Changeset 1962

Timestamp:

05/01/07 17:12:42 (14 years ago)

Author:

pjkersha

Message:

Tidying up of XMLSecDoc class esp. documentation.

Location:

TI12-security/trunk/python

Files:

• ndg.security.common/ndg/security/common/XMLSec.py (modified) (15 diffs)
• ndg.security.test/ndg/security/test/XMLSecDoc/xmlSecDocTest.py (modified) (1 diff)

TI12-security/trunk/python/ndg.security.common/ndg/security/common/XMLSec.py

@@ -92 +92 @@
         of a signed document
         @param encrCertFilePath:    file path for X.509 cert used to encrypt
-        the document
+        the document - see note for __setCertFilePathList() method
         @param encrPriKeyFilePath:  file path for private key used to decrypt
         previously encrypted document"""
@@ -138 +138 @@
 
     def __setFilePath(self, filePath):
-        """Set file path for file to be signed/encrypted."""
+        """Set file path for file to be signed/verified/encrypted/decrypted
+        
+        @param filePath: file path of XML doc"""
         
         if filePath is None or not isinstance(filePath, basestring):            
@@ -176 +178 @@
     def __setCertFilePathList(self, filePath):
         """File path for certificate used to sign document / 
-        list of certificates used to check the signature of a document"""
+        list of certificates used to check the signature of a document
+        
+        @param filePath: file path or list of file paths to files used to
+        verify a signature.  The first element should be the cert 
+        corresponding to the proviate key used to make the signature.  
+        Successive certs in the list correspond to the chain of trust e.g.
+        if a proxy cert/private key was used the list would be
+        
+        proxy cert., 
+        user cert which issued the proxy cert, 
+        CA cert that issued the user cert
+        """
         
         if isinstance(filePath, basestring):        
@@ -215 +228 @@
     #_________________________________________________________________________
     def __setSigningKeyPwd(self, pwd):
-        """Set password to read private key from file"""
+        """Set password to read private key from file
+        
+        @param pwd: password protecting private key file - set to None if no
+        password is set"""
         
         if pwd is not None and not isinstance(pwd, basestring):            
@@ -231 +247 @@
     #_________________________________________________________________________
     def __setEncrCertFilePath(self, filePath):
-        """Set file path for certificate publiv key used to decrypt doc."""
+        """Set file path for X.509 certificate file containing public
+        key used to decrypt doc.
+        
+        @param filePath: path to X.509 Certificate file"""
         
         if filePath is None or not isinstance(filePath, basestring):            
@@ -246 +265 @@
     #_________________________________________________________________________
     def __setEncrPriKeyFilePath(self, filePath):
-        """Set file path for certificate private key used to decrypt doc."""
+        """Set file path for private key used to decrypt doc.
+        
+        @param filePath: path to private key file"""
         
         if filePath is None or not isinstance(filePath, basestring):            
@@ -280 +301 @@
     def parse(self, xmlTxt):
         """Parse string containing XML into a DOM to allow signature or 
-        signature validation"""
+        signature validation
+        
+        @param xmlTxt: text to be parsed"""
+        
         self.__docNode = Reader().fromString(xmlTxt)
 
@@ -286 +310 @@
     #_________________________________________________________________________
     def read(self, stream=None):
-        """Read XML into a libxml2 document to allow signature validation"""
+        """Read XML into a libxml2 document to allow signature validation
+        
+        @param stream: read from a file stream object instead of 
+        self.__filePath"""
+        
         if stream is None:
             stream = open(self.__filePath)
@@ -296 +324 @@
     def write(self):
         """Write XML document"""
-        open(self.__filePath, 'w').write(self.toString())
+        open(self.__filePath, 'w').write(self.toString() + os.linesep)
 
 
@@ -308 +336 @@
         """Make enveloped signature of XML document
 
-        @param xmlTxt:          string buffer containing xml to be signed. If
-                                not provided, calls XMLSecDoc.createXML().
-                                This is a virtual method so must be defined
-                                in a derived class.
+        @param xmlTxt: string buffer containing xml to be signed. If not 
+        provided, calls XMLSecDoc.createXML().  This is a virtual method so 
+        must be defined in a derived class.
                             
-        @param inclX509Cert:    include MIME encoded content of X.509
-                                certificate.  This can be used by the 
-                                recipient of the XML in order to verify the
-                                message
-        
-        @param refC14nKw:       Keywords for canonicalization of the reference
-                                - for enveloped type signature this is the
-                                parent element of the XML document"""
+        @param inclX509Cert: include MIME encoded content of X.509
+        certificate.  This can be used by the  recipient of the XML in order 
+        to verify the message
+        
+        @param refC14nKw: Keywords for canonicalization of the reference
+        - for enveloped type signature this is the parent element of the XML 
+        document.  If the key 'unsuppressedPrefixes' is set to a list of 
+        element prefix strings, exclusive canonicalization will be applied.  
+        To use inclusive canonicalization set 'unsuppressedPrefixes' to None
+         or set refC14nKw to None.
+         
+        @param signedInfoC14nKw: keywords for canonicalization of the 
+        SignedInfo section of the signature.  See explanation for refC14nKw
+        keyword for options."""
 
         if xmlTxt:
@@ -502 +535 @@
         InvalidSignature exception if the signature is invalid
 
-        xmlTxt:                 string buffer containing the text from the XML
-                                file to be checked.  If omitted, the
-                                filePath argument is used instead.
-
-        filePath:               file path to XML file to be checked.  This
-                                argument is used if no xmlTxt was provided.
-                                If filePath itself is omitted the file set
-                                by self.__filePath is read instead.
-
-        certFilePathList:       Certificate used to sign the document."""
+        @param xmlTxt: string buffer containing the text from the XML file to
+        be checked.  If omitted, the filePath argument is used instead.
+
+        @param filePath: file path to XML file to be checked.  This
+        argument is used if no xmlTxt was provided.  If filePath itself is 
+        omitted the file set by self.__filePath is read instead.
+
+        @param certFilePathList: Certificate used to sign the document."""
 
         # Check Certificate files for read access
@@ -674 +705 @@
         calcSignedInfoDigestValue = sha(signedInfoC14n).digest()
 
-        import pdb;pdb.set_trace()
 
         # Try extracting X.509 Cert from ds:X509Certificate node in KeyInfo
@@ -735 +765 @@
                 xmlTxt=None, 
                 filePath=None, 
-                encrCertFilePath=None,
                 inclX509SubjName=True,
-                inclX509IssSerial=True,
-                rtnAsString=False):
+                inclX509IssSerial=True):
         """Encrypt a document using recipient's public key
 
@@ -744 +772 @@
         triple DES key and an RSA key from keys manager.
         
-        xmlTxt:                 string buffer containing the text from the XML
-                                file to be encrypted.  If omitted, the
-                                filePath argument is used instead.
-
-        filePath:               file path to XML file to be encrypted.  This
-                                argument is used if no xmlTxt was provided.
-                                If filePath itself is omitted the file set
-                                by self.__filePath is read instead.
+        @param xmlTxt: string buffer containing the text from the XML file to 
+        be encrypted.  If omitted, the filePath argument is used instead.
+
+        @param filePath: file path to XML file to be encrypted.  This
+        argument is used if no xmlTxt was provided.  If filePath itself is 
+        omitted the file set by self.__filePath is read instead.
                                 
-        encrCertFilePath:     file path to RSA public key file used to
-                                encrypt the document.
-                                
-        inclX509SubjName:       include subject name of signing X.509 
-                                certificate.
-        inclX509IssSerial:      include issuer name and serial number in
-                                signature    
-        
-        rtnAsString:            This method returns None by default.  Set to 
-                                True to override and return the encrypted
-                                result instead as a string."""
-        
-
-        # Success
-        if rtnAsString:
-            return self.asString()
+        @param inclX509SubjName: include subject name of signing X.509 
+        certificate.
+        
+        @param inclX509IssSerial: include issuer name and serial number in
+        signature"""
+        
+        raise NotImplementedError, \
+                        "Encryption algorithm not implemented in this version"
  
  
@@ -774 +792 @@
     def decrypt(self, 
                 xmlTxt=None, 
-                filePath=None, 
-                encrPriKeyFilePath=None,
-                encrPriKeyPwd=None,
-                rtnAsString=False):
+                filePath=None):
         """Decrypt a document using a private key of public/private key pair
         
-        xmlTxt:                 string buffer containing the text from the XML
-                                file to be decrypted.  If omitted, the
-                                filePath argument is used instead.
-
-        filePath:               file path to XML file to be decrypted.  This
-                                argument is used if no xmlTxt was provided.
-                                If filePath itself is omitted the file set
-                                by self.__filePath is read instead.
-                                
-        encrPriKeyFilePath:     file path to private key file used to decrypt
-
-        encrPriKeyPwd:          password for private key file.
-        
-        rtnAsString:            This method returns None by default.  Set to 
-                                True to override and return the decrypted
-                                result instead as a string."""
-        
-        if encrPriKeyFilePath:
-            self.__setEncrPriKeyFilePath(encrPriKeyFilePath)
-    
-        # Success
-        if rtnAsString:
-            return self.asString()
+        @param xmlTxt: string buffer containing the text from the XML file to
+         be decrypted.  If omitted, the filePath argument is used instead.
+
+        @param filePath: file path to XML file to be decrypted.  This
+        argument is used if no xmlTxt was provided.  If filePath itself is 
+        omitted the file set by self.__filePath is read instead."""
+        
+        raise NotImplementedError, \
+                        "Encryption algorithm not implemented in this version"

TI12-security/trunk/python/ndg.security.test/ndg/security/test/XMLSecDoc/xmlSecDocTest.py

@@ -88 +88 @@
         self.xmlSecDoc.filePath = self.cfg['test3Write']['filepath']
         self.xmlSecDoc.write()
-      
+
         
     def test4Read(self):