search

TadaSoftware / PyNFe

Projeto de biblioteca para fazer interface com o webservice de Nota Fiscal eletrônica para Python, disponível sob LGPL.
http://groups.google.com/group/pynfe
Other
426 stars 173 forks source link

SHA1-based algorithms are not supported in the default configuration because they are not secure #257

Closed ibemoreira closed 1 year ago

ibemoreira commented 1 year ago

Esse trecho do código:

       signer = XMLSigner(
            method=signxml.methods.enveloped, signature_algorithm="rsa-sha1",
            digest_algorithm='sha1',
            c14n_algorithm='http://www.w3.org/TR/2001/REC-xml-c14n-20010315')

Esta lançando esse erro:

Traceback (most recent call last):
  File "C:\Users\SUPORTE\Desktop\nfe\venv\Lib\site-packages\uvicorn\protocols\http\h11_impl.py", line 407, in run_asgi
    result = await app(  # type: ignore[func-returns-value]
             ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "C:\Users\SUPORTE\Desktop\nfe\venv\Lib\site-packages\uvicorn\middleware\proxy_headers.py", line 78, in __call__
    return await self.app(scope, receive, send)
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "C:\Users\SUPORTE\Desktop\nfe\venv\Lib\site-packages\fastapi\applications.py", line 270, in __call__
    await super().__call__(scope, receive, send)
  File "C:\Users\SUPORTE\Desktop\nfe\venv\Lib\site-packages\starlette\applications.py", line 124, in __call__
    await self.middleware_stack(scope, receive, send)
  File "C:\Users\SUPORTE\Desktop\nfe\venv\Lib\site-packages\starlette\middleware\errors.py", line 184, in __call__
    raise exc
  File "C:\Users\SUPORTE\Desktop\nfe\venv\Lib\site-packages\starlette\middleware\errors.py", line 162, in __call__
    await self.app(scope, receive, _send)
  File "C:\Users\SUPORTE\Desktop\nfe\venv\Lib\site-packages\starlette\middleware\exceptions.py", line 79, in __call__
    raise exc
  File "C:\Users\SUPORTE\Desktop\nfe\venv\Lib\site-packages\starlette\middleware\exceptions.py", line 68, in __call__
    await self.app(scope, receive, sender)
  File "C:\Users\SUPORTE\Desktop\nfe\venv\Lib\site-packages\fastapi\middleware\asyncexitstack.py", line 21, in __call__
    raise e
  File "C:\Users\SUPORTE\Desktop\nfe\venv\Lib\site-packages\fastapi\middleware\asyncexitstack.py", line 18, in __call__
    await self.app(scope, receive, send)
  File "C:\Users\SUPORTE\Desktop\nfe\venv\Lib\site-packages\starlette\routing.py", line 706, in __call__
    await route.handle(scope, receive, send)
  File "C:\Users\SUPORTE\Desktop\nfe\venv\Lib\site-packages\starlette\routing.py", line 276, in handle
    await self.app(scope, receive, send)
  File "C:\Users\SUPORTE\Desktop\nfe\venv\Lib\site-packages\starlette\routing.py", line 66, in app
    response = await func(request)
               ^^^^^^^^^^^^^^^^^^^
  File "C:\Users\SUPORTE\Desktop\nfe\venv\Lib\site-packages\fastapi\routing.py", line 237, in app
    raw_response = await run_endpoint_function(
                   ^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "C:\Users\SUPORTE\Desktop\nfe\venv\Lib\site-packages\fastapi\routing.py", line 163, in run_endpoint_function
    return await dependant.call(**values)
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "C:\Users\SUPORTE\Desktop\nfe\api\V1\endpoints\distribuicao_nfe.py", line 17, in distribuicao_nfe
    df_manifesto(certificado=tmp.name, senha=senha, uf=uf, homologacao=homologacao, CPFCNPJ=CPFCNPJ)
  File "C:\Users\SUPORTE\Desktop\nfe\core\df_e_ciencia.py", line 366, in df_manifesto
    w_manifestacao(chave_,
  File "C:\Users\SUPORTE\Desktop\nfe\core\manifestacao.py", line 37, in w_manifestacao
    xml = a1.assinar(nfe_manif)
          ^^^^^^^^^^^^^^^^^^^^^
  File "C:\Users\SUPORTE\Desktop\nfe\venv\Lib\site-packages\pynfe\processamento\assinatura.py", line 42, in assinar
    signer = XMLSigner(
             ^^^^^^^^^^
  File "C:\Users\SUPORTE\Desktop\nfe\venv\Lib\site-packages\signxml\signer.py", line 114, in __init__
    self.check_deprecated_methods()
  File "C:\Users\SUPORTE\Desktop\nfe\venv\Lib\site-packages\signxml\signer.py", line 123, in check_deprecated_methods
    raise InvalidInput(msg)
signxml.exceptions.InvalidInput: SHA1-based algorithms are not supported in the default configuration because they are not secure

Eu "Resolvi" mondando o trecho assim: 

        signer = XMLSigner(
            method=signxml.methods.enveloped, signature_algorithm="rsa-sha1",
            digest_algorithm='sha1',
            c14n_algorithm='http://www.w3.org/TR/2001/REC-xml-c14n-20010315')

Com tudo após essa alteração venho recebendo rejeição na da SEFAZ de falha no falha no schema xml.

Espero ter sido, claro, sigo aqui tentando achar uma solução. @leogregianin

ibemoreira commented 1 year ago

Achei a solução aqui

By: @leogregianin "" Tente usar a seguintes versões das bibliotecas: signxml 2.9.0, pyOpenSSL 20.0.1 e cryptography 36.0.1 ""

leogregianin commented 1 year ago

@ibemoreira Você precisa utilizar algumas versões específicas de bibliotecas de dependências.

Por exemplo: