XML-Security
diff --git a/‎signxml/__init__.py‎
Lines changed: 75 additions & 140 deletions b/‎signxml/__init__.py‎
Lines changed: 75 additions & 140 deletions
diff --git a/‎signxml/util/__init__.py‎
Lines changed: 104 additions & 0 deletions b/‎signxml/util/__init__.py‎
Lines changed: 104 additions & 0 deletions
diff --git a/‎signxml/xades/__init__.py‎
Lines changed: 41 additions & 25 deletions b/‎signxml/xades/__init__.py‎
Lines changed: 41 additions & 25 deletions
diff --git a/‎test/test.py‎
Lines changed: 17 additions & 14 deletions b/‎test/test.py‎
Lines changed: 17 additions & 14 deletions
@@ -11,9 +11,11 @@
 import textwrap
 from base64 import b64decode, b64encode
 from dataclasses import dataclass
+from enum import Enum, auto
 from typing import Any, List, Optional
 from xml.etree import ElementTree as stdlibElementTree
 
+from cryptography.hazmat.primitives import hashes
 from lxml import etree
 
 from ..exceptions import InvalidCertificate, InvalidInput, RedundantCert, SignXMLException
@@ -22,6 +24,108 @@
 PEM_FOOTER = "-----END CERTIFICATE-----"
 
 
+class XMLSignatureMethods(Enum):
+    enveloped = auto()
+    enveloping = auto()
+    detached = auto()
+
+
+class FragmentLookupMixin:
+    @classmethod
+    def from_fragment(cls, fragment):
+        for i in cls:  # type: ignore
+            if i.value.endswith("#" + fragment):
+                return i
+        else:
+            raise InvalidInput(f"Unrecognized {cls.__name__} identifier fragment: {fragment}")
+
+
+class InvalidInputErrorMixin:
+    @classmethod
+    def _missing_(cls, value):
+        raise InvalidInput(f"Unrecognized {cls.__name__}: {value}")
+
+
+class XMLSecurityDigestAlgorithm(FragmentLookupMixin, InvalidInputErrorMixin, Enum):
+    SHA1 = "http://www.w3.org/2000/09/xmldsig#sha1"
+    SHA224 = "http://www.w3.org/2001/04/xmldsig-more#sha224"
+    SHA384 = "http://www.w3.org/2001/04/xmldsig-more#sha384"
+    SHA256 = "http://www.w3.org/2001/04/xmlenc#sha256"
+    SHA512 = "http://www.w3.org/2001/04/xmlenc#sha512"
+    SHA3_224 = "http://www.w3.org/2007/05/xmldsig-more#sha3-224"
+    SHA3_256 = "http://www.w3.org/2007/05/xmldsig-more#sha3-256"
+    SHA3_384 = "http://www.w3.org/2007/05/xmldsig-more#sha3-384"
+    SHA3_512 = "http://www.w3.org/2007/05/xmldsig-more#sha3-512"
+
+    @property
+    def implementation(self):
+        return digest_algorithm_implementations[self]
+
+
+# TODO: check if padding errors are fixed by using padding=MGF1
+class XMLSecuritySignatureMethod(FragmentLookupMixin, InvalidInputErrorMixin, Enum):
+    DSA_SHA1 = "http://www.w3.org/2000/09/xmldsig#dsa-sha1"
+    HMAC_SHA1 = "http://www.w3.org/2000/09/xmldsig#hmac-sha1"
+    RSA_SHA1 = "http://www.w3.org/2000/09/xmldsig#rsa-sha1"
+    ECDSA_SHA1 = "http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha1"
+    ECDSA_SHA224 = "http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha224"
+    ECDSA_SHA256 = "http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha256"
+    ECDSA_SHA384 = "http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha384"
+    ECDSA_SHA512 = "http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha512"
+    HMAC_SHA224 = "http://www.w3.org/2001/04/xmldsig-more#hmac-sha224"
+    HMAC_SHA256 = "http://www.w3.org/2001/04/xmldsig-more#hmac-sha256"
+    HMAC_SHA384 = "http://www.w3.org/2001/04/xmldsig-more#hmac-sha384"
+    HMAC_SHA512 = "http://www.w3.org/2001/04/xmldsig-more#hmac-sha512"
+    RSA_SHA224 = "http://www.w3.org/2001/04/xmldsig-more#rsa-sha224"
+    RSA_SHA256 = "http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"
+    RSA_SHA384 = "http://www.w3.org/2001/04/xmldsig-more#rsa-sha384"
+    RSA_SHA512 = "http://www.w3.org/2001/04/xmldsig-more#rsa-sha512"
+    RSA_PSS = "http://www.w3.org/2007/05/xmldsig-more#rsa-pss"
+    DSA_SHA256 = "http://www.w3.org/2009/xmldsig11#dsa-sha256"
+    ECDSA_SHA3_224 = "http://www.w3.org/2021/04/xmldsig-more#ecdsa-sha3-224"
+    ECDSA_SHA3_256 = "http://www.w3.org/2021/04/xmldsig-more#ecdsa-sha3-256"
+    ECDSA_SHA3_384 = "http://www.w3.org/2021/04/xmldsig-more#ecdsa-sha3-384"
+    ECDSA_SHA3_512 = "http://www.w3.org/2021/04/xmldsig-more#ecdsa-sha3-512"
+    EDDSA_ED25519 = "http://www.w3.org/2021/04/xmldsig-more#eddsa-ed25519"
+    EDDSA_ED448 = "http://www.w3.org/2021/04/xmldsig-more#eddsa-ed448"
+
+
+digest_algorithm_implementations = {
+    XMLSecurityDigestAlgorithm.SHA1: hashes.SHA1,
+    XMLSecurityDigestAlgorithm.SHA224: hashes.SHA224,
+    XMLSecurityDigestAlgorithm.SHA384: hashes.SHA384,
+    XMLSecurityDigestAlgorithm.SHA256: hashes.SHA256,
+    XMLSecurityDigestAlgorithm.SHA512: hashes.SHA512,
+    XMLSecurityDigestAlgorithm.SHA3_224: hashes.SHA3_224,
+    XMLSecurityDigestAlgorithm.SHA3_256: hashes.SHA3_256,
+    XMLSecurityDigestAlgorithm.SHA3_384: hashes.SHA3_384,
+    XMLSecurityDigestAlgorithm.SHA3_512: hashes.SHA3_512,
+    XMLSecuritySignatureMethod.DSA_SHA1: hashes.SHA1,
+    XMLSecuritySignatureMethod.HMAC_SHA1: hashes.SHA1,
+    XMLSecuritySignatureMethod.RSA_SHA1: hashes.SHA1,
+    XMLSecuritySignatureMethod.ECDSA_SHA1: hashes.SHA1,
+    XMLSecuritySignatureMethod.ECDSA_SHA224: hashes.SHA224,
+    XMLSecuritySignatureMethod.ECDSA_SHA256: hashes.SHA256,
+    XMLSecuritySignatureMethod.ECDSA_SHA384: hashes.SHA384,
+    XMLSecuritySignatureMethod.ECDSA_SHA512: hashes.SHA512,
+    XMLSecuritySignatureMethod.HMAC_SHA224: hashes.SHA224,
+    XMLSecuritySignatureMethod.HMAC_SHA256: hashes.SHA256,
+    XMLSecuritySignatureMethod.HMAC_SHA384: hashes.SHA384,
+    XMLSecuritySignatureMethod.HMAC_SHA512: hashes.SHA512,
+    XMLSecuritySignatureMethod.RSA_SHA224: hashes.SHA224,
+    XMLSecuritySignatureMethod.RSA_SHA256: hashes.SHA256,
+    XMLSecuritySignatureMethod.RSA_SHA384: hashes.SHA384,
+    XMLSecuritySignatureMethod.RSA_SHA512: hashes.SHA512,
+    XMLSecuritySignatureMethod.DSA_SHA256: hashes.SHA256,
+    XMLSecuritySignatureMethod.ECDSA_SHA3_224: hashes.SHA1,
+    XMLSecuritySignatureMethod.ECDSA_SHA3_256: hashes.SHA1,
+    XMLSecuritySignatureMethod.ECDSA_SHA3_384: hashes.SHA1,
+    XMLSecuritySignatureMethod.ECDSA_SHA3_512: hashes.SHA1,
+    XMLSecuritySignatureMethod.EDDSA_ED25519: hashes.SHA512,
+    XMLSecuritySignatureMethod.EDDSA_ED448: hashes.SHAKE256,
+}
+
+
 class Namespace(dict):
     def __getattr__(self, a):
         return dict.__getitem__(self, a)
 
@@ -51,7 +51,9 @@
 
 from .. import VerifyResult, XMLSignatureProcessor, XMLSigner, XMLVerifier
 from ..exceptions import InvalidDigest, InvalidInput
-from ..util import SigningSettings, add_pem_header, ds_tag, namespaces, xades_tag
+from ..util import SigningSettings
+from ..util import XMLSecurityDigestAlgorithm as digest_algorithms
+from ..util import add_pem_header, ds_tag, namespaces, xades_tag
 
 # TODO: make this a dataclass
 default_data_object_format = {"Description": "Default XAdES payload description", "MimeType": "text/xml"}
@@ -69,7 +71,7 @@ class XAdESProcessor(XMLSignatureProcessor):
 
 class XAdESSigner(XAdESProcessor, XMLSigner):
     """
-    - assert signature algorithm is not sha1
+    TODO: docs and signature forwarding for autodocs
     """
 
     def __init__(
@@ -80,7 +82,7 @@ def __init__(
         **kwargs,
     ) -> None:
         super().__init__(**kwargs)
-        if self.sign_alg.startswith("hmac-"):
+        if self.sign_alg.name.startswith("HMAC_"):
             raise Exception("HMAC signatures are not supported by XAdES")
         self.signature_annotators.append(self._build_xades_ds_object)
         self._tokens_used: Dict[str, bool] = {}
@@ -145,11 +147,10 @@ def _add_reference_to_signed_info(self, sig_root, node_to_reference):
         signed_info = self._find(sig_root, "SignedInfo")
         reference = SubElement(signed_info, ds_tag("Reference"), nsmap=self.namespaces)
         reference.set("URI", f"#{node_to_reference.get('Id')}")
-        digest_alg = self.known_digest_tags[self.digest_alg]
-        SubElement(reference, ds_tag("DigestMethod"), nsmap=self.namespaces, Algorithm=digest_alg)
+        SubElement(reference, ds_tag("DigestMethod"), nsmap=self.namespaces, Algorithm=self.digest_alg.value)
         digest_value_node = SubElement(reference, ds_tag("DigestValue"), nsmap=self.namespaces)
         node_to_reference_c14n = self._c14n(node_to_reference, algorithm=self.c14n_alg)
-        digest = self._get_digest(node_to_reference_c14n, self._get_digest_method_by_tag(self.digest_alg))
+        digest = self._get_digest(node_to_reference_c14n, algorithm=self.digest_alg)
         digest_value_node.text = b64encode(digest).decode()
 
     def add_signing_time(self, signed_signature_properties, sig_root, signing_settings: SigningSettings):
@@ -169,11 +170,10 @@ def add_signing_certificate(self, signed_signature_properties, sig_root, signing
             else:
                 loaded_cert = load_certificate(FILETYPE_PEM, add_pem_header(cert))
             der_encoded_cert = dump_certificate(FILETYPE_ASN1, loaded_cert)
-            digest_alg = self.known_digest_tags[self.digest_alg]
-            cert_digest_bytes = self._get_digest(der_encoded_cert, self._get_digest_method(digest_alg))
+            cert_digest_bytes = self._get_digest(der_encoded_cert, algorithm=self.digest_alg)
             cert_node = SubElement(signing_cert_v2, xades_tag("Cert"), nsmap=self.namespaces)
             cert_digest = SubElement(cert_node, xades_tag("CertDigest"), nsmap=self.namespaces)
-            SubElement(cert_digest, ds_tag("DigestMethod"), nsmap=self.namespaces, Algorithm=digest_alg)
+            SubElement(cert_digest, ds_tag("DigestMethod"), nsmap=self.namespaces, Algorithm=self.digest_alg.value)
             digest_value_node = SubElement(cert_digest, ds_tag("DigestValue"), nsmap=self.namespaces)
             digest_value_node.text = b64encode(cert_digest_bytes).decode()
 
@@ -196,10 +196,10 @@ def add_signature_policy_identifier(self, signed_signature_properties, sig_root,
             description = SubElement(sig_policy_id, xades_tag("Description"), nsmap=self.namespaces)
             description.text = self.signature_policy["Description"]
             sig_policy_hash = SubElement(signature_policy_id, xades_tag("SigPolicyHash"), nsmap=self.namespaces)
-            digest_alg = self.known_digest_tags[self.signature_policy["DigestMethod"]]
-            SubElement(sig_policy_hash, ds_tag("DigestMethod"), nsmap=self.namespaces, Algorithm=digest_alg)
+            digest_alg = digest_algorithms(self.signature_policy["DigestMethod"])
+            SubElement(sig_policy_hash, ds_tag("DigestMethod"), nsmap=self.namespaces, Algorithm=digest_alg.value)
             digest_value_node = SubElement(sig_policy_hash, ds_tag("DigestValue"), nsmap=self.namespaces)
-            digest_value_node.text = b64encode(self.signature_policy["DigestValue"]).decode()
+            digest_value_node.text = self.signature_policy["DigestValue"]
 
     def add_signature_production_place(self, signed_signature_properties, sig_root, signing_settings: SigningSettings):
         # SignatureProductionPlace or SignatureProductionPlaceV2
@@ -234,19 +234,24 @@ def add_data_object_format(self, signed_data_object_properties, sig_root, signin
 
 class XAdESVerifier(XAdESProcessor, XMLVerifier):
     """
-    - implement registry of assertion callbacks
-    - assert signature algorithm is not hmac
+    FIXME: add docs
     """
 
+    # TODO: document/support SignatureTimeStamp / timestamp attestation
+    # SignatureTimeStamp is required by certain profiles but is an unsigned property
+
+    def _verify_signing_time(self, verify_result: VerifyResult):
+        pass
+
     def _verify_cert_digest(self, signing_cert_node, expect_cert):
         for cert in self._findall(signing_cert_node, "xades:Cert"):
             cert_digest = self._find(cert, "xades:CertDigest")
-            digest_alg = self._find(cert_digest, "DigestMethod").get("Algorithm")
+            digest_alg = digest_algorithms(self._find(cert_digest, "DigestMethod").get("Algorithm"))
             digest_value = self._find(cert_digest, "DigestValue")
             # check spec for specific method of retrieving cert
             der_encoded_cert = dump_certificate(FILETYPE_ASN1, expect_cert)
 
-            if b64decode(digest_value.text) != self._get_digest(der_encoded_cert, self._get_digest_method(digest_alg)):
+            if b64decode(digest_value.text) != self._get_digest(der_encoded_cert, algorithm=digest_alg):
                 raise InvalidDigest("Digest mismatch for certificate digest")
 
     def _verify_cert_digests(self, verify_result: VerifyResult):
@@ -272,23 +277,35 @@ def _verify_signature_policy(self, verify_result: VerifyResult):
             "xades:SignaturePolicyIdentifier/xades:SignaturePolicyId", namespaces=namespaces
         )
         if signature_policy_id is not None:
+            # FIXME: assert on all elements of self.expect_signature_policy
+            # FIXME: make signature policy into a dataclass
             sig_policy_id = self._find(signature_policy_id, "xades:SigPolicyId")
             identifier = self._find(sig_policy_id, "xades:Identifier")
+            if identifier.text != self.expect_signature_policy["Identifier"]:
+                raise InvalidInput(
+                    f"Expected to find signature policy identifier {self.expect_signature_policy['Identifier']}, "
+                    f"but found {identifier.text}"
+                )
             sig_policy_hash = self._find(signature_policy_id, "xades:SigPolicyHash")
-            digest_alg = self._find(sig_policy_hash, "DigestMethod").get("Algorithm")
+            digest_alg = digest_algorithms(self._find(sig_policy_hash, "DigestMethod").get("Algorithm"))
+            if digest_alg != self.expect_signature_policy["DigestMethod"]:
+                raise InvalidInput(
+                    f"Expected to find signature digest algorithm {self.expect_signature_policy['DigestMethod']}, "
+                    f"but found {digest_alg}"
+                )
             digest_value = self._find(sig_policy_hash, "DigestValue")
-            if b64decode(digest_value.text) != self._get_digest(
-                identifier.text.encode(), self._get_digest_method(digest_alg)
-            ):
-                pass  # FIXME
-                # raise InvalidDigest("Digest mismatch for signature policy hash")
+            if b64decode(digest_value.text) != b64decode(self.expect_signature_policy["DigestValue"]):
+                raise InvalidInput("Digest mismatch for signature policy hash")
 
     def _verify_signed_properties(self, verify_result):
+        self._verify_signing_time(verify_result)
         self._verify_cert_digests(verify_result)
-        self._verify_signature_policy(verify_result)
+        if self.expect_signature_policy:
+            self._verify_signature_policy(verify_result)
         return self._find(verify_result.signed_xml, "xades:SignedSignatureProperties")
 
-    def verify(self, data, expect_references=3, **kwargs):
+    def verify(self, data, expect_signature_policy=None, expect_references=3, **kwargs):
+        self.expect_signature_policy = expect_signature_policy
         verify_results = super().verify(data, expect_references=expect_references, **kwargs)
         for i, verify_result in enumerate(verify_results):
             if verify_result.signed_xml is None:
@@ -302,5 +319,4 @@ def verify(self, data, expect_references=3, **kwargs):
             raise InvalidInput("Expected to find a xades:SignedProperties element")
 
         # TODO: assert all mandatory signed properties are set
-        # TODO: add signed properties to verify_result
         return verify_results
@@ -24,6 +24,7 @@
     XMLSignatureProcessor,
     XMLSigner,
     XMLVerifier,
+    digest_algorithms,
     methods,
     namespaces,
 )
@@ -139,17 +140,17 @@ def resolver(uri):
                 XMLVerifier().verify(signed_data, **verify_kwargs)
                 XMLVerifier().verify(signed_data, parser=parser, **verify_kwargs)
                 res = XMLVerifier().verify(signed_data, id_attribute="Id", **verify_kwargs)
-                self.assertIsInstance(res, VerifyResult)
+                self.assertIsInstance(res[0], VerifyResult)
                 for attr in "signed_data", "signed_xml", "signature_xml":
-                    self.assertTrue(hasattr(res, attr))
+                    self.assertTrue(hasattr(res[0], attr))
 
-                if res.signed_xml is not None:
+                if res[0].signed_xml is not None:
                     # Ensure the signature is not part of the signed data
-                    self.assertIsNone(res.signed_xml.find(".//{http://www.w3.org/2000/09/xmldsig#}Signature"))
-                    self.assertNotEqual(res.signed_xml.tag, "{http://www.w3.org/2000/09/xmldsig#}Signature")
+                    self.assertIsNone(res[0].signed_xml.find(".//{http://www.w3.org/2000/09/xmldsig#}Signature"))
+                    self.assertNotEqual(res[0].signed_xml.tag, "{http://www.w3.org/2000/09/xmldsig#}Signature")
 
                 # Ensure the signature was returned
-                self.assertEqual(res.signature_xml.tag, "{http://www.w3.org/2000/09/xmldsig#}Signature")
+                self.assertEqual(res[0].signature_xml.tag, "{http://www.w3.org/2000/09/xmldsig#}Signature")
 
                 if method == methods.enveloping:
                     with self.assertRaisesRegex(InvalidInput, "Unable to resolve reference URI"):
@@ -435,7 +436,7 @@ def test_reference_uris_and_custom_key_info(self):
             reference_uri = ["assertionId", "assertion2"] if "assertion2" in d else "assertionId"
             signed_root = XMLSigner().sign(data, reference_uri=reference_uri, key=key, cert=crt)
             res = XMLVerifier().verify(etree.tostring(signed_root), x509_cert=crt, expect_references=True)
-            signed_data_root = res.signed_xml
+            signed_data_root = res[0].signed_xml
             ref = signed_root.xpath(
                 "/samlp:Response/saml:Assertion/ds:Signature/ds:SignedInfo/ds:Reference",
                 namespaces={
@@ -569,12 +570,10 @@ class TestXAdES(unittest.TestCase, LoadExampleKeys):
         "nonconformant-dss1770.xml": 3,
     }
     signature_policy = {
-        "Identifier": (
-            "http://www.facturae.es/politica_de_firma_formato_facturae/politica_de_firma_formato_facturae_v3_1.pdf"
-        ),
-        "Description": "Política de Firma FacturaE v3.1",
-        "DigestMethod": "sha1",
-        "DigestValue": b":\x18\xb1\x97\xab\xa9\x0f\xa6\xaf\xf0\xde\xe9\x12\xf0\xc0\x06\x11\x0b\xea\x13",
+        "Identifier": "urn:sbr:signature-policy:xml:2.0",
+        "Description": "Test description",
+        "DigestMethod": digest_algorithms.SHA256,
+        "DigestValue": "sVHhN1eqNH/PZ1B6h//ehyC1OwRQOrz/tJ3ZYaRrBgA=",
     }
     claimed_roles = ["signer"]
     data_object_format = {"Description": "Important Document", "MimeType": "text/xml"}
@@ -590,7 +589,9 @@ def test_xades_roundtrip(self):
         )
         signed_doc = signer.sign(doc, key=key, cert=cert)
         verifier = XAdESVerifier()
-        verify_results = verifier.verify(signed_doc, x509_cert=cert, expect_references=3)
+        verify_results = verifier.verify(
+            signed_doc, x509_cert=cert, expect_references=3, expect_signature_policy=self.signature_policy
+        )
         self.assertIsInstance(verify_results[1], XAdESVerifyResult)
         self.assertTrue(hasattr(verify_results[1], "signed_properties"))
 
@@ -613,6 +614,8 @@ def test_xades_interop_examples(self):
             kwargs = dict(x509_cert=cert, expect_references=self.expect_references.get(os.path.basename(sig_file), 2))
             if "nonconformant" in sig_file:
                 kwargs.update(validate_schema=False)
+            if "sigPolStore" in sig_file:
+                kwargs.update(expect_signature_policy=self.signature_policy)
             for condition, error in error_conditions.items():
                 if condition in sig_file:
                     with self.assertRaises(error):