def _c14n_parse_test(data, remove_whitespace=True, remove_comments=True):
xml = xmlsec.parse_xml(data,
remove_whitespace=remove_whitespace,
remove_comments=remove_comments)
out = xmlsec._c14n(xml, False, with_comments=(not remove_comments))
print "C14N output (remove_whitespace={}, remove_comments={}) :\n{}".format(
remove_whitespace, remove_comments, out)
return out
def sign_statement(self, statement, _class_name, key_file, node_id,
_id_attr):
"""
Sign an XML statement.
The parameters actually used in this CryptoBackend
implementation are :
:param statement: XML as string
:param key_file: xmlsec key_spec string(), filename,
"pkcs11://" URI or PEM data
:returns: Signed XML as string
"""
import xmlsec
import lxml.etree
xml = xmlsec.parse_xml(statement)
signed = xmlsec.sign(xml, key_file)
return lxml.etree.tostring(signed, xml_declaration=True)
def sign_statement(self, statement, _class_name, key_file, node_id,
_id_attr):
"""
Sign an XML statement.
The parameters actually used in this CryptoBackend
implementation are :
:param statement: XML as string
:param key_file: xmlsec key_spec string(), filename,
"pkcs11://" URI or PEM data
:returns: Signed XML as string
"""
import xmlsec
import lxml.etree
xml = xmlsec.parse_xml(statement)
signed = xmlsec.sign(xml, key_file)
return lxml.etree.tostring(signed, xml_declaration=True)
def validate_signature(self, signedtext, cert_file, cert_type, _node_name,
_node_id, _id_attr):
"""
Validate signature on XML document.
The parameters actually used in this CryptoBackend
implementation are :
:param signedtext: The signed XML data as string
:param cert_file: xmlsec key_spec string(), filename,
"pkcs11://" URI or PEM data
:param cert_type: string, must be 'pem' for now
:returns: True on successful validation, False otherwise
"""
if cert_type != "pem":
raise Unsupported("Only PEM certs supported here")
import xmlsec
xml = xmlsec.parse_xml(signedtext)
try:
return xmlsec.verify(xml, cert_file)
except xmlsec.XMLSigException:
return False
def validate_signature(self, signedtext, cert_file, cert_type, _node_name,
_node_id, _id_attr):
"""
Validate signature on XML document.
The parameters actually used in this CryptoBackend
implementation are :
:param signedtext: The signed XML data as string
:param cert_file: xmlsec key_spec string(), filename,
"pkcs11://" URI or PEM data
:param cert_type: string, must be 'pem' for now
:returns: True on successful validation, False otherwise
"""
if cert_type != "pem":
raise Unsupported("Only PEM certs supported here")
import xmlsec
xml = xmlsec.parse_xml(signedtext)
try:
return xmlsec.verify(xml, cert_file)
except xmlsec.XMLSigException:
return False
def _c14n_parse_test(data, remove_whitespace=True, remove_comments=True):
xml = xmlsec.parse_xml(data, remove_whitespace=remove_whitespace, remove_comments=remove_comments)
out = xmlsec._c14n(xml, False, with_comments=(not remove_comments))
print "C14N output (remove_whitespace={}, remove_comments={}) :\n{}".format(remove_whitespace, remove_comments, out)
return out
def as_etree(self, n, remove_whitespace=False, remove_comments=False):
return xmlsec.parse_xml(self.as_buf(n), remove_whitespace=remove_whitespace, remove_comments=remove_comments)
def as_etree(self, n, remove_whitespace=False, remove_comments=False):
return xmlsec.parse_xml(self.as_buf(n), remove_whitespace=remove_whitespace, remove_comments=remove_comments)
