[ADD] issuer info #1
Conversation
TODO: has a bug with public_bytes() in next lines
|
There were the following issues with this Pull Request
You may need to change the commit messages to comply with the repository contributing guidelines. 🤖 This comment was generated by commitlint[bot]. Please report issues here. Happy coding! |
|
There were the following issues with this Pull Request
You may need to change the commit messages to comply with the repository contributing guidelines. 🤖 This comment was generated by commitlint[bot]. Please report issues here. Happy coding! |
|
There were the following issues with this Pull Request
You may need to change the commit messages to comply with the repository contributing guidelines. 🤖 This comment was generated by commitlint[bot]. Please report issues here. Happy coding! |
signxml/xades/__init__.py
Outdated
| serial_element = XADES132.IssuerSerialV2( | ||
| # TODO implement, wtf? | ||
| DS.X09IssuerName(issuer_string(cert)), | ||
| DS.X509SerialNumber(f"cert.get_serial_number()") |
There was a problem hiding this comment.
Not quite yet: <xsd:element name="IssuerSerialV2" type="xsd:base64Binary" minOccurs="0"/>
The whole ASN.1 object shall be DER encoded and put here as bytestring.
There was a problem hiding this comment.
I compared the result from XML signed (xades-bes) and what get_serial_number() it's ok.
which schema file got it ?
There was a problem hiding this comment.
I think you implemented the legacy IssuerSerial
See the schema of IssuerSerialV2
There was a problem hiding this comment.
Just saw our latest commit, the object itself is der encoded, not one of it's members...
| usp := UnignedSignatureProperties, c. 4.3.6 | ||
| udop := UnignedDataObjectProperties, c. 4.3.7 | ||
| Electronic signature forms elements |
There was a problem hiding this comment.
"Electronic signature grammar (I guess that's what it is) by mode"
There was a problem hiding this comment.
There was a problem hiding this comment.
I'm ok with that, just those ? look a little grammar-ish. But yep, in xml, that is probably not a common usage of a word...
| udop := UnignedDataObjectProperties, c. 4.3.7 | ||
| Electronic signature forms elements | ||
| Mention differences between nodes |
| return XADES132.QualifyingProperties(*qp_elements, **qp_attributes) | ||
|
|
||
|
|
||
| class XAdESEPESSigner(XAdESSigner): |
There was a problem hiding this comment.
Might be an excellent idea, I have to think around it a bit.. Thanks 👍
|
@ovnicraft Thanks a lot for your PR! I'll have a look asap, and meanwhile I should probably reconfigure the commitlinter 😉 - until then, let's ignore him. |
|
There were the following issues with this Pull Request
You may need to change the commit messages to comply with the repository contributing guidelines. 🤖 This comment was generated by commitlint[bot]. Please report issues here. Happy coding! |
|
@ovnicraft I thought a little about the class base implemnetaiton of the different signature modes. I like the idea, it's hackable. Not sure if you've seen it, I've put a (still) unused enum at the beginning of the file, it was intended to server as a type switch aprameter for a mdoe dispatcher, with your prob=osal that would be a class dispatcher based on the enum, what do you think? |
signxml/xades/__init__.py
Outdated
| serial_element = XADES132.IssuerSerialV2( | ||
| # TODO implement, wtf? | ||
| DS.X09IssuerName(issuer_string(cert)), | ||
| DS.X509SerialNumber(b64encode(_der.encode_der_integer(cert.get_serial_number()))) |
There was a problem hiding this comment.
The spec is something like:
XADES132.IssuerSerialV2(b64encode(_der.encode...(asn_obj)))
There was a problem hiding this comment.
IMO must defined from DS.X509SerialNumber element wil double check
|
There were the following issues with this Pull Request
You may need to change the commit messages to comply with the repository contributing guidelines. 🤖 This comment was generated by commitlint[bot]. Please report issues here. Happy coding! |
signxml/xades/__init__.py
Outdated
| serial_element = XADES132.IssuerSerialV2( | ||
| DS.X09IssuerName(issuer_string(cert)), | ||
| DS.X509SerialNumber(f"cert.get_serial_number()") | ||
| b64encode(_der.encode_der_integer(cert.get_serial_number())) |
There was a problem hiding this comment.
Well, that's not the ASN object required here, it's the IssuerSerial object...
There was a problem hiding this comment.
I read this:
https://www.pyopenssl.org/en/stable/api/crypto.html#OpenSSL.crypto.X509.get_serial_number
I am calling get_serial_number()
Certificate has:
- issuer
- issuer serial number
There was a problem hiding this comment.
I see:
| Returns: | The serial number. |
| Return type: | int |
But what needs DER encoding is this RFC IssuerSerial ASN object
There was a problem hiding this comment.
IssuerSerial ::= SEQUENCE {
issuer GeneralNames,
serialNumber CertificateSerialNumber
}
taken from: https://tools.ietf.org/html/rfc5035
There was a problem hiding this comment.
GeneralNames can be quite some different objects, but I haven't yet analyzed how that poses encoding challenges...
There was a problem hiding this comment.
Please note also: it seems to be a sequence, or array of unnamed objects (if I understand the ASN spec grammar correctly).
There was a problem hiding this comment.
IMO DER representation must be done at application (signxml) level; so pyopenssl and cryptography provide API to solve this. AFAIK i do it.
IssueSerial comes from certificate from pyopenssl in 2 objects
SerialNameSerialNumber
Here we need to identify what needs the V2 on new spec; in legacy they has 2 elements on XML and i understood in V2 just one: SerialNumber
You can check my PR X509Name class and my own implementation to reverse get_components()
In terms of X509 Object all Issue serial is represented by:
as RFC mentioned defined.
There was a problem hiding this comment.
Why not construe the mentioned ASN object using some ASN generator? (pyasn.1 - I guess) - and then DER encode through one of the APIs you mention.
Or could you point me to the pyopenssl IssuerSerial object? I haven't seen it. Is it a sequence as the spec mandates?
There was a problem hiding this comment.
As for the name string, what's the difference between your implementation and https://cryptography.io/en/latest/x509/reference/#cryptography.x509.Name.rfc4514_string ?
|
There were the following issues with this Pull Request
You may need to change the commit messages to comply with the repository contributing guidelines. 🤖 This comment was generated by commitlint[bot]. Please report issues here. Happy coding! |
2 participants
TODO: