def test_roundtrip(key_and_cert):
ns = ElementMaker(namespace="urn:test", nsmap={"test": "urn:test"})
element_to_sign = ns.signed(ns.content("Value"), ID="test")
ns.root(element_to_sign)
unsigned_data = utils.serialize_xml(element_to_sign)
config = SigningConfig.default()
signed_data = sign(
element=element_to_sign,
private_key=key_and_cert.private_key,
certificate=key_and_cert.certificate,
config=config,
)
verified_element = extract_verified_element(
xml=signed_data, certificate=key_and_cert.certificate)
assert unsigned_data == utils.serialize_xml(verified_element)
def test_verification_failed2(cert_and_signed):
cert, xml = cert_and_signed
root = utils.deserialize_xml(xml)
signature_value = root.find(
".//{http://www.w3.org/2000/09/xmldsig#}SignatureValue")
signature_value.text = signature_value.text + "x"
xml = utils.serialize_xml(root)
with pytest.raises(binascii.Error):
extract_verified_element(xml=xml, certificate=cert)
def roundtrip() -> None:
"""
Create a super simple XML document:
<tag ID='hoge'>Value</tag>
Then sign that tag with a randomly generated key/cert pair.
Then verify the resulting signed document.
"""
key, cert = make_key_and_cert()
element = E.tag("Value", ID="hoge")
print("Unsigned:")
print(serialize_xml(element).decode("utf-8"))
signed = sign(element=element, private_key=key, certificate=cert)
print("=" * 70)
print("Signed:")
print(signed.decode("utf-8"))
verified = extract_verified_element(xml=signed, certificate=cert)
print("=" * 70)
print("Verified:")
print(serialize_xml(verified).decode("utf-8"))
def test_remove_element(input, output):
tree = utils.deserialize_xml(input)
element = tree.find("remove")
utils.remove_preserving_whitespace(element)
result = utils.serialize_xml(tree)
assert result == output