How to use the xmlsec.KeysManager function in xmlsec
To help you get started, we’ve selected a few xmlsec examples, based on popular ways it is used in public projects.
Secure your code as it's written. Use Snyk Code to scan source code in minutes - no build needed - and fix issues immediately.
mehcode / python-xmlsec / tests / test_enc.py View on Github 
def test_init(self):
ctx = xmlsec.EncryptionContext(manager=xmlsec.KeysManager())
del ctxdef test_decrypt2():
manager = xmlsec.KeysManager()
filename = path.join(BASE_DIR, 'rsakey.pem')
key = xmlsec.Key.from_memory(read_from_file(filename), xmlsec.KeyFormat.PEM, None)
assert key is not None
manager.add_key(key)
enc_ctx = xmlsec.EncryptionContext(manager)
root = parse_xml("enc2-res.xml")
enc_data = xmlsec.tree.find_child(root, xmlsec.Node.ENCRYPTED_DATA, xmlsec.Namespace.ENC)
assert enc_data is not None
decrypted = enc_ctx.decrypt(enc_data)
assert decrypted.text == "\ntest\n"def test_encrypt_xml():
# Load the public cert
manager = xmlsec.KeysManager()
filename = path.join(BASE_DIR, 'rsacert.pem')
key = xmlsec.Key.from_memory(read_from_file(filename), xmlsec.KeyFormat.CERT_PEM, None)
assert key is not None
manager.add_key(key)
template = parse_xml('enc1-doc.xml')
assert template is not None
# Prepare for encryption
enc_data = xmlsec.template.encrypted_data_create(
template, xmlsec.Transform.AES128, type=xmlsec.EncryptionType.ELEMENT, ns="xenc")
xmlsec.template.encrypted_data_ensure_cipher_value(enc_data)
key_info = xmlsec.template.encrypted_data_ensure_key_info(enc_data, ns="dsig")
enc_key = xmlsec.template.add_encrypted_key(key_info, xmlsec.Transform.RSA_OAEP)
xmlsec.template.encrypted_data_ensure_cipher_value(enc_key)
data = template.find('./Data')def test_encrypt_binary():
# Load the public cert
manager = xmlsec.KeysManager()
filename = path.join(BASE_DIR, 'rsacert.pem')
key = xmlsec.Key.from_memory(read_from_file(filename), xmlsec.KeyFormat.CERT_PEM, None)
assert key is not None
manager.add_key(key)
template = etree.Element("root")
assert template is not None
# Prepare for encryption
enc_data = xmlsec.template.encrypted_data_create(
template, xmlsec.Transform.AES128, type=xmlsec.EncryptionType.CONTENT, ns="xenc",
mime_type="binary/octet-stream")
xmlsec.template.encrypted_data_ensure_cipher_value(enc_data)
key_info = xmlsec.template.encrypted_data_ensure_key_info(enc_data, ns="dsig")
enc_key = xmlsec.template.add_encrypted_key(key_info, xmlsec.Transform.RSA_OAEP)
xmlsec.template.encrypted_data_ensure_cipher_value(enc_key)def test_decrypt1():
manager = xmlsec.KeysManager()
filename = path.join(BASE_DIR, 'rsakey.pem')
key = xmlsec.Key.from_memory(read_from_file(filename), xmlsec.KeyFormat.PEM, None)
assert key is not None
manager.add_key(key)
enc_ctx = xmlsec.EncryptionContext(manager)
root = parse_xml("enc1-res.xml")
enc_data = xmlsec.tree.find_child(root, "EncryptedData", xmlsec.Namespace.ENC)
assert enc_data is not None
decrypted = enc_ctx.decrypt(enc_data)
assert decrypted.tag == "Data"
compare("enc1-doc.xml", root)def test_encrypt_xml(self):
root = self.load_xml('enc1-in.xml')
enc_data = xmlsec.template.encrypted_data_create(
root, consts.TransformAes128Cbc, type=consts.TypeEncElement, ns="xenc"
)
xmlsec.template.encrypted_data_ensure_cipher_value(enc_data)
ki = xmlsec.template.encrypted_data_ensure_key_info(enc_data, ns="dsig")
ek = xmlsec.template.add_encrypted_key(ki, consts.TransformRsaOaep)
xmlsec.template.encrypted_data_ensure_cipher_value(ek)
data = root.find('./Data')
self.assertIsNotNone(data)
manager = xmlsec.KeysManager()
manager.add_key(xmlsec.Key.from_file(self.path("rsacert.pem"), format=consts.KeyDataFormatCertPem))
ctx = xmlsec.EncryptionContext(manager)
ctx.key = xmlsec.Key.generate(consts.KeyDataAes, 128, consts.KeyDataTypeSession)
encrypted = ctx.encrypt_xml(enc_data, data)
self.assertIsNotNone(encrypted)
enc_method = xmlsec.tree.find_child(enc_data, consts.NodeEncryptionMethod, consts.EncNs)
self.assertIsNotNone(enc_method)
self.assertEqual("http://www.w3.org/2001/04/xmlenc#aes128-cbc", enc_method.get("Algorithm"))
ki = xmlsec.tree.find_child(enc_data, consts.NodeKeyInfo, consts.DSigNs)
self.assertIsNotNone(ki)
enc_method2 = xmlsec.tree.find_node(ki, consts.NodeEncryptionMethod, consts.EncNs)
self.assertIsNotNone(enc_method2)
self.assertEqual("http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p", enc_method2.get("Algorithm"))def check_decrypt(self, i, ):
root = self.load_xml('enc%d-out.xml' % i)
enc_data = xmlsec.tree.find_child(root, consts.NodeEncryptedData, consts.EncNs)
self.assertIsNotNone(enc_data)
manager = xmlsec.KeysManager()
manager.add_key(xmlsec.Key.from_file(self.path("rsakey.pem"), format=consts.KeyDataFormatPem))
ctx = xmlsec.EncryptionContext(manager)
decrypted = ctx.decrypt(enc_data)
self.assertIsNotNone(decrypted)
self.assertEqual(self.load_xml("enc%d-in.xml" % i), root)x509_cert_value = x509_certificate_node.text
x509_fingerprint_value = OneLogin_Saml2_Utils.calculate_x509_fingerprint(x509_cert_value, fingerprintalg)
if fingerprint == x509_fingerprint_value:
cert = OneLogin_Saml2_Utils.format_cert(x509_cert_value)
if cert is None or cert == '':
return False
# Check if Reference URI is empty
reference_elem = OneLogin_Saml2_XML.query(signature_node, '//ds:Reference')
if len(reference_elem) > 0:
if reference_elem[0].get('URI') == '':
reference_elem[0].set('URI', '#%s' % signature_node.getparent().get('ID'))
if validatecert:
manager = xmlsec.KeysManager()
manager.load_cert_from_memory(cert, xmlsec.KeyFormat.CERT_PEM, xmlsec.KeyDataType.TRUSTED)
dsig_ctx = xmlsec.SignatureContext(manager)
else:
dsig_ctx = xmlsec.SignatureContext()
dsig_ctx.key = xmlsec.Key.from_memory(cert, xmlsec.KeyFormat.CERT_PEM, None)
dsig_ctx.set_enabled_key_data([xmlsec.KeyData.X509])
dsig_ctx.verify(signature_node)
return True
except xmlsec.Error as e:
if debug:
print(e)x509_cert_value = x509_certificate_node.text
x509_fingerprint_value = OneLogin_Saml2_Utils.calculate_x509_fingerprint(x509_cert_value, fingerprintalg)
if fingerprint == x509_fingerprint_value:
cert = OneLogin_Saml2_Utils.format_cert(x509_cert_value)
if cert is None or cert == '':
return False
# Check if Reference URI is empty
reference_elem = OneLogin_Saml2_XML.query(signature_node, '//ds:Reference')
if len(reference_elem) > 0:
if reference_elem[0].get('URI') == '':
reference_elem[0].set('URI', '#%s' % signature_node.getparent().get('ID'))
if validatecert:
manager = xmlsec.KeysManager()
manager.load_cert_from_memory(cert, xmlsec.KeyFormat.CERT_PEM, xmlsec.KeyDataType.TRUSTED)
dsig_ctx = xmlsec.SignatureContext(manager)
else:
dsig_ctx = xmlsec.SignatureContext()
dsig_ctx.key = xmlsec.Key.from_memory(cert, xmlsec.KeyFormat.CERT_PEM, None)
dsig_ctx.set_enabled_key_data([xmlsec.KeyData.X509])
dsig_ctx.verify(signature_node)
return True
except xmlsec.Error as e:
if debug:
print(e)"""
root = OneLogin_Saml2_XML.make_root("{%s}container" % OneLogin_Saml2_Constants.NS_SAML)
name_id = OneLogin_Saml2_XML.make_child(root, '{%s}NameID' % OneLogin_Saml2_Constants.NS_SAML)
if sp_nq is not None:
name_id.set('SPNameQualifier', sp_nq)
name_id.set('Format', sp_format)
if nq is not None:
name_id.set('NameQualifier', nq)
name_id.text = value
if cert is not None:
xmlsec.enable_debug_trace(debug)
# Load the public cert
manager = xmlsec.KeysManager()
manager.add_key(xmlsec.Key.from_memory(cert, xmlsec.KeyFormat.CERT_PEM, None))
# Prepare for encryption
enc_data = xmlsec.template.encrypted_data_create(
root, xmlsec.Transform.AES128, type=xmlsec.EncryptionType.ELEMENT, ns="xenc")
xmlsec.template.encrypted_data_ensure_cipher_value(enc_data)
key_info = xmlsec.template.encrypted_data_ensure_key_info(enc_data, ns="dsig")
enc_key = xmlsec.template.add_encrypted_key(key_info, xmlsec.Transform.RSA_OAEP)
xmlsec.template.encrypted_data_ensure_cipher_value(enc_key)
# Encrypt!
enc_ctx = xmlsec.EncryptionContext(manager)
enc_ctx.key = xmlsec.Key.generate(xmlsec.KeyData.AES, 128, xmlsec.KeyDataType.SESSION)
enc_data = enc_ctx.encrypt_xml(enc_data, name_id)
return '' + compat.to_string(OneLogin_Saml2_XML.to_string(enc_data)) + ''xmlsec
Python bindings for the XML Security Library
Package Health Score
85 / 100Popular xmlsec functions
- xmlsec.checkVersion
- xmlsec.cryptoAppDefaultKeysMngrInit
- xmlsec.cryptoAppInit
- xmlsec.cryptoAppKeyLoad
- xmlsec.cryptoAppShutdown
- xmlsec.cryptoInit
- xmlsec.cryptoShutdown
- xmlsec.DSigCtx
- xmlsec.Error
- xmlsec.exceptions.XMLSigException
- xmlsec.findNode
- xmlsec.init
- xmlsec.Key
- xmlsec.Key.from_file
- xmlsec.Key.from_memory
- xmlsec.KeysManager
- xmlsec.KeysMngr
- xmlsec.shutdown
- xmlsec.SignatureContext
- xmlsec.TransformId