xmlsec#

The tiny python wrapper around xmlsec1 (1.2.34) library

exception xmlsec.Error#

The common exception class.

exception xmlsec.InternalError#

The internal exception class.

exception xmlsec.VerificationError#

The verification exception class.

class xmlsec.EncryptionContext#

XML Encryption implementation

decrypt(node)#

Decrypts node (an EncryptedData or EncryptedKey element) and returns the result. The decryption may result in binary data or an XML subtree. In the former case, the binary data is returned. In the latter case, the input tree is modified and a reference to the decrypted XML subtree is returned. If the operation modifies the tree, it removes replaced nodes.

Parameters

node (lxml.etree._Element) – the pointer to <enc:EncryptedData/> or <enc:EncryptedKey/> node

Returns

depends on input parameters

Return type

lxml.etree._Element or bytes

encrypt_binary(template, data) lxml.etree._Element#

Encrypts binary data according to EncryptedData template template.

Note

template is modified in place.

Parameters
Returns

the resulting <enc:EncryptedData/> subtree

Return type

lxml.etree._Element

encrypt_uri(template, uri) lxml.etree._Element#

Encrypts binary data obtained from uri according to template.

Note

template is modified in place.

Parameters
Returns

the resulting <enc:EncryptedData/> subtree

Return type

lxml.etree._Element

encrypt_xml(template, node) lxml.etree._Element#

Encrypts node using template.

Note

The "Type" attribute of template decides whether node itself (http://www.w3.org/2001/04/xmlenc#Element) or its content (http://www.w3.org/2001/04/xmlenc#Content) is encrypted. It must have one of these two values (or an exception is raised). The operation modifies the tree and removes replaced nodes.

Parameters
Returns

the pointer to newly created <enc:EncryptedData/> node

Return type

lxml.etree._Element

reset() None#

Reset this context, user settings are not touched.

key#

Encryption key.

class xmlsec.Key#
from_binary_data(klass, data) xmlsec.Key#

Loads (symmetric) key of kind klass from data.

Parameters
  • klass (__KeyData) – the key value data klass

  • data (str or bytes) – the key binary data

Returns

pointer to newly created key

Return type

Key

from_binary_file(klass, filename) xmlsec.Key#

Loads (symmetric) key of kind klass from filename.

Parameters
Returns

pointer to newly created key

Return type

Key

from_file(file, format, password=None) xmlsec.Key#

Loads PKI key from a file.

Parameters
Returns

pointer to newly created key

Return type

Key

from_memory(data, format, password=None) xmlsec.Key#

Loads PKI key from memory.

Parameters
  • data (str or bytes) – the binary key data

  • format (int) – the key file format

  • password (str or None) – the key file password (optional)

Returns

pointer to newly created key

Return type

Key

generate(klass, size, type) xmlsec.Key#

Generates key of kind klass with size and type.

Parameters
  • klass (__KeyData) – the requested key klass (rsa, dsa, aes, …)

  • size (int) – the new key size (in bits!)

  • type (int) – the new key type (session, permanent, …)

Returns

pointer to newly created key

Return type

Key

load_cert_from_file(file, format) None#

Loads certificate from file.

Parameters
load_cert_from_memory(data, format) None#

Loads certificate from memory.

Parameters
  • data (str or bytes) – the certificate binary data

  • format (int) – the certificate file format

name#

the name of this key.

class xmlsec.KeysManager#

Keys Manager

add_key(key: xmlsec.Key) None#

Adds a copy of key to keys manager

Parameters

key (Key) – the pointer to key

load_cert(filename, format, type) None#

Loads certificate from filename.

Parameters
  • filename (str, bytes or any PathLike) – the certificate file

  • format (int) – the certificate file format

  • type (int) – the flag that indicates is the certificate in filename trusted or not

load_cert_from_memory(data, format, type) None#

Loads certificate from data

Parameters
  • data (str or bytes) – the certificate binary data

  • format (int) – the certificate file format

  • type (int) – the flag that indicates is the certificate in filename trusted or not

class xmlsec.SignatureContext#

XML Digital Signature implementation

enable_reference_transform(transform) None#

Enables use of transform as reference transform.

Note

by default, all transforms are enabled. The first call of enable_reference_transform() will switch to explicitly enabled transforms.

Parameters

transform (__Transform) – the transform klass.

enable_signature_transform(transform) None#

Enables use of transform as signature transform.

Note

by default, all transforms are enabled. The first call of enable_signature_transform() will switch to explicitly enabled transforms.

Parameters

transform (__Transform) – the transform klass.

register_id(node, id_attr='ID', id_ns=None) None#

Registers new id.

Parameters
set_enabled_key_data(keydata_list) None#

Adds selected __KeyData to the list of enabled key data list.

Parameters

keydata_list (list of __KeyData) – the list

sign(node) None#

Signs according to the signature template.

Parameters

node (lxml.etree._Element) – the pointer to <dsig:Signature/> node with signature template

sign_binary(bytes, transform) bytes#

Signs binary data data with algorithm transform.

Parameters
  • bytes (bytes) – the binary data

  • transform (__Transform) – the signature algorithm

Returns

the signature

Return type

bytes

verify(node) None#

Verifies according to the signature template.

Parameters

node (lxml.etree._Element) – the pointer with <dsig:Signature/> node

Returns

None on success

Raises

VerificationError – on failure

verify_binary(bytes, transform, signature) None#

Verifies signature for binary data.

Parameters
  • bytes (bytes) – the binary data

  • transform (__Transform) – the signature algorithm

  • signature (bytes) – the signature

Returns

None on success

Raises

VerificationError – on failure

key#

Signature key.

xmlsec.base64_default_line_size(size=None)#

Configures the default maximum columns size for base64 encoding.

If size is not given, this function returns the current default size, acting as a getter. If size is given, a new value is applied and this function returns nothing, acting as a setter. :param size: new default size value (optional) :type size: int or None

xmlsec.cleanup_callbacks()#

Unregister globally all sets of IO callbacks from xmlsec.

xmlsec.enable_debug_trace(enabled) None#

Enables or disables calling LibXML2 callback from the default errors callback.

Parameters

enabled (bool) – flag, debug trace is enabled or disabled

xmlsec.init() None#

Initializes the library for general operation.

This is called upon library import and does not need to be called again shutdown() is called explicitly).

xmlsec.register_callbacks(input_match_callback, input_open_callback, input_read_callback, input_close_callback) None#

Register globally a custom set of IO callbacks with xmlsec.

Parameters
  • input_match_callback (Callable[[bytes], bool]) – A callable that takes a filename bytestring and returns a boolean as to whether the other callbacks in this set can handle that name.

  • input_open_callback (Callable[[bytes], Any]) – A callable that takes a filename and returns some context object (e.g. a file object) that the remaining callables in this set will be passed during handling.

  • input_read_callback (Callable[[Any, memoryview], int]) – A callable that that takes the context object from the open callback and a buffer, and should fill the buffer with data (e.g. BytesIO.readinto()). xmlsec will call this function several times until there is no more data returned.

  • input_close_callback (Callable[[Any], None]) – A callable that takes the context object from the open callback and can do any resource cleanup necessary.

xmlsec.register_default_callbacks()#

Register globally xmlsec’s own default set of IO callbacks.

xmlsec.shutdown() None#

Shutdowns the library and cleanup any leftover resources.

This is called automatically upon interpreter termination and should not need to be called explicitly.

Table of contents