问ERCOT API:使用Python发送带有签名和二进制安全令牌的SOAP

EN

import os
from zeep import Client, Settings
from zeep.transports import Transport
from requests import Session
from requests_pkcs12 import Pkcs12Adapter
from zeep.wsse.signature import BinarySignature
import random
import logging.config
from pathlib import Path
from tempfile import NamedTemporaryFile
from cryptography.hazmat.primitives.serialization import Encoding, PrivateFormat, NoEncryption
from cryptography.hazmat.primitives.serialization.pkcs12 import load_key_and_certificates

# USE THE MOST VERBOSE LOGGING LEVEL
logging.config.dictConfig({
 'version': 1,
 'formatters': {
 'verbose': {
 'format': '%(name)s: %(message)s'
 }
 },
 'handlers': {
 'console': {
 'level': 'DEBUG',
 'class': 'logging.StreamHandler',
 'formatter': 'verbose',
 },
 },
 'loggers': {
 'zeep.transports': {
 'level': 'DEBUG',
 'propagate': True,
 'handlers': ['console'],
 },
 }
})


# Source: https://gist.github.com/erikbern/756b1d8df2d1487497d29b90e81f8068
@contextlib.contextmanager
def pfx_to_pem(pfx_path, pfx_password):
 ''' Decrypts the .pfx file to be used with requests. '''
 pfx = Path(pfx_path).read_bytes()
 private_key, main_cert, add_certs = load_key_and_certificates(pfx, pfx_password.encode('utf-8'), None)

 with NamedTemporaryFile(suffix='.pem', delete=False) as t_pem:
   with open(t_pem.name, 'wb') as pem_file:
     pem_file.write(private_key.private_bytes(Encoding.PEM, PrivateFormat.PKCS8, NoEncryption()))
     pem_file.write(main_cert.public_bytes(Encoding.PEM))
     for ca in add_certs:
       pem_file.write(ca.public_bytes(Encoding.PEM))
   yield t_pem.name


def generate_nonce(length=15):
 """Generate pseudorandom number."""
 return ''.join([str(random.randint(0, 9)) for i in range(length)])


# CERTIFICATES PATHS
api_pfx_key = os.path.join('C:\\ALL\\ERCOT\\API Outplan OSI TCC MOTE.pfx')
api_certificate = os.path.join('C:\\ALL\\ERCOT\\OSITCC.cer')

# SETUP
wsdl_file = os.path.join('C:\\ALL\\ERCOT\\Nodal.wsdl')

#wsdl_file = "https://testmisapi.ercot.com/2007-08/Nodal/eEDS/EWS/?WSDL"
api_base_url = "https://testmisapi.ercot.com/2007-08/Nodal/eEDS/EWS/"
session = Session()
session.mount(api_base_url,
 Pkcs12Adapter(pkcs12_filename=api_pfx_key, pkcs12_password='AEP'))
#session.verify = False

transport = Transport(session=session)
settings = Settings(forbid_entities=False)

# CREATE CLIENT
print("Creating client.")
with pfx_to_pem(pfx_path=api_pfx_key, pfx_password='AEP') as pem_fle:
 client = Client(wsdl_file, settings=settings, transport=transport,
 wsse=BinarySignature(pem_fle, api_certificate))

 print("Making request.")
 request_data = {
 "Header": {
 "Verb": "get",
 "Noun": "SystemStatus",
 "ReplayDetection": {
 "Nonce": generate_nonce(),
 "Created": "07-06-2022"},
 "Revision": "1",
 "Source": "TDSP",
 "UserID": "API_OutplanOSITCC",
 },
 }
 print("Call URL")
 print(client.service.MarketTransactions(**request_data))```


but while running this one , I am getting the below error - "C:\ALL\Python 3.9\PythonDev\python.exe" "C:/ALL/Python 3.10/PythonDev/ERCOT_API.py"
C:\ALL\Python 3.9\PythonDev\lib\site-packages\OpenSSL\crypto.py:1133: CryptographyDeprecationWarning: This version of cryptography contains a temporary pyOpenSSL fallback path. Upgrade pyOpenSSL now.
  cert._x509 = crypto_cert._x509
Creating client.
zeep.transports: Loading remote data from: http://www.w3.org/2001/xml.xsd
Making request.
Call URL
zeep.transports: HTTP Post to https://testmisapi.ercot.com/2007-08/Nodal/eEDS/EWS:
<?xml version='1.0' encoding='utf-8'?>
<soap-env:Envelope xmlns:soap-env="http://schemas.xmlsoap.org/soap/envelope/"><soap-env:Header><wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"><Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
<SignedInfo>
<CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
<SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
<Reference URI="#id-c773cb6e-3a71-4d59-8a83-e3e4df97cd03">
<Transforms>
<Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
</Transforms>
<DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<DigestValue>jhEnAC9hpCVo1d/0+2Gj7bO2IzE=</DigestValue>
</Reference>
</SignedInfo>
<SignatureValue>XhJV0FuRemJRlgwGoLLo13cR+vjtUartO2eyIj9rjQoOVR4NES3ULki26wCrF5nT
ABAFjdh7nr9BQry4L+ZcnQt2T73SMsFBUaSWFhp2jEuHIPdnHhnkRqNMJt+p+cPS
cXojjDlvjmqB9uEF5wk/dEQIfWdp0aE5tlnV7qRJUh7Mm43k43vVCOW+Sn3i3k7a
7Td74UukP7XsENL0x804DAEmYI686gWNCBzSyNojNWcT/1SKa+gaM1mqe9KPOzpq
dFOUOYLyEDqeYJdUTwTzBGHatuWX536fFcl7AOp9aBYCtFCwyoQ5cweSdZdATd47
Hp/TtICaKb8Xg2XZ/c3wHA==</SignatureValue>
<KeyInfo>
<wsse:SecurityTokenReference><wsse:Reference ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3" URI="#id-6a68c676-049c-4dc8-9f59-9dcb6a173bb0"/></wsse:SecurityTokenReference></KeyInfo>
</Signature><wsse:BinarySecurityToken xmlns:ns1="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3" EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary" ns1:Id="id-6a68c676-049c-4dc8-9f59-9dcb6a173bb0">MIIGXDCCBUSgAwIBAgIQOQpxxst8nF94i/e9RtEgCzANBgkqhkiG9w0BAQsFADBm
MQswCQYDVQQGEwJVUzE0MDIGA1UEChMrRWxlY3RyaWMgUmVsaWFiaWxpdHkgQ291
bmNpbCBvZiBUZXhhcywgSW5jLjEhMB8GA1UEAxMYRVJDT1QgRW50ZXJwcmlzZSBU
RVNUIENBMB4XDTIyMDUwMzAwMDAwMFoXDTIzMDUwMzIzNTk1OVowggEfMTQwMgYD
VQQKDCtFbGVjdHJpYyBSZWxpYWJpbGl0eSBDb3VuY2lsIG9mIFRleGFzLCBJbmMu
MScwJQYDVQQLDB5FbXBsb3llZUlEIC0gQVBJX091dHBsYW5PU0lUQ0MxLjAsBgNV
BAsMJU1QIC0gQUVQIFRFWEFTIENFTlRSQUwgQ09NUEFOWSAoVERTUCkxIDAeBgNV
BAsMF0RVTlMgTnVtYmVyIC0gMDA3OTI0NzcyMR4wHAYDVQQLDBVFUkNPVCBFbnRl
cnByaXNlIE1PVEUxGjAYBgNVBAsMEUFQSV9PdXRwbGFuT1NJVENDMRIwEAYDVQQL
DAkwMDc5MjQ3NzIxHDAaBgNVBAMME0FQSSBPdXRwbGFuIE9TSSBUQ0MwggEiMA0G
CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCxM8X0LhC+K8aneHMarxg9cjHyB5AU
z9LgFWf1+gdjLMjo6gsQC3H2DbBSYDxb2S9W8om+qd1kY213KVIRgig9IP2/3/gP
3ty35O2stHGKhK2xWjXc5acDLb4mVchhjwd2j80KTC8GuoO6IjR9gp6/joSoewWb
s4QYyb1XsA7s5EXX/bwh5aKcMrMKoACDrYW+DsQ9fVn6SgprY71x4g/J9DXOolwg
ULuLYeWBkwU5IkCGw/V8A2iqcAXEza5BPxxjjdzaxaJgL9iYiqjN+rFrOGPpGtt4
cWmR3S4iESuOdDSnMnZrU2TmT+k0zLmrZzx43OyowAOXJxHppECC+U7XAgMBAAGj
ggJJMIICRTAMBgNVHRMBAf8EAjAAMA4GA1UdDwEB/wQEAwIFoDAWBgNVHSUBAf8E
DDAKBggrBgEFBQcDAjAdBgNVHQ4EFgQUU3nJUKn/NV/hZsf9TbH59J23tFcwXQYD
VR0fBFYwVDBSoFCgToZMaHR0cDovL3BraS1jcmwuc3ltYXV0aC5jb20vY2FfODBh
OWVlODkyY2IwYjhkNDczODgwMTA4YzIyODI5NGEvTGF0ZXN0Q1JMLmNybDCCAQMG
CCsGAQUFBwEBBIH2MIHzMCcGCCsGAQUFBzABhhtodHRwOi8vcGtpLW9jc3Auc3lt
YXV0aC5jb20wgccGCCsGAQUFBzAChoG6bGRhcDovL2RpcmVjdG9yeS5zeW1hdXRo
LmNvbS9DTiUyMCUzRCUyMEVSQ09UJTIwRW50ZXJwcmlzZSUyMFRFU1QlMjBDQSUy
QyUyME8lMjAlM0QlMjAlMjJFbGVjdHJpYyUyMFJlbGlhYmlsaXR5JTIwQ291bmNp
bCUyMG9mJTIwVGV4YXMlMkMlMjBJbmMuJTIyJTJDJTIwQyUyMCUzRCUyMFVTP2NB
Q2VydGlmaWNhdGU7YmluYXJ5MB8GA1UdIwQYMBaAFM9vgLFH3rW5jzTpa58gBemf
5RwPMCwGCmCGSAGG+EUBEAMEHjAcBhJghkgBhvhFARABAgMEAZTtjgwWBjQ1MDY3
NzA5BgpghkgBhvhFARAFBCswKQIBABYkYUhSMGNITTZMeTl3YTJrdGNtRXVjM2x0
WVhWMGFDNWpiMjA9MA0GCSqGSIb3DQEBCwUAA4IBAQAF/6dMajWt17ytqWu3HqZB
MmhKmpopI6sEJ1Nx9XX2HI7WonOe6YehTEinsuQYbI1GPxylu81C/gaqXICWTMm3
qozwNAwP4AyO0K0C4q6Txh7slwn7D0uuayPlVpClOcVCeN5T8wV0ZGIdyvCOOoWp
ATTqo7GlbmzqeHo+XVxYcF6D9hJouXS5SvTzdx3qlSA6faV3L+ZYOyChcrKsGZU4
HS1BKrKEOV+y+oIQXRMIrLzlOJzM4HFH0tcFTz8ZhibsXT4Iwn2VCPIUA9WScQjw
gW2dia0pU9ep08W8220X2OVpAC5SE9/iK85lHN9+ZJ+QpJ2BFpit+KUUNNx0C6du</wsse:BinarySecurityToken></wsse:Security></soap-env:Header><soap-env:Body xmlns:ns1="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" ns1:Id="id-c773cb6e-3a71-4d59-8a83-e3e4df97cd03"><ns0:RequestMessage xmlns:ns0="http://www.ercot.com/schema/2007-06/nodal/ews/message"><ns0:Header><ns0:Verb>get</ns0:Verb><ns0:Noun>SystemStatus</ns0:Noun><ns0:ReplayDetection><ns0:Nonce>576394325909862</ns0:Nonce><ns0:Created>07-06-2022</ns0:Created></ns0:ReplayDetection><ns0:Revision>1</ns0:Revision><ns0:Source>TDSP</ns0:Source><ns0:UserID>API_OutplanOSITCC</ns0:UserID></ns0:Header></ns0:RequestMessage></soap-env:Body></soap-env:Envelope>
Traceback (most recent call last):
  File "C:\ALL\Python 3.9\PythonDev\lib\site-packages\urllib3\connectionpool.py", line 703, in urlopen
    httplib_response = self._make_request(
  File "C:\ALL\Python 3.9\PythonDev\lib\site-packages\urllib3\connectionpool.py", line 386, in _make_request
    self._validate_conn(conn)
  File "C:\ALL\Python 3.9\PythonDev\lib\site-packages\urllib3\connectionpool.py", line 1040, in _validate_conn
    conn.connect()
  File "C:\ALL\Python 3.9\PythonDev\lib\site-packages\urllib3\connection.py", line 414, in connect
    self.sock = ssl_wrap_socket(
  File "C:\ALL\Python 3.9\PythonDev\lib\site-packages\urllib3\util\ssl_.py", line 449, in ssl_wrap_socket
    ssl_sock = _ssl_wrap_socket_impl(
  File "C:\ALL\Python 3.9\PythonDev\lib\site-packages\urllib3\util\ssl_.py", line 493, in _ssl_wrap_socket_impl
    return ssl_context.wrap_socket(sock, server_hostname=server_hostname)
  File "C:\ALL\Python 3.9\PythonDev\lib\ssl.py", line 501, in wrap_socket
    return self.sslsocket_class._create(
  File "C:\ALL\Python 3.9\PythonDev\lib\ssl.py", line 1041, in _create
    self.do_handshake()
  File "C:\ALL\Python 3.9\PythonDev\lib\ssl.py", line 1310, in do_handshake
    self._sslobj.do_handshake()
ssl.SSLError: [SSL: SSLV3_ALERT_HANDSHAKE_FAILURE] sslv3 alert handshake failure (_ssl.c:1129)

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "C:\ALL\Python 3.9\PythonDev\lib\site-packages\requests\adapters.py", line 489, in send
    resp = conn.urlopen(
  File "C:\ALL\Python 3.9\PythonDev\lib\site-packages\urllib3\connectionpool.py", line 785, in urlopen
    retries = retries.increment(
  File "C:\ALL\Python 3.9\PythonDev\lib\site-packages\urllib3\util\retry.py", line 592, in increment
    raise MaxRetryError(_pool, url, error or ResponseError(cause))
urllib3.exceptions.MaxRetryError: HTTPSConnectionPool(host='testmisapi.ercot.com', port=443): Max retries exceeded with url: /2007-08/Nodal/eEDS/EWS (Caused by SSLError(SSLError(1, '[SSL: SSLV3_ALERT_HANDSHAKE_FAILURE] sslv3 alert handshake failure (_ssl.c:1129)')))

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "C:\ALL\Python 3.10\PythonDev\ERCOT_API.py", line 98, in <module>
    print(client.service.MarketTransactions(**request_data))
  File "C:\ALL\Python 3.9\PythonDev\lib\site-packages\zeep\proxy.py", line 46, in __call__
    return self._proxy._binding.send(
  File "C:\ALL\Python 3.9\PythonDev\lib\site-packages\zeep\wsdl\bindings\soap.py", line 127, in send
    response = client.transport.post_xml(options["address"], envelope, http_headers)
  File "C:\ALL\Python 3.9\PythonDev\lib\site-packages\zeep\transports.py", line 107, in post_xml
    return self.post(address, message, headers)
  File "C:\ALL\Python 3.9\PythonDev\lib\site-packages\zeep\transports.py", line 73, in post
    response = self.session.post(
  File "C:\ALL\Python 3.9\PythonDev\lib\site-packages\requests\sessions.py", line 635, in post
    return self.request("POST", url, data=data, json=json, **kwargs)
  File "C:\ALL\Python 3.9\PythonDev\lib\site-packages\requests\sessions.py", line 587, in request
    resp = self.send(prep, **send_kwargs)
  File "C:\ALL\Python 3.9\PythonDev\lib\site-packages\requests\sessions.py", line 701, in send
    r = adapter.send(request, **kwargs)
  File "C:\ALL\Python 3.9\PythonDev\lib\site-packages\requests\adapters.py", line 563, in send
    raise SSLError(e, request=request)
requests.exceptions.SSLError: HTTPSConnectionPool(host='testmisapi.ercot.com', port=443): Max retries exceeded with url: /2007-08/Nodal/eEDS/EWS (Caused by SSLError(SSLError(1, '[SSL: SSLV3_ALERT_HANDSHAKE_FAILURE] sslv3 alert handshake failure (_ssl.c:1129)')))

Process finished with exit code 1

Could anyone please suggest how to resolve this error?

Thank you so much for your time and help.
@Anna Geller ,@Preethi Vaidyanathan -could you please help with this?

Thanks
Sugata