def test_xmlsec_output_line_parsing():
output1 = "prefix\nOK\npostfix"
assert sigver.parse_xmlsec_output(output1)
output2 = "prefix\nFAIL\npostfix"
raises(sigver.XmlsecError, sigver.parse_xmlsec_output, output2)
output3 = "prefix\r\nOK\r\npostfix"
assert sigver.parse_xmlsec_output(output3)
output4 = "prefix\r\nFAIL\r\npostfix"
raises(sigver.XmlsecError, sigver.parse_xmlsec_output, output4)
def decrypt_message(enctext,
xmlsec_binary,
key_file=None,
key_file_type="privkey-pem",
cafile=None,
epath=None,
id_attr="",
node_name="",
node_id=None,
debug=False):
""" Decrypts an encrypted part of a XML document.
:param enctext: XML document containing an encrypted part
:param xmlsec_binary: The xmlsec1 binaries to be used
:param key_file: The key used to decrypt the message
:param key_file_type: The key file type
:param node_name: The SAML class of the root node in the message
:param node_id: The identifier of the root node if any
:param id_attr: Should normally be one of "id", "Id" or "ID"
:param debug: To debug or not
:return: The decrypted document if all was OK otherwise will raise an
exception.
"""
if not id_attr:
id_attr = ID_ATTR
_, fil = make_temp(enctext, decode=False)
com_list = [xmlsec_binary, "--decrypt", "--%s" % key_file_type, key_file]
if key_file_type in [
"privkey-pem", "privkey-der", "pkcs8-pem", "pkcs8-der"
]:
if isinstance(cafile, basestring):
com_list.append(cafile)
else:
com_list.extend(cafile)
if id_attr:
com_list.extend(["--id-attr:%s" % id_attr, node_name])
elif epath:
xpath = create_xpath(epath)
com_list.extend(['--node-xpath', xpath])
# if debug:
# com_list.append("--store-signatures")
if node_id:
com_list.extend(["--node-id", node_id])
com_list.append(fil)
if debug:
try:
print " ".join(com_list)
except TypeError:
print "key_file_type", key_file_type
print "key_file", key_file
print "node_name", node_name
print "fil", fil
raise
print "%s: %s" % (key_file, os.access(key_file, os.F_OK))
print "%s: %s" % (fil, os.access(fil, os.F_OK))
pof = Popen(com_list, stderr=PIPE, stdout=PIPE)
p_out = pof.stdout.read()
try:
p_err = pof.stderr.read()
if debug:
print p_err
verified = parse_xmlsec_output(p_err)
except XmlsecError, exc:
logger(LOG_LINE % (p_out, exc))
raise DecryptionError("%s" % (exc, ))
def decrypt_message(enctext, xmlsec_binary, key_file=None,
key_file_type="privkey-pem", cafile=None,
epath=None, id_attr="",
node_name="", node_id=None, debug=False):
""" Decrypts an encrypted part of a XML document.
:param enctext: XML document containing an encrypted part
:param xmlsec_binary: The xmlsec1 binaries to be used
:param key_file: The key used to decrypt the message
:param key_file_type: The key file type
:param node_name: The SAML class of the root node in the message
:param node_id: The identifier of the root node if any
:param id_attr: Should normally be one of "id", "Id" or "ID"
:param debug: To debug or not
:return: The decrypted document if all was OK otherwise will raise an
exception.
"""
if not id_attr:
id_attr = ID_ATTR
_, fil = make_temp(enctext, decode=False)
com_list = [xmlsec_binary, "--decrypt",
"--%s" % key_file_type, key_file]
if key_file_type in ["privkey-pem", "privkey-der", "pkcs8-pem",
"pkcs8-der"]:
if isinstance(cafile, basestring):
com_list.append(cafile)
else:
com_list.extend(cafile)
if id_attr:
com_list.extend(["--id-attr:%s" % id_attr, node_name])
elif epath:
xpath = create_xpath(epath)
com_list.extend(['--node-xpath', xpath])
# if debug:
# com_list.append("--store-signatures")
if node_id:
com_list.extend(["--node-id", node_id])
com_list.append(fil)
if debug:
try:
print " ".join(com_list)
except TypeError:
print "key_file_type", key_file_type
print "key_file", key_file
print "node_name", node_name
print "fil", fil
raise
print "%s: %s" % (key_file, os.access(key_file, os.F_OK))
print "%s: %s" % (fil, os.access(fil, os.F_OK))
pof = Popen(com_list, stderr=PIPE, stdout=PIPE)
p_out = pof.stdout.read()
try:
p_err = pof.stderr.read()
if debug:
print p_err
verified = parse_xmlsec_output(p_err)
except XmlsecError, exc:
logger(LOG_LINE % (p_out, exc))
raise DecryptionError("%s" % (exc,))
