From 076ca34bf367e6dd796e6124e7d3d843510026c8 Mon Sep 17 00:00:00 2001 From: "AzureAD\\KimBeelenInfiniot" Date: Thu, 20 Mar 2025 10:50:48 +0100 Subject: [PATCH 01/13] changed signature algorithm to ecdsa-sha256 Signed-off-by: kimbeelen --- openleadr/messaging.py | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/openleadr/messaging.py b/openleadr/messaging.py index 5663fe1..1a16090 100644 --- a/openleadr/messaging.py +++ b/openleadr/messaging.py @@ -31,7 +31,9 @@ logger = logging.getLogger('openleadr') SIGNER = XMLSigner(method=methods.detached, - c14n_algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315") + c14n_algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315", + signature_algorithm="ecdsa-sha256") +print("hello from messaging CHANGED MESSAGE") SIGNER.namespaces['oadr'] = "http://openadr.org/oadr-2.0b/2012/07" VERIFIER = XMLVerifier() From 8fbe046845aac1218236aed2ea5e1fd38b1c9440 Mon Sep 17 00:00:00 2001 From: "AzureAD\\KimBeelenInfiniot" Date: Wed, 26 Mar 2025 15:29:25 +0100 Subject: [PATCH 02/13] Added function to derive signature algorithm based on RSA, DSA and EC keys. Signed-off-by: kimbeelen --- openleadr/messaging.py | 29 ++++++++++++++++++++++++++--- 1 file changed, 26 insertions(+), 3 deletions(-) diff --git a/openleadr/messaging.py b/openleadr/messaging.py index 1a16090..5d5a541 100644 --- a/openleadr/messaging.py +++ b/openleadr/messaging.py @@ -23,6 +23,8 @@ from openleadr import errors from datetime import datetime, timezone, timedelta import os +from signxml.algorithms import SignatureMethod +from cryptography.hazmat.primitives import serialization from openleadr import utils from .preflight import preflight_message @@ -31,9 +33,7 @@ logger = logging.getLogger('openleadr') SIGNER = XMLSigner(method=methods.detached, - c14n_algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315", - signature_algorithm="ecdsa-sha256") -print("hello from messaging CHANGED MESSAGE") + c14n_algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315") SIGNER.namespaces['oadr'] = "http://openadr.org/oadr-2.0b/2012/07" VERIFIER = XMLVerifier() @@ -64,6 +64,28 @@ def parse_message(data): return message_type, message_payload +def get_signature_algorithm(key_data, default_algorithm="rsa-sha256"): + """ + Derive the signature algorithm based on the key type. Accepted key types are EC, DSA and RSA keys. + Returns a string that can be used to lookup a signature algorithm by fragment. + If key is not EC or DSA, the lookup will return rsa-sha256, which is the default signature algorithm + for XMLSigner objects. + """ + try: + key = serialization.load_pem_private_key(key_data, password=None) + except ValueError: + try: + key = serialization.load_der_private_key(key_data, password=None) + except ValueError: + logger.warning(f"Could not load key: unknown key type.") + key_type = str(type(key)).lower() + if "ec" in key_type and hasattr(key, "curve"): + return "ecdsa-sha3-256" + elif "dsa" in key_type: + return "dsa-sha256" + + return default_algorithm + def create_message(message_type, cert=None, key=None, passphrase=None, disable_signature=False, **message_payload): """ Create and optionally sign an OpenADR message. Returns an XML string. @@ -74,6 +96,7 @@ def create_message(message_type, cert=None, key=None, passphrase=None, disable_s envelope = TEMPLATES.get_template('oadrPayload.xml') if cert and key and not disable_signature: tree = etree.fromstring(signed_object) + SIGNER.sign_alg = SignatureMethod.from_fragment(get_signature_algorithm(key)) signature_tree = SIGNER.sign(tree, key=key, cert=cert, From aea98ad38ba4c527687e6506e24ae11b57f12553 Mon Sep 17 00:00:00 2001 From: "AzureAD\\KimBeelenInfiniot" Date: Thu, 27 Mar 2025 09:10:18 +0100 Subject: [PATCH 03/13] Split get_signature_algorithm into three separate functions. Signed-off-by: kimbeelen --- openleadr/messaging.py | 52 ++++++++++++++++++++++++++++++++---------- 1 file changed, 40 insertions(+), 12 deletions(-) diff --git a/openleadr/messaging.py b/openleadr/messaging.py index 5d5a541..10770dc 100644 --- a/openleadr/messaging.py +++ b/openleadr/messaging.py @@ -25,6 +25,7 @@ import os from signxml.algorithms import SignatureMethod from cryptography.hazmat.primitives import serialization +from cryptography.hazmat.primitives.asymmetric import rsa, dsa, ec, ed25519, ed448 from openleadr import utils from .preflight import preflight_message @@ -64,26 +65,53 @@ def parse_message(data): return message_type, message_payload -def get_signature_algorithm(key_data, default_algorithm="rsa-sha256"): +def load_private_key(key_data): """ - Derive the signature algorithm based on the key type. Accepted key types are EC, DSA and RSA keys. - Returns a string that can be used to lookup a signature algorithm by fragment. - If key is not EC or DSA, the lookup will return rsa-sha256, which is the default signature algorithm - for XMLSigner objects. + Load the key based on key data. .pem and .der keys can be loaded. + Returns a private key object. """ + with open(key_data, "rb") as f: + key_data = f.read() try: key = serialization.load_pem_private_key(key_data, password=None) except ValueError: try: key = serialization.load_der_private_key(key_data, password=None) except ValueError: - logger.warning(f"Could not load key: unknown key type.") - key_type = str(type(key)).lower() - if "ec" in key_type and hasattr(key, "curve"): - return "ecdsa-sha3-256" - elif "dsa" in key_type: + logger.warning(f"Could not load key: unknown key file format.") + return key + +def get_private_key_type(key): + """ + Determine the type of the key. ED25519 and ED448 are not supported by SignXML so these are rejected. + """ + if isinstance(key, rsa.RSAPrivateKey): + return "rsa" + elif isinstance(key, dsa.DSAPrivateKey): + return "dsa" + elif isinstance(key, ec.EllipticCurvePrivateKey): + return "ec" + elif isinstance(key, ed25519.Ed25519PrivateKey): + logger.warning("ED25519 keys are not supported") + elif isinstance(key, ed448.Ed448PrivateKey): + logger.warning("ED448 keys are not supported") + logger.warning("Unknown key type.") + + +def get_signature_algorithm_from_private_key(key_data, default_algorithm="rsa-sha256"): + """ + Derive a signature algorithm based on the private key type. Accepted key types are EC, DSA and RSA keys. + Returns a string that can be used to lookup a signature algorithm by fragment. + By default the lookup will return rsa-sha256, which is the default signature algorithm for XMLSigner objects. + """ + key = load_private_key(key_data) + key_type = get_private_key_type(key) + if key_type == "rsa": + return "rsa-sha256" + elif key_type == "dsa": return "dsa-sha256" - + elif key_type == "ec": + return "ecdsa-sha3-256" return default_algorithm def create_message(message_type, cert=None, key=None, passphrase=None, disable_signature=False, **message_payload): @@ -96,7 +124,7 @@ def create_message(message_type, cert=None, key=None, passphrase=None, disable_s envelope = TEMPLATES.get_template('oadrPayload.xml') if cert and key and not disable_signature: tree = etree.fromstring(signed_object) - SIGNER.sign_alg = SignatureMethod.from_fragment(get_signature_algorithm(key)) + SIGNER.sign_alg = SignatureMethod.from_fragment(get_signature_algorithm_from_private_key(key)) signature_tree = SIGNER.sign(tree, key=key, cert=cert, From 65c8e07f16a1272e6bb0d7fd83299fb704adc0df Mon Sep 17 00:00:00 2001 From: "AzureAD\\KimBeelenInfiniot" Date: Thu, 27 Mar 2025 09:15:15 +0100 Subject: [PATCH 04/13] Fixed key load error Signed-off-by: kimbeelen --- openleadr/messaging.py | 2 -- 1 file changed, 2 deletions(-) diff --git a/openleadr/messaging.py b/openleadr/messaging.py index 10770dc..6c89ceb 100644 --- a/openleadr/messaging.py +++ b/openleadr/messaging.py @@ -70,8 +70,6 @@ def load_private_key(key_data): Load the key based on key data. .pem and .der keys can be loaded. Returns a private key object. """ - with open(key_data, "rb") as f: - key_data = f.read() try: key = serialization.load_pem_private_key(key_data, password=None) except ValueError: From 1f03771c06b10f3557ded128c983baf109400f55 Mon Sep 17 00:00:00 2001 From: "AzureAD\\KimBeelenInfiniot" Date: Thu, 27 Mar 2025 09:19:06 +0100 Subject: [PATCH 05/13] Create SIGNER in create_message to avoid thread conflicts in case of different key types Signed-off-by: kimbeelen --- openleadr/messaging.py | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/openleadr/messaging.py b/openleadr/messaging.py index 6c89ceb..3ddad26 100644 --- a/openleadr/messaging.py +++ b/openleadr/messaging.py @@ -33,9 +33,6 @@ import logging logger = logging.getLogger('openleadr') -SIGNER = XMLSigner(method=methods.detached, - c14n_algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315") -SIGNER.namespaces['oadr'] = "http://openadr.org/oadr-2.0b/2012/07" VERIFIER = XMLVerifier() XML_SCHEMA_LOCATION = os.path.join(os.path.dirname(__file__), 'schema', 'oadr_20b.xsd') @@ -122,6 +119,9 @@ def create_message(message_type, cert=None, key=None, passphrase=None, disable_s envelope = TEMPLATES.get_template('oadrPayload.xml') if cert and key and not disable_signature: tree = etree.fromstring(signed_object) + SIGNER = XMLSigner(method=methods.detached, + c14n_algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315") + SIGNER.namespaces['oadr'] = "http://openadr.org/oadr-2.0b/2012/07" SIGNER.sign_alg = SignatureMethod.from_fragment(get_signature_algorithm_from_private_key(key)) signature_tree = SIGNER.sign(tree, key=key, From ce2d4e631378b15bb5828ba32fd7c6d46fc47bae Mon Sep 17 00:00:00 2001 From: "AzureAD\\KimBeelenInfiniot" Date: Thu, 27 Mar 2025 09:26:47 +0100 Subject: [PATCH 06/13] Added functionality for passing passphrase for encrypted keys Signed-off-by: kimbeelen --- openleadr/messaging.py | 13 +++++++------ 1 file changed, 7 insertions(+), 6 deletions(-) diff --git a/openleadr/messaging.py b/openleadr/messaging.py index 3ddad26..030b2a2 100644 --- a/openleadr/messaging.py +++ b/openleadr/messaging.py @@ -62,16 +62,17 @@ def parse_message(data): return message_type, message_payload -def load_private_key(key_data): +def load_private_key(key_data, passphrase=None): """ Load the key based on key data. .pem and .der keys can be loaded. Returns a private key object. """ + passphrase_bytes = passphrase.encode() if passphrase else None try: - key = serialization.load_pem_private_key(key_data, password=None) + key = serialization.load_pem_private_key(key_data, passphrase_bytes) except ValueError: try: - key = serialization.load_der_private_key(key_data, password=None) + key = serialization.load_der_private_key(key_data, passphrase_bytes) except ValueError: logger.warning(f"Could not load key: unknown key file format.") return key @@ -93,13 +94,13 @@ def get_private_key_type(key): logger.warning("Unknown key type.") -def get_signature_algorithm_from_private_key(key_data, default_algorithm="rsa-sha256"): +def get_signature_algorithm_from_private_key(key_data, passphrase=None, default_algorithm="rsa-sha256"): """ Derive a signature algorithm based on the private key type. Accepted key types are EC, DSA and RSA keys. Returns a string that can be used to lookup a signature algorithm by fragment. By default the lookup will return rsa-sha256, which is the default signature algorithm for XMLSigner objects. """ - key = load_private_key(key_data) + key = load_private_key(key_data, passphrase) key_type = get_private_key_type(key) if key_type == "rsa": return "rsa-sha256" @@ -122,7 +123,7 @@ def create_message(message_type, cert=None, key=None, passphrase=None, disable_s SIGNER = XMLSigner(method=methods.detached, c14n_algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315") SIGNER.namespaces['oadr'] = "http://openadr.org/oadr-2.0b/2012/07" - SIGNER.sign_alg = SignatureMethod.from_fragment(get_signature_algorithm_from_private_key(key)) + SIGNER.sign_alg = SignatureMethod.from_fragment(get_signature_algorithm_from_private_key(key, passphrase)) signature_tree = SIGNER.sign(tree, key=key, cert=cert, From 739c0ec6ffd36d36fe9b0f244254ff5736c698b1 Mon Sep 17 00:00:00 2001 From: "AzureAD\\KimBeelenInfiniot" Date: Thu, 27 Mar 2025 10:54:41 +0100 Subject: [PATCH 07/13] Simplified code Signed-off-by: kimbeelen --- openleadr/messaging.py | 28 ++++++++-------------------- 1 file changed, 8 insertions(+), 20 deletions(-) diff --git a/openleadr/messaging.py b/openleadr/messaging.py index 030b2a2..c55f705 100644 --- a/openleadr/messaging.py +++ b/openleadr/messaging.py @@ -77,22 +77,6 @@ def load_private_key(key_data, passphrase=None): logger.warning(f"Could not load key: unknown key file format.") return key -def get_private_key_type(key): - """ - Determine the type of the key. ED25519 and ED448 are not supported by SignXML so these are rejected. - """ - if isinstance(key, rsa.RSAPrivateKey): - return "rsa" - elif isinstance(key, dsa.DSAPrivateKey): - return "dsa" - elif isinstance(key, ec.EllipticCurvePrivateKey): - return "ec" - elif isinstance(key, ed25519.Ed25519PrivateKey): - logger.warning("ED25519 keys are not supported") - elif isinstance(key, ed448.Ed448PrivateKey): - logger.warning("ED448 keys are not supported") - logger.warning("Unknown key type.") - def get_signature_algorithm_from_private_key(key_data, passphrase=None, default_algorithm="rsa-sha256"): """ @@ -101,15 +85,19 @@ def get_signature_algorithm_from_private_key(key_data, passphrase=None, default_ By default the lookup will return rsa-sha256, which is the default signature algorithm for XMLSigner objects. """ key = load_private_key(key_data, passphrase) - key_type = get_private_key_type(key) - if key_type == "rsa": + if isinstance(key, rsa.RSAPrivateKey): return "rsa-sha256" - elif key_type == "dsa": + elif isinstance(key, dsa.DSAPrivateKey): return "dsa-sha256" - elif key_type == "ec": + elif isinstance(key, ec.EllipticCurvePrivateKey): return "ecdsa-sha3-256" + elif isinstance(key, ed25519.Ed25519PrivateKey): + logger.warning("ED25519 keys are not supported") + elif isinstance(key, ed448.Ed448PrivateKey): + logger.warning("ED448 keys are not supported") return default_algorithm + def create_message(message_type, cert=None, key=None, passphrase=None, disable_signature=False, **message_payload): """ Create and optionally sign an OpenADR message. Returns an XML string. From 5e81b4cf2f35223f160b596807788c81d93cadf5 Mon Sep 17 00:00:00 2001 From: "AzureAD\\KimBeelenInfiniot" Date: Thu, 27 Mar 2025 11:51:55 +0100 Subject: [PATCH 08/13] Added test for get_signature_algorithm_from_private_key Signed-off-by: kimbeelen --- test/test_signature_algorithms.py | 21 +++++++++++++++++++++ 1 file changed, 21 insertions(+) create mode 100644 test/test_signature_algorithms.py diff --git a/test/test_signature_algorithms.py b/test/test_signature_algorithms.py new file mode 100644 index 0000000..daf8a80 --- /dev/null +++ b/test/test_signature_algorithms.py @@ -0,0 +1,21 @@ +import pytest +from cryptography.hazmat.primitives import serialization +from cryptography.hazmat.primitives.asymmetric import rsa, dsa, ec, ed25519, ed448 +from openleadr.messaging import get_signature_algorithm_from_private_key + + +@pytest.mark.parametrize("key, expected_alg", [ + (rsa.generate_private_key(public_exponent=65537, key_size=2048), "rsa-sha256"), + (dsa.generate_private_key(key_size=2048), "dsa-sha256"), + (ec.generate_private_key(ec.SECP256R1()), "ecdsa-sha3-256"), + (ed25519.Ed25519PrivateKey.generate(), "rsa-sha256"), + (ed448.Ed448PrivateKey.generate(), "rsa-sha256"), +]) +def test_key_type_sign_alg_match(key, expected_alg): + key_encoding = serialization.Encoding.PEM + key_format = serialization.PrivateFormat.PKCS8 + key_encryption_alg = serialization.NoEncryption() + key_bytes = key.private_bytes(key_encoding, key_format, key_encryption_alg) + detected_alg = get_signature_algorithm_from_private_key(key_bytes) + + assert detected_alg == expected_alg, f"Expected {expected_alg} but got {detected_alg}" \ No newline at end of file From 896fdacd42f15c32224469546f3823c453e1729a Mon Sep 17 00:00:00 2001 From: "AzureAD\\KimBeelenInfiniot" Date: Mon, 31 Mar 2025 11:55:32 +0200 Subject: [PATCH 09/13] Updated test structure Signed-off-by: kimbeelen --- openleadr/messaging.py | 10 +++++---- test/test_signature_algorithms.py | 37 +++++++++++++++++++++++-------- 2 files changed, 34 insertions(+), 13 deletions(-) diff --git a/openleadr/messaging.py b/openleadr/messaging.py index c55f705..a5599c4 100644 --- a/openleadr/messaging.py +++ b/openleadr/messaging.py @@ -80,9 +80,11 @@ def load_private_key(key_data, passphrase=None): def get_signature_algorithm_from_private_key(key_data, passphrase=None, default_algorithm="rsa-sha256"): """ - Derive a signature algorithm based on the private key type. Accepted key types are EC, DSA and RSA keys. - Returns a string that can be used to lookup a signature algorithm by fragment. - By default the lookup will return rsa-sha256, which is the default signature algorithm for XMLSigner objects. + Derive a signature algorithm based on the private key type. Returns a string that can be used to lookup + a signature algorithm by fragment. Algorithms are chosen based on NIST recommendations. + + SignXML supports only RSA-, DSA- and EC-based signature methods. As XMLSigner uses RSA_SHA256 as default + signature algorithm, a fragment that results in this algorithm is returned for unsupported keys. """ key = load_private_key(key_data, passphrase) if isinstance(key, rsa.RSAPrivateKey): @@ -90,7 +92,7 @@ def get_signature_algorithm_from_private_key(key_data, passphrase=None, default_ elif isinstance(key, dsa.DSAPrivateKey): return "dsa-sha256" elif isinstance(key, ec.EllipticCurvePrivateKey): - return "ecdsa-sha3-256" + return "ecdsa-sha-256" elif isinstance(key, ed25519.Ed25519PrivateKey): logger.warning("ED25519 keys are not supported") elif isinstance(key, ed448.Ed448PrivateKey): diff --git a/test/test_signature_algorithms.py b/test/test_signature_algorithms.py index daf8a80..d7648eb 100644 --- a/test/test_signature_algorithms.py +++ b/test/test_signature_algorithms.py @@ -1,21 +1,40 @@ import pytest +import warnings from cryptography.hazmat.primitives import serialization from cryptography.hazmat.primitives.asymmetric import rsa, dsa, ec, ed25519, ed448 from openleadr.messaging import get_signature_algorithm_from_private_key -@pytest.mark.parametrize("key, expected_alg", [ - (rsa.generate_private_key(public_exponent=65537, key_size=2048), "rsa-sha256"), - (dsa.generate_private_key(key_size=2048), "dsa-sha256"), - (ec.generate_private_key(ec.SECP256R1()), "ecdsa-sha3-256"), - (ed25519.Ed25519PrivateKey.generate(), "rsa-sha256"), - (ed448.Ed448PrivateKey.generate(), "rsa-sha256"), +def fxn(): + warnings.warn("deprecated", DeprecationWarning) + +with warnings.catch_warnings(action="ignore"): + fxn() + + +test_keys = { + "rsa": rsa.generate_private_key(public_exponent=65537, key_size=2048), + "dsa": dsa.generate_private_key(key_size=2048), + "ec": ec.generate_private_key(ec.SECP256R1()), + "ed25519": ed25519.Ed25519PrivateKey.generate(), + "ed448": ed448.Ed448PrivateKey.generate() +} + + +@pytest.mark.parametrize("key_type, expected_alg", [ + ("rsa", "rsa-sha256"), + ("dsa", "dsa-sha256"), + ("ec", "ecdsa-sha-256"), + ("ed25519", "rsa-sha256"), + ("ed448", "rsa-sha256"), ]) -def test_key_type_sign_alg_match(key, expected_alg): +def test_key_type_sign_alg_match(key_type, expected_alg): + test_key = test_keys[key_type] key_encoding = serialization.Encoding.PEM key_format = serialization.PrivateFormat.PKCS8 key_encryption_alg = serialization.NoEncryption() - key_bytes = key.private_bytes(key_encoding, key_format, key_encryption_alg) + key_bytes = test_key.private_bytes(key_encoding, key_format, key_encryption_alg) + detected_alg = get_signature_algorithm_from_private_key(key_bytes) - assert detected_alg == expected_alg, f"Expected {expected_alg} but got {detected_alg}" \ No newline at end of file + assert detected_alg == expected_alg \ No newline at end of file From 78177556b8fbb516024fe14d03dc0152903ce57c Mon Sep 17 00:00:00 2001 From: "AzureAD\\KimBeelenInfiniot" Date: Wed, 2 Apr 2025 10:11:51 +0200 Subject: [PATCH 10/13] Fixed ECDSA-SHA256 fragment string Signed-off-by: kimbeelen --- openleadr/messaging.py | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/openleadr/messaging.py b/openleadr/messaging.py index a5599c4..c4e7557 100644 --- a/openleadr/messaging.py +++ b/openleadr/messaging.py @@ -64,7 +64,8 @@ def parse_message(data): def load_private_key(key_data, passphrase=None): """ - Load the key based on key data. .pem and .der keys can be loaded. + Load the key based on key data. Supports .pem and .der keys. + Returns a private key object. """ passphrase_bytes = passphrase.encode() if passphrase else None @@ -92,7 +93,7 @@ def get_signature_algorithm_from_private_key(key_data, passphrase=None, default_ elif isinstance(key, dsa.DSAPrivateKey): return "dsa-sha256" elif isinstance(key, ec.EllipticCurvePrivateKey): - return "ecdsa-sha-256" + return "ecdsa-sha256" elif isinstance(key, ed25519.Ed25519PrivateKey): logger.warning("ED25519 keys are not supported") elif isinstance(key, ed448.Ed448PrivateKey): From 2ba78b5087b46c7730d013ff747842b39648c82c Mon Sep 17 00:00:00 2001 From: "AzureAD\\KimBeelenInfiniot" Date: Wed, 2 Apr 2025 10:15:36 +0200 Subject: [PATCH 11/13] Fixed ECDSA-SHA256 fragment string in test Signed-off-by: kimbeelen --- test/test_signature_algorithms.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/test/test_signature_algorithms.py b/test/test_signature_algorithms.py index d7648eb..2b6a621 100644 --- a/test/test_signature_algorithms.py +++ b/test/test_signature_algorithms.py @@ -24,7 +24,7 @@ def fxn(): @pytest.mark.parametrize("key_type, expected_alg", [ ("rsa", "rsa-sha256"), ("dsa", "dsa-sha256"), - ("ec", "ecdsa-sha-256"), + ("ec", "ecdsa-sha256"), ("ed25519", "rsa-sha256"), ("ed448", "rsa-sha256"), ]) From 1bb614c8911384aa4bd5be6ce21d659816974090 Mon Sep 17 00:00:00 2001 From: kimbeelen Date: Mon, 14 Apr 2025 15:47:00 +0200 Subject: [PATCH 12/13] Removed deprecation warning ignore. Signed-off-by: kimbeelen --- test/test_signature_algorithms.py | 8 -------- 1 file changed, 8 deletions(-) diff --git a/test/test_signature_algorithms.py b/test/test_signature_algorithms.py index 2b6a621..5791134 100644 --- a/test/test_signature_algorithms.py +++ b/test/test_signature_algorithms.py @@ -1,17 +1,9 @@ import pytest -import warnings from cryptography.hazmat.primitives import serialization from cryptography.hazmat.primitives.asymmetric import rsa, dsa, ec, ed25519, ed448 from openleadr.messaging import get_signature_algorithm_from_private_key -def fxn(): - warnings.warn("deprecated", DeprecationWarning) - -with warnings.catch_warnings(action="ignore"): - fxn() - - test_keys = { "rsa": rsa.generate_private_key(public_exponent=65537, key_size=2048), "dsa": dsa.generate_private_key(key_size=2048), From 60c686641855dae02750f4082801cdac0e7d5f53 Mon Sep 17 00:00:00 2001 From: kimbeelen Date: Wed, 16 Apr 2025 08:22:24 +0200 Subject: [PATCH 13/13] Fixed Flake8 compliancy. Signed-off-by: kimbeelen --- openleadr/messaging.py | 17 ++++++++++------- test/test_signature_algorithms.py | 2 +- 2 files changed, 11 insertions(+), 8 deletions(-) diff --git a/openleadr/messaging.py b/openleadr/messaging.py index c4e7557..c8d4c59 100644 --- a/openleadr/messaging.py +++ b/openleadr/messaging.py @@ -75,17 +75,17 @@ def load_private_key(key_data, passphrase=None): try: key = serialization.load_der_private_key(key_data, passphrase_bytes) except ValueError: - logger.warning(f"Could not load key: unknown key file format.") + logger.warning("Could not load key: unknown key file format.") return key def get_signature_algorithm_from_private_key(key_data, passphrase=None, default_algorithm="rsa-sha256"): """ - Derive a signature algorithm based on the private key type. Returns a string that can be used to lookup - a signature algorithm by fragment. Algorithms are chosen based on NIST recommendations. + Derive a signature algorithm based on the private key type. Returns a string that can be used to lookup + a signature algorithm by fragment. Algorithms are chosen based on NIST recommendations. SignXML supports only RSA-, DSA- and EC-based signature methods. As XMLSigner uses RSA_SHA256 as default - signature algorithm, a fragment that results in this algorithm is returned for unsupported keys. + signature algorithm, a fragment that results in this algorithm is returned for unsupported keys. """ key = load_private_key(key_data, passphrase) if isinstance(key, rsa.RSAPrivateKey): @@ -111,8 +111,10 @@ def create_message(message_type, cert=None, key=None, passphrase=None, disable_s envelope = TEMPLATES.get_template('oadrPayload.xml') if cert and key and not disable_signature: tree = etree.fromstring(signed_object) - SIGNER = XMLSigner(method=methods.detached, - c14n_algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315") + SIGNER = XMLSigner( + method=methods.detached, + c14n_algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315" + ) SIGNER.namespaces['oadr'] = "http://openadr.org/oadr-2.0b/2012/07" SIGNER.sign_alg = SignatureMethod.from_fragment(get_signature_algorithm_from_private_key(key, passphrase)) signature_tree = SIGNER.sign(tree, @@ -126,7 +128,8 @@ def create_message(message_type, cert=None, key=None, passphrase=None, disable_s signature = None msg = envelope.render(template=f'{message_type}', signature=signature, - signed_object=signed_object) + signed_object=signed_object + ) logger.debug(f"Created message: {msg}") return msg diff --git a/test/test_signature_algorithms.py b/test/test_signature_algorithms.py index 5791134..dea53d7 100644 --- a/test/test_signature_algorithms.py +++ b/test/test_signature_algorithms.py @@ -29,4 +29,4 @@ def test_key_type_sign_alg_match(key_type, expected_alg): detected_alg = get_signature_algorithm_from_private_key(key_bytes) - assert detected_alg == expected_alg \ No newline at end of file + assert detected_alg == expected_alg