Sign elements required by WSDL

tpazderka · tpazderka · commit d4cb5d9cd3ee · 2018-05-07T13:39:33.000+02:00
diff --git a/src/zeep/wsdl/bindings/soap.py b/src/zeep/wsdl/bindings/soap.py
@@ -86,7 +86,7 @@ def _create(self, operation, args, kwargs, client=None, options=None):
 
             # Apply WSSE
             if client.wsse:
-                envelope, http_headers = client.wsse.apply(envelope, http_headers)
+                envelope, http_headers = client.wsse.apply(envelope, http_headers, operation_obj)
         return envelope, http_headers
 
     def send(self, client, options, operation, args, kwargs):
diff --git a/src/zeep/wsse/signature.py b/src/zeep/wsse/signature.py
@@ -14,6 +14,7 @@
 from zeep import ns
 from zeep.exceptions import SignatureVerificationFailed
 from zeep.utils import detect_soap_env
+from zeep.wsdl.utils import get_or_create_header
 from zeep.wsse.utils import ensure_id, get_security_header
 
 try:
@@ -52,9 +53,9 @@ def __init__(self, key_data, cert_data, password=None):
         self.cert_data = cert_data
         self.password = password
 
-    def apply(self, envelope, headers):
+    def apply(self, envelope, headers, operation_obj):
         key = _make_sign_key(self.key_data, self.cert_data, self.password)
-        _sign_envelope_with_key(envelope, key)
+        _sign_envelope_with_key(envelope, key, operation_obj)
         return envelope, headers
 
     def verify(self, envelope):
@@ -173,7 +174,7 @@ def sign_envelope(envelope, keyfile, certfile, password=None):
     return _sign_envelope_with_key(envelope, key)
 
 
-def _sign_envelope_with_key(envelope, key):
+def _sign_envelope_with_key(envelope, key, operation_obj):
     soap_env = detect_soap_env(envelope)
 
     # Create the Signature node.
@@ -198,8 +199,18 @@ def _sign_envelope_with_key(envelope, key):
     # Perform the actual signing.
     ctx = xmlsec.SignatureContext()
     ctx.key = key
-    _sign_node(ctx, signature, envelope.find(QName(soap_env, 'Body')))
+    # Sign default elements
     _sign_node(ctx, signature, security.find(QName(ns.WSU, 'Timestamp')))
+    if operation_obj.binding.signatures['body'] or operation_obj.binding.signatures['everything']:
+        _sign_node(ctx, signature, envelope.find(QName(soap_env, 'Body')))
+    # Sign extra elements defined in WSDL
+    header = get_or_create_header(envelope)
+    if operation_obj.binding.signatures['everything']:
+        for node in header.iterchildren():
+            _sign_node(ctx, signature, node)
+    else:
+        for node in operation_obj.binding.signatures['header']:
+            _sign_node(ctx, signature, header.find(QName(node['Namespace'], node['Name'])))
     ctx.sign(signature)
 
     # Place the X509 data inside a WSSE SecurityTokenReference within
