If timestamp is not listed in sp, don't sign

blaggacao · blaggacao · commit e6267bdc2578 · 2024-09-21T21:39:05.000+02:00
diff --git a/src/zeep/wsse/signature.py b/src/zeep/wsse/signature.py
@@ -247,12 +247,7 @@ def _signature_prepare(envelope, key, signature_method, digest_method, signature
     # Perform the actual signing.
     ctx = xmlsec.SignatureContext()
     ctx.key = key
-    # Sign default elements if present
-    timestamp = security.find(QName(ns.WSU, "Timestamp"))
-    if timestamp != None:
-        _sign_node(ctx, signature, timestamp, digest_method)
-
-    # Sign extra elements defined in WSDL
+    # Sign elements defined in WSDL
     if signatures is not None:
         if signatures["body"] or signatures["everything"]:
             _sign_node(
diff --git a/tests/test_wsse_signature.py b/tests/test_wsse_signature.py
@@ -74,13 +74,15 @@ def test_sign_timestamp_if_present(
     """
     )
 
+    signatures = {"everything": False, "body": True, "header": [{'Name': 'Timestamp', 'Namespace': 'http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd'}]}
     signature.sign_envelope(
         envelope,
         KEY_FILE,
         KEY_FILE,
         None,
         signature_method=getattr(xmlsec.Transform, signature_method),
         digest_method=getattr(xmlsec.Transform, digest_method),
+        signatures=signatures,
     )
     signature.verify_envelope(envelope, KEY_FILE)
     digests = envelope.xpath("//ds:DigestMethod", namespaces={"ds": ns.DS})
