我正在使用库signxml来签名简单的XML:
<?xml version="1.0" encoding="UTF-8" standalone="no" ?>
<Shopping xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<Fruit id="themessage"><Apples/><Bananas/><Pears/></Fruit>
</Shopping>
但是,它不会在签名中产生ds:Transforms标记:
<Shopping xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<ds:Signature>
<ds:SignedInfo>
<ds:CanonicalizationMethod Algorithm="http://www.w3.org/2006/12/xml-c14n11"/>
<ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
<ds:Reference URI="#themessage">
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<ds:DigestValue>+dOniegeY2BGpuaAZJpPxQXqaLE=</ds:DigestValue>
</ds:Reference>
</ds:SignedInfo>
<ds:SignatureValue>z4J(...)</ds:SignatureValue>
<ds:KeyInfo>
<ds:X509Data><ds:X509Certificate>MII(...)</ds:X509Certificate><ds:X509Data>
</ds:KeyInfo>
</ds:Signature>
<Fruit id="themessage"><Apples/><Bananas/><Pears/></Fruit>
</Shopping>
我需要它来生成ds:Transforms标记,例如:
<?xml version="1.0" encoding="UTF-8" standalone="no" ?>
<Shopping xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<ds:Signature>
<ds:SignedInfo>
<ds:CanonicalizationMethod Algorithm="http://www.w3.org/2006/12/xml-c14n11"/>
<ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
<ds:Reference URI="#themessage">
<ds:Transforms><ds:Transform Algorithm="http://www.w3.org/2006/12/xml-c14n11"/></ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<ds:DigestValue>euMQ45LHLFbno1j/WTA6Tpf0mxM=</ds:DigestValue>
</ds:Reference>
</ds:SignedInfo>
<ds:SignatureValue>MGJ(...)
代码类似于:
data = etree.parse(sys.argv[1]).getroot()
remove_signature(data)
signer = XMLSigner(method=methods.detached,
signature_algorithm="rsa-sha1",
digest_algorithm="sha1",
c14n_algorithm="http://www.w3.org/2006/12/xml-c14n11")
signature = signer.sign(data,
reference_uri="themessage",
key=key,
cert=crt)
data.insert(0, signature)
我正在从文件中读取密钥和证书。
出什么问题了?
signxml不支持转换吗?
我想念什么?