def pre_signature_part(ident, public_key=None, identifier=None): """ If an assertion is to be signed the signature part has to be preset with which algorithms to be used, this function returns such a preset part. :param ident: The identifier of the assertion, so you know which assertion was signed :param public_key: The base64 part of a PEM file :return: A preset signature part """ signature_method = ds.SignatureMethod(algorithm=ds.SIG_RSA_SHA1) canonicalization_method = ds.CanonicalizationMethod( algorithm=ds.ALG_EXC_C14N) trans0 = ds.Transform(algorithm=ds.TRANSFORM_ENVELOPED) trans1 = ds.Transform(algorithm=ds.ALG_EXC_C14N) transforms = ds.Transforms(transform=[trans0, trans1]) digest_method = ds.DigestMethod(algorithm=ds.DIGEST_SHA1) reference = ds.Reference(uri="#%s" % ident, digest_value=ds.DigestValue(), transforms=transforms, digest_method=digest_method) signed_info = ds.SignedInfo( signature_method=signature_method, canonicalization_method=canonicalization_method, reference=reference) signature = ds.Signature(signed_info=signed_info, signature_value=ds.SignatureValue()) if identifier: signature.id = "Signature%d" % identifier if public_key: x509_data = ds.X509Data(x509_certificate=[ ds.X509DataType_X509Certificate(text=public_key) ]) key_info = ds.KeyInfo(x509_data=x509_data) signature.key_info = key_info return signature
def setup_class(self): self.signature_value = ds.SignatureValue()
def _create_signature(self): """Create an object that represents a SAML <Signature>. This must be filled with algorithms that the signing binary will apply in order to sign the whole message. Currently we enforce X509 signing. Example of the template:: <Signature xmlns="http://www.w3.org/2000/09/xmldsig#"> <SignedInfo> <CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/> <SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/> <Reference URI="#<Assertion ID>"> <Transforms> <Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/> <Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/> </Transforms> <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/> <DigestValue /> </Reference> </SignedInfo> <SignatureValue /> <KeyInfo> <X509Data /> </KeyInfo> </Signature> :return: XML <Signature> object """ canonicalization_method = xmldsig.CanonicalizationMethod() canonicalization_method.algorithm = xmldsig.ALG_EXC_C14N signature_method = xmldsig.SignatureMethod( algorithm=xmldsig.SIG_RSA_SHA1) transforms = xmldsig.Transforms() envelope_transform = xmldsig.Transform( algorithm=xmldsig.TRANSFORM_ENVELOPED) c14_transform = xmldsig.Transform(algorithm=xmldsig.ALG_EXC_C14N) transforms.transform = [envelope_transform, c14_transform] digest_method = xmldsig.DigestMethod(algorithm=xmldsig.DIGEST_SHA1) digest_value = xmldsig.DigestValue() reference = xmldsig.Reference() reference.uri = '#' + self.assertion_id reference.digest_method = digest_method reference.digest_value = digest_value reference.transforms = transforms signed_info = xmldsig.SignedInfo() signed_info.canonicalization_method = canonicalization_method signed_info.signature_method = signature_method signed_info.reference = reference key_info = xmldsig.KeyInfo() key_info.x509_data = xmldsig.X509Data() signature = xmldsig.Signature() signature.signed_info = signed_info signature.signature_value = xmldsig.SignatureValue() signature.key_info = key_info return signature