commit 88c01e7edfae7bf4e2d4687ca521ab3778ba0528
parent 421901e3b0ec114336c377d58495e23ef67f7678
Author: lash <dev@holbrook.no>
Date: Fri, 23 Jun 2023 20:08:50 +0100
Make xml schema check pass
Diffstat:
3 files changed, 468 insertions(+), 3 deletions(-)
diff --git a/funga/data/xmldsig-core-schema.xsd b/funga/data/xmldsig-core-schema.xsd
@@ -0,0 +1,318 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE schema
+ PUBLIC "-//W3C//DTD XMLSchema 200102//EN" "http://www.w3.org/2001/XMLSchema.dtd"
+ [
+ <!ATTLIST schema
+ xmlns:ds CDATA #FIXED "http://www.w3.org/2000/09/xmldsig#">
+ <!ENTITY dsig 'http://www.w3.org/2000/09/xmldsig#'>
+ <!ENTITY % p ''>
+ <!ENTITY % s ''>
+ ]>
+
+<!-- Schema for XML Signatures
+ http://www.w3.org/2000/09/xmldsig#
+ $Revision: 1.1 $ on $Date: 2002/02/08 20:32:26 $ by $Author: reagle $
+
+ Copyright 2001 The Internet Society and W3C (Massachusetts Institute
+ of Technology, Institut National de Recherche en Informatique et en
+ Automatique, Keio University). All Rights Reserved.
+ http://www.w3.org/Consortium/Legal/
+
+ This document is governed by the W3C Software License [1] as described
+ in the FAQ [2].
+
+ [1] http://www.w3.org/Consortium/Legal/copyright-software-19980720
+ [2] http://www.w3.org/Consortium/Legal/IPR-FAQ-20000620.html#DTD
+-->
+
+
+<schema xmlns="http://www.w3.org/2001/XMLSchema"
+ xmlns:ds="http://www.w3.org/2000/09/xmldsig#"
+ targetNamespace="http://www.w3.org/2000/09/xmldsig#"
+ version="0.1" elementFormDefault="qualified">
+
+<!-- Basic Types Defined for Signatures -->
+
+<simpleType name="CryptoBinary">
+ <restriction base="base64Binary">
+ </restriction>
+</simpleType>
+
+<!-- Start Signature -->
+
+<element name="Signature" type="ds:SignatureType"/>
+<complexType name="SignatureType">
+ <sequence>
+ <element ref="ds:SignedInfo"/>
+ <element ref="ds:SignatureValue"/>
+ <element ref="ds:KeyInfo" minOccurs="0"/>
+ <element ref="ds:Object" minOccurs="0" maxOccurs="unbounded"/>
+ </sequence>
+ <attribute name="Id" type="ID" use="optional"/>
+</complexType>
+
+ <element name="SignatureValue" type="ds:SignatureValueType"/>
+ <complexType name="SignatureValueType">
+ <simpleContent>
+ <extension base="base64Binary">
+ <attribute name="Id" type="ID" use="optional"/>
+ </extension>
+ </simpleContent>
+ </complexType>
+
+<!-- Start SignedInfo -->
+
+<element name="SignedInfo" type="ds:SignedInfoType"/>
+<complexType name="SignedInfoType">
+ <sequence>
+ <element ref="ds:CanonicalizationMethod"/>
+ <element ref="ds:SignatureMethod"/>
+ <element ref="ds:Reference" maxOccurs="unbounded"/>
+ </sequence>
+ <attribute name="Id" type="ID" use="optional"/>
+</complexType>
+
+ <element name="CanonicalizationMethod" type="ds:CanonicalizationMethodType"/>
+ <complexType name="CanonicalizationMethodType" mixed="true">
+ <sequence>
+ <any namespace="##any" minOccurs="0" maxOccurs="unbounded"/>
+ <!-- (0,unbounded) elements from (1,1) namespace -->
+ </sequence>
+ <attribute name="Algorithm" type="anyURI" use="required"/>
+ </complexType>
+
+ <element name="SignatureMethod" type="ds:SignatureMethodType"/>
+ <complexType name="SignatureMethodType" mixed="true">
+ <sequence>
+ <element name="HMACOutputLength" minOccurs="0" type="ds:HMACOutputLengthType"/>
+ <any namespace="##other" minOccurs="0" maxOccurs="unbounded"/>
+ <!-- (0,unbounded) elements from (1,1) external namespace -->
+ </sequence>
+ <attribute name="Algorithm" type="anyURI" use="required"/>
+ </complexType>
+
+<!-- Start Reference -->
+
+<element name="Reference" type="ds:ReferenceType"/>
+<complexType name="ReferenceType">
+ <sequence>
+ <element ref="ds:Transforms" minOccurs="0"/>
+ <element ref="ds:DigestMethod"/>
+ <element ref="ds:DigestValue"/>
+ </sequence>
+ <attribute name="Id" type="ID" use="optional"/>
+ <attribute name="URI" type="anyURI" use="optional"/>
+ <attribute name="Type" type="anyURI" use="optional"/>
+</complexType>
+
+ <element name="Transforms" type="ds:TransformsType"/>
+ <complexType name="TransformsType">
+ <sequence>
+ <element ref="ds:Transform" maxOccurs="unbounded"/>
+ </sequence>
+ </complexType>
+
+ <element name="Transform" type="ds:TransformType"/>
+ <complexType name="TransformType" mixed="true">
+ <choice minOccurs="0" maxOccurs="unbounded">
+ <any namespace="##other" processContents="lax"/>
+ <!-- (1,1) elements from (0,unbounded) namespaces -->
+ <element name="XPath" type="string"/>
+ </choice>
+ <attribute name="Algorithm" type="anyURI" use="required"/>
+ </complexType>
+
+<!-- End Reference -->
+
+<element name="DigestMethod" type="ds:DigestMethodType"/>
+<complexType name="DigestMethodType" mixed="true">
+ <sequence>
+ <any namespace="##other" processContents="lax" minOccurs="0" maxOccurs="unbounded"/>
+ </sequence>
+ <attribute name="Algorithm" type="anyURI" use="required"/>
+</complexType>
+
+<element name="DigestValue" type="ds:DigestValueType"/>
+<simpleType name="DigestValueType">
+ <restriction base="base64Binary"/>
+</simpleType>
+
+<!-- End SignedInfo -->
+
+<!-- Start KeyInfo -->
+
+<element name="KeyInfo" type="ds:KeyInfoType"/>
+<complexType name="KeyInfoType" mixed="true">
+ <choice maxOccurs="unbounded">
+ <element ref="ds:KeyName"/>
+ <element ref="ds:KeyValue"/>
+ <element ref="ds:RetrievalMethod"/>
+ <element ref="ds:X509Data"/>
+ <element ref="ds:PGPData"/>
+ <element ref="ds:SPKIData"/>
+ <element ref="ds:MgmtData"/>
+ <any processContents="lax" namespace="##other"/>
+ <!-- (1,1) elements from (0,unbounded) namespaces -->
+ </choice>
+ <attribute name="Id" type="ID" use="optional"/>
+</complexType>
+
+ <element name="KeyName" type="string"/>
+ <element name="MgmtData" type="string"/>
+
+ <element name="KeyValue" type="ds:KeyValueType"/>
+ <complexType name="KeyValueType" mixed="true">
+ <choice>
+ <element ref="ds:DSAKeyValue"/>
+ <element ref="ds:RSAKeyValue"/>
+ <any namespace="##other" processContents="lax"/>
+ </choice>
+ </complexType>
+
+ <element name="RetrievalMethod" type="ds:RetrievalMethodType"/>
+ <complexType name="RetrievalMethodType">
+ <sequence>
+ <element ref="ds:Transforms" minOccurs="0"/>
+ </sequence>
+ <attribute name="URI" type="anyURI"/>
+ <attribute name="Type" type="anyURI" use="optional"/>
+ </complexType>
+
+<!-- Start X509Data -->
+
+<element name="X509Data" type="ds:X509DataType"/>
+<complexType name="X509DataType">
+ <sequence maxOccurs="unbounded">
+ <choice>
+ <element name="X509IssuerSerial" type="ds:X509IssuerSerialType"/>
+ <element name="X509SKI" type="base64Binary"/>
+ <element name="X509SubjectName" type="string"/>
+ <element name="X509Certificate" type="base64Binary"/>
+ <element name="X509CRL" type="base64Binary"/>
+ <any namespace="##other" processContents="lax"/>
+ </choice>
+ </sequence>
+</complexType>
+
+<complexType name="X509IssuerSerialType">
+ <sequence>
+ <element name="X509IssuerName" type="string"/>
+ <element name="X509SerialNumber" type="integer"/>
+ </sequence>
+</complexType>
+
+<!-- End X509Data -->
+
+<!-- Begin PGPData -->
+
+<element name="PGPData" type="ds:PGPDataType"/>
+<complexType name="PGPDataType">
+ <choice>
+ <sequence>
+ <element name="PGPKeyID" type="base64Binary"/>
+ <element name="PGPKeyPacket" type="base64Binary" minOccurs="0"/>
+ <any namespace="##other" processContents="lax" minOccurs="0"
+ maxOccurs="unbounded"/>
+ </sequence>
+ <sequence>
+ <element name="PGPKeyPacket" type="base64Binary"/>
+ <any namespace="##other" processContents="lax" minOccurs="0"
+ maxOccurs="unbounded"/>
+ </sequence>
+ </choice>
+</complexType>
+
+<!-- End PGPData -->
+
+<!-- Begin SPKIData -->
+
+<element name="SPKIData" type="ds:SPKIDataType"/>
+<complexType name="SPKIDataType">
+ <sequence maxOccurs="unbounded">
+ <element name="SPKISexp" type="base64Binary"/>
+ <any namespace="##other" processContents="lax" minOccurs="0"/>
+ </sequence>
+</complexType>
+
+<!-- End SPKIData -->
+
+<!-- End KeyInfo -->
+
+<!-- Start Object (Manifest, SignatureProperty) -->
+
+<element name="Object" type="ds:ObjectType"/>
+<complexType name="ObjectType" mixed="true">
+ <sequence minOccurs="0" maxOccurs="unbounded">
+ <any namespace="##any" processContents="lax"/>
+ </sequence>
+ <attribute name="Id" type="ID" use="optional"/>
+ <attribute name="MimeType" type="string" use="optional"/> <!-- add a grep facet -->
+ <attribute name="Encoding" type="anyURI" use="optional"/>
+</complexType>
+
+<element name="Manifest" type="ds:ManifestType"/>
+<complexType name="ManifestType">
+ <sequence>
+ <element ref="ds:Reference" maxOccurs="unbounded"/>
+ </sequence>
+ <attribute name="Id" type="ID" use="optional"/>
+</complexType>
+
+<element name="SignatureProperties" type="ds:SignaturePropertiesType"/>
+<complexType name="SignaturePropertiesType">
+ <sequence>
+ <element ref="ds:SignatureProperty" maxOccurs="unbounded"/>
+ </sequence>
+ <attribute name="Id" type="ID" use="optional"/>
+</complexType>
+
+ <element name="SignatureProperty" type="ds:SignaturePropertyType"/>
+ <complexType name="SignaturePropertyType" mixed="true">
+ <choice maxOccurs="unbounded">
+ <any namespace="##other" processContents="lax"/>
+ <!-- (1,1) elements from (1,unbounded) namespaces -->
+ </choice>
+ <attribute name="Target" type="anyURI" use="required"/>
+ <attribute name="Id" type="ID" use="optional"/>
+ </complexType>
+
+<!-- End Object (Manifest, SignatureProperty) -->
+
+<!-- Start Algorithm Parameters -->
+
+<simpleType name="HMACOutputLengthType">
+ <restriction base="integer"/>
+</simpleType>
+
+<!-- Start KeyValue Element-types -->
+
+<element name="DSAKeyValue" type="ds:DSAKeyValueType"/>
+<complexType name="DSAKeyValueType">
+ <sequence>
+ <sequence minOccurs="0">
+ <element name="P" type="ds:CryptoBinary"/>
+ <element name="Q" type="ds:CryptoBinary"/>
+ </sequence>
+ <element name="G" type="ds:CryptoBinary" minOccurs="0"/>
+ <element name="Y" type="ds:CryptoBinary"/>
+ <element name="J" type="ds:CryptoBinary" minOccurs="0"/>
+ <sequence minOccurs="0">
+ <element name="Seed" type="ds:CryptoBinary"/>
+ <element name="PgenCounter" type="ds:CryptoBinary"/>
+ </sequence>
+ </sequence>
+</complexType>
+
+<element name="RSAKeyValue" type="ds:RSAKeyValueType"/>
+<complexType name="RSAKeyValueType">
+ <sequence>
+ <element name="Modulus" type="ds:CryptoBinary"/>
+ <element name="Exponent" type="ds:CryptoBinary"/>
+ </sequence>
+</complexType>
+
+<!-- End KeyValue Element-types -->
+
+<!-- End Signature -->
+
+</schema>
diff --git a/funga/data/xmldsig11-schema.xsd b/funga/data/xmldsig11-schema.xsd
@@ -0,0 +1,144 @@
+<?xml version="1.0" encoding="utf-8"?>
+
+<!--
+#
+# Copyright ©[2011] World Wide Web Consortium
+# (Massachusetts Institute of Technology,
+# European Research Consortium for Informatics and Mathematics,
+# Keio University). All Rights Reserved.
+# This work is distributed under the W3C® Software License [1] in the
+# hope that it will be useful, but WITHOUT ANY WARRANTY; without even
+# the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR
+# PURPOSE.
+# [1] http://www.w3.org/Consortium/Legal/2002/copyright-software-20021231
+#
+-->
+
+<schema xmlns="http://www.w3.org/2001/XMLSchema"
+ xmlns:ds="http://www.w3.org/2000/09/xmldsig#"
+ xmlns:dsig11="http://www.w3.org/2009/xmldsig11#"
+ targetNamespace="http://www.w3.org/2009/xmldsig11#"
+ version="0.1" elementFormDefault="qualified">
+
+ <import namespace="http://www.w3.org/2000/09/xmldsig#"/>
+
+ <element name="ECKeyValue" type="dsig11:ECKeyValueType"/>
+ <complexType name="ECKeyValueType">
+ <sequence>
+ <choice>
+ <element name="ECParameters" type="dsig11:ECParametersType"/>
+ <element name="NamedCurve" type="dsig11:NamedCurveType"/>
+ </choice>
+ <element name="PublicKey" type="dsig11:ECPointType"/>
+ </sequence>
+ <attribute name="Id" type="ID" use="optional"/>
+ </complexType>
+
+ <complexType name="NamedCurveType">
+ <attribute name="URI" type="anyURI" use="required"/>
+ </complexType>
+
+ <simpleType name="ECPointType">
+ <restriction base="ds:CryptoBinary"/>
+ </simpleType>
+
+ <complexType name="ECParametersType">
+ <sequence>
+ <element name="FieldID" type="dsig11:FieldIDType"/>
+ <element name="Curve" type="dsig11:CurveType"/>
+ <element name="Base" type="dsig11:ECPointType"/>
+ <element name="Order" type="ds:CryptoBinary"/>
+ <element name="CoFactor" type="integer" minOccurs="0"/>
+ <element name="ValidationData"
+ type="dsig11:ECValidationDataType" minOccurs="0"/>
+ </sequence>
+ </complexType>
+
+ <complexType name="FieldIDType">
+ <choice>
+ <element ref="dsig11:Prime"/>
+ <element ref="dsig11:TnB"/>
+ <element ref="dsig11:PnB"/>
+ <element ref="dsig11:GnB"/>
+ <any namespace="##other" processContents="lax"/>
+ </choice>
+ </complexType>
+
+ <complexType name="CurveType">
+ <sequence>
+ <element name="A" type="ds:CryptoBinary"/>
+ <element name="B" type="ds:CryptoBinary"/>
+ </sequence>
+ </complexType>
+
+ <complexType name="ECValidationDataType">
+ <sequence>
+ <element name="seed" type="ds:CryptoBinary"/>
+ </sequence>
+ <attribute name="hashAlgorithm" type="anyURI" use="required"/>
+ </complexType>
+
+ <element name="Prime" type="dsig11:PrimeFieldParamsType"/>
+ <complexType name="PrimeFieldParamsType">
+ <sequence>
+ <element name="P" type="ds:CryptoBinary"/>
+ </sequence>
+ </complexType>
+
+ <element name="GnB" type="dsig11:CharTwoFieldParamsType"/>
+ <complexType name="CharTwoFieldParamsType">
+ <sequence>
+ <element name="M" type="positiveInteger"/>
+ </sequence>
+ </complexType>
+
+ <element name="TnB" type="dsig11:TnBFieldParamsType"/>
+ <complexType name="TnBFieldParamsType">
+ <complexContent>
+ <extension base="dsig11:CharTwoFieldParamsType">
+ <sequence>
+ <element name="K" type="positiveInteger"/>
+ </sequence>
+ </extension>
+ </complexContent>
+ </complexType>
+
+ <element name="PnB" type="dsig11:PnBFieldParamsType"/>
+ <complexType name="PnBFieldParamsType">
+ <complexContent>
+ <extension base="dsig11:CharTwoFieldParamsType">
+ <sequence>
+ <element name="K1" type="positiveInteger"/>
+ <element name="K2" type="positiveInteger"/>
+ <element name="K3" type="positiveInteger"/>
+ </sequence>
+ </extension>
+ </complexContent>
+ </complexType>
+
+ <element name="DEREncodedKeyValue" type="dsig11:DEREncodedKeyValueType"/>
+ <complexType name="DEREncodedKeyValueType">
+ <simpleContent>
+ <extension base="base64Binary">
+ <attribute name="Id" type="ID" use="optional"/>
+ </extension>
+ </simpleContent>
+ </complexType>
+
+ <element name="KeyInfoReference" type="dsig11:KeyInfoReferenceType"/>
+ <complexType name="KeyInfoReferenceType">
+ <attribute name="URI" type="anyURI" use="required"/>
+ <attribute name="Id" type="ID" use="optional"/>
+ </complexType>
+
+ <element name="X509Digest" type="dsig11:X509DigestType"/>
+ <complexType name="X509DigestType">
+ <simpleContent>
+ <extension base="base64Binary">
+ <attribute name="Algorithm" type="anyURI" use="required"/>
+ </extension>
+ </simpleContent>
+ </complexType>
+
+</schema>
+
diff --git a/funga/xml/xml.py b/funga/xml/xml.py
@@ -54,8 +54,11 @@ class SignatureParser:
m = importlib.import_module('xmlschema')
except ModuleNotFoundError:
return
- sp = os.path.join(data_dir, 'xmldsig1-schema.xsd')
- self.__schema = m.XMLSchema(sp)
+ logg.info('found xmlschema module, will validate xml')
+ #sp = os.path.join(data_dir, 'xmldsig1-schema.xsd')
+ sp = os.path.join(data_dir, 'xmldsig-core-schema.xsd')
+ self.__schema = m.XMLSchema(sp, validation='lax')
+ # TODO: add validation for xmldsig11 OR make work with xmldsig1-schema bundle
def clear(self):
@@ -90,7 +93,7 @@ class SignatureParser:
def __verify_schema(self, fp):
if self.__schema == None:
return
- schema.validate(fp)
+ self.__schema.validate(fp)
def process_file(self, fp):
