Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Feature/signing algorithms #67

Merged
21 changes: 19 additions & 2 deletions pyas2lib/as2.py
Original file line number Diff line number Diff line change
Expand Up @@ -28,6 +28,7 @@
MDN_CONFIRM_TEXT,
MDN_FAILED_TEXT,
MDN_MODES,
SIGNATUR_ALGORITHMS,
SYNCHRONOUS_MDN,
)
from pyas2lib.exceptions import (
Expand Down Expand Up @@ -179,6 +180,9 @@ class Partner:
:param canonicalize_as_binary: force binary canonicalization for this partner
:param sign_alg: The signing algorithm to be used for generating the
signature. (default `rsassa_pkcs1v15`)
"""

as2_name: str
Expand All @@ -197,6 +201,7 @@ class Partner:
mdn_confirm_text: str = MDN_CONFIRM_TEXT
ignore_self_signed: bool = True
canonicalize_as_binary: bool = False
sign_alg: str = "rsassa_pkcs1v15"

def __post_init__(self):
"""Run the post initialisation checks for this class."""
Expand Down Expand Up @@ -225,6 +230,12 @@ def __post_init__(self):
f"must be one of {DIGEST_ALGORITHMS}"
)

if self.sign_alg and self.sign_alg not in SIGNATUR_ALGORITHMS:
raise ImproperlyConfigured(
f"Unsupported Signature Algorithm {self.sign_alg}, "
f"must be one of {SIGNATUR_ALGORITHMS}"
)

def load_verify_cert(self):
"""Load the verification certificate of the partner and returned the parsed cert."""
if self.validate_certs:
Expand Down Expand Up @@ -466,7 +477,10 @@ def build(
)
del signature["MIME-Version"]
signature_data = sign_message(
mic_content, self.digest_alg, self.sender.sign_key
mic_content,
self.digest_alg,
self.sender.sign_key,
self.receiver.sign_alg,
)
signature.set_payload(signature_data)
encoders.encode_base64(signature)
Expand Down Expand Up @@ -865,7 +879,10 @@ def build(
del signature["MIME-Version"]

signed_data = sign_message(
canonicalize(self.payload), self.digest_alg, message.receiver.sign_key
canonicalize(self.payload),
self.digest_alg,
message.receiver.sign_key,
message.sender.sign_alg,
)
signature.set_payload(signed_data)
encoders.encode_base64(signature)
Expand Down
4 changes: 4 additions & 0 deletions pyas2lib/constants.py
Original file line number Diff line number Diff line change
Expand Up @@ -28,3 +28,7 @@
"aes_192_cbc",
"aes_256_cbc",
)
SIGNATUR_ALGORITHMS = (
"rsassa_pkcs1v15",
Copy link
Owner

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

did the original issue not want support for non rsa algos?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Indeed, but the ticket has actually two parts, I only tackled the part that signature algo cannot be passed down, because it is missed in the partner object.

I miss the information about which other algos we should implement. I do think we can keep ticket as such open and ask that question and make another feature.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@abhishek-ram : good to go or ?

"rsassa_pss",
)
3 changes: 3 additions & 0 deletions pyas2lib/tests/test_advanced.py
Original file line number Diff line number Diff line change
Expand Up @@ -334,6 +334,9 @@ def test_partner_checks(self):
with self.assertRaises(ImproperlyConfigured):
as2.Partner("a partner", mdn_digest_alg="xyz")

with self.assertRaises(ImproperlyConfigured):
as2.Partner("a partner", sign_alg="xyz")

def test_message_checks(self):
"""Test the checks and other features of Message."""
msg = as2.Message()
Expand Down
Loading