Add docs for SHA1 deprecation; reject empty configs

Author: kislyuk

signxml/algorithms.py

@@ -70,10 +70,7 @@ class DigestAlgorithm(FragmentLookupMixin, InvalidInputErrorMixin, Enum):
     SHA3_512 = "http://www.w3.org/2007/05/xmldsig-more#sha3-512"
 
     SHA1 = "http://www.w3.org/2000/09/xmldsig#sha1"
-    """
-    SHA1 based algorithms are not secure for use in digital signatures. They are included for legacy compatibility only.
-    Support for their algorithm identifiers is deprecated and will be removed in a future release.
-    """
+    "See `SHA1 deprecation`_."
 
     @property
     def implementation(self) -> Callable:
@@ -123,29 +120,24 @@ class SignatureMethod(FragmentLookupMixin, InvalidInputErrorMixin, Enum):
 
     DSA_SHA1 = "http://www.w3.org/2000/09/xmldsig#dsa-sha1"
     """
-    SHA1 based algorithms are not secure for use in digital signatures. They are included for legacy compatibility only.
-    Support for their algorithm identifiers is deprecated and will be removed in a future release.
+    _`SHA1 deprecation`: SHA1 based algorithms are not secure for use in digital signatures. They are included for
+    legacy compatibility only and disabled by default. To verify SHA1 based signatures, use::
+
+        XMLVerifier().verify(
+            expect_config=SignatureConfiguration(
+                signature_methods=...,
+                digest_algorithms=...
+            )
+        )
     """
     HMAC_SHA1 = "http://www.w3.org/2000/09/xmldsig#hmac-sha1"
-    """
-    SHA1 based algorithms are not secure for use in digital signatures. They are included for legacy compatibility only.
-    Support for their algorithm identifiers is deprecated and will be removed in a future release.
-    """
+    "See `SHA1 deprecation`_."
     RSA_SHA1 = "http://www.w3.org/2000/09/xmldsig#rsa-sha1"
-    """
-    SHA1 based algorithms are not secure for use in digital signatures. They are included for legacy compatibility only.
-    Support for their algorithm identifiers is deprecated and will be removed in a future release.
-    """
+    "See `SHA1 deprecation`_."
     ECDSA_SHA1 = "http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha1"
-    """
-    SHA1 based algorithms are not secure for use in digital signatures. They are included for legacy compatibility only.
-    Support for their algorithm identifiers is deprecated and will be removed in a future release.
-    """
+    "See `SHA1 deprecation`_."
     SHA1_RSA_MGF1 = "http://www.w3.org/2007/05/xmldsig-more#sha1-rsa-MGF1"
-    """
-    SHA1 based algorithms are not secure for use in digital signatures. They are included for legacy compatibility only.
-    Support for their algorithm identifiers is deprecated and will be removed in a future release.
-    """
+    "See `SHA1 deprecation`_."
 
 
 class CanonicalizationMethod(InvalidInputErrorMixin, Enum):

signxml/verifier.py

@@ -63,13 +63,13 @@ class SignatureConfiguration:
     signature_methods: FrozenSet[SignatureMethod] = frozenset(sm for sm in SignatureMethod if "SHA1" not in sm.name)
     """
     Set of acceptable signature methods (signature algorithms). Any signature generated using an algorithm not listed
-    here will fail verification (but if this set is left empty, then all supported algorithms are accepted).
+    here will fail verification.
     """
 
     digest_algorithms: FrozenSet[DigestAlgorithm] = frozenset(da for da in DigestAlgorithm if "SHA1" not in da.name)
     """
     Set of acceptable digest algorithms. Any signature or reference transform generated using an algorithm not listed
-    here will cause verification to fail (but if this set is left empty, then all supported algorithms are accepted).
+    here will cause verification to fail.
     """
 
     ignore_ambiguous_key_info: bool = False
@@ -338,7 +338,7 @@ def verify(
         signature_method = self._find(signed_info, "SignatureMethod")
         signature_value = self._find(signature, "SignatureValue")
         signature_alg = SignatureMethod(signature_method.get("Algorithm"))
-        if self.config.signature_methods and signature_alg not in self.config.signature_methods:
+        if signature_alg not in self.config.signature_methods:
             raise InvalidInput(f"Signature method {signature_alg.name} forbidden by configuration")
         raw_signature = b64decode(signature_value.text)
         x509_data = signature.find("ds:KeyInfo/ds:X509Data", namespaces=namespaces)
@@ -467,7 +467,7 @@ def _verify_reference(self, reference, index, root, uri_resolver, c14n_algorithm
         # TODO: payload-specific c14n alg
         payload_c14n = self._apply_transforms(payload, transforms, copied_signature_ref, c14n_algorithm)
         digest_alg = DigestAlgorithm(digest_method_alg_name)
-        if self.config.digest_algorithms and digest_alg not in self.config.digest_algorithms:
+        if digest_alg not in self.config.digest_algorithms:
             raise InvalidInput(f"Digest algorithm {digest_alg.name} forbidden by configuration")
 
         if b64decode(digest_value.text) != self._get_digest(payload_c14n, digest_alg):

test/test.py

@@ -630,12 +630,15 @@ def test_verify_config(self):
         config = SignatureConfiguration(location="./foo/bar/")
         with self.assertRaisesRegex(InvalidInput, "Expected to find XML element Signature in data"):
             verifier.verify(signed, x509_cert=cert, expect_config=config)
-        config = SignatureConfiguration(signature_methods=[SignatureMethod.ECDSA_SHA384])
+        config = SignatureConfiguration(signature_methods=[])
         with self.assertRaisesRegex(InvalidInput, "Signature method RSA_SHA256 forbidden by configuration"):
             verifier.verify(signed, x509_cert=cert, expect_config=config)
         config = SignatureConfiguration(digest_algorithms=[DigestAlgorithm.SHA3_512])
         with self.assertRaisesRegex(InvalidInput, "Digest algorithm SHA256 forbidden by configuration"):
             verifier.verify(signed, x509_cert=cert, expect_config=config)
+        config = SignatureConfiguration(digest_algorithms=[])
+        with self.assertRaisesRegex(InvalidInput, "Digest algorithm SHA256 forbidden by configuration"):
+            verifier.verify(signed, x509_cert=cert, expect_config=config)
 
     def test_sha1_policy(self):
         data = etree.parse(self.example_xml_files[0]).getroot()