xmlsec
#
The tiny python wrapper around xmlsec1 (1.2.34) library
- exception xmlsec.Error#
The common exception class.
- exception xmlsec.InternalError#
The internal exception class.
- exception xmlsec.VerificationError#
The verification exception class.
- class xmlsec.EncryptionContext#
XML Encryption implementation
- decrypt(node)#
Decrypts
node
(anEncryptedData
orEncryptedKey
element) and returns the result. The decryption may result in binary data or an XML subtree. In the former case, the binary data is returned. In the latter case, the input tree is modified and a reference to the decrypted XML subtree is returned. If the operation modifies the tree, it removes replaced nodes.- Parameters
node (
lxml.etree._Element
) – the pointer to<enc:EncryptedData/>
or<enc:EncryptedKey/>
node- Returns
depends on input parameters
- Return type
- encrypt_binary(template, data) lxml.etree._Element #
Encrypts binary
data
according toEncryptedData
templatetemplate
.Note
template
is modified in place.- Parameters
template (
lxml.etree._Element
) – the pointer to<enc:EncryptedData/>
template nodedata (
bytes
) – the data
- Returns
the resulting
<enc:EncryptedData/>
subtree- Return type
- encrypt_uri(template, uri) lxml.etree._Element #
Encrypts binary data obtained from
uri
according totemplate
.Note
template
is modified in place.- Parameters
template (
lxml.etree._Element
) – the pointer to<enc:EncryptedData/>
template nodeuri (
str
) – the URI
- Returns
the resulting
<enc:EncryptedData/>
subtree- Return type
- encrypt_xml(template, node) lxml.etree._Element #
Encrypts
node
usingtemplate
.Note
The
"Type"
attribute oftemplate
decides whethernode
itself (http://www.w3.org/2001/04/xmlenc#Element
) or its content (http://www.w3.org/2001/04/xmlenc#Content
) is encrypted. It must have one of these two values (or an exception is raised). The operation modifies the tree and removes replaced nodes.- Parameters
template (
lxml.etree._Element
) – the pointer to<enc:EncryptedData/>
template nodenode (
lxml.etree._Element
) – the pointer to node for encryption
- Returns
the pointer to newly created
<enc:EncryptedData/>
node- Return type
- key#
Encryption key.
- class xmlsec.Key#
- from_binary_data(klass, data) xmlsec.Key #
Loads (symmetric) key of kind
klass
fromdata
.
- from_binary_file(klass, filename) xmlsec.Key #
Loads (symmetric) key of kind
klass
fromfilename
.
- from_file(file, format, password=None) xmlsec.Key #
Loads PKI key from a file.
- from_memory(data, format, password=None) xmlsec.Key #
Loads PKI key from memory.
- generate(klass, size, type) xmlsec.Key #
Generates key of kind
klass
withsize
andtype
.
- name#
the name of this key.
- class xmlsec.KeysManager#
Keys Manager
- add_key(key: xmlsec.Key) None #
Adds a copy of
key
to keys manager- Parameters
key (
Key
) – the pointer to key
- class xmlsec.SignatureContext#
XML Digital Signature implementation
- enable_reference_transform(transform) None #
Enables use of
transform
as reference transform.Note
by default, all transforms are enabled. The first call of
enable_reference_transform()
will switch to explicitly enabled transforms.- Parameters
transform (
__Transform
) – the transform klass.
- enable_signature_transform(transform) None #
Enables use of
transform
as signature transform.Note
by default, all transforms are enabled. The first call of
enable_signature_transform()
will switch to explicitly enabled transforms.- Parameters
transform (
__Transform
) – the transform klass.
- register_id(node, id_attr='ID', id_ns=None) None #
Registers new id.
- Parameters
node (
lxml.etree._Element
) – the pointer to XML nodeid_attr (
str
) – the attribute
- set_enabled_key_data(keydata_list) None #
Adds selected
__KeyData
to the list of enabled key data list.
- sign(node) None #
Signs according to the signature template.
- Parameters
node (
lxml.etree._Element
) – the pointer to<dsig:Signature/>
node with signature template
- sign_binary(bytes, transform) bytes #
Signs binary data
data
with algorithmtransform
.- Parameters
bytes (
bytes
) – the binary datatransform (
__Transform
) – the signature algorithm
- Returns
the signature
- Return type
- verify(node) None #
Verifies according to the signature template.
- Parameters
node (
lxml.etree._Element
) – the pointer with<dsig:Signature/>
node- Returns
None
on success- Raises
VerificationError – on failure
- verify_binary(bytes, transform, signature) None #
Verifies signature for binary data.
- Parameters
bytes (
bytes
) – the binary datatransform (
__Transform
) – the signature algorithmsignature (
bytes
) – the signature
- Returns
None
on success- Raises
VerificationError – on failure
- key#
Signature key.
- xmlsec.base64_default_line_size(size=None)#
Configures the default maximum columns size for base64 encoding.
If
size
is not given, this function returns the current default size, acting as a getter. Ifsize
is given, a new value is applied and this function returns nothing, acting as a setter. :param size: new default size value (optional) :type size:int
orNone
- xmlsec.cleanup_callbacks()#
Unregister globally all sets of IO callbacks from xmlsec.
- xmlsec.enable_debug_trace(enabled) None #
Enables or disables calling LibXML2 callback from the default errors callback.
- Parameters
enabled (
bool
) – flag, debug trace is enabled or disabled
- xmlsec.init() None #
Initializes the library for general operation.
This is called upon library import and does not need to be called again
shutdown()
is called explicitly).
- xmlsec.register_callbacks(input_match_callback, input_open_callback, input_read_callback, input_close_callback) None #
Register globally a custom set of IO callbacks with xmlsec.
- Parameters
input_match_callback (Callable[[bytes], bool]) – A callable that takes a filename bytestring and returns a boolean as to whether the other callbacks in this set can handle that name.
input_open_callback (Callable[[bytes], Any]) – A callable that takes a filename and returns some context object (e.g. a file object) that the remaining callables in this set will be passed during handling.
input_read_callback (Callable[[Any, memoryview], int]) – A callable that that takes the context object from the open callback and a buffer, and should fill the buffer with data (e.g. BytesIO.readinto()). xmlsec will call this function several times until there is no more data returned.
input_close_callback (Callable[[Any], None]) – A callable that takes the context object from the open callback and can do any resource cleanup necessary.
- xmlsec.register_default_callbacks()#
Register globally xmlsec’s own default set of IO callbacks.