def _signXML(xml):
dsigctx = None
doc = None
try:
# initialization
libxml2.initParser()
libxml2.substituteEntitiesDefault(1)
if xmlsec.init() < 0:
raise SignatureError('xmlsec init failed')
if xmlsec.checkVersion() != 1:
raise SignatureError('incompatible xmlsec library version %s' %
str(xmlsec.checkVersion()))
if xmlsec.cryptoAppInit(None) < 0:
raise SignatureError('crypto initialization failed')
if xmlsec.cryptoInit() < 0:
raise SignatureError('xmlsec-crypto initialization failed')
# load the input
doc = libxml2.parseDoc(xml)
if not doc or not doc.getRootElement():
raise SignatureError('error parsing input xml')
node = xmlsec.findNode(doc.getRootElement(), xmlsec.NodeSignature,
xmlsec.DSigNs)
if not node:
raise SignatureError("couldn't find root node")
dsigctx = xmlsec.DSigCtx()
key = xmlsec.cryptoAppKeyLoad(key_file, xmlsec.KeyDataFormatPem,
key_pwd, None, None)
if not key:
raise SignatureError('failed to load the private key %s' %
key_file)
dsigctx.signKey = key
if key.setName(key_file) < 0:
raise SignatureError('failed to set key name')
if xmlsec.cryptoAppKeyCertLoad(key, cert_file,
xmlsec.KeyDataFormatPem) < 0:
print "Error: failed to load pem certificate \"%s\"" % cert_file
return cleanup(doc, dsigctx)
# sign
if dsigctx.sign(node) < 0:
raise SignatureError('signing failed')
signed_xml = doc.serialize()
finally:
if dsigctx:
dsigctx.destroy()
if doc:
doc.freeDoc()
xmlsec.cryptoShutdown()
xmlsec.shutdown()
libxml2.cleanupParser()
return signed_xml
def init_xmlsec(self):
# Init libxml library
libxml2.initParser()
libxml2.substituteEntitiesDefault(1)
# Init xmlsec library
if xmlsec.init() < 0:
log.error(" xmlsec initialization failed.")
# XXX This should do something else...
return sys.exit(-1)
# Check loaded library version
if xmlsec.checkVersion() != 1:
log.error(" loaded xmlsec library version is not compatible.\n")
sys.exit(-1)
# Init crypto library
if xmlsec.cryptoAppInit(None) < 0:
log.error(" crypto initialization failed.")
# Init xmlsec-crypto library
if xmlsec.cryptoInit() < 0:
log.error(" xmlsec-crypto initialization failed.")
self._init_xmlsec = True
def __init__(self, logging):
self.logging = logging
self.logging.debug("Starting crypto engine")
# Init libxml library
libxml2.initParser()
libxml2.substituteEntitiesDefault(1)
# Init xmlsec library
if xmlsec.init() < 0:
print "Error: xmlsec initialization failed."
return sys.exit(-1)
# Check loaded library version
if xmlsec.checkVersion() != 1:
self.logging.error("loaded xmlsec library version is not compatible.")
sys.exit(-1)
# Init crypto library
if xmlsec.cryptoAppInit(None) < 0:
self.logging.error("crypto initialization failed.")
# Init xmlsec-crypto library
if xmlsec.cryptoInit() < 0:
self.logging.error("xmlsec-crypto initialization failed.")
def init():
global secinit
if secinit:
return
# Init libxml library
libxml2.initParser()
libxml2.substituteEntitiesDefault(1)
# Init xmlsec library
if xmlsec.init() < 0:
print "Error: xmlsec initialization failed."
return sys.exit(-1)
# Check loaded library version
if xmlsec.checkVersion() != 1:
print "Error: loaded xmlsec library version is not compatible.\n"
sys.exit(-1)
# Init crypto library
if xmlsec.cryptoAppInit(None) < 0:
print "Error: crypto initialization failed."
# Init xmlsec-crypto library
if xmlsec.cryptoInit() < 0:
print "Error: xmlsec-crypto initialization failed."
secinit = True
def init_xmlsec():
libxml2.initParser()
libxml2.substituteEntitiesDefault(1)
if xmlsec.init() < 0:
raise RuntimeError('xmlsec initialization failed')
if xmlsec.checkVersion() != 1:
raise RuntimeError('loaded xmlsec library version is not compatible')
if xmlsec.cryptoAppInit(None) < 0:
raise RuntimeError('crypto initialization failed')
if xmlsec.cryptoInit() < 0:
raise RuntimeError('xmlsec-crypto initialization failed')
def init_xmlsec():
libxml2.initParser()
libxml2.substituteEntitiesDefault(1)
if xmlsec.init() < 0:
raise RuntimeError('xmlsec initialization failed')
if xmlsec.checkVersion() != 1:
raise RuntimeError('loaded xmlsec library version is not compatible')
if xmlsec.cryptoAppInit(None) < 0:
raise RuntimeError('crypto initialization failed')
if xmlsec.cryptoInit() < 0:
raise RuntimeError('xmlsec-crypto initialization failed')
def init():
# Init libxml library
libxml2.initParser()
libxml2.substituteEntitiesDefault(1)
# Init xmlsec library
assert xmlsec.init() >= 0, "Error: xmlsec initialization failed."
# Check loaded library version
assert xmlsec.checkVersion() == 1, "Error: loaded xmlsec library version is not compatible."
# Init crypto library
assert xmlsec.cryptoAppInit(None) >= 0, "Error: crypto initialization failed."
# Init xmlsec-crypto library
assert xmlsec.cryptoInit() >= 0, "Error: xmlsec-crypto initialization failed."
def main():
assert (sys.argv)
if len(sys.argv) < 3:
print "Error: wrong number of arguments."
print "Usage: %s <xml-file> <key-file1> [<key-file2> [...]]" % sys.argv[
0]
return sys.exit(1)
# Init libxml library
libxml2.initParser()
libxml2.substituteEntitiesDefault(1)
# Init xmlsec library
if xmlsec.init() < 0:
print "Error: xmlsec initialization failed."
return sys.exit(-1)
# Check loaded library version
if xmlsec.checkVersion() != 1:
print "Error: loaded xmlsec library version is not compatible.\n"
sys.exit(-1)
# Init crypto library
if xmlsec.cryptoAppInit(None) < 0:
print "Error: crypto initialization failed."
# Init xmlsec-crypto library
if xmlsec.cryptoInit() < 0:
print "Error: xmlsec-crypto initialization failed."
# Create keys manager and load keys
mngr = load_keys(sys.argv[2:], len(sys.argv) - 2)
res = 0
# Verify file
if mngr is not None:
res = verify_file(mngr, sys.argv[1])
# Destroy keys manager
mngr.destroy()
# Shutdown xmlsec-crypto library
xmlsec.cryptoShutdown()
# Shutdown crypto library
xmlsec.cryptoAppShutdown()
# Shutdown xmlsec library
xmlsec.shutdown()
# Shutdown LibXML2
libxml2.cleanupParser()
sys.exit(res)
def main():
assert(sys.argv)
if len(sys.argv) < 3:
print "Error: wrong number of arguments."
print "Usage: %s <xml-file> <key-file1> [<key-file2> [...]]" % sys.argv[0]
return sys.exit(1)
# Init libxml library
libxml2.initParser()
libxml2.substituteEntitiesDefault(1)
# Init xmlsec library
if xmlsec.init() < 0:
print "Error: xmlsec initialization failed."
return sys.exit(-1)
# Check loaded library version
if xmlsec.checkVersion() != 1:
print "Error: loaded xmlsec library version is not compatible.\n"
sys.exit(-1)
# Init crypto library
if xmlsec.cryptoAppInit(None) < 0:
print "Error: crypto initialization failed."
# Init xmlsec-crypto library
if xmlsec.cryptoInit() < 0:
print "Error: xmlsec-crypto initialization failed."
# Create keys manager and load keys
mngr = load_keys(sys.argv[2:], len(sys.argv) - 2)
res = 0
# Verify file
if mngr is not None:
res = verify_file(mngr, sys.argv[1])
# Destroy keys manager
mngr.destroy()
# Shutdown xmlsec-crypto library
xmlsec.cryptoShutdown()
# Shutdown crypto library
xmlsec.cryptoAppShutdown()
# Shutdown xmlsec library
xmlsec.shutdown()
# Shutdown LibXML2
libxml2.cleanupParser()
sys.exit(res)
def main():
assert(sys.argv)
if len(sys.argv) != 2:
print "Error: wrong number of arguments."
print "Usage: %s <enc-file>" % sys.argv[0]
return sys.exit(1)
res = 0
# Init libxml library
libxml2.initParser()
libxml2.substituteEntitiesDefault(1)
# Init xmlsec library
if xmlsec.init() < 0:
print "Error: xmlsec initialization failed."
return sys.exit(-1)
# Check loaded library version
if xmlsec.checkVersion() != 1:
print "Error: loaded xmlsec library version is not compatible."
sys.exit(-1)
# Init crypto library
if xmlsec.cryptoAppInit(None) < 0:
print "Error: crypto initialization failed."
# Init xmlsec-crypto library
if xmlsec.cryptoInit() < 0:
print "Error: xmlsec-crypto initialization failed."
# Create keys manager and load keys */
mngr = create_files_keys_mngr()
if mngr is not None:
res = decrypt_file(mngr, sys.argv[1])
# Shutdown xmlsec-crypto library
xmlsec.cryptoShutdown()
# Shutdown crypto library
xmlsec.cryptoAppShutdown()
# Shutdown xmlsec library
xmlsec.shutdown()
# Shutdown LibXML2
libxml2.cleanupParser()
sys.exit(res)
def main():
assert (sys.argv)
if len(sys.argv) != 2:
print "Error: wrong number of arguments."
print "Usage: %s <enc-file>" % sys.argv[0]
return sys.exit(1)
res = 0
# Init libxml library
libxml2.initParser()
libxml2.substituteEntitiesDefault(1)
# Init xmlsec library
if xmlsec.init() < 0:
print "Error: xmlsec initialization failed."
return sys.exit(-1)
# Check loaded library version
if xmlsec.checkVersion() != 1:
print "Error: loaded xmlsec library version is not compatible."
sys.exit(-1)
# Init crypto library
if xmlsec.cryptoAppInit(None) < 0:
print "Error: crypto initialization failed."
# Init xmlsec-crypto library
if xmlsec.cryptoInit() < 0:
print "Error: xmlsec-crypto initialization failed."
# Create keys manager and load keys */
mngr = create_files_keys_mngr()
if mngr is not None:
res = decrypt_file(mngr, sys.argv[1])
# Shutdown xmlsec-crypto library
xmlsec.cryptoShutdown()
# Shutdown crypto library
xmlsec.cryptoAppShutdown()
# Shutdown xmlsec library
xmlsec.shutdown()
# Shutdown LibXML2
libxml2.cleanupParser()
sys.exit(res)
def main():
secret_data = "Big secret"
assert(sys.argv)
if len(sys.argv) < 3:
print "Error: wrong number of arguments."
print "Usage: %s <xml-tmpl> <des-key-file>" % sys.argv[0]
return sys.exit(1)
# Init libxml library
libxml2.initParser()
libxml2.substituteEntitiesDefault(1)
# Init xmlsec library
if xmlsec.init() < 0:
print "Error: xmlsec initialization failed."
return sys.exit(-1)
# Check loaded library version
if xmlsec.checkVersion() != 1:
print "Error: loaded xmlsec library version is not compatible.\n"
sys.exit(-1)
# Init crypto library
if xmlsec.cryptoAppInit(None) < 0:
print "Error: crypto initialization failed."
# Init xmlsec-crypto library
if xmlsec.cryptoInit() < 0:
print "Error: xmlsec-crypto initialization failed."
res = encrypt_file(sys.argv[1], sys.argv[2], secret_data, len(secret_data))
# Shutdown xmlsec-crypto library
xmlsec.cryptoShutdown()
# Shutdown crypto library
xmlsec.cryptoAppShutdown()
# Shutdown xmlsec library
xmlsec.shutdown()
# Shutdown LibXML2
libxml2.cleanupParser()
sys.exit(res)
def init():
global usexml
if not usexml:
return
try:
# Init libxml library
libxml2.initParser()
libxml2.substituteEntitiesDefault(1)
# Init xmlsec library
assert xmlsec.init() >= 0, "Error: xmlsec initialization failed."
# Check loaded library version
assert xmlsec.checkVersion() == 1, "Error: loaded xmlsec library version is not compatible."
# Init crypto library
assert xmlsec.cryptoAppInit(None) >= 0, "Error: crypto initialization failed."
# Init xmlsec-crypto library
assert xmlsec.cryptoInit() >= 0, "Error: xmlsec-crypto initialization failed."
except:
usexml=False
def _init():
"""
Initialize necessary libraries (libxml2 and xmlsec).
Should be called once only: this is automatic when this module is imported.
Raises an exception if an error occurs.
"""
# Init libxml library
libxml2.initParser()
libxml2.substituteEntitiesDefault(1)
# Init xmlsec library
assert xmlsec.init() >= 0, "Error: xmlsec initialization failed."
# Check loaded library version
assert xmlsec.checkVersion(
) == 1, "Error: loaded xmlsec library version is not compatible."
# Init crypto library
assert xmlsec.cryptoAppInit(
None) >= 0, "Error: crypto initialization failed."
# Init xmlsec-crypto library
assert xmlsec.cryptoInit(
) >= 0, "Error: xmlsec-crypto initialization failed."
def lib_init():
# Init libxml library
libxml2.initParser()
libxml2.substituteEntitiesDefault(1)
# Init xmlsec library
if xmlsec.init() < 0:
raise(saml2.Error("Error: xmlsec initialization failed."))
# Check loaded library version
if xmlsec.checkVersion() != 1:
raise(saml2.Error(
"Error: loaded xmlsec library version is not compatible.\n"))
# Init crypto library
if xmlsec.cryptoAppInit(None) < 0:
raise(saml2.Error("Error: crypto initialization failed."))
# Init xmlsec-crypto library
if xmlsec.cryptoInit() < 0:
raise(saml2.Error("Error: xmlsec-crypto initialization failed."))
def _verifyXML(self, xml):
import libxml2
import xmlsec
dsigctx = None
doc = None
try:
# initialization
libxml2.initParser()
libxml2.substituteEntitiesDefault(1)
if xmlsec.init() < 0:
raise SignatureError('xmlsec init failed')
if xmlsec.checkVersion() != 1:
raise SignatureError('incompatible xmlsec library version %s' %
str(xmlsec.checkVersion()))
if xmlsec.cryptoAppInit(None) < 0:
raise SignatureError('crypto initialization failed')
if xmlsec.cryptoInit() < 0:
raise SignatureError('xmlsec-crypto initialization failed')
# load the input
doc = libxml2.parseDoc(xml)
if not doc or not doc.getRootElement():
raise SignatureError('error parsing input xml')
node = xmlsec.findNode(doc.getRootElement(), xmlsec.NodeSignature,
xmlsec.DSigNs)
if not node:
raise SignatureError("couldn't find root node")
dsigctx = xmlsec.DSigCtx()
key = xmlsec.cryptoAppKeyLoad(self.key_file, xmlsec.KeyDataFormatPem,
self.key_pwd, None, None)
if not key:
raise SignatureError('failed to load the private key %s' % self.key_file)
dsigctx.signKey = key
if key.setName(self.key_file) < 0:
raise SignatureError('failed to set key name')
if xmlsec.cryptoAppKeyCertLoad(key, self.cert_file, xmlsec.KeyDataFormatPem) < 0:
print "Error: failed to load pem certificate \"%s\"" % self.cert_file
return self.cleanup(doc, dsigctx)
# verify
if dsigctx.verify(node) < 0:
raise SignatureError('verification failed')
if dsigctx.status == xmlsec.DSigStatusSucceeded:
self.log("Signature is OK")
is_valid = True
else:
self.log("***************** Signature is INVALID ********************")
is_valid = False
finally:
if dsigctx:
dsigctx.destroy()
if doc:
doc.freeDoc()
xmlsec.cryptoShutdown()
xmlsec.shutdown()
libxml2.cleanupParser()
return is_valid
def _signXML(self, xml):
import libxml2
import xmlsec
dsigctx = None
doc = None
try:
# initialization
libxml2.initParser()
libxml2.substituteEntitiesDefault(1)
if xmlsec.init() < 0:
raise SignatureError('xmlsec init failed')
if xmlsec.checkVersion() != 1:
raise SignatureError('incompatible xmlsec library version %s' %
str(xmlsec.checkVersion()))
if xmlsec.cryptoAppInit(None) < 0:
raise SignatureError('crypto initialization failed')
if xmlsec.cryptoInit() < 0:
raise SignatureError('xmlsec-crypto initialization failed')
# load the input
doc = libxml2.parseDoc(xml)
if not doc or not doc.getRootElement():
raise SignatureError('error parsing input xml')
node = xmlsec.findNode(doc.getRootElement(), xmlsec.NodeSignature,
xmlsec.DSigNs)
if not node:
raise SignatureError("couldn't find root node")
# load the private key
key = xmlsec.cryptoAppKeyLoad(self.key_file, xmlsec.KeyDataFormatPem,
self.key_pwd, None, None)
if not key:
raise SignatureError('failed to load the private key %s' % self.key_file)
if xmlsec.cryptoAppKeyCertLoad(key, self.cert_file, xmlsec.KeyDataFormatPem) < 0:
print "Error: failed to load pem certificate \"%s\"" % self.cert_file
return self.cleanup(doc, dsigctx)
keymngr = xmlsec.KeysMngr()
xmlsec.cryptoAppDefaultKeysMngrInit(keymngr)
xmlsec.cryptoAppDefaultKeysMngrAdoptKey(keymngr, key)
dsigctx = xmlsec.DSigCtx(keymngr)
if key.setName(self.key_file) < 0:
raise SignatureError('failed to set key name')
# sign
if dsigctx.sign(node) < 0:
raise SignatureError('signing failed')
signed_xml = doc.serialize()
finally:
if dsigctx:
dsigctx.destroy()
if doc:
doc.freeDoc()
xmlsec.cryptoShutdown()
xmlsec.shutdown()
libxml2.cleanupParser()
return signed_xml
