Sorry about the long delay on this thread - I think at least one response got
lost in my junk mail filter, and in the meantime we got a java based solution
working. However, the Java based solution doesn't work on the latest mac os
(I'm running Mac OS X 10.8.2), and I don't know Java at all, so I'm back to
trying to figure out a python solution.
As far as custom headers go, that's not really the problem. I can get the
headers into the soap envelope, but I don't have a clue how to generate the
proper headers and encrypted body in the first place. According to google,
András Veres-Szentkirályi posted a response that looked promising (I never got
the message, unless it got lost in my junk mail filter), however I am having
problems with that as well. I was able to build the pyxmlsec module with only
minimal difficulty, but when I try to import xmlsec I get the following error:
>>> import xmlsec
Traceback (most recent call last):
File "<stdin>", line 1, in <module>
File "/Library/Python/2.7/site-packages/xmlsec.py", line 46, in <module>
import xmlsecmod
ImportError: dlopen(/Library/Python/2.7/site-packages/xmlsecmod.so, 2): Symbol
not found: _xmlSecOpenSSLAppGetDefaultPwdCallback
Referenced from: /Library/Python/2.7/site-packages/xmlsecmod.so
Expected in: flat namespace
in /Library/Python/2.7/site-packages/xmlsecmod.so
so that's not working either. Any other thoughts/solutions to this particular
issue? Thanks.
-----------------------------------------------
Israel Brewster
Computer Support Technician II
Era Alaska
5245 Airport Industrial Rd
Fairbanks, AK 99709
(907) 450-7250 x7293
-----------------------------------------------
BEGIN:VCARD
VERSION:3.0
N:Brewster;Israel;;;
FN:Israel Brewster
ORG:Frontier Flying Service;MIS
TITLE:PC Support Tech II
EMAIL;type=INTERNET;type=WORK;type=pref:[email protected]
TEL;type=WORK;type=pref:907-450-7293
item1.ADR;type=WORK;type=pref:;;5245 Airport Industrial Wy;Fairbanks;AK;99701;
item1.X-ABADR:us
CATEGORIES:General
X-ABUID:36305438-95EA-4410-91AB-45D16CABCDDC\:ABPerson
END:VCARD
On Sep 18, 2012, at 10:02 AM, Mariano Reingart <[email protected]> wrote:
> Hello Israel:
>
> There is a new patch to allow arbitrary xml headers made by remco.boerma
> (cc'd)
>
> http://code.google.com/p/pysimplesoap/issues/detail?id=78
>
> Does it address your problem?
>
> Sorry, I didn't have enought time to see this in detail, but as AFAIK
> it should be doable with pysimplesoap (including the encription part
> if required),
>
> Best regards,
>
> Mariano Reingart
> http://www.sistemasagiles.com.ar
> http://reingart.blogspot.com
>
>
> On Fri, Sep 7, 2012 at 2:33 PM, Israel Brewster <[email protected]> wrote:
>> Yep. Here you go - the sample request provided by the company I'm trying to
>> work with. It's kinda ugly, but hopefully helpful in finding a solution. As
>> this is the public example they post on their website, I figure it should be
>> fairly safe to share
>>
>> <?xml version='1.0' encoding='utf-8'?>
>> <soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/";
>> xmlns:xenc="http://www.w3.org/2001/04/xmlenc#";
>> xmlns:wsa="http://www.w3.org/2005/08/addressing";>
>> <soapenv:Header>
>> <wsse:Security
>> xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd";
>> soapenv:mustUnderstand="1">
>> <wsu:Timestamp
>> xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd";
>> wsu:Id="Timestamp-1702354">
>> <wsu:Created>2012-08-02T15:38:14.062Z</wsu:Created>
>> <wsu:Expires>2012-08-02T15:43:14.062Z</wsu:Expires>
>> </wsu:Timestamp>
>> <xenc:EncryptedKey Id="EncKeyId-4736426">
>> <xenc:EncryptionMethod
>> Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-1_5"; />
>> <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#";>
>> <wsse:SecurityTokenReference>
>> <wsse:KeyIdentifier
>> EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary";
>>
>> ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509SubjectKeyIdentifier";>aU53M6ufa/yIi/8Cf0SYnDqFNxg=</wsse:KeyIdentifier>
>> </wsse:SecurityTokenReference>
>> </ds:KeyInfo>
>> <xenc:CipherData>
>>
>> <xenc:CipherValue>Ra4sTc78C9XUm1Fr/PnCF8GzLKcQsvp4zU0AZIcsh4N9LfczMKmfGAHWiYi7uATIAcAHs1t6diqhrzndLB9q0j1fjRowCNszQ4cgCIuKKeqzAXVA1ZkT7h63hZu0Je6mhXD00VCK40FG8p+VumZw8sVASSj1lPrrTqTQR6mZMsM=</xenc:CipherValue>
>> </xenc:CipherData>
>> <xenc:ReferenceList>
>> <xenc:DataReference URI="#EncDataId-24737685" />
>> </xenc:ReferenceList>
>> </xenc:EncryptedKey>
>> <wsse:BinarySecurityToken
>> xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd";
>>
>> EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary";
>>
>> ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3";
>> wsu:Id="CertId-11497308"> [x509 encoded certificate goes here]
>> </wsse:BinarySecurityToken>
>> <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#";
>> Id="Signature-32961147">
>> <ds:SignedInfo>
>> <ds:CanonicalizationMethod
>> Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"; />
>> <ds:SignatureMethod
>> Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"; />
>> <ds:Reference URI="#id-24737685">
>> <ds:Transforms>
>> <ds:Transform
>> Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"; />
>> </ds:Transforms>
>> <ds:DigestMethod
>> Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"; />
>> <ds:DigestValue>CcedwmiGz5BM/IMhSiHt8yVSIU8=</ds:DigestValue>
>> </ds:Reference>
>> </ds:SignedInfo>
>>
>> <ds:SignatureValue>ITjzmx37JQs/8E+TdSXfApXCU96hLF/t2U6V7B39ZIc6y7oQpWDU4Xpqib63WUZEvoMtOWMeK/vl
>>
>> bJLoHVgwV/zkcBguEMGOTRSbJwQ7kfl15samDKXLy7I2/pN8hpV7b+AqM1xnM6xmhbljl7Xu0ou0
>> /PbebqE+GciDO6IVvSs=</ds:SignatureValue>
>> <ds:KeyInfo Id="KeyId-7364874">
>> <wsse:SecurityTokenReference
>> xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd";
>> wsu:Id="STRId-4101839">
>> <wsse:Reference URI="#CertId-11497308"
>> ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3";
>> />
>> </wsse:SecurityTokenReference>
>> </ds:KeyInfo>
>> </ds:Signature>
>> </wsse:Security>
>> <wsa:To>http://int2.myidtravel.com/ws/services/UploadService</wsa:To>
>> <wsa:MessageID>urn:uuid:13C80BD4B1F84AE17F1343921893115</wsa:MessageID>
>> <wsa:Action>urn:StaffProfilesUpload</wsa:Action>
>> </soapenv:Header>
>> <soapenv:Body
>> xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd";
>> wsu:Id="id-24737685">
>> <xenc:EncryptedData Id="EncDataId-24737685"
>> Type="http://www.w3.org/2001/04/xmlenc#Content";>
>> <xenc:EncryptionMethod
>> Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc"; />
>> <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#";>
>> <wsse:SecurityTokenReference
>> xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd";>
>> <wsse:Reference URI="#EncKeyId-4736426" />
>> </wsse:SecurityTokenReference>
>> </ds:KeyInfo>
>> <xenc:CipherData>
>>
>> <xenc:CipherValue>rSpEJkpoaveOKLvNV2EdY38XcwXMMdqRyVHL0+x0x8Pn9jW0oiNr54AP/I5k4OX7kPTisoD1ZccT
>>
>> agFspo8zKeNZZmEMJcecjV5m7AdeCtpKrhJ6thTM6GC//7bzw5AlRwtqHmnpiI2qMXE5hZDoeCGm
>> umyqfxNy0gvNKaYAHKsTe92PDWo96oKgcBEtiToP5vpEYvfxjGjXQYjAsX/i2Ni9KSr0aFZvTDio
>> 89lZJF1nQkcb237pjStKXF7w6uqLzgckDPVtbx4eTg28pPim6u/pLBjGIFGOR8KFOyNJ6UZC1Atw
>> SXmdFGzD2pySmoAxm1Ue9G9ohK34SR+0bRWoATPrEMXqKJ3M63mgbF4xcyDulLAkuJt5Z8Myeljh
>> sPJKfWWpjaUCTn3ynlU5fXwYMA/WdTDlq4ddq7NprfNf2gP7eCz7E1sPNrC9b5DcMiqrkQgK61y2
>> TTVGAozhb4plrawDithPjiVLERuJkL7ce4JbDGFyGkF4Bl5Tkwsf7NYOk46jR1LYM5XhAxqDJpI6
>> bb+t3f+7P7cqN7PUqYGFEGrZWtizZkDS6Wk7v0y6N3xHFTrswcQcwCu/qqxF+yUaCtw4UInkMkLA
>> cjCgRNzPzqPWocvrgBWu18PjEW1nW3lMqqFWu8DvBcjXyN/QqnJpMIuGA/9++Rp3rHl2+IS0BVpV
>> FaFn8bA6ju151ZaIttfktss7HfHZZ5mMDXmA33trekcgtZCmdL4mjMpAGcMVYpAWT5eCNVbfJpa9
>> mr6c+Ir514uq6S38o/eOHrUx49UTEXhN0IET288yhMdTp58ztAAvGuwbQA0qPX5CcnEbDP0Sm/OF
>> EDLHJz+CCVWPrzJZh7+s8/kMGZkTmk7q8qTXG5tV3+zWGiHTW5aoA2xOT8jvcx30Cjp+HTECURKw
>> rZF+m7x9dFrtAOnAPpiD8zmkDY+1+eLMnmQ4Dp94bJHi3ekKJ0xpplK5cV+MuvKfmYGkOAI+VaWJ
>> WCriZfI88dh6+CneVUJHKMkNJxN5CJj2aY7868fOQdC0ZZzN4ujuSnrBeDDeJh26JuAziL5UZQ1E
>> yJqpjv8VxBQDJUe8aEg6jMYF6kfE56yx+rR3qjzwiVQSSBRSQ3dQRG7/KIs+dhOg9N0k6nB3wA9E
>> 11xcekz8Vt7I7GZH/Ye4/9xM21ATtHsdJ8mJB7Sy7Sxs0JgKE53B6FzAG+WD5OOYOcN2ZifXymTn
>> JAR0jH0Ue58gx2pTV4pwxcZ+68i/194gWGcFezFiFGccy8KP2XsmZIdBRJjbrN+PZP2T5d6Dht56
>> eJkzDCB+PNwc26rFVFBp2ZyZNLWmbq5qJ9cYpqhsi6qHGll7VWkTP8G2U2S1Uxq5u8Thf7D6K5Te
>> rSiHJiVTIdbYUIJ75TmnRhoitYQj3NbDGPIz6/TZfVCeLFA1WG9+6yunRO/N5VhUp0oec0kxe7p9
>> SdXK76v7BbkLoLotddXLUI4lidj0ejzB955bW9oUqh3ILH6gd6OJHDM8OHu29Cza79ZE2OURBhG9
>> 6Jr26MAlKLQ2+yLUzEFfZAR+iwmGsAWppEXHFXFybKxtslegePxFmZ7TXmel7eE3VsNSX0kx6oYT
>> 64c0</xenc:CipherValue>
>> </xenc:CipherData>
>> </xenc:EncryptedData>
>> </soapenv:Body>
>> </soapenv:Envelope>
>> -----------------------------------------------
>> Israel Brewster
>> Computer Support Technician II
>> Era Alaska
>> 5245 Airport Industrial Rd
>> Fairbanks, AK 99709
>> (907) 450-7250 x7293
>> -----------------------------------------------
>>
>>
>>
>> On Sep 7, 2012, at 7:14 AM, Mariano Reingart wrote:
>>
>>> Hello Israel:
>>>
>>> Do you have any example of a WS-Security with certificate data.
>>> And XML request message would be useful.
>>>
>>> Best regards,
>>>
>>> Mariano Reingart
>>> http://www.sistemasagiles.com.ar
>>> http://reingart.blogspot.com
>>>
>>>
>>> On Thu, Sep 6, 2012 at 6:39 PM, Israel Brewster <[email protected]>
>>> wrote:
>>>> I am trying to figure out how to create a SOAP client for a service that
>>>> requires WS-Security and uses certificates for authentication. Looking at
>>>> the sample request they provided, it looks as though the wise security
>>>> header contains the key, certificate, and some sort of signature. However,
>>>> in looking online, all I can seem to find are examples of using WS-Security
>>>> with a username and password. Are there any SAOP libraries available that
>>>> provide support for WS-Security with certificates and signatures? Thanks.
>>>>
>>>> -----------------------------------------------
>>>> Israel Brewster
>>>> Computer Support Technician II
>>>> Era Alaska
>>>> 5245 Airport Industrial Rd
>>>> Fairbanks, AK 99709
>>>> (907) 450-7250 x7293
>>>> -----------------------------------------------
>>>>
>>>>
>>>>
>>>>
>>>> _______________________________________________
>>>> Soap mailing list
>>>> [email protected]
>>>> http://mail.python.org/mailman/listinfo/soap
>>>>
>>
>>
_______________________________________________
Soap mailing list
[email protected]
http://mail.python.org/mailman/listinfo/soap
