xmlsec.template

Xml Templates processing

xmlsec.template.add_encrypted_key(node, method, id=None, type=None, recipient=None) → lxml.etree._Element

Adds <enc:EncryptedKey/> node with given attributes to the <dsig:KeyInfo/> node of node.

Parameters

• node (lxml.etree._Element) – the pointer to <dsig:KeyInfo/> node

• method (__Transform) – the encryption method

• id (str or None) – the "Id" attribute (optional)

• type (str or None) – the "Type" attribute (optional)

• recipient (str or None) – the "Recipient" attribute (optional)

Returns

the pointer to the newly created <enc:EncryptedKey/> node

Return type

lxml.etree._Element

xmlsec.template.add_key_name(node, name=None) → lxml.etree._Element

Adds <dsig:KeyName/> node to the <dsig:KeyInfo/> node of node.

Parameters

• node (lxml.etree._Element) – the pointer to <dsig:KeyInfo/> node

• name (str or None) – the key name (optional)

Returns

the pointer to the newly created <dsig:KeyName/> node

Return type

lxml.etree._Element

xmlsec.template.add_key_value(node) → lxml.etree._Element

Adds <dsig:KeyValue/> node to the <dsig:KeyInfo/> node of node.

Parameters

node (lxml.etree._Element) – the pointer to <dsig:KeyInfo/> node

Returns

the pointer to the newly created <dsig:KeyValue/> node

Return type

lxml.etree._Element

xmlsec.template.add_reference(node, digest_method, id=None, uri=None, type=None) → lxml.etree._Element

Adds <dsig:Reference/> node with given "URI" (uri), "Id" (id) and "Type" (type) attributes and the required children <dsig:DigestMethod/> and <dsig:DigestValue/> to the <dsig:SignedInfo/> child of node.

Parameters

• node (lxml.etree._Element) – the pointer to <dsig:Signature/> node

• digest_method (__Transform) – the reference digest method

• id (str or None) – the node id (optional)

• uri (str or None) – the reference node URI (optional)

• type (str or None) – the reference node type (optional)

Returns

the pointer to newly created <dsig:Reference/> node

Return type

lxml.etree._Element

xmlsec.template.add_transform(node) → lxml.etree._Element

Adds <dsig:Transform/> node to the <dsig:Reference/> node of node.

Parameters

• node (lxml.etree._Element) – the pointer to <dsig:Reference/> node

• transform (__Transform) – the transform method id

Returns

the pointer to newly created <dsig:Transform/> node

Return type

lxml.etree._Element

xmlsec.template.add_x509_data(node) → lxml.etree._Element

Adds <dsig:X509Data/> node to the <dsig:KeyInfo/> node of node.

Parameters

node (lxml.etree._Element) – the pointer to <dsig:KeyInfo/> node

Returns

the pointer to the newly created <dsig:X509Data/> node

Return type

lxml.etree._Element

xmlsec.template.create(node, c14n_method, sign_method, id=None, ns=None) → lxml.etree._Element

Creates new <dsig:Signature/> node with the mandatory <dsig:SignedInfo/>, <dsig:CanonicalizationMethod/>, <dsig:SignatureMethod/> and <dsig:SignatureValue/> children and sub-children.

Parameters

• node (lxml.etree._Element) – the signature node

• c14n_method (__Transform) – the signature canonicalization method

• sign_method (__Transform) – the signature method

• id (str or None) – the node id (optional)

• ns (str or None) – the namespace prefix for the signature element (e.g. "dsig") (optional)

Returns

the pointer to newly created <dsig:Signature/> node

Return type

lxml.etree._Element

xmlsec.template.encrypted_data_create(node, method, id=None, type=None, mime_type=None, encoding=None, ns=None) → lxml.etree._Element

Creates new <{ns}:EncryptedData /> node for encryption template.

Parameters

• node (lxml.etree._Element) – the pointer to signature node

• method (__Transform) – the encryption method

• id (str or None) – the "Id" attribute (optional)

• type (str or None) – the "Type" attribute (optional)

• mime_type (str or None) – the "Recipient" attribute (optional)

• encoding (str or None) – the "MimeType" attribute (optional)

• ns (str or None) – the namespace prefix (optional)

Returns

the pointer newly created <enc:EncryptedData/> node

Return type

lxml.etree._Element

xmlsec.template.encrypted_data_ensure_cipher_value(node) → lxml.etree._Element

Adds <CipherValue/> to the <enc:EncryptedData/> node of node.

Parameters

node (lxml.etree._Element) – the pointer to <enc:EncryptedData/> node

Returns

the pointer to newly created <enc:CipherValue/> node

Return type

lxml.etree._Element

xmlsec.template.encrypted_data_ensure_key_info(node, id=None, ns=None) → lxml.etree._Element

Adds <{ns}:KeyInfo/> to the <enc:EncryptedData/> node of node.

Parameters

• node (lxml.etree._Element) – the pointer to <enc:EncryptedData/> node

• id (str or None) – the "Id" attribute (optional)

• ns (str or None) – the namespace prefix (optional)

Returns

the pointer to newly created <dsig:KeyInfo/> node

Return type

lxml.etree._Element

xmlsec.template.ensure_key_info(node, id=None) → lxml.etree._Element

Adds (if necessary) <dsig:KeyInfo/> node to the <dsig:Signature/> node of node.

Parameters

• node (lxml.etree._Element) – the pointer to <dsig:Signature/> node

• id (str or None) – the node id (optional)

Returns

the pointer to newly created <dsig:KeyInfo/> node

Return type

lxml.etree._Element

xmlsec.template.transform_add_c14n_inclusive_namespaces(node, prefixes=None) → None

Adds ‘inclusive’ namespaces to the ExcC14N transform node node.

Parameters

• node (lxml.etree._Element) – the pointer to <dsig:Transform/> node.

• prefixes (str or list of strings) – the list of namespace prefixes, where 'default' indicates the default namespace (optional).

xmlsec.template.x509_data_add_certificate(node) → lxml.etree._Element

Adds <dsig:X509Certificate/> node to the given <dsig:X509Data/> node of node.

Parameters

node (lxml.etree._Element) – the pointer to <dsig:X509Data/> node

Returns

the pointer to the newly created <dsig:X509Certificate/> node

Return type

lxml.etree._Element

xmlsec.template.x509_data_add_crl(node) → lxml.etree._Element

Adds <dsig:X509CRL/> node to the given <dsig:X509Data/> node of node.

Parameters

node (lxml.etree._Element) – the pointer to <dsig:X509Data/> node

Returns

the pointer to the newly created <dsig:X509CRL/> node

Return type

lxml.etree._Element

xmlsec.template.x509_data_add_issuer_serial(node) → lxml.etree._Element

Adds <dsig:X509IssuerSerial/> node to the given <dsig:X509Data/> node of node.

Parameters

node (lxml.etree._Element) – the pointer to <dsig:X509Data/> node

Returns

the pointer to the newly created <dsig:X509IssuerSerial/> node

Return type

lxml.etree._Element

xmlsec.template.x509_data_add_ski(node) → lxml.etree._Element

Adds <dsig:X509SKI/> node to the given <dsig:X509Data/> node of node.

Parameters

node (lxml.etree._Element) – the pointer to <dsig:X509Data/> node

Returns

the pointer to the newly created <dsig:X509SKI/> node

Return type

lxml.etree._Element

xmlsec.template.x509_data_add_subject_name(node) → lxml.etree._Element

Adds <dsig:X509SubjectName/> node to the given <dsig:X509Data/> node of node.

Parameters

node (lxml.etree._Element) – the pointer to <dsig:X509Data/> node

Returns

the pointer to the newly created <dsig:X509SubjectName/> node

Return type

lxml.etree._Element

xmlsec.template.x509_issuer_serial_add_issuer_name(node, name=None) → lxml.etree._Element

Adds <dsig:X509IssuerName/> node to the <dsig:X509IssuerSerial/> node of node.

Parameters

• node (lxml.etree._Element) – the pointer to <dsig:X509IssuerSerial/> node

• name (str or None) – the issuer name (optional)

Returns

the pointer to the newly created <dsig:X509IssuerName/> node

Return type

lxml.etree._Element

xmlsec.template.x509_issuer_serial_add_serial_number(node, serial=None) → lxml.etree._Element

Adds <dsig:X509SerialNumber/> node to the <dsig:X509IssuerSerial/> node of node.

Parameters

• node (lxml.etree._Element) – the pointer to <dsig:X509IssuerSerial/> node

• serial (str or None) – the serial number (optional)

Returns

the pointer to the newly created <dsig:X509SerialNumber/> node

Return type

lxml.etree._Element

Table of contents