diff --git a/.appveyor.yml b/.appveyor.yml
deleted file mode 100644
index ce025819..00000000
--- a/.appveyor.yml
+++ /dev/null
@@ -1,64 +0,0 @@
-environment:
- matrix:
- - python: 35
- - python: 35-x64
- - python: 36
- - python: 36-x64
- - python: 37
- - python: 37-x64
- - python: 38
- - python: 38-x64
- - python: 39
- python_version: 3.9.13
- - python: 39-x64
- python_version: 3.9.13
- - python: 310
- python_version: 3.10.6
- - python: 310-x64
- python_version: 3.10.6
- - python: 311
- python_version: 3.11.2
- - python: 311-x64
- python_version: 3.11.2
-
-install:
- - ps: |
- # from https://github.com/appveyor/build-images/blob/27bde614bc60d7ef7a8bc46182f4d7582fa11b56/scripts/Windows/install_python.ps1#L88-L108
- function InstallPythonEXE($targetPath, $version) {
- $urlPlatform = ""
- if ($targetPath -match '-x64$') {
- $urlPlatform = "-amd64"
- }
- Write-Host "Installing Python $version$urlPlatform to $($targetPath)..." -ForegroundColor Cyan
- $downloadUrl = "https://www.python.org/ftp/python/$version/python-$version$urlPlatform.exe"
- Write-Host "Downloading $($downloadUrl)..."
- $exePath = "$env:TEMP\python-$version.exe"
- (New-Object Net.WebClient).DownloadFile($downloadUrl, $exePath)
- Write-Host "Installing..."
- cmd /c start /wait $exePath /quiet TargetDir="$targetPath" Shortcuts=0 Include_launcher=1 InstallLauncherAllUsers=1 Include_debug=1
- Remove-Item $exePath
- Write-Host "Installed Python $version" -ForegroundColor Green
- }
- if ( -not ( Test-Path -Path C:\\Python$env:PYTHON -PathType Container ) ) {
- InstallPythonEXE C:\\Python$env:PYTHON $env:PYTHON_VERSION
- }
- - SET PATH=C:\\Python%PYTHON%;c:\\Python%PYTHON%\\scripts;%PATH%
- - python -m pip install -U pip wheel setuptools
-
-build: off
-build_script:
- - python setup.py bdist_wheel
-
-test: off
-test_script:
- - pip install -r requirements-test.txt
- - pip install xmlsec --only-binary=xmlsec --no-index --find-links=dist
- - pytest -v --color=yes --junitxml=unittests.xml
- - ps: Get-ChildItem dist\*.whl | % { Push-AppveyorArtifact $_.FullName -FileName $_.Name }
-
-on_finish:
- - ps: |
- # archive test results at AppVeyor
- $wc = New-Object 'System.Net.WebClient'
- $wc.UploadFile("https://ci.appveyor.com/api/testresults/junit/$($env:APPVEYOR_JOB_ID)", (Resolve-Path .\unittests.xml))
- $LastExitCode = 0
diff --git a/.github/workflows/linuxbrew.yml b/.github/workflows/linuxbrew.yml
index c3ede39b..1c6d9543 100644
--- a/.github/workflows/linuxbrew.yml
+++ b/.github/workflows/linuxbrew.yml
@@ -1,11 +1,14 @@
name: linuxbrew
on: [push, pull_request]
+concurrency:
+ group: ${{ github.workflow }}-${{ github.ref }}
+ cancel-in-progress: ${{ github.ref_name != 'master' }}
jobs:
linuxbrew:
runs-on: ubuntu-latest
strategy:
matrix:
- python: ["3.9", "3.10", "3.11", "3.12", "3.13"]
+ python: ["3.9", "3.10", "3.11", "3.12", "3.13", "3.14"]
env:
# For some unknown reason, linuxbrew tries to use "gcc-11" by default, which doesn't exist.
CC: gcc
diff --git a/.github/workflows/macosx.yml b/.github/workflows/macosx.yml
index f639637e..e2e2a0df 100644
--- a/.github/workflows/macosx.yml
+++ b/.github/workflows/macosx.yml
@@ -1,11 +1,14 @@
-name: MacOS
+name: macOS
on: [push, pull_request]
+concurrency:
+ group: ${{ github.workflow }}-${{ github.ref }}
+ cancel-in-progress: ${{ github.ref_name != 'master' }}
jobs:
macosx:
runs-on: macos-latest
strategy:
matrix:
- python: ["3.9", "3.10", "3.11", "3.12", "3.13"]
+ python: ["3.9", "3.10", "3.11", "3.12", "3.13", "3.14"]
static_deps: ["static", ""]
steps:
- uses: actions/checkout@v3
diff --git a/.github/workflows/manylinux.yml b/.github/workflows/manylinux.yml
index db8ea913..d1c205d7 100644
--- a/.github/workflows/manylinux.yml
+++ b/.github/workflows/manylinux.yml
@@ -1,11 +1,14 @@
name: manylinux
on: [push, pull_request]
+concurrency:
+ group: ${{ github.workflow }}-${{ github.ref }}
+ cancel-in-progress: ${{ github.ref_name != 'master' }}
jobs:
manylinux:
runs-on: ubuntu-latest
strategy:
matrix:
- python-abi: [cp38-cp38, cp39-cp39, cp310-cp310, cp311-cp311, cp312-cp312, cp313-cp313]
+ python-abi: [cp39-cp39, cp310-cp310, cp311-cp311, cp312-cp312, cp313-cp313, cp314-cp314]
image:
- manylinux2014_x86_64
- manylinux_2_28_x86_64
@@ -29,6 +32,7 @@ jobs:
- name: Build linux_x86_64 wheel
env:
PYXMLSEC_STATIC_DEPS: true
+ PYXMLSEC_LIBXML2_VERSION: 2.14.6 # Lock it to libxml2 2.14.6 to match it with lxml
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
run: |
/opt/python/${{ matrix.python-abi }}/bin/python -m build
diff --git a/.github/workflows/sdist.yml b/.github/workflows/sdist.yml
index 04f22c14..ecc53c31 100644
--- a/.github/workflows/sdist.yml
+++ b/.github/workflows/sdist.yml
@@ -1,5 +1,8 @@
name: sdist
on: [push, pull_request]
+concurrency:
+ group: ${{ github.workflow }}-${{ github.ref }}
+ cancel-in-progress: ${{ github.ref_name != 'master' }}
jobs:
sdist:
# Avoid Ubuntu 24.04 in sdist workflows, because it contains libxmlsec1-dev
@@ -9,7 +12,7 @@ jobs:
runs-on: ubuntu-22.04
strategy:
matrix:
- python: ["3.9", "3.10", "3.11", "3.12", "3.13"]
+ python: ["3.9", "3.10", "3.11", "3.12", "3.13", "3.14"]
steps:
- uses: actions/checkout@v3
- name: Set up Python
diff --git a/.github/workflows/wheels.yml b/.github/workflows/wheels.yml
index 66e6db8f..1d4564a6 100644
--- a/.github/workflows/wheels.yml
+++ b/.github/workflows/wheels.yml
@@ -15,6 +15,10 @@ on:
pull_request:
workflow_dispatch:
+concurrency:
+ group: ${{ github.workflow }}-${{ github.ref }}
+ cancel-in-progress: ${{ github.ref_name != 'master' }}
+
permissions: {}
jobs:
@@ -73,7 +77,7 @@ jobs:
- uses: actions/checkout@v4
- name: Install cibuildwheel
# Nb. keep cibuildwheel version pin consistent with job below
- run: pipx install cibuildwheel==2.21.3
+ run: pipx install cibuildwheel==3.1.4
- id: set-matrix
# Once we have the windows build figured out, it can be added here
# by updating the matrix to include windows builds as well.
@@ -87,7 +91,9 @@ jobs:
&& cibuildwheel --print-build-identifiers --platform macos \
| jq -nRc '{"only": inputs, "os": "macos-latest"}' \
&& cibuildwheel --print-build-identifiers --platform windows \
- | jq -nRc '{"only": inputs, "os": "windows-2022"}'
+ | jq -nRc '{"only": inputs, "os": "windows-2022"}' \
+ && cibuildwheel --print-build-identifiers --platform windows --archs ARM64 \
+ | jq -nRc '{"only": inputs, "os": "windows-11-arm"}'
} | jq -sc
)
echo "include=$MATRIX"
@@ -104,7 +110,7 @@ jobs:
include: ${{ fromJson(needs.generate-wheels-matrix.outputs.include) }}
env:
- PYXMLSEC_LIBXML2_VERSION: 2.14.4
+ PYXMLSEC_LIBXML2_VERSION: 2.14.6
PYXMLSEC_LIBXSLT_VERSION: 1.1.43
steps:
@@ -120,7 +126,7 @@ jobs:
platforms: all
- name: Build wheels
- uses: pypa/cibuildwheel@v2.21.3
+ uses: pypa/cibuildwheel@v3.1.4
with:
only: ${{ matrix.only }}
env:
diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml
index a02d6fac..aca65390 100644
--- a/.pre-commit-config.yaml
+++ b/.pre-commit-config.yaml
@@ -1,48 +1,42 @@
# See https://pre-commit.com for more information
# See https://pre-commit.com/hooks.html for more hooks
repos:
-- repo: https://github.com/psf/black
- rev: 25.1.0
- hooks:
- - id: black
- types: []
- files: ^.*.pyi?$
- exclude: ^doc/
-- repo: https://github.com/pre-commit/pre-commit-hooks
- rev: v5.0.0
- hooks:
- - id: no-commit-to-branch
- - id: trailing-whitespace
- - id: end-of-file-fixer
- - id: check-yaml
- - id: check-added-large-files
- - id: check-ast
- - id: check-merge-conflict
- - id: check-json
- - id: detect-private-key
- exclude: ^.*/rsakey.pem$
- - id: mixed-line-ending
- - id: pretty-format-json
- args: [--autofix]
-- repo: https://github.com/PyCQA/flake8
- rev: 7.3.0
- hooks:
- - id: flake8
- exclude: ^setup.py$
- additional_dependencies: [flake8-docstrings, flake8-bugbear, flake8-logging-format, flake8-builtins, flake8-eradicate, flake8-fixme, pep8-naming, flake8-pep3101, flake8-annotations-complexity,flake8-pyi]
-- repo: https://github.com/PyCQA/isort
- rev: 6.0.1
- hooks:
- - id: isort
-- repo: https://github.com/pre-commit/mirrors-mypy
- rev: v1.16.1
- hooks:
- - id: mypy
- exclude: (setup.py|tests/.*.py|doc/.*)
- types: []
- files: ^.*.pyi?$
- additional_dependencies: [lxml-stubs,types-docutils]
-- repo: https://github.com/pre-commit/pygrep-hooks
- rev: v1.10.0
- hooks:
- - id: rst-backticks
+- repo: https://github.com/astral-sh/ruff-pre-commit
+ rev: v0.14.4
+ hooks:
+ - id: ruff
+ args: ["--fix"]
+ types: [python]
+ - id: ruff-format
+ types: [python]
+
+- repo: https://github.com/pre-commit/pre-commit-hooks
+ rev: v6.0.0
+ hooks:
+ - id: no-commit-to-branch
+ - id: trailing-whitespace
+ - id: end-of-file-fixer
+ - id: check-yaml
+ - id: check-added-large-files
+ - id: check-ast
+ - id: check-merge-conflict
+ - id: check-json
+ - id: detect-private-key
+ exclude: ^.*/rsakey.pem$
+ - id: mixed-line-ending
+ - id: pretty-format-json
+ args: [--autofix]
+
+- repo: https://github.com/pre-commit/mirrors-mypy
+ rev: v1.18.2
+ hooks:
+ - id: mypy
+ exclude: (setup.py|tests|build_support/.*.py|doc/.*)
+ types: []
+ files: ^.*.pyi?$
+ additional_dependencies: [lxml-stubs, types-docutils]
+
+- repo: https://github.com/pre-commit/pygrep-hooks
+ rev: v1.10.0
+ hooks:
+ - id: rst-backticks
diff --git a/.travis.yml b/.travis.yml
index 9e6ca540..8d3ca07e 100644
--- a/.travis.yml
+++ b/.travis.yml
@@ -1,51 +1,53 @@
-dist: trusty
-sudo: false
+dist: focal
language: python
+travis:
+ auto_cancel:
+ push: true
+ pull_request: true
+
notifications:
email: false
-matrix:
- include:
- - python: 3.5
- - python: 3.6
- - python: 3.7
- dist: xenial
- sudo: required
- - python: 3.8
- dist: xenial
- sudo: required
- - python: 3.9
- dist: xenial
- sudo: required
- - python: 3.11
- dist: xenial
- sudo: required
+
+python:
+ - "3.9"
+ - "3.10"
+ - "3.11"
+ - "3.12"
+ - "3.13"
+ - "3.14"
+
env:
global:
- - CFLAGS=-coverage
- - LDFLAGS=-coverage -lgcov
- - PYXMLSEC_TEST_ITERATIONS=50
+ - CFLAGS=-coverage
+ - LDFLAGS=-coverage -lgcov
+ - PYXMLSEC_TEST_ITERATIONS=50
addons:
apt:
packages:
- - libssl-dev
- - libxmlsec1
- - libxmlsec1-dev
- - libxmlsec1-openssl
- - libxslt1-dev
- - pkg-config
- - lcov
+ - libssl-dev
+ - libxmlsec1
+ - libxmlsec1-dev
+ - libxmlsec1-openssl
+ - libxslt1-dev
+ - pkg-config
+ - lcov
+
install:
-- travis_retry pip install --upgrade pip setuptools wheel
-- travis_retry pip install coverage -r requirements-test.txt --upgrade --force-reinstall
-- python setup.py bdist_wheel
-- pip install xmlsec --only-binary=xmlsec --no-index --find-links=dist/
-script: coverage run -m pytest -v tests --color=yes
+ - travis_retry pip install --upgrade pip setuptools wheel
+ - travis_retry pip install coverage -r requirements-test.txt --upgrade --force-reinstall
+ - python setup.py bdist_wheel
+ - pip install xmlsec --only-binary=xmlsec --no-index --find-links=dist/
+
+script:
+ - coverage run -m pytest -v tests --color=yes
+
after_success:
-- lcov --capture --no-external --directory . --output-file coverage.info
-- lcov --list coverage.info
-- bash <(curl -s https://codecov.io/bash) -f coverage.info
+ - lcov --capture --no-external --directory . --output-file coverage.info
+ - lcov --list coverage.info
+ - bash <(curl -s https://codecov.io/bash) -f coverage.info
+
before_deploy:
-- travis_retry pip install Sphinx -r doc/source/requirements.txt
-- git apply --verbose --no-index --unsafe-paths --directory=$(python -c "import site; print(site.getsitepackages()[0])") doc/source/sphinx-pr-6916.diff
-- sphinx-build -EWanb html doc/source build/sphinx
+ - travis_retry pip install Sphinx -r doc/source/requirements.txt
+ - git apply --verbose --no-index --unsafe-paths --directory=$(python -c "import site; print(site.getsitepackages()[0])") doc/source/sphinx-pr-6916.diff
+ - sphinx-build -EWanb html doc/source build/sphinx
diff --git a/README.md b/README.md
new file mode 100644
index 00000000..60bde880
--- /dev/null
+++ b/README.md
@@ -0,0 +1,198 @@
+# python-xmlsec
+
+[](https://pypi.python.org/pypi/xmlsec)
+[](https://results.pre-commit.ci/latest/github/xmlsec/python-xmlsec/master)
+[](https://github.com/xmlsec/python-xmlsec/actions/workflows/manylinux.yml)
+[](https://github.com/xmlsec/python-xmlsec/actions/workflows/macosx.yml)
+[](https://github.com/xmlsec/python-xmlsec/actions/workflows/linuxbrew.yml)
+[](https://codecov.io/gh/xmlsec/python-xmlsec)
+[](https://xmlsec.readthedocs.io/en/latest/?badge=latest)
+
+Python bindings for the [XML Security
+Library](https://www.aleksey.com/xmlsec/).
+
+## Documentation
+
+Documentation for `xmlsec` can be found at
+[xmlsec.readthedocs.io](https://xmlsec.readthedocs.io/).
+
+## Usage
+
+Check the
+[examples](https://xmlsec.readthedocs.io/en/latest/examples.html)
+section in the documentation to see various examples of signing and
+verifying using the library.
+
+## Requirements
+
+- `libxml2 >= 2.9.1`
+- `libxmlsec1 >= 1.2.33`
+
+## Install
+
+`xmlsec` is available on PyPI:
+
+``` bash
+pip install xmlsec
+```
+
+Depending on your OS, you may need to install the required native
+libraries first:
+
+### Linux (Debian)
+
+``` bash
+apt-get install pkg-config libxml2-dev libxmlsec1-dev libxmlsec1-openssl
+```
+
+Note: There is no required version of LibXML2 for Ubuntu Precise, so you
+need to download and install it manually.
+
+``` bash
+wget http://xmlsoft.org/sources/libxml2-2.9.1.tar.gz
+tar -xvf libxml2-2.9.1.tar.gz
+cd libxml2-2.9.1
+./configure && make && make install
+```
+
+### Linux (CentOS)
+
+``` bash
+yum install libxml2-devel xmlsec1-devel xmlsec1-openssl-devel libtool-ltdl-devel
+```
+
+### Linux (Fedora)
+
+``` bash
+dnf install libxml2-devel xmlsec1-devel xmlsec1-openssl-devel libtool-ltdl-devel
+```
+
+### Mac
+
+``` bash
+brew install libxml2 libxmlsec1 pkg-config
+```
+
+or
+
+``` bash
+port install libxml2 xmlsec pkgconfig
+```
+
+### Alpine
+
+``` bash
+apk add build-base openssl libffi-dev openssl-dev libxslt-dev libxml2-dev xmlsec-dev xmlsec
+```
+
+## Troubleshooting
+
+### Mac
+
+If you get any fatal errors about missing `.h` files, update your
+`C_INCLUDE_PATH` environment variable to include the appropriate files
+from the `libxml2` and `libxmlsec1` libraries.
+
+### Windows
+
+Starting with 1.3.7, prebuilt wheels are available for Windows, so
+running `pip install xmlsec` should suffice. If you want to build from
+source:
+
+1. Configure build environment, see
+ [wiki.python.org](https://wiki.python.org/moin/WindowsCompilers) for
+ more details.
+
+2. Install from source dist:
+
+ ``` bash
+ pip install xmlsec --no-binary=xmlsec
+ ```
+
+## Building from source
+
+1. Clone the `xmlsec` source code repository to your local computer.
+
+ ``` bash
+ git clone https://github.com/xmlsec/python-xmlsec.git
+ ```
+
+2. Change into the `python-xmlsec` root directory.
+
+ ``` bash
+ cd /path/to/xmlsec
+ ```
+
+3. Install the project and all its dependencies using `pip`.
+
+ ``` bash
+ pip install .
+ ```
+
+## Contributing
+
+### Setting up your environment
+
+1. Follow steps 1 and 2 of the [manual installation
+ instructions](#building-from-source).
+
+2. Initialize a virtual environment to develop in. This is done so as
+ to ensure every contributor is working with close-to-identical
+ versions of packages.
+
+ ``` bash
+ mkvirtualenv xmlsec
+ ```
+
+ The `mkvirtualenv` command is available from `virtualenvwrapper`
+ package which can be installed by following
+ [link](http://virtualenvwrapper.readthedocs.org/en/latest/install.html#basic-installation).
+
+3. Activate the created virtual environment:
+
+ ``` bash
+ workon xmlsec
+ ```
+
+4. Install `xmlsec` in development mode with testing enabled. This will
+ download all dependencies required for running the unit tests.
+
+ ``` bash
+ pip install -r requirements-test.txt
+ pip install -e "."
+ ```
+
+### Running the test suite
+
+1. [Set up your environment](#setting-up-your-environment).
+
+2. Run the unit tests.
+
+ ``` bash
+ pytest tests
+ ```
+
+3. Tests configuration
+
+ Env variable `PYXMLSEC_TEST_ITERATIONS` specifies number of test
+ iterations to detect memory leaks.
+
+### Reporting an issue
+
+Please attach the output of following information:
+
+- version of `xmlsec`
+- version of `libxmlsec1`
+- version of `libxml2`
+- output from the command
+
+ ``` bash
+ pkg-config --cflags xmlsec1
+ ```
+
+## License
+
+Unless otherwise noted, all files contained within this project are
+licensed under the MIT open source license. See the included `LICENSE`
+file or visit [opensource.org](http://opensource.org/licenses/MIT) for
+more information.
diff --git a/README.rst b/README.rst
deleted file mode 100644
index bd3a1be9..00000000
--- a/README.rst
+++ /dev/null
@@ -1,229 +0,0 @@
-python-xmlsec
-=============
-
-.. image:: https://img.shields.io/pypi/v/xmlsec.svg?logo=python&logoColor=white
- :target: https://pypi.python.org/pypi/xmlsec
-.. image:: https://results.pre-commit.ci/badge/github/xmlsec/python-xmlsec/master.svg
- :target: https://results.pre-commit.ci/latest/github/xmlsec/python-xmlsec/master
- :alt: pre-commit.ci status
-.. image:: https://img.shields.io/appveyor/ci/hoefling/xmlsec/master.svg?logo=appveyor&logoColor=white&label=AppVeyor
- :target: https://ci.appveyor.com/project/hoefling/xmlsec
-.. image:: https://github.com/mehcode/python-xmlsec/actions/workflows/manylinux.yml/badge.svg
- :target: https://github.com/mehcode/python-xmlsec/actions/workflows/manylinux.yml
-.. image:: https://github.com/mehcode/python-xmlsec/actions/workflows/macosx.yml/badge.svg
- :target: https://github.com/mehcode/python-xmlsec/actions/workflows/macosx.yml
-.. image:: https://github.com/mehcode/python-xmlsec/actions/workflows/linuxbrew.yml/badge.svg
- :target: https://github.com/mehcode/python-xmlsec/actions/workflows/linuxbrew.yml
-.. image:: https://github.com/mehcode/python-xmlsec/actions/workflows/opensuse-tumbleweed.yml/badge.svg
- :target: https://github.com/mehcode/python-xmlsec/actions/workflows/opensuse-tumbleweed.yml
-.. image:: https://codecov.io/gh/xmlsec/python-xmlsec/branch/master/graph/badge.svg
- :target: https://codecov.io/gh/xmlsec/python-xmlsec
-.. image:: https://img.shields.io/readthedocs/xmlsec/latest?logo=read-the-docs
- :target: https://xmlsec.readthedocs.io/en/latest/?badge=latest
- :alt: Documentation Status
-
-Python bindings for the `XML Security Library `_.
-
-Documentation
-*************
-
-A documentation for ``xmlsec`` can be found at `xmlsec.readthedocs.io `_.
-
-Usage
-*****
-
-Check the `examples `_ section in the documentation to see various examples of signing and verifying using the library.
-
-Requirements
-************
-- ``libxml2 >= 2.9.1``
-- ``libxmlsec1 >= 1.2.33``
-
-Install
-*******
-
-``xmlsec`` is available on PyPI:
-
-.. code-block:: bash
-
- pip install xmlsec
-
-Depending on your OS, you may need to install the required native
-libraries first:
-
-Linux (Debian)
-^^^^^^^^^^^^^^
-
-.. code-block:: bash
-
- apt-get install pkg-config libxml2-dev libxmlsec1-dev libxmlsec1-openssl
-
-
-Note: There is no required version of LibXML2 for Ubuntu Precise,
-so you need to download and install it manually.
-
-.. code-block:: bash
-
- wget http://xmlsoft.org/sources/libxml2-2.9.1.tar.gz
- tar -xvf libxml2-2.9.1.tar.gz
- cd libxml2-2.9.1
- ./configure && make && make install
-
-
-Linux (CentOS)
-^^^^^^^^^^^^^^
-
-.. code-block:: bash
-
- yum install libxml2-devel xmlsec1-devel xmlsec1-openssl-devel libtool-ltdl-devel
-
-
-Linux (Fedora)
-^^^^^^^^^^^^^^
-
-.. code-block:: bash
-
- dnf install libxml2-devel xmlsec1-devel xmlsec1-openssl-devel libtool-ltdl-devel
-
-
-Mac
-^^^
-
-.. code-block:: bash
-
- brew install libxml2 libxmlsec1 pkg-config
-
-or
-
-.. code-block:: bash
-
- port install libxml2 xmlsec pkgconfig
-
-
-Alpine
-^^^^^^
-
-.. code-block:: bash
-
- apk add build-base libressl libffi-dev libressl-dev libxslt-dev libxml2-dev xmlsec-dev xmlsec
-
-
-Troubleshooting
-***************
-
-Mac
-^^^
-
-If you get any fatal errors about missing ``.h`` files, update your
-``C_INCLUDE_PATH`` environment variable to include the appropriate
-files from the ``libxml2`` and ``libxmlsec1`` libraries.
-
-
-Windows
-^^^^^^^
-
-Starting with 1.3.7, prebuilt wheels are available for Windows,
-so running ``pip install xmlsec`` should suffice. If you want
-to build from source:
-
-#. Configure build environment, see `wiki.python.org `_ for more details.
-
-#. Install from source dist:
-
- .. code-block:: bash
-
- pip install xmlsec --no-binary=xmlsec
-
-
-Building from source
-********************
-
-#. Clone the ``xmlsec`` source code repository to your local computer.
-
- .. code-block:: bash
-
- git clone https://github.com/xmlsec/python-xmlsec.git
-
-#. Change into the ``python-xmlsec`` root directory.
-
- .. code-block:: bash
-
- cd /path/to/xmlsec
-
-
-#. Install the project and all its dependencies using ``pip``.
-
- .. code-block:: bash
-
- pip install .
-
-
-Contributing
-************
-
-Setting up your environment
-^^^^^^^^^^^^^^^^^^^^^^^^^^^
-
-#. Follow steps 1 and 2 of the `manual installation instructions <#building-from-source>`_.
-
-
-#. Initialize a virtual environment to develop in.
- This is done so as to ensure every contributor is working with
- close-to-identicial versions of packages.
-
- .. code-block:: bash
-
- mkvirtualenv xmlsec
-
- The ``mkvirtualenv`` command is available from ``virtualenvwrapper`` package which can be installed by following `link `_.
-
-#. Activate the created virtual environment:
-
- .. code-block:: bash
-
- workon xmlsec
-
-#. Install ``xmlsec`` in development mode with testing enabled.
- This will download all dependencies required for running the unit tests.
-
- .. code-block:: bash
-
- pip install -r requirements-test.txt
- pip install -e "."
-
-
-Running the test suite
-^^^^^^^^^^^^^^^^^^^^^^
-
-#. `Set up your environment <#setting-up-your-environment>`_.
-
-#. Run the unit tests.
-
- .. code-block:: bash
-
- pytest tests
-
-#. Tests configuration
-
- Env variable ``PYXMLSEC_TEST_ITERATIONS`` specifies number of
- test iterations to detect memory leaks.
-
-Reporting an issue
-^^^^^^^^^^^^^^^^^^
-
-Please attach the output of following information:
-
-* version of ``xmlsec``
-* version of ``libxmlsec1``
-* version of ``libxml2``
-* output from the command
-
- .. code-block:: bash
-
- pkg-config --cflags xmlsec1
-
-License
-*******
-
-Unless otherwise noted, all files contained within this project are licensed under the MIT opensource license.
-See the included ``LICENSE`` file or visit `opensource.org `_ for more information.
diff --git a/build_support/__init__.py b/build_support/__init__.py
new file mode 100644
index 00000000..e69de29b
diff --git a/build_support/build_ext.py b/build_support/build_ext.py
new file mode 100644
index 00000000..c4fb5bc9
--- /dev/null
+++ b/build_support/build_ext.py
@@ -0,0 +1,86 @@
+import os
+import sys
+from distutils import log
+from distutils.errors import DistutilsError
+
+from setuptools.command.build_ext import build_ext as build_ext_orig
+
+from .static_build import CrossCompileInfo, StaticBuildHelper
+
+
+class build_ext(build_ext_orig):
+ def info(self, message):
+ self.announce(message, level=log.INFO)
+
+ def run(self):
+ ext = self.ext_map['xmlsec']
+ self.debug = os.environ.get('PYXMLSEC_ENABLE_DEBUG', False)
+ self.static = os.environ.get('PYXMLSEC_STATIC_DEPS', False)
+ self.size_opt = os.environ.get('PYXMLSEC_OPTIMIZE_SIZE', True)
+
+ if self.static or sys.platform == 'win32':
+ helper = StaticBuildHelper(self)
+ helper.prepare(sys.platform)
+ else:
+ import pkgconfig
+
+ try:
+ config = pkgconfig.parse('xmlsec1')
+ except OSError as error:
+ raise DistutilsError('Unable to invoke pkg-config.') from error
+ except pkgconfig.PackageNotFoundError as error:
+ raise DistutilsError('xmlsec1 is not installed or not in path.') from error
+
+ if config is None or not config.get('libraries'):
+ raise DistutilsError('Bad or incomplete result returned from pkg-config.')
+
+ ext.define_macros.extend(config['define_macros'])
+ ext.include_dirs.extend(config['include_dirs'])
+ ext.library_dirs.extend(config['library_dirs'])
+ ext.libraries.extend(config['libraries'])
+
+ import lxml
+
+ ext.include_dirs.extend(lxml.get_include())
+
+ ext.define_macros.extend(
+ [('MODULE_NAME', self.distribution.metadata.name), ('MODULE_VERSION', self.distribution.metadata.version)]
+ )
+ for key, value in ext.define_macros:
+ if key == 'XMLSEC_CRYPTO' and not (value.startswith('"') and value.endswith('"')):
+ ext.define_macros.remove((key, value))
+ ext.define_macros.append((key, f'"{value}"'))
+ break
+
+ if sys.platform == 'win32':
+ ext.extra_compile_args.append('/Zi')
+ else:
+ ext.extra_compile_args.extend(
+ [
+ '-g',
+ '-std=c99',
+ '-fPIC',
+ '-fno-strict-aliasing',
+ '-Wno-error=declaration-after-statement',
+ '-Werror=implicit-function-declaration',
+ ]
+ )
+
+ if self.debug:
+ ext.define_macros.append(('PYXMLSEC_ENABLE_DEBUG', '1'))
+ if sys.platform == 'win32':
+ ext.extra_compile_args.append('/Od')
+ else:
+ ext.extra_compile_args.append('-Wall')
+ ext.extra_compile_args.append('-O0')
+ else:
+ if self.size_opt:
+ if sys.platform == 'win32':
+ ext.extra_compile_args.append('/Os')
+ else:
+ ext.extra_compile_args.append('-Os')
+
+ super().run()
+
+
+__all__ = ('CrossCompileInfo', 'build_ext')
diff --git a/build_support/network.py b/build_support/network.py
new file mode 100644
index 00000000..7ac0bb5e
--- /dev/null
+++ b/build_support/network.py
@@ -0,0 +1,29 @@
+import contextlib
+import json
+from urllib.request import Request, urlopen
+
+DEFAULT_USER_AGENT = 'https://github.com/xmlsec/python-xmlsec'
+DOWNLOAD_USER_AGENT = 'python-xmlsec build'
+
+
+def make_request(url, github_token=None, json_response=False):
+ headers = {'User-Agent': DEFAULT_USER_AGENT}
+ if github_token:
+ headers['authorization'] = 'Bearer ' + github_token
+ request = Request(url, headers=headers)
+ with contextlib.closing(urlopen(request)) as response:
+ charset = response.headers.get_content_charset() or 'utf-8'
+ content = response.read().decode(charset)
+ if json_response:
+ return json.loads(content)
+ return content
+
+
+def download_lib(url, filename):
+ request = Request(url, headers={'User-Agent': DOWNLOAD_USER_AGENT})
+ with urlopen(request) as response, open(filename, 'wb') as target:
+ while True:
+ chunk = response.read(8192)
+ if not chunk:
+ break
+ target.write(chunk)
diff --git a/build_support/releases.py b/build_support/releases.py
new file mode 100644
index 00000000..089162e2
--- /dev/null
+++ b/build_support/releases.py
@@ -0,0 +1,77 @@
+import html.parser
+import os
+import re
+from distutils import log
+from distutils.version import StrictVersion as Version
+
+from .network import make_request
+
+
+class HrefCollector(html.parser.HTMLParser):
+ def __init__(self, *args, **kwargs):
+ super().__init__(*args, **kwargs)
+ self.hrefs = []
+
+ def handle_starttag(self, tag, attrs):
+ if tag == 'a':
+ for name, value in attrs:
+ if name == 'href':
+ self.hrefs.append(value)
+
+
+def latest_release_from_html(url, matcher):
+ content = make_request(url)
+ collector = HrefCollector()
+ collector.feed(content)
+ hrefs = collector.hrefs
+
+ def comp(text):
+ try:
+ return Version(matcher.match(text).groupdict()['version'])
+ except (AttributeError, ValueError):
+ return Version('0.0')
+
+ latest = max(hrefs, key=comp)
+ return f'{url}/{latest}'
+
+
+def latest_release_from_gnome_org_cache(url, lib_name):
+ cache_url = f'{url}/cache.json'
+ cache = make_request(cache_url, json_response=True)
+ latest_version = cache[2][lib_name][-1]
+ latest_source = cache[1][lib_name][latest_version]['tar.xz']
+ return f'{url}/{latest_source}'
+
+
+def latest_release_json_from_github_api(repo):
+ api_url = f'https://api.github.com/repos/{repo}/releases/latest'
+ token = os.environ.get('GH_TOKEN')
+ if token:
+ log.info('Using GitHub token to avoid rate limiting')
+ return make_request(api_url, token, json_response=True)
+
+
+def latest_openssl_release():
+ return latest_release_json_from_github_api('openssl/openssl')['tarball_url']
+
+
+def latest_zlib_release():
+ return latest_release_from_html('https://zlib.net/fossils', re.compile('zlib-(?P.*).tar.gz'))
+
+
+def latest_libiconv_release():
+ return latest_release_from_html('https://ftpmirror.gnu.org/libiconv', re.compile('libiconv-(?P.*).tar.gz'))
+
+
+def latest_libxml2_release():
+ return latest_release_from_gnome_org_cache('https://download.gnome.org/sources/libxml2', 'libxml2')
+
+
+def latest_libxslt_release():
+ return latest_release_from_gnome_org_cache('https://download.gnome.org/sources/libxslt', 'libxslt')
+
+
+def latest_xmlsec_release():
+ assets = latest_release_json_from_github_api('lsh123/xmlsec')['assets']
+ (tar_gz,) = [asset for asset in assets if asset['name'].endswith('.tar.gz')]
+ return tar_gz['browser_download_url']
diff --git a/build_support/static_build.py b/build_support/static_build.py
new file mode 100644
index 00000000..09e2039a
--- /dev/null
+++ b/build_support/static_build.py
@@ -0,0 +1,453 @@
+import multiprocessing
+import os
+import platform
+import subprocess
+import sys
+import tarfile
+import zipfile
+from distutils.errors import DistutilsError
+from pathlib import Path
+from urllib.parse import urljoin
+from urllib.request import urlcleanup
+
+from .network import download_lib
+from .releases import (
+ latest_libiconv_release,
+ latest_libxml2_release,
+ latest_libxslt_release,
+ latest_openssl_release,
+ latest_xmlsec_release,
+ latest_zlib_release,
+)
+
+
+class CrossCompileInfo:
+ def __init__(self, host, arch, compiler):
+ self.host = host
+ self.arch = arch
+ self.compiler = compiler
+
+ @property
+ def triplet(self):
+ return f'{self.host}-{self.arch}-{self.compiler}'
+
+
+class StaticBuildHelper:
+ def __init__(self, builder):
+ self.builder = builder
+ self.ext = builder.ext_map['xmlsec']
+ self.info = builder.info
+ self._prepare_directories()
+
+ def prepare(self, platform_name):
+ self.info(f'starting static build on {sys.platform}')
+ if platform_name == 'win32':
+ self._prepare_windows_build()
+ elif 'linux' in platform_name or 'darwin' in platform_name:
+ self._prepare_unix_build(platform_name)
+ else:
+ raise DistutilsError(f'Unsupported static build platform: {platform_name}')
+
+ def _prepare_directories(self):
+ buildroot = Path('build', 'tmp')
+
+ prefix_dir = buildroot / 'prefix'
+ prefix_dir.mkdir(parents=True, exist_ok=True)
+ self.prefix_dir = prefix_dir.absolute()
+
+ build_libs_dir = buildroot / 'libs'
+ build_libs_dir.mkdir(exist_ok=True)
+ self.build_libs_dir = build_libs_dir
+
+ libs_dir = Path(os.environ.get('PYXMLSEC_LIBS_DIR', 'libs'))
+ libs_dir.mkdir(exist_ok=True)
+ self.libs_dir = libs_dir
+ self.info('{:20} {}'.format('Lib sources in:', self.libs_dir.absolute()))
+
+ self.builder.prefix_dir = self.prefix_dir
+ self.builder.build_libs_dir = self.build_libs_dir
+ self.builder.libs_dir = self.libs_dir
+
+ def _prepare_windows_build(self):
+ release_url = 'https://github.com/mxamin/python-xmlsec-win-binaries/releases/download/2025.07.10/'
+ if platform.machine() == 'ARM64':
+ suffix = 'win-arm64'
+ elif sys.maxsize > 2**32:
+ suffix = 'win64'
+ else:
+ suffix = 'win32'
+
+ libs = [
+ f'libxml2-2.11.9-3.{suffix}.zip',
+ f'libxslt-1.1.39.{suffix}.zip',
+ f'zlib-1.3.1.{suffix}.zip',
+ f'iconv-1.18-1.{suffix}.zip',
+ f'openssl-3.0.16.pl1.{suffix}.zip',
+ f'xmlsec-1.3.7.{suffix}.zip',
+ ]
+
+ for libfile in libs:
+ url = urljoin(release_url, libfile)
+ destfile = self.libs_dir / libfile
+ if destfile.is_file():
+ self.info(f'Using local copy of "{url}"')
+ else:
+ self.info(f'Retrieving "{url}" to "{destfile}"')
+ urlcleanup()
+ download_lib(url, str(destfile))
+
+ for package in self.libs_dir.glob('*.zip'):
+ with zipfile.ZipFile(str(package)) as archive:
+ destdir = self.build_libs_dir
+ archive.extractall(path=str(destdir))
+
+ self.ext.define_macros = [
+ ('XMLSEC_CRYPTO', '\\"openssl\\"'),
+ ('__XMLSEC_FUNCTION__', '__FUNCTION__'),
+ ('XMLSEC_NO_GOST', '1'),
+ ('XMLSEC_NO_XKMS', '1'),
+ ('XMLSEC_NO_CRYPTO_DYNAMIC_LOADING', '1'),
+ ('XMLSEC_CRYPTO_OPENSSL', '1'),
+ ('UNICODE', '1'),
+ ('_UNICODE', '1'),
+ ('LIBXML_ICONV_ENABLED', 1),
+ ('LIBXML_STATIC', '1'),
+ ('LIBXSLT_STATIC', 1),
+ ('XMLSEC_STATIC', 1),
+ ('inline', '__inline'),
+ ]
+ self.ext.libraries = [
+ 'libxmlsec_a',
+ 'libxmlsec-openssl_a',
+ 'libcrypto',
+ 'iconv_a',
+ 'libxslt_a',
+ 'libexslt_a',
+ 'libxml2_a',
+ 'zlib',
+ 'WS2_32',
+ 'Advapi32',
+ 'User32',
+ 'Gdi32',
+ 'Crypt32',
+ ]
+ self.ext.library_dirs = [str(path.absolute()) for path in self.build_libs_dir.rglob('lib')]
+
+ includes = [path for path in self.build_libs_dir.rglob('include') if path.is_dir()]
+ includes.append(next(path / 'xmlsec' for path in includes if (path / 'xmlsec').is_dir()))
+ self.ext.include_dirs = [str(path.absolute()) for path in includes]
+
+ def _prepare_unix_build(self, build_platform):
+ self._capture_version_overrides()
+ archives = self._ensure_source_archives()
+ self._extract_archives(archives)
+
+ env, prefix_arg, ldflags, cross_compile = self._prepare_build_environment(build_platform)
+ self._build_dependencies(env, prefix_arg, ldflags, cross_compile)
+ self._configure_extension_for_static(build_platform)
+
+ def _capture_version_overrides(self):
+ builder = self.builder
+ builder.openssl_version = os.environ.get('PYXMLSEC_OPENSSL_VERSION', '3.6.0')
+ builder.libiconv_version = os.environ.get('PYXMLSEC_LIBICONV_VERSION', '1.18')
+ builder.libxml2_version = os.environ.get('PYXMLSEC_LIBXML2_VERSION', '2.14.6')
+ builder.libxslt_version = os.environ.get('PYXMLSEC_LIBXSLT_VERSION', '1.1.43')
+ builder.zlib_version = os.environ.get('PYXMLSEC_ZLIB_VERSION', '1.3.1')
+ builder.xmlsec1_version = os.environ.get('PYXMLSEC_XMLSEC1_VERSION', '1.3.9')
+
+ def _ensure_source_archives(self):
+ return [
+ self._ensure_source(
+ name='OpenSSL',
+ glob='openssl*.tar.gz',
+ filename='openssl.tar.gz',
+ version=self.builder.openssl_version,
+ env_label='PYXMLSEC_OPENSSL_VERSION',
+ default_url=latest_openssl_release,
+ version_url=lambda v: f'https://api.github.com/repos/openssl/openssl/tarball/openssl-{v}',
+ ),
+ self._ensure_source(
+ name='zlib',
+ glob='zlib*.tar.gz',
+ filename='zlib.tar.gz',
+ version=self.builder.zlib_version,
+ env_label='PYXMLSEC_ZLIB_VERSION',
+ default_url=latest_zlib_release,
+ version_url=lambda v: f'https://zlib.net/fossils/zlib-{v}.tar.gz',
+ ),
+ self._ensure_source(
+ name='libiconv',
+ glob='libiconv*.tar.gz',
+ filename='libiconv.tar.gz',
+ version=self.builder.libiconv_version,
+ env_label='PYXMLSEC_LIBICONV_VERSION',
+ default_url=latest_libiconv_release,
+ version_url=lambda v: f'https://ftpmirror.gnu.org/libiconv/libiconv-{v}.tar.gz',
+ ),
+ self._ensure_source(
+ name='libxml2',
+ glob='libxml2*.tar.xz',
+ filename='libxml2.tar.xz',
+ version=self.builder.libxml2_version,
+ env_label='PYXMLSEC_LIBXML2_VERSION',
+ default_url=latest_libxml2_release,
+ version_url=lambda v: self._libxml_related_url('libxml2', v),
+ ),
+ self._ensure_source(
+ name='libxslt',
+ glob='libxslt*.tar.xz',
+ filename='libxslt.tar.xz',
+ version=self.builder.libxslt_version,
+ env_label='PYXMLSEC_LIBXSLT_VERSION',
+ default_url=latest_libxslt_release,
+ version_url=lambda v: self._libxml_related_url('libxslt', v),
+ ),
+ self._ensure_source(
+ name='xmlsec1',
+ glob='xmlsec1*.tar.gz',
+ filename='xmlsec1.tar.gz',
+ version=self.builder.xmlsec1_version,
+ env_label='PYXMLSEC_XMLSEC1_VERSION',
+ default_url=latest_xmlsec_release,
+ version_url=lambda v: f'https://github.com/lsh123/xmlsec/releases/download/{v}/xmlsec1-{v}.tar.gz',
+ ),
+ ]
+
+ def _ensure_source(self, name, glob, filename, version, env_label, default_url, version_url):
+ archive = next(self.libs_dir.glob(glob), None)
+ if archive is not None:
+ return archive
+
+ self.info('{:10}: {}'.format(name, 'source tar not found, downloading ...'))
+ archive = self.libs_dir / filename
+ if version is None:
+ url = default_url()
+ self.info('{:10}: {}'.format(name, f'{env_label} unset, downloading latest from {url}'))
+ else:
+ url = version_url(version)
+ self.info('{:10}: {}'.format(name, f'{env_label}={version}, downloading from {url}'))
+ download_lib(url, str(archive))
+ return archive
+
+ def _libxml_related_url(self, lib_name, version):
+ version_prefix, _ = version.rsplit('.', 1)
+ return f'https://download.gnome.org/sources/{lib_name}/{version_prefix}/{lib_name}-{version}.tar.xz'
+
+ def _extract_archives(self, archives):
+ for archive in archives:
+ self.info(f'Unpacking {archive.name}')
+ try:
+ with tarfile.open(str(archive)) as tar:
+ tar.extractall(path=str(self.build_libs_dir))
+ except EOFError as error:
+ raise DistutilsError(f'Bad {archive.name} downloaded; remove it and try again.') from error
+
+ def _prepare_build_environment(self, build_platform):
+ prefix_arg = f'--prefix={self.prefix_dir}'
+ env = os.environ.copy()
+
+ cflags = []
+ if env.get('CFLAGS'):
+ cflags.append(env['CFLAGS'])
+ cflags.append('-fPIC')
+
+ ldflags = []
+ if env.get('LDFLAGS'):
+ ldflags.append(env['LDFLAGS'])
+
+ cross_compile = None
+ if build_platform == 'darwin':
+ arch = self.builder.plat_name.rsplit('-', 1)[1]
+ if arch != platform.machine() and arch in ('x86_64', 'arm64'):
+ self.info(f'Cross-compiling for {arch}')
+ cflags.append(f'-arch {arch}')
+ ldflags.append(f'-arch {arch}')
+ cross_compile = CrossCompileInfo('darwin64', arch, 'cc')
+ major_version, _ = tuple(map(int, platform.mac_ver()[0].split('.')[:2]))
+ if major_version >= 11 and 'MACOSX_DEPLOYMENT_TARGET' not in env:
+ env['MACOSX_DEPLOYMENT_TARGET'] = '11.0'
+
+ env['CFLAGS'] = ' '.join(cflags)
+ env['LDFLAGS'] = ' '.join(ldflags)
+ return env, prefix_arg, ldflags, cross_compile
+
+ def _build_dependencies(self, env, prefix_arg, ldflags, cross_compile):
+ self._build_openssl(env, prefix_arg, cross_compile)
+ self._build_zlib(env, prefix_arg)
+
+ host_arg = [f'--host={cross_compile.arch}'] if cross_compile else []
+ self._build_libiconv(env, prefix_arg, host_arg)
+ self._build_libxml2(env, prefix_arg, host_arg)
+ self._build_libxslt(env, prefix_arg, host_arg)
+
+ ldflags.append('-lpthread')
+ env['LDFLAGS'] = ' '.join(ldflags)
+ self._build_xmlsec1(env, prefix_arg, host_arg)
+
+ def _build_openssl(self, env, prefix_arg, cross_compile):
+ self.info('Building OpenSSL')
+ openssl_dir = next(self.build_libs_dir.glob('openssl-*'))
+ openssl_config_cmd = [prefix_arg, 'no-shared', '-fPIC', '--libdir=lib']
+ if platform.machine() == 'riscv64':
+ # openssl(riscv64): disable ASM to avoid R_RISCV_JAL relocation failure on 3.5.2
+ # OpenSSL 3.5.2 enables RISC-V64 AES assembly by default. When we statically
+ # link libcrypto alongside xmlsec, the AES asm path triggers a link-time error:
+ # relocation truncated to fit: R_RISCV_JAL against symbol `AES_set_encrypt_key'
+ # in .../libcrypto.a(libcrypto-lib-aes-riscv64.o)
+ # This appears to stem from a long-range jump emitted by the AES asm generator
+ # (see aes-riscv64.pl around L1069), which can exceed the JAL reach when objects
+ # end up far apart in the final static link.
+ # As a pragmatic workaround, disable ASM on riscv64 (pass `no-asm`) so the
+ # portable C implementation is used. This unblocks the build at the cost of
+ # some crypto performance on riscv64 only.
+ # Refs:
+ # - https://github.com/openssl/openssl/blob/0893a62/crypto/aes/asm/aes-riscv64.pl#L1069
+ openssl_config_cmd.append('no-asm')
+ if cross_compile:
+ openssl_config_cmd.insert(0, './Configure')
+ openssl_config_cmd.append(cross_compile.triplet)
+ else:
+ openssl_config_cmd.insert(0, './config')
+ subprocess.check_call(openssl_config_cmd, cwd=str(openssl_dir), env=env)
+ subprocess.check_call(['make', f'-j{multiprocessing.cpu_count() + 1}'], cwd=str(openssl_dir), env=env)
+ subprocess.check_call(['make', f'-j{multiprocessing.cpu_count() + 1}', 'install_sw'], cwd=str(openssl_dir), env=env)
+
+ def _build_zlib(self, env, prefix_arg):
+ self.info('Building zlib')
+ zlib_dir = next(self.build_libs_dir.glob('zlib-*'))
+ subprocess.check_call(['./configure', prefix_arg], cwd=str(zlib_dir), env=env)
+ subprocess.check_call(['make', f'-j{multiprocessing.cpu_count() + 1}'], cwd=str(zlib_dir), env=env)
+ subprocess.check_call(['make', f'-j{multiprocessing.cpu_count() + 1}', 'install'], cwd=str(zlib_dir), env=env)
+
+ def _build_libiconv(self, env, prefix_arg, host_arg):
+ self.info('Building libiconv')
+ libiconv_dir = next(self.build_libs_dir.glob('libiconv-*'))
+ subprocess.check_call(
+ [
+ './configure',
+ prefix_arg,
+ '--disable-dependency-tracking',
+ '--disable-shared',
+ *host_arg,
+ ],
+ cwd=str(libiconv_dir),
+ env=env,
+ )
+ subprocess.check_call(['make', f'-j{multiprocessing.cpu_count() + 1}'], cwd=str(libiconv_dir), env=env)
+ subprocess.check_call(['make', f'-j{multiprocessing.cpu_count() + 1}', 'install'], cwd=str(libiconv_dir), env=env)
+
+ def _build_libxml2(self, env, prefix_arg, host_arg):
+ self.info('Building LibXML2')
+ libxml2_dir = next(self.build_libs_dir.glob('libxml2-*'))
+ subprocess.check_call(
+ [
+ './configure',
+ prefix_arg,
+ '--disable-dependency-tracking',
+ '--disable-shared',
+ '--without-lzma',
+ '--without-python',
+ f'--with-iconv={self.prefix_dir}',
+ f'--with-zlib={self.prefix_dir}',
+ *host_arg,
+ ],
+ cwd=str(libxml2_dir),
+ env=env,
+ )
+ subprocess.check_call(['make', f'-j{multiprocessing.cpu_count() + 1}'], cwd=str(libxml2_dir), env=env)
+ subprocess.check_call(['make', f'-j{multiprocessing.cpu_count() + 1}', 'install'], cwd=str(libxml2_dir), env=env)
+
+ def _build_libxslt(self, env, prefix_arg, host_arg):
+ self.info('Building libxslt')
+ libxslt_dir = next(self.build_libs_dir.glob('libxslt-*'))
+ subprocess.check_call(
+ [
+ './configure',
+ prefix_arg,
+ '--disable-dependency-tracking',
+ '--disable-shared',
+ '--without-python',
+ '--without-crypto',
+ f'--with-libxml-prefix={self.prefix_dir}',
+ *host_arg,
+ ],
+ cwd=str(libxslt_dir),
+ env=env,
+ )
+ subprocess.check_call(['make', f'-j{multiprocessing.cpu_count() + 1}'], cwd=str(libxslt_dir), env=env)
+ subprocess.check_call(['make', f'-j{multiprocessing.cpu_count() + 1}', 'install'], cwd=str(libxslt_dir), env=env)
+
+ def _build_xmlsec1(self, env, prefix_arg, host_arg):
+ self.info('Building xmlsec1')
+ xmlsec1_dir = next(self.build_libs_dir.glob('xmlsec1-*'))
+ subprocess.check_call(
+ [
+ './configure',
+ prefix_arg,
+ '--disable-shared',
+ '--disable-gost',
+ '--enable-md5',
+ '--enable-ripemd160',
+ '--disable-crypto-dl',
+ '--enable-static=yes',
+ '--enable-shared=no',
+ '--enable-static-linking=yes',
+ '--with-default-crypto=openssl',
+ f'--with-openssl={self.prefix_dir}',
+ f'--with-libxml={self.prefix_dir}',
+ f'--with-libxslt={self.prefix_dir}',
+ *host_arg,
+ ],
+ cwd=str(xmlsec1_dir),
+ env=env,
+ )
+ include_flags = [
+ f'-I{self.prefix_dir / "include"}',
+ f'-I{self.prefix_dir / "include" / "libxml"}',
+ ]
+ subprocess.check_call(
+ ['make', f'-j{multiprocessing.cpu_count() + 1}', *include_flags],
+ cwd=str(xmlsec1_dir),
+ env=env,
+ )
+ subprocess.check_call(['make', f'-j{multiprocessing.cpu_count() + 1}', 'install'], cwd=str(xmlsec1_dir), env=env)
+
+ def _configure_extension_for_static(self, build_platform):
+ self.ext.define_macros = [
+ ('__XMLSEC_FUNCTION__', '__func__'),
+ ('XMLSEC_NO_SIZE_T', None),
+ ('XMLSEC_NO_GOST', '1'),
+ ('XMLSEC_NO_GOST2012', '1'),
+ ('XMLSEC_NO_XKMS', '1'),
+ ('XMLSEC_CRYPTO', '\\"openssl\\"'),
+ ('XMLSEC_NO_CRYPTO_DYNAMIC_LOADING', '1'),
+ ('XMLSEC_CRYPTO_OPENSSL', '1'),
+ ('LIBXML_ICONV_ENABLED', 1),
+ ('LIBXML_STATIC', 1),
+ ('LIBXSLT_STATIC', 1),
+ ('XMLSEC_STATIC', 1),
+ ('inline', '__inline'),
+ ('UNICODE', '1'),
+ ('_UNICODE', '1'),
+ ]
+
+ self.ext.include_dirs.append(str(self.prefix_dir / 'include'))
+ self.ext.include_dirs.extend([str(path.absolute()) for path in (self.prefix_dir / 'include').iterdir() if path.is_dir()])
+
+ self.ext.library_dirs = []
+ if build_platform == 'linux':
+ self.ext.libraries = ['m', 'rt']
+ extra_objects = [
+ 'libxmlsec1.a',
+ 'libxslt.a',
+ 'libxml2.a',
+ 'libz.a',
+ 'libxmlsec1-openssl.a',
+ 'libcrypto.a',
+ 'libiconv.a',
+ 'libxmlsec1.a',
+ ]
+ self.ext.extra_objects = [str(self.prefix_dir / 'lib' / obj) for obj in extra_objects]
+
+
+__all__ = ('CrossCompileInfo', 'StaticBuildHelper')
diff --git a/doc/source/conf.py b/doc/source/conf.py
index 35329050..900b79da 100644
--- a/doc/source/conf.py
+++ b/doc/source/conf.py
@@ -19,12 +19,12 @@
source_suffix = '.rst'
master_doc = 'index'
-project = u'python-xmlsec'
-copyright = u'2020, Oleg Hoefling ' # noqa: A001
-author = u'Bulat Gaifullin '
+project = 'python-xmlsec'
+copyright = '2020, Oleg Hoefling '
+author = 'Bulat Gaifullin '
release = importlib.metadata.version('xmlsec')
parsed: Version = parse(release)
-version = '{}.{}'.format(parsed.major, parsed.minor)
+version = f'{parsed.major}.{parsed.minor}'
exclude_patterns: list[str] = []
pygments_style = 'sphinx'
@@ -39,19 +39,19 @@
(
master_doc,
'python-xmlsec.tex',
- u'python-xmlsec Documentation',
- u'Bulat Gaifullin \\textless{}gaifullinbf@gmail.com\\textgreater{}',
+ 'python-xmlsec Documentation',
+ 'Bulat Gaifullin \\textless{}gaifullinbf@gmail.com\\textgreater{}',
'manual',
)
]
-man_pages = [(master_doc, 'python-xmlsec', u'python-xmlsec Documentation', [author], 1)]
+man_pages = [(master_doc, 'python-xmlsec', 'python-xmlsec Documentation', [author], 1)]
texinfo_documents = [
(
master_doc,
'python-xmlsec',
- u'python-xmlsec Documentation',
+ 'python-xmlsec Documentation',
author,
'python-xmlsec',
'One line description of project.',
@@ -63,10 +63,10 @@
autodoc_docstring_signature = True
-rst_prolog = '''
+rst_prolog = """
.. role:: xml(code)
:language: xml
-'''
+"""
# LXML crossref'ing stuff:
# LXML doesn't have an intersphinx docs,
@@ -75,8 +75,7 @@
def lxml_element_doc_reference(app: Sphinx, env: BuildEnvironment, node: pending_xref, contnode: Text) -> reference:
- """
- Handle a missing reference only if it is a ``lxml.etree._Element`` ref.
+ """Handle a missing reference only if it is a ``lxml.etree._Element`` ref.
We handle only :class:`lxml.etree._Element` and :class:`~lxml.etree._Element` nodes.
"""
@@ -85,7 +84,7 @@ def lxml_element_doc_reference(app: Sphinx, env: BuildEnvironment, node: pending
and node.get('reftarget', None) == 'lxml.etree._Element'
and contnode.astext() in ('lxml.etree._Element', '_Element')
):
- reftitle = '(in lxml v{})'.format(lxml.__version__) # type: ignore[attr-defined]
+ reftitle = f'(in lxml v{lxml.__version__})' # type: ignore[attr-defined]
newnode = reference('', '', internal=False, refuri=lxml_element_cls_doc_uri, reftitle=reftitle)
newnode.append(contnode)
return newnode
diff --git a/doc/source/examples/decrypt.py b/doc/source/examples/decrypt.py
index e107756f..cb474d22 100644
--- a/doc/source/examples/decrypt.py
+++ b/doc/source/examples/decrypt.py
@@ -6,7 +6,7 @@
key = xmlsec.Key.from_file('rsakey.pem', xmlsec.constants.KeyDataFormatPem)
manager.add_key(key)
enc_ctx = xmlsec.EncryptionContext(manager)
-root = etree.parse("enc1-res.xml").getroot()
-enc_data = xmlsec.tree.find_child(root, "EncryptedData", xmlsec.constants.EncNs)
+root = etree.parse('enc1-res.xml').getroot()
+enc_data = xmlsec.tree.find_child(root, 'EncryptedData', xmlsec.constants.EncNs)
decrypted = enc_ctx.decrypt(enc_data)
print(etree.tostring(decrypted))
diff --git a/doc/source/examples/encrypt.py b/doc/source/examples/encrypt.py
index 98f63b6f..2a92264e 100644
--- a/doc/source/examples/encrypt.py
+++ b/doc/source/examples/encrypt.py
@@ -9,11 +9,11 @@
template,
xmlsec.constants.TransformAes128Cbc,
type=xmlsec.constants.TypeEncElement,
- ns="xenc",
+ ns='xenc',
)
xmlsec.template.encrypted_data_ensure_cipher_value(enc_data)
-key_info = xmlsec.template.encrypted_data_ensure_key_info(enc_data, ns="dsig")
+key_info = xmlsec.template.encrypted_data_ensure_key_info(enc_data, ns='dsig')
enc_key = xmlsec.template.add_encrypted_key(key_info, xmlsec.constants.TransformRsaOaep)
xmlsec.template.encrypted_data_ensure_cipher_value(enc_key)
data = template.find('./Data')
@@ -24,20 +24,10 @@
manager.add_key(key)
enc_ctx = xmlsec.EncryptionContext(manager)
-enc_ctx.key = xmlsec.Key.generate(
- xmlsec.constants.KeyDataAes, 128, xmlsec.constants.KeyDataTypeSession
-)
+enc_ctx.key = xmlsec.Key.generate(xmlsec.constants.KeyDataAes, 128, xmlsec.constants.KeyDataTypeSession)
enc_data = enc_ctx.encrypt_xml(enc_data, data)
-enc_method = xmlsec.tree.find_child(
- enc_data, xmlsec.constants.NodeEncryptionMethod, xmlsec.constants.EncNs
-)
-key_info = xmlsec.tree.find_child(
- enc_data, xmlsec.constants.NodeKeyInfo, xmlsec.constants.DSigNs
-)
-enc_method = xmlsec.tree.find_node(
- key_info, xmlsec.constants.NodeEncryptionMethod, xmlsec.constants.EncNs
-)
-cipher_value = xmlsec.tree.find_node(
- key_info, xmlsec.constants.NodeCipherValue, xmlsec.constants.EncNs
-)
+enc_method = xmlsec.tree.find_child(enc_data, xmlsec.constants.NodeEncryptionMethod, xmlsec.constants.EncNs)
+key_info = xmlsec.tree.find_child(enc_data, xmlsec.constants.NodeKeyInfo, xmlsec.constants.DSigNs)
+enc_method = xmlsec.tree.find_node(key_info, xmlsec.constants.NodeEncryptionMethod, xmlsec.constants.EncNs)
+cipher_value = xmlsec.tree.find_node(key_info, xmlsec.constants.NodeCipherValue, xmlsec.constants.EncNs)
print(etree.tostring(cipher_value))
diff --git a/doc/source/examples/verify.py b/doc/source/examples/verify.py
index 808a53c2..c3240c99 100644
--- a/doc/source/examples/verify.py
+++ b/doc/source/examples/verify.py
@@ -5,7 +5,7 @@
with open('sign1-res.xml') as fp:
template = etree.parse(fp).getroot()
-xmlsec.tree.add_ids(template, ["ID"])
+xmlsec.tree.add_ids(template, ['ID'])
signature_node = xmlsec.tree.find_node(template, xmlsec.constants.NodeSignature)
# Create a digital signature context (no key manager is needed).
ctx = xmlsec.SignatureContext()
diff --git a/doc/source/install.rst b/doc/source/install.rst
index 834b9acb..c892a3ea 100644
--- a/doc/source/install.rst
+++ b/doc/source/install.rst
@@ -59,7 +59,7 @@ Alpine
.. code-block:: bash
- apk add build-base libressl libffi-dev libressl-dev libxslt-dev libxml2-dev xmlsec-dev xmlsec
+ apk add build-base openssl libffi-dev openssl-dev libxslt-dev libxml2-dev xmlsec-dev xmlsec
Troubleshooting
diff --git a/doc/source/requirements.txt b/doc/source/requirements.txt
index 6b78694a..ffb2b6d3 100644
--- a/doc/source/requirements.txt
+++ b/doc/source/requirements.txt
@@ -1,4 +1,4 @@
-lxml>=3.8
+lxml==6.0.2
importlib_metadata;python_version < '3.8'
packaging
Sphinx>=3
diff --git a/pyproject.toml b/pyproject.toml
index 540f91c1..7c7b4bf3 100644
--- a/pyproject.toml
+++ b/pyproject.toml
@@ -1,3 +1,6 @@
+[build-system]
+requires = ["setuptools==80.9.0", "wheel", "setuptools_scm[toml]>=3.4", "pkgconfig>=1.5.1", "lxml==6.0.2"]
+
[tool.mypy]
files = ['src']
ignore_missing_imports = false
@@ -19,46 +22,86 @@ warn_no_return = true
no_implicit_reexport = true
show_error_codes = true
-[tool.black]
-line_length = 130
-skip-string-normalization = true
-target_version = ['py39']
-include = '\.pyi?$'
-exclude = '''
+[tool.ruff]
+# Maximum line length, same as your original Black + Flake8 config
+line-length = 130
-(
- /(
- \.eggs # exclude a few common directories in the
- | \.git # root of the project
- | \.mypy_cache
- | \.tox
- | build
- | dist
- )/
-)
-'''
+# Target Python version (used for autofixes and style rules)
+target-version = "py39"
-[tool.isort]
-profile = 'black'
-known_first_party = ['xmlsec']
-known_third_party = ['lxml', 'pytest', '_pytest', 'hypothesis']
+# Directories and files to exclude from linting and formatting
+exclude = [
+ ".venv*", # virtual environments
+ ".git", # git directory
+ "build", # build output
+ "dist", # distribution packages
+ "libs", # vendor libraries
+ ".eggs", # setuptools egg folders
+ ".direnv*", # direnv environments
+ "*_pb2.pyi" # protobuf-generated type stubs
+]
-[build-system]
-requires = ['setuptools>=42', 'wheel', 'setuptools_scm[toml]>=3.4', "pkgconfig>=1.5.1", "lxml>=3.8, !=4.7.0"]
+[tool.ruff.lint]
+# Enable rule categories:
+# E = pycodestyle (style issues, like indentation, whitespace, etc.)
+# F = pyflakes (unused imports, undefined names)
+# I = isort (import sorting)
+# B = flake8-bugbear (common bugs & anti-patterns)
+# UP = pyupgrade (auto-upgrade syntax for newer Python)
+# SIM = flake8-simplify (simplifiable code patterns)
+# RUF = Ruff-native rules (extra, performance-optimized checks)
+select = ["E", "F", "I", "B", "UP", "SIM", "RUF"]
+# TODO: Add more rule categories as needed, e.g.:
+# D = pydocstyle (docstring format/style issues)
+
+[tool.ruff.lint.per-file-ignores]
+"*.pyi" = [
+ # Ignore formatting and import errors in stub files
+ "E301", # expected 1 blank line, found 0
+ "E302", # expected 2 blank lines, found 1
+ "E305", # expected 2 blank lines after class or function
+ "E501", # line too long
+ "E701", # multiple statements on one line
+ "F401", # unused import
+ "F811", # redefinition of unused name
+ "F822" # undefined name in `__all__`
+]
+"doc/source/conf.py" = [
+ "D1" # missing docstring in public module/class/function
+]
+"doc/source/examples/*.py" = [
+ "D1", # allow missing docstrings in examples
+ "E501" # allow long lines in code examples
+]
+"tests/*.py" = [
+ "D1" # allow missing docstrings in test files
+]
+
+[tool.ruff.format]
+# Always use single quotes (e.g., 'text' instead of "text")
+quote-style = "single"
+
+# Format code with or without trailing commas
+# true = prefer trailing commas where valid
+skip-magic-trailing-comma = false
+
+# Enforce Unix-style line endings (LF)
+line-ending = "lf"
[tool.cibuildwheel]
+build = [
+ "cp39-*",
+ "cp310-*",
+ "cp311-*",
+ "cp312-*",
+ "cp313-*",
+ "cp314-*"
+]
build-verbosity = 1
build-frontend = "build"
skip = [
- "pp*",
- "*-musllinux_i686",
- # LXML doesn't publish wheels for these platforms, which makes it
- # difficult for us to build wheels, so we exclude them.
- "cp36-*",
- "cp37-*",
- "cp38-manylinux_aarch64",
- "cp38-musllinux_aarch64",
- "cp38-macosx*",
+ "pp*", # Skips PyPy builds (pp38-*, pp39-*, etc.)
+ "*musllinux_riscv64" # maturin and ruff currently don’t support the musl + riscv64 target
]
test-command = "pytest -v --color=yes {package}/tests"
before-test = "pip install -r requirements-test.txt"
@@ -68,7 +111,7 @@ test-skip = "*-macosx_arm64"
PYXMLSEC_STATIC_DEPS = "true"
[tool.cibuildwheel.linux]
-archs = ["x86_64", "aarch64", "i686"]
+archs = ["x86_64", "aarch64", "riscv64"]
environment-pass = [
"PYXMLSEC_LIBXML2_VERSION",
"PYXMLSEC_LIBXSLT_VERSION",
@@ -81,7 +124,7 @@ archs = ["x86_64", "arm64"]
before-all = "brew install perl"
[tool.cibuildwheel.windows]
-archs = ["AMD64", "x86"]
+archs = ["AMD64"]
[[tool.cibuildwheel.overrides]]
select = "*-manylinux*"
diff --git a/requirements-test.txt b/requirements-test.txt
index eb543402..ad135d97 100644
--- a/requirements-test.txt
+++ b/requirements-test.txt
@@ -1,3 +1,5 @@
-r requirements.txt
-pytest>=4.6.9
-lxml-stubs
+
+pytest==8.4.1
+lxml-stubs==0.5.1
+ruff[format]==0.13.0
diff --git a/requirements.txt b/requirements.txt
index 014bfe10..8221c374 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -1 +1 @@
-lxml >= 3.8.0, !=4.7.0
+lxml==6.0.2
diff --git a/setup.cfg b/setup.cfg
index c090b4e8..8762c654 100644
--- a/setup.cfg
+++ b/setup.cfg
@@ -1,5 +1,5 @@
[metadata]
-description_file = README.rst
+description_file = README.md
[bdist_rpm]
release = 1
@@ -12,14 +12,11 @@ source-dir = doc/source
build-dir = doc/build
all_files = 1
-[upload_docs]
-upload_dir = doc/build/html
-
-[flake8]
-per-file-ignores =
- *.pyi: E301, E302, E305, E501, E701, F401, F822
- doc/source/conf.py: D1
- doc/source/examples/*.py: D1, E501
- tests/*.py: D1
-exclude = .venv*,.git,*_pb2.pyi,build,dist,libs,.eggs,.direnv*
-max-line-length = 130
+# [flake8]
+# per-file-ignores =
+# *.pyi: E301, E302, E305, E501, E701, F401, F822
+# doc/source/conf.py: D1
+# doc/source/examples/*.py: D1, E501
+# tests/*.py: D1
+# exclude = .venv*,.git,*_pb2.pyi,build,dist,libs,.eggs,.direnv*
+# max-line-length = 130
diff --git a/setup.py b/setup.py
index 7c4a2e63..4100a52b 100644
--- a/setup.py
+++ b/setup.py
@@ -1,591 +1,17 @@
-import contextlib
-import html.parser
-import io
-import json
-import multiprocessing
-import os
-import platform
-import re
-import subprocess
-import sys
-import tarfile
-import zipfile
-from distutils import log
-from distutils.errors import DistutilsError
-from distutils.version import StrictVersion as Version
from pathlib import Path
-from urllib.parse import urljoin
-from urllib.request import Request, urlcleanup, urlopen, urlretrieve
from setuptools import Extension, setup
-from setuptools.command.build_ext import build_ext as build_ext_orig
-
-
-class HrefCollector(html.parser.HTMLParser):
- def __init__(self, *args, **kwargs):
- super().__init__(*args, **kwargs)
- self.hrefs = []
-
- def handle_starttag(self, tag, attrs):
- if tag == 'a':
- for name, value in attrs:
- if name == 'href':
- self.hrefs.append(value)
-
-
-def make_request(url, github_token=None, json_response=False):
- headers = {'User-Agent': 'https://github.com/xmlsec/python-xmlsec'}
- if github_token:
- headers['authorization'] = "Bearer " + github_token
- request = Request(url, headers=headers)
- with contextlib.closing(urlopen(request)) as r:
- charset = r.headers.get_content_charset() or 'utf-8'
- content = r.read().decode(charset)
- if json_response:
- return json.loads(content)
- else:
- return content
-
-
-def latest_release_from_html(url, matcher):
- content = make_request(url)
- collector = HrefCollector()
- collector.feed(content)
- hrefs = collector.hrefs
-
- def comp(text):
- try:
- return Version(matcher.match(text).groupdict()['version'])
- except (AttributeError, ValueError):
- return Version('0.0')
-
- latest = max(hrefs, key=comp)
- return '{}/{}'.format(url, latest)
-
-
-def latest_release_from_gnome_org_cache(url, lib_name):
- cache_url = '{}/cache.json'.format(url)
- cache = make_request(cache_url, json_response=True)
- latest_version = cache[2][lib_name][-1]
- latest_source = cache[1][lib_name][latest_version]['tar.xz']
- return '{}/{}'.format(url, latest_source)
-
-
-def latest_release_json_from_github_api(repo):
- api_url = 'https://api.github.com/repos/{}/releases/latest'.format(repo)
-
- # if we are running in CI, pass along the GH_TOKEN, so we don't get rate limited
- token = os.environ.get("GH_TOKEN")
- if token:
- log.info("Using GitHub token to avoid rate limiting")
- return make_request(api_url, token, json_response=True)
-
-
-def latest_openssl_release():
- return latest_release_json_from_github_api('openssl/openssl')['tarball_url']
-
-
-def latest_zlib_release():
- return latest_release_from_html('https://zlib.net/fossils', re.compile('zlib-(?P.*).tar.gz'))
-
-
-def latest_libiconv_release():
- return latest_release_from_html('https://ftp.gnu.org/pub/gnu/libiconv', re.compile('libiconv-(?P.*).tar.gz'))
-
-
-def latest_libxml2_release():
- return latest_release_from_gnome_org_cache('https://download.gnome.org/sources/libxml2', 'libxml2')
-
-
-def latest_libxslt_release():
- return latest_release_from_gnome_org_cache('https://download.gnome.org/sources/libxslt', 'libxslt')
-
-
-def latest_xmlsec_release():
- assets = latest_release_json_from_github_api('lsh123/xmlsec')['assets']
- (tar_gz,) = [asset for asset in assets if asset['name'].endswith('.tar.gz')]
- return tar_gz['browser_download_url']
-
-
-class CrossCompileInfo:
- def __init__(self, host, arch, compiler):
- self.host = host
- self.arch = arch
- self.compiler = compiler
-
- @property
- def triplet(self):
- return "{}-{}-{}".format(self.host, self.arch, self.compiler)
-
-
-class build_ext(build_ext_orig):
- def info(self, message):
- self.announce(message, level=log.INFO)
-
- def run(self):
- ext = self.ext_map['xmlsec']
- self.debug = os.environ.get('PYXMLSEC_ENABLE_DEBUG', False)
- self.static = os.environ.get('PYXMLSEC_STATIC_DEPS', False)
- self.size_opt = os.environ.get('PYXMLSEC_OPTIMIZE_SIZE', True)
-
- if self.static or sys.platform == 'win32':
- self.info('starting static build on {}'.format(sys.platform))
- buildroot = Path('build', 'tmp')
-
- self.prefix_dir = buildroot / 'prefix'
- self.prefix_dir.mkdir(parents=True, exist_ok=True)
- self.prefix_dir = self.prefix_dir.absolute()
-
- self.build_libs_dir = buildroot / 'libs'
- self.build_libs_dir.mkdir(exist_ok=True)
-
- self.libs_dir = Path(os.environ.get('PYXMLSEC_LIBS_DIR', 'libs'))
- self.libs_dir.mkdir(exist_ok=True)
- self.info('{:20} {}'.format('Lib sources in:', self.libs_dir.absolute()))
-
- if sys.platform == 'win32':
- self.prepare_static_build_win()
- elif 'linux' in sys.platform:
- self.prepare_static_build(sys.platform)
- elif 'darwin' in sys.platform:
- self.prepare_static_build(sys.platform)
- else:
- import pkgconfig
-
- try:
- config = pkgconfig.parse('xmlsec1')
- except EnvironmentError:
- raise DistutilsError('Unable to invoke pkg-config.')
- except pkgconfig.PackageNotFoundError:
- raise DistutilsError('xmlsec1 is not installed or not in path.')
-
- if config is None or not config.get('libraries'):
- raise DistutilsError('Bad or incomplete result returned from pkg-config.')
-
- ext.define_macros.extend(config['define_macros'])
- ext.include_dirs.extend(config['include_dirs'])
- ext.library_dirs.extend(config['library_dirs'])
- ext.libraries.extend(config['libraries'])
-
- import lxml
-
- ext.include_dirs.extend(lxml.get_include())
-
- ext.define_macros.extend(
- [('MODULE_NAME', self.distribution.metadata.name), ('MODULE_VERSION', self.distribution.metadata.version)]
- )
- # escape the XMLSEC_CRYPTO macro value, see mehcode/python-xmlsec#141
- for key, value in ext.define_macros:
- if key == 'XMLSEC_CRYPTO' and not (value.startswith('"') and value.endswith('"')):
- ext.define_macros.remove((key, value))
- ext.define_macros.append((key, '"{0}"'.format(value)))
- break
-
- if sys.platform == 'win32':
- ext.extra_compile_args.append('/Zi')
- else:
- ext.extra_compile_args.extend(
- [
- '-g',
- '-std=c99',
- '-fPIC',
- '-fno-strict-aliasing',
- '-Wno-error=declaration-after-statement',
- '-Werror=implicit-function-declaration',
- ]
- )
-
- if self.debug:
- ext.define_macros.append(('PYXMLSEC_ENABLE_DEBUG', '1'))
- if sys.platform == 'win32':
- ext.extra_compile_args.append('/Od')
- else:
- ext.extra_compile_args.append('-Wall')
- ext.extra_compile_args.append('-O0')
- else:
- if self.size_opt:
- if sys.platform == 'win32':
- ext.extra_compile_args.append('/Os')
- else:
- ext.extra_compile_args.append('-Os')
-
- super(build_ext, self).run()
-
- def prepare_static_build_win(self):
- release_url = 'https://github.com/mxamin/python-xmlsec-win-binaries/releases/download/2025.07.10/'
- if platform.machine() == 'ARM64':
- suffix = 'win-arm64'
- elif sys.maxsize > 2**32: # 2.0 GiB
- suffix = 'win64'
- else:
- suffix = 'win32'
-
- libs = [
- 'libxml2-2.11.9-3.{}.zip'.format(suffix),
- 'libxslt-1.1.39.{}.zip'.format(suffix),
- 'zlib-1.3.1.{}.zip'.format(suffix),
- 'iconv-1.18-1.{}.zip'.format(suffix),
- 'openssl-3.0.16.pl1.{}.zip'.format(suffix),
- 'xmlsec-1.3.7.{}.zip'.format(suffix),
- ]
-
- for libfile in libs:
- url = urljoin(release_url, libfile)
- destfile = self.libs_dir / libfile
- if destfile.is_file():
- self.info('Using local copy of "{}"'.format(url))
- else:
- self.info('Retrieving "{}" to "{}"'.format(url, destfile))
- urlcleanup() # work around FTP bug 27973 in Py2.7.12+
- urlretrieve(url, str(destfile))
-
- for p in self.libs_dir.glob('*.zip'):
- with zipfile.ZipFile(str(p)) as f:
- destdir = self.build_libs_dir
- f.extractall(path=str(destdir))
-
- ext = self.ext_map['xmlsec']
- ext.define_macros = [
- ('XMLSEC_CRYPTO', '\\"openssl\\"'),
- ('__XMLSEC_FUNCTION__', '__FUNCTION__'),
- ('XMLSEC_NO_GOST', '1'),
- ('XMLSEC_NO_XKMS', '1'),
- ('XMLSEC_NO_CRYPTO_DYNAMIC_LOADING', '1'),
- ('XMLSEC_CRYPTO_OPENSSL', '1'),
- ('UNICODE', '1'),
- ('_UNICODE', '1'),
- ('LIBXML_ICONV_ENABLED', 1),
- ('LIBXML_STATIC', '1'),
- ('LIBXSLT_STATIC', '1'),
- ('XMLSEC_STATIC', '1'),
- ('inline', '__inline'),
- ]
- ext.libraries = [
- 'libxmlsec_a',
- 'libxmlsec-openssl_a',
- 'libcrypto',
- 'iconv_a',
- 'libxslt_a',
- 'libexslt_a',
- 'libxml2_a',
- 'zlib',
- 'WS2_32',
- 'Advapi32',
- 'User32',
- 'Gdi32',
- 'Crypt32',
- ]
- ext.library_dirs = [str(p.absolute()) for p in self.build_libs_dir.rglob('lib')]
-
- includes = [p for p in self.build_libs_dir.rglob('include') if p.is_dir()]
- includes.append(next(p / 'xmlsec' for p in includes if (p / 'xmlsec').is_dir()))
- ext.include_dirs = [str(p.absolute()) for p in includes]
-
- def prepare_static_build(self, build_platform):
- self.openssl_version = os.environ.get('PYXMLSEC_OPENSSL_VERSION')
- self.libiconv_version = os.environ.get('PYXMLSEC_LIBICONV_VERSION')
- self.libxml2_version = os.environ.get('PYXMLSEC_LIBXML2_VERSION')
- self.libxslt_version = os.environ.get('PYXMLSEC_LIBXSLT_VERSION')
- self.zlib_version = os.environ.get('PYXMLSEC_ZLIB_VERSION')
- self.xmlsec1_version = os.environ.get('PYXMLSEC_XMLSEC1_VERSION')
-
- # fetch openssl
- openssl_tar = next(self.libs_dir.glob('openssl*.tar.gz'), None)
- if openssl_tar is None:
- self.info('{:10}: {}'.format('OpenSSL', 'source tar not found, downloading ...'))
- openssl_tar = self.libs_dir / 'openssl.tar.gz'
- if self.openssl_version is None:
- url = latest_openssl_release()
- self.info('{:10}: {}'.format('OpenSSL', 'PYXMLSEC_OPENSSL_VERSION unset, downloading latest from {}'.format(url)))
- else:
- url = 'https://api.github.com/repos/openssl/openssl/tarball/openssl-{}'.format(self.openssl_version)
- self.info('{:10}: {} {}'.format('OpenSSL', 'version', self.openssl_version))
- urlretrieve(url, str(openssl_tar))
-
- # fetch zlib
- zlib_tar = next(self.libs_dir.glob('zlib*.tar.gz'), None)
- if zlib_tar is None:
- self.info('{:10}: {}'.format('zlib', 'source not found, downloading ...'))
- zlib_tar = self.libs_dir / 'zlib.tar.gz'
- if self.zlib_version is None:
- url = latest_zlib_release()
- self.info('{:10}: {}'.format('zlib', 'PYXMLSEC_ZLIB_VERSION unset, downloading latest from {}'.format(url)))
- else:
- url = 'https://zlib.net/fossils/zlib-{}.tar.gz'.format(self.zlib_version)
- self.info(
- '{:10}: {}'.format('zlib', 'PYXMLSEC_ZLIB_VERSION={}, downloading from {}'.format(self.zlib_version, url))
- )
- urlretrieve(url, str(zlib_tar))
-
- # fetch libiconv
- libiconv_tar = next(self.libs_dir.glob('libiconv*.tar.gz'), None)
- if libiconv_tar is None:
- self.info('{:10}: {}'.format('libiconv', 'source not found, downloading ...'))
- libiconv_tar = self.libs_dir / 'libiconv.tar.gz'
- if self.libiconv_version is None:
- url = latest_libiconv_release()
- self.info('{:10}: {}'.format('zlib', 'PYXMLSEC_LIBICONV_VERSION unset, downloading latest from {}'.format(url)))
- else:
- url = 'https://ftp.gnu.org/pub/gnu/libiconv/libiconv-{}.tar.gz'.format(self.libiconv_version)
- self.info(
- '{:10}: {}'.format(
- 'zlib', 'PYXMLSEC_LIBICONV_VERSION={}, downloading from {}'.format(self.libiconv_version, url)
- )
- )
- urlretrieve(url, str(libiconv_tar))
-
- # fetch libxml2
- libxml2_tar = next(self.libs_dir.glob('libxml2*.tar.xz'), None)
- if libxml2_tar is None:
- self.info('{:10}: {}'.format('libxml2', 'source tar not found, downloading ...'))
- if self.libxml2_version is None:
- url = latest_libxml2_release()
- self.info('{:10}: {}'.format('libxml2', 'PYXMLSEC_LIBXML2_VERSION unset, downloading latest from {}'.format(url)))
- else:
- version_prefix, _ = self.libxml2_version.rsplit('.', 1)
- url = 'https://download.gnome.org/sources/libxml2/{}/libxml2-{}.tar.xz'.format(
- version_prefix, self.libxml2_version
- )
- self.info(
- '{:10}: {}'.format(
- 'libxml2', 'PYXMLSEC_LIBXML2_VERSION={}, downloading from {}'.format(self.libxml2_version, url)
- )
- )
- libxml2_tar = self.libs_dir / 'libxml2.tar.xz'
- urlretrieve(url, str(libxml2_tar))
-
- # fetch libxslt
- libxslt_tar = next(self.libs_dir.glob('libxslt*.tar.gz'), None)
- if libxslt_tar is None:
- self.info('{:10}: {}'.format('libxslt', 'source tar not found, downloading ...'))
- if self.libxslt_version is None:
- url = latest_libxslt_release()
- self.info('{:10}: {}'.format('libxslt', 'PYXMLSEC_LIBXSLT_VERSION unset, downloading latest from {}'.format(url)))
- else:
- version_prefix, _ = self.libxslt_version.rsplit('.', 1)
- url = 'https://download.gnome.org/sources/libxslt/{}/libxslt-{}.tar.xz'.format(
- version_prefix, self.libxslt_version
- )
- self.info(
- '{:10}: {}'.format(
- 'libxslt', 'PYXMLSEC_LIBXSLT_VERSION={}, downloading from {}'.format(self.libxslt_version, url)
- )
- )
- libxslt_tar = self.libs_dir / 'libxslt.tar.gz'
- urlretrieve(url, str(libxslt_tar))
-
- # fetch xmlsec1
- xmlsec1_tar = next(self.libs_dir.glob('xmlsec1*.tar.gz'), None)
- if xmlsec1_tar is None:
- self.info('{:10}: {}'.format('xmlsec1', 'source tar not found, downloading ...'))
- if self.xmlsec1_version is None:
- url = latest_xmlsec_release()
- self.info('{:10}: {}'.format('xmlsec1', 'PYXMLSEC_XMLSEC1_VERSION unset, downloading latest from {}'.format(url)))
- else:
- url = 'https://github.com/lsh123/xmlsec/releases/download/{v}/xmlsec1-{v}.tar.gz'.format(v=self.xmlsec1_version)
- self.info(
- '{:10}: {}'.format(
- 'xmlsec1', 'PYXMLSEC_XMLSEC1_VERSION={}, downloading from {}'.format(self.xmlsec1_version, url)
- )
- )
- xmlsec1_tar = self.libs_dir / 'xmlsec1.tar.gz'
- urlretrieve(url, str(xmlsec1_tar))
-
- for file in (openssl_tar, zlib_tar, libiconv_tar, libxml2_tar, libxslt_tar, xmlsec1_tar):
- self.info('Unpacking {}'.format(file.name))
- try:
- with tarfile.open(str(file)) as tar:
- tar.extractall(path=str(self.build_libs_dir))
- except EOFError:
- raise DistutilsError('Bad {} downloaded; remove it and try again.'.format(file.name))
-
- prefix_arg = '--prefix={}'.format(self.prefix_dir)
-
- env = os.environ.copy()
- cflags = []
- if env.get('CFLAGS'):
- cflags.append(env['CFLAGS'])
- cflags.append('-fPIC')
- ldflags = []
- if env.get('LDFLAGS'):
- ldflags.append(env['LDFLAGS'])
-
- cross_compiling = False
- if build_platform == 'darwin':
- import platform
-
- arch = self.plat_name.rsplit('-', 1)[1]
- if arch != platform.machine() and arch in ('x86_64', 'arm64'):
- self.info('Cross-compiling for {}'.format(arch))
- cflags.append('-arch {}'.format(arch))
- ldflags.append('-arch {}'.format(arch))
- cross_compiling = CrossCompileInfo('darwin64', arch, 'cc')
- major_version, minor_version = tuple(map(int, platform.mac_ver()[0].split('.')[:2]))
- if major_version >= 11:
- if 'MACOSX_DEPLOYMENT_TARGET' not in env:
- env['MACOSX_DEPLOYMENT_TARGET'] = "11.0"
-
- env['CFLAGS'] = ' '.join(cflags)
- env['LDFLAGS'] = ' '.join(ldflags)
-
- self.info('Building OpenSSL')
- openssl_dir = next(self.build_libs_dir.glob('openssl-*'))
- openssl_config_cmd = [prefix_arg, 'no-shared', '-fPIC', '--libdir=lib']
- if cross_compiling:
- openssl_config_cmd.insert(0, './Configure')
- openssl_config_cmd.append(cross_compiling.triplet)
- else:
- openssl_config_cmd.insert(0, './config')
- subprocess.check_call(openssl_config_cmd, cwd=str(openssl_dir), env=env)
- subprocess.check_call(['make', '-j{}'.format(multiprocessing.cpu_count() + 1)], cwd=str(openssl_dir), env=env)
- subprocess.check_call(
- ['make', '-j{}'.format(multiprocessing.cpu_count() + 1), 'install_sw'], cwd=str(openssl_dir), env=env
- )
-
- self.info('Building zlib')
- zlib_dir = next(self.build_libs_dir.glob('zlib-*'))
- subprocess.check_call(['./configure', prefix_arg], cwd=str(zlib_dir), env=env)
- subprocess.check_call(['make', '-j{}'.format(multiprocessing.cpu_count() + 1)], cwd=str(zlib_dir), env=env)
- subprocess.check_call(['make', '-j{}'.format(multiprocessing.cpu_count() + 1), 'install'], cwd=str(zlib_dir), env=env)
-
- host_arg = []
- if cross_compiling:
- host_arg = ['--host={}'.format(cross_compiling.arch)]
-
- self.info('Building libiconv')
- libiconv_dir = next(self.build_libs_dir.glob('libiconv-*'))
- subprocess.check_call(
- [
- './configure',
- prefix_arg,
- '--disable-dependency-tracking',
- '--disable-shared',
- *host_arg,
- ],
- cwd=str(libiconv_dir),
- env=env,
- )
- subprocess.check_call(['make', '-j{}'.format(multiprocessing.cpu_count() + 1)], cwd=str(libiconv_dir), env=env)
- subprocess.check_call(['make', '-j{}'.format(multiprocessing.cpu_count() + 1), 'install'], cwd=str(libiconv_dir), env=env)
-
- self.info('Building LibXML2')
- libxml2_dir = next(self.build_libs_dir.glob('libxml2-*'))
- subprocess.check_call(
- [
- './configure',
- prefix_arg,
- '--disable-dependency-tracking',
- '--disable-shared',
- '--without-lzma',
- '--without-python',
- '--with-iconv={}'.format(self.prefix_dir),
- '--with-zlib={}'.format(self.prefix_dir),
- *host_arg,
- ],
- cwd=str(libxml2_dir),
- env=env,
- )
- subprocess.check_call(['make', '-j{}'.format(multiprocessing.cpu_count() + 1)], cwd=str(libxml2_dir), env=env)
- subprocess.check_call(['make', '-j{}'.format(multiprocessing.cpu_count() + 1), 'install'], cwd=str(libxml2_dir), env=env)
-
- self.info('Building libxslt')
- libxslt_dir = next(self.build_libs_dir.glob('libxslt-*'))
- subprocess.check_call(
- [
- './configure',
- prefix_arg,
- '--disable-dependency-tracking',
- '--disable-shared',
- '--without-python',
- '--without-crypto',
- '--with-libxml-prefix={}'.format(self.prefix_dir),
- *host_arg,
- ],
- cwd=str(libxslt_dir),
- env=env,
- )
- subprocess.check_call(['make', '-j{}'.format(multiprocessing.cpu_count() + 1)], cwd=str(libxslt_dir), env=env)
- subprocess.check_call(['make', '-j{}'.format(multiprocessing.cpu_count() + 1), 'install'], cwd=str(libxslt_dir), env=env)
-
- self.info('Building xmlsec1')
- ldflags.append('-lpthread')
- env['LDFLAGS'] = ' '.join(ldflags)
- xmlsec1_dir = next(self.build_libs_dir.glob('xmlsec1-*'))
- subprocess.check_call(
- [
- './configure',
- prefix_arg,
- '--disable-shared',
- '--disable-gost',
- '--enable-md5',
- '--enable-ripemd160',
- '--disable-crypto-dl',
- '--enable-static=yes',
- '--enable-shared=no',
- '--enable-static-linking=yes',
- '--with-default-crypto=openssl',
- '--with-openssl={}'.format(self.prefix_dir),
- '--with-libxml={}'.format(self.prefix_dir),
- '--with-libxslt={}'.format(self.prefix_dir),
- *host_arg,
- ],
- cwd=str(xmlsec1_dir),
- env=env,
- )
- subprocess.check_call(
- ['make', '-j{}'.format(multiprocessing.cpu_count() + 1)]
- + ['-I{}'.format(str(self.prefix_dir / 'include')), '-I{}'.format(str(self.prefix_dir / 'include' / 'libxml'))],
- cwd=str(xmlsec1_dir),
- env=env,
- )
- subprocess.check_call(['make', '-j{}'.format(multiprocessing.cpu_count() + 1), 'install'], cwd=str(xmlsec1_dir), env=env)
-
- ext = self.ext_map['xmlsec']
- ext.define_macros = [
- ('__XMLSEC_FUNCTION__', '__func__'),
- ('XMLSEC_NO_SIZE_T', None),
- ('XMLSEC_NO_GOST', '1'),
- ('XMLSEC_NO_GOST2012', '1'),
- ('XMLSEC_NO_XKMS', '1'),
- ('XMLSEC_CRYPTO', '\\"openssl\\"'),
- ('XMLSEC_NO_CRYPTO_DYNAMIC_LOADING', '1'),
- ('XMLSEC_CRYPTO_OPENSSL', '1'),
- ('LIBXML_ICONV_ENABLED', 1),
- ('LIBXML_STATIC', '1'),
- ('LIBXSLT_STATIC', '1'),
- ('XMLSEC_STATIC', '1'),
- ('inline', '__inline'),
- ('UNICODE', '1'),
- ('_UNICODE', '1'),
- ]
-
- ext.include_dirs.append(str(self.prefix_dir / 'include'))
- ext.include_dirs.extend([str(p.absolute()) for p in (self.prefix_dir / 'include').iterdir() if p.is_dir()])
-
- ext.library_dirs = []
- if build_platform == 'linux':
- ext.libraries = ['m', 'rt']
- extra_objects = [
- 'libxmlsec1.a',
- 'libxslt.a',
- 'libxml2.a',
- 'libz.a',
- 'libxmlsec1-openssl.a',
- 'libcrypto.a',
- 'libiconv.a',
- 'libxmlsec1.a',
- ]
- ext.extra_objects = [str(self.prefix_dir / 'lib' / o) for o in extra_objects]
+from build_support.build_ext import build_ext
src_root = Path(__file__).parent / 'src'
-sources = [str(p.absolute()) for p in src_root.rglob('*.c')]
+sources = [str(path.absolute()) for path in src_root.rglob('*.c')]
pyxmlsec = Extension('xmlsec', sources=sources)
setup_reqs = ['setuptools_scm[toml]>=3.4', 'pkgconfig>=1.5.1', 'lxml>=3.8']
-with io.open('README.rst', encoding='utf-8') as f:
- long_desc = f.read()
+with open('README.md', encoding='utf-8') as readme:
+ long_desc = readme.read()
setup(
@@ -596,10 +22,10 @@ def prepare_static_build(self, build_platform):
long_description_content_type='text/markdown',
ext_modules=[pyxmlsec],
cmdclass={'build_ext': build_ext},
- python_requires='>=3.5',
+ python_requires='>=3.9',
setup_requires=setup_reqs,
install_requires=['lxml>=3.8'],
- author="Bulat Gaifullin",
+ author='Bulat Gaifullin',
author_email='support@mehcode.com',
maintainer='Oleg Hoefling',
maintainer_email='oleg.hoefling@gmail.com',
@@ -619,12 +45,12 @@ def prepare_static_build(self, build_platform):
'Operating System :: OS Independent',
'Programming Language :: C',
'Programming Language :: Python :: 3',
- 'Programming Language :: Python :: 3.5',
- 'Programming Language :: Python :: 3.6',
- 'Programming Language :: Python :: 3.7',
- 'Programming Language :: Python :: 3.8',
'Programming Language :: Python :: 3.9',
+ 'Programming Language :: Python :: 3.10',
'Programming Language :: Python :: 3.11',
+ 'Programming Language :: Python :: 3.12',
+ 'Programming Language :: Python :: 3.13',
+ 'Programming Language :: Python :: 3.14',
'Topic :: Text Processing :: Markup :: XML',
'Typing :: Typed',
],
diff --git a/src/xmlsec/constants.pyi b/src/xmlsec/constants.pyi
index 3c3ea94f..a9254ddd 100644
--- a/src/xmlsec/constants.pyi
+++ b/src/xmlsec/constants.pyi
@@ -1,10 +1,5 @@
import sys
-from typing import NamedTuple
-
-if sys.version_info >= (3, 8):
- from typing import Final
-else:
- from typing_extensions import Final
+from typing import Final, NamedTuple
class __KeyData(NamedTuple): # __KeyData type
href: str
diff --git a/src/xmlsec/template.pyi b/src/xmlsec/template.pyi
index a5199fc8..d1755fa2 100644
--- a/src/xmlsec/template.pyi
+++ b/src/xmlsec/template.pyi
@@ -15,7 +15,7 @@ def add_reference(
) -> _Element: ...
def add_transform(node: _Element, transform: Transform) -> Any: ...
def add_x509_data(node: _Element) -> _Element: ...
-def create(node: _Element, c14n_method: Transform, sign_method: Transform) -> _Element: ...
+def create(node: _Element, c14n_method: Transform, sign_method: Transform, id: str | None = ..., ns: str | None = ...) -> _Element: ...
def encrypted_data_create(
node: _Element,
method: Transform,
diff --git a/tests/base.py b/tests/base.py
index 48aef81d..1d21c89b 100644
--- a/tests/base.py
+++ b/tests/base.py
@@ -25,16 +25,16 @@ class TestMemoryLeaks(unittest.TestCase):
iterations = test_iterations
- data_dir = os.path.join(os.path.dirname(__file__), "data")
+ data_dir = os.path.join(os.path.dirname(__file__), 'data')
def setUp(self):
gc.disable()
- self.addTypeEqualityFunc(etype, "assertXmlEqual")
+ self.addTypeEqualityFunc(etype, 'assertXmlEqual')
xmlsec.enable_debug_trace(1)
def run(self, result=None):
# run first time
- super(TestMemoryLeaks, self).run(result=result)
+ super().run(result=result)
if self.iterations == 0:
return
@@ -43,7 +43,7 @@ def run(self, result=None):
m_hits = 0
o_hits = 0
for _ in range(self.iterations):
- super(TestMemoryLeaks, self).run(result=result)
+ super().run(result=result)
m_usage_n = resource.getrusage(resource.RUSAGE_SELF).ru_maxrss
if m_usage_n > m_usage:
m_usage = m_usage_n
@@ -58,13 +58,13 @@ def run(self, result=None):
if m_hits > int(self.iterations * 0.8):
result.buffer = False
try:
- raise AssertionError("memory leak detected")
+ raise AssertionError('memory leak detected')
except AssertionError:
result.addError(self, sys.exc_info())
if o_hits > int(self.iterations * 0.8):
result.buffer = False
try:
- raise AssertionError("unreferenced objects detected")
+ raise AssertionError('unreferenced objects detected')
except AssertionError:
result.addError(self, sys.exc_info())
@@ -74,7 +74,7 @@ def path(self, name):
def load(self, name):
"""Load resource by name."""
- with open(self.path(name), "rb") as stream:
+ with open(self.path(name), 'rb') as stream:
return stream.read()
def load_xml(self, name, xpath=None):
@@ -88,28 +88,26 @@ def load_xml(self, name, xpath=None):
def dump(self, root):
print(etree.tostring(root))
- def assertXmlEqual(self, first, second, msg=None): # noqa: N802
+ def assertXmlEqual(self, first, second, msg=None):
"""Check equality of etree.roots."""
msg = msg or ''
if first.tag != second.tag:
- self.fail('Tags do not match: {} and {}. {}'.format(first.tag, second.tag, msg))
+ self.fail(f'Tags do not match: {first.tag} and {second.tag}. {msg}')
for name, value in first.attrib.items():
if second.attrib.get(name) != value:
- self.fail('Attributes do not match: {}={!r}, {}={!r}. {}'.format(name, value, name, second.attrib.get(name), msg))
- for name in second.attrib.keys():
+ self.fail(f'Attributes do not match: {name}={value!r}, {name}={second.attrib.get(name)!r}. {msg}')
+ for name in second.attrib:
if name not in first.attrib:
- self.fail('x2 has an attribute x1 is missing: {}. {}'.format(name, msg))
+ self.fail(f'x2 has an attribute x1 is missing: {name}. {msg}')
if not _xml_text_compare(first.text, second.text):
- self.fail('text: {!r} != {!r}. {}'.format(first.text, second.text, msg))
+ self.fail(f'text: {first.text!r} != {second.text!r}. {msg}')
if not _xml_text_compare(first.tail, second.tail):
- self.fail('tail: {!r} != {!r}. {}'.format(first.tail, second.tail, msg))
+ self.fail(f'tail: {first.tail!r} != {second.tail!r}. {msg}')
cl1 = sorted(first.getchildren(), key=lambda x: x.tag)
cl2 = sorted(second.getchildren(), key=lambda x: x.tag)
if len(cl1) != len(cl2):
- self.fail('children length differs, {} != {}. {}'.format(len(cl1), len(cl2), msg))
- i = 0
+ self.fail(f'children length differs, {len(cl1)} != {len(cl2)}. {msg}')
for c1, c2 in zip(cl1, cl2):
- i += 1
self.assertXmlEqual(c1, c2)
diff --git a/tests/conftest.py b/tests/conftest.py
index 675258c5..a65235d5 100644
--- a/tests/conftest.py
+++ b/tests/conftest.py
@@ -1,6 +1,5 @@
def pytest_collection_modifyitems(items):
- """
- Put the module init test first.
+ """Put the module init test first.
This way, we implicitly check whether any subsequent test fails because of module reinitialization.
"""
diff --git a/tests/softhsm_setup.py b/tests/softhsm_setup.py
index 247f1b18..d55c16fd 100644
--- a/tests/softhsm_setup.py
+++ b/tests/softhsm_setup.py
@@ -24,7 +24,7 @@ def find_alts(component_name, alts) -> str:
for a in alts:
if os.path.exists(a):
return a
- raise unittest.SkipTest('Required component is missing: {}'.format(component_name))
+ raise unittest.SkipTest(f'Required component is missing: {component_name}')
def run_cmd(args, softhsm_conf=None):
@@ -101,7 +101,7 @@ def run_cmd(args, softhsm_conf=None):
def _temp_file() -> str:
- f = tempfile.NamedTemporaryFile(delete=False)
+ f = tempfile.NamedTemporaryFile(delete=False) # noqa: SIM115
p11_test_files.append(f.name)
return f.name
@@ -123,28 +123,24 @@ def setup() -> None:
if softhsm_version == 2:
softhsm_db = _temp_dir()
f.write(
- """
+ f"""
# Generated by test
-directories.tokendir = {}
+directories.tokendir = {softhsm_db}
objectstore.backend = file
log.level = DEBUG
-""".format(
- softhsm_db
- )
+"""
)
else:
softhsm_db = _temp_file()
f.write(
- """
+ f"""
# Generated by test
-0:{}
-""".format(
- softhsm_db
- )
+0:{softhsm_db}
+"""
)
logging.debug('Initializing the token')
- out, err = run_cmd(
+ _, _ = run_cmd(
[
component_path['SOFTHSM'],
'--slot',
@@ -227,13 +223,13 @@ def setup() -> None:
'[pkcs11_section]',
'engine_id = pkcs11',
# dynamic_path,
- "MODULE_PATH = {}".format(component_path['P11_MODULE']),
+ 'MODULE_PATH = {}'.format(component_path['P11_MODULE']),
'init = 0',
]
)
)
- with open(openssl_conf, 'r') as f:
+ with open(openssl_conf) as f:
logging.debug('-------- START DEBUG openssl_conf --------')
logging.debug(f.readlines())
logging.debug('-------- END DEBUG openssl_conf --------')
@@ -309,7 +305,7 @@ def setup() -> None:
softhsm_conf=softhsm_conf,
)
- # TODO: Should be teardowned in teardown # noqa: T101
+ # TODO: Should be teardowned in teardown
os.environ['SOFTHSM_CONF'] = softhsm_conf
os.environ['SOFTHSM2_CONF'] = softhsm_conf
diff --git a/tests/test_constants.py b/tests/test_constants.py
index f79d19f0..2c39d5f6 100644
--- a/tests/test_constants.py
+++ b/tests/test_constants.py
@@ -21,22 +21,22 @@ def _constants(typename):
@pytest.mark.parametrize('transform', _constants('__Transform'), ids=repr)
def test_transform_str(transform):
"""Test string representation of ``xmlsec.constants.__Transform``."""
- assert str(transform) == '{}, {}'.format(transform.name, transform.href)
+ assert str(transform) == f'{transform.name}, {transform.href}'
@pytest.mark.parametrize('transform', _constants('__Transform'), ids=repr)
def test_transform_repr(transform):
"""Test raw string representation of ``xmlsec.constants.__Transform``."""
- assert repr(transform) == '__Transform({!r}, {!r}, {})'.format(transform.name, transform.href, transform.usage)
+ assert repr(transform) == f'__Transform({transform.name!r}, {transform.href!r}, {transform.usage})'
@pytest.mark.parametrize('keydata', _constants('__KeyData'), ids=repr)
def test_keydata_str(keydata):
"""Test string representation of ``xmlsec.constants.__KeyData``."""
- assert str(keydata) == '{}, {}'.format(keydata.name, keydata.href)
+ assert str(keydata) == f'{keydata.name}, {keydata.href}'
@pytest.mark.parametrize('keydata', _constants('__KeyData'), ids=repr)
def test_keydata_repr(keydata):
"""Test raw string representation of ``xmlsec.constants.__KeyData``."""
- assert repr(keydata) == '__KeyData({!r}, {!r})'.format(keydata.name, keydata.href)
+ assert repr(keydata) == f'__KeyData({keydata.name!r}, {keydata.href!r})'
diff --git a/tests/test_doc_examples.py b/tests/test_doc_examples.py
index 2fc490f3..7aa8e517 100644
--- a/tests/test_doc_examples.py
+++ b/tests/test_doc_examples.py
@@ -3,24 +3,17 @@
import contextlib
import os
import runpy
-import sys
+from pathlib import Path
import pytest
-if sys.version_info >= (3, 4):
- from pathlib import Path
-else: # python2.7 compat
- from _pytest.pathlib import Path
-
-
examples_dir = Path(__file__, '../../doc/source/examples').resolve()
examples = sorted(examples_dir.glob('*.py'))
@contextlib.contextmanager
def cd(where_to):
- """
- Temporarily change the working directory.
+ """Temporarily change the working directory.
Restore the current working dir after exiting the context.
"""
@@ -34,8 +27,7 @@ def cd(where_to):
@pytest.mark.parametrize('example', examples, ids=lambda p: p.name)
def test_doc_example(example):
- """
- Verify example scripts included in the docs are up to date.
+ """Verify example scripts included in the docs are up to date.
Execute each script in :file:`docs/source/examples`,
not raising any errors is good enough.
diff --git a/tests/test_ds.py b/tests/test_ds.py
index 38f0b25c..dd0657d3 100644
--- a/tests/test_ds.py
+++ b/tests/test_ds.py
@@ -25,13 +25,13 @@ def test_no_key(self):
def test_del_key(self):
ctx = xmlsec.SignatureContext(manager=xmlsec.KeysManager())
- ctx.key = xmlsec.Key.from_file(self.path("rsakey.pem"), format=consts.KeyDataFormatPem)
+ ctx.key = xmlsec.Key.from_file(self.path('rsakey.pem'), format=consts.KeyDataFormatPem)
del ctx.key
self.assertIsNone(ctx.key)
def test_set_key(self):
ctx = xmlsec.SignatureContext(manager=xmlsec.KeysManager())
- ctx.key = xmlsec.Key.from_file(self.path("rsakey.pem"), format=consts.KeyDataFormatPem)
+ ctx.key = xmlsec.Key.from_file(self.path('rsakey.pem'), format=consts.KeyDataFormatPem)
self.assertIsNotNone(ctx.key)
def test_set_key_bad_type(self):
@@ -46,9 +46,9 @@ def test_set_invalid_key(self):
def test_register_id(self):
ctx = xmlsec.SignatureContext()
- root = self.load_xml("sign_template.xml")
- sign = xmlsec.template.create(root, consts.TransformExclC14N, consts.TransformRsaSha1, "Id")
- ctx.register_id(sign, "Id")
+ root = self.load_xml('sign_template.xml')
+ sign = xmlsec.template.create(root, consts.TransformExclC14N, consts.TransformRsaSha1, 'Id')
+ ctx.register_id(sign, 'Id')
def test_register_id_bad_args(self):
ctx = xmlsec.SignatureContext()
@@ -57,41 +57,41 @@ def test_register_id_bad_args(self):
def test_register_id_with_namespace_without_attribute(self):
ctx = xmlsec.SignatureContext()
- root = self.load_xml("sign_template.xml")
- sign = xmlsec.template.create(root, consts.TransformExclC14N, consts.TransformRsaSha1, "Id")
+ root = self.load_xml('sign_template.xml')
+ sign = xmlsec.template.create(root, consts.TransformExclC14N, consts.TransformRsaSha1, 'Id')
with self.assertRaisesRegex(xmlsec.Error, 'missing attribute.'):
- ctx.register_id(sign, "Id", id_ns='foo')
+ ctx.register_id(sign, 'Id', id_ns='foo')
def test_sign_bad_args(self):
ctx = xmlsec.SignatureContext()
- ctx.key = xmlsec.Key.from_file(self.path("rsakey.pem"), format=consts.KeyDataFormatPem)
+ ctx.key = xmlsec.Key.from_file(self.path('rsakey.pem'), format=consts.KeyDataFormatPem)
with self.assertRaises(TypeError):
ctx.sign('')
def test_sign_fail(self):
ctx = xmlsec.SignatureContext()
- ctx.key = xmlsec.Key.from_file(self.path("rsakey.pem"), format=consts.KeyDataFormatPem)
+ ctx.key = xmlsec.Key.from_file(self.path('rsakey.pem'), format=consts.KeyDataFormatPem)
with self.assertRaisesRegex(xmlsec.Error, 'failed to sign'):
ctx.sign(self.load_xml('sign1-in.xml'))
def test_sign_case1(self):
"""Should sign a pre-constructed template file using a key from a PEM file."""
- root = self.load_xml("sign1-in.xml")
+ root = self.load_xml('sign1-in.xml')
sign = xmlsec.tree.find_node(root, consts.NodeSignature)
self.assertIsNotNone(sign)
ctx = xmlsec.SignatureContext()
- ctx.key = xmlsec.Key.from_file(self.path("rsakey.pem"), format=consts.KeyDataFormatPem)
+ ctx.key = xmlsec.Key.from_file(self.path('rsakey.pem'), format=consts.KeyDataFormatPem)
self.assertIsNotNone(ctx.key)
ctx.key.name = 'rsakey.pem'
- self.assertEqual("rsakey.pem", ctx.key.name)
+ self.assertEqual('rsakey.pem', ctx.key.name)
ctx.sign(sign)
- self.assertEqual(self.load_xml("sign1-out.xml"), root)
+ self.assertEqual(self.load_xml('sign1-out.xml'), root)
def test_sign_case2(self):
"""Should sign a dynamicaly constructed template file using a key from a PEM file."""
- root = self.load_xml("sign2-in.xml")
+ root = self.load_xml('sign2-in.xml')
sign = xmlsec.template.create(root, consts.TransformExclC14N, consts.TransformRsaSha1)
self.assertIsNotNone(sign)
root.append(sign)
@@ -101,17 +101,17 @@ def test_sign_case2(self):
xmlsec.template.add_key_name(ki)
ctx = xmlsec.SignatureContext()
- ctx.key = xmlsec.Key.from_file(self.path("rsakey.pem"), format=consts.KeyDataFormatPem)
+ ctx.key = xmlsec.Key.from_file(self.path('rsakey.pem'), format=consts.KeyDataFormatPem)
self.assertIsNotNone(ctx.key)
ctx.key.name = 'rsakey.pem'
- self.assertEqual("rsakey.pem", ctx.key.name)
+ self.assertEqual('rsakey.pem', ctx.key.name)
ctx.sign(sign)
- self.assertEqual(self.load_xml("sign2-out.xml"), root)
+ self.assertEqual(self.load_xml('sign2-out.xml'), root)
def test_sign_case3(self):
"""Should sign a file using a dynamicaly created template, key from PEM and an X509 cert."""
- root = self.load_xml("sign3-in.xml")
+ root = self.load_xml('sign3-in.xml')
sign = xmlsec.template.create(root, consts.TransformExclC14N, consts.TransformRsaSha1)
self.assertIsNotNone(sign)
root.append(sign)
@@ -121,23 +121,23 @@ def test_sign_case3(self):
xmlsec.template.add_x509_data(ki)
ctx = xmlsec.SignatureContext()
- ctx.key = xmlsec.Key.from_file(self.path("rsakey.pem"), format=consts.KeyDataFormatPem)
+ ctx.key = xmlsec.Key.from_file(self.path('rsakey.pem'), format=consts.KeyDataFormatPem)
self.assertIsNotNone(ctx.key)
ctx.key.load_cert_from_file(self.path('rsacert.pem'), consts.KeyDataFormatPem)
ctx.key.name = 'rsakey.pem'
- self.assertEqual("rsakey.pem", ctx.key.name)
+ self.assertEqual('rsakey.pem', ctx.key.name)
ctx.sign(sign)
- self.assertEqual(self.load_xml("sign3-out.xml"), root)
+ self.assertEqual(self.load_xml('sign3-out.xml'), root)
def test_sign_case4(self):
"""Should sign a file using a dynamically created template, key from PEM and an X509 cert with custom ns."""
- root = self.load_xml("sign4-in.xml")
- xmlsec.tree.add_ids(root, ["ID"])
+ root = self.load_xml('sign4-in.xml')
+ xmlsec.tree.add_ids(root, ['ID'])
elem_id = root.get('ID', None)
if elem_id:
elem_id = '#' + elem_id
- sign = xmlsec.template.create(root, consts.TransformExclC14N, consts.TransformRsaSha1, ns="ds")
+ sign = xmlsec.template.create(root, consts.TransformExclC14N, consts.TransformRsaSha1, ns='ds')
self.assertIsNotNone(sign)
root.append(sign)
ref = xmlsec.template.add_reference(sign, consts.TransformSha1, uri=elem_id)
@@ -147,18 +147,18 @@ def test_sign_case4(self):
xmlsec.template.add_x509_data(ki)
ctx = xmlsec.SignatureContext()
- ctx.key = xmlsec.Key.from_file(self.path("rsakey.pem"), format=consts.KeyDataFormatPem)
+ ctx.key = xmlsec.Key.from_file(self.path('rsakey.pem'), format=consts.KeyDataFormatPem)
self.assertIsNotNone(ctx.key)
ctx.key.load_cert_from_file(self.path('rsacert.pem'), consts.KeyDataFormatPem)
ctx.key.name = 'rsakey.pem'
- self.assertEqual("rsakey.pem", ctx.key.name)
+ self.assertEqual('rsakey.pem', ctx.key.name)
ctx.sign(sign)
- self.assertEqual(self.load_xml("sign4-out.xml"), root)
+ self.assertEqual(self.load_xml('sign4-out.xml'), root)
def test_sign_case5(self):
"""Should sign a file using a dynamicaly created template, key from PEM file and an X509 certificate."""
- root = self.load_xml("sign5-in.xml")
+ root = self.load_xml('sign5-in.xml')
sign = xmlsec.template.create(root, consts.TransformExclC14N, consts.TransformRsaSha1)
self.assertIsNotNone(sign)
root.append(sign)
@@ -175,11 +175,11 @@ def test_sign_case5(self):
xmlsec.template.x509_issuer_serial_add_serial_number(x509_issuer_serial, '1')
ctx = xmlsec.SignatureContext()
- ctx.key = xmlsec.Key.from_file(self.path("rsakey.pem"), format=consts.KeyDataFormatPem)
+ ctx.key = xmlsec.Key.from_file(self.path('rsakey.pem'), format=consts.KeyDataFormatPem)
self.assertIsNotNone(ctx.key)
ctx.key.load_cert_from_file(self.path('rsacert.pem'), consts.KeyDataFormatPem)
ctx.key.name = 'rsakey.pem'
- self.assertEqual("rsakey.pem", ctx.key.name)
+ self.assertEqual('rsakey.pem', ctx.key.name)
ctx.sign(sign)
if (1, 2, 36) <= xmlsec.get_libxmlsec_version() <= (1, 2, 37):
@@ -190,7 +190,7 @@ def test_sign_case5(self):
def test_sign_binary_bad_args(self):
ctx = xmlsec.SignatureContext()
- ctx.key = xmlsec.Key.from_file(self.path("rsakey.pem"), format=consts.KeyDataFormatPem)
+ ctx.key = xmlsec.Key.from_file(self.path('rsakey.pem'), format=consts.KeyDataFormatPem)
with self.assertRaises(TypeError):
ctx.sign_binary(bytes=1, transform='')
@@ -202,23 +202,23 @@ def test_sign_binary_no_key(self):
@unittest.skipIf(not hasattr(consts, 'TransformXslt'), reason='XSLT transformations not enabled')
def test_sign_binary_invalid_signature_method(self):
ctx = xmlsec.SignatureContext()
- ctx.key = xmlsec.Key.from_file(self.path("rsakey.pem"), format=consts.KeyDataFormatPem)
+ ctx.key = xmlsec.Key.from_file(self.path('rsakey.pem'), format=consts.KeyDataFormatPem)
with self.assertRaisesRegex(xmlsec.Error, 'incompatible signature method'):
ctx.sign_binary(bytes=b'', transform=consts.TransformXslt)
def test_sign_binary(self):
ctx = xmlsec.SignatureContext()
- ctx.key = xmlsec.Key.from_file(self.path("rsakey.pem"), format=consts.KeyDataFormatPem)
+ ctx.key = xmlsec.Key.from_file(self.path('rsakey.pem'), format=consts.KeyDataFormatPem)
self.assertIsNotNone(ctx.key)
ctx.key.name = 'rsakey.pem'
- self.assertEqual("rsakey.pem", ctx.key.name)
+ self.assertEqual('rsakey.pem', ctx.key.name)
- sign = ctx.sign_binary(self.load("sign6-in.bin"), consts.TransformRsaSha1)
- self.assertEqual(self.load("sign6-out.bin"), sign)
+ sign = ctx.sign_binary(self.load('sign6-in.bin'), consts.TransformRsaSha1)
+ self.assertEqual(self.load('sign6-out.bin'), sign)
def test_sign_binary_twice_not_possible(self):
ctx = xmlsec.SignatureContext()
- ctx.key = xmlsec.Key.from_file(self.path("rsakey.pem"), format=consts.KeyDataFormatPem)
+ ctx.key = xmlsec.Key.from_file(self.path('rsakey.pem'), format=consts.KeyDataFormatPem)
data = self.load('sign6-in.bin')
ctx.sign_binary(data, consts.TransformRsaSha1)
with self.assertRaisesRegex(xmlsec.Error, 'Signature context already used; it is designed for one use only.'):
@@ -226,13 +226,13 @@ def test_sign_binary_twice_not_possible(self):
def test_verify_bad_args(self):
ctx = xmlsec.SignatureContext()
- ctx.key = xmlsec.Key.from_file(self.path("rsakey.pem"), format=consts.KeyDataFormatPem)
+ ctx.key = xmlsec.Key.from_file(self.path('rsakey.pem'), format=consts.KeyDataFormatPem)
with self.assertRaises(TypeError):
ctx.verify('')
def test_verify_fail(self):
ctx = xmlsec.SignatureContext()
- ctx.key = xmlsec.Key.from_file(self.path("rsakey.pem"), format=consts.KeyDataFormatPem)
+ ctx.key = xmlsec.Key.from_file(self.path('rsakey.pem'), format=consts.KeyDataFormatPem)
with self.assertRaisesRegex(xmlsec.Error, 'failed to verify'):
ctx.verify(self.load_xml('sign1-in.xml'))
@@ -252,41 +252,41 @@ def test_verify_case_5(self):
self.check_verify(5)
def check_verify(self, i):
- root = self.load_xml("sign{}-out.xml".format(i))
- xmlsec.tree.add_ids(root, ["ID"])
+ root = self.load_xml(f'sign{i}-out.xml')
+ xmlsec.tree.add_ids(root, ['ID'])
sign = xmlsec.tree.find_node(root, consts.NodeSignature)
self.assertIsNotNone(sign)
- self.assertEqual(consts.NodeSignature, sign.tag.partition("}")[2])
+ self.assertEqual(consts.NodeSignature, sign.tag.partition('}')[2])
ctx = xmlsec.SignatureContext()
- ctx.key = xmlsec.Key.from_file(self.path("rsapub.pem"), format=consts.KeyDataFormatPem)
+ ctx.key = xmlsec.Key.from_file(self.path('rsapub.pem'), format=consts.KeyDataFormatPem)
self.assertIsNotNone(ctx.key)
ctx.key.name = 'rsapub.pem'
- self.assertEqual("rsapub.pem", ctx.key.name)
+ self.assertEqual('rsapub.pem', ctx.key.name)
ctx.verify(sign)
def test_validate_binary_sign(self):
ctx = xmlsec.SignatureContext()
- ctx.key = xmlsec.Key.from_file(self.path("rsakey.pem"), format=consts.KeyDataFormatPem)
+ ctx.key = xmlsec.Key.from_file(self.path('rsakey.pem'), format=consts.KeyDataFormatPem)
self.assertIsNotNone(ctx.key)
ctx.key.name = 'rsakey.pem'
- self.assertEqual("rsakey.pem", ctx.key.name)
+ self.assertEqual('rsakey.pem', ctx.key.name)
- ctx.verify_binary(self.load("sign6-in.bin"), consts.TransformRsaSha1, self.load("sign6-out.bin"))
+ ctx.verify_binary(self.load('sign6-in.bin'), consts.TransformRsaSha1, self.load('sign6-out.bin'))
def test_validate_binary_sign_fail(self):
ctx = xmlsec.SignatureContext()
- ctx.key = xmlsec.Key.from_file(self.path("rsakey.pem"), format=consts.KeyDataFormatPem)
+ ctx.key = xmlsec.Key.from_file(self.path('rsakey.pem'), format=consts.KeyDataFormatPem)
self.assertIsNotNone(ctx.key)
ctx.key.name = 'rsakey.pem'
- self.assertEqual("rsakey.pem", ctx.key.name)
+ self.assertEqual('rsakey.pem', ctx.key.name)
with self.assertRaises(xmlsec.Error):
- ctx.verify_binary(self.load("sign6-in.bin"), consts.TransformRsaSha1, b"invalid")
+ ctx.verify_binary(self.load('sign6-in.bin'), consts.TransformRsaSha1, b'invalid')
def test_enable_reference_transform(self):
ctx = xmlsec.SignatureContext()
- ctx.key = xmlsec.Key.from_file(self.path("rsakey.pem"), format=consts.KeyDataFormatPem)
+ ctx.key = xmlsec.Key.from_file(self.path('rsakey.pem'), format=consts.KeyDataFormatPem)
ctx.enable_reference_transform(consts.TransformRsaSha1)
def test_enable_reference_transform_bad_args(self):
@@ -301,7 +301,7 @@ def test_enable_reference_transform_bad_args(self):
def test_enable_signature_transform(self):
ctx = xmlsec.SignatureContext()
- ctx.key = xmlsec.Key.from_file(self.path("rsakey.pem"), format=consts.KeyDataFormatPem)
+ ctx.key = xmlsec.Key.from_file(self.path('rsakey.pem'), format=consts.KeyDataFormatPem)
ctx.enable_signature_transform(consts.TransformRsaSha1)
def test_enable_signature_transform_bad_args(self):
@@ -316,12 +316,12 @@ def test_enable_signature_transform_bad_args(self):
def test_set_enabled_key_data(self):
ctx = xmlsec.SignatureContext()
- ctx.key = xmlsec.Key.from_file(self.path("rsakey.pem"), format=consts.KeyDataFormatPem)
+ ctx.key = xmlsec.Key.from_file(self.path('rsakey.pem'), format=consts.KeyDataFormatPem)
ctx.set_enabled_key_data([consts.KeyDataAes])
def test_set_enabled_key_data_empty(self):
ctx = xmlsec.SignatureContext()
- ctx.key = xmlsec.Key.from_file(self.path("rsakey.pem"), format=consts.KeyDataFormatPem)
+ ctx.key = xmlsec.Key.from_file(self.path('rsakey.pem'), format=consts.KeyDataFormatPem)
ctx.set_enabled_key_data([])
def test_set_enabled_key_data_bad_args(self):
diff --git a/tests/test_enc.py b/tests/test_enc.py
index 1788b4d6..41f78d74 100644
--- a/tests/test_enc.py
+++ b/tests/test_enc.py
@@ -28,18 +28,18 @@ def test_no_key(self):
def test_get_key(self):
ctx = xmlsec.EncryptionContext(manager=xmlsec.KeysManager())
self.assertIsNone(ctx.key)
- ctx.key = xmlsec.Key.from_file(self.path("rsacert.pem"), format=consts.KeyDataFormatCertPem)
+ ctx.key = xmlsec.Key.from_file(self.path('rsacert.pem'), format=consts.KeyDataFormatCertPem)
self.assertIsNotNone(ctx.key)
def test_del_key(self):
ctx = xmlsec.EncryptionContext(manager=xmlsec.KeysManager())
- ctx.key = xmlsec.Key.from_file(self.path("rsacert.pem"), format=consts.KeyDataFormatCertPem)
+ ctx.key = xmlsec.Key.from_file(self.path('rsacert.pem'), format=consts.KeyDataFormatCertPem)
del ctx.key
self.assertIsNone(ctx.key)
def test_set_key(self):
ctx = xmlsec.EncryptionContext(manager=xmlsec.KeysManager())
- ctx.key = xmlsec.Key.from_file(self.path("rsacert.pem"), format=consts.KeyDataFormatCertPem)
+ ctx.key = xmlsec.Key.from_file(self.path('rsacert.pem'), format=consts.KeyDataFormatCertPem)
self.assertIsNotNone(ctx.key)
def test_set_key_bad_type(self):
@@ -54,16 +54,16 @@ def test_set_invalid_key(self):
def test_encrypt_xml(self):
root = self.load_xml('enc1-in.xml')
- enc_data = xmlsec.template.encrypted_data_create(root, consts.TransformAes128Cbc, type=consts.TypeEncElement, ns="xenc")
+ enc_data = xmlsec.template.encrypted_data_create(root, consts.TransformAes128Cbc, type=consts.TypeEncElement, ns='xenc')
xmlsec.template.encrypted_data_ensure_cipher_value(enc_data)
- ki = xmlsec.template.encrypted_data_ensure_key_info(enc_data, ns="dsig")
+ ki = xmlsec.template.encrypted_data_ensure_key_info(enc_data, ns='dsig')
ek = xmlsec.template.add_encrypted_key(ki, consts.TransformRsaOaep)
xmlsec.template.encrypted_data_ensure_cipher_value(ek)
data = root.find('./Data')
self.assertIsNotNone(data)
manager = xmlsec.KeysManager()
- manager.add_key(xmlsec.Key.from_file(self.path("rsacert.pem"), format=consts.KeyDataFormatCertPem))
+ manager.add_key(xmlsec.Key.from_file(self.path('rsacert.pem'), format=consts.KeyDataFormatCertPem))
ctx = xmlsec.EncryptionContext(manager)
ctx.key = xmlsec.Key.generate(consts.KeyDataAes, 128, consts.KeyDataTypeSession)
@@ -73,12 +73,12 @@ def test_encrypt_xml(self):
enc_method = xmlsec.tree.find_child(enc_data, consts.NodeEncryptionMethod, consts.EncNs)
self.assertIsNotNone(enc_method)
- self.assertEqual("http://www.w3.org/2001/04/xmlenc#aes128-cbc", enc_method.get("Algorithm"))
+ self.assertEqual('http://www.w3.org/2001/04/xmlenc#aes128-cbc', enc_method.get('Algorithm'))
ki = xmlsec.tree.find_child(enc_data, consts.NodeKeyInfo, consts.DSigNs)
self.assertIsNotNone(ki)
enc_method2 = xmlsec.tree.find_node(ki, consts.NodeEncryptionMethod, consts.EncNs)
self.assertIsNotNone(enc_method2)
- self.assertEqual("http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p", enc_method2.get("Algorithm"))
+ self.assertEqual('http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p', enc_method2.get('Algorithm'))
cipher_value = xmlsec.tree.find_node(ki, consts.NodeCipherValue, consts.EncNs)
self.assertIsNotNone(cipher_value)
@@ -109,32 +109,32 @@ def test_encrypt_xml_fail(self):
def test_encrypt_binary(self):
root = self.load_xml('enc2-in.xml')
enc_data = xmlsec.template.encrypted_data_create(
- root, consts.TransformAes128Cbc, type=consts.TypeEncContent, ns="xenc", mime_type="binary/octet-stream"
+ root, consts.TransformAes128Cbc, type=consts.TypeEncContent, ns='xenc', mime_type='binary/octet-stream'
)
xmlsec.template.encrypted_data_ensure_cipher_value(enc_data)
- ki = xmlsec.template.encrypted_data_ensure_key_info(enc_data, ns="dsig")
+ ki = xmlsec.template.encrypted_data_ensure_key_info(enc_data, ns='dsig')
ek = xmlsec.template.add_encrypted_key(ki, consts.TransformRsaOaep)
xmlsec.template.encrypted_data_ensure_cipher_value(ek)
manager = xmlsec.KeysManager()
- manager.add_key(xmlsec.Key.from_file(self.path("rsacert.pem"), format=consts.KeyDataFormatCertPem))
+ manager.add_key(xmlsec.Key.from_file(self.path('rsacert.pem'), format=consts.KeyDataFormatCertPem))
ctx = xmlsec.EncryptionContext(manager)
ctx.key = xmlsec.Key.generate(consts.KeyDataAes, 128, consts.KeyDataTypeSession)
encrypted = ctx.encrypt_binary(enc_data, b'test')
self.assertIsNotNone(encrypted)
- self.assertEqual("{{{}}}{}".format(consts.EncNs, consts.NodeEncryptedData), encrypted.tag)
+ self.assertEqual(f'{{{consts.EncNs}}}{consts.NodeEncryptedData}', encrypted.tag)
enc_method = xmlsec.tree.find_child(enc_data, consts.NodeEncryptionMethod, consts.EncNs)
self.assertIsNotNone(enc_method)
- self.assertEqual("http://www.w3.org/2001/04/xmlenc#aes128-cbc", enc_method.get("Algorithm"))
+ self.assertEqual('http://www.w3.org/2001/04/xmlenc#aes128-cbc', enc_method.get('Algorithm'))
ki = xmlsec.tree.find_child(enc_data, consts.NodeKeyInfo, consts.DSigNs)
self.assertIsNotNone(ki)
enc_method2 = xmlsec.tree.find_node(ki, consts.NodeEncryptionMethod, consts.EncNs)
self.assertIsNotNone(enc_method2)
- self.assertEqual("http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p", enc_method2.get("Algorithm"))
+ self.assertEqual('http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p', enc_method2.get('Algorithm'))
cipher_value = xmlsec.tree.find_node(ki, consts.NodeCipherValue, consts.EncNs)
self.assertIsNotNone(cipher_value)
@@ -151,15 +151,15 @@ def test_encrypt_binary_bad_template(self):
def test_encrypt_uri(self):
root = self.load_xml('enc2-in.xml')
enc_data = xmlsec.template.encrypted_data_create(
- root, consts.TransformAes128Cbc, type=consts.TypeEncContent, ns="xenc", mime_type="binary/octet-stream"
+ root, consts.TransformAes128Cbc, type=consts.TypeEncContent, ns='xenc', mime_type='binary/octet-stream'
)
xmlsec.template.encrypted_data_ensure_cipher_value(enc_data)
- ki = xmlsec.template.encrypted_data_ensure_key_info(enc_data, ns="dsig")
+ ki = xmlsec.template.encrypted_data_ensure_key_info(enc_data, ns='dsig')
ek = xmlsec.template.add_encrypted_key(ki, consts.TransformRsaOaep)
xmlsec.template.encrypted_data_ensure_cipher_value(ek)
manager = xmlsec.KeysManager()
- manager.add_key(xmlsec.Key.from_file(self.path("rsacert.pem"), format=consts.KeyDataFormatCertPem))
+ manager.add_key(xmlsec.Key.from_file(self.path('rsacert.pem'), format=consts.KeyDataFormatCertPem))
ctx = xmlsec.EncryptionContext(manager)
ctx.key = xmlsec.Key.generate(consts.KeyDataAes, 128, consts.KeyDataTypeSession)
@@ -169,17 +169,17 @@ def test_encrypt_uri(self):
encrypted = ctx.encrypt_binary(enc_data, 'file://' + tmpfile.name)
self.assertIsNotNone(encrypted)
- self.assertEqual("{{{}}}{}".format(consts.EncNs, consts.NodeEncryptedData), encrypted.tag)
+ self.assertEqual(f'{{{consts.EncNs}}}{consts.NodeEncryptedData}', encrypted.tag)
enc_method = xmlsec.tree.find_child(enc_data, consts.NodeEncryptionMethod, consts.EncNs)
self.assertIsNotNone(enc_method)
- self.assertEqual("http://www.w3.org/2001/04/xmlenc#aes128-cbc", enc_method.get("Algorithm"))
+ self.assertEqual('http://www.w3.org/2001/04/xmlenc#aes128-cbc', enc_method.get('Algorithm'))
ki = xmlsec.tree.find_child(enc_data, consts.NodeKeyInfo, consts.DSigNs)
self.assertIsNotNone(ki)
enc_method2 = xmlsec.tree.find_node(ki, consts.NodeEncryptionMethod, consts.EncNs)
self.assertIsNotNone(enc_method2)
- self.assertEqual("http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p", enc_method2.get("Algorithm"))
+ self.assertEqual('http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p', enc_method2.get('Algorithm'))
cipher_value = xmlsec.tree.find_node(ki, consts.NodeCipherValue, consts.EncNs)
self.assertIsNotNone(cipher_value)
@@ -205,7 +205,7 @@ def test_decrypt_key(self):
self.assertIsNotNone(enc_key)
manager = xmlsec.KeysManager()
- manager.add_key(xmlsec.Key.from_file(self.path("rsakey.pem"), format=consts.KeyDataFormatPem))
+ manager.add_key(xmlsec.Key.from_file(self.path('rsakey.pem'), format=consts.KeyDataFormatPem))
ctx = xmlsec.EncryptionContext(manager)
keydata = ctx.decrypt(enc_key)
ctx.reset()
@@ -215,19 +215,19 @@ def test_decrypt_key(self):
self.assertIsNotNone(enc_data)
decrypted = ctx.decrypt(enc_data)
self.assertIsNotNone(decrypted)
- self.assertEqual(self.load_xml("enc3-in.xml"), decrypted)
+ self.assertEqual(self.load_xml('enc3-in.xml'), decrypted)
def check_decrypt(self, i):
- root = self.load_xml('enc{}-out.xml'.format(i))
+ root = self.load_xml(f'enc{i}-out.xml')
enc_data = xmlsec.tree.find_child(root, consts.NodeEncryptedData, consts.EncNs)
self.assertIsNotNone(enc_data)
manager = xmlsec.KeysManager()
- manager.add_key(xmlsec.Key.from_file(self.path("rsakey.pem"), format=consts.KeyDataFormatPem))
+ manager.add_key(xmlsec.Key.from_file(self.path('rsakey.pem'), format=consts.KeyDataFormatPem))
ctx = xmlsec.EncryptionContext(manager)
decrypted = ctx.decrypt(enc_data)
self.assertIsNotNone(decrypted)
- self.assertEqual(self.load_xml("enc{}-in.xml".format(i)), root)
+ self.assertEqual(self.load_xml(f'enc{i}-in.xml'), root)
def test_decrypt_bad_args(self):
ctx = xmlsec.EncryptionContext()
diff --git a/tests/test_keys.py b/tests/test_keys.py
index 0d41abef..977ddf82 100644
--- a/tests/test_keys.py
+++ b/tests/test_keys.py
@@ -9,33 +9,32 @@
class TestKeys(base.TestMemoryLeaks):
def test_key_from_memory(self):
- key = xmlsec.Key.from_memory(self.load("rsakey.pem"), format=consts.KeyDataFormatPem)
+ key = xmlsec.Key.from_memory(self.load('rsakey.pem'), format=consts.KeyDataFormatPem)
self.assertIsNotNone(key)
def test_key_from_memory_with_bad_args(self):
with self.assertRaises(TypeError):
- xmlsec.Key.from_memory(1, format="")
+ xmlsec.Key.from_memory(1, format='')
def test_key_from_memory_invalid_data(self):
with self.assertRaisesRegex(xmlsec.Error, '.*cannot load key.*'):
xmlsec.Key.from_memory(b'foo', format=consts.KeyDataFormatPem)
def test_key_from_file(self):
- key = xmlsec.Key.from_file(self.path("rsakey.pem"), format=consts.KeyDataFormatPem)
+ key = xmlsec.Key.from_file(self.path('rsakey.pem'), format=consts.KeyDataFormatPem)
self.assertIsNotNone(key)
def test_key_from_file_with_bad_args(self):
with self.assertRaises(TypeError):
- xmlsec.Key.from_file(1, format="")
+ xmlsec.Key.from_file(1, format='')
def test_key_from_invalid_file(self):
- with self.assertRaisesRegex(xmlsec.Error, '.*cannot read key.*'):
- with tempfile.NamedTemporaryFile() as tmpfile:
- tmpfile.write(b'foo')
- xmlsec.Key.from_file(tmpfile.name, format=consts.KeyDataFormatPem)
+ with self.assertRaisesRegex(xmlsec.Error, '.*cannot read key.*'), tempfile.NamedTemporaryFile() as tmpfile:
+ tmpfile.write(b'foo')
+ xmlsec.Key.from_file(tmpfile.name, format=consts.KeyDataFormatPem)
def test_key_from_fileobj(self):
- with open(self.path("rsakey.pem"), "rb") as fobj:
+ with open(self.path('rsakey.pem'), 'rb') as fobj:
key = xmlsec.Key.from_file(fobj, format=consts.KeyDataFormatPem)
self.assertIsNotNone(key)
@@ -51,71 +50,69 @@ def test_generate(self):
def test_generate_with_bad_args(self):
with self.assertRaises(TypeError):
- xmlsec.Key.generate(klass="", size="", type="")
+ xmlsec.Key.generate(klass='', size='', type='')
def test_generate_invalid_size(self):
with self.assertRaisesRegex(xmlsec.Error, '.*cannot generate key.*'):
xmlsec.Key.generate(klass=consts.KeyDataAes, size=0, type=consts.KeyDataTypeSession)
def test_from_binary_file(self):
- key = xmlsec.Key.from_binary_file(klass=consts.KeyDataDes, filename=self.path("deskey.bin"))
+ key = xmlsec.Key.from_binary_file(klass=consts.KeyDataDes, filename=self.path('deskey.bin'))
self.assertIsNotNone(key)
def test_from_binary_file_with_bad_args(self):
with self.assertRaises(TypeError):
- xmlsec.Key.from_binary_file(klass="", filename=1)
+ xmlsec.Key.from_binary_file(klass='', filename=1)
def test_from_invalid_binary_file(self):
- with self.assertRaisesRegex(xmlsec.Error, '.*cannot read key.*'):
- with tempfile.NamedTemporaryFile() as tmpfile:
- tmpfile.write(b'foo')
- xmlsec.Key.from_binary_file(klass=consts.KeyDataDes, filename=tmpfile.name)
+ with self.assertRaisesRegex(xmlsec.Error, '.*cannot read key.*'), tempfile.NamedTemporaryFile() as tmpfile:
+ tmpfile.write(b'foo')
+ xmlsec.Key.from_binary_file(klass=consts.KeyDataDes, filename=tmpfile.name)
def test_from_binary_data(self):
- key = xmlsec.Key.from_binary_data(klass=consts.KeyDataDes, data=self.load("deskey.bin"))
+ key = xmlsec.Key.from_binary_data(klass=consts.KeyDataDes, data=self.load('deskey.bin'))
self.assertIsNotNone(key)
def test_from_binary_data_with_bad_args(self):
with self.assertRaises(TypeError):
- xmlsec.Key.from_binary_data(klass="", data=1)
+ xmlsec.Key.from_binary_data(klass='', data=1)
def test_from_invalid_binary_data(self):
with self.assertRaisesRegex(xmlsec.Error, '.*cannot read key.*'):
xmlsec.Key.from_binary_data(klass=consts.KeyDataDes, data=b'')
def test_load_cert_from_file(self):
- key = xmlsec.Key.from_file(self.path("rsakey.pem"), format=consts.KeyDataFormatPem)
+ key = xmlsec.Key.from_file(self.path('rsakey.pem'), format=consts.KeyDataFormatPem)
self.assertIsNotNone(key)
- key.load_cert_from_file(self.path("rsacert.pem"), format=consts.KeyDataFormatPem)
+ key.load_cert_from_file(self.path('rsacert.pem'), format=consts.KeyDataFormatPem)
def test_load_cert_from_file_with_bad_args(self):
- key = xmlsec.Key.from_file(self.path("rsakey.pem"), format=consts.KeyDataFormatPem)
+ key = xmlsec.Key.from_file(self.path('rsakey.pem'), format=consts.KeyDataFormatPem)
self.assertIsNotNone(key)
with self.assertRaises(TypeError):
- key.load_cert_from_file(1, format="")
+ key.load_cert_from_file(1, format='')
def test_load_cert_from_invalid_file(self):
- key = xmlsec.Key.from_file(self.path("rsakey.pem"), format=consts.KeyDataFormatPem)
+ key = xmlsec.Key.from_file(self.path('rsakey.pem'), format=consts.KeyDataFormatPem)
self.assertIsNotNone(key)
- with self.assertRaisesRegex(xmlsec.Error, '.*cannot load cert.*'):
- with tempfile.NamedTemporaryFile() as tmpfile:
- tmpfile.write(b'foo')
- key.load_cert_from_file(tmpfile.name, format=consts.KeyDataFormatPem)
+ with self.assertRaisesRegex(xmlsec.Error, '.*cannot load cert.*'), tempfile.NamedTemporaryFile() as tmpfile:
+ tmpfile.write(b'foo')
+ key.load_cert_from_file(tmpfile.name, format=consts.KeyDataFormatPem)
def test_load_cert_from_fileobj(self):
- key = xmlsec.Key.from_file(self.path("rsakey.pem"), format=consts.KeyDataFormatPem)
+ key = xmlsec.Key.from_file(self.path('rsakey.pem'), format=consts.KeyDataFormatPem)
self.assertIsNotNone(key)
- with open(self.path("rsacert.pem"), "rb") as fobj:
+ with open(self.path('rsacert.pem'), 'rb') as fobj:
key.load_cert_from_file(fobj, format=consts.KeyDataFormatPem)
def test_load_cert_from_fileobj_with_bad_args(self):
- key = xmlsec.Key.from_file(self.path("rsakey.pem"), format=consts.KeyDataFormatPem)
+ key = xmlsec.Key.from_file(self.path('rsakey.pem'), format=consts.KeyDataFormatPem)
self.assertIsNotNone(key)
- with self.assertRaises(TypeError), open(self.path("rsacert.pem"), "rb") as fobj:
+ with self.assertRaises(TypeError), open(self.path('rsacert.pem'), 'rb') as fobj:
key.load_cert_from_file(fobj, format='')
def test_load_cert_from_invalid_fileobj(self):
- key = xmlsec.Key.from_file(self.path("rsakey.pem"), format=consts.KeyDataFormatPem)
+ key = xmlsec.Key.from_file(self.path('rsakey.pem'), format=consts.KeyDataFormatPem)
self.assertIsNotNone(key)
with tempfile.NamedTemporaryFile(delete=False) as tmpfile:
tmpfile.write(b'foo')
@@ -123,41 +120,41 @@ def test_load_cert_from_invalid_fileobj(self):
key.load_cert_from_file(fp, format=consts.KeyDataFormatPem)
def test_load_cert_from_memory(self):
- key = xmlsec.Key.from_file(self.path("rsakey.pem"), format=consts.KeyDataFormatPem)
+ key = xmlsec.Key.from_file(self.path('rsakey.pem'), format=consts.KeyDataFormatPem)
self.assertIsNotNone(key)
- key.load_cert_from_memory(self.load("rsacert.pem"), format=consts.KeyDataFormatPem)
+ key.load_cert_from_memory(self.load('rsacert.pem'), format=consts.KeyDataFormatPem)
def test_load_cert_from_memory_with_bad_args(self):
- key = xmlsec.Key.from_file(self.path("rsakey.pem"), format=consts.KeyDataFormatPem)
+ key = xmlsec.Key.from_file(self.path('rsakey.pem'), format=consts.KeyDataFormatPem)
self.assertIsNotNone(key)
with self.assertRaises(TypeError):
- key.load_cert_from_memory(1, format="")
+ key.load_cert_from_memory(1, format='')
def test_load_cert_from_memory_invalid_data(self):
- key = xmlsec.Key.from_file(self.path("rsakey.pem"), format=consts.KeyDataFormatPem)
+ key = xmlsec.Key.from_file(self.path('rsakey.pem'), format=consts.KeyDataFormatPem)
self.assertIsNotNone(key)
with self.assertRaisesRegex(xmlsec.Error, '.*cannot load cert.*'):
key.load_cert_from_memory(b'', format=consts.KeyDataFormatPem)
def test_get_name(self):
- key = xmlsec.Key.from_file(self.path("rsakey.pem"), format=consts.KeyDataFormatPem)
+ key = xmlsec.Key.from_file(self.path('rsakey.pem'), format=consts.KeyDataFormatPem)
self.assertIsNone(key.name)
def test_get_name_invalid_key(self):
key = xmlsec.Key()
with self.assertRaisesRegex(ValueError, 'key is not ready'):
- key.name
+ key.name # noqa: B018
def test_del_name(self):
- key = xmlsec.Key.from_file(self.path("rsakey.pem"), format=consts.KeyDataFormatPem)
- key.name = "rsakey"
+ key = xmlsec.Key.from_file(self.path('rsakey.pem'), format=consts.KeyDataFormatPem)
+ key.name = 'rsakey'
del key.name
self.assertIsNone(key.name)
def test_set_name(self):
- key = xmlsec.Key.from_file(self.path("rsakey.pem"), format=consts.KeyDataFormatPem)
- key.name = "rsakey"
- self.assertEqual("rsakey", key.name)
+ key = xmlsec.Key.from_file(self.path('rsakey.pem'), format=consts.KeyDataFormatPem)
+ key.name = 'rsakey'
+ self.assertEqual('rsakey', key.name)
def test_set_name_invalid_key(self):
key = xmlsec.Key()
@@ -165,56 +162,55 @@ def test_set_name_invalid_key(self):
key.name = 'foo'
def test_copy(self):
- key = xmlsec.Key.from_file(self.path("rsakey.pem"), format=consts.KeyDataFormatPem)
+ key = xmlsec.Key.from_file(self.path('rsakey.pem'), format=consts.KeyDataFormatPem)
key2 = copy.copy(key)
del key
- key2.load_cert_from_file(self.path("rsacert.pem"), format=consts.KeyDataFormatPem)
+ key2.load_cert_from_file(self.path('rsacert.pem'), format=consts.KeyDataFormatPem)
class TestKeysManager(base.TestMemoryLeaks):
def test_add_key(self):
- key = xmlsec.Key.from_file(self.path("rsakey.pem"), format=consts.KeyDataFormatPem)
+ key = xmlsec.Key.from_file(self.path('rsakey.pem'), format=consts.KeyDataFormatPem)
mngr = xmlsec.KeysManager()
mngr.add_key(key)
def test_add_key_with_bad_args(self):
mngr = xmlsec.KeysManager()
with self.assertRaises(TypeError):
- mngr.add_key("")
+ mngr.add_key('')
def test_load_cert(self):
mngr = xmlsec.KeysManager()
- mngr.add_key(xmlsec.Key.from_file(self.path("rsakey.pem"), format=consts.KeyDataFormatPem))
- mngr.load_cert(self.path("rsacert.pem"), format=consts.KeyDataFormatPem, type=consts.KeyDataTypeTrusted)
+ mngr.add_key(xmlsec.Key.from_file(self.path('rsakey.pem'), format=consts.KeyDataFormatPem))
+ mngr.load_cert(self.path('rsacert.pem'), format=consts.KeyDataFormatPem, type=consts.KeyDataTypeTrusted)
def test_load_cert_with_bad_args(self):
mngr = xmlsec.KeysManager()
- mngr.add_key(xmlsec.Key.from_file(self.path("rsakey.pem"), format=consts.KeyDataFormatPem))
- with self.assertRaisesRegex(xmlsec.Error, '.*cannot load cert.*'):
- with tempfile.NamedTemporaryFile() as tmpfile:
- tmpfile.write(b'foo')
- mngr.load_cert(tmpfile.name, format=consts.KeyDataFormatPem, type=consts.KeyDataTypeTrusted)
+ mngr.add_key(xmlsec.Key.from_file(self.path('rsakey.pem'), format=consts.KeyDataFormatPem))
+ with self.assertRaisesRegex(xmlsec.Error, '.*cannot load cert.*'), tempfile.NamedTemporaryFile() as tmpfile:
+ tmpfile.write(b'foo')
+ mngr.load_cert(tmpfile.name, format=consts.KeyDataFormatPem, type=consts.KeyDataTypeTrusted)
def test_load_invalid_cert(self):
mngr = xmlsec.KeysManager()
- mngr.add_key(xmlsec.Key.from_file(self.path("rsakey.pem"), format=consts.KeyDataFormatPem))
+ mngr.add_key(xmlsec.Key.from_file(self.path('rsakey.pem'), format=consts.KeyDataFormatPem))
with self.assertRaises(TypeError):
- mngr.load_cert(1, format="", type="")
+ mngr.load_cert(1, format='', type='')
def test_load_cert_from_memory(self):
mngr = xmlsec.KeysManager()
- mngr.add_key(xmlsec.Key.from_file(self.path("rsakey.pem"), format=consts.KeyDataFormatPem))
- mngr.load_cert_from_memory(self.load("rsacert.pem"), format=consts.KeyDataFormatPem, type=consts.KeyDataTypeTrusted)
+ mngr.add_key(xmlsec.Key.from_file(self.path('rsakey.pem'), format=consts.KeyDataFormatPem))
+ mngr.load_cert_from_memory(self.load('rsacert.pem'), format=consts.KeyDataFormatPem, type=consts.KeyDataTypeTrusted)
def test_load_cert_from_memory_with_bad_args(self):
mngr = xmlsec.KeysManager()
- mngr.add_key(xmlsec.Key.from_file(self.path("rsakey.pem"), format=consts.KeyDataFormatPem))
+ mngr.add_key(xmlsec.Key.from_file(self.path('rsakey.pem'), format=consts.KeyDataFormatPem))
with self.assertRaises(TypeError):
- mngr.load_cert_from_memory(1, format="", type="")
+ mngr.load_cert_from_memory(1, format='', type='')
def test_load_cert_from_memory_invalid_data(self):
mngr = xmlsec.KeysManager()
- mngr.add_key(xmlsec.Key.from_file(self.path("rsakey.pem"), format=consts.KeyDataFormatPem))
+ mngr.add_key(xmlsec.Key.from_file(self.path('rsakey.pem'), format=consts.KeyDataFormatPem))
with self.assertRaisesRegex(xmlsec.Error, '.*cannot load cert.*'):
mngr.load_cert_from_memory(b'', format=consts.KeyDataFormatPem, type=consts.KeyDataTypeTrusted)
diff --git a/tests/test_main.py b/tests/test_main.py
index 3db18582..8f1501f2 100644
--- a/tests/test_main.py
+++ b/tests/test_main.py
@@ -10,7 +10,7 @@
class TestBase64LineSize(base.TestMemoryLeaks):
def tearDown(self):
xmlsec.base64_default_line_size(64)
- super(TestBase64LineSize, self).tearDown()
+ super().tearDown()
def test_get_base64_default_line_size(self):
self.assertEqual(xmlsec.base64_default_line_size(), 64)
@@ -43,12 +43,12 @@ def setUp(self):
xmlsec.cleanup_callbacks()
def _sign_doc(self):
- root = self.load_xml("doc.xml")
+ root = self.load_xml('doc.xml')
sign = xmlsec.template.create(root, c14n_method=consts.TransformExclC14N, sign_method=consts.TransformRsaSha1)
- xmlsec.template.add_reference(sign, consts.TransformSha1, uri="cid:123456")
+ xmlsec.template.add_reference(sign, consts.TransformSha1, uri='cid:123456')
ctx = xmlsec.SignatureContext()
- ctx.key = xmlsec.Key.from_file(self.path("rsakey.pem"), format=consts.KeyDataFormatPem)
+ ctx.key = xmlsec.Key.from_file(self.path('rsakey.pem'), format=consts.KeyDataFormatPem)
ctx.sign(sign)
return sign
@@ -78,7 +78,7 @@ def _register_match_callbacks(self):
def _find(self, elem, *tags):
try:
return elem.xpath(
- './' + '/'.join('xmldsig:{}'.format(tag) for tag in tags),
+ './' + '/'.join(f'xmldsig:{tag}' for tag in tags),
namespaces={
'xmldsig': 'http://www.w3.org/2000/09/xmldsig#',
},
@@ -125,7 +125,7 @@ def match_cb(filename):
self._verify_external_data_signature()
self.assertEqual(bad_match_calls, 0)
- @skipIf(sys.platform == "win32", "unclear behaviour on windows")
+ @skipIf(sys.platform == 'win32', 'unclear behaviour on windows')
def test_failed_sign_because_default_callbacks(self):
mismatch_calls = 0
diff --git a/tests/test_pkcs11.py b/tests/test_pkcs11.py
index accd29ae..cba1a3f0 100644
--- a/tests/test_pkcs11.py
+++ b/tests/test_pkcs11.py
@@ -2,7 +2,7 @@
from tests import base
from xmlsec import constants as consts
-KEY_URL = "pkcs11;pkcs11:token=test;object=test;pin-value=secret1"
+KEY_URL = 'pkcs11;pkcs11:token=test;object=test;pin-value=secret1'
def setUpModule():
@@ -43,7 +43,7 @@ def test_sign_fail(self):
def test_sign_case1(self):
"""Should sign a pre-constructed template file using a key from a pkcs11 engine."""
- root = self.load_xml("sign1-in.xml")
+ root = self.load_xml('sign1-in.xml')
sign = xmlsec.tree.find_node(root, consts.NodeSignature)
self.assertIsNotNone(sign)
@@ -51,7 +51,7 @@ def test_sign_case1(self):
ctx.key = xmlsec.Key.from_engine(KEY_URL)
self.assertIsNotNone(ctx.key)
ctx.key.name = 'rsakey.pem'
- self.assertEqual("rsakey.pem", ctx.key.name)
+ self.assertEqual('rsakey.pem', ctx.key.name)
ctx.sign(sign)
- self.assertEqual(self.load_xml("sign1-out.xml"), root)
+ self.assertEqual(self.load_xml('sign1-out.xml'), root)
diff --git a/tests/test_templates.py b/tests/test_templates.py
index 3bae7e55..bbf7f42d 100644
--- a/tests/test_templates.py
+++ b/tests/test_templates.py
@@ -10,61 +10,61 @@
class TestTemplates(base.TestMemoryLeaks):
def test_create(self):
- root = self.load_xml("doc.xml")
+ root = self.load_xml('doc.xml')
sign = xmlsec.template.create(
- root, c14n_method=consts.TransformExclC14N, sign_method=consts.TransformRsaSha1, id="Id", ns="test"
+ root, c14n_method=consts.TransformExclC14N, sign_method=consts.TransformRsaSha1, id='Id', ns='test'
)
- self.assertEqual("Id", sign.get("Id"))
- self.assertEqual("test", sign.prefix)
+ self.assertEqual('Id', sign.get('Id'))
+ self.assertEqual('test', sign.prefix)
def test_create_bad_args(self):
with self.assertRaises(TypeError):
xmlsec.template.create('', c14n_method=consts.TransformExclC14N, sign_method=consts.TransformRsaSha1)
def test_encrypt_data_create(self):
- root = self.load_xml("doc.xml")
+ root = self.load_xml('doc.xml')
enc = xmlsec.template.encrypted_data_create(
- root, method=consts.TransformDes3Cbc, id="Id", type="Type", mime_type="MimeType", encoding="Encoding", ns="test"
+ root, method=consts.TransformDes3Cbc, id='Id', type='Type', mime_type='MimeType', encoding='Encoding', ns='test'
)
- for a in ("Id", "Type", "MimeType", "Encoding"):
+ for a in ('Id', 'Type', 'MimeType', 'Encoding'):
self.assertEqual(a, enc.get(a))
- self.assertEqual("test", enc.prefix)
+ self.assertEqual('test', enc.prefix)
def test_ensure_key_info(self):
- root = self.load_xml("doc.xml")
+ root = self.load_xml('doc.xml')
sign = xmlsec.template.create(root, c14n_method=consts.TransformExclC14N, sign_method=consts.TransformRsaSha1)
- ki = xmlsec.template.ensure_key_info(sign, id="Id")
- self.assertEqual("Id", ki.get("Id"))
+ ki = xmlsec.template.ensure_key_info(sign, id='Id')
+ self.assertEqual('Id', ki.get('Id'))
def test_ensure_key_info_fail(self):
with self.assertRaisesRegex(xmlsec.Error, 'cannot ensure key info.'):
- xmlsec.template.ensure_key_info(etree.fromstring(b''), id="Id")
+ xmlsec.template.ensure_key_info(etree.fromstring(b''), id='Id')
def test_ensure_key_info_bad_args(self):
with self.assertRaises(TypeError):
xmlsec.template.ensure_key_info('', id=0)
def test_add_encrypted_key(self):
- root = self.load_xml("doc.xml")
+ root = self.load_xml('doc.xml')
sign = xmlsec.template.create(root, c14n_method=consts.TransformExclC14N, sign_method=consts.TransformRsaSha1)
ki = xmlsec.template.ensure_key_info(sign)
ek = xmlsec.template.add_encrypted_key(ki, consts.TransformRsaOaep)
- self.assertEqual(ek, xmlsec.tree.find_node(self.load_xml("sign_template.xml"), consts.NodeEncryptedKey, consts.EncNs))
- ek2 = xmlsec.template.add_encrypted_key(ki, consts.TransformRsaOaep, id="Id", type="Type", recipient="Recipient")
- for a in ("Id", "Type", "Recipient"):
+ self.assertEqual(ek, xmlsec.tree.find_node(self.load_xml('sign_template.xml'), consts.NodeEncryptedKey, consts.EncNs))
+ ek2 = xmlsec.template.add_encrypted_key(ki, consts.TransformRsaOaep, id='Id', type='Type', recipient='Recipient')
+ for a in ('Id', 'Type', 'Recipient'):
self.assertEqual(a, ek2.get(a))
def test_add_key_name(self):
- root = self.load_xml("doc.xml")
+ root = self.load_xml('doc.xml')
sign = xmlsec.template.create(root, c14n_method=consts.TransformExclC14N, sign_method=consts.TransformRsaSha1)
ki = xmlsec.template.ensure_key_info(sign)
kn = xmlsec.template.add_key_name(ki)
- self.assertEqual(kn, xmlsec.tree.find_node(self.load_xml("sign_template.xml"), consts.NodeKeyName, consts.DSigNs))
- kn2 = xmlsec.template.add_key_name(ki, name="name")
- self.assertEqual("name", kn2.text)
+ self.assertEqual(kn, xmlsec.tree.find_node(self.load_xml('sign_template.xml'), consts.NodeKeyName, consts.DSigNs))
+ kn2 = xmlsec.template.add_key_name(ki, name='name')
+ self.assertEqual('name', kn2.text)
def test_add_key_name_none(self):
- root = self.load_xml("doc.xml")
+ root = self.load_xml('doc.xml')
sign = xmlsec.template.create(root, c14n_method=consts.TransformExclC14N, sign_method=consts.TransformRsaSha1)
ki = xmlsec.template.ensure_key_info(sign)
kn2 = xmlsec.template.add_key_name(ki, name=None)
@@ -76,10 +76,10 @@ def test_add_key_name_bad_args(self):
xmlsec.template.add_key_name('')
def test_add_reference(self):
- root = self.load_xml("doc.xml")
+ root = self.load_xml('doc.xml')
sign = xmlsec.template.create(root, c14n_method=consts.TransformExclC14N, sign_method=consts.TransformRsaSha1)
- ref = xmlsec.template.add_reference(sign, consts.TransformSha1, id="Id", uri="URI", type="Type")
- for a in ("Id", "URI", "Type"):
+ ref = xmlsec.template.add_reference(sign, consts.TransformSha1, id='Id', uri='URI', type='Type')
+ for a in ('Id', 'URI', 'Type'):
self.assertEqual(a, ref.get(a))
def test_add_reference_bad_args(self):
@@ -99,18 +99,18 @@ def test_add_transform_bad_args(self):
xmlsec.template.add_transform(etree.Element('root'), '')
def test_add_key_value(self):
- root = self.load_xml("doc.xml")
+ root = self.load_xml('doc.xml')
sign = xmlsec.template.create(root, c14n_method=consts.TransformExclC14N, sign_method=consts.TransformRsaSha1)
ki = xmlsec.template.ensure_key_info(sign)
kv = xmlsec.template.add_key_value(ki)
- self.assertEqual(kv, xmlsec.tree.find_node(self.load_xml("sign_template.xml"), consts.NodeKeyValue, consts.DSigNs))
+ self.assertEqual(kv, xmlsec.tree.find_node(self.load_xml('sign_template.xml'), consts.NodeKeyValue, consts.DSigNs))
def test_add_key_value_bad_args(self):
with self.assertRaises(TypeError):
xmlsec.template.add_key_value('')
def test_add_x509_data(self):
- root = self.load_xml("doc.xml")
+ root = self.load_xml('doc.xml')
sign = xmlsec.template.create(root, c14n_method=consts.TransformExclC14N, sign_method=consts.TransformRsaSha1)
ki = xmlsec.template.ensure_key_info(sign)
x509 = xmlsec.template.add_x509_data(ki)
@@ -121,22 +121,22 @@ def test_add_x509_data(self):
xmlsec.template.x509_data_add_subject_name(x509)
xmlsec.template.x509_issuer_serial_add_issuer_name(issuer)
xmlsec.template.x509_issuer_serial_add_serial_number(issuer)
- self.assertEqual(x509, xmlsec.tree.find_node(self.load_xml("sign_template.xml"), consts.NodeX509Data, consts.DSigNs))
+ self.assertEqual(x509, xmlsec.tree.find_node(self.load_xml('sign_template.xml'), consts.NodeX509Data, consts.DSigNs))
def test_add_x509_data_bad_args(self):
with self.assertRaises(TypeError):
xmlsec.template.add_x509_data('')
def test_x509_issuer_serial_add_issuer(self):
- root = self.load_xml("doc.xml")
+ root = self.load_xml('doc.xml')
sign = xmlsec.template.create(root, c14n_method=consts.TransformExclC14N, sign_method=consts.TransformRsaSha1)
ki = xmlsec.template.ensure_key_info(sign)
x509 = xmlsec.template.add_x509_data(ki)
issuer = xmlsec.template.x509_data_add_issuer_serial(x509)
- name = xmlsec.template.x509_issuer_serial_add_issuer_name(issuer, name="Name")
- serial = xmlsec.template.x509_issuer_serial_add_serial_number(issuer, serial="Serial")
- self.assertEqual("Name", name.text)
- self.assertEqual("Serial", serial.text)
+ name = xmlsec.template.x509_issuer_serial_add_issuer_name(issuer, name='Name')
+ serial = xmlsec.template.x509_issuer_serial_add_serial_number(issuer, serial='Serial')
+ self.assertEqual('Name', name.text)
+ self.assertEqual('Serial', serial.text)
def test_x509_issuer_serial_add_issuer_bad_args(self):
with self.assertRaises(TypeError):
@@ -175,23 +175,23 @@ def test_encrypted_data_create_bad_args(self):
xmlsec.template.encrypted_data_create('', 0)
def test_encrypted_data_ensure_cipher_value(self):
- root = self.load_xml("doc.xml")
+ root = self.load_xml('doc.xml')
enc = xmlsec.template.encrypted_data_create(root, method=consts.TransformDes3Cbc)
cv = xmlsec.template.encrypted_data_ensure_cipher_value(enc)
- self.assertEqual(cv, xmlsec.tree.find_node(self.load_xml("sign_template.xml"), consts.NodeCipherValue, consts.EncNs))
+ self.assertEqual(cv, xmlsec.tree.find_node(self.load_xml('sign_template.xml'), consts.NodeCipherValue, consts.EncNs))
def test_encrypted_data_ensure_cipher_value_bad_args(self):
with self.assertRaises(TypeError):
xmlsec.template.encrypted_data_ensure_cipher_value('')
def test_encrypted_data_ensure_key_info(self):
- root = self.load_xml("doc.xml")
+ root = self.load_xml('doc.xml')
enc = xmlsec.template.encrypted_data_create(root, method=consts.TransformDes3Cbc)
ki = xmlsec.template.encrypted_data_ensure_key_info(enc)
- self.assertEqual(ki, xmlsec.tree.find_node(self.load_xml("enc_template.xml"), consts.NodeKeyInfo, consts.DSigNs))
- ki2 = xmlsec.template.encrypted_data_ensure_key_info(enc, id="Id", ns="test")
- self.assertEqual("Id", ki2.get("Id"))
- self.assertEqual("test", ki2.prefix)
+ self.assertEqual(ki, xmlsec.tree.find_node(self.load_xml('enc_template.xml'), consts.NodeKeyInfo, consts.DSigNs))
+ ki2 = xmlsec.template.encrypted_data_ensure_key_info(enc, id='Id', ns='test')
+ self.assertEqual('Id', ki2.get('Id'))
+ self.assertEqual('test', ki2.prefix)
def test_encrypted_data_ensure_key_info_bad_args(self):
with self.assertRaises(TypeError):
@@ -199,14 +199,14 @@ def test_encrypted_data_ensure_key_info_bad_args(self):
@unittest.skipIf(not hasattr(consts, 'TransformXslt'), reason='XSLT transformations not enabled')
def test_transform_add_c14n_inclusive_namespaces(self):
- root = self.load_xml("doc.xml")
+ root = self.load_xml('doc.xml')
sign = xmlsec.template.create(root, c14n_method=consts.TransformExclC14N, sign_method=consts.TransformRsaSha1)
ref = xmlsec.template.add_reference(sign, consts.TransformSha1)
trans1 = xmlsec.template.add_transform(ref, consts.TransformEnveloped)
- xmlsec.template.transform_add_c14n_inclusive_namespaces(trans1, "default")
+ xmlsec.template.transform_add_c14n_inclusive_namespaces(trans1, 'default')
trans2 = xmlsec.template.add_transform(ref, consts.TransformXslt)
- xmlsec.template.transform_add_c14n_inclusive_namespaces(trans2, ["ns1", "ns2"])
- self.assertEqual(ref, xmlsec.tree.find_node(self.load_xml("sign_template.xml"), consts.NodeReference, consts.DSigNs))
+ xmlsec.template.transform_add_c14n_inclusive_namespaces(trans2, ['ns1', 'ns2'])
+ self.assertEqual(ref, xmlsec.tree.find_node(self.load_xml('sign_template.xml'), consts.NodeReference, consts.DSigNs))
def test_transform_add_c14n_inclusive_namespaces_bad_args(self):
with self.assertRaises(TypeError):
diff --git a/tests/test_tree.py b/tests/test_tree.py
index 4c79c8de..5e80a60a 100644
--- a/tests/test_tree.py
+++ b/tests/test_tree.py
@@ -6,7 +6,7 @@
class TestTree(base.TestMemoryLeaks):
def test_find_child(self):
- root = self.load_xml("sign_template.xml")
+ root = self.load_xml('sign_template.xml')
si = xmlsec.tree.find_child(root, consts.NodeSignedInfo, consts.DSigNs)
self.assertEqual(consts.NodeSignedInfo, si.tag.partition('}')[2])
self.assertIsNone(xmlsec.tree.find_child(root, consts.NodeReference))
@@ -17,7 +17,7 @@ def test_find_child_bad_args(self):
xmlsec.tree.find_child('', 0, True)
def test_find_parent(self):
- root = self.load_xml("sign_template.xml")
+ root = self.load_xml('sign_template.xml')
si = xmlsec.tree.find_child(root, consts.NodeSignedInfo, consts.DSigNs)
self.assertIs(root, xmlsec.tree.find_parent(si, consts.NodeSignature))
self.assertIsNone(xmlsec.tree.find_parent(root, consts.NodeSignedInfo))
@@ -27,7 +27,7 @@ def test_find_parent_bad_args(self):
xmlsec.tree.find_parent('', 0, True)
def test_find_node(self):
- root = self.load_xml("sign_template.xml")
+ root = self.load_xml('sign_template.xml')
ref = xmlsec.tree.find_node(root, consts.NodeReference)
self.assertEqual(consts.NodeReference, ref.tag.partition('}')[2])
self.assertIsNone(xmlsec.tree.find_node(root, consts.NodeReference, consts.EncNs))
@@ -37,8 +37,8 @@ def test_find_node_bad_args(self):
xmlsec.tree.find_node('', 0, True)
def test_add_ids(self):
- root = self.load_xml("sign_template.xml")
- xmlsec.tree.add_ids(root, ["id1", "id2", "id3"])
+ root = self.load_xml('sign_template.xml')
+ xmlsec.tree.add_ids(root, ['id1', 'id2', 'id3'])
def test_add_ids_bad_args(self):
with self.assertRaises(TypeError):
diff --git a/tests/test_type_stubs.py b/tests/test_type_stubs.py
index 9ed8f1e2..82f7df7f 100644
--- a/tests/test_type_stubs.py
+++ b/tests/test_type_stubs.py
@@ -40,8 +40,7 @@ class __TransformNoHref(NamedTuple): # __Transform type
def gen_constants_stub():
- """
- Generate contents of the file:`xmlsec/constants.pyi`.
+ """Generate contents of the file:`xmlsec/constants.pyi`.
Simply load all constants at runtime,
generate appropriate type hint for each constant type.
@@ -53,7 +52,7 @@ def process_constant(name):
type_name = type(obj).__name__
if type_name in ('__KeyData', '__Transform') and obj.href is None:
type_name += 'NoHref'
- return '{name}: Final[{type_name}]'.format(name=name, type_name=type_name)
+ return f'{name}: Final[{type_name}]'
names = list(sorted(name for name in dir(xmlsec.constants) if not name.startswith('__')))
lines = [process_constant(name) for name in names]
@@ -61,8 +60,7 @@ def process_constant(name):
def test_xmlsec_constants_stub(request):
- """
- Generate the stub file for :mod:`xmlsec.constants` from existing code.
+ """Generate the stub file for :mod:`xmlsec.constants` from existing code.
Compare it against the existing stub :file:`xmlsec/constants.pyi`.
"""
diff --git a/tests/test_xmlsec.py b/tests/test_xmlsec.py
index 303d7f8f..52dce2b3 100644
--- a/tests/test_xmlsec.py
+++ b/tests/test_xmlsec.py
@@ -4,8 +4,7 @@
class TestModule(base.TestMemoryLeaks):
def test_reinitialize_module(self):
- """
- This test doesn't explicitly verify anything, but will be invoked first in the suite.
+ """This test doesn't explicitly verify anything, but will be invoked first in the suite.
So if the subsequent tests don't fail, we know that the ``init()``/``shutdown()``
function pair doesn't break anything.