|
|
@ -5,6 +5,7 @@ from OpenSSL import crypto |
|
|
from pynfe.utils import etree |
|
|
from pynfe.utils import etree |
|
|
from pynfe.entidades.certificado import CertificadoA1 |
|
|
from pynfe.entidades.certificado import CertificadoA1 |
|
|
from pynfe.utils.flags import NAMESPACE_NFE, NAMESPACE_SIG |
|
|
from pynfe.utils.flags import NAMESPACE_NFE, NAMESPACE_SIG |
|
|
|
|
|
import subprocess |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
class Assinatura(object): |
|
|
class Assinatura(object): |
|
|
@ -24,26 +25,34 @@ class Assinatura(object): |
|
|
|
|
|
|
|
|
class AssinaturaA1(Assinatura): |
|
|
class AssinaturaA1(Assinatura): |
|
|
"""Classe responsavel por efetuar a assinatura do certificado |
|
|
"""Classe responsavel por efetuar a assinatura do certificado |
|
|
digital no XML informado. Passar XML como string.""" |
|
|
|
|
|
|
|
|
digital no XML informado.""" |
|
|
|
|
|
|
|
|
def assinar(self, xml, retorna_string=False): |
|
|
def assinar(self, xml, retorna_string=False): |
|
|
try: |
|
|
try: |
|
|
arquivo_cert = CertificadoA1(self.certificado) |
|
|
|
|
|
chave, cert = arquivo_cert.separar_arquivo(self.senha, caminho=False) |
|
|
|
|
|
|
|
|
|
|
|
signer = signxml.xmldsig(xml, digest_algorithm="sha1") |
|
|
|
|
|
signer.sign(method=signxml.methods.enveloped, key=chave, cert=cert, |
|
|
|
|
|
algorithm="rsa-sha1", c14n_algorithm='http://www.w3.org/TR/2001/REC-xml-c14n-20010315') |
|
|
|
|
|
#signer.verify() |
|
|
|
|
|
# reference_uri nao funciona |
|
|
|
|
|
#verified_data = signer.verify(require_x509=True, ca_pem_file="cert.pem") |
|
|
|
|
|
|
|
|
|
|
|
##chave_id = xml.find('.//infNFe[@Id]').attrib['Id'] |
|
|
|
|
|
xml.findall('.//{http://www.w3.org/2000/09/xmldsig#}Reference')[0] \ |
|
|
|
|
|
.attrib['URI'] = '#'+xml.findall('infNFe')[0].attrib['Id'] |
|
|
|
|
|
|
|
|
# No raiz do XML de saida |
|
|
|
|
|
raiz = etree.Element('Signature', xmlns='http://www.w3.org/2000/09/xmldsig#') |
|
|
|
|
|
siginfo = etree.SubElement(raiz, 'SignedInfo') |
|
|
|
|
|
etree.SubElement(siginfo, 'CanonicalizationMethod', Algorithm='http://www.w3.org/TR/2001/REC-xml-c14n-20010315') |
|
|
|
|
|
etree.SubElement(siginfo, 'SignatureMethod', Algorithm='http://www.w3.org/2000/09/xmldsig#rsa-sha1') |
|
|
|
|
|
ref = etree.SubElement(siginfo, 'Reference', URI='#'+xml.findall('infNFe')[0].attrib['Id']) |
|
|
|
|
|
trans = etree.SubElement(ref, 'Transforms') |
|
|
|
|
|
etree.SubElement(trans, 'Transform', Algorithm='http://www.w3.org/2000/09/xmldsig#enveloped-signature') |
|
|
|
|
|
etree.SubElement(trans, 'Transform', Algorithm='http://www.w3.org/TR/2001/REC-xml-c14n-20010315') |
|
|
|
|
|
etree.SubElement(ref, 'DigestMethod', Algorithm='http://www.w3.org/2000/09/xmldsig#sha1') |
|
|
|
|
|
etree.SubElement(ref, 'DigestValue') |
|
|
|
|
|
etree.SubElement(raiz, 'SignatureValue') |
|
|
|
|
|
keyinfo = etree.SubElement(raiz, 'KeyInfo') |
|
|
|
|
|
etree.SubElement(keyinfo, 'X509Data') |
|
|
|
|
|
|
|
|
|
|
|
xml.append(raiz) |
|
|
|
|
|
|
|
|
|
|
|
with open('testes.xml', 'w') as arquivo: |
|
|
|
|
|
arquivo.write(etree.tostring(xml, encoding="unicode", pretty_print=False)) |
|
|
|
|
|
|
|
|
|
|
|
subprocess.check_call('xmlsec1 --sign --pkcs12 '+self.certificado+' --pwd '+self.senha+' --crypto openssl --output funciona.xml --id-attr:Id infNFe testes.xml') |
|
|
|
|
|
|
|
|
if retorna_string: |
|
|
if retorna_string: |
|
|
return etree.tostring(xml, encoding="unicode", pretty_print=True) |
|
|
|
|
|
|
|
|
return etree.tostring(xml, encoding="unicode", pretty_print=False) |
|
|
else: |
|
|
else: |
|
|
return xml |
|
|
return xml |
|
|
except Exception as e: |
|
|
except Exception as e: |
|
|
|
Junior Tada
11 years ago