source: TI12-security/trunk/NDGSecurity/python/Tests/xmlsec/sign1.py @ 7080

Subversion URL: http://proj.badc.rl.ac.uk/svn/ndg/TI12-security/trunk/NDGSecurity/python/Tests/xmlsec/sign1.py@7080
Revision 7080, 3.5 KB checked in by pjkersha, 9 years ago (diff)
  • Property svn:executable set to *
  • Property svn:keywords set to Id
Line 
1#!/usr/bin/env python
2#
3# $Id$
4#
5# PyXMLSec example: Signing a template file.
6#
7# Signs a template file using a key from PEM file
8#
9# Usage:
10#       ./sign1.py <xml-tmpl> <pem-key>
11#
12# Example:
13#       ./sign1.py sign1-tmpl.xml rsakey.pem > sign1-res.xml
14#
15# The result signature could be validated using verify1 example:
16#       ./verify1.py sign1-res.xml rsapub.pem
17#
18# This is free software; see COPYING file in the source
19# distribution for preciese wording.
20#
21# Copyright (C) 2003-2004 Valery Febvre <vfebvre@easter-eggs.com>
22#
23
24import sys
25sys.path.insert(0, '../')
26
27import libxml2
28import xmlsec
29
30def main():
31    assert(sys.argv)
32    if len(sys.argv) < 3:
33        print "Error: wrong number of arguments."
34        print "Usage: %s <xml-tmpl> <pem-key>" % sys.argv[0]
35        return sys.exit(1)
36   
37    # Init libxml library
38    libxml2.initParser()
39    libxml2.substituteEntitiesDefault(1)
40
41    # Init xmlsec library
42    if xmlsec.init() < 0:
43        print "Error: xmlsec initialization failed."
44        return sys.exit(-1)
45   
46    # Check loaded library version
47    if xmlsec.checkVersion() != 1:
48        print "Error: loaded xmlsec library version is not compatible.\n"
49        sys.exit(-1)
50
51    # Init crypto library
52    if xmlsec.cryptoAppInit(None) < 0:
53        print "Error: crypto initialization failed."
54   
55    # Init xmlsec-crypto library
56    if xmlsec.cryptoInit() < 0:
57        print "Error: xmlsec-crypto initialization failed."
58
59    res = sign_file(sys.argv[1], sys.argv[2])
60
61    # Shutdown xmlsec-crypto library
62    xmlsec.cryptoShutdown()
63
64    # Shutdown crypto library
65    xmlsec.cryptoAppShutdown()
66
67    # Shutdown xmlsec library
68    xmlsec.shutdown()
69
70    # Shutdown LibXML2
71    libxml2.cleanupParser()
72
73    sys.exit(res)
74
75
76# Signs the tmpl_file using private key from key_file.
77# Returns 0 on success or a negative value if an error occurs.
78def sign_file(tmpl_file, key_file):
79    assert(tmpl_file)
80    assert(key_file)
81
82    # Load template
83    doc = libxml2.parseFile(tmpl_file)
84    if doc is None or doc.getRootElement() is None:
85        print "Error: unable to parse file \"%s\"" % tmpl_file
86        return -1
87   
88    # Find start node
89    node = xmlsec.findNode(doc.getRootElement(), xmlsec.NodeSignature,
90                           xmlsec.DSigNs)
91    if node is None:
92        print "Error: start node not found in \"%s\"" % tmpl_file
93        return cleanup(doc)
94       
95    # Create signature context, we don't need keys manager in this example
96    dsig_ctx = xmlsec.DSigCtx()
97    if dsig_ctx is None:
98        print "Error: failed to create signature context"
99        return cleanup(doc)
100
101    # Load private key, assuming that there is not password
102    key = xmlsec.cryptoAppKeyLoad(key_file, xmlsec.KeyDataFormatPem,
103                                  None, None, None)
104    if key is None:
105        print "Error: failed to load private pem key from \"%s\"" % key_file
106        return cleanup(doc, dsig_ctx)
107    dsig_ctx.signKey = key
108
109    # Set key name to the file name, this is just an example!
110    if key.setName(key_file) < 0:
111        print "Error: failed to set key name for key from \"%s\"" % key_file
112        return cleanup(doc, dsig_ctx)
113
114    # Sign the template
115    if dsig_ctx.sign(node) < 0:
116        print "Error: signature failed"
117        return cleanup(doc, dsig_ctx)
118
119    # Print signed document to stdout
120    doc.dump("-")
121
122    # Success
123    return cleanup(doc, dsig_ctx, 1)
124
125
126def cleanup(doc=None, dsig_ctx=None, res=-1):
127    if dsig_ctx is not None:
128        dsig_ctx.destroy()
129    if doc is not None:
130        doc.freeDoc()
131    return res
132
133
134if __name__ == "__main__":
135    main()
136   
Note: See TracBrowser for help on using the repository browser.