OrdersGuru_signer

OrdersGuru Signer

Application for signing and arranging orders documents.

Description

Application is primarily intended to use for signing XML documents with PKCS #12 certificate. It has two main options for signing:

• Directory - Useful when you have more formats of document, like XML, PDF, ... and all of them need to have same name. Application will search for XML file which must be signed and will try to get document name from it (if not stored under certain XML node, it will defaults to document). If there is multiple files with same extension (for example two .xml files) application will show you error message, since it's impossible to have two files with same name in one directory. If you have files with different extensions and unsigned XML inside chosen directory, your XML will be signed and appropriately renamed along other files.
• File - Useful when you want to sign single XML file. If you provide correct certificate password then XML is overwritten with with original content and appended signature.

Application is expecting usage of password protected PKCS #12 certificate. Because of security reasons you need to enter password everytime you are signing XML file. At the first start of application you'll need to provide path to XML schema (.xsd) on which your XML file must be validated and path to certificate (.p12). Both files must remain at their initial location, because the application is not copying them on some other location inside app directory, otherwise you will get error warning when you open application next time (it will show you settings window where you can change path to both files).

OrdersGuru Signer was written as XML signing app for Slovenian e-Business standard XMLs, so it contains hardcoded reference type URL for main node for signing. You can change it once the initial settings are saved to application's configuration file, which is located at ~/.config/ordersguru_signer.ini. Make sure to quit from application and then change the value of xmlreftype property to desired value in that file. When you'll use application next time, signature in XML will use specified value as reference type.

Based On

Application is written in Python 3 and is using known libraries:

• PyQt5 (>= 5.5.1)
• lxml (>= 3.7.2)
• pyOpenSSL (>= 16.2.0)

Versions mentioned in parentheses were used during development and are tested to work. Other versions of libraries which are close enough to those versions, probably also work without any problems.

User interface contains few icons from FatCow Web Hosting, which you can find here.

Developer Installation

For development you need to install additional packages which are required for using additional libraries. I recommend you to install PyQt5 from distribution's repository (if possible) since it probably contains everything to match your OS configuration (if you install PyQt5 from PyPI, you probably won't have styling for GTK+ if you use Ubuntu). For other libraries it is best to install them with pip, to get fresh versions.

Example of dependencies installation for Ubuntu:

sudo apt-get install python3-dev python3-pip python3-pyqt5 libxml2-dev libxslt1-dev libffi-dev libssl-dev
sudo pip3 install lxml pyOpenSSL

Building Executables

If you want distribute application you can use PyInstaller (example install: sudo pip3 install pyinstaller), since I already prepared basic specification file. It will generate directory based executable file which is then ready to use on end system (along with other files in that directory).

Example of generating executable with prepared specification:

pyinstaller ordersguru_signer.spec

Future Ideas

Since application was written really quick, there is still a lot of space for improvement. There is few ideas which may be implemented in the future:

• Add Reference Type field in settings
• Support for batch signing of XMLs
• Recursive signing from specified directory
• Support for signing XMLs in ZIP packages
• Add predefined types for XML schemas and reference types
• Support for diffrent digest hashes
• XML signing directly from specified URL