def test_mm_with_java_alt(self): case = self.cases['mm5'] t = case.as_etree('in.xml') xmlsec.add_enveloped_signature(t, pos=-1, c14n_method=constants.TRANSFORM_C14N_EXCLUSIVE, transforms=[constants.TRANSFORM_ENVELOPED_SIGNATURE]) signed = xmlsec.sign(t, key_spec=self.private_keyspec, cert_spec=self.public_keyspec) expected = case.as_etree('out.xml') print " --- Expected" print etree.tostring(expected) print " --- Actual" print etree.tostring(signed) # extract 'SignatureValue's expected_sv = _get_all_signatures(expected) signed_sv = _get_all_signatures(signed) print "Signed SignatureValue: %s" % (repr(signed_sv)) print "Expected SignatureValue: %s" % (repr(expected_sv)) self.assertEqual(signed_sv, expected_sv)
def SignAlert(xml_tree, username): """Sign XML with user key/certificate. Args: xml_tree: (string) Alert XML tree. username: (string) Username of the alert author. Returns: String. Signed alert XML tree if your has key/certificate pair Unchanged XML tree otherwise. """ if not XMLSEC_DEFINED: return xml_tree key_path = os.path.join(settings.CREDENTIALS_DIR, username + ".key") cert_path = os.path.join(settings.CREDENTIALS_DIR, username + ".cert") try: signed_xml_tree = copy.deepcopy(xml_tree) xmlsec.add_enveloped_signature(signed_xml_tree, pos=-1) xmlsec.sign(signed_xml_tree, key_path, cert_path) return signed_xml_tree except (IOError, xmlsec.exceptions.XMLSigException): return xml_tree
def test_mm2(self): case = self.cases['mm2'] t = case.as_etree('in.xml') xmlsec.add_enveloped_signature(t, pos=-1, c14n_method=constants.TRANSFORM_C14N_EXCLUSIVE, digest_alg=constants.ALGORITHM_DIGEST_SHA1, signature_alg=constants.ALGORITHM_SIGNATURE_RSA_SHA1, transforms=[constants.TRANSFORM_ENVELOPED_SIGNATURE]) signed = xmlsec.sign(t, key_spec=self.private_keyspec, cert_spec=self.public_keyspec) expected = case.as_etree('out.xml') print(" --- Expected") print(etree.tostring(expected)) print(" --- Actual") print(etree.tostring(signed)) # extract 'SignatureValue's expected_sv = _get_all_signatures(expected) signed_sv = _get_all_signatures(signed) print("Signed SignatureValue: %s" % (repr(signed_sv))) print("Expected SignatureValue: %s" % (repr(expected_sv))) self.assertEqual(signed_sv, expected_sv)
def signCAP(self, xml_tree): try: signed_xml_tree = copy.deepcopy(xml_tree) xmlsec.add_enveloped_signature(signed_xml_tree, pos=-1) xmlsec.sign(signed_xml_tree, self.key_path, self.cert_path) return signed_xml_tree except: return xml_tree
def secure_message_sign(self, root): """ Sign the SignedDelivery message. """ del root.attrib['xmlns'] unsigned_xml = apply_xslt(root, 'secure_message_drop_ns.xsl') unsigned_xml.attrib['xmlns'] = 'http://minameddelanden.gov.se/schema/Message' xmlsec.add_enveloped_signature(unsigned_xml, pos=-1, c14n_method=constants.TRANSFORM_C14N_EXCLUSIVE, transforms=[constants.TRANSFORM_ENVELOPED_SIGNATURE]) xml_signed = xmlsec.sign(unsigned_xml, self.key_file, self.cert) return xml_signed
def secure_message_sign(self, root): """ Sign the the SignedDelivery message. """ # Root element must be renamed before signing and then renamed back to the old value root.tag = 'SignedDelivery' unsigned_xml = apply_xslt(root, 'secure_message_drop_ns.xsl') unsigned_xml.attrib['xmlns'] = 'http://minameddelanden.gov.se/schema/Message' xmlsec.add_enveloped_signature(unsigned_xml, pos=-1, c14n_method=constants.TRANSFORM_C14N_EXCLUSIVE, transforms=[constants.TRANSFORM_ENVELOPED_SIGNATURE]) xml_signed = xmlsec.sign(unsigned_xml, self.key_file, self.cert) xml_signed.tag = 'arg0' del xml_signed.attrib['xmlns'] return xml_signed
def seal_delivery_sign(self, root): """ Sign the SealedDelivery message. """ root.tag = 'SealedDelivery' root.attrib['xmlns'] = 'http://minameddelanden.gov.se/schema/Message' xmlsec.add_enveloped_signature(root, pos=-1, c14n_method=constants.TRANSFORM_C14N_EXCLUSIVE, transforms=[constants.TRANSFORM_ENVELOPED_SIGNATURE, constants.TRANSFORM_C14N_EXCLUSIVE]) xml_signed = xmlsec.sign(root, self.key_file, self.cert, sig_path="./{http://www.w3.org/2000/09/xmldsig#}Signature") xml_signed.tag = 'arg0' del xml_signed.attrib['xmlns'] return xml_signed
def test_mm_with_inner_signature(self): expected_digest = 'd62qF9gk1F1/JcdUrtJUqPtoMHc=' case = self.cases['mm6'] t = case.as_etree('in.xml') xmlsec.add_enveloped_signature( t, pos=-1, c14n_method=constants.TRANSFORM_C14N_EXCLUSIVE, digest_alg=constants.ALGORITHM_DIGEST_SHA1, signature_alg=constants.ALGORITHM_SIGNATURE_RSA_SHA1, transforms=[constants.TRANSFORM_ENVELOPED_SIGNATURE]) signed = xmlsec.sign( t, key_spec=self.private_keyspec, cert_spec=self.public_keyspec, sig_path="./{http://www.w3.org/2000/09/xmldsig#}Signature") expected = case.as_etree('out.xml') sig = t.find("./{%s}Signature" % xmlsec.NS['ds']) digest = sig.findtext('.//{%s}DigestValue' % xmlsec.NS['ds']) print " --- Expected digest value" print expected_digest print " --- Actual digest value" print digest print " --- Expected" print etree.tostring(expected) print " --- Actual" print etree.tostring(signed) # extract 'SignatureValue's expected_sv = _get_all_signatures(expected) signed_sv = _get_all_signatures(signed) print "Signed SignatureValue: %s" % (repr(signed_sv)) print "Expected SignatureValue: %s" % (repr(expected_sv)) self.assertEquals(digest, expected_digest) self.assertEqual(signed_sv, expected_sv)
def test_mm_with_inner_signature(self): expected_digest = 'd62qF9gk1F1/JcdUrtJUqPtoMHc=' case = self.cases['mm6'] t = case.as_etree('in.xml') xmlsec.add_enveloped_signature(t, pos=-1, c14n_method=constants.TRANSFORM_C14N_EXCLUSIVE, digest_alg=constants.ALGORITHM_DIGEST_SHA1, signature_alg=constants.ALGORITHM_SIGNATURE_RSA_SHA1, transforms=[constants.TRANSFORM_ENVELOPED_SIGNATURE]) signed = xmlsec.sign(t, key_spec=self.private_keyspec, cert_spec=self.public_keyspec, sig_path="./{http://www.w3.org/2000/09/xmldsig#}Signature") expected = case.as_etree('out.xml') sig = t.find("./{%s}Signature" % xmlsec.NS['ds']) digest = sig.findtext('.//{%s}DigestValue' % xmlsec.NS['ds']) print(" --- Expected digest value") print(expected_digest) print(" --- Actual digest value") print(digest) print(" --- Expected") print(etree.tostring(expected)) print(" --- Actual") print(etree.tostring(signed)) # extract 'SignatureValue's expected_sv = _get_all_signatures(expected) signed_sv = _get_all_signatures(signed) print("Signed SignatureValue: %s" % (repr(signed_sv))) print("Expected SignatureValue: %s" % (repr(expected_sv))) self.assertEquals(digest, expected_digest) self.assertEqual(signed_sv, expected_sv)
self.assertTrue(res) def test_mm1(self): case = self.cases['mm1'] signed = xmlsec.sign(case.as_etree('in.xml'), key_spec=self.private_keyspec, cert_spec=self.public_keyspec) print etree.tostring(signed) def test_mm2(self): case = self.cases['mm2'] t = case.as_etree('in.xml') xmlsec.add_enveloped_signature( t, pos=-1, c14n_method=constants.TRANSFORM_C14N_EXCLUSIVE, digest_alg=constants.ALGORITHM_DIGEST_SHA1, signature_alg=constants.ALGORITHM_SIGNATURE_RSA_SHA1, transforms=[constants.TRANSFORM_ENVELOPED_SIGNATURE]) signed = xmlsec.sign(t, key_spec=self.private_keyspec, cert_spec=self.public_keyspec) expected = case.as_etree('out.xml') print " --- Expected" print etree.tostring(expected) print " --- Actual" print etree.tostring(signed) # extract 'SignatureValue's
print("XML input :\n{}\n\n".format(case.as_buf('out.xml'))) with self.assertRaises(xmlsec.XMLSigException): xmlsec.verify(case.as_etree('out.xml'), self.public_keyspec) def test_mm1(self): case = self.cases['mm1'] signed = xmlsec.sign(case.as_etree('in.xml'), key_spec=self.private_keyspec, cert_spec=self.public_keyspec) print etree.tostring(signed) def test_mm2(self): case = self.cases['mm2'] t = case.as_etree('in.xml') xmlsec.add_enveloped_signature(t, pos=-1, c14n_method=constants.TRANSFORM_C14N_EXCLUSIVE, transforms=[constants.TRANSFORM_ENVELOPED_SIGNATURE]) signed = xmlsec.sign(t, key_spec=self.private_keyspec, cert_spec=self.public_keyspec) expected = case.as_etree('out.xml') print " --- Expected" print etree.tostring(expected) print " --- Actual" print etree.tostring(signed) # extract 'SignatureValue's expected_sv = _get_all_signatures(expected) signed_sv = _get_all_signatures(signed)
# module = '/usr/lib/libaetpkss.so' keyname = 'RAFAEL COUTINHO DE MELO SERRANO EIRELI EPP:07400225000184' pin = '2017' # Dados da NFe para assinar chave = '35190107400225000184550020000067271182139170' # nfe = '/tmp/%s-nfe.xml' % chave # caminho para a NFe da chave acima reference_uri = '#NFe' + chave # xml = lxml.etree.parse(nfe) xml_str = """<NFe xmlns="http://www.portalfiscal.inf.br/nfe"><infNFe versao="4.00" Id="NFe35190107400225000184550020000067271182139170"><ide><cUF>35</cUF><cNF>18213917</cNF><natOp>VENDA DE MERCADORIA</natOp><mod>55</mod><serie>2</serie><nNF>6727</nNF><dhEmi>2019-01-10T09:18:00-04:00</dhEmi><dhSaiEnt>2019-01-10T09:18:00-04:00</dhSaiEnt><tpNF>1</tpNF><idDest>1</idDest><cMunFG>3509502</cMunFG><tpImp>1</tpImp><tpEmis>1</tpEmis><cDV>0</cDV><tpAmb>1</tpAmb><finNFe>1</finNFe><indFinal>1</indFinal><indPres>0</indPres><procEmi>0</procEmi><verProc>LinxERP8111836</verProc></ide><emit><CNPJ>07400225000184</CNPJ><xNome>RAFAEL COUTINHO DE MELO SERRANO EIRELI</xNome><xFant>ECOMMERCE</xFant><enderEmit><xLgr>R SANTOS DUMONT</xLgr><nro>845</nro><xBairro>CAMBUI</xBairro><cMun>3509502</cMun><xMun>CAMPINAS</xMun><UF>SP</UF><CEP>13024021</CEP><cPais>1058</cPais><xPais>BRASIL</xPais></enderEmit><IE>795989794119</IE><CRT>3</CRT></emit><dest><CPF>25884285841</CPF><xNome>ROSELI AMORIM</xNome><enderDest><xLgr>RUA SANTOS DUMONT</xLgr><nro>845</nro><xCpl>LOJA</xCpl><xBairro>CAMBUI</xBairro><cMun>3509502</cMun><xMun>CAMPINAS</xMun><UF>SP</UF><CEP>13024021</CEP><cPais>1058</cPais><xPais>BRASIL</xPais><fone>19983983440</fone></enderDest><indIEDest>9</indIEDest><email>[email protected]</email></dest><det nItem="1"><prod><cProd>28.01.0052</cProd><cEAN>SEM GTIN</cEAN><xProd>CHEMISIE FRANZIDO BRENTWOOD</xProd><NCM>61044400</NCM><CFOP>5102</CFOP><uCom>PC</uCom><qCom>1.0000</qCom><vUnCom>74.9900000000</vUnCom><vProd>74.99</vProd><cEANTrib>SEM GTIN</cEANTrib><uTrib>PC</uTrib><qTrib>1.0000</qTrib><vUnTrib>74.9900000000</vUnTrib><indTot>1</indTot></prod><imposto><vTotTrib>10.09</vTotTrib><ICMS><ICMS00><orig>0</orig><CST>00</CST><modBC>3</modBC><vBC>74.99</vBC><pICMS>18.0000</pICMS><vICMS>13.49</vICMS></ICMS00></ICMS><IPI><cEnq>999</cEnq><IPINT><CST>53</CST></IPINT></IPI><PIS><PISAliq><CST>01</CST><vBC>74.99</vBC><pPIS>0.6500</pPIS><vPIS>0.49</vPIS></PISAliq></PIS><COFINS><COFINSAliq><CST>01</CST><vBC>74.99</vBC><pCOFINS>3.0000</pCOFINS><vCOFINS>2.25</vCOFINS></COFINSAliq></COFINS></imposto><infAdProd>. Trib. Aprox. R$: 10.09 Federal e 13.50 Estadual FONTE: IBPT/empresometro.com.br D529CB</infAdProd></det><total><ICMSTot><vBC>74.99</vBC><vICMS>13.49</vICMS><vICMSDeson>0.00</vICMSDeson><vICMSUFDest>0.00</vICMSUFDest><vICMSUFRemet>0.00</vICMSUFRemet><vFCP>0.00</vFCP><vBCST>0.00</vBCST><vST>0.00</vST><vFCPST>0.00</vFCPST><vFCPSTRet>0.00</vFCPSTRet><vProd>74.99</vProd><vFrete>0.00</vFrete><vSeg>0.00</vSeg><vDesc>0.00</vDesc><vII>0.00</vII><vIPI>0.00</vIPI><vIPIDevol>0.00</vIPIDevol><vPIS>0.49</vPIS><vCOFINS>2.25</vCOFINS><vOutro>0.00</vOutro><vNF>74.99</vNF><vTotTrib>10.09</vTotTrib></ICMSTot></total><transp><modFrete>1</modFrete><transporta><CNPJ>34028316003129</CNPJ><xNome>NORMAL (16ED1F7)</xNome><xMun>CAMPINAS</xMun><UF>SP</UF></transporta><vol><qVol>1</qVol><esp>CAIXA DE PAPELAO</esp></vol></transp><pag><detPag><indPag>1</indPag><tPag>99</tPag><vPag>74.99</vPag></detPag></pag><infAdic><infCpl>TRIB. APROX. R$: 10.09 FEDERAL E 13.50 ESTADUAL FONTE: IBPT/EMPRESOMETRO.COM.BR D529CB</infCpl></infAdic></infNFe></NFe>""" xml = etree.fromstring(xml_str) # Tags XML da assinatura conforme padrão da NFe transforms = (xmlsec.constants.TRANSFORM_ENVELOPED_SIGNATURE, xmlsec.constants.TRANSFORM_C14N_INCLUSIVE) xmlsec.add_enveloped_signature(xml, transforms=transforms, reference_uri=reference_uri, pos=-1) # Especificação para usar o A3 keyname = urllib2.quote(keyname, '') pk11_uri = 'pkcs11://%s/%s?pin=%s' % (module, keyname, pin) # Assinando a NFe com A3 a, cert, chave = xmlsec.sign(xml, pk11_uri) print(chave) # Salvando a NFe assinada import pdb pdb.set_trace() xml.write(nfe[:-3] + '-assinada.xml', encoding=xml.docinfo.encoding,