Allow to not encrypt by setting the recipient certificate as optional

Aurélien LAJOIE · utix · commit d02ed8d0fb91 · 2016-11-26T16:11:47.000+01:00
diff --git a/doc/index.rst b/doc/index.rst
@@ -112,8 +112,8 @@ used to encrypt outgoing messages and verify the signature on incoming
 messages.
 
 Note that ``WssePlugin`` is currently hardcoded to sign the ``wsu:Timestamp``
-and ``soap:Body`` elements, and to encrypt only the first child of the
-``soap:Body`` element. Pull requests to add more flexibility are welcome.
+and ``soap:Body`` elements, and to optionally encrypt only the first child of
+the ``soap:Body`` element. Pull requests to add more flexibility are welcome.
 
 
 Standalone functions
diff --git a/wsse/suds.py b/wsse/suds.py
@@ -10,9 +10,10 @@
 class WssePlugin(MessagePlugin):
     """Suds message plugin that performs WS-Security signing and encryption.
 
-    Encrypts and signs outgoing messages (the soap:Body and the wsu:Timestamp
-    security token, which must be present); decrypts and verifies signature on
-    incoming messages.
+    Encrypts (optional) and signs outgoing messages (the soap:Body and the
+    wsu:Timestamp security token, which must be present); decrypts and verifies
+    signature on incoming messages.
+    Encryption is done if their_certfile is set.
 
     Uses X509 certificates for both encryption and signing. Requires our cert
     and its private key, and their cert (all as file paths).
@@ -39,7 +40,13 @@ class WssePlugin(MessagePlugin):
     only the first child element of the soap:Body will be encrypted).
 
     """
-    def __init__(self, keyfile, certfile, their_certfile):
+    def __init__(self, keyfile, certfile, their_certfile = None):
+        """
+        @param keyfile         path to the private key to sign the content
+        @param certfile        path to the certificate to sign the content
+        @param their_certfile  Optional, path to the recipient certificate to
+                               encrypt, if not set no encryption is done
+        """
         self.keyfile = keyfile
         self.certfile = certfile
         self.their_certfile = their_certfile
@@ -48,7 +55,8 @@ def sending(self, context):
         """Sign and encrypt outgoing message envelope."""
         context.envelope = sign(
             context.envelope, self.keyfile, self.certfile)
-        context.envelope = encrypt(context.envelope, self.their_certfile)
+        if their_certfile != None:
+            context.envelope = encrypt(context.envelope, self.their_certfile)
 
     def received(self, context):
         """Decrypt and verify signature of incoming reply envelope."""
