def test_mm_with_java_alt(self):
case = self.cases['mm5']
t = case.as_etree('in.xml')
xmlsec.add_enveloped_signature(t,
pos=-1,
c14n_method=constants.TRANSFORM_C14N_EXCLUSIVE,
transforms=[constants.TRANSFORM_ENVELOPED_SIGNATURE])
signed = xmlsec.sign(t,
key_spec=self.private_keyspec,
cert_spec=self.public_keyspec)
expected = case.as_etree('out.xml')
print " --- Expected"
print etree.tostring(expected)
print " --- Actual"
print etree.tostring(signed)
# extract 'SignatureValue's
expected_sv = _get_all_signatures(expected)
signed_sv = _get_all_signatures(signed)
print "Signed SignatureValue: %s" % (repr(signed_sv))
print "Expected SignatureValue: %s" % (repr(expected_sv))
self.assertEqual(signed_sv, expected_sv)
def SignAlert(xml_tree, username):
"""Sign XML with user key/certificate.
Args:
xml_tree: (string) Alert XML tree.
username: (string) Username of the alert author.
Returns:
String.
Signed alert XML tree if your has key/certificate pair
Unchanged XML tree otherwise.
"""
if not XMLSEC_DEFINED:
return xml_tree
key_path = os.path.join(settings.CREDENTIALS_DIR, username + ".key")
cert_path = os.path.join(settings.CREDENTIALS_DIR, username + ".cert")
try:
signed_xml_tree = copy.deepcopy(xml_tree)
xmlsec.add_enveloped_signature(signed_xml_tree, pos=-1)
xmlsec.sign(signed_xml_tree, key_path, cert_path)
return signed_xml_tree
except (IOError, xmlsec.exceptions.XMLSigException):
return xml_tree
def test_mm2(self):
case = self.cases['mm2']
t = case.as_etree('in.xml')
xmlsec.add_enveloped_signature(t,
pos=-1,
c14n_method=constants.TRANSFORM_C14N_EXCLUSIVE,
digest_alg=constants.ALGORITHM_DIGEST_SHA1,
signature_alg=constants.ALGORITHM_SIGNATURE_RSA_SHA1,
transforms=[constants.TRANSFORM_ENVELOPED_SIGNATURE])
signed = xmlsec.sign(t,
key_spec=self.private_keyspec,
cert_spec=self.public_keyspec)
expected = case.as_etree('out.xml')
print(" --- Expected")
print(etree.tostring(expected))
print(" --- Actual")
print(etree.tostring(signed))
# extract 'SignatureValue's
expected_sv = _get_all_signatures(expected)
signed_sv = _get_all_signatures(signed)
print("Signed SignatureValue: %s" % (repr(signed_sv)))
print("Expected SignatureValue: %s" % (repr(expected_sv)))
self.assertEqual(signed_sv, expected_sv)
def SignAlert(xml_tree, username):
"""Sign XML with user key/certificate.
Args:
xml_tree: (string) Alert XML tree.
username: (string) Username of the alert author.
Returns:
String.
Signed alert XML tree if your has key/certificate pair
Unchanged XML tree otherwise.
"""
if not XMLSEC_DEFINED:
return xml_tree
key_path = os.path.join(settings.CREDENTIALS_DIR, username + ".key")
cert_path = os.path.join(settings.CREDENTIALS_DIR, username + ".cert")
try:
signed_xml_tree = copy.deepcopy(xml_tree)
xmlsec.add_enveloped_signature(signed_xml_tree, pos=-1)
xmlsec.sign(signed_xml_tree, key_path, cert_path)
return signed_xml_tree
except (IOError, xmlsec.exceptions.XMLSigException):
return xml_tree
def signCAP(self, xml_tree):
try:
signed_xml_tree = copy.deepcopy(xml_tree)
xmlsec.add_enveloped_signature(signed_xml_tree, pos=-1)
xmlsec.sign(signed_xml_tree, self.key_path, self.cert_path)
return signed_xml_tree
except:
return xml_tree
def secure_message_sign(self, root):
"""
Sign the SignedDelivery message.
"""
del root.attrib['xmlns']
unsigned_xml = apply_xslt(root, 'secure_message_drop_ns.xsl')
unsigned_xml.attrib['xmlns'] = 'http://minameddelanden.gov.se/schema/Message'
xmlsec.add_enveloped_signature(unsigned_xml, pos=-1, c14n_method=constants.TRANSFORM_C14N_EXCLUSIVE,
transforms=[constants.TRANSFORM_ENVELOPED_SIGNATURE])
xml_signed = xmlsec.sign(unsigned_xml, self.key_file, self.cert)
return xml_signed
def secure_message_sign(self, root):
"""
Sign the the SignedDelivery message.
"""
# Root element must be renamed before signing and then renamed back to the old value
root.tag = 'SignedDelivery'
unsigned_xml = apply_xslt(root, 'secure_message_drop_ns.xsl')
unsigned_xml.attrib['xmlns'] = 'http://minameddelanden.gov.se/schema/Message'
xmlsec.add_enveloped_signature(unsigned_xml, pos=-1, c14n_method=constants.TRANSFORM_C14N_EXCLUSIVE,
transforms=[constants.TRANSFORM_ENVELOPED_SIGNATURE])
xml_signed = xmlsec.sign(unsigned_xml, self.key_file, self.cert)
xml_signed.tag = 'arg0'
del xml_signed.attrib['xmlns']
return xml_signed
def seal_delivery_sign(self, root):
"""
Sign the SealedDelivery message.
"""
root.tag = 'SealedDelivery'
root.attrib['xmlns'] = 'http://minameddelanden.gov.se/schema/Message'
xmlsec.add_enveloped_signature(root, pos=-1, c14n_method=constants.TRANSFORM_C14N_EXCLUSIVE,
transforms=[constants.TRANSFORM_ENVELOPED_SIGNATURE,
constants.TRANSFORM_C14N_EXCLUSIVE])
xml_signed = xmlsec.sign(root,
self.key_file,
self.cert,
sig_path="./{http://www.w3.org/2000/09/xmldsig#}Signature")
xml_signed.tag = 'arg0'
del xml_signed.attrib['xmlns']
return xml_signed
def test_mm_with_inner_signature(self):
expected_digest = 'd62qF9gk1F1/JcdUrtJUqPtoMHc='
case = self.cases['mm6']
t = case.as_etree('in.xml')
xmlsec.add_enveloped_signature(
t,
pos=-1,
c14n_method=constants.TRANSFORM_C14N_EXCLUSIVE,
digest_alg=constants.ALGORITHM_DIGEST_SHA1,
signature_alg=constants.ALGORITHM_SIGNATURE_RSA_SHA1,
transforms=[constants.TRANSFORM_ENVELOPED_SIGNATURE])
signed = xmlsec.sign(
t,
key_spec=self.private_keyspec,
cert_spec=self.public_keyspec,
sig_path="./{http://www.w3.org/2000/09/xmldsig#}Signature")
expected = case.as_etree('out.xml')
sig = t.find("./{%s}Signature" % xmlsec.NS['ds'])
digest = sig.findtext('.//{%s}DigestValue' % xmlsec.NS['ds'])
print " --- Expected digest value"
print expected_digest
print " --- Actual digest value"
print digest
print " --- Expected"
print etree.tostring(expected)
print " --- Actual"
print etree.tostring(signed)
# extract 'SignatureValue's
expected_sv = _get_all_signatures(expected)
signed_sv = _get_all_signatures(signed)
print "Signed SignatureValue: %s" % (repr(signed_sv))
print "Expected SignatureValue: %s" % (repr(expected_sv))
self.assertEquals(digest, expected_digest)
self.assertEqual(signed_sv, expected_sv)
def test_mm_with_inner_signature(self):
expected_digest = 'd62qF9gk1F1/JcdUrtJUqPtoMHc='
case = self.cases['mm6']
t = case.as_etree('in.xml')
xmlsec.add_enveloped_signature(t,
pos=-1,
c14n_method=constants.TRANSFORM_C14N_EXCLUSIVE,
digest_alg=constants.ALGORITHM_DIGEST_SHA1,
signature_alg=constants.ALGORITHM_SIGNATURE_RSA_SHA1,
transforms=[constants.TRANSFORM_ENVELOPED_SIGNATURE])
signed = xmlsec.sign(t,
key_spec=self.private_keyspec,
cert_spec=self.public_keyspec,
sig_path="./{http://www.w3.org/2000/09/xmldsig#}Signature")
expected = case.as_etree('out.xml')
sig = t.find("./{%s}Signature" % xmlsec.NS['ds'])
digest = sig.findtext('.//{%s}DigestValue' % xmlsec.NS['ds'])
print(" --- Expected digest value")
print(expected_digest)
print(" --- Actual digest value")
print(digest)
print(" --- Expected")
print(etree.tostring(expected))
print(" --- Actual")
print(etree.tostring(signed))
# extract 'SignatureValue's
expected_sv = _get_all_signatures(expected)
signed_sv = _get_all_signatures(signed)
print("Signed SignatureValue: %s" % (repr(signed_sv)))
print("Expected SignatureValue: %s" % (repr(expected_sv)))
self.assertEquals(digest, expected_digest)
self.assertEqual(signed_sv, expected_sv)
self.assertTrue(res)
def test_mm1(self):
case = self.cases['mm1']
signed = xmlsec.sign(case.as_etree('in.xml'),
key_spec=self.private_keyspec,
cert_spec=self.public_keyspec)
print etree.tostring(signed)
def test_mm2(self):
case = self.cases['mm2']
t = case.as_etree('in.xml')
xmlsec.add_enveloped_signature(
t,
pos=-1,
c14n_method=constants.TRANSFORM_C14N_EXCLUSIVE,
digest_alg=constants.ALGORITHM_DIGEST_SHA1,
signature_alg=constants.ALGORITHM_SIGNATURE_RSA_SHA1,
transforms=[constants.TRANSFORM_ENVELOPED_SIGNATURE])
signed = xmlsec.sign(t,
key_spec=self.private_keyspec,
cert_spec=self.public_keyspec)
expected = case.as_etree('out.xml')
print " --- Expected"
print etree.tostring(expected)
print " --- Actual"
print etree.tostring(signed)
# extract 'SignatureValue's
print("XML input :\n{}\n\n".format(case.as_buf('out.xml')))
with self.assertRaises(xmlsec.XMLSigException):
xmlsec.verify(case.as_etree('out.xml'), self.public_keyspec)
def test_mm1(self):
case = self.cases['mm1']
signed = xmlsec.sign(case.as_etree('in.xml'),
key_spec=self.private_keyspec,
cert_spec=self.public_keyspec)
print etree.tostring(signed)
def test_mm2(self):
case = self.cases['mm2']
t = case.as_etree('in.xml')
xmlsec.add_enveloped_signature(t,
pos=-1,
c14n_method=constants.TRANSFORM_C14N_EXCLUSIVE,
transforms=[constants.TRANSFORM_ENVELOPED_SIGNATURE])
signed = xmlsec.sign(t,
key_spec=self.private_keyspec,
cert_spec=self.public_keyspec)
expected = case.as_etree('out.xml')
print " --- Expected"
print etree.tostring(expected)
print " --- Actual"
print etree.tostring(signed)
# extract 'SignatureValue's
expected_sv = _get_all_signatures(expected)
signed_sv = _get_all_signatures(signed)
# module = '/usr/lib/libaetpkss.so' keyname = 'RAFAEL COUTINHO DE MELO SERRANO EIRELI EPP:07400225000184' pin = '2017' # Dados da NFe para assinar chave = '35190107400225000184550020000067271182139170' # nfe = '/tmp/%s-nfe.xml' % chave # caminho para a NFe da chave acima reference_uri = '#NFe' + chave # xml = lxml.etree.parse(nfe) xml_str = """<NFe xmlns="http://www.portalfiscal.inf.br/nfe"><infNFe versao="4.00" Id="NFe35190107400225000184550020000067271182139170"><ide><cUF>35</cUF><cNF>18213917</cNF><natOp>VENDA DE MERCADORIA</natOp><mod>55</mod><serie>2</serie><nNF>6727</nNF><dhEmi>2019-01-10T09:18:00-04:00</dhEmi><dhSaiEnt>2019-01-10T09:18:00-04:00</dhSaiEnt><tpNF>1</tpNF><idDest>1</idDest><cMunFG>3509502</cMunFG><tpImp>1</tpImp><tpEmis>1</tpEmis><cDV>0</cDV><tpAmb>1</tpAmb><finNFe>1</finNFe><indFinal>1</indFinal><indPres>0</indPres><procEmi>0</procEmi><verProc>LinxERP8111836</verProc></ide><emit><CNPJ>07400225000184</CNPJ><xNome>RAFAEL COUTINHO DE MELO SERRANO EIRELI</xNome><xFant>ECOMMERCE</xFant><enderEmit><xLgr>R SANTOS DUMONT</xLgr><nro>845</nro><xBairro>CAMBUI</xBairro><cMun>3509502</cMun><xMun>CAMPINAS</xMun><UF>SP</UF><CEP>13024021</CEP><cPais>1058</cPais><xPais>BRASIL</xPais></enderEmit><IE>795989794119</IE><CRT>3</CRT></emit><dest><CPF>25884285841</CPF><xNome>ROSELI AMORIM</xNome><enderDest><xLgr>RUA SANTOS DUMONT</xLgr><nro>845</nro><xCpl>LOJA</xCpl><xBairro>CAMBUI</xBairro><cMun>3509502</cMun><xMun>CAMPINAS</xMun><UF>SP</UF><CEP>13024021</CEP><cPais>1058</cPais><xPais>BRASIL</xPais><fone>19983983440</fone></enderDest><indIEDest>9</indIEDest><email>[email protected]</email></dest><det nItem="1"><prod><cProd>28.01.0052</cProd><cEAN>SEM GTIN</cEAN><xProd>CHEMISIE FRANZIDO BRENTWOOD</xProd><NCM>61044400</NCM><CFOP>5102</CFOP><uCom>PC</uCom><qCom>1.0000</qCom><vUnCom>74.9900000000</vUnCom><vProd>74.99</vProd><cEANTrib>SEM GTIN</cEANTrib><uTrib>PC</uTrib><qTrib>1.0000</qTrib><vUnTrib>74.9900000000</vUnTrib><indTot>1</indTot></prod><imposto><vTotTrib>10.09</vTotTrib><ICMS><ICMS00><orig>0</orig><CST>00</CST><modBC>3</modBC><vBC>74.99</vBC><pICMS>18.0000</pICMS><vICMS>13.49</vICMS></ICMS00></ICMS><IPI><cEnq>999</cEnq><IPINT><CST>53</CST></IPINT></IPI><PIS><PISAliq><CST>01</CST><vBC>74.99</vBC><pPIS>0.6500</pPIS><vPIS>0.49</vPIS></PISAliq></PIS><COFINS><COFINSAliq><CST>01</CST><vBC>74.99</vBC><pCOFINS>3.0000</pCOFINS><vCOFINS>2.25</vCOFINS></COFINSAliq></COFINS></imposto><infAdProd>. Trib. Aprox. R$: 10.09 Federal e 13.50 Estadual FONTE: IBPT/empresometro.com.br D529CB</infAdProd></det><total><ICMSTot><vBC>74.99</vBC><vICMS>13.49</vICMS><vICMSDeson>0.00</vICMSDeson><vICMSUFDest>0.00</vICMSUFDest><vICMSUFRemet>0.00</vICMSUFRemet><vFCP>0.00</vFCP><vBCST>0.00</vBCST><vST>0.00</vST><vFCPST>0.00</vFCPST><vFCPSTRet>0.00</vFCPSTRet><vProd>74.99</vProd><vFrete>0.00</vFrete><vSeg>0.00</vSeg><vDesc>0.00</vDesc><vII>0.00</vII><vIPI>0.00</vIPI><vIPIDevol>0.00</vIPIDevol><vPIS>0.49</vPIS><vCOFINS>2.25</vCOFINS><vOutro>0.00</vOutro><vNF>74.99</vNF><vTotTrib>10.09</vTotTrib></ICMSTot></total><transp><modFrete>1</modFrete><transporta><CNPJ>34028316003129</CNPJ><xNome>NORMAL (16ED1F7)</xNome><xMun>CAMPINAS</xMun><UF>SP</UF></transporta><vol><qVol>1</qVol><esp>CAIXA DE PAPELAO</esp></vol></transp><pag><detPag><indPag>1</indPag><tPag>99</tPag><vPag>74.99</vPag></detPag></pag><infAdic><infCpl>TRIB. APROX. R$: 10.09 FEDERAL E 13.50 ESTADUAL FONTE: IBPT/EMPRESOMETRO.COM.BR D529CB</infCpl></infAdic></infNFe></NFe>""" xml = etree.fromstring(xml_str) # Tags XML da assinatura conforme padrão da NFe transforms = (xmlsec.constants.TRANSFORM_ENVELOPED_SIGNATURE, xmlsec.constants.TRANSFORM_C14N_INCLUSIVE) xmlsec.add_enveloped_signature(xml, transforms=transforms, reference_uri=reference_uri, pos=-1) # Especificação para usar o A3 keyname = urllib2.quote(keyname, '') pk11_uri = 'pkcs11://%s/%s?pin=%s' % (module, keyname, pin) # Assinando a NFe com A3 a, cert, chave = xmlsec.sign(xml, pk11_uri) print(chave) # Salvando a NFe assinada import pdb pdb.set_trace() xml.write(nfe[:-3] + '-assinada.xml', encoding=xml.docinfo.encoding,
