Python canonicalize_xml示例

编程语言: Python

命名空间/包名称: clairmeta.utils.xml

方法/功能: canonicalize_xml

hotexamples.com的示例: 2

Python canonicalize_xml - 已找到2个示例。这些是从开源项目中提取的最受好评的clairmeta.utils.xml.canonicalize_xml现实Python示例。您可以评价示例，以帮助我们提高示例质量。

示例#1

显示文件

文件： dcp_check_sign.py 项目： remia/ClairMeta

    def check_document_signature(self, source, path):
        """ Digital signature validation.

            References:
                SMPTE ST 429-7:2006 6.13
                SMPTE ST 429-8:2007 5.10
                IETF RFC 3275
                IETF RFC 4051
        """
        # Check digest (XML document hash)
        signed_info = source['Signature']['SignedInfo']
        xml_digest = signed_info['Reference']['DigestValue']
        c14n_doc = canonicalize_xml(path,
                                    ns=DCP_SETTINGS['xmlns']['xmldsig'],
                                    strip='{*}Signature')

        c14n_digest = base64.b64encode(self.digest_func(c14n_doc).digest())
        c14n_digest = c14n_digest.decode("utf-8")
        if xml_digest != c14n_digest:
            self.error("XML Digest mismatch, signature can't be checked")

        # Check signature (XML document hash encrypted with certifier
        # private key)
        c14n_sign = canonicalize_xml(path,
                                     root='SignedInfo',
                                     ns=DCP_SETTINGS['xmlns']['xmldsig'])

        xml_sig = ''.join(source['Signature']['SignatureValue'].split('\n'))
        xml_sig = base64.b64decode(xml_sig)

        try:
            crypto.verify(self.cert_list[-1], xml_sig, c14n_sign,
                          self.sig_algorithm_map[self.dcp.schema])
        except crypto.Error as e:
            self.error("Signature validation failed")

示例#2

显示文件

    def check_document_signature(self, source, path):
        """ Digital signature validation. """
        signed_info = source['Signature']['SignedInfo']
        xml_digest = signed_info['Reference']['DigestValue']
        c14n_doc = canonicalize_xml(
            path,
            ns=DCP_SETTINGS['xmlns']['xmldsig'])

        # We need to remove Signature node from the canonicalized XML
        # Note : If we do it with etree before canonicalization, we miss a \n
        # in the canonicalized form and the digest don't match !
        # Note 2 : why does the \n characters make a difference with C14n ?
        c14n_doc = c14n_doc.decode("utf-8")
        s = re.compile(
            r'<(ds|dsig):Signature xmlns:(ds|dsig)="{}">.*</(ds|dsig):Signature>'
            .format(DCP_SETTINGS['xmlns']['xmldsig']),
            re.DOTALL)
        c14n_doc = re.sub(s, '', c14n_doc)
        c14n_doc = c14n_doc.encode("utf-8")

        c14n_digest = base64.b64encode(self.digest_func(c14n_doc).digest())
        c14n_digest = c14n_digest.decode("utf-8")
        if xml_digest != c14n_digest:
            raise CheckException(
                "XML Digest mismatch, signature can't be checked")

        # Check SignatureValue
        c14n_sign = canonicalize_xml(
            path,
            root='SignedInfo',
            ns=DCP_SETTINGS['xmlns']['xmldsig'])

        xml_sig = ''.join(source['Signature']['SignatureValue'].split('\n'))
        xml_sig = base64.b64decode(xml_sig)

        try:
            crypto.verify(
                self.cert_list[-1],
                xml_sig,
                c14n_sign,
                self.sig_algorithm_map[self.dcp.schema])
        except crypto.Error as e:
            raise CheckException("Signature validation failed")