我从这样一个 XML 开始:
myXML="""<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:mes="http://www.ercot.com/schema/2007-06/nodal/ews/message">
<soapenv:Header> </soapenv:Header>
<soapenv:Body>
<RequestMessage xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns="http://www.ercot.com/schema/2007-06/nodal/ews/message">
<Header>
<Verb>get</Verb>
<Noun>BidSet</Noun>
<ReplayDetection>
<Nonce>177766768</Nonce>
<Created>2018-10-22T09:03:33.169-05:00</Created>
</ReplayDetection>
<Revision>1</Revision>
<Source>QSAMP</Source>
<UserID>USER1</UserID>
<MessageID>test</MessageID>
<Comment>test</Comment>
</Header>
<Request>
<ID>QSAMP.20181020.EB.AB_C.BID123</ID>
</Request>
</RequestMessage>
</soapenv:Body>
</soapenv:Envelope>"""
我需要用它签名,所以它看起来像这样
<soapenv:Envelope xmlns:mes="http://www.ercot.com/schema/2007-06/nodal/ews/message" xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/">
<soapenv:Header>
<wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" soapenv:mustUnderstand="1">
<wsse:BinarySecurityToken EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3" wsu:Id="X509-411BAD9927582E29B715402172715641">MIIEHTCCAwWgAwIBAgIBdDANBgkqhkiG9w0BAQsFADATMREwDwYDVQQKEwhFUkNPVERFVjAeFw0xNTA1MDYxODA4MjJaFw0yNTA1MDMxODA4MjJaMIIBHDELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAlRYMQ8wDQYDVQQHEwZUYXlsb3IxETAPBgNVBAoTCEVSQ09UREVWMRswGQYDVQQLExJFbXBsb3llZUlEIC0gVVNFUjExFzAVBgNVBAsTDk1QIC0gMDQzMjI2ODg1MSQwIgYDVQQLExtEVU5TIE51bWJlciAtIDA0MzIyNjg4NTIwMDAxGjAYBgNVBAsTEUVSQ09UIERldmVsb3BtZW50MQ4wDAYDVQQLEwVVU0VSMTEWMBQGA1UECxMNMDQzMjI2ODg1MjAwMDEcMBoGA1UEAxMTMDQzMjI2ODg1MjAwMCBVU0VSMTEeMBwGCSqGSIb3DQEJARYPdXNlcjFAZXJjb3QuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwBBaWstqWoqqJb+xAU6KGEMt+OkQY6ubbEEQml5SxkqDQRppo8U1kMHqKn4XhP3llZQGsMIBBMelb3nE9R3cDRmVcm3gJrj+pdeRh0ZGgPNwkASI/ev6SGGwWvDgAPNr8l+/UrrzgAMaYe9DrDEiFFZt+8Si3bbF4TEPM8F+6lJ2sNPU/5QBSv99v3QtZrqZvctSs9HCEfuoU9f2jHFCW46PWhH1dJUiyH24GPjaw+ZbVhrz1ccJH+JwZKybXgUdL5/fzcOfWveMXkTd6ai0/pSHiJRrT8oOXuaBsprDi0dKYbZTNx9d+8/HOugmP1J235Zg/mogP9h5lmjbw6lm7wIDAQABo3EwbzAdBgNVHQ4EFgQUCYkq9iXtxcS2GnQWwzBVQrefV3UwQwYDVR0jBDwwOoAUxY2QrudEPe3ldnlEenhuy/ehYUShF6QVMBMxETAPBgNVBAoTCEVSQ09UREVWggkA4jYWHOuW0D4wCQYDVR0TBAIwADANBgkqhkiG9w0BAQsFAAOCAQEAqVrVOfUbYotkL9Qmq5C8VYae+msJt4aG5SfXeWtND58DhDhx32PbWsFcQHPvJhHR+jV9dBg5yHkYMt712DJUsm2Fec+Cgc7yiJIFq1Pbs0cpe2NQqVJEaSzPyd6KB/nbJonIRtPFE+F4w4EHM+mbhdWecx7Tk8MH9235suZX50+uWPnnlYp9uJnqtJ13Mb6KObaCw/b8wXtFD1lu4B5p2W1vfgwhRR3Zh/f5AhuqaS+ZuMrwY7eM5LM278L5mzC+uYMT4fzzszDA3koXNTEqcCYCytj/sTO/UVqIO57/kU1l/ea+yj5E+Ak9yGBBu0sjua66bC5XwNFEOVrQLBkiUg==</wsse:BinarySecurityToken>
<ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#" Id="SIG-411BAD9927582E29B715402172716115">
<ds:SignedInfo>
<ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
<ec:InclusiveNamespaces xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#" PrefixList="mes soapenv"/>
</ds:CanonicalizationMethod>
<ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
<ds:Reference URI="#id-411BAD9927582E29B715402172716114">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
<ec:InclusiveNamespaces xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#" PrefixList="mes"/>
</ds:Transform>
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<ds:DigestValue>Vd6yUSv013P7ov8AzF2IbYv7yS4=</ds:DigestValue>
</ds:Reference>
</ds:SignedInfo>
<ds:SignatureValue>SnC9RHluvHxfg3zvfmoGHrfh6zfXSGUmGv9V351uhWgTn546tTU0/5LiaPsFEcfVxyWsoouVsBV9 VwCbw++6FmtehSCPH6CAO+1NngiE+miK6QThSqKJXj/5CbHwwfeQHqWRmf45AlCwvQiWhVqGi/tq
YViFi5t0aIMrdhLJDRNUv17UNPKVjcowyIbKLKQxSqNxB/PED8tF0oHC7rRmsEr3x7NqO/VZBWZd OgCQggWiAdXiBy+SwoooAufMs6t+2+YOFQtWLOHuIx79X+hFi3Gqff1I5vfiHust7/rZdSzx1wB/
T+aeNGIeIzQDNQoC55lhomgV0xp/3tZPHSzrqA==</ds:SignatureValue>
<ds:KeyInfo Id="KI-411BAD9927582E29B715402172716112">
<wsse:SecurityTokenReference wsu:Id="STR-411BAD9927582E29B715402172716113">
<wsse:Reference URI="#X509-411BAD9927582E29B715402172715641" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3"/>
</wsse:SecurityTokenReference>
</ds:KeyInfo>
</ds:Signature>
</wsse:Security>
</soapenv:Header>
<soapenv:Body xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="id-411BAD9927582E29B715402172716114">
<RequestMessage xmlns="http://www.ercot.com/schema/2007-06/nodal/ews/message" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<Header>
<Verb>get</Verb>
<Noun>BidSet</Noun>
<ReplayDetection>
<Nonce>177766768</Nonce>
<Created>2018-10-22T09:07:33.169-05:00</Created>
</ReplayDetection>
<Revision>1</Revision>
<Source>QSAMP</Source>
<UserID>USER1</UserID>
<MessageID>test</MessageID>
<Comment>test</Comment>
</Header>
<Request>
<ID>QSAMP.20181020.EB.AB_C.BID123</ID>
</Request>
</RequestMessage>
</soapenv:Body>
</soapenv:Envelope>
顺便说一句,那里的证书信息不是真实的,所以不用担心。
我查看了文档中的示例页面,但我不知道他们的源 xml 是什么样的,所以它使我的用例适应它变得非常棘手。
最佳答案
在 zeep、xmlsec 的源代码上摸索了一番,甚至尝试了 lxml 构造函数,但这里是:
from zeep.wsse.signature import sign_envelope
from lxml import etree
raw_xml = open('unsigned-soapenv.xml').read()
xml_root_element = etree.fromstring(raw_xml)
signed = sign_envelope(
xml_root_element,
'rsakey.pem',
'rsacert.pem'
)
tree = etree.ElementTree(xml_root_element)
tree.write('signed-soapenv.xml')
unsigned-soapenv.xml 是您的信封。
如果您需要示例签名和证书,它们来自python-xmlsec's test data .
无价的是 ipdb,它是一个具有自动完成功能的调试器。在您的终端中像这样尝试:
导入 ipdb; ipdb.set_trace()
关于python - 如何使用 xmlsec(或其他更合适的包)对 XML 进行签名,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/53025891/