CoSign API: Sending SOAP from Python client generated by suds

Question

I need to access the signing appliance from Python. To this end, using suds, I generated a Python client from the WSDL at https://cosigndemo.arx.com:8080/sapiws/dss.asmx?wsdl . I then used the generated client to build a simple signature request which more or less does the same as shown in the Java example provided by ARX (only, I'm asking for an invisible signature). The problem is that when I send the request to the demo appliance, here's what I receive in return:

(DssSignResult){
   Result = 
      (Result){
         ResultMajor = "urn:oasis:names:tc:dss:1.0:resultmajor:ResponderError"
         ResultMinor = "urn:oasis:names:tc:dss:1.0:resultminor:GeneralError"
         ResultMessage = 
            (ResultMessage){
               value = "Exception occured"
               _lang = "en"
            }
      }
 }

Here's the Python code I wrote:

from suds.client import Client
from suds.plugin import MessagePlugin
from suds.sax.attribute import Attribute
import logging


class MyPlugin(MessagePlugin):
    def marshalled(self, context):
        foo = context.envelope.getChild('ns2:Body').getChild('ns0:DssSign').getChild('ns0:SignRequest').getChild('ns1:InputDocuments').getChild('ns1:Document')
        foo[0].attributes.append(Attribute('MimeType', 'application/pdf'))
        print context.envelope




url = 'https://cosigndemo.arx.com:8080/sapiws/dss.asmx?wsdl'
client = Client(url, plugins=[MyPlugin()])


cid = client.factory.create("ns4:ClaimedIdentity")
cid.Name = "John Miller"
cid.SupportingInfo.LogonPassword = "12345678"


sigReq = client.factory.create("ns4:RequestBaseType")
sigReq._RequestID = "DummyRequestId"
sigReq.OptionalInputs.ClaimedIdentity = cid
sigReq.OptionalInputs.SignatureType="http://arx.com/SAPIWS/DSS/1.0/signature-field-create-sign"
sigReq.OptionalInputs.SAPISigFieldSettings._Name = "SigField"
sigReq.OptionalInputs.SAPISigFieldSettings._Invisible = "true"
sigReq.OptionalInputs.SAPISigFieldSettings._DependencyMode = "Independent"
sigReq.OptionalInputs.SAPISigFieldSettings._SignatureType = "Digital"
sigReq.OptionalInputs.SAPISigFieldSettings._EmptyFieldLabel = ""
sigReq.OptionalInputs.SAPISigFieldSettings._Page = "1"
sigReq.OptionalInputs.ReturnPDFTailOnly = "true"
sigReq.OptionalInputs.IncludeObject=None
sigReq.OptionalInputs.SignaturePlacement=None


doc = client.factory.create("ns4:DocumentType")


doc.Base64Data = open("/Users/mar/CoSignWSDL/factures-comptat217.pdf", "rb").read().encode("base64")


sigReq.InputDocuments.Document = doc
result = client.service.DssSign(sigReq)
print result

And here's the SOAP that (at least I think) it is sending to the appliance:

<SOAP-ENV:Envelope xmlns:ns3="http://arx.com/SAPIWS/DSS/1.0" xmlns:ns0="http://arx.com/SAPIWS/DSS/1.0/" xmlns:ns1="urn:oasis:names:tc:dss:1.0:core:schema" xmlns:ns2="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/">
   <SOAP-ENV:Header/>
   <ns2:Body>
      <ns0:DssSign>
         <ns0:SignRequest RequestID="DummyRequestId">
            <ns1:OptionalInputs>
               <ns1:ClaimedIdentity>
                  <ns1:Name>John Miller</ns1:Name>
                  <ns1:SupportingInfo>
                     <ns3:LogonPassword>12345678</ns3:LogonPassword>
                  </ns1:SupportingInfo>
               </ns1:ClaimedIdentity>
               <ns1:SignatureType>http://arx.com/SAPIWS/DSS/1.0/signature-field-create-sign</ns1:SignatureType>
               <ns1:SAPISigFieldSettings Name="SigField" DependencyMode="Independent" SignatureType="Digital" Page="1" Invisible="true"/>
               <ns1:ReturnPDFTailOnly>true</ns1:ReturnPDFTailOnly>
            </ns1:OptionalInputs>
            <ns1:InputDocuments>
               <ns1:Document>
                  <ns1:Base64Data MimeType="application/pdf">...</ns1:Base64Data>
               </ns1:Document>
            </ns1:InputDocuments>
         </ns0:SignRequest>
      </ns0:DssSign>
   </ns2:Body>
</SOAP-ENV:Envelope>

Note that I replaced the (very long) Base64Data content with "..." here for space reasons. Why is it not working?

Update Problem solved thanks to the answer. Here is the working code that adds a sig to a PDF:

from suds.client import Client
from suds.plugin import MessagePlugin
from suds.sax.attribute import Attribute
from suds.bindings import binding
import logging
import xml.dom.minidom as minidom
import base64


class MyPlugin(MessagePlugin):
    def marshalled(self, context):
        documentNode = context.envelope.getChild('ns3:Body').getChild('ns0:DssSign').getChild('ns0:SignRequest').getChild('ns1:InputDocuments').getChild('ns1:Document')
        documentNode[0].attributes.append(Attribute('MimeType', 'application/pdf'))
        SAPISigFieldSettingsNode = context.envelope.getChild('ns3:Body').getChild('ns0:DssSign').getChild('ns0:SignRequest').getChild('ns1:OptionalInputs').getChild('ns1:SAPISigFieldSettings')
        SAPISigFieldSettingsNode.setPrefix('ns2')
        ReturnPDFTailOnlyNode = context.envelope.getChild('ns3:Body').getChild('ns0:DssSign').getChild('ns0:SignRequest').getChild('ns1:OptionalInputs').getChild('ns1:ReturnPDFTailOnly')
        ReturnPDFTailOnlyNode.setPrefix('ns2')
        signRequestNode = context.envelope.getChild('ns3:Body').getChild('ns0:DssSign').getChild('ns0:SignRequest')
        signRequestNode.setPrefix('ns1')


binding.envns = ('SOAP-ENV', 'http://www.w3.org/2003/05/soap-envelope')
url = 'https://cosigndemo.arx.com:8080/sapiws/dss.asmx?wsdl'
client = Client(url, plugins=[MyPlugin()])


logging.basicConfig(level=logging.INFO)
logging.getLogger('suds.plugin').setLevel(logging.DEBUG)


cid = client.factory.create("ns4:ClaimedIdentity")
cid.Name = "John Miller"
cid.SupportingInfo.LogonPassword = "12345678"


sigReq = client.factory.create("ns4:RequestBaseType")
sigReq._RequestID = "DummyRequestId"
sigReq.OptionalInputs.ClaimedIdentity = cid
sigReq.OptionalInputs.SignatureType="http://arx.com/SAPIWS/DSS/1.0/signature-field-create-sign"
sigReq.OptionalInputs.SAPISigFieldSettings._Name = "SigField"
sigReq.OptionalInputs.SAPISigFieldSettings._Invisible = "true"
sigReq.OptionalInputs.SAPISigFieldSettings._DependencyMode = "Independent"
sigReq.OptionalInputs.SAPISigFieldSettings._SignatureType = "Digital"
sigReq.OptionalInputs.SAPISigFieldSettings._EmptyFieldLabel = ""
sigReq.OptionalInputs.SAPISigFieldSettings._Page = "1"
sigReq.OptionalInputs.ReturnPDFTailOnly = "true"
sigReq.OptionalInputs.IncludeObject=None
sigReq.OptionalInputs.SignaturePlacement=None


doc = client.factory.create("ns4:DocumentType")
f = open('/Users/mar/CoSignWSDL/factures-comptat217.pdf', 'r+b')
doc.Base64Data = f.read().encode("base64")


sigReq.InputDocuments.Document = doc


result = client.service.DssSign(sigReq)


signature = base64.b64decode(result.SignatureObject.Base64Signature.value)


f.seek(0, 2) #go to the end of the file
f.write(signature)
f.close()

Answer 1

Your SOAP request is passing ns0:SignRequest Should be: ns1:SignRequest

Also Bear in mind that there is a missing part in your code--checking the appliance's SSL certificate. It is not a must, but generally required in order to verify that the response wasn't sent by a fraudulent entity.

In .Net and Java it is done automatically when accessing web service in HTTPS (based on Microsoft certificate Store and Java certificate Store)- but as far as I see there is no equivalent in Python.