我尝试使用python-xmlsec从模板签名xml文档。如果URI =“”,它可以正常工作。但是,如果URI不为空,则出现错误“无法签名”
python 3.6 来自https://github.com/mehcode/python-xmlsec
的xmlsecimport xmlsec
xml_in='''<Envelope xmlns="urn:envelope">
<Data ID="1234">
Hello, World!
</Data>
<Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
<SignedInfo>
<CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315" />
<SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" />
<Reference URI="#1234">
<Transforms>
<Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" />
</Transforms>
<DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
<DigestValue></DigestValue>
</Reference>
</SignedInfo>
<SignatureValue/>
<KeyInfo>
<KeyName/>
</KeyInfo>
</Signature>
</Envelope>'''
template=etree.ElementTree(etree.fromstring(xml_in)).getroot()
signature_node = xmlsec.tree.find_node(template, xmlsec.constants.NodeSignature)
ctx = xmlsec.SignatureContext()
ctx.key = xmlsec.Key.from_file('c:/certificates/ercot.key', xmlsec.constants.KeyDataFormatPem)
ctx.sign(signature_node)
print(etree.tostring(template).decode())
ERROR below:
Traceback (most recent call last):
File "<ipython-input-243-4de30b62be4f>", line 5, in <module>
ctx.sign(signature_node)
Error: (1, 'failed to sign')```
答案 0 :(得分:0)
您需要注册节点和属性:
ctx.register_id(node=template, id_attr="ID")