本文整理汇总了Python中xmlsec.sign函数的典型用法代码示例。如果您正苦于以下问题:Python sign函数的具体用法?Python sign怎么用?Python sign使用的例子?那么恭喜您, 这里精选的函数代码示例或许可以为您提供帮助。
在下文中一共展示了sign函数的15个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的Python代码示例。
示例1: SignAlert
def SignAlert(xml_tree, username):
"""Sign XML with user key/certificate.
Args:
xml_tree: (string) Alert XML tree.
username: (string) Username of the alert author.
Returns:
String.
Signed alert XML tree if your has key/certificate pair
Unchanged XML tree otherwise.
"""
if not XMLSEC_DEFINED:
return xml_tree
key_path = os.path.join(settings.CREDENTIALS_DIR, username + ".key")
cert_path = os.path.join(settings.CREDENTIALS_DIR, username + ".cert")
try:
signed_xml_tree = copy.deepcopy(xml_tree)
xmlsec.add_enveloped_signature(signed_xml_tree, pos=-1)
xmlsec.sign(signed_xml_tree, key_path, cert_path)
return signed_xml_tree
except (IOError, xmlsec.exceptions.XMLSigException):
return xml_tree
示例2: signCAP
def signCAP(self, xml_tree):
try:
signed_xml_tree = copy.deepcopy(xml_tree)
xmlsec.add_enveloped_signature(signed_xml_tree, pos=-1)
xmlsec.sign(signed_xml_tree, self.key_path, self.cert_path)
return signed_xml_tree
except:
return xml_tree
示例3: test_mm2
def test_mm2(self):
case = self.cases['mm2']
t = case.as_etree('in.xml')
xmlsec.add_enveloped_signature(t,
pos=-1,
c14n_method=constants.TRANSFORM_C14N_EXCLUSIVE,
digest_alg=constants.ALGORITHM_DIGEST_SHA1,
signature_alg=constants.ALGORITHM_SIGNATURE_RSA_SHA1,
transforms=[constants.TRANSFORM_ENVELOPED_SIGNATURE])
signed = xmlsec.sign(t,
key_spec=self.private_keyspec,
cert_spec=self.public_keyspec)
expected = case.as_etree('out.xml')
print(" --- Expected")
print(etree.tostring(expected))
print(" --- Actual")
print(etree.tostring(signed))
# extract 'SignatureValue's
expected_sv = _get_all_signatures(expected)
signed_sv = _get_all_signatures(signed)
print("Signed SignatureValue: %s" % (repr(signed_sv)))
print("Expected SignatureValue: %s" % (repr(expected_sv)))
self.assertEqual(signed_sv, expected_sv)
示例4: test_mm_with_java_alt
def test_mm_with_java_alt(self):
case = self.cases['mm5']
t = case.as_etree('in.xml')
xmlsec.add_enveloped_signature(t,
pos=-1,
c14n_method=constants.TRANSFORM_C14N_EXCLUSIVE,
transforms=[constants.TRANSFORM_ENVELOPED_SIGNATURE])
signed = xmlsec.sign(t,
key_spec=self.private_keyspec,
cert_spec=self.public_keyspec)
expected = case.as_etree('out.xml')
print " --- Expected"
print etree.tostring(expected)
print " --- Actual"
print etree.tostring(signed)
# extract 'SignatureValue's
expected_sv = _get_all_signatures(expected)
signed_sv = _get_all_signatures(signed)
print "Signed SignatureValue: %s" % (repr(signed_sv))
print "Expected SignatureValue: %s" % (repr(expected_sv))
self.assertEqual(signed_sv, expected_sv)
示例5: test_wrapping_attack
def test_wrapping_attack(self):
"""
Test resistance to attempted wrapping attack
"""
case = self.cases['SAML_assertion1']
print("XML input :\n{}\n\n".format(case.as_buf('in.xml')))
tbs = case.as_etree('in.xml')
signed = xmlsec.sign(tbs,
key_spec=self.private_keyspec,
cert_spec=self.public_keyspec)
attack = case.as_etree('evil.xml')
attack.append(signed)
refs = xmlsec.verified(attack, self.public_keyspec)
self.assertTrue(len(refs) == 1)
print("verified XML: %s" % etree.tostring(refs[0]))
seen_foo = False
seen_bar = False
for av in refs[0].findall(".//{%s}AttributeValue" % 'urn:oasis:names:tc:SAML:2.0:assertion'):
print(etree.tostring(av))
print(av.text)
if av.text == 'Foo':
seen_foo = True
elif av.text == 'Bar':
seen_bar = True
self.assertTrue(av.text != 'admin')
self.assertTrue(seen_foo and seen_bar)
示例6: secure_message_sign
def secure_message_sign(self, root):
"""
Sign the SignedDelivery message.
"""
del root.attrib['xmlns']
unsigned_xml = apply_xslt(root, 'secure_message_drop_ns.xsl')
unsigned_xml.attrib['xmlns'] = 'http://minameddelanden.gov.se/schema/Message'
xmlsec.add_enveloped_signature(unsigned_xml, pos=-1, c14n_method=constants.TRANSFORM_C14N_EXCLUSIVE,
transforms=[constants.TRANSFORM_ENVELOPED_SIGNATURE])
xml_signed = xmlsec.sign(unsigned_xml, self.key_file, self.cert)
return xml_signed
示例7: test_sign_verify_SAML_assertion_sha256
def test_sign_verify_SAML_assertion_sha256(self):
"""
Test signing a SAML assertion using sha256, and making sure we can verify it.
"""
case = self.cases['SAML_assertion_sha256']
print("XML input :\n{}\n\n".format(case.as_buf('in.xml')))
signed = xmlsec.sign(case.as_etree('in.xml'),
key_spec=self.private_keyspec,
cert_spec=self.public_keyspec)
res = xmlsec.verify(signed, self.public_keyspec)
self.assertTrue(res)
示例8: test_duo_vuln_attack
def test_duo_vuln_attack(self):
"""
Test https://duo.com/blog/duo-finds-saml-vulnerabilities-affecting-multiple-implementations
"""
case = self.cases['SAML_assertion_sha256']
print("XML input :\n{}\n\n".format(case.as_buf('in.xml')))
signed = xmlsec.sign(case.as_etree('in.xml'),
key_spec=self.private_keyspec,
cert_spec=self.public_keyspec)
refs = xmlsec.verified(signed, self.public_keyspec)
self.assertTrue(len(refs) == 1)
print("verified XML: %s" % etree.tostring(refs[0]))
assert('evil' not in [x.text for x in refs[0].findall(".//{%s}AttributeValue" % 'urn:oasis:names:tc:SAML:2.0:assertion')])
示例9: test_sign_xades
def test_sign_xades(self):
"""
Test that we can sign an already signed document without breaking the first signature
"""
case = self.cases['dont_break_xades']
t = case.as_etree('in.xml')
signed = xmlsec.sign(t, self.private_keyspec)
self.assertIsNotNone(signed)
digests = [dv.text for dv in signed.findall('.//{%s}DigestValue' % xmlsec.NS['ds'])]
assert 'JvmW5vKjaTEVHzOdiC/H3HSGNocGamY9sDeU86ld6TA=' in digests
res = xmlsec.verify(signed, self.public_keyspec)
self.assertTrue(res)
示例10: test_SAML_sign_with_pkcs11
def test_SAML_sign_with_pkcs11(self):
"""
Test signing a SAML assertion using PKCS#11 and then verifying it using plain file.
"""
case = self.cases['SAML_assertion1']
print("XML input :\n{}\n\n".format(case.as_buf('in.xml')))
os.environ['SOFTHSM_CONF'] = softhsm_conf
signed = xmlsec.sign(case.as_etree('in.xml'),
key_spec="pkcs11://%s:0/test?pin=secret1" % P11_MODULE)
# verify signature using the public key
res = xmlsec.verify(signed, signer_cert_pem)
self.assertTrue(res)
示例11: seal_delivery_sign
def seal_delivery_sign(self, root):
"""
Sign the SealedDelivery message.
"""
root.tag = 'SealedDelivery'
root.attrib['xmlns'] = 'http://minameddelanden.gov.se/schema/Message'
xmlsec.add_enveloped_signature(root, pos=-1, c14n_method=constants.TRANSFORM_C14N_EXCLUSIVE,
transforms=[constants.TRANSFORM_ENVELOPED_SIGNATURE,
constants.TRANSFORM_C14N_EXCLUSIVE])
xml_signed = xmlsec.sign(root,
self.key_file,
self.cert,
sig_path="./{http://www.w3.org/2000/09/xmldsig#}Signature")
xml_signed.tag = 'arg0'
del xml_signed.attrib['xmlns']
return xml_signed
示例12: test_sign_verify_SAML_assertion_unwrap2
def test_sign_verify_SAML_assertion_unwrap2(self):
"""
Test signing a SAML assertion, and return verified data.
"""
case = self.cases['SAML_assertion1']
print("XML input :\n{}\n\n".format(case.as_buf('in.xml')))
tbs = case.as_etree('in.xml')
signed = xmlsec.sign(tbs,
key_spec=self.private_keyspec,
cert_spec=self.public_keyspec)
refs = xmlsec.verified(signed, self.public_keyspec)
self.assertTrue(len(refs) == 1)
print("verified XML: %s" % etree.tostring(refs[0]))
self.assertTrue(tbs.tag == refs[0].tag)
set1 = set(etree.tostring(i, method='c14n') for i in root(tbs))
set2 = set(etree.tostring(i, method='c14n') for i in root(refs[0]))
self.assertTrue(set1 == set2)
示例13: sign_statement
def sign_statement(self, statement, _class_name, key_file, node_id,
_id_attr):
"""
Sign an XML statement.
The parameters actually used in this CryptoBackend
implementation are :
:param statement: XML as string
:param key_file: xmlsec key_spec string(), filename,
"pkcs11://" URI or PEM data
:returns: Signed XML as string
"""
import xmlsec
import lxml.etree
xml = xmlsec.parse_xml(statement)
signed = xmlsec.sign(xml, key_file)
return lxml.etree.tostring(signed, xml_declaration=True)
示例14: test_sign_SAML_assertion_sha256
def test_sign_SAML_assertion_sha256(self):
"""
Test signing a SAML assertion using sha256, and compare resulting signature with that of another implementation (xmlsec1).
"""
case = self.cases['SAML_assertion_sha256']
print("XML input :\n{}\n\n".format(case.as_buf('in.xml')))
signed = xmlsec.sign(case.as_etree('in.xml'),
key_spec=self.private_keyspec,
cert_spec=self.public_keyspec)
expected = case.as_etree('out.xml')
# extract 'SignatureValue's
expected_sv = _get_all_signatures(expected)
signed_sv = _get_all_signatures(signed)
print "Signed SignatureValue: %s" % (repr(signed_sv))
print "Expected SignatureValue: %s" % (repr(expected_sv))
self.assertEqual(signed_sv, expected_sv)
示例15: test_edugain_with_xmlsec1
def test_edugain_with_xmlsec1(self):
case = self.cases['edugain']
t = case.as_etree('xmlsec1_in.xml')
signed = xmlsec.sign(t,
key_spec=self.private_keyspec,
cert_spec=self.public_keyspec)
expected = case.as_etree('xmlsec1_out.xml')
print " --- Expected"
print etree.tostring(expected)
print " --- Actual"
print etree.tostring(signed)
# extract 'SignatureValue's
expected_sv = _get_all_signatures(expected)
signed_sv = _get_all_signatures(signed)
print "Signed SignatureValue: %s" % (repr(signed_sv))
print "Expected SignatureValue: %s" % (repr(expected_sv))