问题描述
我正在尝试使用证书签名调用 SOAP 服务。这里服务器有自己的证书,需要与请求相同的证书签名。我不确定这是如何工作的,因为我是这种情况的新手。
到目前为止,我已经尝试过普通的 requests 方法,但没有奏效。现在我正在使用 zeep 库。在这方面,我也覆盖了 BinarySignature 类,因为它在 git 的问题中建议。
这是我的代码:
from zeep import Client as cl
from requests import Session
from zeep.transports import Transport
from zeep.plugins import HistoryPlugin
from lxml import etree
import zeep
from zeep.wsse.signature import Signature,BinarySignature
import uuid
import OpenSSL
import base64
from zeep.wsse import utils
from datetime import datetime,timedelta
class SelfBinarySignature(BinarySignature):
def apply(self,envelope,headers):
security = utils.get_security_header(envelope)
created = datetime.utcNow()
expired = created + timedelta(seconds=1 * 60)
timestamp = utils.WSU('Timestamp')
timestamp.append(utils.WSU('Created',created.replace(microsecond=0).isoformat()+'Z'))
timestamp.append(utils.WSU('Expires',expired.replace(microsecond=0).isoformat()+'Z'))
security.append(timestamp)
super().apply(envelope,headers)
return envelope,headers
def verify(self,envelope):
return envelope
def create_csr(common_name,country=None,state=None,city=None,organization=None,organizational_unit=None,email_address=None):
key = OpenSSL.crypto.PKey()
key.generate_key(OpenSSL.crypto.TYPE_RSA,2048)
req = OpenSSL.crypto.X509()
req.get_subject().CN = common_name
if organizational_unit:
req.get_subject().OU = organizational_unit
if organization:
req.get_subject().O = organization
if city:
req.get_subject().L = city
if state:
req.get_subject().ST = state
if country:
req.get_subject().C = country
if email_address:
req.get_subject().emailAddress = email_address
req.set_serial_number(1000)
req.gmtime_adj_notBefore(0)
req.gmtime_adj_notAfter(10*365*24*60*60)
req.set_issuer(req.get_subject())
req.set_pubkey(key)
req.sign(key,'sha256')
private_key = OpenSSL.crypto.dump_privatekey(
OpenSSL.crypto.FILETYPE_PEM,key)
public_key = OpenSSL.crypto.dump_publickey(OpenSSL.crypto.FILETYPE_PEM,key)
csr = OpenSSL.crypto.dump_certificate(
OpenSSL.crypto.FILETYPE_PEM,req)
out_keys = {
"private key" : private_key,"public key": public_key,"certificate": csr,"reqest": req
}
return out_keys
certificate = create_csr(common_name="CN",organizational_unit="OU",organization="ORG",city="Mumbai",state="MH",country="IN"
)
with open('cert.pem',"wb") as f:
f.write(certificate['certificate'])
with open('public.pem',"wb") as f:
f.write(certificate['public key'])
with open('private.pem',"wb") as f:
f.write(certificate['private key'])
# url="https://my.server.soap/Service?WDSL"
url = "https://my.server.soap/Service?WSDL"
history = HistoryPlugin()
session = Session()
# This line returns error:
#ssl.SSLCertVerificationError: [SSL: CERTIFICATE_VERIFY_Failed] certificate verify Failed: self signed certificate in certificate chain (_ssl.c:1123)
# session.verify = 'server.crt'
#So to try further,I modified value to:
session.verify = True
transport = Transport(session=session)
client = cl(url,transport=transport,plugins=[history],wsse=SelfBinarySignature("private.pem","cert.pem"))
# This line returns error:
# Security token Failed to validate. weblogic.xml.crypto.wss.SecurityTokenValidateResult
client.service.sayHello("Test")
解决方法
暂无找到可以解决该程序问题的有效方法,小编努力寻找整理中!
如果你已经找到好的解决方法,欢迎将解决方案带上本链接一起发送给小编。
小编邮箱:dio#foxmail.com (将#修改为@)