Exemple #1
0
    def sending(self, context):
        msgtype = "RacunZahtjev"
        if "PoslovniProstorZahtjev" in context.envelope: msgtype = "PoslovniProstorZahtjev"
    
        doc2 = libxml2.parseDoc(context.envelope)

        zahtjev = doc2.xpathEval('//*[local-name()="%s"]' % msgtype)[0]
        doc2.setRootElement(zahtjev)

        x = doc2.getRootElement().newNs('http://www.apis-it.hr/fin/2012/types/f73', 'tns')
 
        for i in doc2.xpathEval('//*'):
            i.setNs(x)

        libxml2.initParser()
        libxml2.substituteEntitiesDefault(1)

        xmlsec.init()
        xmlsec.cryptoAppInit(None)
        xmlsec.cryptoInit()

        doc2.getRootElement().setProp('Id', msgtype)
        xmlsec.addIDs(doc2, doc2.getRootElement(), ['Id'])    

        signNode = xmlsec.TmplSignature(doc2, xmlsec.transformExclC14NId(), xmlsec.transformRsaSha1Id(), None)

        doc2.getRootElement().addChild(signNode)
    
        refNode = signNode.addReference(xmlsec.transformSha1Id(), None, None, None)
        refNode.setProp('URI', '#%s' % msgtype)
        refNode.addTransform(xmlsec.transformEnvelopedId())
        refNode.addTransform(xmlsec.transformExclC14NId())
 
        dsig_ctx = xmlsec.DSigCtx()
        key = xmlsec.cryptoAppKeyLoad(keyFile, xmlsec.KeyDataFormatPem, None, None, None)
        dsig_ctx.signKey = key

        xmlsec.cryptoAppKeyCertLoad(key, certFile, xmlsec.KeyDataFormatPem)
        key.setName(keyFile)

        keyInfoNode = signNode.ensureKeyInfo(None)
        x509DataNode = keyInfoNode.addX509Data()
        xmlsec.addChild(x509DataNode, "X509IssuerSerial")
        xmlsec.addChild(x509DataNode, "X509Certificate")

        dsig_ctx.sign(signNode)
    
        if dsig_ctx is not None: dsig_ctx.destroy()
        context.envelope = """<?xml version="1.0" encoding="UTF-8"?>
        <soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/">
        <soapenv:Body>""" + doc2.serialize().replace('<?xml version="1.0" encoding="UTF-8"?>','') + """</soapenv:Body></soapenv:Envelope>""" # Ugly hack
    
        # Shutdown xmlsec-crypto library, ako ne radi HTTPS onda ovo treba zakomentirati da ga ne ugasi prije reda
        xmlsec.cryptoShutdown()
        xmlsec.shutdown()
        libxml2.cleanupParser()

        return context
Exemple #2
0
    def sending(self, context):
        msgtype = "RacunZahtjev"
        if "PoslovniProstorZahtjev" in context.envelope: msgtype = "PoslovniProstorZahtjev"
    
        doc2 = libxml2.parseDoc(context.envelope)

        zahtjev = doc2.xpathEval('//*[local-name()="%s"]' % msgtype)[0]
        doc2.setRootElement(zahtjev)

        x = doc2.getRootElement().newNs('http://www.apis-it.hr/fin/2012/types/f73', 'tns')
 
        for i in doc2.xpathEval('//*'):
            i.setNs(x)

        libxml2.initParser()
        libxml2.substituteEntitiesDefault(1)

        xmlsec.init()
        xmlsec.cryptoAppInit(None)
        xmlsec.cryptoInit()

        doc2.getRootElement().setProp('Id', msgtype)
        xmlsec.addIDs(doc2, doc2.getRootElement(), ['Id'])    

        signNode = xmlsec.TmplSignature(doc2, xmlsec.transformExclC14NId(), xmlsec.transformRsaSha1Id(), None)

        doc2.getRootElement().addChild(signNode)
    
        refNode = signNode.addReference(xmlsec.transformSha1Id(), None, None, None)
        refNode.setProp('URI', '#%s' % msgtype)
        refNode.addTransform(xmlsec.transformEnvelopedId())
        refNode.addTransform(xmlsec.transformExclC14NId())
 
        dsig_ctx = xmlsec.DSigCtx()
        key = xmlsec.cryptoAppKeyLoad(keyFile, xmlsec.KeyDataFormatPem, None, None, None)
        dsig_ctx.signKey = key

        xmlsec.cryptoAppKeyCertLoad(key, certFile, xmlsec.KeyDataFormatPem)
        key.setName(keyFile)

        keyInfoNode = signNode.ensureKeyInfo(None)
        x509DataNode = keyInfoNode.addX509Data()
        xmlsec.addChild(x509DataNode, "X509IssuerSerial")
        xmlsec.addChild(x509DataNode, "X509Certificate")

        dsig_ctx.sign(signNode)
    
        if dsig_ctx is not None: dsig_ctx.destroy()
        context.envelope = """<?xml version="1.0" encoding="UTF-8"?>
        <soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/">
        <soapenv:Body>""" + doc2.serialize().replace('<?xml version="1.0" encoding="UTF-8"?>','') + """</soapenv:Body></soapenv:Envelope>""" # Ugly hack
    
        # Shutdown xmlsec-crypto library, ako ne radi HTTPS onda ovo treba zakomentirati da ga ne ugasi prije reda
        xmlsec.cryptoShutdown()
        xmlsec.shutdown()
        libxml2.cleanupParser()

        return context
Exemple #3
0
def sign_file(xml_file, key_file):
    assert (xml_file)
    assert (key_file)

    # Load template
    doc = libxml2.parseFile(xml_file)
    if doc is None or doc.getRootElement() is None:
        print "Error: unable to parse file \"%s\"" % xml_file
        return cleanup(doc)

    # Create signature template for RSA-SHA1 enveloped signature
    signNode = xmlsec.TmplSignature(doc, xmlsec.transformExclC14NId(),
                                    xmlsec.transformRsaSha1Id(), None)
    if signNode is None:
        print "Error: failed to create signature template"
        return cleanup(doc)

    # Add <dsig:Signature/> node to the doc
    doc.getRootElement().addChild(signNode)

    # Add reference
    refNode = signNode.addReference(xmlsec.transformSha1Id(), None, None, None)
    if refNode is None:
        print "Error: failed to add reference to signature template"
        return cleanup(doc)

    # Add enveloped transform
    if refNode.addTransform(xmlsec.transformEnvelopedId()) is None:
        print "Error: failed to add enveloped transform to reference"
        return cleanup(doc)

    # Add <dsig:KeyInfo/> and <dsig:KeyName/> nodes to put key name
    # in the signed document
    keyInfoNode = signNode.ensureKeyInfo(None)
    if keyInfoNode is None:
        print "Error: failed to add key info"
        return cleanup(doc)

    keyNameInfo = keyInfoNode.addKeyName(None)
    if keyNameInfo is None:
        print "Error: failed to add key name"
        return cleanup(doc)

    # Create signature context, we don't need keys manager in this example
    dsig_ctx = xmlsec.DSigCtx()
    if dsig_ctx is None:
        print "Error: failed to create signature context"
        return cleanup(doc)

    # Load private key, assuming that there is not password
    key = xmlsec.cryptoAppKeyLoad(key_file, xmlsec.KeyDataFormatPem, None,
                                  None, None)
    if key is None:
        print "Error: failed to load private pem key from \"%s\"" % key_file
        return cleanup(doc, dsig_ctx)
    dsig_ctx.signKey = key

    # Set key name to the file name, this is just an example!
    if key.setName(key_file) < 0:
        print "Error: failed to set key name for key from \"%s\"" % key_file
        return cleanup(doc, dsig_ctx)

    # Sign the template
    if dsig_ctx.sign(signNode) < 0:
        print "Error: signature failed"
        return cleanup(doc, dsig_ctx)

    # Print signed document to stdout
    doc.dump("-")

    # Success
    return cleanup(doc, dsig_ctx, 1)
Exemple #4
0
def verify_file(mngr, xml_file):
    assert(mngr)
    assert(xml_file)

    # Load XML file
    if not check_filename(xml_file):
        return -1
    doc = libxml2.parseFile(xml_file)
    if doc is None or doc.getRootElement() is None:
	print "Error: unable to parse file \"%s\"" % tmpl_file
        return cleanup(doc)

    # Find start node
    node = xmlsec.findNode(doc.getRootElement(),
                           xmlsec.NodeSignature, xmlsec.DSigNs)
    if node is None:
        print "Error: start node not found in \"%s\"", xml_file

    # Create signature context
    dsig_ctx = xmlsec.DSigCtx(mngr)
    if dsig_ctx is None:
        print "Error: failed to create signature context"
        return cleanup(doc)

    # Limit the Reference URI attributes to empty or None
    dsig_ctx.enabledReferenceUris = xmlsec.TransformUriTypeEmpty

    # Limit allowed transforms for signature and reference processing
    if (dsig_ctx.enableSignatureTransform(xmlsec.transformInclC14NId()) < 0 or
        dsig_ctx.enableSignatureTransform(xmlsec.transformExclC14NId()) < 0 or
        dsig_ctx.enableSignatureTransform(xmlsec.transformSha1Id())     < 0 or
        dsig_ctx.enableSignatureTransform(xmlsec.transformRsaSha1Id())  < 0):
        print "Error: failed to limit allowed signature transforms"
        return cleanup(doc, dsig_ctx)
    if (dsig_ctx.enableReferenceTransform(xmlsec.transformInclC14NId()) < 0 or
        dsig_ctx.enableReferenceTransform(xmlsec.transformExclC14NId()) < 0 or
        dsig_ctx.enableReferenceTransform(xmlsec.transformSha1Id())     < 0 or
        dsig_ctx.enableReferenceTransform(xmlsec.transformEnvelopedId())< 0):
        print "Error: failed to limit allowed reference transforms"
        return cleanup(doc, dsig_ctx)

    # In addition, limit possible key data to valid X509 certificates only
    if dsig_ctx.keyInfoReadCtx.enabledKeyData.add(xmlsec.keyDataX509Id()) < 0:
        print "Error: failed to limit allowed key data"
        return cleanup(doc, dsig_ctx)

    # Verify signature
    if dsig_ctx.verify(node) < 0:
        print "Error: signature verify"
        return cleanup(doc, dsig_ctx)

    # Check that we have only one Reference
    if (dsig_ctx.status == xmlsec.DSigStatusSucceeded and
        dsig_ctx.signedInfoReferences.getSize() != 1):
        print "Error: only one reference is allowed"
        return cleanup(doc, dsig_ctx)

    # Print verification result to stdout
    if dsig_ctx.status == xmlsec.DSigStatusSucceeded:
        print "Signature is OK"
    else:
        print "Signature is INVALID"

    # Success
    return cleanup(doc, dsig_ctx, 1)
Exemple #5
0
def sign_file(xml_file, key_file, cert_file):
    assert(xml_file)
    assert(key_file)
    assert(cert_file)

    # Load template
    if not check_filename(xml_file):
        return -1
    doc = libxml2.parseFile(xml_file)
    if doc is None or doc.getRootElement() is None:
	print "Error: unable to parse file \"%s\"" % xml_file
        return cleanup(doc)

    # Create signature template for RSA-SHA1 enveloped signature
    signNode = xmlsec.TmplSignature(doc, xmlsec.transformExclC14NId(),
                                    xmlsec.transformRsaSha1Id(), None)
    if signNode is None:
        print "Error: failed to create signature template"
        return cleanup(doc)
    
    # Add <dsig:Signature/> node to the doc
    doc.getRootElement().addChild(signNode)

    # Add reference
    refNode = signNode.addReference(xmlsec.transformSha1Id(),
                                    None, None, None)
    if refNode is None:
        print "Error: failed to add reference to signature template"
        return cleanup(doc)

    # Add enveloped transform
    if refNode.addTransform(xmlsec.transformEnvelopedId()) is None:
        print "Error: failed to add enveloped transform to reference"
        return cleanup(doc)

    # Add <dsig:KeyInfo/> and <dsig:X509Data/>
    keyInfoNode = signNode.ensureKeyInfo(None)
    if keyInfoNode is None:
        print "Error: failed to add key info"
        return cleanup(doc)
    
    if keyInfoNode.addX509Data() is None:
        print "Error: failed to add X509Data node"
        return cleanup(doc)

    # Create signature context, we don't need keys manager in this example
    dsig_ctx = xmlsec.DSigCtx()
    if dsig_ctx is None:
        print "Error: failed to create signature context"
        return cleanup(doc)

    # Load private key, assuming that there is not password
    if not check_filename(key_file):
        return cleanup(doc, dsig_ctx)
    key = xmlsec.cryptoAppKeyLoad(key_file, xmlsec.KeyDataFormatPem,
                                  None, None, None)
    if key is None:
        print "Error: failed to load private pem key from \"%s\"" % key_file
        return cleanup(doc, dsig_ctx)
    dsig_ctx.signKey = key

    # Load certificate and add to the key
    if not check_filename(cert_file):
        return cleanup(doc, dsig_ctx)
    if xmlsec.cryptoAppKeyCertLoad(key, cert_file, xmlsec.KeyDataFormatPem) < 0:
        print "Error: failed to load pem certificate \"%s\"" % cert_file
        return cleanup(doc, dsig_ctx)

    # Set key name to the file name, this is just an example!
    if key.setName(key_file) < 0:
        print "Error: failed to set key name for key from \"%s\"" % key_file
        return cleanup(doc, dsig_ctx)

    # Sign the template
    if dsig_ctx.sign(signNode) < 0:
        print "Error: signature failed"
        return cleanup(doc, dsig_ctx)

    # Print signed document to stdout
    doc.dump("-")

    # Success
    return cleanup(doc, dsig_ctx, 1)
Exemple #6
0
def verify_file(mngr, xml_file):
    assert (mngr)
    assert (xml_file)

    # Load XML file
    if not check_filename(xml_file):
        return -1
    doc = libxml2.parseFile(xml_file)
    if doc is None or doc.getRootElement() is None:
        print "Error: unable to parse file \"%s\"" % tmpl_file
        return cleanup(doc)

    # Find start node
    node = xmlsec.findNode(doc.getRootElement(), xmlsec.NodeSignature,
                           xmlsec.DSigNs)
    if node is None:
        print "Error: start node not found in \"%s\"", xml_file

    # Create signature context
    dsig_ctx = xmlsec.DSigCtx(mngr)
    if dsig_ctx is None:
        print "Error: failed to create signature context"
        return cleanup(doc)

    # Limit the Reference URI attributes to empty or None
    dsig_ctx.enabledReferenceUris = xmlsec.TransformUriTypeEmpty

    # Limit allowed transforms for signature and reference processing
    if (dsig_ctx.enableSignatureTransform(xmlsec.transformInclC14NId()) < 0 or
            dsig_ctx.enableSignatureTransform(xmlsec.transformExclC14NId()) < 0
            or dsig_ctx.enableSignatureTransform(xmlsec.transformSha1Id()) < 0
            or dsig_ctx.enableSignatureTransform(
                xmlsec.transformRsaSha1Id()) < 0):
        print "Error: failed to limit allowed signature transforms"
        return cleanup(doc, dsig_ctx)
    if (dsig_ctx.enableReferenceTransform(xmlsec.transformInclC14NId()) < 0 or
            dsig_ctx.enableReferenceTransform(xmlsec.transformExclC14NId()) < 0
            or dsig_ctx.enableReferenceTransform(xmlsec.transformSha1Id()) < 0
            or dsig_ctx.enableReferenceTransform(
                xmlsec.transformEnvelopedId()) < 0):
        print "Error: failed to limit allowed reference transforms"
        return cleanup(doc, dsig_ctx)

    # In addition, limit possible key data to valid X509 certificates only
    if dsig_ctx.keyInfoReadCtx.enabledKeyData.add(xmlsec.keyDataX509Id()) < 0:
        print "Error: failed to limit allowed key data"
        return cleanup(doc, dsig_ctx)

    # Verify signature
    if dsig_ctx.verify(node) < 0:
        print "Error: signature verify"
        return cleanup(doc, dsig_ctx)

    # Check that we have only one Reference
    if (dsig_ctx.status == xmlsec.DSigStatusSucceeded
            and dsig_ctx.signedInfoReferences.getSize() != 1):
        print "Error: only one reference is allowed"
        return cleanup(doc, dsig_ctx)

    # Print verification result to stdout
    if dsig_ctx.status == xmlsec.DSigStatusSucceeded:
        print "Signature is OK"
    else:
        print "Signature is INVALID"

    # Success
    return cleanup(doc, dsig_ctx, 1)
Exemple #7
0
 def _determine_transform_format(formatstring):
     """Translates strings to all transform methods of the pyXMLsec library.
     This should actually sort out which value could be used where, but for 
     now, it works :-).
     """
     if formatstring == 'aes128-cbc':
         result = xmlsec.transformAes128CbcId()
     elif formatstring == 'aes192-cbc':
         result = xmlsec.transformAes192CbcId()
     elif formatstring == 'aes256-cbc':
         result = xmlsec.transformAes256CbcId()
     elif formatstring == 'kw-aes128':
         result = xmlsec.transformKWAes128Id()
     elif formatstring == 'kw-aes192':
         result = xmlsec.transformKWAes192Id()
     elif formatstring == 'kw-aes256':
         result = xmlsec.transformKWAes256Id()
     elif formatstring == 'des3-cbc':
         result = xmlsec.transformDes3CbcId()
     elif formatstring == 'kw-des3':
         result = xmlsec.transformKWDes3Id()
     elif formatstring == 'dsa-sha1':
         result = xmlsec.transformDsaSha1Id()
     elif formatstring == 'hmac-md5':
         result = xmlsec.transformHmacMd5Id()
     elif formatstring == 'hmac-ripemd160':
         result = xmlsec.transformHmacRipemd160Id()
     elif formatstring == 'hmac-sha1':
         result = xmlsec.transformHmacSha1Id()
     elif formatstring == 'hmac-sha224':
         result = xmlsec.transformHmacSha224Id()
     elif formatstring == 'hmac-sha256':
         result = xmlsec.transformHmacSha256Id()
     elif formatstring == 'hmac-sha384':
         result = xmlsec.transformHmacSha384Id()
     elif formatstring == 'hmac-sha512':
         result = xmlsec.transformHmacSha512Id()
     elif formatstring == 'hmac-md5':
         result = xmlsec.transformMd5Id()
     elif formatstring == 'ripemd160':
         result = xmlsec.transformRipemd160Id()
     elif formatstring == 'rsa-md5':
         result = xmlsec.transformRsaMd5Id()
     elif formatstring == 'rsa-ripemd160':
         result = xmlsec.transformRsaRipemd160Id()
     elif formatstring == 'rsa-sha1':
         result = xmlsec.transformRsaSha1Id()
     elif formatstring == 'rsa-sha224':
         result = xmlsec.transformRsaSha224Id()
     elif formatstring == 'rsa-sha256':
         result = xmlsec.transformRsaSha256Id()
     elif formatstring == 'rsa-sha384':
         result = xmlsec.transformRsaSha384Id()
     elif formatstring == 'rsa-sha512':
         result = xmlsec.transformRsaSha512Id()
     elif formatstring == 'rsa-pkcs1':
         result = xmlsec.transformRsaPkcs1Id()
     elif formatstring == 'rsa-oaep':
         result = xmlsec.transformRsaOaepId()
     elif formatstring == 'sha1':
         result = xmlsec.transformSha1Id()
     elif formatstring == 'sha224':
         result = xmlsec.transformSha224Id()
     elif formatstring == 'sha256':
         result = xmlsec.transformSha256Id()
     elif formatstring == 'sha384':
         result = xmlsec.transformSha384Id()
     elif formatstring == 'sha512':
         result = xmlsec.transformSha512Id()
     elif formatstring == 'base64':
         result = xmlsec.transformBase64Id()
     elif formatstring == 'inc-c14n':
         result = xmlsec.transformInclC14NId()
     elif formatstring == 'inc-c14n-with-comments':
         result = xmlsec.transformInclC14NWithCommentsId()
     elif formatstring == 'exc-c14n':
         result = xmlsec.transformExclC14NId()
     elif formatstring == 'exc-c14n-with-comments':
         result = xmlsec.transformExclC14NWithCommentsId()
     elif formatstring in ('enveloped', 'enveloped-signature'):
         result = xmlsec.transformEnvelopedId()
     elif formatstring in ('xpath', 'xpath-19991116', 'xmldsig-filter'):
         result = xmlsec.transformXPathId()
     elif formatstring in ('xpath2', 'xmldsig-filter2'):
         result = xmlsec.transformXPath2Id()
     elif formatstring == 'xpointer':
         result = xmlsec.transformXPointerId()
     elif formatstring in ('xslt', 'xslt-19991116'):
         result = xmlsec.transformXsltId()
     elif formatstring == 'remove-xml-tags-transform':
         result = xmlsec.transformRemoveXmlTagsC14NId()
     elif formatstring == 'visa3d-hack':
         result = xmlsec.transformVisa3DHackId()
     else:
         raise DSigError('Unknown transform: %s' % formatstring)
     
     if result is None:
         raise DSigError('Transform %s not available' % formatstring)
     else:
         return result
Exemple #8
0
def signXml(xmlStr, key_file,cert_file, id=None ):
    init()
    result = None
    doc = libxml2.parseDoc(xmlStr)
    if doc is None or doc.getRootElement() is None:
	print "Error: unable to parse file \"%s\"" % xml_file
        cleanup(doc)
        return result

    # Create signature template for RSA-SHA1 enveloped signature
    signNode = xmlsec.TmplSignature(doc, xmlsec.transformExclC14NId(),
                                    xmlsec.transformRsaSha1Id(), id)
    #signNode.setNs('ds')
    if signNode is None:
        print "Error: failed to create signature template"
        cleanup(doc)
        return result
    
    # Add <dsig:Signature/> node to the doc
    doc.getRootElement().addChild(signNode)

    # Add reference
    refNode = signNode.addReference(xmlsec.transformSha1Id(),
                                    None, None, None)
    if refNode is None:
        print "Error: failed to add reference to signature template"
        cleanup(doc)
        return result

    # Add enveloped transform
    if refNode.addTransform(xmlsec.transformEnvelopedId()) is None:
        print "Error: failed to add enveloped transform to reference"
        cleanup(doc)
        return result

    # Add <dsig:KeyInfo/> and <dsig:X509Data/>
    keyInfoNode = signNode.ensureKeyInfo(None)
    if keyInfoNode is None:
        print "Error: failed to add key info"
        cleanup(doc)
        return result
    
    if keyInfoNode.addX509Data() is None:
        print "Error: failed to add X509Data node"
        cleanup(doc)
        return result

    # Create signature context, we don't need keys manager in this example
    dsig_ctx = xmlsec.DSigCtx()
    if dsig_ctx is None:
        print "Error: failed to create signature context"
        cleanup(doc)
        return result

    # Load private key, assuming that there is not password
    key = xmlsec.cryptoAppKeyLoad(key_file, xmlsec.KeyDataFormatPem,
                                  None, None, None)
    if key is None:
        print "Error: failed to load private pem key from \"%s\"" % key_file
        cleanup(doc, dsig_ctx)
        return result
    dsig_ctx.signKey = key

    # Load certificate and add to the key
    if xmlsec.cryptoAppKeyCertLoad(key, cert_file, xmlsec.KeyDataFormatPem) < 0:
        print "Error: failed to load pem certificate \"%s\"" % cert_file
        cleanup(doc, dsig_ctx)
        return result

    # Set key name to the file name, this is just an example!
    #if key.setName(key_file) < 0:
    #   print "Error: failed to set key name for key from \"%s\"" % key_file
    #    cleanup(doc, dsig_ctx)
    #   return result

    # Sign the template
    print signNode
    if dsig_ctx.sign(signNode) < 0:
        print "Error: signature failed"
        cleanup(doc, dsig_ctx)
        return result

    # Print signed document to stdout
    #doc.dump("-")
    result = doc.serialize()
    # Success
    cleanup(doc, dsig_ctx, 1)
    return result
Exemple #9
0
    def _determine_transform_format(formatstring):
        """Translates strings to all transform methods of the pyXMLsec library.
        This should actually sort out which value could be used where, but for 
        now, it works :-).
        """
        if formatstring == 'aes128-cbc':
            result = xmlsec.transformAes128CbcId()
        elif formatstring == 'aes192-cbc':
            result = xmlsec.transformAes192CbcId()
        elif formatstring == 'aes256-cbc':
            result = xmlsec.transformAes256CbcId()
        elif formatstring == 'kw-aes128':
            result = xmlsec.transformKWAes128Id()
        elif formatstring == 'kw-aes192':
            result = xmlsec.transformKWAes192Id()
        elif formatstring == 'kw-aes256':
            result = xmlsec.transformKWAes256Id()
        elif formatstring == 'des3-cbc':
            result = xmlsec.transformDes3CbcId()
        elif formatstring == 'kw-des3':
            result = xmlsec.transformKWDes3Id()
        elif formatstring == 'dsa-sha1':
            result = xmlsec.transformDsaSha1Id()
        elif formatstring == 'hmac-md5':
            result = xmlsec.transformHmacMd5Id()
        elif formatstring == 'hmac-ripemd160':
            result = xmlsec.transformHmacRipemd160Id()
        elif formatstring == 'hmac-sha1':
            result = xmlsec.transformHmacSha1Id()
        elif formatstring == 'hmac-sha224':
            result = xmlsec.transformHmacSha224Id()
        elif formatstring == 'hmac-sha256':
            result = xmlsec.transformHmacSha256Id()
        elif formatstring == 'hmac-sha384':
            result = xmlsec.transformHmacSha384Id()
        elif formatstring == 'hmac-sha512':
            result = xmlsec.transformHmacSha512Id()
        elif formatstring == 'hmac-md5':
            result = xmlsec.transformMd5Id()
        elif formatstring == 'ripemd160':
            result = xmlsec.transformRipemd160Id()
        elif formatstring == 'rsa-md5':
            result = xmlsec.transformRsaMd5Id()
        elif formatstring == 'rsa-ripemd160':
            result = xmlsec.transformRsaRipemd160Id()
        elif formatstring == 'rsa-sha1':
            result = xmlsec.transformRsaSha1Id()
        elif formatstring == 'rsa-sha224':
            result = xmlsec.transformRsaSha224Id()
        elif formatstring == 'rsa-sha256':
            result = xmlsec.transformRsaSha256Id()
        elif formatstring == 'rsa-sha384':
            result = xmlsec.transformRsaSha384Id()
        elif formatstring == 'rsa-sha512':
            result = xmlsec.transformRsaSha512Id()
        elif formatstring == 'rsa-pkcs1':
            result = xmlsec.transformRsaPkcs1Id()
        elif formatstring == 'rsa-oaep':
            result = xmlsec.transformRsaOaepId()
        elif formatstring == 'sha1':
            result = xmlsec.transformSha1Id()
        elif formatstring == 'sha224':
            result = xmlsec.transformSha224Id()
        elif formatstring == 'sha256':
            result = xmlsec.transformSha256Id()
        elif formatstring == 'sha384':
            result = xmlsec.transformSha384Id()
        elif formatstring == 'sha512':
            result = xmlsec.transformSha512Id()
        elif formatstring == 'base64':
            result = xmlsec.transformBase64Id()
        elif formatstring == 'inc-c14n':
            result = xmlsec.transformInclC14NId()
        elif formatstring == 'inc-c14n-with-comments':
            result = xmlsec.transformInclC14NWithCommentsId()
        elif formatstring == 'exc-c14n':
            result = xmlsec.transformExclC14NId()
        elif formatstring == 'exc-c14n-with-comments':
            result = xmlsec.transformExclC14NWithCommentsId()
        elif formatstring in ('enveloped', 'enveloped-signature'):
            result = xmlsec.transformEnvelopedId()
        elif formatstring in ('xpath', 'xpath-19991116', 'xmldsig-filter'):
            result = xmlsec.transformXPathId()
        elif formatstring in ('xpath2', 'xmldsig-filter2'):
            result = xmlsec.transformXPath2Id()
        elif formatstring == 'xpointer':
            result = xmlsec.transformXPointerId()
        elif formatstring in ('xslt', 'xslt-19991116'):
            result = xmlsec.transformXsltId()
        elif formatstring == 'remove-xml-tags-transform':
            result = xmlsec.transformRemoveXmlTagsC14NId()
        elif formatstring == 'visa3d-hack':
            result = xmlsec.transformVisa3DHackId()
        else:
            raise XMLDSIGError('Unknown transform: %s' % formatstring)

        if result is None:
            raise XMLDSIGError('Transform %s not available' % formatstring)
        else:
            return result