def genAuthnResponse(self, responsetoid, acs_url, issuer, name_id=""): cert_pem = self.pemcert key_pem = self.pemkey format = { "timenow": datetime.datetime.utcnow().strftime("%Y-%m-%dT%H:%M:%SZ"), "generated_id": "_92c76e8d097344229ba1b13200f15fe6", "generated_assertion_id": "_f2bee8431dda412c90ac584a5afa342d", "expirytime": (datetime.datetime.utcnow() + datetime.timedelta(minutes=15)).strftime("%Y-%m-%dT%H:%M:%SZ"), "acs_url": acs_url, "issuer": issuer, "responsetoid": responsetoid, "name_id": name_id, "sp_name": acs_url.split( '/')[2][4:], # tamad: derive qualified SP name from acs_url "audience": acs_url.split('/')[2][ 4:] # tamad: derive audience name from acs_url } tree = etree.fromstring(self.__canonicalize(XML_TEMPLATE % format)) assertion_tree = tree.find("{%s}Assertion" % SAML_ASSERTION_NS) signed_assertion_tree = XMLSigner( signature_algorithm='rsa-sha1', digest_algorithm='sha1', c14n_algorithm='http://www.w3.org/2001/10/xml-exc-c14n#').sign( assertion_tree, key=key_pem, cert=cert_pem) self.__reorder_signature(signed_assertion_tree) # awkward replacement tree.remove(assertion_tree) tree.append(signed_assertion_tree) # return etree.tostring(XMLSigner(signature_algorithm='rsa-sha1',digest_algorithm='sha1').sign(tree,key=pemkey,cert=pemcert)); treeRes = XMLSigner( signature_algorithm='rsa-sha1', digest_algorithm='sha1', c14n_algorithm='http://www.w3.org/2001/10/xml-exc-c14n#').sign( tree, key=key_pem, cert=cert_pem) self.__reorder_signature(treeRes) #rVal = etree.tostring(treeRes); return self.__canonicalize(etree.tostring(treeRes))
def test_reference_uris_and_custom_key_info(self): with open(os.path.join(os.path.dirname(__file__), "example.pem"), "rb") as fh: crt = fh.read() with open(os.path.join(os.path.dirname(__file__), "example.key"), "rb") as fh: key = fh.read() # Both ID and Id formats. XPath 1 doesn't have case insensitive attribute search for d in ['''<samlp:Response xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" ID="responseId"> <saml:Assertion xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xs="http://www.w3.org/2001/XMLSchema" ID="assertionId"> <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#" Id="placeholder" /> </saml:Assertion> </samlp:Response>''', '''<samlp:Response xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" Id="responseId"> <saml:Assertion xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xs="http://www.w3.org/2001/XMLSchema" Id="assertionId"> <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#" Id="placeholder" /> </saml:Assertion> <saml:Assertion xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xs="http://www.w3.org/2001/XMLSchema" Id="assertion2"> </saml:Assertion> </samlp:Response>''']: data = etree.fromstring(d) reference_uri = ["assertionId", "assertion2"] if "assertion2" in d else "assertionId" signed_root = XMLSigner().sign(data, reference_uri=reference_uri, key=key, cert=crt) signed_data_root = XMLVerifier().verify(etree.tostring(signed_root), x509_cert=crt, expect_references=True)[1] ref = signed_root.xpath('/samlp:Response/saml:Assertion/ds:Signature/ds:SignedInfo/ds:Reference', namespaces={"ds": "http://www.w3.org/2000/09/xmldsig#", "saml": "urn:oasis:names:tc:SAML:2.0:assertion", "samlp": "urn:oasis:names:tc:SAML:2.0:protocol"}) self.assertEqual("assertionId", ref[0].attrib['URI'][1:]) self.assertEqual("{urn:oasis:names:tc:SAML:2.0:assertion}Assertion", signed_data_root.tag) # Also test with detached signing for c14_transform_option in include_c14_transformation: XMLSigner(method=methods.detached, include_c14n_transform=c14_transform_option ).sign(data, reference_uri=reference_uri, key=key, cert=crt) # Test setting custom key info custom_key_info = etree.fromstring(''' <wsse:SecurityTokenReference xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"> <wsse:Reference ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3" URI="#uuid-639b8970-7644-4f9e-9bc4-9c2e367808fc-1"/> </wsse:SecurityTokenReference>''') XMLSigner().sign(data, reference_uri=reference_uri, key=key, cert=crt, key_info=custom_key_info)
def assina_xml(self, xml_element, reference): cert, key = extract_cert_and_key_from_pfx(self.arquivo, self.senha) for element in xml_element.iter("*"): if element.text is not None and not element.text.strip(): element.text = None signer = XMLSigner( method=signxml.methods.enveloped, signature_algorithm="rsa-sha1", digest_algorithm="sha1", c14n_algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315", ) ns = {} ns[None] = signer.namespaces["ds"] signer.namespaces = ns ref_uri = ("#%s" % reference) if reference else None signed_root = signer.sign(xml_element, key=key.encode(), cert=cert.encode(), reference_uri=ref_uri) if reference: element_signed = signed_root.find(".//*[@Id='%s']" % reference) signature = (signed_root.find(".//*[@URI='#%s']" % reference).getparent().getparent()) if element_signed is not None and signature is not None: parent = element_signed.getparent() parent.append(signature) return etree.tostring(signed_root, encoding=str)
def assinar(self, xml, retorna_string=False): # busca tag que tem id(reference_uri), logo nao importa se tem namespace reference = xml.find(".//*[@Id]").attrib['Id'] # retira acentos xml_str = remover_acentos( etree.tostring(xml, encoding="unicode", pretty_print=False)) xml = etree.fromstring(xml_str) signer = XMLSigner( method=signxml.methods.enveloped, signature_algorithm="rsa-sha1", digest_algorithm='sha1', c14n_algorithm='http://www.w3.org/TR/2001/REC-xml-c14n-20010315') ns = {None: signer.namespaces['ds']} signer.namespaces = ns ref_uri = ('#%s' % reference) if reference else None signed_root = signer.sign(xml, key=self.key, cert=self.cert, reference_uri=ref_uri) ns = {'ns': NAMESPACE_SIG} # coloca o certificado na tag X509Data/X509Certificate tagX509Data = signed_root.find('.//ns:X509Data', namespaces=ns) etree.SubElement(tagX509Data, 'X509Certificate').text = self.cert if retorna_string: return etree.tostring(signed_root, encoding="unicode", pretty_print=False) else: return signed_root
def sign_http_post(xmlstr, key, cert, message=False, assertion=True): logger.debug('http-post signing') signer = XMLSigner( signature_algorithm='rsa-sha256', digest_algorithm='sha256', c14n_algorithm='http://www.w3.org/2001/10/xml-exc-c14n#', ) root = fromstring(xmlstr) if assertion: logger.debug('signing assertion') assertions = root.findall('{%s}Assertion' % SAML) for assertion in assertions: issuer = assertion.find('{%s}Issuer' % SAML) issuer.addnext( fromstring( '<ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#" Id="placeholder"></ds:Signature>' )) root = signer.sign(root, reference_uri=assertion.attrib['ID'], key=key, cert=cert) if message: issuer = root.find('{%s}Issuer' % SAML) issuer.addnext( fromstring( '<ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#" Id="placeholder"></ds:Signature>' )) root = signer.sign(root, key=key, cert=cert) return tostring(root, pretty_print=False)
def assina_xml(self, xml_element, reference, key_name=None): cert, key = extract_cert_and_key_from_pfx(self.arquivo, self.senha) for element in xml_element.iter("*"): if element.text is not None and not element.text.strip(): element.text = None signer = XMLSigner( method=signxml.methods.enveloped, signature_algorithm="rsa-sha1", digest_algorithm='sha1', c14n_algorithm='http://www.w3.org/TR/2001/REC-xml-c14n-20010315') ns = {} ns[None] = signer.namespaces['ds'] signer.namespaces = ns ref_uri = ('#%s' % reference) if reference else None signed_root = signer.sign(xml_element, key=key, cert=cert, reference_uri=ref_uri, key_name=key_name) if reference: element_signed = signed_root.find(".//*[@Id='%s']" % reference) signature = signed_root.find( ".//{http://www.w3.org/2000/09/xmldsig#}Signature") if element_signed is not None and signature is not None: parent = element_signed.getparent() parent.append(signature) return etree.tostring(signed_root)
def test_x509_certs(self): from OpenSSL.crypto import load_certificate, FILETYPE_PEM, Error as OpenSSLCryptoError tree = etree.parse(self.example_xml_files[0]) ca_pem_file = os.path.join(os.path.dirname(__file__), "example-ca.pem").encode("utf-8") with open(os.path.join(os.path.dirname(__file__), "example.pem"), "rb") as fh: crt = fh.read() with open(os.path.join(os.path.dirname(__file__), "example.key"), "rb") as fh: key = fh.read() for hash_alg in "sha1", "sha256": for method in methods.enveloped, methods.enveloping: for c14_transform_option in include_c14_transformation: print(hash_alg, method) data = tree.getroot() reset_tree(data, method) signer = XMLSigner(method=method, signature_algorithm="rsa-" + hash_alg, include_c14n_transform=c14_transform_option) signed = signer.sign(data, key=key, cert=crt) signed_data = etree.tostring(signed) XMLVerifier().verify(signed_data, ca_pem_file=ca_pem_file) XMLVerifier().verify(signed_data, x509_cert=crt) XMLVerifier().verify(signed_data, x509_cert=load_certificate(FILETYPE_PEM, crt)) XMLVerifier().verify(signed_data, x509_cert=crt, cert_subject_name="*.example.com") with self.assertRaises(OpenSSLCryptoError): XMLVerifier().verify(signed_data, x509_cert=crt[::-1]) with self.assertRaises(InvalidSignature): XMLVerifier().verify(signed_data, x509_cert=crt, cert_subject_name="test") with self.assertRaisesRegexp(InvalidCertificate, "unable to get local issuer certificate"): XMLVerifier().verify(signed_data)
def signXML(self, fiskXML, elementToSign): """ signs xml template acording to XML Signature Syntax and Processing returns signed xml fiskXMLTemplate - Element (from ElementTree) xml template to sign elementToSign - string - name tag of element to sign inside xml template """ if (self.init_error): raise FiskXMLEleSignerError(self.init_error) root = fiskXML #print(et.tostring(root)) RequestElement = None for child in root.iter(elementToSign): if (child.tag == elementToSign): RequestElement = child break if (RequestElement == None): raise FiskXMLEleSignerError("Coudl not find element to sign") #dodavanje Signature taga namespace = "{http://www.w3.org/2000/09/xmldsig#}" Signature = et.SubElement(RequestElement, namespace + "Signature", {'Id': 'placeholder'}) #signer = xmldsig(RequestElement, digest_algorithm="sha1") signed_root = XMLSigner( signature_algorithm="rsa-sha1", digest_algorithm="sha1", c14n_algorithm="http://www.w3.org/2001/10/xml-exc-c14n#").sign( root, key=self.key, passphrase=self.password, cert=self.certificate, reference_uri="#" + RequestElement.get("Id")) #signxml does not fill correctly certificate data so we need to do it manualy sslcert = load_certificate(FILETYPE_PEM, self.certificate) child = signed_root.find(".//" + namespace + "X509Data") if (child != None): isuerserial = et.SubElement(child, namespace + "X509IssuerSerial") name = et.SubElement(isuerserial, namespace + "X509IssuerName") issuer = sslcert.get_issuer() # issuer.CN is not present in some certificates name.text = ','.join( filter(None, [ issuer.CN and "CN=" + issuer.CN, issuer.OU and "OU=" + issuer.OU, issuer.O and "O=" + issuer.O, issuer.C and "C=" + issuer.C ])) serial = et.SubElement(isuerserial, namespace + "X509SerialNumber") serial.text = '{:d}'.format(sslcert.get_serial_number()) return et.tostring(signed_root)
def sign_seed(self, message, privkey, cert): doc = etree.fromstring(message) signed_node = XMLSigner(method=methods.enveloped, digest_algorithm='sha1').sign( doc, key=privkey.encode('ascii'), cert=cert) msg = etree.tostring( signed_node, pretty_print=True).decode().replace('ds:', '') return msg
def sign(name): try: et = fromstring(XML_TEMPLATE.format(name)) signed = XMLSigner().sign(et, key=key, cert=cert) return HTML_TEMPLATE.format(ET.tostring(signed)) except: return
def assina_xml(self, xml_element, reference): cert, key = extract_cert_and_key_from_pfx(self.arquivo, self.senha) for element in xml_element.iter("*"): if element.text is not None and not element.text.strip(): element.text = None signer = XMLSigner( method=signxml.methods.enveloped, signature_algorithm=u"rsa-sha1", digest_algorithm=u'sha1', c14n_algorithm=u'http://www.w3.org/TR/2001/REC-xml-c14n-20010315') ns = {} ns[None] = signer.namespaces['ds'] signer.namespaces = ns element_to_be_signed = xml_element.getchildren()[0].getchildren()[0] signed_root = signer.sign( element_to_be_signed, key=key.encode(), cert=cert.encode()) if reference: element_signed = signed_root.find(".//*[@Id='%s']" % reference) signature = signed_root.find( ".//{http://www.w3.org/2000/09/xmldsig#}Signature") if element_signed is not None and signature is not None: parent = xml_element.getchildren()[0] parent.append(signature) return etree.tostring(xml_element, encoding=str)
def assina_xml(self, xml_element): cert, key = extract_cert_and_key_from_pfx(self.arquivo, self.senha) for element in xml_element.iter("*"): if element.text is not None and not element.text.strip(): element.text = None signer = XMLSigner( method=methods.enveloped, signature_algorithm=u"rsa-sha1", digest_algorithm=u"sha1", c14n_algorithm=u"http://www.w3.org/TR/2001/REC-xml-c14n-20010315", ) ns = {} ns[None] = signer.namespaces["ds"] signer.namespaces = ns element_signed = xml_element.find(".//{http://nfse.goiania.go.gov.br/xsd/nfse_gyn_v02.xsd}Rps") signed_root = signer.sign( xml_element, key=key.encode(), cert=cert.encode() ) signature = signed_root.find( ".//{http://www.w3.org/2000/09/xmldsig#}Signature" ) if element_signed is not None and signature is not None: parent = xml_element.getchildren()[0] parent.append(signature) return etree.tostring(xml_element, encoding=str)
def assinar_efdreinf(xml): from lxml import etree from emensageriapro.settings import FORCE_PRODUCAO_RESTRITA, BASE_DIR from signxml import XMLSigner, methods from emensageriapro.settings import CERT, CERT_HOST, CERT_PASS, CERT_PEM_FILE, KEY_PEM_FILE CERT_HOST = BASE_DIR + '/' + CERT_HOST CERT_PEM_FILE = CERT_PEM_FILE KEY_PEM_FILE = KEY_PEM_FILE # a = executar_sql(""" # SELECT efdreinf_certificado, efdreinf_senha # FROM public.transmissores where id=%s; # """ % transmissor_id, True) if FORCE_PRODUCAO_RESTRITA: xml = xml.replace('<tpAmb>1</tpAmb>','<tpAmb>2</tpAmb>') identidade = get_identidade_evento(xml) create_pem_files(CERT_HOST, CERT_PASS, CERT_PEM_FILE, KEY_PEM_FILE) cert_str = ler_arquivo(CERT_PEM_FILE) key_str = ler_arquivo(KEY_PEM_FILE) root = etree.fromstring(xml) signed_root = XMLSigner( method=methods.enveloped, signature_algorithm=u'rsa-sha256', digest_algorithm=u'sha256', c14n_algorithm=u'http://www.w3.org/TR/2001/REC-xml-c14n-20010315' ).sign(root, reference_uri='#' + identidade, key=key_str, cert=cert_str) return etree.tostring(signed_root)
def signWithCert(self, stringXml, key, returnString=True): xmlBuffer = etree.fromstring(stringXml) tree = etree.fromstring(stringXml) reference = tree.findall(".//*[@Id]") cert = self.extractCertContent() key = open(key, "rb").read() signer = XMLSigner( method=signxml.methods.enveloped, signature_algorithm="rsa-sha1", digest_algorithm='sha1', c14n_algorithm='http://www.w3.org/TR/2001/REC-xml-c14n-20010315') ns = {None: signer.namespaces['ds']} signer.namespaces = ns refUri = ('#%s' % reference) if reference else None signedRoot = signer.sign( xmlBuffer, key=key, cert=cert, reference_uri=refUri) ns = {'ns': NAMESPACE_SIG} # Insert the cert file buffered data (content) into specified tags X509Data/X509Certificate tagX509Data = signedRoot.find('.//ns:X509Data', namespaces=ns) etree.SubElement(tagX509Data, 'X509Certificate').text = cert if returnString: xmlEnvelope = etree.tostring(signedRoot, encoding="unicode", pretty_print=False) return xmlEnvelope else: return signedRoot
def assinar_efdreinf(xml): from lxml import etree from emensageriapro.settings import FORCE_PRODUCAO_RESTRITA, BASE_DIR from signxml import XMLSigner, methods from emensageriapro.settings import CERT_HOST, CERT_PASS, CERT_PEM_FILE, KEY_PEM_FILE cert_host = BASE_DIR + '/' + CERT_HOST cert_pem_file = CERT_PEM_FILE key_pem_file = KEY_PEM_FILE if FORCE_PRODUCAO_RESTRITA: xml = xml.replace('<tpAmb>1</tpAmb>','<tpAmb>2</tpAmb>') identidade = get_identidade_evento(xml) create_pem_files(cert_host, CERT_PASS, cert_pem_file, key_pem_file) cert_str = ler_arquivo(cert_pem_file) key_str = ler_arquivo(key_pem_file) root = etree.fromstring(xml) signed_root = XMLSigner( method=methods.enveloped, signature_algorithm=u'rsa-sha256', digest_algorithm=u'sha256', c14n_algorithm=u'http://www.w3.org/TR/2001/REC-xml-c14n-20010315' ).sign(root, reference_uri='#' + identidade, key=key_str, cert=cert_str) return etree.tostring(signed_root)
def test_signxml_changing_signature_namespace_prefix(self): data = etree.parse(self.example_xml_files[0]).getroot() signer = XMLSigner() signer.namespaces = dict(digi_sign=namespaces['ds']) signed = signer.sign(data, key=self.keys["rsa"]) signed_data = etree.tostring(signed) expected_match = ("<digi_sign:Signature xmlns:" "digi_sign=\"%s\">") % namespaces['ds'] self.assertTrue(re.search(expected_match.encode('ascii'), signed_data))
def sign(self, data, reference_uri): signer = XMLSigner( method=methods.detached, signature_algorithm="rsa-sha1", digest_algorithm="sha1", c14n_algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315", ) return signer.sign(data=data, key=self.key, cert=self.cert, reference_uri="#{}".format(reference_uri))
def assinar_efdreinf(request, xml, transmissor_id): from lxml import etree from emensageriapro.settings import BASE_DIR from signxml import XMLSigner, methods from emensageriapro.mensageiro.functions.funcoes import get_identidade_evento, create_pem_files, ler_arquivo if transmissor_id: tra = TransmissorLoteEfdreinf.objects. \ get(id=transmissor_id) if tra.transmissor: if tra.transmissor.certificado: cert_host = '%s/certificado/%s' % ( BASE_DIR, tra.transmissor.certificado.certificado) cert_pass = tra.transmissor.certificado.senha cert_pem_file = '/certificado/cert_%s.pem' % tra.transmissor.certificado.id key_pem_file = '/certificado/key_%s.pem' % tra.transmissor.certificado.id create_pem_files(cert_host, cert_pass, cert_pem_file, key_pem_file) cert_str = ler_arquivo(cert_pem_file) key_str = ler_arquivo(key_pem_file) root = etree.fromstring(xml) identidade = get_identidade_evento(xml) signed_root = XMLSigner( method=methods.enveloped, signature_algorithm=u'rsa-sha256', digest_algorithm=u'sha256', c14n_algorithm= u'http://www.w3.org/TR/2001/REC-xml-c14n-20010315').sign( root, reference_uri='#' + identidade, key=key_str, cert=cert_str) return etree.tostring(signed_root) else: messages.error( request, '''O certificado não está configurado, configure pelo menos um transmissor para o respectivo empregador!''' ) else: messages.error(request, '''O transmissor não está configurado!''') return xml
def sign(self): _logger.debug('Firma de XML : ') cert = open(templateXML+ os.sep +'myr.cer').read() privkey = open(templateXML+ os.sep +'myr.key').read() root = etree.fromstring(self._xml.encode('ISO-8859-1'), parser=etree.XMLParser(encoding='ISO-8859-1')) _logger.debug(root) signed_root = XMLSigner(method=methods.enveloped, signature_algorithm='rsa-sha1', digest_algorithm='sha1', c14n_algorithm=u'http://www.w3.org/TR/2001/REC-xml-c14n-20010315').sign(root, key=privkey, cert=cert) self._xml = etree.tostring(signed_root,encoding='ISO-8859-1') assertion_data = XMLVerifier().verify(signed_root,x509_cert=cert).signed_xml _logger.debug(assertion_data) _logger.debug(self._xml)
def __init__(self, certificado, chave, namespace): self.cert = certificado self.key = chave self.NAMESPACE = namespace self._assinador = XMLSigner( method=methods.detached, signature_algorithm="rsa-sha1", digest_algorithm='sha1', c14n_algorithm='http://www.w3.org/TR/2001/REC-xml-c14n-20010315')
def sign(node, key_path, cert_path, get_object=False): key = import_key(key_path) cert = import_key(cert_path) signer = XMLSigner( method=methods.enveloped, signature_algorithm='rsa-sha1', digest_algorithm='sha1', c14n_algorithm='http://www.w3.org/TR/2001/REC-xml-c14n-20010315') signed_node = signer.sign(node, key=key, cert=cert) if get_object is True: return signed_node return etree.tostring(signed_node)
def make_saml_response(): key = readfile("resources/privatekey.pem").encode('ascii') cert = readfile("resources/idp.crt").encode('ascii') saml_response_template = readfile("resources/saml-response-template.xml") saml_response = saml_response_template \ .replace("issue-instant-field", format_time(datetime.utcnow())) \ .replace("session-not-on-or-after-field", format_time(datetime.utcnow() + timedelta(days=1))) \ .replace("not-on-or-after-field", format_time(datetime.utcnow() + timedelta(minutes=5))) \ .replace("auth-user-field", auth_user) root = etree.fromstring(saml_response) signed_root = XMLSigner().sign(root, key=key, cert=cert) return base64.b64encode(etree.tostring(signed_root)).decode()
def sign_assertion(assertion, key, cert, reference_uri): signer = XMLSigner(signature_algorithm="rsa-sha1", digest_algorithm="sha1", c14n_algorithm="http://www.w3.org/2001/10/xml-exc-c14n#") signed_assertion_element = signer.sign(assertion, key=key, cert=cert, reference_uri=reference_uri) return signed_assertion_element
def sign(xml, cert_data): signer = XMLSigner( method=signxml.methods.enveloped, signature_algorithm='rsa-sha256', digest_algorithm='sha256', c14n_algorithm='http://www.w3.org/TR/2001/REC-xml-c14n-20010315' ) xml_root = None if not isinstance(xml, etree._ElementTree): xml = load_fromfile(xml) xml_root = xml.getroot() signed_root = signer.sign(xml_root, key=cert_data['key_str'], cert=cert_data['cert_str']) return etree.ElementTree(signed_root)
def get_signed_value(self, str_xml): cert = self.get_pem_certificate() key = self.get_pem_private_key() ET.register_namespace("ds", "http://www.w3.org/2000/09/xmldsig#") xml2 = str_xml.encode('utf -8') root = etree.fromstring(xml2) signed_root = XMLSigner().sign(root, key=key, cert=cert) data_serialized = lxml_ET.tostring(signed_root) data_parsed = ET.fromstring(data_serialized) tree = ET.ElementTree(data_parsed) # tree.write("/Users/mac/Dropbox/new_signed_file4.xml") tree.write("c:\\tmp\\new_signed_file4.xml")
def sign(element, reference_uri, certificate_data, key_data): signer = XMLSigner( signature_algorithm="rsa-sha1", digest_algorithm="sha1", c14n_algorithm="http://www.w3.org/2001/10/xml-exc-c14n#") # Sign XML. signed_element = signer.sign(element, key=key_data, cert=certificate_data, reference_uri=reference_uri) return signed_element
def sign_assertions(response_str): """ Return signed response string """ response_element = etree.fromstring(response_str) cert = read_bytes("keys/cert.pem") key = read_bytes("keys/key.pem") for e in response_element.findall( '{urn:oasis:names:tc:SAML:2.0:assertion}Assertion'): signer = XMLSigner( c14n_algorithm="http://www.w3.org/2001/10/xml-exc-c14n#", signature_algorithm='rsa-sha1', digest_algorithm='sha1') signed_e = signer.sign(e, key=key, cert=cert) response_element.replace(e, signed_e) return etree.tostring(response_element, pretty_print=True)
def createSigniature(student, key): root = ElementTree.Element("Student") username = ElementTree.SubElement(root, "Username") username.text = student["username"] fakulteti = ElementTree.SubElement(root, "Fakulteti") fakulteti.text = student["fakulteti"] nota = ElementTree.SubElement(root, "Nota") nota.text = student["nota"] viti = ElementTree.SubElement(root, "Viti") viti.text = student["viti"] signedXML = XMLSigner().sign(root, key=PRIVATEKEY) xmlStr = tostring(signedXML) message = {"cmd": "SIGNIATURE", "data": xmlStr.decode()} message = json.dumps(message) return MessageToSend(key, message)
def assina_xml(self, xml): ##Modificado para utilizar o signxml ao inves do libxml2 e xmlsec from signxml import XMLSigner from signxml import methods xml = self._prepara_doc_xml(xml) doc_xml = lxml.etree.fromstring(xml.encode('utf-8')) #buscando chave de acesso no documento e retiranto TAG Signature chave_de_acesso = self._ler_chave_acesso(doc_xml) if chave_de_acesso is None: raise ValueError( 'Nao foi possivel encontrar a Tag para a assinatura.') #String para bytes para a leitura no signxml chave = self.chave.encode('utf-8') certificado = self.certificado.encode('utf-8') signer = XMLSigner( method=methods.enveloped, signature_algorithm='rsa-sha1', digest_algorithm='sha1', c14n_algorithm='http://www.w3.org/TR/2001/REC-xml-c14n-20010315') #Retirar os prefixos ds: da assinatura ns = {} ns[None] = signer.namespaces['ds'] signer.namespaces = ns #Assina o documento signed_doc = signer.sign(doc_xml, key=chave, cert=certificado, reference_uri='#{0}'.format(chave_de_acesso)) #Selecionar apenas a tag Signature do documento. signature_tag = None for child in signed_doc: if 'Signature' in child.tag: signature_tag = child if signature_tag is None: raise ("Assinatura nao encontrada.") signature_tag = lxml.etree.tostring(signature_tag).decode('utf-8') signature_tag = self._finaliza_xml(signature_tag) return signature_tag
def sign_seed(message, privkey, cert): """ @author: Daniel Blanco Martin (daniel[at]blancomartin.cl) @version: 2016-06-01 """ _logger.info('SIGNING WITH SIGN_SEED ##### ------ #####') doc = etree.fromstring(message) signed_node = XMLSigner( method=methods.enveloped, signature_algorithm=u'rsa-sha1', digest_algorithm=u'sha1').sign( doc, key=privkey.encode('ascii'), passphrase=None, cert=cert, key_name=None, key_info=None, id_attribute=None) msg = etree.tostring( signed_node, pretty_print=True).replace(b'ds:', b'') _logger.info('message: {}'.format(msg)) return msg