Fix bad reference in BinarySignature

Author: tpazderka

src/zeep/wsse/signature.py

@@ -233,13 +233,12 @@ def _sign_envelope_with_key_binary(envelope, key):
     ref = etree.SubElement(sec_token_ref, QName(ns.WSSE, 'Reference'),
                            {'ValueType': 'http://docs.oasis-open.org/wss/2004/01/'
                                          'oasis-200401-wss-x509-token-profile-1.0#X509v3'})
-    ref_id = ensure_id(ref)
     bintok = etree.Element(QName(ns.WSSE, 'BinarySecurityToken'), {
-        QName(ns.WSU, 'Id'): ref_id,
         'ValueType': 'http://docs.oasis-open.org/wss/2004/01/'
                      'oasis-200401-wss-x509-token-profile-1.0#X509v3',
         'EncodingType': 'http://docs.oasis-open.org/wss/2004/01/'
                         'oasis-200401-wss-soap-message-security-1.0#Base64Binary'})
+    ref.attrib['URI'] = '#' + ensure_id(bintok)
     bintok.text = x509_data.find(QName(ns.DS, 'X509Certificate')).text
     security.insert(1, bintok)
     x509_data.getparent().remove(x509_data)

tests/test_wsse_signature.py

@@ -3,8 +3,9 @@
 
 import pytest
 
+from lxml.etree import QName
 from tests.utils import load_xml
-from zeep import wsse
+from zeep import ns, wsse
 from zeep.exceptions import SignatureVerificationFailed
 from zeep.wsse import signature
 
@@ -135,3 +136,10 @@ def test_signature_binary():
     plugin = wsse.BinarySignature(KEY_FILE_PW, KEY_FILE_PW, 'geheim')
     envelope, headers = plugin.apply(envelope, {})
     plugin.verify(envelope)
+    # Test the reference
+    bintok = envelope.xpath('soapenv:Header/wsse:Security/wsse:BinarySecurityToken',
+                            namespaces={'soapenv': ns.SOAP_ENV_11, 'wsse': ns.WSSE})[0]
+    ref = envelope.xpath('soapenv:Header/wsse:Security/ds:Signature/ds:KeyInfo/wsse:SecurityTokenReference'
+                         '/wsse:Reference',
+                         namespaces={'soapenv': ns.SOAP_ENV_11, 'wsse': ns.WSSE, 'ds': ns.DS})[0]
+    assert '#' + bintok.attrib[QName(ns.WSU, 'Id')] == ref.attrib['URI']