xoe-labs · ovnicraft · Nov 6, 2019 · Dec 15, 2019 · Dec 15, 2019 · Dec 16, 2019
diff --git a/signxml/xades/__init__.py b/signxml/xades/__init__.py
@@ -14,6 +14,9 @@
 from lxml.builder import ElementMaker
 from defusedxml.lxml import fromstring
 
+from OpenSSL.crypto import X509Name
+
+from cryptography.hazmat import _der
 from cryptography.hazmat.primitives.asymmetric import rsa, dsa, ec
 from cryptography.hazmat.primitives.asymmetric.padding import PKCS1v15
 from cryptography.hazmat.primitives.hashes import Hash, SHA1, SHA224, SHA256, SHA384, SHA512
@@ -57,6 +60,15 @@ def namedtuple_with_defaults(typename, field_names, default_values=()):
 
 # helper functions
 
+class X509NamePKCS12(X509Name):
+    def _issuer_string(self):
+        x509name = self.get_components()
+        x509name.reverse()
+        return ",".join([f"{var.decode()}={alias.decode()}" for var, alias in x509name])
+
+def issuer_string(certificate):
+    return X509NamePKCS12(certificate.get_issuer())._issuer_string()
+
 def _gen_id(prefix, suffix=None):
     """
     Generates the id 
@@ -75,7 +87,6 @@ def resolve_uri(uri):
     except:
         raise InvalidInput(f"Unable to resolve reference URI: {uri}")
 
-
 class XAdESProcessor(XMLSignatureProcessor):
     schema_file = "v1.4.1/XAdES01903v141-201601.xsd"
 
@@ -588,6 +599,37 @@ def _generate_xades(self, options_struct):
           up     := UnsignedProperties,             c. 4.3.3
             usp  := UnignedSignatureProperties,     c. 4.3.6
             udop := UnignedDataObjectProperties,    c. 4.3.7
+
+        Electronic signature forms elements
+        Mention differences between nodes
+        XaDES-BES
+        ssp:
+            (SigningTime)?
+            (SigningCertificate)?
+            (SignatureProductionPlace)?
+            (SignerRole)?
+
+        XaDES-EPES:
+        ssp:
+            (SigningTime)?
+            (SigningCertificate)?
+            (SignaturePolicyIdentifier)
+            (SignatureProductionPlace)?
+            (SignerRole)?
+
+        XaDES-T:
+        usp:
+            (CounterSignature)*
+            (SignatureTimeStamp)+
+
+        XaDES-C:
+        usp:
+            (CounterSignature)
+            (SignatureTimeStamp)
+            (CompleteCertificateRefs)
+            (CompleteRevocationRefs)
+            (AttributeCertificateRefs)?
+            (AttributeRevocationRefs)?
         """
 
         ssp_elements = self._generate_xades_ssp_elements(options_struct)
@@ -712,3 +754,46 @@ def _generate_xades(self, options_struct):
         qp = XADES.QualifyingProperties(*qp_elements, **qp_attributes)
         self._add_xades_reference(qp)
         return qp
+
+
+class XAdESEPESSigner(XAdESSigner):
+
+    def _generate_xades_ssp_elements(self, options_struct):
+        # Item 4: SignaturePolicyIdentifier
+        """
+        The SignaturePolicyIdentifier qualifying property shall be a signed
+            qualifying property qualifying the signature.
+        The SignaturePolicyIdentifier qualifying property shall contain either
+            an explicit identifier of a signature policy or an indication that
+            there is an implied signature policy that the relying party should
+            be aware of.
+
+        ETSI TS 119 172-1 specifies a framework for signature policies.
+        """
+        elements = super(XAdESEPESSigner, self)._generate_xades_ssp_elements(options_struct)
+        spid_elements = []
+        sp = options_struct.SignaturePolicy
+        # digest method
+        pdm = self.known_digest_tags.get(self.digest_alg)
+        # digest value
+        pv = resolve_uri(sp.Identifier)
+
+        spid_elements.append(
+            XADES132.SigPolicyId(
+                XADES132.Identifier(sp.Identifier),
+                XADES132.Description(sp.Description)
+            )
+        )
+        spid_elements.append(
+            XADES132.SigPolicyHash(
+                DS.DigestMethod(Algorithm=pdm),
+                DS.DigestValue(
+                    self._get_digest(pv,self._get_digest_method_by_tag(self.digest_alg))
+                )
+            )
+        )
+        spid = XADES132.SignaturePolicyId(*spid_elements)
+        spi_elements = []
+        spi_elements.append(spid)
+        elements.append(XADES132.SignaturePolicyIdentifier(*spi_elements))
+        return elements