def _inicializar_cripto(self):
libxml2.initParser()
libxml2.substituteEntitiesDefault(1)
xmlsec.init()
xmlsec.cryptoAppInit(None)
xmlsec.cryptoInit()
def _inicializar_cripto(self):
libxml2.initParser()
libxml2.substituteEntitiesDefault(1)
xmlsec.init()
xmlsec.cryptoAppInit(None)
xmlsec.cryptoInit()
def received(self, context):
self.poruka_odgovor = context.reply
libxml2.initParser()
libxml2.substituteEntitiesDefault(1)
xmlsec.init()
xmlsec.cryptoAppInit(None)
xmlsec.cryptoInit()
mngr = xmlsec.KeysMngr()
xmlsec.cryptoAppDefaultKeysMngrInit(mngr)
#mngr.certLoad(verifyCertFile, xmlsec.KeyDataFormatPem, xmlsec.KeyDataTypeTrusted)
mngr.certLoad(certFile, xmlsec.KeyDataFormatPem, xmlsec.KeyDataTypeTrusted)
doc = libxml2.parseDoc(context.reply)
xmlsec.addIDs(doc, doc.getRootElement(), ['Id'])
node = xmlsec.findNode(doc.getRootElement(), xmlsec.NodeSignature, xmlsec.DSigNs)
dsig_ctx = xmlsec.DSigCtx(mngr)
dsig_ctx.verify(node)
if(dsig_ctx.status == xmlsec.DSigStatusSucceeded): self.valid_signature = 1
xmlsec.cryptoShutdown()
xmlsec.cryptoAppShutdown()
xmlsec.shutdown()
libxml2.cleanupParser()
return context
def received(self, context):
self.poruka_odgovor = context.reply
libxml2.initParser()
libxml2.substituteEntitiesDefault(1)
xmlsec.init()
xmlsec.cryptoAppInit(None)
xmlsec.cryptoInit()
mngr = xmlsec.KeysMngr()
xmlsec.cryptoAppDefaultKeysMngrInit(mngr)
mngr.certLoad(verifyCertFile, xmlsec.KeyDataFormatPem,
xmlsec.KeyDataTypeTrusted)
doc = libxml2.parseDoc(context.reply)
xmlsec.addIDs(doc, doc.getRootElement(), ['Id'])
node = xmlsec.findNode(doc.getRootElement(), xmlsec.NodeSignature,
xmlsec.DSigNs)
dsig_ctx = xmlsec.DSigCtx(mngr)
dsig_ctx.verify(node)
if (dsig_ctx.status == xmlsec.DSigStatusSucceeded):
self.valid_signature = 1
xmlsec.cryptoShutdown()
xmlsec.cryptoAppShutdown()
xmlsec.shutdown()
libxml2.cleanupParser()
return context
def sending(self, context):
msgtype = "RacunZahtjev"
if "PoslovniProstorZahtjev" in context.envelope: msgtype = "PoslovniProstorZahtjev"
doc2 = libxml2.parseDoc(context.envelope)
zahtjev = doc2.xpathEval('//*[local-name()="%s"]' % msgtype)[0]
doc2.setRootElement(zahtjev)
x = doc2.getRootElement().newNs('http://www.apis-it.hr/fin/2012/types/f73', 'tns')
for i in doc2.xpathEval('//*'):
i.setNs(x)
libxml2.initParser()
libxml2.substituteEntitiesDefault(1)
xmlsec.init()
xmlsec.cryptoAppInit(None)
xmlsec.cryptoInit()
doc2.getRootElement().setProp('Id', msgtype)
xmlsec.addIDs(doc2, doc2.getRootElement(), ['Id'])
signNode = xmlsec.TmplSignature(doc2, xmlsec.transformExclC14NId(), xmlsec.transformRsaSha1Id(), None)
doc2.getRootElement().addChild(signNode)
refNode = signNode.addReference(xmlsec.transformSha1Id(), None, None, None)
refNode.setProp('URI', '#%s' % msgtype)
refNode.addTransform(xmlsec.transformEnvelopedId())
refNode.addTransform(xmlsec.transformExclC14NId())
dsig_ctx = xmlsec.DSigCtx()
key = xmlsec.cryptoAppKeyLoad(keyFile, xmlsec.KeyDataFormatPem, None, None, None)
dsig_ctx.signKey = key
xmlsec.cryptoAppKeyCertLoad(key, certFile, xmlsec.KeyDataFormatPem)
key.setName(keyFile)
keyInfoNode = signNode.ensureKeyInfo(None)
x509DataNode = keyInfoNode.addX509Data()
xmlsec.addChild(x509DataNode, "X509IssuerSerial")
xmlsec.addChild(x509DataNode, "X509Certificate")
dsig_ctx.sign(signNode)
if dsig_ctx is not None: dsig_ctx.destroy()
context.envelope = """<?xml version="1.0" encoding="UTF-8"?>
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/">
<soapenv:Body>""" + doc2.serialize().replace('<?xml version="1.0" encoding="UTF-8"?>','') + """</soapenv:Body></soapenv:Envelope>""" # Ugly hack
# Shutdown xmlsec-crypto library, ako ne radi HTTPS onda ovo treba zakomentirati da ga ne ugasi prije reda
xmlsec.cryptoShutdown()
xmlsec.shutdown()
libxml2.cleanupParser()
return context
def sending(self, context):
msgtype = "RacunZahtjev"
if "PoslovniProstorZahtjev" in context.envelope: msgtype = "PoslovniProstorZahtjev"
doc2 = libxml2.parseDoc(context.envelope)
zahtjev = doc2.xpathEval('//*[local-name()="%s"]' % msgtype)[0]
doc2.setRootElement(zahtjev)
x = doc2.getRootElement().newNs('http://www.apis-it.hr/fin/2012/types/f73', 'tns')
for i in doc2.xpathEval('//*'):
i.setNs(x)
libxml2.initParser()
libxml2.substituteEntitiesDefault(1)
xmlsec.init()
xmlsec.cryptoAppInit(None)
xmlsec.cryptoInit()
doc2.getRootElement().setProp('Id', msgtype)
xmlsec.addIDs(doc2, doc2.getRootElement(), ['Id'])
signNode = xmlsec.TmplSignature(doc2, xmlsec.transformExclC14NId(), xmlsec.transformRsaSha1Id(), None)
doc2.getRootElement().addChild(signNode)
refNode = signNode.addReference(xmlsec.transformSha1Id(), None, None, None)
refNode.setProp('URI', '#%s' % msgtype)
refNode.addTransform(xmlsec.transformEnvelopedId())
refNode.addTransform(xmlsec.transformExclC14NId())
dsig_ctx = xmlsec.DSigCtx()
key = xmlsec.cryptoAppKeyLoad(keyFile, xmlsec.KeyDataFormatPem, None, None, None)
dsig_ctx.signKey = key
xmlsec.cryptoAppKeyCertLoad(key, certFile, xmlsec.KeyDataFormatPem)
key.setName(keyFile)
keyInfoNode = signNode.ensureKeyInfo(None)
x509DataNode = keyInfoNode.addX509Data()
xmlsec.addChild(x509DataNode, "X509IssuerSerial")
xmlsec.addChild(x509DataNode, "X509Certificate")
dsig_ctx.sign(signNode)
if dsig_ctx is not None: dsig_ctx.destroy()
context.envelope = """<?xml version="1.0" encoding="UTF-8"?>
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/">
<soapenv:Body>""" + doc2.serialize().replace('<?xml version="1.0" encoding="UTF-8"?>','') + """</soapenv:Body></soapenv:Envelope>""" # Ugly hack
# Shutdown xmlsec-crypto library, ako ne radi HTTPS onda ovo treba zakomentirati da ga ne ugasi prije reda
xmlsec.cryptoShutdown()
xmlsec.shutdown()
libxml2.cleanupParser()
return context
def test_reinitialize_module(self):
"""
This doesn't explicitly test anything, but will
be invoked first in the suite, so if the subsequent
tests don't fail, we know that the ``init()``/``shutdown()``
function pair doesn't break anything.
"""
xmlsec.shutdown()
xmlsec.init()
def _inicia_funcoes_externas(self):
# Ativa as funções de análise de arquivos XML
libxml2.initParser()
libxml2.substituteEntitiesDefault(1)
# Ativa as funções da API de criptografia
xmlsec.init()
xmlsec.cryptoAppInit(None)
xmlsec.cryptoInit()
def _ativar_funcoes_criptograficas(self):
# FIXME: descobrir forma de evitar o uso do libxml2 neste processo
# Ativa as funções de análise de arquivos XML FIXME
libxml2.initParser()
libxml2.substituteEntitiesDefault(1)
# Ativa as funções da API de criptografia
xmlsec.init()
xmlsec.cryptoAppInit(None)
xmlsec.cryptoInit()
def _ativar_funcoes_criptograficas(self):
# FIXME: descobrir forma de evitar o uso do libxml2 neste processo
# Ativa as funções de análise de arquivos XML FIXME
libxml2.initParser()
libxml2.substituteEntitiesDefault(1)
# Ativa as funções da API de criptografia
xmlsec.init()
xmlsec.cryptoAppInit(None)
xmlsec.cryptoInit()
def init():
global secinit
if secinit:
return
# Init libxml library
libxml2.initParser()
libxml2.substituteEntitiesDefault(1)
# Init xmlsec library
if xmlsec.init() < 0:
print "Error: xmlsec initialization failed."
return sys.exit(-1)
# Check loaded library version
if xmlsec.checkVersion() != 1:
print "Error: loaded xmlsec library version is not compatible.\n"
sys.exit(-1)
# Init crypto library
if xmlsec.cryptoAppInit(None) < 0:
print "Error: crypto initialization failed."
# Init xmlsec-crypto library
if xmlsec.cryptoInit() < 0:
print "Error: xmlsec-crypto initialization failed."
secinit = True
def __init__(self, logging):
self.logging = logging
self.logging.debug("Starting crypto engine")
# Init libxml library
libxml2.initParser()
libxml2.substituteEntitiesDefault(1)
# Init xmlsec library
if xmlsec.init() < 0:
print "Error: xmlsec initialization failed."
return sys.exit(-1)
# Check loaded library version
if xmlsec.checkVersion() != 1:
self.logging.error("loaded xmlsec library version is not compatible.")
sys.exit(-1)
# Init crypto library
if xmlsec.cryptoAppInit(None) < 0:
self.logging.error("crypto initialization failed.")
# Init xmlsec-crypto library
if xmlsec.cryptoInit() < 0:
self.logging.error("xmlsec-crypto initialization failed.")
def init_xmlsec(self):
# Init libxml library
libxml2.initParser()
libxml2.substituteEntitiesDefault(1)
# Init xmlsec library
if xmlsec.init() < 0:
log.error(" xmlsec initialization failed.")
# XXX This should do something else...
return sys.exit(-1)
# Check loaded library version
if xmlsec.checkVersion() != 1:
log.error(" loaded xmlsec library version is not compatible.\n")
sys.exit(-1)
# Init crypto library
if xmlsec.cryptoAppInit(None) < 0:
log.error(" crypto initialization failed.")
# Init xmlsec-crypto library
if xmlsec.cryptoInit() < 0:
log.error(" xmlsec-crypto initialization failed.")
self._init_xmlsec = True
def _signXML(xml):
dsigctx = None
doc = None
try:
# initialization
libxml2.initParser()
libxml2.substituteEntitiesDefault(1)
if xmlsec.init() < 0:
raise SignatureError('xmlsec init failed')
if xmlsec.checkVersion() != 1:
raise SignatureError('incompatible xmlsec library version %s' %
str(xmlsec.checkVersion()))
if xmlsec.cryptoAppInit(None) < 0:
raise SignatureError('crypto initialization failed')
if xmlsec.cryptoInit() < 0:
raise SignatureError('xmlsec-crypto initialization failed')
# load the input
doc = libxml2.parseDoc(xml)
if not doc or not doc.getRootElement():
raise SignatureError('error parsing input xml')
node = xmlsec.findNode(doc.getRootElement(), xmlsec.NodeSignature,
xmlsec.DSigNs)
if not node:
raise SignatureError("couldn't find root node")
dsigctx = xmlsec.DSigCtx()
key = xmlsec.cryptoAppKeyLoad(key_file, xmlsec.KeyDataFormatPem,
key_pwd, None, None)
if not key:
raise SignatureError('failed to load the private key %s' %
key_file)
dsigctx.signKey = key
if key.setName(key_file) < 0:
raise SignatureError('failed to set key name')
if xmlsec.cryptoAppKeyCertLoad(key, cert_file,
xmlsec.KeyDataFormatPem) < 0:
print "Error: failed to load pem certificate \"%s\"" % cert_file
return cleanup(doc, dsigctx)
# sign
if dsigctx.sign(node) < 0:
raise SignatureError('signing failed')
signed_xml = doc.serialize()
finally:
if dsigctx:
dsigctx.destroy()
if doc:
doc.freeDoc()
xmlsec.cryptoShutdown()
xmlsec.shutdown()
libxml2.cleanupParser()
return signed_xml
def main():
failures = 0
xmlsec.init()
try:
for name in dir(sys.modules[__name__]):
if name.startswith("test_"):
print("Running {}".format(name))
func = getattr(sys.modules[__name__], name)
try:
func()
except AssertionError:
print("Failed {}".format(name))
traceback.print_exc()
failures += 1
finally:
xmlsec.shutdown()
xmlsec.init()
finally:
print("Finished. Failures: {}".format(failures))
def init_xmlsec():
libxml2.initParser()
libxml2.substituteEntitiesDefault(1)
if xmlsec.init() < 0:
raise RuntimeError('xmlsec initialization failed')
if xmlsec.checkVersion() != 1:
raise RuntimeError('loaded xmlsec library version is not compatible')
if xmlsec.cryptoAppInit(None) < 0:
raise RuntimeError('crypto initialization failed')
if xmlsec.cryptoInit() < 0:
raise RuntimeError('xmlsec-crypto initialization failed')
def init_xmlsec():
libxml2.initParser()
libxml2.substituteEntitiesDefault(1)
if xmlsec.init() < 0:
raise RuntimeError('xmlsec initialization failed')
if xmlsec.checkVersion() != 1:
raise RuntimeError('loaded xmlsec library version is not compatible')
if xmlsec.cryptoAppInit(None) < 0:
raise RuntimeError('crypto initialization failed')
if xmlsec.cryptoInit() < 0:
raise RuntimeError('xmlsec-crypto initialization failed')
def init():
# Init libxml library
libxml2.initParser()
libxml2.substituteEntitiesDefault(1)
# Init xmlsec library
assert xmlsec.init() >= 0, "Error: xmlsec initialization failed."
# Check loaded library version
assert xmlsec.checkVersion() == 1, "Error: loaded xmlsec library version is not compatible."
# Init crypto library
assert xmlsec.cryptoAppInit(None) >= 0, "Error: crypto initialization failed."
# Init xmlsec-crypto library
assert xmlsec.cryptoInit() >= 0, "Error: xmlsec-crypto initialization failed."
def main():
assert (sys.argv)
if len(sys.argv) < 3:
print "Error: wrong number of arguments."
print "Usage: %s <xml-file> <key-file1> [<key-file2> [...]]" % sys.argv[
0]
return sys.exit(1)
# Init libxml library
libxml2.initParser()
libxml2.substituteEntitiesDefault(1)
# Init xmlsec library
if xmlsec.init() < 0:
print "Error: xmlsec initialization failed."
return sys.exit(-1)
# Check loaded library version
if xmlsec.checkVersion() != 1:
print "Error: loaded xmlsec library version is not compatible.\n"
sys.exit(-1)
# Init crypto library
if xmlsec.cryptoAppInit(None) < 0:
print "Error: crypto initialization failed."
# Init xmlsec-crypto library
if xmlsec.cryptoInit() < 0:
print "Error: xmlsec-crypto initialization failed."
# Create keys manager and load keys
mngr = load_keys(sys.argv[2:], len(sys.argv) - 2)
res = 0
# Verify file
if mngr is not None:
res = verify_file(mngr, sys.argv[1])
# Destroy keys manager
mngr.destroy()
# Shutdown xmlsec-crypto library
xmlsec.cryptoShutdown()
# Shutdown crypto library
xmlsec.cryptoAppShutdown()
# Shutdown xmlsec library
xmlsec.shutdown()
# Shutdown LibXML2
libxml2.cleanupParser()
sys.exit(res)
def main():
assert(sys.argv)
if len(sys.argv) < 3:
print "Error: wrong number of arguments."
print "Usage: %s <xml-file> <key-file1> [<key-file2> [...]]" % sys.argv[0]
return sys.exit(1)
# Init libxml library
libxml2.initParser()
libxml2.substituteEntitiesDefault(1)
# Init xmlsec library
if xmlsec.init() < 0:
print "Error: xmlsec initialization failed."
return sys.exit(-1)
# Check loaded library version
if xmlsec.checkVersion() != 1:
print "Error: loaded xmlsec library version is not compatible.\n"
sys.exit(-1)
# Init crypto library
if xmlsec.cryptoAppInit(None) < 0:
print "Error: crypto initialization failed."
# Init xmlsec-crypto library
if xmlsec.cryptoInit() < 0:
print "Error: xmlsec-crypto initialization failed."
# Create keys manager and load keys
mngr = load_keys(sys.argv[2:], len(sys.argv) - 2)
res = 0
# Verify file
if mngr is not None:
res = verify_file(mngr, sys.argv[1])
# Destroy keys manager
mngr.destroy()
# Shutdown xmlsec-crypto library
xmlsec.cryptoShutdown()
# Shutdown crypto library
xmlsec.cryptoAppShutdown()
# Shutdown xmlsec library
xmlsec.shutdown()
# Shutdown LibXML2
libxml2.cleanupParser()
sys.exit(res)
def main():
assert (sys.argv)
if len(sys.argv) != 2:
print "Error: wrong number of arguments."
print "Usage: %s <enc-file>" % sys.argv[0]
return sys.exit(1)
res = 0
# Init libxml library
libxml2.initParser()
libxml2.substituteEntitiesDefault(1)
# Init xmlsec library
if xmlsec.init() < 0:
print "Error: xmlsec initialization failed."
return sys.exit(-1)
# Check loaded library version
if xmlsec.checkVersion() != 1:
print "Error: loaded xmlsec library version is not compatible."
sys.exit(-1)
# Init crypto library
if xmlsec.cryptoAppInit(None) < 0:
print "Error: crypto initialization failed."
# Init xmlsec-crypto library
if xmlsec.cryptoInit() < 0:
print "Error: xmlsec-crypto initialization failed."
# Create keys manager and load keys */
mngr = create_files_keys_mngr()
if mngr is not None:
res = decrypt_file(mngr, sys.argv[1])
# Shutdown xmlsec-crypto library
xmlsec.cryptoShutdown()
# Shutdown crypto library
xmlsec.cryptoAppShutdown()
# Shutdown xmlsec library
xmlsec.shutdown()
# Shutdown LibXML2
libxml2.cleanupParser()
sys.exit(res)
def main():
assert(sys.argv)
if len(sys.argv) != 2:
print "Error: wrong number of arguments."
print "Usage: %s <enc-file>" % sys.argv[0]
return sys.exit(1)
res = 0
# Init libxml library
libxml2.initParser()
libxml2.substituteEntitiesDefault(1)
# Init xmlsec library
if xmlsec.init() < 0:
print "Error: xmlsec initialization failed."
return sys.exit(-1)
# Check loaded library version
if xmlsec.checkVersion() != 1:
print "Error: loaded xmlsec library version is not compatible."
sys.exit(-1)
# Init crypto library
if xmlsec.cryptoAppInit(None) < 0:
print "Error: crypto initialization failed."
# Init xmlsec-crypto library
if xmlsec.cryptoInit() < 0:
print "Error: xmlsec-crypto initialization failed."
# Create keys manager and load keys */
mngr = create_files_keys_mngr()
if mngr is not None:
res = decrypt_file(mngr, sys.argv[1])
# Shutdown xmlsec-crypto library
xmlsec.cryptoShutdown()
# Shutdown crypto library
xmlsec.cryptoAppShutdown()
# Shutdown xmlsec library
xmlsec.shutdown()
# Shutdown LibXML2
libxml2.cleanupParser()
sys.exit(res)
def _init():
"""Initializes the libxml2 parser and XMLSEC library. Is called
automatically upon loading this module.
"""
# Initiate the libxml2 parser
libxml2.initParser()
libxml2.substituteEntitiesDefault(1)
# Initialize xmlsec
if xmlsec.init() < 0:
raise XMLDSIGError("Failed initializing xmlsec library")
if xmlsec.cryptoAppInit(None) < 0:
raise XMLDSIGError("Failed initializing crypto library")
if xmlsec.cryptoInit() < 0:
raise XMLDSIGError("Failed initializing xmlsec-crypto library")
def _init():
"""Initializes the libxml2 parser and XMLSEC library. Is called
automatically upon loading this module.
"""
# Initiate the libxml2 parser
libxml2.initParser()
libxml2.substituteEntitiesDefault(1)
# Initialize xmlsec
if xmlsec.init() < 0:
raise DSigError("Failed initializing xmlsec library")
if xmlsec.cryptoAppInit(None) < 0:
raise DSigError("Failed initializing crypto library")
if xmlsec.cryptoInit() < 0:
raise DSigError("Failed initializing xmlsec-crypto library")
def main():
secret_data = "Big secret"
assert(sys.argv)
if len(sys.argv) < 3:
print "Error: wrong number of arguments."
print "Usage: %s <xml-tmpl> <des-key-file>" % sys.argv[0]
return sys.exit(1)
# Init libxml library
libxml2.initParser()
libxml2.substituteEntitiesDefault(1)
# Init xmlsec library
if xmlsec.init() < 0:
print "Error: xmlsec initialization failed."
return sys.exit(-1)
# Check loaded library version
if xmlsec.checkVersion() != 1:
print "Error: loaded xmlsec library version is not compatible.\n"
sys.exit(-1)
# Init crypto library
if xmlsec.cryptoAppInit(None) < 0:
print "Error: crypto initialization failed."
# Init xmlsec-crypto library
if xmlsec.cryptoInit() < 0:
print "Error: xmlsec-crypto initialization failed."
res = encrypt_file(sys.argv[1], sys.argv[2], secret_data, len(secret_data))
# Shutdown xmlsec-crypto library
xmlsec.cryptoShutdown()
# Shutdown crypto library
xmlsec.cryptoAppShutdown()
# Shutdown xmlsec library
xmlsec.shutdown()
# Shutdown LibXML2
libxml2.cleanupParser()
sys.exit(res)
def init():
global usexml
if not usexml:
return
try:
# Init libxml library
libxml2.initParser()
libxml2.substituteEntitiesDefault(1)
# Init xmlsec library
assert xmlsec.init() >= 0, "Error: xmlsec initialization failed."
# Check loaded library version
assert xmlsec.checkVersion() == 1, "Error: loaded xmlsec library version is not compatible."
# Init crypto library
assert xmlsec.cryptoAppInit(None) >= 0, "Error: crypto initialization failed."
# Init xmlsec-crypto library
assert xmlsec.cryptoInit() >= 0, "Error: xmlsec-crypto initialization failed."
except:
usexml=False
def _init():
"""
Initialize necessary libraries (libxml2 and xmlsec).
Should be called once only: this is automatic when this module is imported.
Raises an exception if an error occurs.
"""
# Init libxml library
libxml2.initParser()
libxml2.substituteEntitiesDefault(1)
# Init xmlsec library
assert xmlsec.init() >= 0, "Error: xmlsec initialization failed."
# Check loaded library version
assert xmlsec.checkVersion(
) == 1, "Error: loaded xmlsec library version is not compatible."
# Init crypto library
assert xmlsec.cryptoAppInit(
None) >= 0, "Error: crypto initialization failed."
# Init xmlsec-crypto library
assert xmlsec.cryptoInit(
) >= 0, "Error: xmlsec-crypto initialization failed."
def lib_init():
# Init libxml library
libxml2.initParser()
libxml2.substituteEntitiesDefault(1)
# Init xmlsec library
if xmlsec.init() < 0:
raise(saml2.Error("Error: xmlsec initialization failed."))
# Check loaded library version
if xmlsec.checkVersion() != 1:
raise(saml2.Error(
"Error: loaded xmlsec library version is not compatible.\n"))
# Init crypto library
if xmlsec.cryptoAppInit(None) < 0:
raise(saml2.Error("Error: crypto initialization failed."))
# Init xmlsec-crypto library
if xmlsec.cryptoInit() < 0:
raise(saml2.Error("Error: xmlsec-crypto initialization failed."))
def _verifyXML(self, xml):
import libxml2
import xmlsec
dsigctx = None
doc = None
try:
# initialization
libxml2.initParser()
libxml2.substituteEntitiesDefault(1)
if xmlsec.init() < 0:
raise SignatureError('xmlsec init failed')
if xmlsec.checkVersion() != 1:
raise SignatureError('incompatible xmlsec library version %s' %
str(xmlsec.checkVersion()))
if xmlsec.cryptoAppInit(None) < 0:
raise SignatureError('crypto initialization failed')
if xmlsec.cryptoInit() < 0:
raise SignatureError('xmlsec-crypto initialization failed')
# load the input
doc = libxml2.parseDoc(xml)
if not doc or not doc.getRootElement():
raise SignatureError('error parsing input xml')
node = xmlsec.findNode(doc.getRootElement(), xmlsec.NodeSignature,
xmlsec.DSigNs)
if not node:
raise SignatureError("couldn't find root node")
dsigctx = xmlsec.DSigCtx()
key = xmlsec.cryptoAppKeyLoad(self.key_file, xmlsec.KeyDataFormatPem,
self.key_pwd, None, None)
if not key:
raise SignatureError('failed to load the private key %s' % self.key_file)
dsigctx.signKey = key
if key.setName(self.key_file) < 0:
raise SignatureError('failed to set key name')
if xmlsec.cryptoAppKeyCertLoad(key, self.cert_file, xmlsec.KeyDataFormatPem) < 0:
print "Error: failed to load pem certificate \"%s\"" % self.cert_file
return self.cleanup(doc, dsigctx)
# verify
if dsigctx.verify(node) < 0:
raise SignatureError('verification failed')
if dsigctx.status == xmlsec.DSigStatusSucceeded:
self.log("Signature is OK")
is_valid = True
else:
self.log("***************** Signature is INVALID ********************")
is_valid = False
finally:
if dsigctx:
dsigctx.destroy()
if doc:
doc.freeDoc()
xmlsec.cryptoShutdown()
xmlsec.shutdown()
libxml2.cleanupParser()
return is_valid
def _signXML(self, xml):
import libxml2
import xmlsec
dsigctx = None
doc = None
try:
# initialization
libxml2.initParser()
libxml2.substituteEntitiesDefault(1)
if xmlsec.init() < 0:
raise SignatureError('xmlsec init failed')
if xmlsec.checkVersion() != 1:
raise SignatureError('incompatible xmlsec library version %s' %
str(xmlsec.checkVersion()))
if xmlsec.cryptoAppInit(None) < 0:
raise SignatureError('crypto initialization failed')
if xmlsec.cryptoInit() < 0:
raise SignatureError('xmlsec-crypto initialization failed')
# load the input
doc = libxml2.parseDoc(xml)
if not doc or not doc.getRootElement():
raise SignatureError('error parsing input xml')
node = xmlsec.findNode(doc.getRootElement(), xmlsec.NodeSignature,
xmlsec.DSigNs)
if not node:
raise SignatureError("couldn't find root node")
# load the private key
key = xmlsec.cryptoAppKeyLoad(self.key_file, xmlsec.KeyDataFormatPem,
self.key_pwd, None, None)
if not key:
raise SignatureError('failed to load the private key %s' % self.key_file)
if xmlsec.cryptoAppKeyCertLoad(key, self.cert_file, xmlsec.KeyDataFormatPem) < 0:
print "Error: failed to load pem certificate \"%s\"" % self.cert_file
return self.cleanup(doc, dsigctx)
keymngr = xmlsec.KeysMngr()
xmlsec.cryptoAppDefaultKeysMngrInit(keymngr)
xmlsec.cryptoAppDefaultKeysMngrAdoptKey(keymngr, key)
dsigctx = xmlsec.DSigCtx(keymngr)
if key.setName(self.key_file) < 0:
raise SignatureError('failed to set key name')
# sign
if dsigctx.sign(node) < 0:
raise SignatureError('signing failed')
signed_xml = doc.serialize()
finally:
if dsigctx:
dsigctx.destroy()
if doc:
doc.freeDoc()
xmlsec.cryptoShutdown()
xmlsec.shutdown()
libxml2.cleanupParser()
return signed_xml
#!/usr/bin/python
# -*- coding: utf-8 -*-
import libxml2
import xmlsec
import os
DIRNAME = os.path.dirname(__file__)
if __name__ == u'__main__':
certificados = os.listdir(DIRNAME + 'certificados')
certificados.sort() # ?????
# Ativa as funções da API de criptografia
xmlsec.init()
xmlsec.cryptoAppInit(None)
xmlsec.cryptoInit()
#
# Prepara o gerenciador dos certificados confiáveis
#
certificados_confiaveis = xmlsec.KeysMngr()
xmlsec.cryptoAppDefaultKeysMngrInit(certificados_confiaveis)
for certificado in certificados:
certificados_confiaveis.certLoad(
filename=str(DIRNAME + 'certificados/' + certificado),
format=xmlsec.KeyDataFormatPem,
type=xmlsec.KeyDataTypeTrusted)
xmlsec.cryptoShutdown()
from __future__ import division, print_function, unicode_literals
import libxml2
import xmlsec
import os
DIRNAME = os.path.dirname(__file__)
if __name__ == u'__main__':
certificados = os.listdir(DIRNAME + 'certificados')
certificados.sort() # ?????
# Ativa as funções da API de criptografia
xmlsec.init()
xmlsec.cryptoAppInit(None)
xmlsec.cryptoInit()
#
# Prepara o gerenciador dos certificados confiáveis
#
certificados_confiaveis = xmlsec.KeysMngr()
xmlsec.cryptoAppDefaultKeysMngrInit(certificados_confiaveis)
for certificado in certificados:
certificados_confiaveis.certLoad(filename=str(DIRNAME + 'certificados/' + certificado), format=xmlsec.KeyDataFormatPem, type=xmlsec.KeyDataTypeTrusted)
xmlsec.cryptoShutdown()
xmlsec.cryptoAppShutdown()
xmlsec.shutdown()