def received(self, context): self.poruka_odgovor = context.reply libxml2.initParser() libxml2.substituteEntitiesDefault(1) xmlsec.init() xmlsec.cryptoAppInit(None) xmlsec.cryptoInit() mngr = xmlsec.KeysMngr() xmlsec.cryptoAppDefaultKeysMngrInit(mngr) #mngr.certLoad(verifyCertFile, xmlsec.KeyDataFormatPem, xmlsec.KeyDataTypeTrusted) mngr.certLoad(certFile, xmlsec.KeyDataFormatPem, xmlsec.KeyDataTypeTrusted) doc = libxml2.parseDoc(context.reply) xmlsec.addIDs(doc, doc.getRootElement(), ['Id']) node = xmlsec.findNode(doc.getRootElement(), xmlsec.NodeSignature, xmlsec.DSigNs) dsig_ctx = xmlsec.DSigCtx(mngr) dsig_ctx.verify(node) if(dsig_ctx.status == xmlsec.DSigStatusSucceeded): self.valid_signature = 1 xmlsec.cryptoShutdown() xmlsec.cryptoAppShutdown() xmlsec.shutdown() libxml2.cleanupParser() return context
def received(self, context): self.poruka_odgovor = context.reply libxml2.initParser() libxml2.substituteEntitiesDefault(1) xmlsec.init() xmlsec.cryptoAppInit(None) xmlsec.cryptoInit() mngr = xmlsec.KeysMngr() xmlsec.cryptoAppDefaultKeysMngrInit(mngr) mngr.certLoad(verifyCertFile, xmlsec.KeyDataFormatPem, xmlsec.KeyDataTypeTrusted) doc = libxml2.parseDoc(context.reply) xmlsec.addIDs(doc, doc.getRootElement(), ['Id']) node = xmlsec.findNode(doc.getRootElement(), xmlsec.NodeSignature, xmlsec.DSigNs) dsig_ctx = xmlsec.DSigCtx(mngr) dsig_ctx.verify(node) if (dsig_ctx.status == xmlsec.DSigStatusSucceeded): self.valid_signature = 1 xmlsec.cryptoShutdown() xmlsec.cryptoAppShutdown() xmlsec.shutdown() libxml2.cleanupParser() return context
def sending(self, context): msgtype = "RacunZahtjev" if "PoslovniProstorZahtjev" in context.envelope: msgtype = "PoslovniProstorZahtjev" doc2 = libxml2.parseDoc(context.envelope) zahtjev = doc2.xpathEval('//*[local-name()="%s"]' % msgtype)[0] doc2.setRootElement(zahtjev) x = doc2.getRootElement().newNs('http://www.apis-it.hr/fin/2012/types/f73', 'tns') for i in doc2.xpathEval('//*'): i.setNs(x) libxml2.initParser() libxml2.substituteEntitiesDefault(1) xmlsec.init() xmlsec.cryptoAppInit(None) xmlsec.cryptoInit() doc2.getRootElement().setProp('Id', msgtype) xmlsec.addIDs(doc2, doc2.getRootElement(), ['Id']) signNode = xmlsec.TmplSignature(doc2, xmlsec.transformExclC14NId(), xmlsec.transformRsaSha1Id(), None) doc2.getRootElement().addChild(signNode) refNode = signNode.addReference(xmlsec.transformSha1Id(), None, None, None) refNode.setProp('URI', '#%s' % msgtype) refNode.addTransform(xmlsec.transformEnvelopedId()) refNode.addTransform(xmlsec.transformExclC14NId()) dsig_ctx = xmlsec.DSigCtx() key = xmlsec.cryptoAppKeyLoad(keyFile, xmlsec.KeyDataFormatPem, None, None, None) dsig_ctx.signKey = key xmlsec.cryptoAppKeyCertLoad(key, certFile, xmlsec.KeyDataFormatPem) key.setName(keyFile) keyInfoNode = signNode.ensureKeyInfo(None) x509DataNode = keyInfoNode.addX509Data() xmlsec.addChild(x509DataNode, "X509IssuerSerial") xmlsec.addChild(x509DataNode, "X509Certificate") dsig_ctx.sign(signNode) if dsig_ctx is not None: dsig_ctx.destroy() context.envelope = """<?xml version="1.0" encoding="UTF-8"?> <soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/"> <soapenv:Body>""" + doc2.serialize().replace('<?xml version="1.0" encoding="UTF-8"?>','') + """</soapenv:Body></soapenv:Envelope>""" # Ugly hack # Shutdown xmlsec-crypto library, ako ne radi HTTPS onda ovo treba zakomentirati da ga ne ugasi prije reda xmlsec.cryptoShutdown() xmlsec.shutdown() libxml2.cleanupParser() return context
def get_signature(self, envelope): with LibXML2ParsedDocument(envelope) as doc: root = doc.getRootElement() xmlsec.addIDs(doc, root, ["Id"]) signNode = xmlsec.findNode(root, xmlsec.NodeSignature, xmlsec.DSigNs) with XmlSecSignatureContext(self) as dsig_ctx: if dsig_ctx.sign(signNode) < 0: raise RuntimeError("signature failed") return doc.serialize()
def get_signature(self, envelope): with LibXML2ParsedDocument(envelope) as doc: root = doc.getRootElement() xmlsec.addIDs(doc, root, ['Id']) signNode = xmlsec.findNode(root, xmlsec.NodeSignature, xmlsec.DSigNs) with XmlSecSignatureContext(self) as dsig_ctx: if dsig_ctx.sign(signNode) < 0: raise RuntimeError('signature failed') return doc.serialize()