def assina_xml(self, xml_element, reference, key_name=None): cert, key = extract_cert_and_key_from_pfx(self.arquivo, self.senha) for element in xml_element.iter("*"): if element.text is not None and not element.text.strip(): element.text = None signer = XMLSigner( method=signxml.methods.enveloped, signature_algorithm="rsa-sha1", digest_algorithm='sha1', c14n_algorithm='http://www.w3.org/TR/2001/REC-xml-c14n-20010315') ns = {} ns[None] = signer.namespaces['ds'] signer.namespaces = ns ref_uri = ('#%s' % reference) if reference else None signed_root = signer.sign(xml_element, key=key, cert=cert, reference_uri=ref_uri, key_name=key_name) if reference: element_signed = signed_root.find(".//*[@Id='%s']" % reference) signature = signed_root.find( ".//{http://www.w3.org/2000/09/xmldsig#}Signature") if element_signed is not None and signature is not None: parent = element_signed.getparent() parent.append(signature) return etree.tostring(signed_root)
def assina_xml(self, xml_element, reference): cert, key = extract_cert_and_key_from_pfx(self.arquivo, self.senha) for element in xml_element.iter("*"): if element.text is not None and not element.text.strip(): element.text = None signer = XMLSigner( method=signxml.methods.enveloped, signature_algorithm=u"rsa-sha1", digest_algorithm=u'sha1', c14n_algorithm=u'http://www.w3.org/TR/2001/REC-xml-c14n-20010315') ns = {} ns[None] = signer.namespaces['ds'] signer.namespaces = ns element_to_be_signed = xml_element.getchildren()[0].getchildren()[0] signed_root = signer.sign( element_to_be_signed, key=key.encode(), cert=cert.encode()) if reference: element_signed = signed_root.find(".//*[@Id='%s']" % reference) signature = signed_root.find( ".//{http://www.w3.org/2000/09/xmldsig#}Signature") if element_signed is not None and signature is not None: parent = xml_element.getchildren()[0] parent.append(signature) return etree.tostring(xml_element, encoding=str)
def assina_xml(self, xml_element, reference): cert, key = extract_cert_and_key_from_pfx(self.arquivo, self.senha) for element in xml_element.iter("*"): if element.text is not None and not element.text.strip(): element.text = None signer = XMLSigner( method=signxml.methods.enveloped, signature_algorithm="rsa-sha1", digest_algorithm="sha1", c14n_algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315", ) ns = {} ns[None] = signer.namespaces["ds"] signer.namespaces = ns ref_uri = ("#%s" % reference) if reference else None signed_root = signer.sign(xml_element, key=key.encode(), cert=cert.encode(), reference_uri=ref_uri) if reference: element_signed = signed_root.find(".//*[@Id='%s']" % reference) signature = (signed_root.find(".//*[@URI='#%s']" % reference).getparent().getparent()) if element_signed is not None and signature is not None: parent = element_signed.getparent() parent.append(signature) return etree.tostring(signed_root, encoding=str)
def assinar(self, xml, retorna_string=False): # busca tag que tem id(reference_uri), logo nao importa se tem namespace reference = xml.find(".//*[@Id]").attrib['Id'] # retira acentos xml_str = remover_acentos( etree.tostring(xml, encoding="unicode", pretty_print=False)) xml = etree.fromstring(xml_str) signer = XMLSigner( method=signxml.methods.enveloped, signature_algorithm="rsa-sha1", digest_algorithm='sha1', c14n_algorithm='http://www.w3.org/TR/2001/REC-xml-c14n-20010315') ns = {None: signer.namespaces['ds']} signer.namespaces = ns ref_uri = ('#%s' % reference) if reference else None signed_root = signer.sign(xml, key=self.key, cert=self.cert, reference_uri=ref_uri) ns = {'ns': NAMESPACE_SIG} # coloca o certificado na tag X509Data/X509Certificate tagX509Data = signed_root.find('.//ns:X509Data', namespaces=ns) etree.SubElement(tagX509Data, 'X509Certificate').text = self.cert if retorna_string: return etree.tostring(signed_root, encoding="unicode", pretty_print=False) else: return signed_root
def signWithCert(self, stringXml, key, returnString=True): xmlBuffer = etree.fromstring(stringXml) tree = etree.fromstring(stringXml) reference = tree.findall(".//*[@Id]") cert = self.extractCertContent() key = open(key, "rb").read() signer = XMLSigner( method=signxml.methods.enveloped, signature_algorithm="rsa-sha1", digest_algorithm='sha1', c14n_algorithm='http://www.w3.org/TR/2001/REC-xml-c14n-20010315') ns = {None: signer.namespaces['ds']} signer.namespaces = ns refUri = ('#%s' % reference) if reference else None signedRoot = signer.sign( xmlBuffer, key=key, cert=cert, reference_uri=refUri) ns = {'ns': NAMESPACE_SIG} # Insert the cert file buffered data (content) into specified tags X509Data/X509Certificate tagX509Data = signedRoot.find('.//ns:X509Data', namespaces=ns) etree.SubElement(tagX509Data, 'X509Certificate').text = cert if returnString: xmlEnvelope = etree.tostring(signedRoot, encoding="unicode", pretty_print=False) return xmlEnvelope else: return signedRoot
def assina_xml(self, xml_element, reference): cert, key = extract_cert_and_key_from_pfx(self.arquivo, self.senha) for element in xml_element.iter("*"): if element.text is not None and not element.text.strip(): element.text = None signer = XMLSigner( method=signxml.methods.enveloped, signature_algorithm="rsa-sha1", digest_algorithm='sha1', c14n_algorithm='http://www.w3.org/TR/2001/REC-xml-c14n-20010315') ns = {} ns[None] = signer.namespaces['ds'] signer.namespaces = ns ref_uri = ('#%s' % reference) if reference else None signed_root = signer.sign( xml_element, key=key, cert=cert, reference_uri=ref_uri) if reference: element_signed = signed_root.find(".//*[@Id='%s']" % reference) signature = signed_root.find( ".//{http://www.w3.org/2000/09/xmldsig#}Signature") if element_signed is not None and signature is not None: parent = element_signed.getparent() parent.append(signature) return etree.tostring(signed_root)
def assinar(self, xml, retorna_string=False): # busca tag que tem id(reference_uri), logo nao importa se tem namespace reference = xml.find(".//*[@Id]").attrib['Id'] #print('Referencia: ',reference) # retira acentos xml_str = remover_acentos(etree.tostring(xml, encoding="unicode", pretty_print=False)) xml = etree.fromstring(xml_str) signer = XMLSigner( method=signxml.methods.enveloped, signature_algorithm="rsa-sha1", digest_algorithm='sha1', c14n_algorithm='http://www.w3.org/TR/2001/REC-xml-c14n-20010315') ns = {None: signer.namespaces['ds']} signer.namespaces = ns #print('Chave......: ',self.key) #print('*',200) #print('Certificado: ',self.cert) ref_uri = ('#%s' % reference) if reference else None signed_root = signer.sign( xml, key=self.key, cert=self.cert, reference_uri=ref_uri) ns = {'ns': NAMESPACE_SIG} # coloca o certificado na tag X509Data/X509Certificate tagX509Data = signed_root.find('.//ns:X509Data', namespaces=ns) etree.SubElement(tagX509Data, 'X509Certificate').text = self.cert #print('Assinatura: ',etree.tostring(signed_root, encoding="unicode", pretty_print=False) ) if retorna_string: return etree.tostring(signed_root, encoding="unicode", pretty_print=False) else: return signed_root
def assina_xml(self, xml_element): cert, key = extract_cert_and_key_from_pfx(self.arquivo, self.senha) for element in xml_element.iter("*"): if element.text is not None and not element.text.strip(): element.text = None signer = XMLSigner( method=methods.enveloped, signature_algorithm=u"rsa-sha1", digest_algorithm=u"sha1", c14n_algorithm=u"http://www.w3.org/TR/2001/REC-xml-c14n-20010315", ) ns = {} ns[None] = signer.namespaces["ds"] signer.namespaces = ns element_signed = xml_element.find(".//{http://nfse.goiania.go.gov.br/xsd/nfse_gyn_v02.xsd}Rps") signed_root = signer.sign( xml_element, key=key.encode(), cert=cert.encode() ) signature = signed_root.find( ".//{http://www.w3.org/2000/09/xmldsig#}Signature" ) if element_signed is not None and signature is not None: parent = xml_element.getchildren()[0] parent.append(signature) return etree.tostring(xml_element, encoding=str)
def test_signxml_changing_signature_namespace_prefix(self): data = etree.parse(self.example_xml_files[0]).getroot() signer = XMLSigner() signer.namespaces = dict(digi_sign=namespaces['ds']) signed = signer.sign(data, key=self.keys["rsa"]) signed_data = etree.tostring(signed) expected_match = ("<digi_sign:Signature xmlns:" "digi_sign=\"%s\">") % namespaces['ds'] self.assertTrue(re.search(expected_match.encode('ascii'), signed_data))
def assina_xml(self, xml): ##Modificado para utilizar o signxml ao inves do libxml2 e xmlsec from signxml import XMLSigner from signxml import methods xml = self._prepara_doc_xml(xml) doc_xml = lxml.etree.fromstring(xml.encode('utf-8')) #buscando chave de acesso no documento e retiranto TAG Signature chave_de_acesso = self._ler_chave_acesso(doc_xml) if chave_de_acesso is None: raise ValueError( 'Nao foi possivel encontrar a Tag para a assinatura.') #String para bytes para a leitura no signxml chave = self.chave.encode('utf-8') certificado = self.certificado.encode('utf-8') signer = XMLSigner( method=methods.enveloped, signature_algorithm='rsa-sha1', digest_algorithm='sha1', c14n_algorithm='http://www.w3.org/TR/2001/REC-xml-c14n-20010315') #Retirar os prefixos ds: da assinatura ns = {} ns[None] = signer.namespaces['ds'] signer.namespaces = ns #Assina o documento signed_doc = signer.sign(doc_xml, key=chave, cert=certificado, reference_uri='#{0}'.format(chave_de_acesso)) #Selecionar apenas a tag Signature do documento. signature_tag = None for child in signed_doc: if 'Signature' in child.tag: signature_tag = child if signature_tag is None: raise ("Assinatura nao encontrada.") signature_tag = lxml.etree.tostring(signature_tag).decode('utf-8') signature_tag = self._finaliza_xml(signature_tag) return signature_tag
def assina_xml(self, xml_element, reference): cert, key = extract_cert_and_key_from_pfx(self.arquivo, self.senha) for element in xml_element.iter("*"): if element.text is not None and not element.text.strip(): element.text = None signer = XMLSigner( method=signxml.methods.enveloped, signature_algorithm="rsa-sha1", digest_algorithm='sha1', c14n_algorithm='http://www.w3.org/TR/2001/REC-xml-c14n-20010315') ns = {} ns[None] = signer.namespaces['ds'] signer.namespaces = ns signed_root = signer.sign( xml_element, key=key, cert=cert, reference_uri=('#%s' % reference)) if len(signed_root) > 3: signed_root[2].append(signed_root[3]) return etree.tostring(signed_root)