Initial commit.

Ryan Leckey · Ryan Leckey · commit 41df5faefd99 · 2013-08-16T23:29:21.000-07:00
diff --git a/setup.py b/setup.py
@@ -0,0 +1,161 @@
+#! /usr/bin/env python
+import sys
+import subprocess
+from os import path
+from distutils.core import setup
+from distutils.extension import Extension
+from Cython.Distutils import build_ext
+
+
+#
+# HACK
+#
+
+def getoutput(command):
+    process = subprocess.Popen(command, shell=True, stdout=subprocess.PIPE)
+    out, err = process.communicate()
+    return out.decode('utf8')
+
+
+def get_lxml_include_dirs():
+  from os import environ
+  lxml_home = environ.get("LXML_HOME")
+  if lxml_home is None:
+    # `LXML_HOME` not specified -- derive from installed `lxml`
+    import lxml
+    lxml_home = path.dirname(lxml.__file__)
+  else:
+    if not exists(lxml_home):
+      sys.exit("The directory specified via envvar `LXML_HOME` does not exist")
+    lxml_home = path.join(lxml_home, "src", "lxml")
+  # check that it contains what is needed
+  lxml_include = path.join(lxml_home, "includes")
+  if not (path.exists(path.join(lxml_home, "etreepublic.pxd")) \
+         or path.exists(path.join(lxml_include, "etreepublic.pxd"))):
+    sys.exit("The lxml installation lacks the mandatory `etreepublic.pxd`. You may need to install `lxml` manually or set envvar `LXML_HOME` to an `lxml` installation with `etreepublic.pxd`")
+  return [lxml_home, lxml_include]
+
+# we must extend our cflags once `lxml` is installed.
+#  To this end, we override `Extension`
+class Extension(Extension, object):
+  lxml_extended = False
+
+  def get_include_dirs(self):
+    ids = self.__dict__["include_dirs"]
+    if self.lxml_extended: return ids
+    # ensure `lxml` headers come before ours
+    #  this should make sure to use its headers rather than our old copy
+    # ids.extend(get_lxml_include_dirs())
+    ids[0:0] = get_lxml_include_dirs()
+    self.lxml_extended = True
+    return ids
+
+  def set_include_dirs(self, ids): self.__dict__["include_dirs"] = ids
+
+  include_dirs = property(get_include_dirs, set_include_dirs)
+
+
+define_macros = []
+include_dirs  = ['src']
+library_dirs  = []
+libraries     = []
+
+def extract_cflags(cflags):
+    global define_macros, include_dirs
+    list = cflags.split(' ')
+    for flag in list:
+        if flag == '':
+            continue
+        flag = flag.replace("\\\"", "")
+        if flag[:2] == "-I":
+            if flag[2:] not in include_dirs:
+                include_dirs.append(flag[2:])
+        elif flag[:2] == "-D":
+            t = tuple(flag[2:].split('='))
+            if len(t) == 1:
+                t = (t[0], None)
+            if t not in define_macros:
+                define_macros.append(t)
+        else:
+            print("Warning : cflag %s skipped" % flag)
+
+def extract_libs(libs):
+    global library_dirs, libraries
+    list = libs.split(' ')
+    for flag in list:
+        if flag == '':
+            continue
+        if flag[:2] == "-l":
+            if flag[2:] not in libraries:
+                libraries.append(flag[2:])
+        elif flag[:2] == "-L":
+            if flag[2:] not in library_dirs:
+                library_dirs.append(flag[2:])
+        else:
+            print("Warning : linker flag %s skipped" % flag)
+
+
+libxml2_cflags = getoutput('pkg-config libxml-2.0 --cflags')
+if libxml2_cflags[:2] not in ["-I", "-D"]:
+    libxml2_cflags = getoutput('xml2-config --cflags')
+if libxml2_cflags[:2] not in ["-I", "-D"]:
+    print("Error : cannot get LibXML2 pre-processor and compiler flags")
+
+libxml2_libs = getoutput('pkg-config libxml-2.0 --libs')
+if libxml2_libs[:2] not in ["-l", "-L"]:
+    libxml2_libs = getoutput('xml2-config --libs')
+if libxml2_libs[:2] not in ["-l", "-L"]:
+    print("Error : cannot get LibXML2 linker flags")
+
+xmlsec1_crypto = 'openssl'
+cmd = 'pkg-config xmlsec1-%s --cflags' % xmlsec1_crypto
+xmlsec1_cflags = getoutput(cmd)
+if xmlsec1_cflags[:2] not in ["-I", "-D"]:
+    cmd = 'xmlsec1-config --cflags --crypto=%s' % xmlsec1_crypto
+    xmlsec1_cflags = getoutput(cmd)
+if xmlsec1_cflags[:2] not in ["-I", "-D"]:
+    print("Error : cannot get XMLSec1 pre-processor and compiler flags")
+
+cmd = 'pkg-config xmlsec1-%s --libs' % xmlsec1_crypto
+xmlsec1_libs = getoutput(cmd)
+if xmlsec1_libs[:2] not in ["-l", "-L"]:
+    cmd = 'xmlsec1-config --libs --crypto=%s' % xmlsec1_crypto
+    xmlsec1_libs = getoutput(cmd)
+if xmlsec1_libs[:2] not in ["-l", "-L"]:
+    print("Error : cannot get XMLSec1 linker flags")
+
+#print(libxml2_cflags)
+#print libxml2_libs
+#print xmlsec1_cflags
+#print xmlsec1_libs
+
+extract_cflags(libxml2_cflags)
+extract_libs(libxml2_libs)
+
+extract_cflags(xmlsec1_cflags)
+extract_libs(xmlsec1_libs)
+
+#
+# END HACK
+#
+
+setup(
+    name='xmlsec',
+    version='0.1.0',
+    description='Python bindings for the XML Security Library.',
+    setup_requires=["lxml >= 3.0",],
+    install_requires=[
+        "lxml >= 3.0"
+    ],
+    cmdclass={'build_ext': build_ext},
+    ext_modules=[
+        Extension(
+            'xmlsec', ['xmlsec.pyx'],
+            define_macros=define_macros,
+            include_dirs=include_dirs,
+            library_dirs=library_dirs,
+            libraries=libraries,
+            depends=["src/" + f for f in "cxmlsec.pxd cxmlsec.h lxml.etree.h lxml-version.h lxml.etree_api.h".split()]
+          )
+    ],
+)
diff --git a/test.py b/test.py
@@ -0,0 +1,36 @@
+import xmlsec
+from lxml import etree
+
+# Create the signature template.
+_xml = xmlsec.create_signature_template()
+
+# Rewrap to change the namespace mapping.
+nsmap = {'ds': _xml.nsmap[None]}
+xml = etree.Element(_xml.tag, attrib=_xml.attrib, nsmap=nsmap)
+xml.extend(_xml.getchildren())
+
+# Add a reference.
+ref = xmlsec.add_reference(xml, uri=b'#_34275907093489075620748690')
+
+# Add an eveloped transformation declaration.
+xmlsec.add_transform(ref, xmlsec.method.ENVELOPED)
+
+# Add <ds:KeyInfo/> and <ds:X509Data/> nodes to store the key information.
+info = xmlsec.ensure_key_info(xml)
+xmlsec.add_x509_data(info)
+
+# Create a digitial signature context.
+ctx = xmlsec.SignatureContext()
+
+# Load private key, assuming that there is no password.
+key = ctx.load('key.pem')
+
+# Load certificate and add to the key.
+key.load_certificate('cert.pem')
+
+# Sign the template.
+ctx.sign(xml)
+
+# Print out the message.
+text = etree.tostring(xml, pretty_print=True).decode('utf8')
+print(text)
diff --git a/xmlsec.h b/xmlsec.h
@@ -0,0 +1,5 @@
+#include <xmlsec/crypto.h>
+#include <xmlsec/xmltree.h>
+#include <xmlsec/xmldsig.h>
+#include <xmlsec/xmlenc.h>
+#include <xmlsec/errors.h>
diff --git a/xmlsec.pxd b/xmlsec.pxd
@@ -0,0 +1,136 @@
+
+from tree cimport xmlNode, xmlDoc, xmlChar, const_xmlChar
+from etreepublic cimport LXML_VERSION_STRING
+
+cdef extern from "libxml/parser.h":
+    cdef const_xmlChar* XML_DEFAULT_VERSION
+
+cdef extern from "xmlsec.h":
+    # [xmlsec.c]
+    int xmlSecInit() nogil
+    int xmlSecShutdown() nogil
+
+    # [app.c]
+    int xmlSecCryptoInit() nogil
+    int xmlSecCryptoShutdown() nogil
+
+    int xmlSecCryptoAppInit(char* name) nogil
+    int xmlSecCryptoAppShutdown() nogil
+
+    # [transforms.c]
+    cdef struct _xmlSecTransformKlass:
+        const_xmlChar* name
+        const_xmlChar* href
+
+    ctypedef _xmlSecTransformKlass *xmlSecTransformId
+
+    xmlSecTransformId xmlSecTransformInclC14NId
+    xmlSecTransformId xmlSecTransformInclC14NWithCommentsId
+    xmlSecTransformId xmlSecTransformInclC14N11Id
+    xmlSecTransformId xmlSecTransformInclC14N11WithCommentsId
+    xmlSecTransformId xmlSecTransformExclC14NId
+    xmlSecTransformId xmlSecTransformExclC14NWithCommentsId
+    xmlSecTransformId xmlSecTransformEnvelopedId
+    xmlSecTransformId xmlSecTransformXPathId
+    xmlSecTransformId xmlSecTransformXPath2Id
+    xmlSecTransformId xmlSecTransformXPointerId
+    xmlSecTransformId xmlSecTransformXsltId
+    xmlSecTransformId xmlSecTransformRemoveXmlTagsC14NId
+    xmlSecTransformId xmlSecTransformVisa3DHackId
+    xmlSecTransformId xmlSecTransformAes128CbcId
+    xmlSecTransformId xmlSecTransformAes192CbcId
+    xmlSecTransformId xmlSecTransformAes256CbcId
+    xmlSecTransformId xmlSecTransformKWAes128Id
+    xmlSecTransformId xmlSecTransformKWAes192Id
+    xmlSecTransformId xmlSecTransformKWAes256Id
+    xmlSecTransformId xmlSecTransformDes3CbcId
+    xmlSecTransformId xmlSecTransformKWDes3Id
+    xmlSecTransformId xmlSecTransformDsaSha1Id
+    xmlSecTransformId xmlSecTransformHmacMd5Id
+    xmlSecTransformId xmlSecTransformHmacRipemd160Id
+    xmlSecTransformId xmlSecTransformHmacSha1Id
+    xmlSecTransformId xmlSecTransformHmacSha224Id
+    xmlSecTransformId xmlSecTransformHmacSha256Id
+    xmlSecTransformId xmlSecTransformHmacSha384Id
+    xmlSecTransformId xmlSecTransformHmacSha512Id
+    xmlSecTransformId xmlSecTransformMd5Id
+    xmlSecTransformId xmlSecTransformRipemd160Id
+    xmlSecTransformId xmlSecTransformRsaMd5Id
+    xmlSecTransformId xmlSecTransformRsaRipemd160Id
+    xmlSecTransformId xmlSecTransformRsaSha1Id
+    xmlSecTransformId xmlSecTransformRsaSha224Id
+    xmlSecTransformId xmlSecTransformRsaSha256Id
+    xmlSecTransformId xmlSecTransformRsaSha384Id
+    xmlSecTransformId xmlSecTransformRsaSha512Id
+    xmlSecTransformId xmlSecTransformRsaPkcs1Id
+    xmlSecTransformId xmlSecTransformRsaOaepId
+    xmlSecTransformId xmlSecTransformSha1Id
+    xmlSecTransformId xmlSecTransformSha224Id
+    xmlSecTransformId xmlSecTransformSha256Id
+    xmlSecTransformId xmlSecTransformSha384Id
+    xmlSecTransformId xmlSecTransformSha512Id
+
+    # [templates.c]
+    xmlNode* xmlSecTmplSignatureCreate(
+        xmlDoc* document,
+        xmlSecTransformId c14n_method,
+        xmlSecTransformId sign_method,
+        const_xmlChar* id) nogil
+
+    xmlNode* xmlSecTmplSignatureAddReference(
+        xmlNode* node,
+        xmlSecTransformId digest_method,
+        const_xmlChar* id,
+        const_xmlChar* uri,
+        const_xmlChar* type) nogil
+
+    xmlNode* xmlSecTmplReferenceAddTransform(
+        xmlNode* node,
+        xmlSecTransformId method) nogil
+
+    xmlNode* xmlSecTmplSignatureEnsureKeyInfo(
+        xmlNode* node,
+        const_xmlChar* id) nogil
+
+    xmlNode* xmlSecTmplKeyInfoAddKeyName(
+        xmlNode* node,
+        const_xmlChar* name) nogil
+
+    xmlNode* xmlSecTmplKeyInfoAddX509Data(xmlNode* node) nogil
+
+    # [xmldsig.c]
+    ctypedef void* xmlSecKeysMngrPtr
+
+    struct _xmlSecDSigCtx:
+        pass
+##                void * userData
+##                unsigned int flags
+##                unsigned int flags2
+##                xmlSecKeyInfoCtx keyInfoReadCtx
+##                xmlSecKeyInfoCtx keyInfoWriteCtx
+##                xmlSecTransformCtx transformCtx
+##                xmlSecTransformUriType enabledReferenceUris
+##                xmlSecPtrListPtr enabledReferenceTransforms
+##                xmlSecTransformCtxPreExecuteCallback referencePreExecuteCallback
+##                xmlSecTransformId defSignMethodId
+##                xmlSecTransformId defC14NMethodId
+##                xmlSecTransformId defDigestMethodId
+        # xmlSecKeyPtr signKey
+##                xmlSecTransformOperation operation
+##                xmlSecBufferPtr result
+        # xmlSecDSigStatus status
+##                xmlSecTransformPtr signMethod
+##                xmlSecTransformPtr c14nMethod
+##                xmlSecTransformPtr preSignMemBufMethod
+##                xmlNodePtr signValueNode
+##                xmlChar * id
+##                xmlSecPtrList signedInfoReferences
+##                xmlSecPtrList manifestReferences
+##                void * reserved0
+##                void * reserved1
+
+    ctypedef _xmlSecDSigCtx* xmlSecDSigCtxPtr
+
+    xmlSecDSigCtxPtr xmlSecDSigCtxCreate(xmlSecKeysMngrPtr manager) nogil
+
+    void xmlSecDSigCtxDestroy(xmlSecDSigCtxPtr ctx) nogil
diff --git a/xmlsec.pyx b/xmlsec.pyx
