XmlDSig Python Reference Documentation
XmlDSig
Current Version: 10.0.0
An API for validating XML Digital Signatures. Use the XmlDSigGen class for creating XML Digital Signatures.
Object Creation
obj = chilkat2.XmlDSig()
Properties
DebugLogFilePath
If set to a file path, causes each Chilkat method or property call to automatically append it's LastErrorText to the specified log file. The information is appended such that if a hang or crash occurs, it is possible to see the context in which the problem occurred, as well as a history of all Chilkat calls up to the point of the problem. The VerboseLogging property can be set to provide more detailed information.
This property is typically used for debugging the rare cases where a Chilkat method call hangs or generates an exception that halts program execution (i.e. crashes). A hang or crash should generally never happen. The typical causes of a hang are:
- a timeout related property was set to 0 to explicitly indicate that an infinite timeout is desired,
- the hang is actually a hang within an event callback (i.e. it is a hang within the application code), or
- there is an internal problem (bug) in the Chilkat code that causes the hang.
ExternalRefDirs
May contain a set of directory paths specifying where referenced external files are located. Directory paths should be separated using a semicolon character. The default value of this property is the empty string which means no directories are automatically searched.
This property can be used if the external file referenced in the XML signature has the same filename as the file in the local filesystem.
IgnoreExternalRefs
If True, then ignore failures caused by external references not being available. This allows for the XML signature to be at least partially validated if the external referenced files are not available. The default value of this property is False.
topLastErrorHtml
Provides information in HTML format about the last method/property called. If a method call returns a value indicating failure, or behaves unexpectedly, examine this property to get more information.
topLastErrorText
Provides information in plain-text format about the last method/property called. If a method call returns a value indicating failure, or behaves unexpectedly, examine this property to get more information.
LastErrorXml
Provides information in XML format about the last method/property called. If a method call returns a value indicating failure, or behaves unexpectedly, examine this property to get more information.
topLastMethodSuccess
Indicate whether the last method call succeeded or failed. A value of True indicates success, a value of False indicates failure. This property is automatically set for method calls. It is not modified by property accesses. The property is automatically set to indicate success for the following types of method calls:
- Any method that returns a string.
- Any method returning a Chilkat object, binary bytes, or a date/time.
- Any method returning a standard boolean status value where success = True and failure = False.
- Any method returning an integer where failure is defined by a return value less than zero.
Note: Methods that do not fit the above requirements will always set this property equal to True. For example, a method that returns no value (such as a "void" in C++) will technically always succeed.
topNumReferences
The number of data objects referenced in the XML digital signature. A data object may be self-contained within the loaded XML signature, or it may be an external URI reference. An application can check each reference to see if it's external by calling IsReferenceExternal, and can get each reference URI by calling ReferenceUri.
NumSignatures
The number of digital signatures found within the loaded XML. Each digital signature is composed of XML having the following structure:
<Signature ID?> <SignedInfo> <CanonicalizationMethod/> <SignatureMethod/> (<Reference URI? > (<Transforms>)? <DigestMethod> <DigestValue> </Reference>)+ </SignedInfo> <SignatureValue> (<KeyInfo>)? (<Object ID?>)* </Signature>Note: The "Signature" and other XML tags may be namespace prefixed.
The Selector property is used to select which XML signature is in effect when validating or calling other methods or properties.
RefFailReason
Indicates the failure reason for the last call to VerifyReferenceDigest. Possible values are:
- 0: No failure, the reference digest was valid.
- 1: The computed digest differs from the digest stored in the XML.
- 2: An external file is referenced, but it is unavailable for computing the digest.
- 3: The index argument passed to VerifyReferenceDigest was out of range.
- 4: Unable to find the Signature.
- 5: A transformation specified some sort of XML canonicalization that is not supported.
- 99: Unknown. (Should never get this value.)
Selector
If the loaded XML contains multiple signatures, this property can be set to specify which signature is in effect when calling other methods or properties. In most cases, the loaded XML contains a single signature and this property will remain at the default value of 0.
UncommonOptions
This is a catch-all property to be used for uncommon needs. This property defaults to the empty string, and should typically remain empty.
topVerboseLogging
If set to True, then the contents of LastErrorText (or LastErrorXml, or LastErrorHtml) may contain more verbose information. The default value is False. Verbose logging should only be used for debugging. The potentially large quantity of logged information may adversely affect peformance.
topVersion
Methods
AddEncapsulatedTimeStamp
Adds an EncapsulatedTimeStamp to the signature indicated by the Selector property. The updated signed XML with the added EncapsulatedTimeStamp is returned in sbOut. See the example below for details.
Returns True for success, False for failure.
CanonicalizeFragment
Applies XML canonicalization to a fragment of the passed-in XML, and returns the canonicalized XML string. The fragmentId identifies the XML element where output begins. It is the XML element having an "id" attribute equal to fragmentId. The version may be one of the following:
- "C14N" -- for Inclusive Canonical XML
- "EXCL_C14N" -- for Exclusive Canonical XML
The prefixList only applies when the version is set to "EXCL_C14N". The prefixList may be an empty string, or a SPACE separated list of namespace prefixes. It is the InclusiveNamespaces PrefixList, which is the list of namespaces that are propagated from ancestor elements for canonicalization purposes.
If withComments is True, then XML comments are included in the output. If withComments is False, then XML comments are excluded from the output.
Returns None on failure
CanonicalizeXml
Applies XML canonicalization to the passed-in XML, and returns the canonicalized XML string. The version may be one of the following:
- "C14N" -- for Inclusive Canonical XML
- "EXCL_C14N" -- for Exclusive Canonical XML
If withComments is True, then XML comments are included in the output. If withComments is False, then XML comments are excluded from the output.
Returns None on failure
GetCerts
Returns the certificates found in the signature indicated by the Selector property. The base64 representation of each certificate is returned.
Returns True for success, False for failure.
GetKeyInfo
Returns the KeyInfo XML for the signature indicated by the Selector property. Returns None if no KeyInfo exists.
Returns None on failure
GetPublicKey
Returns the public key from the KeyInfo XML for the signature indicated by the Selector property. Returns None if no KeyInfo exists, or if no public key is actually contained in the KeyInfo.
Returns None on failure
topHasEncapsulatedTimeStamp
Returns True if the signature indicated by the Selector property contains an EncapsulatedTimeStamp. Otherwise returns False.
IsReferenceExternal
Returns True if the reference at index is external. Each external reference would first need to be provided by the application prior to validating the signature.
LoadSignature
Loads an XML document containing 1 or more XML digital signatures. An application would first load XML containing digital signature(s), then validate. After loading, it is also possible to use various methods and properties to get information about the signature, such as the key info, references, etc. If external data is referenced by the signature, it may be necessary to provide the referenced data prior to validating.
Note: When loading an XML document, the Selector property is automatically reset to 0, and the NumSignatures property is set to the number of XML digital signatures found.
Returns True for success, False for failure.
topLoadSignatureBd
Loads an XML document containing one or more XML digital signatures from the contents of a BinData object. An application would first load the XML, then validate. After loading, it is also possible to use various methods and properties to get information about the signature, such as the key info, references, etc. If external data is referenced by the signature, it may be necessary to provide the referenced data prior to validating.
Note: When loading an XML document, the Selector property is automatically reset to 0, and the NumSignatures property is set to the number of XML digital signatures found.
Returns True for success, False for failure.
LoadSignatureSb
Loads an XML document containing one or more XML digital signatures from the contents of a StringBuilder object. An application would first load the XML, then validate. After loading, it is also possible to use various methods and properties to get information about the signature, such as the key info, references, etc. If external data is referenced by the signature, it may be necessary to provide the referenced data prior to validating.
Note: When loading an XML document, the Selector property is automatically reset to 0, and the NumSignatures property is set to the number of XML digital signatures found.
Returns True for success, False for failure.
ReferenceUri
Returns the URI of the Nth reference specified by index. (The 1st reference is at index 0.) URI's beginning with a pound sign ('#') are internal references.
Returns None on failure
SetHmacKey
Sets the HMAC key to be used if the Signature used an HMAC signing algorithm. The encoding specifies the encoding of key, and can be "hex", "base64", "ascii", or any of the binary encodings supported by Chilkat in the link below.
Returns True for success, False for failure.
SetHttpObj
Sets the HTTP object to be used to communicate with OCSP responders, CRL distribution points, or timestamp authority (TSA) servers if needed. The http is used to send the requests, and it allows for connection related settings and timeouts to be set. For example, if HTTP or SOCKS proxies are required, these features can be specified on the http.
topSetPublicKey
Sets the public key to be used for verifying the signature indicated by the Selector property. A public key only needs to be explicitly provided by the application for those XML signatures where the public key is not already available within the KeyInfo of the Signature. In some cases, the KeyInfo within the Signature contains information about what public key was used for signing. The application can use this information to retrieve the matching public key and provide it via this method.
Returns True for success, False for failure.
SetRefDataBd
SetRefDataFile
Provides the data for the external reference at index. When validating the signature, the data contained in path will be streamed to compute the digest for validation.
topSetRefDataSb
Provides the text data for the external reference at index. The charset specifies the byte representation of the text, such as "utf-8", "utf-16", "windows-1252", etc. (If in doubt, try utf-8 first.)
UseCertVault
Adds an XML certificate vault to the object's internal list of sources to be searched for certificates having public keys when verifying an XML signature. A single XML certificate vault may be used. If UseCertVault is called multiple times, only the last certificate vault will be used, as each call to UseCertVault will replace the certificate vault provided in previous calls.
Returns True for success, False for failure.
VerifyReferenceDigest
This method allows for an application to verify the digest for each reference separately. This can be helpful if the full XMLDSIG validation fails, then one can test each referenced data's digest to see which, if any, fail to match.
VerifySignature
Verifies the signature indicated by the Selector property. If verifyReferenceDigests is True, then the digest of each Reference within the signature's SignedInfo is also validated.
Returns True for success, False for failure.