0

我尝试使用 python-xmlsec 从模板签署 xml 文档。如果 URI="",它可以正常工作。但是,如果 URI 不为空,则会出现错误“无法签名”

python 3.6 xmlsec 来自https://github.com/mehcode/python-xmlsec

import xmlsec

xml_in='''<Envelope xmlns="urn:envelope">
  <Data ID="1234">
    Hello, World!
  </Data>
  <Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
    <SignedInfo>
      <CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315" />
      <SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" />
      <Reference URI="#1234">
        <Transforms>
          <Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" />
        </Transforms>
        <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
        <DigestValue></DigestValue>
      </Reference>
    </SignedInfo>
    <SignatureValue/>
    <KeyInfo>
    <KeyName/>
    </KeyInfo>
  </Signature>
</Envelope>'''

template=etree.ElementTree(etree.fromstring(xml_in)).getroot()

signature_node = xmlsec.tree.find_node(template, xmlsec.constants.NodeSignature)

ctx = xmlsec.SignatureContext()

ctx.key = xmlsec.Key.from_file('c:/certificates/ercot.key', xmlsec.constants.KeyDataFormatPem)

ctx.sign(signature_node)

print(etree.tostring(template).decode())


ERROR below:

Traceback (most recent call last):

  File "<ipython-input-243-4de30b62be4f>", line 5, in <module>
    ctx.sign(signature_node)

Error: (1, 'failed to sign')```
4

1 回答 1

0

您需要注册节点和属性:

ctx.register_id(node=template, id_attr="ID")

于 2020-02-13T22:58:56.697 回答