xmlsec¶
Python bindings for the XML Security Library
-
exception
xmlsec.
Error
¶ The common exception class.
-
exception
xmlsec.
InternalError
¶ The internal exception class.
-
exception
xmlsec.
VerificationError
¶ The verification exception class.
-
class
xmlsec.
EncryptionContext
¶ XML Encryption implementation
-
decrypt
()¶ Decrypts node (an EncryptedData element) and return the result. The decryption may result in binary data or an XML subtree. In the former case, the binary data is returned. In the latter case, the input tree is modified and a reference to the decrypted XML subtree is returned. If the operation modifies the tree, lxml references to or into this tree may see a surprising state. You should no longer rely on them. Especially, you should use getroottree() on the result to obtain the decrypted result tree.
Parameters: node – the pointer to <enc:EncryptedData/> node Returns: depends on input parameters
-
encrypt_binary
()¶ Encrypts binary data according to EncryptedData template template Note: template is modified in place.
Parameters: - template – the pointer to <enc:EncryptedData/> template node
- data – the data
Returns: the resulting <enc:EncryptedData/> subtree
-
encrypt_uri
()¶ Encrypts binary data obtained from uri according to template.
Parameters: - template – the pointer to <enc:EncryptedData/> template node
- uri – the URI
Returns: the resulting <enc:EncryptedData/> subtree
-
encrypt_xml
()¶ Encrpyts node using template. Note: The Type attribute of template decides whether node itself is encrypted (http://www.w3.org/2001/04/xmlenc#Element) or its content (http://www.w3.org/2001/04/xmlenc#Content). It must have one of these two values (or an exception is raised). The operation modifies the tree containing node in a way that lxml references to or into this tree may see a surprising state. You should no longer rely on them. Especially, you should use getroottree() on the result to obtain the encrypted result tree.
Parameters: - template – the pointer to <enc:EncryptedData/> template node
- node – the pointer to node for encryption
Returns: the pointer to newly created <enc:EncryptedData/> node
-
key
¶ Encryption key.
-
-
class
xmlsec.
Key
¶ -
from_binary_file
()¶ Loads (symmetric) key of kind data from filename.
Parameters: - klass – the key value data klass
- filename – the key binary filename
Returns: pointer to newly created key
-
from_file
()¶ Loads PKI key from a file.
Parameters: - file – the file object or file path
- format – the key file format
- password – the key file password
Returns: pointer to newly created key
-
from_memory
()¶ Loads PKI key from memory.
Parameters: - data – the binary key data
- format – the key file format
- password – the key file password
Returns: pointer to newly created key
-
generate
()¶ Generates key of kind data with size and type.
Parameters: - klass – the requested key klass (rsa, dsa, aes, …)
- size – the new key size (in bits!)
- type – the new key type (session, permanent, …)
Returns: pointer to newly created key
-
load_cert_from_file
()¶ Loads certificate from file.
Parameters: - file – the file object or file path
- format – the certificate file format
-
load_cert_from_memory
()¶ Loads certificate from memory.
Parameters: - data – the certificate binary data
- format – the certificate file format
-
name
¶ the name of key.
-
-
class
xmlsec.
KeysManager
¶ Keys Manager
-
add_key
()¶ Adds a copy of key to keys manager
Parameters: key – the pointer to key
-
load_cert
()¶ Loads certificate from filename.
Parameters: - filename – the certificate file
- format – the certificate file format
- type – the flag that indicates is the certificate in filename trusted or not
-
load_cert_from_memory
()¶ Loads certificate from data
Parameters: - data – the certificate binary data
- format – the certificate file format
- type – the flag that indicates is the certificate in filename trusted or not
-
-
class
xmlsec.
SignatureContext
¶ XML Digital Signature implementation
-
enable_reference_transform
()¶ Enables use of t as reference transform.
Note: by default, all transforms are enabled. The first call of enable_reference_transform will switch to explicitly enabled transforms.
Parameters: transform – the transform klass.
-
enable_signature_transform
()¶ Enables use of t as signature transform.
Note: by default, all transforms are enabled. The first call of enable_signature_transform will switch to explicitly enabled transforms.
Parameters: transform – the transform klass.
-
register_id
()¶ Registers new id.
Parameters: - node – the pointer to XML node
- id_attr – the attribute
- id_ns – the namespace
-
set_enabled_key_data
()¶ Adds selected KeyData to the list of enabled key data list.
Parameters: keydata_list – the list.
-
sign
()¶ Signs according to the signature template.
Parameters: node – the pointer to <dsig:Signature/> node with signature template
-
sign_binary
()¶ Signs binary data data with algorithm.
Parameters: - bytes – the binary data
- transform – the signature algorithm
Returns: the signature
-
verify
()¶ Verifies according to the signature template.
Parameters: node – he pointer with <dsig:Signature/> node Returns: None if success otherwise raises VerificationError
-
verify_binary
()¶ Verifies signature for binary data.
Parameters: - bytes – the binary data
- transform – the signature algorithm
- signature – the signature
Returns: None if success otherwise raises VerificationError
-
key
¶ Signature key.
-
-
xmlsec.
enable_debug_trace
()¶ Enables or disables calling LibXML2 callback from the default errors callback.
Parameters: enable_debug_trace – flag, debug trace is enabled or disabled
-
xmlsec.
init
()¶ Initializes the library for general operation.
This is called upon library import and does not need to be called again shutdown is called explicitly).
-
xmlsec.
shutdown
()¶ Shutdowns the library and cleanup any leftover resources.
This is called automatically upon interpreter termination and should not need to be called explicitly.