class ZeepWsseSignature(object): def apply(self, envelope, headers):

1. class ZeepWsseSignature(object):
2.  
3. def apply(self, envelope, headers):
4. sign_envelope(envelope, self.key)
5. return envelope, headers
6.  
7. def verify(self, envelope):
8. if not verify_envelope(envelope, self.tbk_cert):
9. raise InvalidSignatureResponse()
10. return envelope
11.  
12.  
13. def sign_envelope(envelope, key):
14. # Create the Signature node.
15. signature = xmlsec.template.create(
16. envelope,
17. xmlsec.Transform.EXCL_C14N,
18. xmlsec.Transform.RSA_SHA1,
19. )
20.  
21. # Add a KeyInfo node with X509Data child to the Signature. XMLSec will fill
22. # in this template with the actual certificate details when it signs.
23. key_info = xmlsec.template.ensure_key_info(signature)
24. x509_data = xmlsec.template.add_x509_data(key_info)
25. xmlsec.template.x509_data_add_issuer_serial(x509_data)
26. xmlsec.template.x509_data_add_certificate(x509_data)
27.  
28. # Insert the Signature node in the wsse:Security header.
29. security = get_or_create_security_header(envelope)
30. security.insert(0, signature)
31.  
32. # Perform the actual signing.
33. ctx = xmlsec.SignatureContext()
34. ctx.key = key
35. sign_node(ctx, signature, envelope.find(ns(SOAP_NS, 'Body')))
36. ctx.sign(signature)
37.  
38. # Place the X509 data inside a WSSE SecurityTokenReference within
39. # KeyInfo. The recipient expects this structure, but we can't rearrange
40. # like this until after signing, because otherwise xmlsec won't populate
41. # the X509 data (because it doesn't understand WSSE).
42. sec_token_ref = create_xml_element(ns(WSSE_NS, 'SecurityTokenReference'))
43. sec_token_ref.append(x509_data)
44. key_info.append(sec_token_ref)