Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

importing minidom is causing unexpected errors on macos #2

Closed
fingermark opened this issue Oct 25, 2016 · 1 comment
Closed

importing minidom is causing unexpected errors on macos #2

fingermark opened this issue Oct 25, 2016 · 1 comment

Comments

@fingermark
Copy link

fingermark commented Oct 25, 2016
edited
Loading

My application breaks on MacOS when I uncomment from defusedxml.minidom import parseString -- an import that's not even being used in the current file. Using from xml.dom.minidom import parseString works just fine. But using from defusedxml.minidom import parseString works fine on my linux server.

I get errors with libxmlsec1 about the supplied certificate not matching the one the XML.

Differences from MacOS server and linux server are python versions 2.7.10 vs 2.7.6. Libxmlsec versions 1.2.20 vs 1.2.18.

from defusedxml.lxml import tostring, fromstring
from os.path import basename, dirname, join

# !!!!!!!!!!!!!!!!!!!!
# Uncomment this line and it fails
# !!!!!!!!!!!!!!!!!!!!
#from defusedxml.minidom import parseString

import dm.xmlsec.binding as xmlsec

xml = """<insert xml>"""

pem = """-----BEGIN CERTIFICATE-----
-----END CERTIFICATE-----"""

def print_xmlsec_errors(filename, line, func, error_object, error_subject, reason, msg):
    """
    Auxiliary method. It overrides the default xmlsec debug message.
    """

    info = []
    if error_object != "unknown":
        info.append("obj=" + error_object)
    if error_subject != "unknown":
        info.append("subject=" + error_subject)
    if msg.strip():
        info.append("msg=" + msg)
    if reason != 1:
        info.append("errno=%d" % reason)
    if info:
        print "xmlsec1 -- %s:%d(%s)" % (filename, line, func), " ".join(info)

def validate_node_sign(signature_node, elem, cert=None, fingerprint=None, fingerprintalg='sha1', validatecert=False, debug=False):
    try:
        xmlsec.initialize()
        xmlsec.set_error_callback(print_xmlsec_errors)

        xmlsec.addIDs(elem, ["ID"])

        print "--- Signature Node ---"
        print tostring(signature_node)
        print "+++ Signature Node +++"

        #file_name = "/Users/fingermark/cacert.pem"

        dsig_ctx = xmlsec.DSigCtx()
        #signKey = xmlsec.Key.load(file_name, xmlsec.KeyDataFormatCertPem, None)
        signKey = xmlsec.Key.loadMemory(pem, xmlsec.KeyDataFormatCertPem)
        #signKey.name = basename(file_name)
        dsig_ctx.signKey = signKey
        print "signKey.name: %s" % signKey.name

        dsig_ctx.setEnabledKeyData([xmlsec.KeyDataX509])
        dsig_ctx.verify(signature_node)

        print "verified"

        return True
    except Exception as err:
        print "Node verification error:"
        print err.__str__()
        return False

if __name__ == "__main__":
    elem = fromstring(xml)
    node = elem.find(".//{%s}Signature" % xmlsec.DSigNs)
    print validate_node_sign(node, elem)

See more:
SAML-Toolkits/python-saml#166 (comment)
@fingermark
Copy link
Author

Followed the imports and this was the final one it failed on. Maybe it's something else:

from xml.sax.expatreader import ExpatParser as _ExpatParser

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@fingermark