add new functionalities : kwargs for verify_reply_signature / different cert verify response

gil-obradors · CaioCSdev · commit 6579ed4fd5d3 · 2024-09-24T05:48:14.000+01:00
update doc for new features

updated CONTRIBUTORS.rst

update wsse doc

fix init MemorySignature for case with different cert file
diff --git a/CONTRIBUTORS.rst b/CONTRIBUTORS.rst
@@ -50,5 +50,6 @@ Contributors
 * Raymond Piller
 * Zoltan Benedek
 * Øyvind Heddeland Instefjord
+* Gil Obradors
 
 
diff --git a/docs/wsse.rst b/docs/wsse.rst
@@ -37,6 +37,11 @@ Example usage A::
     ...         optional_password))
 
 
+To skip response signature verification set `verify_reply_signature=False`
+
+To configure different certificate for response verify proces set `response_key_file` or
+and `response_certfile`.
+
 .. _xmlsec: https://pypi.python.org/pypi/xmlsec
 .. _README: https://github.com/mehcode/python-xmlsec
 
diff --git a/src/zeep/wsse/signature.py b/src/zeep/wsse/signature.py
@@ -52,6 +52,8 @@ def __init__(
         password=None,
         signature_method=None,
         digest_method=None,
+        verify_reply_signature=True,
+        response_cert_data=None
     ):
         check_xmlsec_import()
 
@@ -60,6 +62,8 @@ def __init__(
         self.password = password
         self.digest_method = digest_method
         self.signature_method = signature_method
+        self.verify_reply_signature = verify_reply_signature
+        self.response_cert_data= response_cert_data
 
     def apply(self, envelope, headers):
         key = _make_sign_key(self.key_data, self.cert_data, self.password)
@@ -69,7 +73,10 @@ def apply(self, envelope, headers):
         return envelope, headers
 
     def verify(self, envelope):
-        key = _make_verify_key(self.cert_data)
+        if not self.verify_reply_signature:
+            return envelope
+        key = _make_verify_key(self.cert_data if not self.response_cert_data else
+                               self.response_cert_data)
         _verify_envelope_with_key(envelope, key)
         return envelope
 
@@ -84,13 +91,17 @@ def __init__(
         password=None,
         signature_method=None,
         digest_method=None,
+        verify_reply_signature=True,
+        response_certfile=None
     ):
         super().__init__(
             _read_file(key_file),
             _read_file(certfile),
             password,
             signature_method,
             digest_method,
+            verify_reply_signature,
+            _read_file(response_certfile) if response_certfile else None
         )
 
 
