From eb1d84e7654dc6c0bececc044d57411893fa55ea Mon Sep 17 00:00:00 2001
From: Erik Petrovski <erik@petrovski.dk>
Date: Wed, 22 Apr 2020 20:21:27 +0200
Subject: [PATCH 1/8] fix 'list' object has no attribute 'verify'

---
 src/zeep/wsdl/bindings/soap.py | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/src/zeep/wsdl/bindings/soap.py b/src/zeep/wsdl/bindings/soap.py
index 3a5e5433..ef75ecb6 100644
--- a/src/zeep/wsdl/bindings/soap.py
+++ b/src/zeep/wsdl/bindings/soap.py
@@ -216,7 +216,11 @@ def process_reply(self, client, operation, response):
                 message_pack = None
 
         if client.wsse:
-            client.wsse.verify(doc)
+            if isinstance(client.wsse, list):
+                for wsse in client.wsse:
+                    wsse.verify(doc)
+            else:
+                client.wsse.verify(doc)
 
         doc, http_headers = plugins.apply_ingress(
             client, doc, response.headers, operation

From 99606c3a88ebff8227741e107c076618dc8d5309 Mon Sep 17 00:00:00 2001
From: Caio Salgado <caio.salgado@axonius.com>
Date: Tue, 24 Sep 2024 05:46:47 +0100
Subject: [PATCH 2/8] git: reversible changes to be later reverted

Changes only necessary for a clean patch apply
---
 CONTRIBUTORS.rst |  2 +-
 docs/wsse.rst    | 12 ------------
 2 files changed, 1 insertion(+), 13 deletions(-)

diff --git a/CONTRIBUTORS.rst b/CONTRIBUTORS.rst
index 1f02e449..063f6ce0 100644
--- a/CONTRIBUTORS.rst
+++ b/CONTRIBUTORS.rst
@@ -50,5 +50,5 @@ Contributors
 * Raymond Piller
 * Zoltan Benedek
 * Øyvind Heddeland Instefjord
-* Pol Sanlorenzo
+
 
diff --git a/docs/wsse.rst b/docs/wsse.rst
index f1c528ef..4b46d0d4 100644
--- a/docs/wsse.rst
+++ b/docs/wsse.rst
@@ -36,19 +36,7 @@ Example usage A::
     ...         private_key_filename, public_key_filename, 
     ...         optional_password))
 
-Example usage B::
 
-    >>> from zeep import Client
-    >>> from zeep.wsse.signature import Signature
-    >>> from zeep.transports import Transport
-    >>> from requests import Session
-    >>> session = Session()
-    >>> session.cert = '/path/to/ssl.pem'
-    >>> transport = Transport(session=session)
-    >>> client = Client(
-    ...     'http://www.webservicex.net/ConvertSpeed.asmx?WSDL',
-    ...     transport=transport)
-    
 .. _xmlsec: https://pypi.python.org/pypi/xmlsec
 .. _README: https://github.com/mehcode/python-xmlsec
 

From 6579ed4fd5d3f27c508be18d9478343b96375ecc Mon Sep 17 00:00:00 2001
From: gil obradors <gil.obradors@gmail.com>
Date: Fri, 24 Jul 2020 18:13:32 +0200
Subject: [PATCH 3/8] add new functionalities : kwargs for
 verify_reply_signature / different cert verify response

update doc for new features

updated CONTRIBUTORS.rst

update wsse doc

fix init MemorySignature for case with different cert file
---
 CONTRIBUTORS.rst           |  1 +
 docs/wsse.rst              |  5 +++++
 src/zeep/wsse/signature.py | 13 ++++++++++++-
 3 files changed, 18 insertions(+), 1 deletion(-)

diff --git a/CONTRIBUTORS.rst b/CONTRIBUTORS.rst
index 063f6ce0..ddfa36f4 100644
--- a/CONTRIBUTORS.rst
+++ b/CONTRIBUTORS.rst
@@ -50,5 +50,6 @@ Contributors
 * Raymond Piller
 * Zoltan Benedek
 * Øyvind Heddeland Instefjord
+* Gil Obradors
 
 
diff --git a/docs/wsse.rst b/docs/wsse.rst
index 4b46d0d4..c5449b26 100644
--- a/docs/wsse.rst
+++ b/docs/wsse.rst
@@ -37,6 +37,11 @@ Example usage A::
     ...         optional_password))
 
 
+To skip response signature verification set `verify_reply_signature=False`
+
+To configure different certificate for response verify proces set `response_key_file` or
+and `response_certfile`.
+
 .. _xmlsec: https://pypi.python.org/pypi/xmlsec
 .. _README: https://github.com/mehcode/python-xmlsec
 
diff --git a/src/zeep/wsse/signature.py b/src/zeep/wsse/signature.py
index c4aec758..09d9a4de 100644
--- a/src/zeep/wsse/signature.py
+++ b/src/zeep/wsse/signature.py
@@ -52,6 +52,8 @@ def __init__(
         password=None,
         signature_method=None,
         digest_method=None,
+        verify_reply_signature=True,
+        response_cert_data=None
     ):
         check_xmlsec_import()
 
@@ -60,6 +62,8 @@ def __init__(
         self.password = password
         self.digest_method = digest_method
         self.signature_method = signature_method
+        self.verify_reply_signature = verify_reply_signature
+        self.response_cert_data= response_cert_data
 
     def apply(self, envelope, headers):
         key = _make_sign_key(self.key_data, self.cert_data, self.password)
@@ -69,7 +73,10 @@ def apply(self, envelope, headers):
         return envelope, headers
 
     def verify(self, envelope):
-        key = _make_verify_key(self.cert_data)
+        if not self.verify_reply_signature:
+            return envelope
+        key = _make_verify_key(self.cert_data if not self.response_cert_data else
+                               self.response_cert_data)
         _verify_envelope_with_key(envelope, key)
         return envelope
 
@@ -84,6 +91,8 @@ def __init__(
         password=None,
         signature_method=None,
         digest_method=None,
+        verify_reply_signature=True,
+        response_certfile=None
     ):
         super().__init__(
             _read_file(key_file),
@@ -91,6 +100,8 @@ def __init__(
             password,
             signature_method,
             digest_method,
+            verify_reply_signature,
+            _read_file(response_certfile) if response_certfile else None
         )
 
 

From e18b5e794fe9c889a4dec6f9223290e71ede015c Mon Sep 17 00:00:00 2001
From: Caio Salgado <caio.salgado@axonius.com>
Date: Tue, 24 Sep 2024 05:51:45 +0100
Subject: [PATCH 4/8] Revert "git: reversible changes to be later reverted"

This reverts commit 99606c3a88ebff8227741e107c076618dc8d5309.
---
 CONTRIBUTORS.rst |  2 +-
 docs/wsse.rst    | 28 ++++++++++++++++++++--------
 2 files changed, 21 insertions(+), 9 deletions(-)

diff --git a/CONTRIBUTORS.rst b/CONTRIBUTORS.rst
index ddfa36f4..6520aa8b 100644
--- a/CONTRIBUTORS.rst
+++ b/CONTRIBUTORS.rst
@@ -51,5 +51,5 @@ Contributors
 * Zoltan Benedek
 * Øyvind Heddeland Instefjord
 * Gil Obradors
-
+* Pol Sanlorenzo
 
diff --git a/docs/wsse.rst b/docs/wsse.rst
index c5449b26..564beec0 100644
--- a/docs/wsse.rst
+++ b/docs/wsse.rst
@@ -10,7 +10,7 @@ The UsernameToken supports both the passwordText and passwordDigest methods::
     >>> from zeep import Client
     >>> from zeep.wsse.username import UsernameToken
     >>> client = Client(
-    ...     'http://www.webservicex.net/ConvertSpeed.asmx?WSDL', 
+    ...     'http://www.webservicex.net/ConvertSpeed.asmx?WSDL',
     ...     wsse=UsernameToken('username', 'password'))
 
 To use the passwordDigest method you need to supply `use_digest=True` to the
@@ -21,26 +21,38 @@ Signature (x509)
 ----------------
 
 To use the wsse.Signature() plugin you will need to install the `xmlsec`_
-module. See the `README`_ for xmlsec for the required dependencies on your 
+module. See the `README`_ for xmlsec for the required dependencies on your
 platform.
 
 To append the security token as `BinarySecurityToken`, you can use wsse.BinarySignature() plugin.
 
+To skip response signature verification set `verify_reply_signature=False`
+
+To configure different certificate for response verify process, set `response_key_file` or
+and `response_certfile`.
+
 Example usage A::
 
     >>> from zeep import Client
     >>> from zeep.wsse.signature import Signature
     >>> client = Client(
-    ...     'http://www.webservicex.net/ConvertSpeed.asmx?WSDL', 
+    ...     'http://www.webservicex.net/ConvertSpeed.asmx?WSDL',
     ...     wsse=Signature(
-    ...         private_key_filename, public_key_filename, 
+    ...         private_key_filename, public_key_filename,
     ...         optional_password))
 
+Example usage B::
 
-To skip response signature verification set `verify_reply_signature=False`
-
-To configure different certificate for response verify proces set `response_key_file` or
-and `response_certfile`.
+    >>> from zeep import Client
+    >>> from zeep.wsse.signature import Signature
+    >>> from zeep.transports import Transport
+    >>> from requests import Session
+    >>> session = Session()
+    >>> session.cert = '/path/to/ssl.pem'
+    >>> transport = Transport(session=session)
+    >>> client = Client(
+    ...     'http://www.webservicex.net/ConvertSpeed.asmx?WSDL',
+    ...     transport=transport)
 
 .. _xmlsec: https://pypi.python.org/pypi/xmlsec
 .. _README: https://github.com/mehcode/python-xmlsec

From 90a4c092c4b5a48009a9e7f2575e383b2f2f6530 Mon Sep 17 00:00:00 2001
From: Caio Salgado <caio.salgado@axonius.com>
Date: Tue, 24 Sep 2024 06:46:54 +0100
Subject: [PATCH 5/8] fix: more flexible API, that works

---
 src/zeep/wsdl/bindings/soap.py | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/src/zeep/wsdl/bindings/soap.py b/src/zeep/wsdl/bindings/soap.py
index ef75ecb6..bf08ce8c 100644
--- a/src/zeep/wsdl/bindings/soap.py
+++ b/src/zeep/wsdl/bindings/soap.py
@@ -1,3 +1,4 @@
+from collections.abc import Sequence
 import logging
 import typing
 
@@ -93,7 +94,7 @@ def _create(self, operation, args, kwargs, client=None, options=None):
 
             # Apply WSSE
             if client.wsse:
-                if isinstance(client.wsse, list):
+                if isinstance(client.wsse, Sequence):
                     for wsse in client.wsse:
                         envelope, http_headers = wsse.apply(envelope, http_headers)
                 else:
@@ -216,7 +217,7 @@ def process_reply(self, client, operation, response):
                 message_pack = None
 
         if client.wsse:
-            if isinstance(client.wsse, list):
+            if isinstance(client.wsse, Sequence):
                 for wsse in client.wsse:
                     wsse.verify(doc)
             else:

From e70e2353d884d4d5854233ca238bce341cd38b75 Mon Sep 17 00:00:00 2001
From: Caio Salgado <caio.salgado@axonius.com>
Date: Tue, 24 Sep 2024 06:52:31 +0100
Subject: [PATCH 6/8] style: ran lint

---
 src/zeep/wsse/signature.py | 14 ++++++++------
 1 file changed, 8 insertions(+), 6 deletions(-)

diff --git a/src/zeep/wsse/signature.py b/src/zeep/wsse/signature.py
index 09d9a4de..61b978ca 100644
--- a/src/zeep/wsse/signature.py
+++ b/src/zeep/wsse/signature.py
@@ -8,6 +8,7 @@
 module.
 
 """
+
 from lxml import etree
 from lxml.etree import QName
 
@@ -53,7 +54,7 @@ def __init__(
         signature_method=None,
         digest_method=None,
         verify_reply_signature=True,
-        response_cert_data=None
+        response_cert_data=None,
     ):
         check_xmlsec_import()
 
@@ -63,7 +64,7 @@ def __init__(
         self.digest_method = digest_method
         self.signature_method = signature_method
         self.verify_reply_signature = verify_reply_signature
-        self.response_cert_data= response_cert_data
+        self.response_cert_data = response_cert_data
 
     def apply(self, envelope, headers):
         key = _make_sign_key(self.key_data, self.cert_data, self.password)
@@ -75,8 +76,9 @@ def apply(self, envelope, headers):
     def verify(self, envelope):
         if not self.verify_reply_signature:
             return envelope
-        key = _make_verify_key(self.cert_data if not self.response_cert_data else
-                               self.response_cert_data)
+        key = _make_verify_key(
+            self.cert_data if not self.response_cert_data else self.response_cert_data
+        )
         _verify_envelope_with_key(envelope, key)
         return envelope
 
@@ -92,7 +94,7 @@ def __init__(
         signature_method=None,
         digest_method=None,
         verify_reply_signature=True,
-        response_certfile=None
+        response_certfile=None,
     ):
         super().__init__(
             _read_file(key_file),
@@ -101,7 +103,7 @@ def __init__(
             signature_method,
             digest_method,
             verify_reply_signature,
-            _read_file(response_certfile) if response_certfile else None
+            _read_file(response_certfile) if response_certfile else None,
         )
 
 

From 5a8fae009922487fb80f19b85903d673e4dc85f0 Mon Sep 17 00:00:00 2001
From: Caio Salgado <caio.salgado@axonius.com>
Date: Tue, 24 Sep 2024 06:57:12 +0100
Subject: [PATCH 7/8] wip: sign modifications for it to work with some
 webservices

---
 src/zeep/wsse/signature.py | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/src/zeep/wsse/signature.py b/src/zeep/wsse/signature.py
index 61b978ca..3e1a6247 100644
--- a/src/zeep/wsse/signature.py
+++ b/src/zeep/wsse/signature.py
@@ -360,7 +360,7 @@ def _sign_node(ctx, signature, target, digest_method=None):
     """
 
     # Ensure the target node has a wsu:Id attribute and get its value.
-    node_id = ensure_id(target)
+    ensure_id(target)
 
     # Unlike HTML, XML doesn't have a single standardized Id. WSSE suggests the
     # use of the wsu:Id attribute for this purpose, but XMLSec doesn't
@@ -370,10 +370,10 @@ def _sign_node(ctx, signature, target, digest_method=None):
 
     # Add reference to signature with URI attribute pointing to that ID.
     ref = xmlsec.template.add_reference(
-        signature, digest_method or xmlsec.Transform.SHA1, uri="#" + node_id
+        signature, digest_method or xmlsec.Transform.SHA1, uri=""
     )
     # This is an XML normalization transform which will be performed on the
     # target node contents before signing. This ensures that changes to
     # irrelevant whitespace, attribute ordering, etc won't invalidate the
     # signature.
-    xmlsec.template.add_transform(ref, xmlsec.Transform.EXCL_C14N)
+    xmlsec.template.add_transform(ref, xmlsec.Transform.ENVELOPED)

From 5d0a4c870ffabd057452e021251d0045b8ad74b3 Mon Sep 17 00:00:00 2001
From: Caio Salgado <caio.salgado@axonius.com>
Date: Tue, 24 Sep 2024 06:58:20 +0100
Subject: [PATCH 8/8] docs(repo): Add me in the contributors list

---
 CONTRIBUTORS.rst | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/CONTRIBUTORS.rst b/CONTRIBUTORS.rst
index 6520aa8b..8b88dd51 100644
--- a/CONTRIBUTORS.rst
+++ b/CONTRIBUTORS.rst
@@ -52,4 +52,4 @@ Contributors
 * Øyvind Heddeland Instefjord
 * Gil Obradors
 * Pol Sanlorenzo
-
+* Caio Salgado