Signing and digest tools¶
Functions and classes that deal with signing data and making digests.
-
class
flask_saml2.signing.Digester¶ Base class for all the digest methods. SAML2 digest methods have an identifier in the form of a URL, and must produce a text digest.
Subclasses should set the
uriattribute and provide amake_digest()method.Implemented digest methods:
Sha1Digester,Sha256Digester.Example:
>>> from flask_saml2.signing import Sha1Digester >>> digester = Sha1Digester() >>> digester(b'Hello, world!') 'lDpwLQbzRZmu4fjajvn3KWAx1pk='
-
uri= None¶ The URI identifing this digest method
-
-
class
flask_saml2.signing.Signer¶ Sign some data with a particular algorithm. Each Signer may take different constructor arguments, but each will have a uri attribute and will sign data when called.
Implemented signers:
RsaSha1Signer.Example:
>>> from flask_saml2.signing import RsaSha1Signer >>> from flask_saml2.utils import private_key_from_file >>> key = private_key_from_file('tests/keys/sample/idp-private-key.pem') >>> signer = RsaSha1Signer(private_key) >>> signer(b'Hello, world!') 'Yplg1oQDPLiozAWoY9ykgQ4eicojNnU+KjRrwGp67jHM5FGkQZ71Pk1Bgo631WA5B1hopQByRh/elqtEEN+vRA=='
-
uri= None¶ The URI identifing this signing method
-
-
class
flask_saml2.signing.SignedInfoTemplate(params={})¶ A
<SignedInfo>node, such as:<ds:SignedInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#"> <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"></ds:CanonicalizationMethod> <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"></ds:SignatureMethod> <ds:Reference URI="#${REFERENCE_URI}"> <ds:Transforms> <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"></ds:Transform> <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"></ds:Transform> </ds:Transforms> <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"></ds:DigestMethod> <ds:DigestValue>${SUBJECT_DIGEST}</ds:DigestValue> </ds:Reference> </ds:SignedInfo>
-
generate_xml()¶ Generate the XML node for this template. Generally accessed through
xml.
-
-
class
flask_saml2.signing.SignatureTemplate(params={})¶ A
<Signature>node, such as:<ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#"> ${SIGNED_INFO} <ds:SignatureValue>${RSA_SIGNATURE}</ds:SignatureValue> <ds:KeyInfo> <ds:X509Data> <ds:X509Certificate>${CERTIFICATE}</ds:X509Certificate> </ds:X509Data> </ds:KeyInfo> </ds:Signature>
-
classmethod
sign(subject, certificate, digester, signer, reference_uri)¶ Create a
SignatureTemplateby signing asubjectstring.- Parameters
subject (
str) – The string to sign. This is usually the canonical string representation of the XML node this<Signature>verifies.certificate (
X509) – The certificate to sign the data withdigester (
Digester) – The algorithm used to make the digestsigner (
Signer) – The algorithm used to sign the datareference_uri (
str) – The ID of the element that is signed
See also:
SignableTemplate.sign()
-
generate_xml()¶ Generate the XML node for this template. Generally accessed through
xml.
-
classmethod
-
class
flask_saml2.signing.SignableTemplate(params={})¶ An
XmlTemplatethat supports being signed, by adding an<Signauture>element.-
signature_index= 1¶ The element index where the signature should be inserted
-
sign(certificate, digester, signer)¶ Cryptographically sign this template by inserting a
<Signature>element.The ID of the node to sign is fetched from
get_id().
-
make_signature(certificate, digester, signer)¶ Create XML
<Signature>node for thesubjecttext.- Return type
-
add_signature(signature)¶ Insert a
<Signature>into this node.
-
get_id()¶ Get the ID of the root node, required to
sign()this node. By default, grabs the ID from the parameter named inid_parameter.- Return type
-