def produce_policy_node(self, node):
"""
Produces the policy node
:param node: SignaturePolicyIdentifier node
:return:
"""
create_node("SignaturePolicyImplied", node, EtsiNS)
def to_xml(self, node):
create_node("Identifier", node, EtsiNS).text = self.identifier
if self.description is not None:
create_node("Description", node, EtsiNS).text = self.description
if len(self.references) > 0:
documentation = create_node("DocumentationReferences", node,
EtsiNS)
for reference in self.references:
create_node("DocumentationReference", documentation,
EtsiNS).text = reference
def add_claimed_role(node, role):
signature_properties = node.find('etsi:SignedSignatureProperties',
namespaces=NS_MAP)
signer_role = signature_properties.find('etsi:SignerRole',
namespaces=NS_MAP)
if signer_role is None:
signer_role = create_node('SignerRole',
signature_properties,
ns=EtsiNS)
claimed_roles = signer_role.find('etsi:ClaimedRoles', namespaces=NS_MAP)
if claimed_roles is None:
claimed_roles = create_node('ClaimedRoles', ns=EtsiNS)
signer_role.insert(0, claimed_roles)
claimed_role = create_node('ClaimedRole', claimed_roles, EtsiNS)
claimed_role.text = role
return claimed_role
def calculate_policy_node(self, node, sign=False):
if sign:
policy_id = create_node('SignaturePolicyId', node, EtsiNS)
identifier = create_node('SigPolicyId', policy_id, EtsiNS)
create_node('Identifier', identifier, EtsiNS).text = self.id
create_node('Description', identifier, EtsiNS).text = self.name
remote = self.id
else:
policy_id = node.find('etsi:SignaturePolicyId', namespaces=NS_MAP)
identifier = policy_id.find('etsi:SigPolicyId', namespaces=NS_MAP)
remote = identifier.find('etsi:Identifier', namespaces=NS_MAP).text
value = urllib.urlopen(remote).read()
value = self.set_transforms(policy_id, value, sign)
if sign:
hash_method = self.hash_method
digest = create_node('SigPolicyHash', policy_id, EtsiNS)
digest_method = create_node('DigestMethod', digest, DSigNs)
digest_method.set('Algorithm', self.hash_method)
digest_value = create_node('DigestValue', digest, DSigNs)
else:
hash_method = policy_id.find('etsi:SigPolicyHash/ds:DigestMethod',
namespaces=NS_MAP).get('Algorithm')
digest_value = policy_id.find('etsi:SigPolicyHash/ds:DigestValue',
namespaces=NS_MAP)
hash_calc = hashlib.new(TransformUsageDigestMethod[hash_method])
hash_calc.update(value)
digest_val = hash_calc.digest()
if sign:
digest_value.text = b64encode(digest_val)
assert digest_value.text.encode() == b64encode(digest_val)
return policy_id
def create_qualifying_properties(node, name=None, etsi='etsi'):
obj_node = create_node('Object', node, DSigNs)
qualifying = etree.SubElement(obj_node,
etree.QName(EtsiNS, 'QualifyingProperties'),
nsmap={etsi: EtsiNS})
qualifying.set('Target', '#' + node.get(ID_ATTR))
if name is not None:
qualifying.set(ID_ATTR, name)
return qualifying
def create_qualifying_properties(node, name=None, etsi="etsi"):
obj_node = create_node("Object", node, DSigNs)
qualifying = etree.SubElement(obj_node,
etree.QName(EtsiNS, "QualifyingProperties"),
nsmap={etsi: EtsiNS})
qualifying.set("Target", "#" + node.get(ID_ATTR))
if name is not None:
qualifying.set(ID_ATTR, name)
return qualifying
def calculate_policy_node(self, node, sign=False):
"""
Calculates de policy node
:param node: SignaturePolicyIdentifier node
:param sign: checks if we must calculate or validate a policy
:return:
"""
if not sign:
return super(ImpliedPolicy, self).calculate_policy_node(node, sign)
return create_node('SignaturePolicyImplied', node, EtsiNS)
def add_data_object_format(node,
reference,
description=None,
identifier=None,
mime_type=None,
encoding=None):
data_object_node = create_node('DataObjectFormat', ns=EtsiNS)
node.insert(len(node.findall('etsi:DataObjectFormat', namespaces=NS_MAP)),
data_object_node)
data_object_node.set("ObjectReference", reference)
if description is not None:
create_node('Description', data_object_node, EtsiNS).text = description
if identifier is not None:
identifier.to_xml(
create_node('ObjectIdentifier', data_object_node, EtsiNS))
if mime_type is not None:
create_node('MimeType', data_object_node, EtsiNS).text = mime_type
if encoding is not None:
create_node('Encoding', data_object_node, EtsiNS).text = encoding
return data_object_node
def add_production_place(node,
city=None,
state=None,
postal_code=None,
country=None):
signature_properties = node.find('etsi:SignedSignatureProperties',
namespaces=NS_MAP)
production_place = signature_properties.find(
'etsi:SignatureProductionPlace', namespaces=NS_MAP)
if production_place is None:
production_place = create_node('SignatureProductionPlace', ns=EtsiNS)
signature_properties.insert(3, production_place)
for child in production_place.getchildren():
production_place.remove(child)
if city is not None:
create_node('City', production_place, EtsiNS).text = city
if state is not None:
create_node('StateOrProvince', production_place, EtsiNS).text = state
if postal_code is not None:
create_node('PostalCode', production_place, EtsiNS).text = postal_code
if country is not None:
create_node('CountryName', production_place, EtsiNS).text = country
def create_signed_properties(node, name=None, datetime=None):
properties = create_node('SignedProperties', node, EtsiNS)
if name is not None:
properties.set(ID_ATTR, name)
signature_properties = create_node('SignedSignatureProperties', properties,
EtsiNS)
signing_time = create_node('SigningTime', signature_properties, EtsiNS)
if datetime is not None:
signing_time.text = datetime.isoformat()
create_node('SigningCertificate', signature_properties, EtsiNS)
create_node('SignaturePolicyIdentifier', signature_properties, EtsiNS)
return properties
def calculate_certificate(self, node, key_x509):
cert = create_node('Cert', node, EtsiNS)
cert_digest = create_node('CertDigest', cert, EtsiNS)
digest_algorithm = create_node('DigestMethod', cert_digest, DSigNs)
digest_algorithm.set('Algorithm', self.hash_method)
digest_value = create_node('DigestValue', cert_digest, DSigNs)
digest_value.text = b64encode(
key_x509.fingerprint(MAP_HASHLIB[self.hash_method]()))
issuer_serial = create_node('IssuerSerial', cert, EtsiNS)
create_node('X509IssuerName', issuer_serial,
DSigNs).text = get_rdns_name(key_x509.issuer.rdns)
create_node('X509SerialNumber', issuer_serial,
DSigNs).text = str(key_x509.serial_number)
return
def calculate_policy_node(self, node, sign=False):
"""
Calculates de policy node
:param node: SignaturePolicyIdentifier node
:param sign: checks if we must calculate or validate a policy
:return:
"""
if not sign:
return super(PolicyId, self).calculate_policy_node(node, sign)
policy_id = create_node('SignaturePolicyId', node, EtsiNS)
identifier = create_node('SigPolicyId', policy_id, EtsiNS)
create_node('Identifier', identifier, EtsiNS).text = self.identifier
create_node('Description', identifier, EtsiNS).text = self.name
value = urllib.urlopen(self.identifier).read()
value = self.set_transforms(policy_id, value, sign)
digest = create_node('SigPolicyHash', policy_id, EtsiNS)
digest_method = create_node('DigestMethod', digest, DSigNs)
digest_method.set('Algorithm', self.hash_method)
digest_value = create_node('DigestValue', digest, DSigNs)
hash_calc = hashlib.new(TransformUsageDigestMethod[self.hash_method])
hash_calc.update(value)
digest_value.text = b64encode(hash_calc.digest())
def add_commitment_type_indication(node,
identifier,
references=None,
qualifiers_type=None):
commitment_type = create_node('CommitmentTypeIndication', ns=EtsiNS)
node.insert(
len(node.findall('etsi:DataObjectFormat', namespaces=NS_MAP)) +
len(node.findall('etsi:CommitmentTypeIndication', namespaces=NS_MAP)),
commitment_type)
identifier.to_xml(create_node('CommitmentTypeId', commitment_type, EtsiNS))
if references is None:
create_node('AllSignedDataObjects', commitment_type, EtsiNS)
else:
for reference in references:
create_node('ObjectReference', commitment_type,
EtsiNS).text = reference
if qualifiers_type is not None:
qualifiers = create_node('CommitmentTypeQualifiers', commitment_type,
EtsiNS)
for qualifier in qualifiers_type:
create_node('CommitmentTypeQualifier', qualifiers,
EtsiNS).text = qualifier
def ensure_signed_data_object_properties(node):
properties = node.find('etsi:SignedDataObjectProperties',
namespaces=NS_MAP)
if properties:
return properties
return create_node('SignedDataObjectProperties', node, EtsiNS)
def calculate_policy_node(self, node, sign=False):
if sign:
return create_node('SignaturePolicyImplied', node, EtsiNS)
return node.find('etsi:SignaturePolicyImplied', namespaces=NS_MAP)
