本文整理汇总了Python中xmlsec.sign函数的典型用法代码示例。如果您正苦于以下问题:Python sign函数的具体用法?Python sign怎么用?Python sign使用的例子?那么恭喜您, 这里精选的函数代码示例或许可以为您提供帮助。
在下文中一共展示了sign函数的20个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于我们的系统推荐出更棒的Python代码示例。
示例1: SignAlert
def SignAlert(xml_tree, username):
"""Sign XML with user key/certificate.
Args:
xml_tree: (string) Alert XML tree.
username: (string) Username of the alert author.
Returns:
String.
Signed alert XML tree if your has key/certificate pair
Unchanged XML tree otherwise.
"""
if not XMLSEC_DEFINED:
return xml_tree
key_path = os.path.join(settings.CREDENTIALS_DIR, username + ".key")
cert_path = os.path.join(settings.CREDENTIALS_DIR, username + ".cert")
try:
signed_xml_tree = copy.deepcopy(xml_tree)
xmlsec.add_enveloped_signature(signed_xml_tree, pos=-1)
xmlsec.sign(signed_xml_tree, key_path, cert_path)
return signed_xml_tree
except (IOError, xmlsec.exceptions.XMLSigException):
return xml_tree
开发者ID:dlorenc,项目名称:CAPCollector,代码行数:26,代码来源:utils.py
示例2: signCAP
def signCAP(self, xml_tree):
try:
signed_xml_tree = copy.deepcopy(xml_tree)
xmlsec.add_enveloped_signature(signed_xml_tree, pos=-1)
xmlsec.sign(signed_xml_tree, self.key_path, self.cert_path)
return signed_xml_tree
except:
return xml_tree
开发者ID:ravihansa3000,项目名称:CAPCollector,代码行数:8,代码来源:cap_support.py
示例3: test_mm2
def test_mm2(self):
case = self.cases['mm2']
t = case.as_etree('in.xml')
xmlsec.add_enveloped_signature(t,
pos=-1,
c14n_method=constants.TRANSFORM_C14N_EXCLUSIVE,
digest_alg=constants.ALGORITHM_DIGEST_SHA1,
signature_alg=constants.ALGORITHM_SIGNATURE_RSA_SHA1,
transforms=[constants.TRANSFORM_ENVELOPED_SIGNATURE])
signed = xmlsec.sign(t,
key_spec=self.private_keyspec,
cert_spec=self.public_keyspec)
expected = case.as_etree('out.xml')
print(" --- Expected")
print(etree.tostring(expected))
print(" --- Actual")
print(etree.tostring(signed))
# extract 'SignatureValue's
expected_sv = _get_all_signatures(expected)
signed_sv = _get_all_signatures(signed)
print("Signed SignatureValue: %s" % (repr(signed_sv)))
print("Expected SignatureValue: %s" % (repr(expected_sv)))
self.assertEqual(signed_sv, expected_sv)
开发者ID:leifj,项目名称:pyXMLSecurity,代码行数:28,代码来源:sign_verify_test.py
示例4: test_mm_with_java_alt
def test_mm_with_java_alt(self):
case = self.cases['mm5']
t = case.as_etree('in.xml')
xmlsec.add_enveloped_signature(t,
pos=-1,
c14n_method=constants.TRANSFORM_C14N_EXCLUSIVE,
transforms=[constants.TRANSFORM_ENVELOPED_SIGNATURE])
signed = xmlsec.sign(t,
key_spec=self.private_keyspec,
cert_spec=self.public_keyspec)
expected = case.as_etree('out.xml')
print " --- Expected"
print etree.tostring(expected)
print " --- Actual"
print etree.tostring(signed)
# extract 'SignatureValue's
expected_sv = _get_all_signatures(expected)
signed_sv = _get_all_signatures(signed)
print "Signed SignatureValue: %s" % (repr(signed_sv))
print "Expected SignatureValue: %s" % (repr(expected_sv))
self.assertEqual(signed_sv, expected_sv)
开发者ID:bonline,项目名称:pyXMLSecurity,代码行数:26,代码来源:sign_verify_test.py
示例5: test_wrapping_attack
def test_wrapping_attack(self):
"""
Test resistance to attempted wrapping attack
"""
case = self.cases['SAML_assertion1']
print("XML input :\n{}\n\n".format(case.as_buf('in.xml')))
tbs = case.as_etree('in.xml')
signed = xmlsec.sign(tbs,
key_spec=self.private_keyspec,
cert_spec=self.public_keyspec)
attack = case.as_etree('evil.xml')
attack.append(signed)
refs = xmlsec.verified(attack, self.public_keyspec)
self.assertTrue(len(refs) == 1)
print("verified XML: %s" % etree.tostring(refs[0]))
seen_foo = False
seen_bar = False
for av in refs[0].findall(".//{%s}AttributeValue" % 'urn:oasis:names:tc:SAML:2.0:assertion'):
print(etree.tostring(av))
print(av.text)
if av.text == 'Foo':
seen_foo = True
elif av.text == 'Bar':
seen_bar = True
self.assertTrue(av.text != 'admin')
self.assertTrue(seen_foo and seen_bar)
开发者ID:bonline,项目名称:pyXMLSecurity,代码行数:26,代码来源:sign_verify_test.py
示例6: secure_message_sign
def secure_message_sign(self, root):
"""
Sign the SignedDelivery message.
"""
del root.attrib['xmlns']
unsigned_xml = apply_xslt(root, 'secure_message_drop_ns.xsl')
unsigned_xml.attrib['xmlns'] = 'http://minameddelanden.gov.se/schema/Message'
xmlsec.add_enveloped_signature(unsigned_xml, pos=-1, c14n_method=constants.TRANSFORM_C14N_EXCLUSIVE,
transforms=[constants.TRANSFORM_ENVELOPED_SIGNATURE])
xml_signed = xmlsec.sign(unsigned_xml, self.key_file, self.cert)
return xml_signed
开发者ID:SUNET,项目名称:pymmclient,代码行数:12,代码来源:plugin.py
示例7: test_sign_verify_SAML_assertion_sha256
def test_sign_verify_SAML_assertion_sha256(self):
"""
Test signing a SAML assertion using sha256, and making sure we can verify it.
"""
case = self.cases['SAML_assertion_sha256']
print("XML input :\n{}\n\n".format(case.as_buf('in.xml')))
signed = xmlsec.sign(case.as_etree('in.xml'),
key_spec=self.private_keyspec,
cert_spec=self.public_keyspec)
res = xmlsec.verify(signed, self.public_keyspec)
self.assertTrue(res)
开发者ID:bonline,项目名称:pyXMLSecurity,代码行数:12,代码来源:sign_verify_test.py
示例8: test_duo_vuln_attack
def test_duo_vuln_attack(self):
"""
Test https://duo.com/blog/duo-finds-saml-vulnerabilities-affecting-multiple-implementations
"""
case = self.cases['SAML_assertion_sha256']
print("XML input :\n{}\n\n".format(case.as_buf('in.xml')))
signed = xmlsec.sign(case.as_etree('in.xml'),
key_spec=self.private_keyspec,
cert_spec=self.public_keyspec)
refs = xmlsec.verified(signed, self.public_keyspec)
self.assertTrue(len(refs) == 1)
print("verified XML: %s" % etree.tostring(refs[0]))
assert('evil' not in [x.text for x in refs[0].findall(".//{%s}AttributeValue" % 'urn:oasis:names:tc:SAML:2.0:assertion')])
开发者ID:leifj,项目名称:pyXMLSecurity,代码行数:14,代码来源:sign_verify_test.py
示例9: test_sign_xades
def test_sign_xades(self):
"""
Test that we can sign an already signed document without breaking the first signature
"""
case = self.cases['dont_break_xades']
t = case.as_etree('in.xml')
signed = xmlsec.sign(t, self.private_keyspec)
self.assertIsNotNone(signed)
digests = [dv.text for dv in signed.findall('.//{%s}DigestValue' % xmlsec.NS['ds'])]
assert 'JvmW5vKjaTEVHzOdiC/H3HSGNocGamY9sDeU86ld6TA=' in digests
res = xmlsec.verify(signed, self.public_keyspec)
self.assertTrue(res)
开发者ID:fredrikt,项目名称:pyXMLSecurity,代码行数:14,代码来源:sign_verify_test.py
示例10: test_SAML_sign_with_pkcs11
def test_SAML_sign_with_pkcs11(self):
"""
Test signing a SAML assertion using PKCS#11 and then verifying it using plain file.
"""
case = self.cases['SAML_assertion1']
print("XML input :\n{}\n\n".format(case.as_buf('in.xml')))
os.environ['SOFTHSM_CONF'] = softhsm_conf
signed = xmlsec.sign(case.as_etree('in.xml'),
key_spec="pkcs11://%s:0/test?pin=secret1" % P11_MODULE)
# verify signature using the public key
res = xmlsec.verify(signed, signer_cert_pem)
self.assertTrue(res)
开发者ID:fredrikt,项目名称:pyXMLSecurity,代码行数:15,代码来源:p11_test.py
示例11: seal_delivery_sign
def seal_delivery_sign(self, root):
"""
Sign the SealedDelivery message.
"""
root.tag = 'SealedDelivery'
root.attrib['xmlns'] = 'http://minameddelanden.gov.se/schema/Message'
xmlsec.add_enveloped_signature(root, pos=-1, c14n_method=constants.TRANSFORM_C14N_EXCLUSIVE,
transforms=[constants.TRANSFORM_ENVELOPED_SIGNATURE,
constants.TRANSFORM_C14N_EXCLUSIVE])
xml_signed = xmlsec.sign(root,
self.key_file,
self.cert,
sig_path="./{http://www.w3.org/2000/09/xmldsig#}Signature")
xml_signed.tag = 'arg0'
del xml_signed.attrib['xmlns']
return xml_signed
开发者ID:SUNET,项目名称:pymmclient,代码行数:16,代码来源:plugin.py
示例12: test_sign_verify_SAML_assertion_unwrap2
def test_sign_verify_SAML_assertion_unwrap2(self):
"""
Test signing a SAML assertion, and return verified data.
"""
case = self.cases['SAML_assertion1']
print("XML input :\n{}\n\n".format(case.as_buf('in.xml')))
tbs = case.as_etree('in.xml')
signed = xmlsec.sign(tbs,
key_spec=self.private_keyspec,
cert_spec=self.public_keyspec)
refs = xmlsec.verified(signed, self.public_keyspec)
self.assertTrue(len(refs) == 1)
print("verified XML: %s" % etree.tostring(refs[0]))
self.assertTrue(tbs.tag == refs[0].tag)
set1 = set(etree.tostring(i, method='c14n') for i in root(tbs))
set2 = set(etree.tostring(i, method='c14n') for i in root(refs[0]))
self.assertTrue(set1 == set2)
开发者ID:bonline,项目名称:pyXMLSecurity,代码行数:18,代码来源:sign_verify_test.py
示例13: sign_statement
def sign_statement(self, statement, _class_name, key_file, node_id,
_id_attr):
"""
Sign an XML statement.
The parameters actually used in this CryptoBackend
implementation are :
:param statement: XML as string
:param key_file: xmlsec key_spec string(), filename,
"pkcs11://" URI or PEM data
:returns: Signed XML as string
"""
import xmlsec
import lxml.etree
xml = xmlsec.parse_xml(statement)
signed = xmlsec.sign(xml, key_file)
return lxml.etree.tostring(signed, xml_declaration=True)
开发者ID:gbel,项目名称:pysaml2,代码行数:19,代码来源:sigver.py
示例14: test_sign_SAML_assertion_sha256
def test_sign_SAML_assertion_sha256(self):
"""
Test signing a SAML assertion using sha256, and compare resulting signature with that of another implementation (xmlsec1).
"""
case = self.cases['SAML_assertion_sha256']
print("XML input :\n{}\n\n".format(case.as_buf('in.xml')))
signed = xmlsec.sign(case.as_etree('in.xml'),
key_spec=self.private_keyspec,
cert_spec=self.public_keyspec)
expected = case.as_etree('out.xml')
# extract 'SignatureValue's
expected_sv = _get_all_signatures(expected)
signed_sv = _get_all_signatures(signed)
print "Signed SignatureValue: %s" % (repr(signed_sv))
print "Expected SignatureValue: %s" % (repr(expected_sv))
self.assertEqual(signed_sv, expected_sv)
开发者ID:bonline,项目名称:pyXMLSecurity,代码行数:20,代码来源:sign_verify_test.py
示例15: test_edugain_with_xmlsec1
def test_edugain_with_xmlsec1(self):
case = self.cases['edugain']
t = case.as_etree('xmlsec1_in.xml')
signed = xmlsec.sign(t,
key_spec=self.private_keyspec,
cert_spec=self.public_keyspec)
expected = case.as_etree('xmlsec1_out.xml')
print " --- Expected"
print etree.tostring(expected)
print " --- Actual"
print etree.tostring(signed)
# extract 'SignatureValue's
expected_sv = _get_all_signatures(expected)
signed_sv = _get_all_signatures(signed)
print "Signed SignatureValue: %s" % (repr(signed_sv))
print "Expected SignatureValue: %s" % (repr(expected_sv))
开发者ID:fredrikt,项目名称:pyXMLSecurity,代码行数:20,代码来源:sign_verify_test.py
示例16: test_mm_with_inner_signature
def test_mm_with_inner_signature(self):
expected_digest = 'd62qF9gk1F1/JcdUrtJUqPtoMHc='
case = self.cases['mm6']
t = case.as_etree('in.xml')
xmlsec.add_enveloped_signature(t,
pos=-1,
c14n_method=constants.TRANSFORM_C14N_EXCLUSIVE,
digest_alg=constants.ALGORITHM_DIGEST_SHA1,
signature_alg=constants.ALGORITHM_SIGNATURE_RSA_SHA1,
transforms=[constants.TRANSFORM_ENVELOPED_SIGNATURE])
signed = xmlsec.sign(t,
key_spec=self.private_keyspec,
cert_spec=self.public_keyspec,
sig_path="./{http://www.w3.org/2000/09/xmldsig#}Signature")
expected = case.as_etree('out.xml')
sig = t.find("./{%s}Signature" % xmlsec.NS['ds'])
digest = sig.findtext('.//{%s}DigestValue' % xmlsec.NS['ds'])
print(" --- Expected digest value")
print(expected_digest)
print(" --- Actual digest value")
print(digest)
print(" --- Expected")
print(etree.tostring(expected))
print(" --- Actual")
print(etree.tostring(signed))
# extract 'SignatureValue's
expected_sv = _get_all_signatures(expected)
signed_sv = _get_all_signatures(signed)
print("Signed SignatureValue: %s" % (repr(signed_sv)))
print("Expected SignatureValue: %s" % (repr(expected_sv)))
self.assertEquals(digest, expected_digest)
self.assertEqual(signed_sv, expected_sv)
开发者ID:leifj,项目名称:pyXMLSecurity,代码行数:40,代码来源:sign_verify_test.py
示例17: test_mm_with_java
def test_mm_with_java(self):
case = self.cases['mm4']
t = case.as_etree('in.xml')
signed = xmlsec.sign(t,
key_spec=self.private_keyspec,
cert_spec=self.public_keyspec)
expected = case.as_etree('out.xml')
print " --- Expected"
print etree.tostring(expected)
print " --- Actual"
print etree.tostring(signed)
# extract 'SignatureValue's
expected_sv = _get_all_signatures(expected)
signed_sv = _get_all_signatures(signed)
print "Signed SignatureValue: %s" % (repr(signed_sv))
print "Expected SignatureValue: %s" % (repr(expected_sv))
self.assertEqual(signed_sv, expected_sv)
开发者ID:bonline,项目名称:pyXMLSecurity,代码行数:22,代码来源:sign_verify_test.py
示例18: test_sign_verify_all
def test_sign_verify_all(self):
"""
Run through all testcases, sign and verify using xmlsec1
"""
for case in self.cases.values():
if case.has_data('in.xml'):
signed = xmlsec.sign(case.as_etree('in.xml'),
key_spec=self.private_keyspec,
cert_spec=self.public_keyspec)
res = xmlsec.verify(signed, self.public_keyspec)
self.assertTrue(res)
with open(self.tmpf.name, "w") as fd:
fd.write(etree.tostring(signed))
run_cmd([XMLSEC1,
'--verify',
'--store-references',
'--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:metadata:EntityDescriptor',
'--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:metadata:EntitiesDescriptor',
'--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion',
'--verification-time', '2009-11-01 12:00:00',
'--trusted-pem', self.public_keyspec,
self.tmpf.name])
开发者ID:fredrikt,项目名称:pyXMLSecurity,代码行数:23,代码来源:sign_verify_test.py
示例19: sign
def sign(req, *opts):
"""
Sign the working document.
:param req: The request
:param opts: Options (unused)
:return: returns the signed working document
Sign expects a single dict with at least a 'key' key and optionally a 'cert' key. The 'key' argument references
either a PKCS#11 uri or the filename containing a PEM-encoded non-password protected private RSA key.
The 'cert' argument may be empty in which case the cert is looked up using the PKCS#11 token, or may point
to a file containing a PEM-encoded X.509 certificate.
**PKCS11 URIs**
A pkcs11 URI has the form
.. code-block:: xml
pkcs11://<absolute path to SO/DLL>[:slot]/<object label>[?pin=<pin>]
The pin parameter can be used to point to an environment variable containing the pin: "env:<ENV variable>".
By default pin is "env:PYKCS11PIN" which tells sign to use the pin found in the PYKCS11PIN environment
variable. This is also the default for PyKCS11 which is used to communicate with the PKCS#11 module.
**Examples**
.. code-block:: yaml
- sign:
key: pkcs11:///usr/lib/libsofthsm.so/signer
This would sign the document using the key with label 'signer' in slot 0 of the /usr/lib/libsofthsm.so module.
Note that you may need to run pyff with env PYKCS11PIN=<pin> .... for this to work. Consult the documentation
of your PKCS#11 module to find out about any other configuration you may need.
.. code-block:: yaml
- sign:
key: signer.key
cert: signer.crt
This example signs the document using the plain key and cert found in the signer.key and signer.crt files.
"""
if req.t is None:
raise PipeException("Your pipeline is missing a select statement.")
if not type(req.args) is dict:
raise PipeException("Missing key and cert arguments to sign pipe")
key_file = req.args.get('key', None)
cert_file = req.args.get('cert', None)
if key_file is None:
raise PipeException("Missing key argument for sign pipe")
if cert_file is None:
log.info("Attempting to extract certificate from token...")
opts = dict()
relt = root(req.t)
idattr = relt.get('ID')
if idattr:
opts['reference_uri'] = "#%s" % idattr
xmlsec.sign(req.t, key_file, cert_file, **opts)
return req.t
开发者ID:pmeulen,项目名称:pyFF,代码行数:67,代码来源:builtins.py
示例20: test_mm1
def test_mm1(self):
case = self.cases['mm1']
signed = xmlsec.sign(case.as_etree('in.xml'),
key_spec=self.private_keyspec,
cert_spec=self.public_keyspec)
print etree.tostring(signed)
开发者ID:bonline,项目名称:pyXMLSecurity,代码行数:6,代码来源:sign_verify_test.py
注:本文中的xmlsec.sign函数示例由纯净天空整理自Github/MSDocs等源码及文档管理平台,相关代码片段筛选自各路编程大神贡献的开源项目,源码版权归原作者所有,传播和使用请参考对应项目的License;未经允许,请勿转载。 |
请发表评论