Signing and digest tools¶
Functions and classes that deal with signing data and making digests.
-
class
flask_saml2.signing.
Digester
¶ Base class for all the digest methods. SAML2 digest methods have an identifier in the form of a URL, and must produce a text digest.
Subclasses should set the
uri
attribute and provide amake_digest()
method.Implemented digest methods:
Sha1Digester
,Sha256Digester
.Example:
>>> from flask_saml2.signing import Sha1Digester >>> digester = Sha1Digester() >>> digester(b'Hello, world!') 'lDpwLQbzRZmu4fjajvn3KWAx1pk='
-
uri
= None¶ The URI identifing this digest method
-
-
class
flask_saml2.signing.
Signer
¶ Sign some data with a particular algorithm. Each Signer may take different constructor arguments, but each will have a uri attribute and will sign data when called.
Implemented signers:
RsaSha1Signer
.Example:
>>> from flask_saml2.signing import RsaSha1Signer >>> from flask_saml2.utils import private_key_from_file >>> key = private_key_from_file('tests/keys/sample/idp-private-key.pem') >>> signer = RsaSha1Signer(private_key) >>> signer(b'Hello, world!') 'Yplg1oQDPLiozAWoY9ykgQ4eicojNnU+KjRrwGp67jHM5FGkQZ71Pk1Bgo631WA5B1hopQByRh/elqtEEN+vRA=='
-
uri
= None¶ The URI identifing this signing method
-
-
class
flask_saml2.signing.
SignedInfoTemplate
(params={})¶ A
<SignedInfo>
node, such as:<ds:SignedInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#"> <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"></ds:CanonicalizationMethod> <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"></ds:SignatureMethod> <ds:Reference URI="#${REFERENCE_URI}"> <ds:Transforms> <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"></ds:Transform> <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"></ds:Transform> </ds:Transforms> <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"></ds:DigestMethod> <ds:DigestValue>${SUBJECT_DIGEST}</ds:DigestValue> </ds:Reference> </ds:SignedInfo>
-
generate_xml
()¶ Generate the XML node for this template. Generally accessed through
xml
.
-
-
class
flask_saml2.signing.
SignatureTemplate
(params={})¶ A
<Signature>
node, such as:<ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#"> ${SIGNED_INFO} <ds:SignatureValue>${RSA_SIGNATURE}</ds:SignatureValue> <ds:KeyInfo> <ds:X509Data> <ds:X509Certificate>${CERTIFICATE}</ds:X509Certificate> </ds:X509Data> </ds:KeyInfo> </ds:Signature>
-
classmethod
sign
(subject, certificate, digester, signer, reference_uri)¶ Create a
SignatureTemplate
by signing asubject
string.- Parameters
subject (
str
) – The string to sign. This is usually the canonical string representation of the XML node this<Signature>
verifies.certificate (
X509
) – The certificate to sign the data withdigester (
Digester
) – The algorithm used to make the digestsigner (
Signer
) – The algorithm used to sign the datareference_uri (
str
) – The ID of the element that is signed
See also:
SignableTemplate.sign()
-
generate_xml
()¶ Generate the XML node for this template. Generally accessed through
xml
.
-
classmethod
-
class
flask_saml2.signing.
SignableTemplate
(params={})¶ An
XmlTemplate
that supports being signed, by adding an<Signauture>
element.-
signature_index
= 1¶ The element index where the signature should be inserted
-
sign
(certificate, digester, signer)¶ Cryptographically sign this template by inserting a
<Signature>
element.The ID of the node to sign is fetched from
get_id()
.
-
make_signature
(certificate, digester, signer)¶ Create XML
<Signature>
node for thesubject
text.- Return type
-
add_signature
(signature)¶ Insert a
<Signature>
into this node.
-
get_id
()¶ Get the ID of the root node, required to
sign()
this node. By default, grabs the ID from the parameter named inid_parameter
.- Return type
-