Sello class

A Python interface to FirmaSAT <http://www.cryptosys.net/firmasat/>.

class firmasat.Sello

Operates on the sello (signature) node in a SAT XML document.

class SignOpts

Bitwise options for signing XML.

BIGFILE = 134217728

Speed up processing of large files

DEFAULT = 0

Default options (add BOM, empty elements in form <foo></foo>)

NOBOM = 8192

Do not add byte-order mark (BOM) to file [default = add]

USEEMPTYELEMENTS = 131072

Output empty elements in form <foo />

static extract_digest_from_sig(xmlfile, certfile='')

Extract the message digest from the signature (sello) in an XML file.

This extracts the message digest from the sello in the XML document. Use Sello.make_digest() to create the digest from the data in the document.

Returns:

Message digest in hex format.

static insert_cert(newfile, basefile, certfile)

Insert certificate information into an XML document and output to a new file.

Parameters:

  • newfile (str) – Name of new file to be created.

  • basefile (str) – Name of base XML file to be processed.

  • certfile (str) – Name of X.509 certificate file to be included in output XML (or string containing certificate data in base64 or PEM format).

Returns:

0 if successful, otherwise a nonzero error code.

Return type:

int

static insert_cert_to_string(basefile, certfile)

Insert certificate information into an XML document and output to memory.

Parameters:

  • basefile (str) – Name of base XML file to be processed.

  • certfile (str) – Name of X.509 certificate file to be included in output XML (or string containing certificate data in base64 or PEM format).

Returns:

XML data as a string.

Return type:

str

static make_digest(xmlfile, hashalg=0)

Form the message digest of piped string (cadena) from an XML file.

Parameters:

  • xmlfile (str) – Full path to XML file.

  • hashalg (HashAlg) – Option hash algorithm.

Returns (str):

Message digest in hex format.

Note

This creates the message digest directly from the data in the XML document. Use Sello.extract_digest_from_sig() to extract the digest from the signature.

static make_pipestring(xmlfile)

Create the “piped” string (cadena original) from an XML file.

Parameters:

xmlfile (str) – Full path to XML file.

Returns (str):

Piped string in UTF-8 encoding.

static make_sig(xmlfile, keyfile, password, hashalg=0)

Create the signature (sello) from an XML file and private key.

Parameters:

  • xmlfile – Full path to XML file

  • keyfile – Name of private key file

  • password – Password

  • hashalg – Message digest algorithm to use in signature (optional).

Returns:

Signature in base64 format or empty string on error.

static sign_xml(newfile, basefile, keyfile, password, certfile, signopts=0, hashalg=0)

Sign an XML file (file <– file).

Parameters:

  • newfile (str) – Name of new file to be created.

  • basefile (str) – Name of base XML file to be signed.

  • keyfile (str) – Name of private key file (or string containing key data in PEM format)

  • password (str) – Password for key file

  • certfile (str) – Name of X.509 certificate file to be included in output XML (or string containing certificate data in base64 or PEM format).

  • signopts (Sello.SignOpts) – Options – see Sello.SignOpts

  • hashalg (HashAlg) – Message digest algorithm to use in signature (optional).

Returns:

0 if successful, otherwise a nonzero error code.

Return type:

int

Note

Any existing file called newfile will be overwritten without warning; however, the input and output files can be the same. The base XML file must have an empty Sello attribute node to be completed. If a certificate file certfile is specified then the Certificado and NoCertificado nodes will be overwritten in the output file with the values in the certificate file. If a certificate file is not specified then the Certificado value in the XML will be used.

A version 4 CFDi document to be signed must use the "cfdi:" namespace prefix. For CFD v4 the NoCertificado attribute in the input must be set to the correct certificate serial number before signing. In a Retenciones document you must set the CertNum attribute before signing. In a ControlesVolumetricos document you must set both the noCertificado and certificado attributes before signing.

static sign_xml_data_to_buf(xmldata, keyfile, password, certfile, signopts=0, hashalg=0)

Sign XML data returning output in a buffer (buf <– buf).

Parameters:

  • xmldata – Byte array containing XML data.

  • keyfile – Name of private key file (or string containing key data in PEM format).

  • password – Password for key file.

  • certfile – Name of X.509 certificate file to be included in output XML (or string containing certificate data in base64 or PEM format).

  • signopts – Options – see Sello.SignOpts.

  • hashalg – Message digest algorithm to use in signature (optional).

Returns:

Signed XML data in a byte array.

Note

Output bytes are always UTF-8 encoded.

static sign_xml_file_to_buf(xmlfile, keyfile, password, certfile, signopts=0, hashalg=0)

Sign XML file returning output in a buffer (bytes <– file).

Parameters:

  • xmlfile – Name of base XML file to be signed.

  • keyfile – Name of private key file (or string containing key data in PEM format).

  • password – Password for key file.

  • certfile – Name of X.509 certificate file to be included in output XML (or string containing certificate data in base64 or PEM format).

  • signopts – Options – see Sello.SignOpts.

  • hashalg – Message digest algorithm to use in signature (optional).

Returns:

Signed XML data in a byte array.

Note

Output bytes are always UTF-8 encoded.

static verify_sig(xmlfile, certfile='')

Verify the signature (sello) in an XML file.

Parameters:

  • xmlfile (str) – Full path to XML file.

  • certfile (str) – Optional X.509 certificate file to override Certificado in XML.

Returns:

0 if signature is verified, otherwise a nonzero error code – see Err.error_lookup()

Return type:

int