Пример #1
0
 def _determine_transform_format(formatstring):
     """Translates strings to all transform methods of the pyXMLsec library.
     This should actually sort out which value could be used where, but for 
     now, it works :-).
     """
     if formatstring == 'aes128-cbc':
         result = xmlsec.transformAes128CbcId()
     elif formatstring == 'aes192-cbc':
         result = xmlsec.transformAes192CbcId()
     elif formatstring == 'aes256-cbc':
         result = xmlsec.transformAes256CbcId()
     elif formatstring == 'kw-aes128':
         result = xmlsec.transformKWAes128Id()
     elif formatstring == 'kw-aes192':
         result = xmlsec.transformKWAes192Id()
     elif formatstring == 'kw-aes256':
         result = xmlsec.transformKWAes256Id()
     elif formatstring == 'des3-cbc':
         result = xmlsec.transformDes3CbcId()
     elif formatstring == 'kw-des3':
         result = xmlsec.transformKWDes3Id()
     elif formatstring == 'dsa-sha1':
         result = xmlsec.transformDsaSha1Id()
     elif formatstring == 'hmac-md5':
         result = xmlsec.transformHmacMd5Id()
     elif formatstring == 'hmac-ripemd160':
         result = xmlsec.transformHmacRipemd160Id()
     elif formatstring == 'hmac-sha1':
         result = xmlsec.transformHmacSha1Id()
     elif formatstring == 'hmac-sha224':
         result = xmlsec.transformHmacSha224Id()
     elif formatstring == 'hmac-sha256':
         result = xmlsec.transformHmacSha256Id()
     elif formatstring == 'hmac-sha384':
         result = xmlsec.transformHmacSha384Id()
     elif formatstring == 'hmac-sha512':
         result = xmlsec.transformHmacSha512Id()
     elif formatstring == 'hmac-md5':
         result = xmlsec.transformMd5Id()
     elif formatstring == 'ripemd160':
         result = xmlsec.transformRipemd160Id()
     elif formatstring == 'rsa-md5':
         result = xmlsec.transformRsaMd5Id()
     elif formatstring == 'rsa-ripemd160':
         result = xmlsec.transformRsaRipemd160Id()
     elif formatstring == 'rsa-sha1':
         result = xmlsec.transformRsaSha1Id()
     elif formatstring == 'rsa-sha224':
         result = xmlsec.transformRsaSha224Id()
     elif formatstring == 'rsa-sha256':
         result = xmlsec.transformRsaSha256Id()
     elif formatstring == 'rsa-sha384':
         result = xmlsec.transformRsaSha384Id()
     elif formatstring == 'rsa-sha512':
         result = xmlsec.transformRsaSha512Id()
     elif formatstring == 'rsa-pkcs1':
         result = xmlsec.transformRsaPkcs1Id()
     elif formatstring == 'rsa-oaep':
         result = xmlsec.transformRsaOaepId()
     elif formatstring == 'sha1':
         result = xmlsec.transformSha1Id()
     elif formatstring == 'sha224':
         result = xmlsec.transformSha224Id()
     elif formatstring == 'sha256':
         result = xmlsec.transformSha256Id()
     elif formatstring == 'sha384':
         result = xmlsec.transformSha384Id()
     elif formatstring == 'sha512':
         result = xmlsec.transformSha512Id()
     elif formatstring == 'base64':
         result = xmlsec.transformBase64Id()
     elif formatstring == 'inc-c14n':
         result = xmlsec.transformInclC14NId()
     elif formatstring == 'inc-c14n-with-comments':
         result = xmlsec.transformInclC14NWithCommentsId()
     elif formatstring == 'exc-c14n':
         result = xmlsec.transformExclC14NId()
     elif formatstring == 'exc-c14n-with-comments':
         result = xmlsec.transformExclC14NWithCommentsId()
     elif formatstring in ('enveloped', 'enveloped-signature'):
         result = xmlsec.transformEnvelopedId()
     elif formatstring in ('xpath', 'xpath-19991116', 'xmldsig-filter'):
         result = xmlsec.transformXPathId()
     elif formatstring in ('xpath2', 'xmldsig-filter2'):
         result = xmlsec.transformXPath2Id()
     elif formatstring == 'xpointer':
         result = xmlsec.transformXPointerId()
     elif formatstring in ('xslt', 'xslt-19991116'):
         result = xmlsec.transformXsltId()
     elif formatstring == 'remove-xml-tags-transform':
         result = xmlsec.transformRemoveXmlTagsC14NId()
     elif formatstring == 'visa3d-hack':
         result = xmlsec.transformVisa3DHackId()
     else:
         raise DSigError('Unknown transform: %s' % formatstring)
     
     if result is None:
         raise DSigError('Transform %s not available' % formatstring)
     else:
         return result
Пример #2
0
def encrypt_file(mngr, xml_file, key_name):
    assert (mngr)
    assert (xml_file)
    assert (key_name)

    # Load template
    if not check_filename(xml_file):
        return -1
    doc = libxml2.parseFile(xml_file)
    if doc is None or doc.getRootElement() is None:
        print "Error: unable to parse file \"%s\"" % xml_file
        return cleanup(doc)

    # Create encryption template to encrypt XML file and replace
    # its content with encryption result
    enc_data_node = xmlsec.TmplEncData(doc, xmlsec.transformDes3CbcId(), None,
                                       xmlsec.TypeEncElement, None, None)
    if enc_data_node is None:
        print "Error: failed to create encryption template"
        cleanup(doc)

    # We want to put encrypted data in the <enc:CipherValue/> node
    if enc_data_node.ensureCipherValue() is None:
        print "Error: failed to add CipherValue node"
        cleanup(doc, enc_data_node)

    # add <dsig:KeyInfo/>
    key_info_node = enc_data_node.ensureKeyInfo(None)
    if key_info_node is None:
        print "Error: failed to add key info"
        cleanup(doc, enc_data_node)

    # Add <enc:EncryptedKey/> to store the encrypted session key
    enc_key_node = key_info_node.addEncryptedKey(xmlsec.transformRsaOaepId(),
                                                 None, None, None)
    if enc_key_node is None:
        print "Error: failed to add key info"
        cleanup(doc, enc_data_node)

    # We want to put encrypted key in the <enc:CipherValue/> node
    if enc_key_node.ensureCipherValue() is None:
        print "Error: failed to add CipherValue node"
        cleanup(doc, enc_data_node)

    # Add <dsig:KeyInfo/> and <dsig:KeyName/> nodes to <enc:EncryptedKey/>
    key_info_node2 = enc_key_node.ensureKeyInfo(None)
    if key_info_node2 is None:
        print "Error: failed to add key info"
        cleanup(doc, enc_data_node)

    # Set key name so we can lookup key when needed
    if key_info_node2.addKeyName(key_name) is None:
        print "Error: failed to add key name"
        cleanup(doc, enc_data_node)

    # Create encryption context
    enc_ctx = xmlsec.EncCtx(mngr)
    if enc_ctx is None:
        print "Error: failed to create encryption context"
        cleanup(doc, enc_data_node)

    # Generate a Triple DES key
    key = xmlsec.keyGenerate(xmlsec.keyDataDesId(), 192,
                             xmlsec.KeyDataTypeSession)
    if key is None:
        print "Error: failed to generate session DES key"
        cleanup(doc, enc_data_node)

    enc_ctx.encKey = key

    # Encrypt the data
    if enc_ctx.xmlEncrypt(enc_data_node, doc.getRootElement()) < 0:
        print "Error: encryption failed"
        return cleanup(doc, enc_data_node, enc_ctx)

    doc.dump("-")

    # Success
    return cleanup(doc, None, enc_ctx, 1)
Пример #3
0
def encrypt_file(mngr, xml_file, key_name):
    assert(mngr)
    assert(xml_file)
    assert(key_name)

    # Load template
    if not check_filename(xml_file):
        return -1
    doc = libxml2.parseFile(xml_file)
    if doc is None or doc.getRootElement() is None:
	print "Error: unable to parse file \"%s\"" % xml_file
        return cleanup(doc)

    # Create encryption template to encrypt XML file and replace 
    # its content with encryption result
    enc_data_node = xmlsec.TmplEncData(doc, xmlsec.transformDes3CbcId(),
                                       None, xmlsec.TypeEncElement, None, None)
    if enc_data_node is None:
	print "Error: failed to create encryption template"
        cleanup(doc)

    # We want to put encrypted data in the <enc:CipherValue/> node
    if enc_data_node.ensureCipherValue() is None:
	print "Error: failed to add CipherValue node"
        cleanup(doc, enc_data_node)

    # add <dsig:KeyInfo/>
    key_info_node = enc_data_node.ensureKeyInfo(None)
    if key_info_node is None:
	print "Error: failed to add key info"
        cleanup(doc, enc_data_node)

    # Add <enc:EncryptedKey/> to store the encrypted session key
    enc_key_node = key_info_node.addEncryptedKey(xmlsec.transformRsaOaepId(), 
                                               None, None, None)
    if enc_key_node is None:
	print "Error: failed to add key info"
        cleanup(doc, enc_data_node)

    # We want to put encrypted key in the <enc:CipherValue/> node
    if enc_key_node.ensureCipherValue() is None:
	print "Error: failed to add CipherValue node"
        cleanup(doc, enc_data_node)

    # Add <dsig:KeyInfo/> and <dsig:KeyName/> nodes to <enc:EncryptedKey/>
    key_info_node2 = enc_key_node.ensureKeyInfo(None)
    if key_info_node2 is None:
	print "Error: failed to add key info"
        cleanup(doc, enc_data_node)
    
    # Set key name so we can lookup key when needed
    if key_info_node2.addKeyName(key_name) is None:
	print "Error: failed to add key name"
        cleanup(doc, enc_data_node)

    # Create encryption context
    enc_ctx = xmlsec.EncCtx(mngr)
    if enc_ctx is None:
        print "Error: failed to create encryption context"
        cleanup(doc, enc_data_node)

    # Generate a Triple DES key
    key = xmlsec.keyGenerate(xmlsec.keyDataDesId(), 192,
                             xmlsec.KeyDataTypeSession)
    if key is None:
        print "Error: failed to generate session DES key"
        cleanup(doc, enc_data_node)

    enc_ctx.encKey = key

    # Encrypt the data
    if enc_ctx.xmlEncrypt(enc_data_node, doc.getRootElement()) < 0:
        print "Error: encryption failed"
        return cleanup(doc, enc_data_node, enc_ctx)

    doc.dump("-")

    # Success
    return cleanup(doc, None, enc_ctx, 1)
Пример #4
0
    def _determine_transform_format(formatstring):
        """Translates strings to all transform methods of the pyXMLsec library.
        This should actually sort out which value could be used where, but for 
        now, it works :-).
        """
        if formatstring == 'aes128-cbc':
            result = xmlsec.transformAes128CbcId()
        elif formatstring == 'aes192-cbc':
            result = xmlsec.transformAes192CbcId()
        elif formatstring == 'aes256-cbc':
            result = xmlsec.transformAes256CbcId()
        elif formatstring == 'kw-aes128':
            result = xmlsec.transformKWAes128Id()
        elif formatstring == 'kw-aes192':
            result = xmlsec.transformKWAes192Id()
        elif formatstring == 'kw-aes256':
            result = xmlsec.transformKWAes256Id()
        elif formatstring == 'des3-cbc':
            result = xmlsec.transformDes3CbcId()
        elif formatstring == 'kw-des3':
            result = xmlsec.transformKWDes3Id()
        elif formatstring == 'dsa-sha1':
            result = xmlsec.transformDsaSha1Id()
        elif formatstring == 'hmac-md5':
            result = xmlsec.transformHmacMd5Id()
        elif formatstring == 'hmac-ripemd160':
            result = xmlsec.transformHmacRipemd160Id()
        elif formatstring == 'hmac-sha1':
            result = xmlsec.transformHmacSha1Id()
        elif formatstring == 'hmac-sha224':
            result = xmlsec.transformHmacSha224Id()
        elif formatstring == 'hmac-sha256':
            result = xmlsec.transformHmacSha256Id()
        elif formatstring == 'hmac-sha384':
            result = xmlsec.transformHmacSha384Id()
        elif formatstring == 'hmac-sha512':
            result = xmlsec.transformHmacSha512Id()
        elif formatstring == 'hmac-md5':
            result = xmlsec.transformMd5Id()
        elif formatstring == 'ripemd160':
            result = xmlsec.transformRipemd160Id()
        elif formatstring == 'rsa-md5':
            result = xmlsec.transformRsaMd5Id()
        elif formatstring == 'rsa-ripemd160':
            result = xmlsec.transformRsaRipemd160Id()
        elif formatstring == 'rsa-sha1':
            result = xmlsec.transformRsaSha1Id()
        elif formatstring == 'rsa-sha224':
            result = xmlsec.transformRsaSha224Id()
        elif formatstring == 'rsa-sha256':
            result = xmlsec.transformRsaSha256Id()
        elif formatstring == 'rsa-sha384':
            result = xmlsec.transformRsaSha384Id()
        elif formatstring == 'rsa-sha512':
            result = xmlsec.transformRsaSha512Id()
        elif formatstring == 'rsa-pkcs1':
            result = xmlsec.transformRsaPkcs1Id()
        elif formatstring == 'rsa-oaep':
            result = xmlsec.transformRsaOaepId()
        elif formatstring == 'sha1':
            result = xmlsec.transformSha1Id()
        elif formatstring == 'sha224':
            result = xmlsec.transformSha224Id()
        elif formatstring == 'sha256':
            result = xmlsec.transformSha256Id()
        elif formatstring == 'sha384':
            result = xmlsec.transformSha384Id()
        elif formatstring == 'sha512':
            result = xmlsec.transformSha512Id()
        elif formatstring == 'base64':
            result = xmlsec.transformBase64Id()
        elif formatstring == 'inc-c14n':
            result = xmlsec.transformInclC14NId()
        elif formatstring == 'inc-c14n-with-comments':
            result = xmlsec.transformInclC14NWithCommentsId()
        elif formatstring == 'exc-c14n':
            result = xmlsec.transformExclC14NId()
        elif formatstring == 'exc-c14n-with-comments':
            result = xmlsec.transformExclC14NWithCommentsId()
        elif formatstring in ('enveloped', 'enveloped-signature'):
            result = xmlsec.transformEnvelopedId()
        elif formatstring in ('xpath', 'xpath-19991116', 'xmldsig-filter'):
            result = xmlsec.transformXPathId()
        elif formatstring in ('xpath2', 'xmldsig-filter2'):
            result = xmlsec.transformXPath2Id()
        elif formatstring == 'xpointer':
            result = xmlsec.transformXPointerId()
        elif formatstring in ('xslt', 'xslt-19991116'):
            result = xmlsec.transformXsltId()
        elif formatstring == 'remove-xml-tags-transform':
            result = xmlsec.transformRemoveXmlTagsC14NId()
        elif formatstring == 'visa3d-hack':
            result = xmlsec.transformVisa3DHackId()
        else:
            raise XMLDSIGError('Unknown transform: %s' % formatstring)

        if result is None:
            raise XMLDSIGError('Transform %s not available' % formatstring)
        else:
            return result