我正在开发一个asp.net应用程序的django端口,该端口仅使用公钥/私钥对生成和签署xml文档。
除了签名方面,我已经成功地复制了xml生成的每一个方面。我已经找到了signxml库,它似乎可以让我做到这一点,但我不知道如何让它发挥作用。这是我得到的代码(根据这里的示例建模):
# store keys as strings
cert = open(signprivatepath).read()
key = open(signpublicpath).read()
data = ET.fromstring(docstring)
xmldsig_stuff = xmldsig(data, 'sha1')
signed_root = xmldsig_stuff.sign(
key=key,
cert=cert,
algorithm='rsa-sha1',
c14n_algorithm='http://www.w3.org/TR/2001/REC-xml-c14n-20010315'
)
verified_data = xmldsig(signed_root).verify()
return verified_data
signprivatepath和signpublicpath都是指向PEM格式密钥的路径。
当我运行代码时,它返回以下错误:
Environment:
Request Method: GET
Request URL: http://127.0.0.1:8000/site/245/download-site-license
Django Version: 1.9.5
Python Version: 3.5.1
Installed Applications:
['licenses.apps.LicensesConfig',
'simple_history',
'django.contrib.admindocs',
'django.contrib.admin',
'django.contrib.auth',
'django.contrib.contenttypes',
'django.contrib.sessions',
'django.contrib.messages',
'django.contrib.staticfiles']
Installed Middleware:
['simple_history.middleware.HistoryRequestMiddleware',
'django.middleware.security.SecurityMiddleware',
'django.contrib.sessions.middleware.SessionMiddleware',
'django.middleware.common.CommonMiddleware',
'django.middleware.csrf.CsrfViewMiddleware',
'django.contrib.auth.middleware.AuthenticationMiddleware',
'django.contrib.auth.middleware.SessionAuthenticationMiddleware',
'django.contrib.messages.middleware.MessageMiddleware',
'django.middleware.clickjacking.XFrameOptionsMiddleware']
Traceback:
File "C:UsersservantAppDataLocalProgramsPythonPython35-32libsite-packagesdjangocorehandlersbase.py" in get_response
149. response = self.process_exception_by_middleware(e, request)
File "C:UsersservantAppDataLocalProgramsPythonPython35-32libsite-packagesdjangocorehandlersbase.py" in get_response
147. response = wrapped_callback(request, *callback_args, **callback_kwargs)
File "C:projectsdjangoswlicensinglicensesviewssite.py" in downloadSiteLicense
206. signedXMLTree = signXML(treestring)
File "C:projectsdjangoswlicensinglicensesviewssite.py" in signXML
144. c14n_algorithm='http://www.w3.org/TR/2001/REC-xml-c14n-20010315'
File "C:UsersservantAppDataLocalProgramsPythonPython35-32libsite-packagessignxml-1.0.0-py3.5.eggsignxml__init__.py" in sign
414. key = load_pem_private_key(self.key, password=passphrase, backend=default_backend())
File "C:UsersservantAppDataLocalProgramsPythonPython35-32libsite-packagescryptographyhazmatprimitivesserialization.py" in load_pem_private_key
20. return backend.load_pem_private_key(data, password)
File "C:UsersservantAppDataLocalProgramsPythonPython35-32libsite-packagescryptographyhazmatbackendsmultibackend.py" in load_pem_private_key
282. return b.load_pem_private_key(data, password)
File "C:UsersservantAppDataLocalProgramsPythonPython35-32libsite-packagescryptographyhazmatbackendsopensslbackend.py" in load_pem_private_key
1606. password,
File "C:UsersservantAppDataLocalProgramsPythonPython35-32libsite-packagescryptographyhazmatbackendsopensslbackend.py" in _load_key
1784. mem_bio = self._bytes_to_bio(data)
File "C:UsersservantAppDataLocalProgramsPythonPython35-32libsite-packagescryptographyhazmatbackendsopensslbackend.py" in _bytes_to_bio
1058. data_char_p = self._ffi.new("char[]", data)
Exception Type: TypeError at /site/245/download-site-license
Exception Value: initializer for ctype 'char[]' must be a bytes or list or tuple, not str
有办法做到这一点吗?我从中复制的代码似乎没有使用证书,只是使用私钥本身。还是我错过了什么?
cert和key变量需要是字节数组,因此通过以下将其读取为字节数组
cert = open(signprivatepath, "rb").read()
key = open(signpublicpath, "rb").read()
然后将其传递到sign函数中,就像您已经执行一样
signed_root = xmldsig_stuff.sign(
key=key,
cert=cert,
algorithm='rsa-sha1',
c14n_algorithm='http://www.w3.org/TR/2001/REC-xml-c14n-20010315'
)