1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
|
from subprocess import PIPE
from subprocess import Popen
from saml2.extension.algsupport import DigestMethod
from saml2.extension.algsupport import SigningMethod
from saml2.sigver import get_xmlsec_binary
__author__ = "roland"
DIGEST_METHODS = {
"hmac-md5": "http://www.w3.org/2001/04/xmldsig-more#md5", # test framework only!
"hmac-sha1": "http://www.w3.org/2000/09/xmldsig#sha1",
"hmac-sha224": "http://www.w3.org/2001/04/xmldsig-more#sha224",
"hmac-sha256": "http://www.w3.org/2001/04/xmlenc#sha256",
"hmac-sha384": "http://www.w3.org/2001/04/xmldsig-more#sha384",
"hmac-sha512": "http://www.w3.org/2001/04/xmlenc#sha512",
"hmac-ripemd160": "http://www.w3.org/2001/04/xmlenc#ripemd160",
}
SIGNING_METHODS = {
"rsa-md5": "http://www.w3.org/2001/04/xmldsig-more#rsa-md5",
"rsa-ripemd160": "http://www.w3.org/2001/04/xmldsig-more#rsa-ripemd160",
"rsa-sha1": "http://www.w3.org/2000/09/xmldsig#rsa-sha1",
"rsa-sha224": "http://www.w3.org/2001/04/xmldsig-more#rsa-sha224",
"rsa-sha256": "http://www.w3.org/2001/04/xmldsig-more#rsa-sha256",
"rsa-sha384": "http://www.w3.org/2001/04/xmldsig-more#rsa-sha384",
"rsa-sha512": "http://www.w3.org/2001/04/xmldsig-more#rsa-sha512",
"dsa-sha1": "http://www.w3.org/2000/09/xmldsig#dsa-sha1",
"dsa-sha256": "http://www.w3.org/2009/xmldsig11#dsa-sha256",
"ecdsa-sha1": "http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha1",
"ecdsa-sha224": "http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha224",
"ecdsa-sha256": "http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha256",
"ecdsa-sha384": "http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha384",
"ecdsa-sha512": "http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha512",
}
def get_algorithm_support(xmlsec):
com_list = [xmlsec, "--list-transforms"]
pof = Popen(com_list, stderr=PIPE, stdout=PIPE)
p_out, p_err = pof.communicate()
p_out = p_out.decode("utf-8")
p_err = p_err.decode("utf-8")
if not p_err:
p = p_out.splitlines()
algs = [x.strip('"') for x in p[1].split(",")]
digest = []
signing = []
for alg in algs:
if alg in DIGEST_METHODS:
digest.append(alg)
elif alg in SIGNING_METHODS:
signing.append(alg)
return {"digest": digest, "signing": signing}
raise SystemError(p_err)
def algorithm_support_in_metadata(xmlsec):
if xmlsec is None:
return []
support = get_algorithm_support(xmlsec)
element_list = []
for alg in support["digest"]:
element_list.append(DigestMethod(algorithm=DIGEST_METHODS[alg]))
for alg in support["signing"]:
element_list.append(SigningMethod(algorithm=SIGNING_METHODS[alg]))
return element_list
if __name__ == "__main__":
xmlsec = get_xmlsec_binary()
res = get_algorithm_support(xmlsec)
print(res)
for a in algorithm_support_in_metadata(xmlsec):
print(a)
|
