我正在使用asp.net应用程序的django端口,该应用程序仅使用公钥/私钥对生成并签署xml文档。
除了签名方面,我设法复制了xml生成的每个方面。我发现signxml库似乎可以让我这样做,但我无法弄清楚如何让它工作。这是我得到的代码(以示例here为模型):
# store keys as strings
cert = open(signprivatepath).read()
key = open(signpublicpath).read()
data = ET.fromstring(docstring)
xmldsig_stuff = xmldsig(data, 'sha1')
signed_root = xmldsig_stuff.sign(
key=key,
cert=cert,
algorithm='rsa-sha1',
c14n_algorithm='http://www.w3.org/TR/2001/REC-xml-c14n-20010315'
)
verified_data = xmldsig(signed_root).verify()
return verified_data
signprivatepath和signpublicpath都是PEM格式化密钥的路径。
当我运行代码时,它会返回以下错误:
Environment:
Request Method: GET
Request URL: http://127.0.0.1:8000/site/245/download-site-license
Django Version: 1.9.5
Python Version: 3.5.1
Installed Applications:
['licenses.apps.LicensesConfig',
'simple_history',
'django.contrib.admindocs',
'django.contrib.admin',
'django.contrib.auth',
'django.contrib.contenttypes',
'django.contrib.sessions',
'django.contrib.messages',
'django.contrib.staticfiles']
Installed Middleware:
['simple_history.middleware.HistoryRequestMiddleware',
'django.middleware.security.SecurityMiddleware',
'django.contrib.sessions.middleware.SessionMiddleware',
'django.middleware.common.CommonMiddleware',
'django.middleware.csrf.CsrfViewMiddleware',
'django.contrib.auth.middleware.AuthenticationMiddleware',
'django.contrib.auth.middleware.SessionAuthenticationMiddleware',
'django.contrib.messages.middleware.MessageMiddleware',
'django.middleware.clickjacking.XFrameOptionsMiddleware']
Traceback:
File "C:\Users\servant\AppData\Local\Programs\Python\Python35-32\lib\site-packages\django\core\handlers\base.py" in get_response
149. response = self.process_exception_by_middleware(e, request)
File "C:\Users\servant\AppData\Local\Programs\Python\Python35-32\lib\site-packages\django\core\handlers\base.py" in get_response
147. response = wrapped_callback(request, *callback_args, **callback_kwargs)
File "C:\projects\django\swlicensing\licenses\views\site.py" in downloadSiteLicense
206. signedXMLTree = signXML(treestring)
File "C:\projects\django\swlicensing\licenses\views\site.py" in signXML
144. c14n_algorithm='http://www.w3.org/TR/2001/REC-xml-c14n-20010315'
File "C:\Users\servant\AppData\Local\Programs\Python\Python35-32\lib\site-packages\signxml-1.0.0-py3.5.egg\signxml\__init__.py" in sign
414. key = load_pem_private_key(self.key, password=passphrase, backend=default_backend())
File "C:\Users\servant\AppData\Local\Programs\Python\Python35-32\lib\site-packages\cryptography\hazmat\primitives\serialization.py" in load_pem_private_key
20. return backend.load_pem_private_key(data, password)
File "C:\Users\servant\AppData\Local\Programs\Python\Python35-32\lib\site-packages\cryptography\hazmat\backends\multibackend.py" in load_pem_private_key
282. return b.load_pem_private_key(data, password)
File "C:\Users\servant\AppData\Local\Programs\Python\Python35-32\lib\site-packages\cryptography\hazmat\backends\openssl\backend.py" in load_pem_private_key
1606. password,
File "C:\Users\servant\AppData\Local\Programs\Python\Python35-32\lib\site-packages\cryptography\hazmat\backends\openssl\backend.py" in _load_key
1784. mem_bio = self._bytes_to_bio(data)
File "C:\Users\servant\AppData\Local\Programs\Python\Python35-32\lib\site-packages\cryptography\hazmat\backends\openssl\backend.py" in _bytes_to_bio
1058. data_char_p = self._ffi.new("char[]", data)
Exception Type: TypeError at /site/245/download-site-license
Exception Value: initializer for ctype 'char[]' must be a bytes or list or tuple, not str
有办法做到这一点吗?我正在复制的代码似乎没有使用证书,只使用私钥本身。或者我错过了什么?
答案 0 :(得分:0)
cert和key变量需要是字节数组,因此请通过以下方式将其作为字节数组读取
cert = open(signprivatepath, "rb").read()
key = open(signpublicpath, "rb").read()
然后你将它传递给sign函数,就像你已经做过的那样
signed_root = xmldsig_stuff.sign(
key=key,
cert=cert,
algorithm='rsa-sha1',
c14n_algorithm='http://www.w3.org/TR/2001/REC-xml-c14n-20010315'
)