search

XML-Security / signxml

Python XML Signature and XAdES library
https://xml-security.github.io/signxml/
Apache License 2.0
137 stars 109 forks source link

XAdESVerifier verify CertDigest by index #247

Open msetina opened 7 months ago

msetina commented 7 months ago

Fix for #246. I found out that if I have multiple certificates in cert parameter to sign, the digest check would fail. Since it was signed with signxml, it was strange. Looking at code I found a problem. This is the solution.

msetina commented 7 months ago

Test suite fails for nonconformant-X_BE_CONN_10.xml. It has 2 X509Certificate nodes and 2 xades:Cert nodes. Previous code raised a InvalidDigest. The new code checks both Digests as OK as it compares by list index. By removing "nonconformant-X_BE_CONN_10": InvalidDigest, from test_xades_interop_examples error_conditions, test suit will finish with OK.

kislyuk commented 7 months ago

Please add a PR description with the motivation for this change.

msetina commented 7 months ago

Notice that test is changed as one was an error before and now it is not as Digests match.

kislyuk commented 7 months ago

Thanks. I will take a look at that test case and see if this is the correct way to make it work.