Konstantin Shemyak - Tech Notes (Posts about XML)https://technotes.shemyak.com/enContents © 2021 <a href="mailto:konstantin@shemyak.com">Konstantin Shemyak</a> Fri, 02 Apr 2021 15:51:34 GMTNikola (getnikola.com)http://blogs.law.harvard.edu/tech/rssXML Signatures and Python ElementTreehttps://technotes.shemyak.com/posts/xml-signatures-and-python-elementtree/Konstantin Shemyak<div><h3>I just need to sign XML...</h3> <p>Python has a standard library module to handle XML, and there seems to be exactly one library for the signing part: <code>signxml</code>. So it should be straighforward:</p> <pre class="code literal-block"><span></span><span class="kn">from</span> <span class="nn">xml.etree</span> <span class="kn">import</span> <span class="n">ElementTree</span> <span class="k">as</span> <span class="n">ET</span> <span class="kn">from</span> <span class="nn">signxml</span> <span class="kn">import</span> <span class="n">XMLSigner</span><span class="p">,</span> <span class="n">XMLVerifier</span> <span class="n">cert</span><span class="p">,</span> <span class="n">key</span> <span class="o">=</span> <span class="p">[</span><span class="nb">open</span><span class="p">(</span><span class="n">f</span><span class="p">,</span> <span class="s2">"rb"</span><span class="p">)</span><span class="o">.</span><span class="n">read</span><span class="p">()</span> <span class="k">for</span> <span class="n">f</span> <span class="ow">in</span> <span class="p">(</span><span class="s2">"cert.pem"</span><span class="p">,</span> <span class="s2">"key.pem"</span><span class="p">)]</span> <span class="n">xml_obj</span> <span class="o">=</span> <span class="n">ET</span><span class="o">.</span><span class="n">fromstring</span><span class="p">(</span><span class="s2">"&lt;Test/&gt;"</span><span class="p">)</span> <span class="n">signed_xml_obj</span> <span class="o">=</span> <span class="n">XMLSigner</span><span class="p">()</span><span class="o">.</span><span class="n">sign</span><span class="p">(</span><span class="n">xml_obj</span><span class="p">,</span> <span class="n">key</span><span class="o">=</span><span class="n">key</span><span class="p">)</span> <span class="n">XMLVerifier</span><span class="p">()</span><span class="o">.</span><span class="n">verify</span><span class="p">(</span><span class="n">signed_xml_obj</span><span class="p">,</span> <span class="n">x509_cert</span><span class="o">=</span><span class="n">cert</span><span class="p">)</span> </pre> <p>Simple?</p> <p>But the receiver tells you that your signature does not verify?</p> <p>The solution code is at the <a href="https://technotes.shemyak.com/posts/xml-signatures-and-python-elementtree/#tldr">end of the article</a>. The rest explains what is happening.</p> <p>An optional parameter of the <code>sign()</code> method specifies <strong>type of the XML signature</strong>, which can be <em>enveloped</em>, <em>enveloping</em>, or <em>detached</em>. This article covers only the default case of <em>enveloped</em> signature.</p> <h3>...and send it forward</h3> <p>When you sign something, usually it is for the purpose of verifying the signature by someone else. Unless that someone else has access to your Python object, we need to serialize the latter:</p> <pre class="code literal-block"><span></span><span class="n">data_serialized</span> <span class="o">=</span> <span class="n">ET</span><span class="p">.</span><span class="n">tostring</span><span class="p">(</span><span class="n">signed_xml_obj</span><span class="p">)</span> <span class="o">#</span> <span class="n">Sending</span> <span class="n">the</span> <span class="k">data</span><span class="p">...</span> <span class="n">XMLVerifier</span><span class="p">().</span><span class="n">verify</span><span class="p">(</span><span class="n">data_serialized</span><span class="p">,</span> <span class="n">x509_cert</span><span class="o">=</span><span class="n">cert</span><span class="p">)</span> </pre> <p>And this is not simple any more, because verification of the serialized data fails:</p> <pre class="code literal-block"><span></span><span class="n">Traceback</span> <span class="p">(</span><span class="n">most</span> <span class="n">recent</span> <span class="k">call</span> <span class="k">last</span><span class="p">):</span> <span class="n">File</span> <span class="ss">"/path/to/python3.6/site-packages/signxml/__init__.py"</span><span class="p">,</span> <span class="n">line</span> <span class="mi">729</span><span class="p">,</span> <span class="k">in</span> <span class="n">verify</span> <span class="n">verify</span><span class="p">(</span><span class="n">signing_cert</span><span class="p">,</span> <span class="n">raw_signature</span><span class="p">,</span> <span class="n">signed_info_c14n</span><span class="p">,</span> <span class="n">signature_digest_method</span><span class="p">)</span> <span class="n">File</span> <span class="ss">"/path/to/python3.6/site-packages/OpenSSL/crypto.py"</span><span class="p">,</span> <span class="n">line</span> <span class="mi">2928</span><span class="p">,</span> <span class="k">in</span> <span class="n">verify</span> <span class="n">_raise_current_error</span><span class="p">()</span> <span class="n">File</span> <span class="ss">"/path/to/python3.6/site-packages/OpenSSL/_util.py"</span><span class="p">,</span> <span class="n">line</span> <span class="mi">54</span><span class="p">,</span> <span class="k">in</span> <span class="n">exception_from_error_queue</span> <span class="n">raise</span> <span class="n">exception_type</span><span class="p">(</span><span class="n">errors</span><span class="p">)</span> <span class="n">OpenSSL</span><span class="p">.</span><span class="n">crypto</span><span class="p">.</span><span class="n">Error</span><span class="p">:</span> <span class="p">[(</span><span class="s1">'rsa routines'</span><span class="p">,</span> <span class="s1">'int_rsa_verify'</span><span class="p">,</span> <span class="s1">'bad signature'</span><span class="p">)]</span> <span class="n">During</span> <span class="n">handling</span> <span class="k">of</span> <span class="n">the</span> <span class="n">above</span> <span class="k">exception</span><span class="p">,</span> <span class="n">another</span> <span class="k">exception</span> <span class="n">occurred</span><span class="p">:</span> <span class="n">Traceback</span> <span class="p">(</span><span class="n">most</span> <span class="n">recent</span> <span class="k">call</span> <span class="k">last</span><span class="p">):</span> <span class="n">File</span> <span class="ss">"1.py"</span><span class="p">,</span> <span class="n">line</span> <span class="mi">13</span><span class="p">,</span> <span class="k">in</span> <span class="o">&lt;</span><span class="n">module</span><span class="o">&gt;</span> <span class="n">XMLVerifier</span><span class="p">().</span><span class="n">verify</span><span class="p">(</span><span class="n">data_serialized</span><span class="p">,</span> <span class="n">x509_cert</span><span class="o">=</span><span class="n">cert</span><span class="p">)</span> <span class="n">File</span> <span class="ss">"/path/to/python3.6/site-packages/signxml/__init__.py"</span><span class="p">,</span> <span class="n">line</span> <span class="mi">735</span><span class="p">,</span> <span class="k">in</span> <span class="n">verify</span> <span class="n">raise</span> <span class="n">InvalidSignature</span><span class="p">(</span><span class="ss">"Signature verification failed: {}"</span><span class="p">.</span><span class="n">format</span><span class="p">(</span><span class="n">reason</span><span class="p">))</span> <span class="n">signxml</span><span class="p">.</span><span class="n">exceptions</span><span class="p">.</span><span class="n">InvalidSignature</span><span class="p">:</span> <span class="n">Signature</span> <span class="n">verification</span> <span class="n">failed</span><span class="p">:</span> <span class="n">bad</span> <span class="n">signature</span> </pre> <p>So, did the serialization break the signature? "When nothing helps, read the instructions". Documentation of <code>signxml</code> <a href="https://signxml.readthedocs.io/en/latest/#signxml.XMLSigner">tells</a> that the return value of <code>sign()</code> is an <code>lxml.etree.Element</code> object, not an <code>xml.etree.ElementTree</code> object.</p> <p>Next try is the serialization with <code>lxml</code>:</p> <pre class="code literal-block"><span></span><span class="kn">from</span> <span class="nn">lxml</span> <span class="kn">import</span> <span class="n">etree</span> <span class="k">as</span> <span class="n">lxml_ET</span> <span class="kn">from</span> <span class="nn">xml.etree</span> <span class="kn">import</span> <span class="n">ElementTree</span> <span class="k">as</span> <span class="n">ET</span> <span class="kn">from</span> <span class="nn">signxml</span> <span class="kn">import</span> <span class="n">XMLSigner</span><span class="p">,</span> <span class="n">XMLVerifier</span> <span class="n">cert</span><span class="p">,</span> <span class="n">key</span> <span class="o">=</span> <span class="p">[</span><span class="nb">open</span><span class="p">(</span><span class="n">f</span><span class="p">,</span> <span class="s2">"rb"</span><span class="p">)</span><span class="o">.</span><span class="n">read</span><span class="p">()</span> <span class="k">for</span> <span class="n">f</span> <span class="ow">in</span> <span class="p">(</span><span class="s2">"cert.pem"</span><span class="p">,</span> <span class="s2">"key.pem"</span><span class="p">)]</span> <span class="n">xml_obj</span> <span class="o">=</span> <span class="n">ET</span><span class="o">.</span><span class="n">fromstring</span><span class="p">(</span><span class="s2">"&lt;Test/&gt;"</span><span class="p">)</span> <span class="n">signed_xml_obj</span> <span class="o">=</span> <span class="n">XMLSigner</span><span class="p">()</span><span class="o">.</span><span class="n">sign</span><span class="p">(</span><span class="n">xml_obj</span><span class="p">,</span> <span class="n">key</span><span class="o">=</span><span class="n">key</span><span class="p">)</span> <span class="n">data_serialized</span> <span class="o">=</span> <span class="n">lxml_ET</span><span class="o">.</span><span class="n">tostring</span><span class="p">(</span><span class="n">signed_xml_obj</span><span class="p">)</span> <span class="c1"># Sending the data...</span> <span class="n">XMLVerifier</span><span class="p">()</span><span class="o">.</span><span class="n">verify</span><span class="p">(</span><span class="n">data_serialized</span><span class="p">,</span> <span class="n">x509_cert</span><span class="o">=</span><span class="n">cert</span><span class="p">)</span> </pre> <p>The moment of happiness, this works. Simple?</p> <p>Good if this works for you. But we are sending the serialized XML somewhere faraway and the receiver might first deserialize it, and verify the signature after that on a deserialized version. (Which is not smart, but is probably out of your control.) And do it with ElementTree.</p> <pre class="code literal-block"><span></span><span class="kn">from</span> <span class="nn">lxml</span> <span class="kn">import</span> <span class="n">etree</span> <span class="k">as</span> <span class="n">lxml_ET</span> <span class="kn">from</span> <span class="nn">xml.etree</span> <span class="kn">import</span> <span class="n">ElementTree</span> <span class="k">as</span> <span class="n">ET</span> <span class="kn">from</span> <span class="nn">signxml</span> <span class="kn">import</span> <span class="n">XMLSigner</span><span class="p">,</span> <span class="n">XMLVerifier</span> <span class="n">cert</span><span class="p">,</span> <span class="n">key</span> <span class="o">=</span> <span class="p">[</span><span class="nb">open</span><span class="p">(</span><span class="n">f</span><span class="p">,</span> <span class="s2">"rb"</span><span class="p">)</span><span class="o">.</span><span class="n">read</span><span class="p">()</span> <span class="k">for</span> <span class="n">f</span> <span class="ow">in</span> <span class="p">(</span><span class="s2">"cert.pem"</span><span class="p">,</span> <span class="s2">"key.pem"</span><span class="p">)]</span> <span class="n">xml_obj</span> <span class="o">=</span> <span class="n">ET</span><span class="o">.</span><span class="n">fromstring</span><span class="p">(</span><span class="s2">"&lt;Test/&gt;"</span><span class="p">)</span> <span class="n">signed_xml_obj</span> <span class="o">=</span> <span class="n">XMLSigner</span><span class="p">()</span><span class="o">.</span><span class="n">sign</span><span class="p">(</span><span class="n">xml_obj</span><span class="p">,</span> <span class="n">key</span><span class="o">=</span><span class="n">key</span><span class="p">)</span> <span class="n">data_serialized</span> <span class="o">=</span> <span class="n">lxml_ET</span><span class="o">.</span><span class="n">tostring</span><span class="p">(</span><span class="n">signed_xml_obj</span><span class="p">)</span> <span class="c1"># Sending the data...</span> <span class="n">data_parsed</span> <span class="o">=</span> <span class="n">ET</span><span class="o">.</span><span class="n">fromstring</span><span class="p">(</span><span class="n">data_serialized</span><span class="p">)</span> <span class="n">XMLVerifier</span><span class="p">()</span><span class="o">.</span><span class="n">verify</span><span class="p">(</span><span class="n">data_parsed</span><span class="p">,</span> <span class="n">x509_cert</span><span class="o">=</span><span class="n">cert</span><span class="p">)</span> </pre> <p>And this fails with the same <code>InvalidSignature</code>. Bump. Now reading the instructions does not help.</p> <h3>Debugging starts</h3> <p>We can check that the string representation of our <strong>signed</strong> data "looks right" (although you never can be sure with the XML). Compare it to <code>ElementTree.tostring(data_parsed)</code> to note that they are not identical. We do not know yet what is inside ElementTree object, but in its serialized string the signature will fail:</p> <p>Sent string:</p> <pre class="code literal-block"><span></span><span class="nt">&lt;Test&gt;&lt;ds:Signature</span> <span class="na">xmlns:ds=</span><span class="s">"http://www.w3.org/2000/09/xmldsig#"</span><span class="nt">&gt;&lt;ds:SignedInfo&gt;&lt;ds:CanonicalizationMethod</span> <span class="na">Algorithm=</span><span class="s">"http://www.w3.org/2006/12/xml-c14n11"</span><span class="nt">/&gt;&lt;ds:SignatureMethod</span> <span class="na">Algorithm=</span><span class="s">"http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"</span><span class="nt">/&gt;&lt;ds:Reference</span> <span class="na">URI=</span><span class="s">""</span><span class="nt">&gt;&lt;ds:Transforms&gt;&lt;ds:Transform</span> <span class="na">Algorithm=</span><span class="s">"http://www.w3.org/2000/09/xmldsig#enveloped-signature"</span><span class="nt">/&gt;&lt;ds:Transform</span> <span class="na">Algorithm=</span><span class="s">"http://www.w3.org/2006/12/xml-c14n11"</span><span class="nt">/&gt;&lt;/ds:Transforms&gt;&lt;ds:DigestMethod</span> <span class="na">Algorithm=</span><span class="s">"http://www.w3.org/2001/04/xmlenc#sha256"</span><span class="nt">/&gt;&lt;ds:DigestValue&gt;</span>KP3ncf09YSgkeTt+i4PR+W0AMvUTo7M8gu0z15piPMc=<span class="nt">&lt;/ds:DigestValue&gt;</span>.... </pre> <p>De-serialized ElementTree object:</p> <pre class="code literal-block"><span></span><span class="nt">&lt;Test</span> <span class="na">xmlns:ns0=</span><span class="s">"http://www.w3.org/2000/09/xmldsig#"</span><span class="nt">&gt;&lt;ns0:Signature&gt;&lt;ns0:SignedInfo&gt;&lt;ns0:CanonicalizationMethod</span> <span class="na">Algorithm=</span><span class="s">"http://www.w3.org/2006/12/xml-c14n11"</span> <span class="nt">/&gt;&lt;ns0:SignatureMethod</span> <span class="na">Algorithm=</span><span class="s">"http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"</span> <span class="nt">/&gt;&lt;ns0:Reference</span> <span class="na">URI=</span><span class="s">""</span><span class="nt">&gt;&lt;ns0:Transforms&gt;&lt;ns0:Transform</span> <span class="na">Algorithm=</span><span class="s">"http://www.w3.org/2000/09/xmldsig#enveloped-signature"</span> <span class="nt">/&gt;&lt;ns0:Transform</span> <span class="na">Algorithm=</span><span class="s">"http://www.w3.org/2006/12/xml-c14n11"</span> <span class="nt">/&gt;&lt;/ns0:Transforms&gt;&lt;ns0:DigestMethod</span> <span class="na">Algorithm=</span><span class="s">"http://www.w3.org/2001/04/xmlenc#sha256"</span> <span class="nt">/&gt;&lt;ns0:DigestValue&gt;</span>KP3ncf09YSgkeTt+i4PR+W0AMvUTo7M8gu0z15piPMc=<span class="nt">&lt;/ns0:DigestValue&gt;</span>... </pre> <p>So far we see two problems in the string produced from the <code>ElementTree</code> object:</p> <ol> <li>Namespace name <code>ds</code> has been changed to <code>ns0</code>.</li> <li>Its declaration is not under the <code>&lt;Signature&gt;</code> tag, but under the <code>&lt;Test&gt;</code> tag.</li> </ol> <h3>InvalidSignature</h3> <p>The <code>InvalidSignature</code> exception we are getting is caused by the first problem. <code>signxml</code> first does <a href="https://tools.ietf.org/html/rfc3275#section-3.2.2">signature validation</a>, where the signature value (read from the XML string in our case) is calculated over the <code>&lt;SignedInfo&gt;</code> XML element (<em>canonicalized</em>, but we can skip this <strong>complicated</strong> issue for now). <code>&lt;SignedInfo&gt;</code> has changed as <code>ds</code> has been replaced by where-did-it-come-from <code>ns0</code>, so the signature does not match.</p> <p>The solution is <a href="https://docs.python.org/3/library/xml.etree.elementtree.html#xml.etree.ElementTree.register_namespace">register_namespace(prefix, uri)</a> function of <code>ElementTree</code>. Its documentation reads: <em>(...) Tags and attributes in this namespace will be serialized with the given prefix, if at all possible.</em> That's what we need (the author needs to understand why <code>ElementTree</code> is not made to get this from our XML string). The function must be called before verification, not necessarily before the parsing; as the documentation says, <em>(...) any existing mapping for either the given prefix or the namespace URI will be removed.</em></p> <pre class="code literal-block"><span></span><span class="kn">from</span> <span class="nn">lxml</span> <span class="kn">import</span> <span class="n">etree</span> <span class="k">as</span> <span class="n">lxml_ET</span> <span class="kn">from</span> <span class="nn">xml.etree</span> <span class="kn">import</span> <span class="n">ElementTree</span> <span class="k">as</span> <span class="n">ET</span> <span class="kn">from</span> <span class="nn">signxml</span> <span class="kn">import</span> <span class="n">XMLSigner</span><span class="p">,</span> <span class="n">XMLVerifier</span> <span class="n">cert</span><span class="p">,</span> <span class="n">key</span> <span class="o">=</span> <span class="p">[</span><span class="nb">open</span><span class="p">(</span><span class="n">f</span><span class="p">,</span> <span class="s2">"rb"</span><span class="p">)</span><span class="o">.</span><span class="n">read</span><span class="p">()</span> <span class="k">for</span> <span class="n">f</span> <span class="ow">in</span> <span class="p">(</span><span class="s2">"cert.pem"</span><span class="p">,</span> <span class="s2">"key.pem"</span><span class="p">)]</span> <span class="n">xml_obj</span> <span class="o">=</span> <span class="n">ET</span><span class="o">.</span><span class="n">fromstring</span><span class="p">(</span><span class="s2">"&lt;Test/&gt;"</span><span class="p">)</span> <span class="n">signed_xml_obj</span> <span class="o">=</span> <span class="n">XMLSigner</span><span class="p">()</span><span class="o">.</span><span class="n">sign</span><span class="p">(</span><span class="n">xml_obj</span><span class="p">,</span> <span class="n">key</span><span class="o">=</span><span class="n">key</span><span class="p">)</span> <span class="n">data_serialized</span> <span class="o">=</span> <span class="n">lxml_ET</span><span class="o">.</span><span class="n">tostring</span><span class="p">(</span><span class="n">signed_xml_obj</span><span class="p">)</span> <span class="c1"># Sending the data...</span> <span class="n">data_parsed</span> <span class="o">=</span> <span class="n">ET</span><span class="o">.</span><span class="n">fromstring</span><span class="p">(</span><span class="n">data_serialized</span><span class="p">)</span> <span class="n">ET</span><span class="o">.</span><span class="n">register_namespace</span><span class="p">(</span><span class="s2">"ds"</span><span class="p">,</span> <span class="s2">"http://www.w3.org/2000/09/xmldsig#"</span><span class="p">)</span> <span class="n">XMLVerifier</span><span class="p">()</span><span class="o">.</span><span class="n">verify</span><span class="p">(</span><span class="n">data_parsed</span><span class="p">,</span> <span class="n">x509_cert</span><span class="o">=</span><span class="n">cert</span><span class="p">)</span> </pre> <p>Now if we inspect <code>ET.tostring(data_parsed)</code>, we'll see the correct <code>ds</code> namespace in use. The result?</p> <pre class="code literal-block"><span></span><span class="nv">Traceback</span> <span class="ss">(</span><span class="nv">most</span> <span class="nv">recent</span> <span class="k">call</span> <span class="nl">last</span><span class="ss">)</span>: <span class="nv">File</span> <span class="s2">"</span><span class="s">1.py</span><span class="s2">"</span>, <span class="nv">line</span> <span class="mi">15</span>, <span class="nv">in</span> <span class="o">&lt;</span><span class="nv">module</span><span class="o">&gt;</span> <span class="nv">XMLVerifier</span><span class="ss">()</span>.<span class="nv">verify</span><span class="ss">(</span><span class="nv">data_parsed</span>, <span class="nv">x509_cert</span><span class="o">=</span><span class="nv">cert</span><span class="ss">)</span> <span class="nv">File</span> <span class="s2">"</span><span class="s">/path/to/python3.6/site-packages/signxml/__init__.py</span><span class="s2">"</span>, <span class="nv">line</span> <span class="mi">765</span>, <span class="nv">in</span> <span class="nv">verify</span> <span class="nv">raise</span> <span class="nv">InvalidDigest</span><span class="ss">(</span><span class="s2">"</span><span class="s">Digest mismatch for reference {}</span><span class="s2">"</span>.<span class="nv">format</span><span class="ss">(</span><span class="nv">len</span><span class="ss">(</span><span class="nv">verify_results</span><span class="ss">)))</span> <span class="nv">signxml</span>.<span class="nv">exceptions</span>.<span class="nv">InvalidDigest</span>: <span class="nv">Digest</span> <span class="nv">mismatch</span> <span class="k">for</span> <span class="nv">reference</span> <span class="mi">0</span> </pre> <h3>InvalidDigest</h3> <p>Now <code>signxml</code> has successfully verified <code>&lt;SignatureValue&gt;</code> over the <code>&lt;SignedInfo&gt;</code> (in <em>canonicalized</em> form, but again we may skip this topic for now). The "digest mismatch", about which <code>signxml</code> is complaining now, is between the calculated digest over the <strong>original XML document</strong> (in canonicalized form...) and the digest string read from the <code>&lt;DigestValue&gt;</code> element under the <code>&lt;Signagure&gt;</code>. It is caused by the "Problem 2" mentioned above. <code>DigestValue</code> is <code>KP3ncf09YSgkeTt+i4PR+W0AMvUTo7M8gu0z15piPMc=</code>, and it was, in fact, made over the string <code>&lt;Test&gt;&lt;/Test&gt;</code>:</p> <pre class="code literal-block"><span></span>$ echo -n '<span class="nt">&lt;Test&gt;&lt;/Test&gt;</span>' | openssl sha256 -binary | base64 KP3ncf09YSgkeTt+i4PR+W0AMvUTo7M8gu0z15piPMc= </pre> <p>But in the deserialized ElementTree object the XML string became <code>&lt;Test xmlns:ds="http://www.w3.org/2000/09/xmldsig#"&gt;&lt;/Test&gt;</code>, which of course produces a different SHA-256 digest. It is possible to see (with a debugger) that <code>verify()</code> tries to match the digest of <strong>this</strong> string.</p> <p>Such modification of the original XML looks like result of some of <em>canonicalization</em> transforms, but I have not found it in the specs. The <a href="https://www.w3.org/TR/xml-c14n11/#Example-SETags">examples given</a> show that the namespace declarations are not moved out of the tag inside which they are used.</p> <p>If we want the receiver of our XML string to be able to parse it with ElementTree and then to successfully verify, we have no other option but to sign exactly such string. I.e. we must produce such argument for <code>sign()</code> which, when canonicalized, produces the string <code>&lt;Test xmlns:ds="http://www.w3.org/2000/09/xmldsig#"&gt;&lt;/Test&gt;</code>.</p> <p>Understanding how to do this requires knowledge about how ElementTree stores its XML objects. What is important here is that it represents namespaces by string prefixes of the tags under them. Because of this, if we only <strong>declare</strong> a namespace, it will not be saved. We must create some elements under this namespace <strong>and</strong> call <code>register_namespace()</code>. Let's create element <code>ds:foo</code>. To be valid XML, the string must represent just one root XML element, so add an element <code>&lt;wrapper&gt;</code>:</p> <pre class="code literal-block"><span></span><span class="kn">from</span> <span class="nn">lxml</span> <span class="kn">import</span> <span class="n">etree</span> <span class="k">as</span> <span class="n">lxml_ET</span> <span class="kn">from</span> <span class="nn">xml.etree</span> <span class="kn">import</span> <span class="n">ElementTree</span> <span class="k">as</span> <span class="n">ET</span> <span class="kn">from</span> <span class="nn">signxml</span> <span class="kn">import</span> <span class="n">XMLSigner</span><span class="p">,</span> <span class="n">XMLVerifier</span> <span class="n">cert</span><span class="p">,</span> <span class="n">key</span> <span class="o">=</span> <span class="p">[</span><span class="nb">open</span><span class="p">(</span><span class="n">f</span><span class="p">,</span> <span class="s2">"rb"</span><span class="p">)</span><span class="o">.</span><span class="n">read</span><span class="p">()</span> <span class="k">for</span> <span class="n">f</span> <span class="ow">in</span> <span class="p">(</span><span class="s2">"cert.pem"</span><span class="p">,</span> <span class="s2">"key.pem"</span><span class="p">)]</span> <span class="n">ET</span><span class="o">.</span><span class="n">register_namespace</span><span class="p">(</span><span class="s2">"ds"</span><span class="p">,</span> <span class="s2">"http://www.w3.org/2000/09/xmldsig#"</span><span class="p">)</span> <span class="n">xml_obj</span> <span class="o">=</span> <span class="n">ET</span><span class="o">.</span><span class="n">fromstring</span><span class="p">(</span><span class="s2">"&lt;wrapper&gt;&lt;ds:foo xmlns:ds=</span><span class="se">\"</span><span class="s2">http://www.w3.org/2000/09/xmldsig#</span><span class="se">\"</span><span class="s2">/&gt;&lt;Test/&gt;&lt;/wrapper&gt;"</span><span class="p">)</span> <span class="n">signed_xml_obj</span> <span class="o">=</span> <span class="n">XMLSigner</span><span class="p">()</span><span class="o">.</span><span class="n">sign</span><span class="p">(</span><span class="n">xml_obj</span><span class="p">,</span> <span class="n">key</span><span class="o">=</span><span class="n">key</span><span class="p">)</span> <span class="n">data_serialized</span> <span class="o">=</span> <span class="n">lxml_ET</span><span class="o">.</span><span class="n">tostring</span><span class="p">(</span><span class="n">signed_xml_obj</span><span class="p">)</span> <span class="c1"># Sending the data...</span> <span class="n">data_parsed</span> <span class="o">=</span> <span class="n">ET</span><span class="o">.</span><span class="n">fromstring</span><span class="p">(</span><span class="n">data_serialized</span><span class="p">)</span> <span class="n">XMLVerifier</span><span class="p">()</span><span class="o">.</span><span class="n">verify</span><span class="p">(</span><span class="n">data_parsed</span><span class="p">,</span> <span class="n">x509_cert</span><span class="o">=</span><span class="n">cert</span><span class="p">)</span> </pre> <p>Now the <code>ds</code> namespace is available in the ElementTree object passed to <code>sign()</code>. When <code>sign()</code> is called, it performs <strong>canonicalization</strong> which puts the namespace declaration for <code>ds</code> under the first tag in the document. Addition of the signature, which brings in this namespace, already does not change anything inside our <code>&lt;Test&gt;</code> element.</p> <h3>Almost Done</h3> <p>The signagure verifies, but we have added content to the XML we are signing - and also signed it! <code>verify().signed_data</code> will return the content with our additions. Probably, software which signs things (even XML) with <strong>such</strong> side effects would not gain wide acceptance :-)</p> <p>This is solved - by luck or by intention - with the possibility provided by <code>signxml</code> to specify the location of the enveloped signature. As the <a href="https://signxml.readthedocs.io/en/latest/#signxml.XMLSigner">documentation</a> says,</p> <blockquote> <p>To specify the location of an enveloped signature within data, insert a <signature id="placeholder"></signature> element in data (where “ds” is the “http://www.w3.org/2000/09/xmldsig#” namespace). This element will be replaced by the generated signature, and excised when generating the digest.</p> </blockquote> <p>Such insert will introduce the <code>ds</code> namespace into the <code>xml_obj</code>, but no any new elements outside of the <code>&lt;ds:Signature&gt;</code> element. So we'll not add anything to the content which is signed.</p> <p><a name="tldr"></a></p> <pre class="code literal-block"><span></span><span class="kn">from</span> <span class="nn">lxml</span> <span class="kn">import</span> <span class="n">etree</span> <span class="k">as</span> <span class="n">lxml_ET</span> <span class="kn">from</span> <span class="nn">xml.etree</span> <span class="kn">import</span> <span class="n">ElementTree</span> <span class="k">as</span> <span class="n">ET</span> <span class="kn">from</span> <span class="nn">signxml</span> <span class="kn">import</span> <span class="n">XMLSigner</span><span class="p">,</span> <span class="n">XMLVerifier</span> <span class="n">cert</span><span class="p">,</span> <span class="n">key</span> <span class="o">=</span> <span class="p">[</span><span class="nb">open</span><span class="p">(</span><span class="n">f</span><span class="p">,</span> <span class="s2">"rb"</span><span class="p">)</span><span class="o">.</span><span class="n">read</span><span class="p">()</span> <span class="k">for</span> <span class="n">f</span> <span class="ow">in</span> <span class="p">(</span><span class="s2">"cert.pem"</span><span class="p">,</span> <span class="s2">"key.pem"</span><span class="p">)]</span> <span class="n">ET</span><span class="o">.</span><span class="n">register_namespace</span><span class="p">(</span><span class="s2">"ds"</span><span class="p">,</span> <span class="s2">"http://www.w3.org/2000/09/xmldsig#"</span><span class="p">)</span> <span class="n">xml_obj</span> <span class="o">=</span> <span class="n">ET</span><span class="o">.</span><span class="n">fromstring</span><span class="p">(</span><span class="s2">"&lt;Test&gt;&lt;ds:Signature xmlns:ds=</span><span class="se">\"</span><span class="s2">http://www.w3.org/2000/09/xmldsig#</span><span class="se">\"</span><span class="s2"> Id=</span><span class="se">\"</span><span class="s2">placeholder</span><span class="se">\"</span><span class="s2">&gt;&lt;/ds:Signature&gt;&lt;/Test&gt;"</span><span class="p">)</span> <span class="n">signed_xml_obj</span> <span class="o">=</span> <span class="n">XMLSigner</span><span class="p">()</span><span class="o">.</span><span class="n">sign</span><span class="p">(</span><span class="n">xml_obj</span><span class="p">,</span> <span class="n">key</span><span class="o">=</span><span class="n">key</span><span class="p">)</span> <span class="n">data_serialized</span> <span class="o">=</span> <span class="n">lxml_ET</span><span class="o">.</span><span class="n">tostring</span><span class="p">(</span><span class="n">signed_xml_obj</span><span class="p">)</span> <span class="c1"># Sending the data...</span> <span class="n">data_parsed</span> <span class="o">=</span> <span class="n">ET</span><span class="o">.</span><span class="n">fromstring</span><span class="p">(</span><span class="n">data_serialized</span><span class="p">)</span> <span class="n">XMLVerifier</span><span class="p">()</span><span class="o">.</span><span class="n">verify</span><span class="p">(</span><span class="n">data_parsed</span><span class="p">,</span> <span class="n">x509_cert</span><span class="o">=</span><span class="n">cert</span><span class="p">)</span> </pre> <p>Such signed serialized data can be also parsed by <code>lxml.etree</code> and successfully verified.</p> <p>Do not forget that if the receiver is using ElementTree, they must call <code>ElementTree.register_namespace("ds", "http://www.w3.org/2000/09/xmldsig#")</code> before calling <code>XMLSigner().verify()</code>.</p> <h3>Afterword</h3> <p>After reading this post, you should have no doubts that <a href="http://www.cs.auckland.ac.nz/~pgut001/pubs/xmlsec.txt">XML signing is broken</a>.</p></div>PythonsignatureXMLhttps://technotes.shemyak.com/posts/xml-signatures-and-python-elementtree/Sun, 16 Jun 2019 13:00:00 GMT