look for X.509 Cert in wsse:BinarySecurityToken node 434 try: 435 binSecTokNode = xpath.Evaluate('//wsse:BinarySecurityToken', 436 contextNode=parsedSOAP.dom, 437 context=ctxt)[0] 438 x509str = binSecTokNode.childNodes[0]._get_nodeValue() 439 x509strAlt = '' 440 i = 0 441 while i < len(x509str): 442 x509strAlt += "%s\n" % x509str[i:i+64] 443 i += 64 444 445 raise Exception, "Try reading from file" 446 x509Cert = X509.load_cert_string(x509strAlt) 447 except: 448 # If not, check cert file 449 x509Cert = X509.load_cert(self.__certFilePath) 403 450 404 451 # Extract RSA public key from the cert
Note: See TracChangeset
for help on using the changeset viewer.