source: TI12-security/trunk/python/Tests/xmlsec/verify1.py @ 1415

Subversion URL: http://proj.badc.rl.ac.uk/svn/ndg/TI12-security/trunk/python/Tests/xmlsec/verify1.py@1415
Revision 1415, 3.8 KB checked in by pjkersha, 13 years ago (diff)

Include XML Security test programs.

  • Property svn:executable set to *
Line 
1#!/usr/bin/env python
2#
3# $Id: verify1.py,v 1.1 2005/04/27 08:39:36 pjkersha Exp $
4#
5# PyXMLSec example: Verifying a file using a single key.
6#
7# Verifies a file using a key from PEM file.
8#
9# Usage:
10#       ./verify1.py <signed-file> <pem-key>
11#
12# Example:
13#       ./verify1.py sign1-res.xml rsapub.pem
14#       ./verify1.py sign2-res.xml rsapub.pem
15#
16# This is free software; see COPYING file in the source
17# distribution for preciese wording.
18#
19# Copyright (C) 2003-2004 Valery Febvre <vfebvre@easter-eggs.com>
20#
21
22import sys, os
23sys.path.insert(0, '../')
24
25import libxml2
26import xmlsec
27
28def main():
29    assert(sys.argv)
30    if len(sys.argv) < 3:
31        print "Error: wrong number of arguments."
32        print "Usage: %s <xml-file> <key-file>" % sys.argv[0]
33        return sys.exit(1)
34   
35    # Init libxml library
36    libxml2.initParser()
37    libxml2.substituteEntitiesDefault(1)
38
39    # Init xmlsec library
40    if xmlsec.init() < 0:
41        print "Error: xmlsec initialization failed."
42        return sys.exit(-1)
43   
44    # Check loaded library version
45    if xmlsec.checkVersion() != 1:
46        print "Error: loaded xmlsec library version is not compatible.\n"
47        sys.exit(-1)
48
49    # Init crypto library
50    if xmlsec.cryptoAppInit(None) < 0:
51        print "Error: crypto initialization failed."
52   
53    # Init xmlsec-crypto library
54    if xmlsec.cryptoInit() < 0:
55        print "Error: xmlsec-crypto initialization failed."
56
57    res = verify_file(sys.argv[1], sys.argv[2])
58
59    # Shutdown xmlsec-crypto library
60    xmlsec.cryptoShutdown()
61
62    # Shutdown crypto library
63    xmlsec.cryptoAppShutdown()
64
65    # Shutdown xmlsec library
66    xmlsec.shutdown()
67
68    # Shutdown LibXML2
69    libxml2.cleanupParser()
70
71    sys.exit(res)
72
73
74# Verifies XML signature in xml_file using public key from key_file.
75# Returns 0 on success or a negative value if an error occurs.
76def verify_file(xml_file, key_file):
77    assert(xml_file)
78    assert(key_file)
79
80    # Load XML file
81    if not check_filename(xml_file):
82        return -1
83    doc = libxml2.parseFile(xml_file)
84    if doc is None or doc.getRootElement() is None:
85        print "Error: unable to parse file \"%s\"" % tmpl_file
86        return cleanup(doc)
87
88    # Find start node
89    node = xmlsec.findNode(doc.getRootElement(),
90                           xmlsec.NodeSignature, xmlsec.DSigNs)
91
92    # Create signature context, we don't need keys manager in this example
93    dsig_ctx = xmlsec.DSigCtx()
94    if dsig_ctx is None:
95        print "Error: failed to create signature context"
96        return cleanup(doc)
97
98    # Load private key, assuming that there is not password
99    key = xmlsec.cryptoAppKeyLoad(key_file, xmlsec.KeyDataFormatPem,
100                                  None, None, None)
101    if key is None:
102        print "Error: failed to load private pem key from \"%s\"" % key_file
103        return cleanup(doc, dsig_ctx)
104    dsig_ctx.signKey = key
105
106    # Set key name to the file name, this is just an example!
107    if not check_filename(key_file):
108        return cleanup(doc, dsig_ctx)
109    if key.setName(key_file) < 0:
110        print "Error: failed to set key name for key from \"%s\"" % key_file
111        return cleanup(doc, dsig_ctx)
112
113    # Verify signature
114    if dsig_ctx.verify(node) < 0:
115        print "Error: signature verify"
116        return cleanup(doc, dsig_ctx)
117
118    # Print verification result to stdout
119    if dsig_ctx.status == xmlsec.DSigStatusSucceeded:
120        print "Signature is OK"
121    else:
122        print "Signature is INVALID"
123
124    # Success
125    return cleanup(doc, dsig_ctx, 1)
126
127
128def cleanup(doc=None, dsig_ctx=None, res=-1):
129    if dsig_ctx is not None:
130        dsig_ctx.destroy()
131    if doc is not None:
132        doc.freeDoc()
133    return res
134
135
136def check_filename(filename):
137    if os.access(filename, os.R_OK):
138        return 1
139    else:
140        print "Error: XML file \"%s\" not found OR no read access" % filename
141        return 0
142
143
144if __name__ == "__main__":
145    main()
Note: See TracBrowser for help on using the repository browser.