Ejemplo n.º 1
0
def test_xmlsec_output_line_parsing():
    output1 = "prefix\nOK\npostfix"
    assert sigver.parse_xmlsec_output(output1)

    output2 = "prefix\nFAIL\npostfix"
    raises(sigver.XmlsecError, sigver.parse_xmlsec_output, output2)

    output3 = "prefix\r\nOK\r\npostfix"
    assert sigver.parse_xmlsec_output(output3)

    output4 = "prefix\r\nFAIL\r\npostfix"
    raises(sigver.XmlsecError, sigver.parse_xmlsec_output, output4)
Ejemplo n.º 2
0
def decrypt_message(enctext,
                    xmlsec_binary,
                    key_file=None,
                    key_file_type="privkey-pem",
                    cafile=None,
                    epath=None,
                    id_attr="",
                    node_name="",
                    node_id=None,
                    debug=False):
    """ Decrypts an encrypted part of a XML document.

    :param enctext: XML document containing an encrypted part
    :param xmlsec_binary: The xmlsec1 binaries to be used
    :param key_file: The key used to decrypt the message
    :param key_file_type: The key file type
    :param node_name: The SAML class of the root node in the message
    :param node_id: The identifier of the root node if any
    :param id_attr: Should normally be one of "id", "Id" or "ID"
    :param debug: To debug or not
    :return: The decrypted document if all was OK otherwise will raise an
        exception.
    """

    if not id_attr:
        id_attr = ID_ATTR

    _, fil = make_temp(enctext, decode=False)

    com_list = [xmlsec_binary, "--decrypt", "--%s" % key_file_type, key_file]

    if key_file_type in [
            "privkey-pem", "privkey-der", "pkcs8-pem", "pkcs8-der"
    ]:
        if isinstance(cafile, basestring):
            com_list.append(cafile)
        else:
            com_list.extend(cafile)

    if id_attr:
        com_list.extend(["--id-attr:%s" % id_attr, node_name])

    elif epath:
        xpath = create_xpath(epath)
        com_list.extend(['--node-xpath', xpath])

    #    if debug:
#        com_list.append("--store-signatures")

    if node_id:
        com_list.extend(["--node-id", node_id])

    com_list.append(fil)

    if debug:
        try:
            print " ".join(com_list)
        except TypeError:
            print "key_file_type", key_file_type
            print "key_file", key_file
            print "node_name", node_name
            print "fil", fil
            raise
        print "%s: %s" % (key_file, os.access(key_file, os.F_OK))
        print "%s: %s" % (fil, os.access(fil, os.F_OK))

    pof = Popen(com_list, stderr=PIPE, stdout=PIPE)
    p_out = pof.stdout.read()
    try:
        p_err = pof.stderr.read()
        if debug:
            print p_err
        verified = parse_xmlsec_output(p_err)
    except XmlsecError, exc:
        logger(LOG_LINE % (p_out, exc))
        raise DecryptionError("%s" % (exc, ))
Ejemplo n.º 3
0
def decrypt_message(enctext, xmlsec_binary, key_file=None,
                    key_file_type="privkey-pem", cafile=None,
                    epath=None, id_attr="",
                    node_name="", node_id=None, debug=False):
    """ Decrypts an encrypted part of a XML document.

    :param enctext: XML document containing an encrypted part
    :param xmlsec_binary: The xmlsec1 binaries to be used
    :param key_file: The key used to decrypt the message
    :param key_file_type: The key file type
    :param node_name: The SAML class of the root node in the message
    :param node_id: The identifier of the root node if any
    :param id_attr: Should normally be one of "id", "Id" or "ID"
    :param debug: To debug or not
    :return: The decrypted document if all was OK otherwise will raise an
        exception.
    """

    if not id_attr:
        id_attr = ID_ATTR

    _, fil = make_temp(enctext, decode=False)

    com_list = [xmlsec_binary, "--decrypt",
                "--%s" % key_file_type, key_file]

    if key_file_type in ["privkey-pem", "privkey-der", "pkcs8-pem",
                         "pkcs8-der"]:
        if isinstance(cafile, basestring):
            com_list.append(cafile)
        else:
            com_list.extend(cafile)

    if id_attr:
        com_list.extend(["--id-attr:%s" % id_attr, node_name])

    elif epath:
        xpath = create_xpath(epath)
        com_list.extend(['--node-xpath', xpath])

    #    if debug:
#        com_list.append("--store-signatures")

    if node_id:
        com_list.extend(["--node-id", node_id])

    com_list.append(fil)

    if debug:
        try:
            print " ".join(com_list)
        except TypeError:
            print "key_file_type", key_file_type
            print "key_file", key_file
            print "node_name", node_name
            print "fil", fil
            raise
        print "%s: %s" % (key_file, os.access(key_file, os.F_OK))
        print "%s: %s" % (fil, os.access(fil, os.F_OK))

    pof = Popen(com_list, stderr=PIPE, stdout=PIPE)
    p_out = pof.stdout.read()
    try:
        p_err = pof.stderr.read()
        if debug:
            print p_err
        verified = parse_xmlsec_output(p_err)
    except XmlsecError, exc:
        logger(LOG_LINE % (p_out, exc))
        raise DecryptionError("%s" % (exc,))