/$Z|("dZddlmZddlZejdkrexZZddlZddl m Z ddl Z ddl Z ddl Z ddlZddlmZmZmZmZddlmZddlZddlZdd l mZd Zd Zd Zd ZdZdZdZGddZ Gdde Z!dZ"GddZ#dS)zFPythonic simple SOAP Client plugins for WebService Security extensions)unicode_literalsN3)Decimal) __author__ __copyright__ __license__ __version__)SimpleXMLElement)sha1cZddt|DS)Nc3K|]A}tjtjtjzVBdSN)random SystemRandomchoicestringascii_uppercasedigits).0_s 3/usr/lib/python3/dist-packages/pysimplesoap/wsse.py zrandombytes..$sDjj\]6&((//0F0VWWjjjjjj)joinrange)Ns r randombytesr#s- 77jjafghaiaijjj j jjrzQhttp://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsdzRhttp://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsdz"http://www.w3.org/2000/09/xmldsig#zUhttp://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3z^http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binaryzahttp://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordDigestc&eZdZdZddZdZdZdS) UsernameTokenzGWebService Security extension to add a basic credentials to xml requestrcd||di|_dS)Nwsse:UsernameToken) wsse:Username wsse:Password)token)selfusernamepasswords r__init__zUsernameToken.__init__3s" !)!)## rc|d|}d} | |vr || |_|| |jddt|| d<dS)z)Add basic credentials to outgoing messageHeaderns wsse:SecurityF)r.add_children_ns xmlns:wsseN)r&marshallWSSE_URI) r'clientrequestmethodargskwargsheaderssoap_uriheaderks r preprocesszUsernameToken.preprocess;seh111  << DJ4:%GGG"*q ,rcdS)zAnalyze incoming credentialsN)r'r4responser6r7r8r9r:s r postprocesszUsernameToken.postprocessHs  rN)rr)__name__ __module__ __qualname____doc__r*r=rAr?rrr!r!0sLMM + + +     rr!c eZdZdZddZdZdS)UsernameDigestTokenz WebService Security extension to add a http digest credentials to xml request drift -> time difference from the server in seconds, needed for 'Created' header rrcV||_||_tj||_dS)N)seconds)r(r)datetime timedeltadrift)r'r(r)rLs rr*zUsernameDigestToken.__init__Ss)    '666 rc|d|}|dd} t| d<t| d<| dd} | d|jdtj|jzd z} | d | dtd } | d | d ddd} t| d<t}| | | z|j z|}| d| d ddd}t|d<dS)Nr,r-r/Fr1 xmlns:wsur#r$Zz wsu:Createdz wsse:Noncebase64 EncodingTyper%Type) add_childr3WSU_URIr(rJutcnowrL isoformatrencodeBase64Binary_URIr updater)digestPasswordDigest_URI)r'r4r5r6r7r8r9r:r;wsse usertokencreatednonce wssenoncesha1objr\r)s rr=zUsernameDigestToken.preprocessXsyh111E::%\#[NN#7ENBB OT]uEEE$++-- :EEGG#MM7u===B'' ell86L6LSbS6QV['\\ $4 .!&&uw6777!!&& h8O8OPSQSPS8TY^&__-rN)rrr)rBrCrDrEr*r=r?rrrGrGMsA 7777 .....rrGaZ %(certificate)s %(signed_info)s %(signature_value)s c.eZdZdZd dZdZdZd dZdS) BinaryTokenSignaturezEWebService Security extension to add a basic signature to xml requestrNcddt|D|_||_||_||_dS)Nrc<g|]}|d|S)z---) startswith)rlines r z1BinaryTokenSignature.__init__..s?$H$H$HT040F0F$HD$H$H$Hr)ropen certificate private_keyr)cacert)r'rlrmr)rns rr*zBinaryTokenSignature.__init__s\77$H$HT+5F5F$H$H$HII&   rc|d|}|d|} d|d<t|d<|ddD]\} } | dr| || < t|} d d lm} | | d |j|j}|j|d <tt|z}| |dS) zSign the outgoing SOAP requestBodyr-r,zid-14wsu:IdrNNxmlnsrxmlsecz#id-14rl) rVrhreprrrtrsa_signrmr)rlr BIN_TOKEN_TMPL import_node)r'r4r5r6r7r8r9r:bodyr;attrvalueref_xmlrtvarsr^s rr=zBinaryTokenSignature.preprocessswv(---h111 X#["111: # #KD%w'' #"T t**w#/@@".] 5664     rcddlm}|d|} |d|} | dt} | dt} || dt|| d t t | d } || d }|j stj d n,| |j | d std|| dt| d}| dt}|dt}|dt}||dtdd|z||dtdtdz||dtdtdtdz|ddD]\}}|dr|| |< |t%| }||}t |dtdt}||krtdt|d<t%|}||t ||}|std dS)!z-Verify the signature of the incoming responserrsrpr-r,SecurityBinarySecurityTokenrS ValueTyperQT)binaryz/No CA provided, WSSE not validating certificatez"WSSE certificate validation failedrNrq Signature SignedInfoSignatureValue ReferenceURI#SignatureMethod Algorithmzrsa-sha1 DigestMethodr Nrr DigestValuezWSSE SHA1 hash digests mismatchz+WSSE RSA-SHA1 signature verification failed)rrtr3_BinaryTokenSignature__checkrZ X509v3_URIstrdecodex509_extract_rsa_public_keyrnwarningswarn x509_verify RuntimeErrorrV XMLDSIG_URIrh canonicalizerusha1_hash_digest rsa_verify)r'r4r@r6r7r8r9r:rtryr;r^certcert_der public_keyref_uri signature signed_infosignature_valuerzr{r| computed_hash digest_valuexmloks rrAz BinaryTokenSignature.postprocesss%x8...(x222vjX...t)h777 T.)+;<<< T+& 333t99##H--777NN { E MK L L L L##DK$#GG ECDD D T+&000x.D555 i === #)$4EEE [[===eDcGmTTT [[!2{CCCKP :- / / / =[[===nQ\]]]^ij 6) + + +$AAA; # #KD%w'' #"T %%d4jj110099 C;;{{CCCMVabbbcc L ( (@AA A* G;   sC$8$8* E E NLMM M N NrWSSE sanity check failedc0||krt|dSr)r)r'r{expectedmsgs r__checkzBinaryTokenSignature.__checks# H  s## #  r)rrNN)r)rBrCrDrEr*r=rArr?rrreresdKK!!!.1N1N1Nh$$$$$$rre)$rE __future__rsysversionr basestringunicoderJdecimalroslogginghashlibrrrrr r simplexmlr rrr rr3rVrrrZr]r!rGrwrer?rrrsML(''''' ;J AAAAAAAAAAAA'''''' kkk _ ^2 d sx        :.....-...D X$X$X$X$X$X$X$X$X$X$r