Changeset 4061 for TI12-security/trunk


Ignore:
Timestamp:
23/07/08 15:58:43 (11 years ago)
Author:
pjkersha
Message:

More fixes to XMLSec functionality.

Location:
TI12-security/trunk/python/ndg.security.common/ndg/security/common
Files:
1 added
2 edited

Legend:

Unmodified
Added
Removed
  • TI12-security/trunk/python/ndg.security.common/ndg/security/common/XMLSec.py

    r4059 r4061  
    1616import os 
    1717 
    18 # Fudge for re-directing error output from xmlsec.shutdown() 
    19 import sys 
    20  
    2118# For removal of BEGIN and END CERTIFICATE markers from X.509 certs 
    2219import re 
     
    5956 
    6057class SignError(Exception):   
    61     """Raised form sign method if an error occurs generating the signature""" 
     58    """Raised from sign method if an error occurs generating the signature""" 
    6259      
    6360class VerifyError(Exception): 
  • TI12-security/trunk/python/ndg.security.common/ndg/security/common/xmlsec/etree.py

    r4059 r4061  
    1616import os 
    1717 
    18 # Fudge for re-directing error output from xmlsec.shutdown() 
    19 import sys 
    20  
    21 # For removal of BEGIN and END CERTIFICATE markers from X.509 certs 
    22 import re 
    23  
    24 # Include for re-parsing doc ready for canonicalization in sign method - see 
    25 # associated note 
    26 from xml.dom.ext.reader.PyExpat import Reader 
    27 from Ft.Xml.Domlette import NonvalidatingReader 
    28  
    29 # Use to find parent node when parsing docs 
    30 from xml.dom.Element import Element 
    31  
    32 getParentNode = lambda docNode: [elem for elem in docNode.childNodes \ 
    33                                  if isinstance(elem, Element)][0] 
    34  
    3518# Digest and signature/verify 
    3619from sha import sha 
     
    4528isExclC14n = lambda c14nKw: bool(c14nKw.get('exclusive')) 
    4629inclNSsSet = lambda c14nKw: bool(c14nKw.get('inclusive_namespaces')) 
    47      
    48 def getElements(node, nameList): 
    49     '''DOM Helper function for getting child elements from a given node''' 
    50     # Avoid sub-string matches 
    51     nameList = isinstance(nameList, basestring) and [nameList] or nameList 
    52     return [n for n in node.childNodes if str(n.localName) in nameList] 
    53  
    5430 
    5531class XMLSecDocError(Exception): 
    5632    """Exception handling for NDG XML Security class.""" 
    5733 
    58 class SignError(Exception):   
    59     """Raised form sign method if an error occurs generating the signature""" 
     34class SignError(XMLSecDocError):   
     35    """Raised from signature method if an error occurs generating the signature 
     36    """ 
    6037      
    61 class VerifyError(Exception): 
     38class VerifyError(XMLSecDocError): 
    6239    """Raised from verify method if an error occurs""" 
    6340    
    64 class InvalidSignature(Exception): 
     41class InvalidSignature(XMLSecDocError): 
    6542    """Raised from verify method for an invalid signature""" 
     43 
     44class NoSignatureFound(XMLSecDocError):  
     45    """Incoming message to be verified was not signed""" 
    6646 
    6747 
     
    6949class XMLSecDoc(object): 
    7050    """Implements XML Signature and XML Encryption for a Document. 
     51    """ 
    7152     
    72     @type _beginCert: string 
    73     @param _beginCert: delimiter for beginning of base64 encoded portion of 
    74     a PEM encoded X.509 certificate 
    75     @type _endCert: string 
    76     @cvar: _endCert: equivalent end delimiter 
    77      
    78     @type _x509CertPat: regular expression pattern object 
    79     @cvar _x509CertPat: regular expression for extracting the base64 encoded  
    80     portion of a PEM encoded X.509 certificate""" 
    81      
    82     _beginCert = '-----BEGIN CERTIFICATE-----\n' 
    83     _endCert = '\n-----END CERTIFICATE-----' 
    84     _x509CertPat = re.compile(_beginCert + \ 
    85                                '?(.*?)\n?-----END CERTIFICATE-----', 
    86                                re.S) 
    87  
    8853    def __init__(self, 
    8954                 filePath=None, 
     
    12186            self._setSigningKeyFilePath(signingKeyFilePath) 
    12287 
    123         # Password proetcting Private key used to sign the document - password 
     88        # Password protecting Private key used to sign the document - password 
    12489        # may be None 
    12590        self._setSigningKeyPwd(signingKeyPwd) 
     
    353318                              **kw) 
    354319 
     320 
    355321    def canonicalize(self, **kw): 
    356322        '''ElementTree based Canonicalization - See ElementC14N for keyword 
     
    372338        return c14n 
    373339         
     340         
    374341    def applyEnvelopedSignature(self, 
    375342                                xmlTxt=None, 
    376343                                inclX509Cert=True, 
    377344                                refC14nKw={}, 
    378                                 signedInfoC14nKw={}): 
    379          
     345                                signedInfoC14nKw={}):         
    380346        """Make enveloped signature of XML document 
    381347 
     348        @type xmlTxt: string 
    382349        @param xmlTxt: string buffer containing xml to be signed. If not  
    383350        provided, calls XMLSecDoc.createXML().  This is a virtual method so  
    384351        must be defined in a derived class. 
    385                              
     352           
     353        @type inclX509Cert: bool                   
    386354        @param inclX509Cert: include MIME encoded content of X.509 
    387355        certificate.  This can be used by the  recipient of the XML in order  
    388356        to verify the message 
    389357         
     358        @type refC14nKw: dict 
    390359        @param refC14nKw: Keywords for canonicalization of the reference 
    391360        - for enveloped type signature this is the parent element of the XML  
    392361        document.   
    393362 
    394           
     363        @type signedInfoC14nKw: dict 
    395364        @param signedInfoC14nKw: keywords for canonicalization of the  
    396365        SignedInfo section of the signature.   
     
    572541        @type xmlTxt: string 
    573542        @param xmlTxt: text from the XML file to be checked.  If omitted, the 
    574         the existing parse document is used instead.""" 
     543        the existing parse document is used instead. 
     544         
     545        @type raiseExcep: bool 
     546        @param raiseExcep: set to True to raise a NoSignatureFound exception if 
     547        no signature element is found, False to return to caller logging a  
     548        message""" 
    575549        
    576550        if xmlTxt: 
     
    600574            msg = "No <ds:Signature> elements found - message not signed?" 
    601575            if raiseExcep: 
    602                 raise VerifyError(msg) 
     576                raise NoSignatureFound(msg) 
    603577            else: 
    604                 log.info(msg) 
     578                log.warning(msg) 
    605579                return 
    606580         
Note: See TracChangeset for help on using the changeset viewer.