Xades XML 签名策略

【问题标题】:Xades XML Sign PolicyXades XML 签名策略
【发布时间】:2022-06-24 14:30:11
【问题描述】:

您好,我正在编写使用 Xades 签署 XML 文件的脚本(强制)。我以前从未签署过 XML 文件,所以我很迷茫。

错误似乎与标志政策有关,但我不确定它是如何完成的。我必须补充 指向“http://ticketbai.eus/politicafirma”的链接,策略哈希为:“d69VEBc4ED4QbwnDtCA2JESgJiw+rwzfutcaSl5gYvM="。我还需要考虑到密钥必须在 1024 字节以上。

注意:我正在研究 Python,因为我最习惯它,但我没有不便更改。除了脚本之外,证书已经过验证并且可以正常工作。

追溯

    ctx.sign(signature)
  File "C:\Users\acarrera\AppData\Local\Programs\Python\Python39\lib\site-packages\xades\xades_context.py", line 47, in sign
    self.calculate_signed_properties(signed_properties, node, True)
  File "C:\Users\acarrera\AppData\Local\Programs\Python\Python39\lib\site-packages\xades\xades_context.py", line 102, in calculate_signed_properties
    self.calculate_signature_properties(signature_properties, node, sign)
  File "C:\Users\acarrera\AppData\Local\Programs\Python\Python39\lib\site-packages\xades\xades_context.py", line 125, in calculate_signature_properties
    self.policy.calculate_certificates(
  File "C:\Users\acarrera\AppData\Local\Programs\Python\Python39\lib\site-packages\xades\policy.py", line 134, in calculate_certificates
    for key_x509 in keys_x509:
TypeError: 'builtins.Certificate' object is not iterable

Python代码

import os
import xmlsig
from lxml import etree
from OpenSSL import crypto
from xades import XAdESContext, template, utils
from xades.policy import GenericPolicyId

SIGN_POLICY = f"https://ticketbai.araba.eus/tbai/sinadura/"
CERTIANDER = os.environ.get(
    'CERTIANDER',
    r'SOLDISP_PF2856A9_CERT.pfx')

parsed_file = etree.parse('Factura1.xml').getroot()

signature = xmlsig.template.create(
    xmlsig.constants.TransformInclC14N,
    xmlsig.constants.TransformRsaSha256,
    "Signature",
)
signature_id = utils.get_unique_id()

ref = xmlsig.template.add_reference(
    signature, xmlsig.constants.TransformSha256, uri="", name="REF"
)

xmlsig.template.add_transform(ref, xmlsig.constants.TransformEnveloped)

xmlsig.template.add_reference(
        signature, xmlsig.constants.TransformSha256, uri="#" + signature_id
    )

xmlsig.template.add_reference(
    signature, xmlsig.constants.TransformSha256, uri="#" + signature_id
)

ki = xmlsig.template.ensure_key_info(signature, name="KI")
data = xmlsig.template.add_x509_data(ki)
xmlsig.template.x509_data_add_certificate(data)
serial = xmlsig.template.x509_data_add_issuer_serial(data)
xmlsig.template.x509_issuer_serial_add_issuer_name(serial)
xmlsig.template.x509_issuer_serial_add_serial_number(serial)
xmlsig.template.add_key_value(ki)
qualifying = template.create_qualifying_properties(
    signature, name=utils.get_unique_id(), etsi='xades'
)


props = template.create_signed_properties(qualifying, name=signature_id)


policy = GenericPolicyId(
        SIGN_POLICY,
        xmlsig.constants.TransformSha256,
    )

parsed_file.append(signature)

with open(CERTIANDER, "rb") as key_file:
    pfx = key_file.read()
        
certificate = crypto.load_pkcs12(pfx, b'password') #Personal Password

ctx = XAdESContext(
        policy,
        certificate.get_certificate().to_cryptography(),
    )

ctx.load_pkcs12(certificate)
ctx.sign(signature)

parsed_file[0][0][0].append(signature) 

et = etree.ElementTree(parsed_file)
    
nfs_name = 'Firmado'
et.write(nfs_name, pretty_print=True,
            encoding='utf-8', xml_declaration=True)

【问题讨论】:

    标签: python xml cryptography sign xades


    【解决方案1】:

    我遇到了同样的问题,在这个问题的结尾How to sign using Xades-EPES standard with Python? 他们提到唯一的区别是图书馆可以有多个证书,而您只能拥有一个。我修改了库并消除了失败的地方。这对我有用!

    【讨论】:

    • 您的答案可以通过额外的支持信息得到改进。请edit 添加更多详细信息,例如引用或文档,以便其他人可以确认您的答案是正确的。你可以找到更多关于如何写好答案的信息in the help center
    【解决方案2】:

    我遇到了同样的问题,但我阅读了git-hub 上的文档,并设法使用库的一项功能对 xml 进行了签名。如果你在西班牙,我签署了 xml 并且 Autofirma 检测到有效标志,但在网络上 Valida Firma 不是,我不知道为什么

    导入这些库。

    import xmlsig
from lxml import etree
from OpenSSL import crypto
from xades import XAdESContext, template, utils
from xades.policy import GenericPolicyId

    class UrllibMock:
    def read(self):
        with open(path.join(BASE_DIR, "data/policy.pdf"), "rb") as f:
            result = f.read()
        return result
def test_create_2(self):

        root = parse_xml("data/free-sample.xml")#Tu xml
        signature = xmlsig.template.create(
            xmlsig.constants.TransformInclC14N,
            xmlsig.constants.TransformRsaSha1,
            "Signature",
        )
        ref = xmlsig.template.add_reference(
            signature, xmlsig.constants.TransformSha1, uri="", name="R1"
        )
        xmlsig.template.add_transform(ref, xmlsig.constants.TransformEnveloped)
        xmlsig.template.add_reference(
            signature, xmlsig.constants.TransformSha1, uri="#KI", name="RKI"
        )
        ki = xmlsig.template.ensure_key_info(signature, name="KI")
        data = xmlsig.template.add_x509_data(ki)
        xmlsig.template.x509_data_add_certificate(data)
        serial = xmlsig.template.x509_data_add_issuer_serial(data)
        xmlsig.template.x509_issuer_serial_add_issuer_name(serial)
        xmlsig.template.x509_issuer_serial_add_serial_number(serial)
        xmlsig.template.add_key_value(ki)
        qualifying = template.create_qualifying_properties(signature)
        utils.ensure_id(qualifying)
        utils.ensure_id(qualifying)
        props = template.create_signed_properties(qualifying, datetime=datetime.now())
        template.add_claimed_role(props, "Supp")
        signed_do = template.ensure_signed_data_object_properties(props)
        template.add_data_object_format(
            signed_do, "#R1", identifier=ObjectIdentifier("Idenfitier0", "Description")
        )
        template.add_commitment_type_indication(
            signed_do,
            ObjectIdentifier("Idenfitier0", "Description"),
            qualifiers_type=["Tipo"],
        )

        template.add_commitment_type_indication(
            signed_do,
            ObjectIdentifier("Idenfitier1", references=["#R1"]),
            references=["#R1"],
        )
        template.add_data_object_format(
            signed_do,
            "#RKI",
            description="Desc",
            mime_type="application/xml",
            encoding="UTF-8",
        )
        root.append(signature)
        ctx = XAdESContext(ImpliedPolicy(xmlsig.constants.TransformSha1))
        with open(path.join(BASE_DIR, "data/CertificadoPrueba.p12#Path to your certificate"), "rb") as key_file:
            ctx.load_pkcs12(pkcs12.load_key_and_certificates(key_file.read(), b"Certificate Password"))
        with patch("xades.policy.urllib.urlopen") as mock:
            mock.return_value = UrllibMock()
            ctx.sign(signature)
            ctx.verify(signature)


        et = etree.ElementTree(root)
    
        nfs_name = 'FirmadoMedias'#Name Of New xml signed
        et.write(nfs_name, pretty_print=True,
                encoding='utf-8', xml_declaration=True)

    【讨论】:

      猜你喜欢
      • 2022-07-16
      • 2015-11-05
      • 2021-12-31
      • 1970-01-01
      • 1970-01-01
      • 1970-01-01
      • 1970-01-01
      • 1970-01-01
      • 1970-01-01
      相关资源
      最近更新 更多
      热门标签
      Java Python linux javascript Mysql C# Docker 算法 前端 SpringBoot Redis Vue spring 设计模式 .net core .net kubernetes c++ 数据库 数据结构 大数据 js 机器学习 微服务 Android Go 程序员 面试 JVM ASP.net core 云原生 人工智能 后端 PHP git CSS golang k8s Nginx Django mybatis 深度学习 多线程 React 架构 devops 爬虫 云计算 Spring Boot LeetCode