def test_xmlsec_output_line_parsing(): output1 = "prefix\nOK\npostfix" assert sigver.parse_xmlsec_output(output1) output2 = "prefix\nFAIL\npostfix" raises(sigver.XmlsecError, sigver.parse_xmlsec_output, output2) output3 = "prefix\r\nOK\r\npostfix" assert sigver.parse_xmlsec_output(output3) output4 = "prefix\r\nFAIL\r\npostfix" raises(sigver.XmlsecError, sigver.parse_xmlsec_output, output4)
def decrypt_message(enctext, xmlsec_binary, key_file=None, key_file_type="privkey-pem", cafile=None, epath=None, id_attr="", node_name="", node_id=None, debug=False): """ Decrypts an encrypted part of a XML document. :param enctext: XML document containing an encrypted part :param xmlsec_binary: The xmlsec1 binaries to be used :param key_file: The key used to decrypt the message :param key_file_type: The key file type :param node_name: The SAML class of the root node in the message :param node_id: The identifier of the root node if any :param id_attr: Should normally be one of "id", "Id" or "ID" :param debug: To debug or not :return: The decrypted document if all was OK otherwise will raise an exception. """ if not id_attr: id_attr = ID_ATTR _, fil = make_temp(enctext, decode=False) com_list = [xmlsec_binary, "--decrypt", "--%s" % key_file_type, key_file] if key_file_type in [ "privkey-pem", "privkey-der", "pkcs8-pem", "pkcs8-der" ]: if isinstance(cafile, basestring): com_list.append(cafile) else: com_list.extend(cafile) if id_attr: com_list.extend(["--id-attr:%s" % id_attr, node_name]) elif epath: xpath = create_xpath(epath) com_list.extend(['--node-xpath', xpath]) # if debug: # com_list.append("--store-signatures") if node_id: com_list.extend(["--node-id", node_id]) com_list.append(fil) if debug: try: print " ".join(com_list) except TypeError: print "key_file_type", key_file_type print "key_file", key_file print "node_name", node_name print "fil", fil raise print "%s: %s" % (key_file, os.access(key_file, os.F_OK)) print "%s: %s" % (fil, os.access(fil, os.F_OK)) pof = Popen(com_list, stderr=PIPE, stdout=PIPE) p_out = pof.stdout.read() try: p_err = pof.stderr.read() if debug: print p_err verified = parse_xmlsec_output(p_err) except XmlsecError, exc: logger(LOG_LINE % (p_out, exc)) raise DecryptionError("%s" % (exc, ))
def decrypt_message(enctext, xmlsec_binary, key_file=None, key_file_type="privkey-pem", cafile=None, epath=None, id_attr="", node_name="", node_id=None, debug=False): """ Decrypts an encrypted part of a XML document. :param enctext: XML document containing an encrypted part :param xmlsec_binary: The xmlsec1 binaries to be used :param key_file: The key used to decrypt the message :param key_file_type: The key file type :param node_name: The SAML class of the root node in the message :param node_id: The identifier of the root node if any :param id_attr: Should normally be one of "id", "Id" or "ID" :param debug: To debug or not :return: The decrypted document if all was OK otherwise will raise an exception. """ if not id_attr: id_attr = ID_ATTR _, fil = make_temp(enctext, decode=False) com_list = [xmlsec_binary, "--decrypt", "--%s" % key_file_type, key_file] if key_file_type in ["privkey-pem", "privkey-der", "pkcs8-pem", "pkcs8-der"]: if isinstance(cafile, basestring): com_list.append(cafile) else: com_list.extend(cafile) if id_attr: com_list.extend(["--id-attr:%s" % id_attr, node_name]) elif epath: xpath = create_xpath(epath) com_list.extend(['--node-xpath', xpath]) # if debug: # com_list.append("--store-signatures") if node_id: com_list.extend(["--node-id", node_id]) com_list.append(fil) if debug: try: print " ".join(com_list) except TypeError: print "key_file_type", key_file_type print "key_file", key_file print "node_name", node_name print "fil", fil raise print "%s: %s" % (key_file, os.access(key_file, os.F_OK)) print "%s: %s" % (fil, os.access(fil, os.F_OK)) pof = Popen(com_list, stderr=PIPE, stdout=PIPE) p_out = pof.stdout.read() try: p_err = pof.stderr.read() if debug: print p_err verified = parse_xmlsec_output(p_err) except XmlsecError, exc: logger(LOG_LINE % (p_out, exc)) raise DecryptionError("%s" % (exc,))