-
-
Notifications
You must be signed in to change notification settings - Fork 110
WIP: xades (ETSI) implementation #139
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Conversation
@kislyuk Maybe you can quickly validate if this goes into the right direction (on a general understanding of the matter), having Schemata & References added. Link: https://github.com/xoe-labs/signxml/tree/master/signxml/xades |
I plan to use the |
- sign (params) vs _sign (option struct) interface - high level element sceleton - legacy mode ETSI TS 101 903 [i.2] - level concept
Codecov Report
@@ Coverage Diff @@
## master #139 +/- ##
=======================================
Coverage 94.42% 94.42%
=======================================
Files 3 3
Lines 592 592
=======================================
Hits 559 559
Misses 33 33 Continue to review full report at Codecov.
|
Nice, take a look at https://github.com/m32/endesive/tree/master/endesive/xades |
@mileo nice, thanks. Why do you use |
@blaggacao i'm not the author of endevise but you can ask it to @m32. If he don't answer it, i can help you to check why. Best regards |
@blaggacao nice work, so its possible add what type of XADES are implementing on this PR ? i am available to work together. |
@mileo thanks, I understand. Don't mind, I'll have it on the radar anyhow. Once I know the answer, I'll post back. @ovnicraft, I'm planning to implement all XAdES baseline signature levels. And provide some kind of extensibility to work with extended signatures (such as BES, EPES and others). Implementation of extended signatures often depend on the concrete policy adopted, so some kind of hook might be best. |
I need the base64 encoded DER representation of ASN.1 IssuerSerial type as defined in https://www.ietf.org/rfc/rfc5035.txt Can anyone help me out how to produce this struct and how to DER encode it afterwards (in python)? I've seen OpenSSL 3.0, once released, will have support for this struct, but that's not yet available. |
Maybe links to help:
Last one IMO has a API to read serial from cert with one func, then could be encoded with asn1. |
a0ae0e3
to
c8b8c98
Compare
@blaggacao the code overall looks good and I would encourage you to finish the PR if you can. The links from @ovnicraft seem sufficient to answer your most recent question. Also, the dependency version ranges are set specifically to match versions of binary packagess available in Ubuntu 18.04, please don't change them unless you have a specific reason. Thanks for your work on this. |
@kislyuk Thanks for your feedback. We'll be pushing this until a basic implementation serves our underlying use case. Once we are there, and after some polishing, I'd ping you again for some final code review. Somewhere early next year. Sorry for the deps, that might have been github's dependabot. Should be easily revertable. @Deiber for such and review reasons, please care not to force push, even if it's your branch. We can squash later without problem into a clean git history. Our commit msg standards shall not apply until that squash, no worries 😉 |
11df64e
to
553a39f
Compare
Hi, Thanks all who put some efforts on this work. We are at planning phase and explorint the alternatives. We need some software to sign xml documents using xades and we prefer to contribute it to a well maintaned librarly than developing a custom solution. Reggards |
Hi @pokoli I'm completely disengaged with this PR and it's basicalky unmaintained. Hence, feel free to take and own it. That would be a more than satisfactory outcome of this PR. |
@pokoli sound great, also I opened this xoe-labs#1, adding some info needed. |
Hi, I just updated the current PR to current develop branch and make the test suite pass. I guess I will need to create a xades folder in the I see there is no documentation about how to run the xades signing. I think it will be great to include any. Can someone that already worked on such PR provide some example so I can include it (without reverse enginering the code). Thanks in advance. |
BTW: I pushed my work to https://github.com/pokoli/signxml/tree/xades I prefered to not create a new one until not requested. Maybe someone can give me access to the exsiting branch so I can update it or maybe the maintainers should update the branch of the pull request. In any case, let me know if something from my side is missing. |
I pushed new work which contains some basic testing and adapted the PR to latest tip functionalities. |
@pokoli great so can you open a new PR and link this one for the record, we can continue review and tests on yours. |
@pokoli Also about your code an DER-instance for types you can check this code https://github.com/xoe-labs/signxml/pull/1/files and re used to complete the job :) |
I had some time to continue working on it.. I've tested on a Electronic document signed with Xades and XMLVerify is capable of verifing it. But I'm not able to verify my own document on the tests suite: If I sue the
but if I remove such argument I get:
Is expected to use the x509_cert argument in tests? Or how should I validate the signed document? |
@ovnicraft Could you rebase your PR into my branch (https://github.com/pokoli/signxml/tree/xades) I will createa a new PR with my work in the following days. So it will be great to include you work also here. |
7a5c538
to
6baf513
Compare
6b21a86
to
6879c98
Compare
Thanks everyone for your work on this PR. XAdES support was added in v3.0.0 using a different code structure. Please test v3.0.0 and let us know whether it suits your needs. |
* kindly require patreon / sponsorship
Closes #90