def readFile(self): if self._aodsFile[-4:] == '.xml': # verify whether the signature is valid xml_sig_verifyer = XmlSigVerifyer(testhint='aods signature'); xml_sig_verifyer_response = xml_sig_verifyer.verify(self._aodsFile) # verify whether the signer is authorized if not os.path.isfile(self.trustCertsFile): raise ValidationError('Trust certs file not found: %s' % self.trustCertsFile) with open(self.trustCertsFile) as f: trustCerts = json.loads(f.read()) if xml_sig_verifyer_response.signer_cert_pem not in trustCerts: raise UnauthorizedAODSSignerError("Signature certificate of policy journal not in " "trusted list. Certificate:\n" + xml_sig_verifyer_response.signer_cert_pem) if self.list_trustedcerts: self.do_list_trustedcerts(trustCerts, xml_sig_verifyer_response.signer_cert_pem) # get contents tree = ET.parse(self._aodsFile) content = tree.findtext('{http://www.w3.org/2000/09/xmldsig#}Object') if len(content) < 0: raise ValidationError('AODS contained in XML signature value is empty') # logging.debug('Found dsig:SignatureValue/text() in aods:\n%s\n' % content) content_body_str = content.replace(DATA_HEADER_B64BZIP, '', 1) j_bzip2 = base64.b64decode(content_body_str) j = bz2.decompress(j_bzip2) return json.loads(j.decode('UTF-8')) else: # must be json with open(self._aodsFile, 'r') as f: j = json.loads(f.read()) return j
def adminCertSignChallenge(self) -> str: logging.debug('challenging admin to create a signature to extract signing cert') x = creSignedXML('sign this dummy text - result is used to extract signature certificate.') fn = self.mk_temp_filename() + '.xml' with open(fn, 'w') as f: f.write(x) xml_sig_verifyer = XmlSigVerifyer(); xml_sig_verifyer_response = xml_sig_verifyer.verify(fn, verify_file_extension=False) return XY509cert('-----BEGIN CERTIFICATE-----\n' + \ xml_sig_verifyer_response.signer_cert_pem + \ '\n-----END CERTIFICATE-----\n')
def adminCertSignChallenge(self) -> str: logging.debug( 'challenging admin to create a signature to extract signing cert') x = creSignedXML( 'sign this dummy text - result is used to extract signature certificate.' ) fn = self.mk_temp_filename() + '.xml' with open(fn, 'w') as f: f.write(x) xml_sig_verifyer = XmlSigVerifyer() xml_sig_verifyer_response = xml_sig_verifyer.verify( fn, verify_file_extension=False) return XY509cert('-----BEGIN CERTIFICATE-----\n' + \ xml_sig_verifyer_response.signer_cert_pem + \ '\n-----END CERTIFICATE-----\n')