chore: Update to SignXML 4.0.0 version

- Updated error messages and expected exception in tests.
- Updated `add_pem_cert_header_footer` and now `signxml.util.add_pem_header` returns a byte object.
- Removed use of `crypto_utils._X509CertOpenSsl` in `verify_xml_signature` as SignXML has deprecated PyOpenSSL.

Ref: https://app.shortcut.com/cordada/story/11838/ [sc-11838]

Author: svillegas-cdd

src/cl_sii/libs/crypto_utils.py

@@ -157,8 +157,7 @@ def add_pem_cert_header_footer(pem_cert: bytes) -> bytes:
     """
     pem_value_str = pem_cert.decode('ascii')
     # note: it would be great if 'add_pem_header' did not forcefully convert bytes to str.
-    mod_pem_value_str = signxml.util.add_pem_header(pem_value_str)
-    mod_pem_value: bytes = mod_pem_value_str.encode('ascii')
+    mod_pem_value: bytes = signxml.util.add_pem_header(pem_value_str)
     return mod_pem_value
 
 

src/cl_sii/libs/xml_utils.py

@@ -440,14 +440,8 @@ def verify_xml_signature(
         )
 
     if isinstance(trusted_x509_cert, crypto_utils._X509CertOpenSsl):
-        trusted_x509_cert_open_ssl = trusted_x509_cert
-    elif isinstance(trusted_x509_cert, crypto_utils.X509Cert):
-        trusted_x509_cert_open_ssl = crypto_utils._X509CertOpenSsl.from_cryptography(
-            trusted_x509_cert
-        )
-    elif trusted_x509_cert is None:
-        trusted_x509_cert_open_ssl = None
-    else:
+        trusted_x509_cert = trusted_x509_cert.to_cryptography()
+    elif not (isinstance(trusted_x509_cert, crypto_utils.X509Cert) or trusted_x509_cert is None):
         # A 'crypto_utils._X509CertOpenSsl' is ok but we prefer 'crypto_utils.X509Cert'.
         raise TypeError("'trusted_x509_cert' must be a 'crypto_utils.X509Cert' instance, or None.")
 
@@ -481,10 +475,10 @@ def verify_xml_signature(
         #   https://github.com/XML-Security/signxml/commit/ef15da8dbb904f1dedfdd210ae3e0df5da535612
         result = xml_verifier.verify(
             data=tmp_bytes,
-            require_x509=True,
-            x509_cert=trusted_x509_cert_open_ssl,
-            ignore_ambiguous_key_info=True,
+            x509_cert=trusted_x509_cert,
             expect_config=signxml.verifier.SignatureConfiguration(
+                require_x509=True,
+                ignore_ambiguous_key_info=True,
                 signature_methods=frozenset([signxml.algorithms.SignatureMethod.RSA_SHA1]),
                 digest_algorithms=frozenset([signxml.algorithms.DigestAlgorithm.SHA1]),
             ),

src/tests/test_data/sii-dte/DTE--60910000-1--33--no-expired-sign.xml

@@ -0,0 +1,138 @@
+<?xml version="1.0" encoding="windows-1252"?>
+<DTE version="1.0">
+<Documento ID="DTE-33-2336600">
+<Encabezado>
+<IdDoc>
+<TipoDTE>33</TipoDTE>
+<Folio>2336600</Folio>
+<FchEmis>2019-08-08</FchEmis>
+<IndServicio>2</IndServicio>
+<FmaPago>1</FmaPago>
+<FchCancel>2019-08-08</FchCancel>
+<MedioPago>OT</MedioPago>
+<FchVenc>2019-08-08</FchVenc>
+</IdDoc>
+<Emisor>
+<RUTEmisor>60910000-1</RUTEmisor>
+<RznSoc>Universidad de Chile</RznSoc>
+<GiroEmis>Corporación Educacional y Servicios                 Profesionales</GiroEmis>
+<Acteco>803010</Acteco>
+<Sucursal>NIC Chile</Sucursal>
+<CdgSIISucur>67051191</CdgSIISucur>
+<DirOrigen>Miraflores 222, Piso 14</DirOrigen>
+<CmnaOrigen>Santiago</CmnaOrigen>
+<CiudadOrigen>Santiago</CiudadOrigen>
+</Emisor>
+<Receptor>
+<RUTRecep>76555835-2</RUTRecep>
+<RznSocRecep>FYNPAL SPA</RznSocRecep>
+<GiroRecep>PROCESAMIENTO DE DATOS Y ACTIVIDADES REL</GiroRecep>
+<Contacto>Germán Enrique Larraín Muñoz</Contacto>
+<DirRecep>El Bosque Norte 0177 Tel:+56.226051886</DirRecep>
+<CmnaRecep>Las Condes</CmnaRecep>
+<CiudadRecep>Santiago</CiudadRecep>
+</Receptor>
+<Totales>
+<MntNeto>8943</MntNeto>
+<TasaIVA>19</TasaIVA>
+<IVA>1699</IVA>
+<MntTotal>10642</MntTotal>
+</Totales>
+</Encabezado>
+<Detalle>
+<NroLinDet>1</NroLinDet>
+<NmbItem>dominio fyndata/6895189/1</NmbItem>
+<QtyItem>1.0</QtyItem>
+<PrcItem>8942.86</PrcItem>
+<MontoItem>8943</MontoItem>
+</Detalle>
+<TED version="1.0">
+<DD>
+<RE>60910000-1</RE>
+<TD>33</TD>
+<F>2336600</F>
+<FE>2019-08-08</FE>
+<RR>76555835-2</RR>
+<RSR>FYNPAL SPA</RSR>
+<MNT>10642</MNT>
+<IT1>dominio fyndata/6895189/1</IT1>
+<CAF version="1.0">
+<DA>
+<RE>60910000-1</RE>
+<RS>UNIVERSIDAD DE CHILE</RS>
+<TD>33</TD>
+<RNG>
+<D>2332141</D>
+<H>2342140</H>
+</RNG>
+<FA>2019-07-26</FA>
+<RSAPK>
+<M>x72ZshWkkg+YP+uhApMtGPaFPr7DKS3aK7LXTKvVBpCwWJmuvaQvTBnvxnBJVSnU0IVZUYPayO3NTLrLOFwxWw==</M>
+<E>Aw==</E>
+</RSAPK>
+<IDK>300</IDK>
+</DA>
+<FRMA algoritmo="SHA1withRSA">RJh0IgoGPl5SJrrRz/pZPt4i/3EweSAsnUFKo56OP0vwplcqNaaHmUT4IA21kJ7UJkt1KYKiDXco6P61sjLmFg==</FRMA>
+</CAF>
+<TSTED>2019-08-09T09:41:09</TSTED>
+</DD>
+<FRMT algoritmo="SHA1withRSA">NQe6wuZp1zwAjliDNobKgn7Pid6HlhTlEuP2n3xYDBgUZYe8NbJsOP337C3cptUPHylCBO7/8SmaBjJnPYgyyA==</FRMT>
+</TED>
+<TmstFirma>2019-08-09T09:41:09</TmstFirma>
+</Documento>
+<Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
+<SignedInfo>
+<CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/>
+<SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
+<Reference URI="#DTE-33-2336600">
+<DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
+<DigestValue>FYAfBvdM9IXwWnv9VIG/rVEBSGQ=</DigestValue>
+</Reference>
+</SignedInfo>
+<SignatureValue>
+oPypEHHhjUD62obkzgftzQZHvsEhb319UFVwf8DtRW2esiq0RrT5Iu0jXSNpA0fWan0XoRYaWfKX
+1MbCAMxhdPsmxjUxFqA5npPA3z/h/8IMR7amaC3lJtgi07P5U8aZ+2VZm0rOaZPGo5tqFo60E7nL
+f4dQg+CB68hDZcfCwZM9OZz+mJ5o9qjXyIqKLYTljvfHD13n9UiBHoOoootyjLI//2ytemiwtq0V
+fMjW6aOl9MSr79huvu9p4AIwrbNR2kmfjCVJCRPKMzpsLH+ED4Y0X4PxVNmUKDGoVg4m7/FhXSSz
+DqvLBVSJp4xyNEik7BlSoCNTMu1ytXPVqMSvQw==
+</SignatureValue>
+<KeyInfo>
+<KeyValue>
+<RSAKeyValue>
+<Modulus>
+qZxedJpwh9O3/fzz+PK8jN1BdoLMecLxFmD+WUIEs88gkJ8xfAPihzTR0lBqxa9BTfqH0ClNLg3Y
+yfuP88Eaet7HRW/KNOWo98Dpzgu4uWgK4RTI2uZjusc7KHATTphczryUVSkP/jag12GW4uzfR0cs
+D+PXyUZphhdrks+U3ycAxWRCpeCddxybNvfHQOykHnG5eW6bDVwCeEI/m/S6I9b8Z2ziJFrFhbqH
+S5IBSwQKmXbv/t9gMYQ3y8z5mPsN2KzdmVGvfxIDTcmNqx25X5wcdIoI4v01/mk9LTmmPKwtipz9
+1ocYoFSR0c/jMUJApEe26GxKqhXxx/AqSBlwmw==
+</Modulus>
+<Exponent>AQAB</Exponent>
+</RSAKeyValue>
+</KeyValue>
+<X509Data>
+<X509Certificate>
+MIIDqjCCApKgAwIBAgIUbi8ZEk0yHygPpMFA9X5U8ePe/4IwDQYJKoZIhvcNAQEL
+BQAweDELMAkGA1UEBhMCQ0wxCzAJBgNVBAgMAlJNMREwDwYDVQQHDAhTYW50aWFn
+bzENMAsGA1UECgwEQWNtZTENMAsGA1UECwwEQWNtZTENMAsGA1UEAwwEQWNtZTEc
+MBoGCSqGSIb3DQEJARYNQWNtZUBBY21lLmNvbTAeFw0yNDEyMTExODAyMDZaFw0y
+NTAxMTAxODAyMDZaMHgxCzAJBgNVBAYTAkNMMQswCQYDVQQIDAJSTTERMA8GA1UE
+BwwIU2FudGlhZ28xDTALBgNVBAoMBEFjbWUxDTALBgNVBAsMBEFjbWUxDTALBgNV
+BAMMBEFjbWUxHDAaBgkqhkiG9w0BCQEWDUFjbWVAQWNtZS5jb20wggEiMA0GCSqG
+SIb3DQEBAQUAA4IBDwAwggEKAoIBAQCueUjJeFhrl/MwNzTx0KN3RXhPtXYURWTK
+Eg7NWrw4+Ho7UNg5f9EnVJQ8yPvEkD2aNmOL6kH/waabB5hjhWD2xE0JbPd/3rNr
+ttGAMYwVPyWOcB7Btho3B88D8ek4Abg1jvjTiuHy/hg2PINnpz7Nh85kPtf2p4vq
+vqMG9kkuAoyNKDkU36UE6lLBsvtChFJq1ReMyS4+jGD0ubeqm/ZO5rKHnK6vKt34
+gTqVsBl9QyhFM3y2eO7jopPgV5U2pFCjzBk+ReNorIq0gP0G4PtHh+ul1AHrksGX
+3HWtJ90xOFiPGAKopLogbC7BlMMl69zHvNWZ/DXhIpFLQN+hH515AgMBAAGjLDAq
+MAkGA1UdEwQCMAAwHQYDVR0OBBYEFBgSkITjAZmbgBE+4QqMjIR/BabhMA0GCSqG
+SIb3DQEBCwUAA4IBAQCYY1KfD/NjxaqmOzcpXeCNPuObOP1Oox1hGnlqEcIGmwib
+LQL8ogZBNIF5cB9MKbxNWHQ+70HUJ2xiv85L42xTuaFxmaZXfjih/5B0rAUB7nmZ
+d/nz33vIGea2Xvv3Ou3xntkK4L4cky7FD6rieJqodNd+DBPWxjf24yPSn+4qze1q
+WEKan/cwOrxMV4TVqHR1HUZnT7IFkD5gVumlOXADAsh17oPvNNgrnyd0ebxt8WkG
+M6Ybv7ZXvOVbzER//MRbOjoQ1BESBzh9PNPCU3av5Cbl0Nkaa1Fb3F8NzVeyWG9W
+EikDFNiRsLSNuyC96XUU+nJnVIyPd4aCa7/bC4OJ
+</X509Certificate>
+</X509Data>
+</KeyInfo>
+</Signature>
+</DTE>

src/tests/test_data/sii-dte/DTE--76354771-K--33--170--cleaned-mod-replaced-cert.xml

@@ -70,9 +70,11 @@
 </Reference>
 </SignedInfo>
 <SignatureValue>
-fsYP5p/lNfofAz8POShrJjqXdBTNNtvv4/TWCxbvwTIAXr7BLrlvX3C/Hpfo4viqaxSu1OGFgPnk
-ddDIFwj/ZsVdbdB+MhpKkyha83RxhJpYBVBY3c+y9J6oMfdIdMAYXhEkFw8w63KHyhdf2E9dnbKi
-wqSxDcYjTT6vXsLPrZk=
+wwOMQuFqa6c5gzYSJ5PWfo0OiAf+yNcJK6wx4xJ3VNehlAcMrUB2q+rK/DDhCvjxAoX4NxBACiFD
+MrTMIfvxrwXjLd1oX37lSFOtsWX6JxL0SV+tLF7qvWCu1Yzw8ypUf7GDkbymJkoTYDF9JFF8kYU4
+FdU2wttiwne9XH8QFHgXsocKP/aygwiOeGqiNX9o/O5XS2GWpt+KM20jrvtYn7UFMED/3aPacCb1
+GABizr8mlVEZggZgJunMDChpFQyEigSXMK5I737Ac8D2bw7WB47Wj1WBL3sCFRDlXUXtnMvChBVp
+0HRUXYuKHyfpCzqIBXygYrIZexxXgOSnKu/yGg==
 </SignatureValue>
 <KeyInfo>
 <KeyValue>
@@ -87,50 +89,35 @@ Uavs/9J+gR9BBMs/eYE=
 </KeyValue>
 <X509Data>
 <X509Certificate>
-MIIIDTCCBvWgAwIBAgIQXD9eCvh/44P1ET5RI1LuJjANBgkqhkiG9w0BAQsFADBU
-MQswCQYDVQQGEwJVUzEeMBwGA1UEChMVR29vZ2xlIFRydXN0IFNlcnZpY2VzMSUw
-IwYDVQQDExxHb29nbGUgSW50ZXJuZXQgQXV0aG9yaXR5IEczMB4XDTE5MDMyNjEz
-NDA0MFoXDTE5MDYxODEzMjQwMFowZjELMAkGA1UEBhMCVVMxEzARBgNVBAgMCkNh
-bGlmb3JuaWExFjAUBgNVBAcMDU1vdW50YWluIFZpZXcxEzARBgNVBAoMCkdvb2ds
-ZSBMTEMxFTATBgNVBAMMDCouZ29vZ2xlLmNvbTBZMBMGByqGSM49AgEGCCqGSM49
-AwEHA0IABANpWSLXLbJm5eRzc1EJmvSIbz0nANT+b11r+XhSUCAbfQhS+4M/91YJ
-gVE6UtZJrLO7GGxvp1tV/DL857NaLEWjggWSMIIFjjATBgNVHSUEDDAKBggrBgEF
-BQcDATAOBgNVHQ8BAf8EBAMCB4AwggRXBgNVHREEggROMIIESoIMKi5nb29nbGUu
-Y29tgg0qLmFuZHJvaWQuY29tghYqLmFwcGVuZ2luZS5nb29nbGUuY29tghIqLmNs
-b3VkLmdvb2dsZS5jb22CGCouY3Jvd2Rzb3VyY2UuZ29vZ2xlLmNvbYIGKi5nLmNv
-gg4qLmdjcC5ndnQyLmNvbYIKKi5nZ3BodC5jboIWKi5nb29nbGUtYW5hbHl0aWNz
-LmNvbYILKi5nb29nbGUuY2GCCyouZ29vZ2xlLmNsgg4qLmdvb2dsZS5jby5pboIO
-Ki5nb29nbGUuY28uanCCDiouZ29vZ2xlLmNvLnVrgg8qLmdvb2dsZS5jb20uYXKC
-DyouZ29vZ2xlLmNvbS5hdYIPKi5nb29nbGUuY29tLmJygg8qLmdvb2dsZS5jb20u
-Y2+CDyouZ29vZ2xlLmNvbS5teIIPKi5nb29nbGUuY29tLnRygg8qLmdvb2dsZS5j
-b20udm6CCyouZ29vZ2xlLmRlggsqLmdvb2dsZS5lc4ILKi5nb29nbGUuZnKCCyou
-Z29vZ2xlLmh1ggsqLmdvb2dsZS5pdIILKi5nb29nbGUubmyCCyouZ29vZ2xlLnBs
-ggsqLmdvb2dsZS5wdIISKi5nb29nbGVhZGFwaXMuY29tgg8qLmdvb2dsZWFwaXMu
-Y26CESouZ29vZ2xlY25hcHBzLmNughQqLmdvb2dsZWNvbW1lcmNlLmNvbYIRKi5n
-b29nbGV2aWRlby5jb22CDCouZ3N0YXRpYy5jboINKi5nc3RhdGljLmNvbYISKi5n
-c3RhdGljY25hcHBzLmNuggoqLmd2dDEuY29tggoqLmd2dDIuY29tghQqLm1ldHJp
-Yy5nc3RhdGljLmNvbYIMKi51cmNoaW4uY29tghAqLnVybC5nb29nbGUuY29tghYq
-LnlvdXR1YmUtbm9jb29raWUuY29tgg0qLnlvdXR1YmUuY29tghYqLnlvdXR1YmVl
-ZHVjYXRpb24uY29tghEqLnlvdXR1YmVraWRzLmNvbYIHKi55dC5iZYILKi55dGlt
-Zy5jb22CGmFuZHJvaWQuY2xpZW50cy5nb29nbGUuY29tggthbmRyb2lkLmNvbYIb
-ZGV2ZWxvcGVyLmFuZHJvaWQuZ29vZ2xlLmNughxkZXZlbG9wZXJzLmFuZHJvaWQu
-Z29vZ2xlLmNuggRnLmNvgghnZ3BodC5jboIGZ29vLmdsghRnb29nbGUtYW5hbHl0
-aWNzLmNvbYIKZ29vZ2xlLmNvbYIPZ29vZ2xlY25hcHBzLmNughJnb29nbGVjb21t
-ZXJjZS5jb22CGHNvdXJjZS5hbmRyb2lkLmdvb2dsZS5jboIKdXJjaGluLmNvbYIK
-d3d3Lmdvby5nbIIIeW91dHUuYmWCC3lvdXR1YmUuY29tghR5b3V0dWJlZWR1Y2F0
-aW9uLmNvbYIPeW91dHViZWtpZHMuY29tggV5dC5iZTBoBggrBgEFBQcBAQRcMFow
-LQYIKwYBBQUHMAKGIWh0dHA6Ly9wa2kuZ29vZy9nc3IyL0dUU0dJQUczLmNydDAp
-BggrBgEFBQcwAYYdaHR0cDovL29jc3AucGtpLmdvb2cvR1RTR0lBRzMwHQYDVR0O
-BBYEFM8C2hpNgJL/BEX/yzeB408dhba2MAwGA1UdEwEB/wQCMAAwHwYDVR0jBBgw
-FoAUd8K4UJpndnaxLcKG0IOgfqZ+ukswIQYDVR0gBBowGDAMBgorBgEEAdZ5AgUD
-MAgGBmeBDAECAjAxBgNVHR8EKjAoMCagJKAihiBodHRwOi8vY3JsLnBraS5nb29n
-L0dUU0dJQUczLmNybDANBgkqhkiG9w0BAQsFAAOCAQEAF9PM41ShwCbhtJG7tj2y
-ZvF2sHbQ5YuZrMfJc6eeCG+nCKm1U5iJzXnXctFGvfJnUCZpj9YrfwDswdEddWyZ
-IG6m6wONF3ZiQifQrcDi0oDA+0BwjEuzYGCGkbfE+Xxb30bVEyDRe51DpJf+cqsb
-+DW2pYdikbdrPem5/hwdNerc7nqrQOJ93sqwbVNGktuyJsTOGNKkSwSaejxdN7yl
-g5aa4CJsE94gy4+mCywWjnnsjcLGJM3RBUxDdAdTGMldU/r33HCUCXl33Qxc4nvP
-MlE9LyFOTIJoajWcpGOsbKWiL3Zr19DKNBSn4Xof0onbtCH7dbpyMwP8XcA2O1dA
-ow==
+MIIGVDCCBTygAwIBAgIKMUWmvgAAAAjUHTANBgkqhkiG9w0BAQUFADCB0jELMAkGA1UEBhMCQ0wx
+HTAbBgNVBAgTFFJlZ2lvbiBNZXRyb3BvbGl0YW5hMREwDwYDVQQHEwhTYW50aWFnbzEUMBIGA1UE
+ChMLRS1DRVJUQ0hJTEUxIDAeBgNVBAsTF0F1dG9yaWRhZCBDZXJ0aWZpY2Fkb3JhMTAwLgYDVQQD
+EydFLUNFUlRDSElMRSBDQSBGSVJNQSBFTEVDVFJPTklDQSBTSU1QTEUxJzAlBgkqhkiG9w0BCQEW
+GHNjbGllbnRlc0BlLWNlcnRjaGlsZS5jbDAeFw0xNzA5MDQyMTExMTJaFw0yMDA5MDMyMTExMTJa
+MIHXMQswCQYDVQQGEwJDTDEUMBIGA1UECBMLVkFMUEFSQUlTTyAxETAPBgNVBAcTCFF1aWxsb3Rh
+MS8wLQYDVQQKEyZTZXJ2aWNpb3MgQm9uaWxsYSB5IExvcGV6IHkgQ2lhLiBMdGRhLjEkMCIGA1UE
+CwwbSW5nZW5pZXLDrWEgeSBDb25zdHJ1Y2Npw7NuMSMwIQYDVQQDExpSYW1vbiBodW1iZXJ0byBM
+b3BleiAgSmFyYTEjMCEGCSqGSIb3DQEJARYUZW5hY29ubHRkYUBnbWFpbC5jb20wgZ8wDQYJKoZI
+hvcNAQEBBQADgY0AMIGJAoGBAKQeAbNDqfi9M2v86RUGAYgq1ZSDioFC6OLr0SwiOaYnLsSOl+Kx
+O394PVwSGa6rZk1ErIZonyi15fU/0nHZLi8iHLB49EB5G3tCwh0s8NfqR9ck0/3Z+TXhVUdiJyJC
+/z8x5I5lSUfzNEedJRidVvp6jVGr7P/SfoEfQQTLP3mBAgMBAAGjggKnMIICozA9BgkrBgEEAYI3
+FQcEMDAuBiYrBgEEAYI3FQiC3IMvhZOMZoXVnReC4twnge/sPGGBy54UhqiCWAIBZAIBBDAdBgNV
+HQ4EFgQU1dVHhF0UVe7RXIz4cjl3/Vew+qowCwYDVR0PBAQDAgTwMB8GA1UdIwQYMBaAFHjhPp/S
+ErN6PI3NMA5Ts0MpB7NVMD4GA1UdHwQ3MDUwM6AxoC+GLWh0dHA6Ly9jcmwuZS1jZXJ0Y2hpbGUu
+Y2wvZWNlcnRjaGlsZWNhRkVTLmNybDA6BggrBgEFBQcBAQQuMCwwKgYIKwYBBQUHMAGGHmh0dHA6
+Ly9vY3NwLmVjZXJ0Y2hpbGUuY2wvb2NzcDAjBgNVHREEHDAaoBgGCCsGAQQBwQEBoAwWCjEzMTg1
+MDk1LTYwIwYDVR0SBBwwGqAYBggrBgEEAcEBAqAMFgo5NjkyODE4MC01MIIBTQYDVR0gBIIBRDCC
+AUAwggE8BggrBgEEAcNSBTCCAS4wLQYIKwYBBQUHAgEWIWh0dHA6Ly93d3cuZS1jZXJ0Y2hpbGUu
+Y2wvQ1BTLmh0bTCB/AYIKwYBBQUHAgIwge8egewAQwBlAHIAdABpAGYAaQBjAGEAZABvACAARgBp
+AHIAbQBhACAAUwBpAG0AcABsAGUALgAgAEgAYQAgAHMAaQBkAG8AIAB2AGEAbABpAGQAYQBkAG8A
+IABlAG4AIABmAG8AcgBtAGEAIABwAHIAZQBzAGUAbgBjAGkAYQBsACwAIABxAHUAZQBkAGEAbgBk
+AG8AIABoAGEAYgBpAGwAaQB0AGEAZABvACAAZQBsACAAQwBlAHIAdABpAGYAaQBjAGEAZABvACAA
+cABhAHIAYQAgAHUAcwBvACAAdAByAGkAYgB1AHQAYQByAGkAbzANBgkqhkiG9w0BAQUFAAOCAQEA
+mxtPpXWslwI0+uJbyuS9s/S3/Vs0imn758xMU8t4BHUd+OlMdNAMQI1G2+q/OugdLQ/a9Sg3clKD
+qXR4lHGl8d/Yq4yoJzDD3Ceez8qenY3JwGUhPzw9oDpg4mXWvxQDXSFeW/u/BgdadhfGnpwx61Un
++/fU24ZgU1dDJ4GKj5oIPHUIjmoSBhnstEhIr6GJWSTcDKTyzRdqBlaVhenH2Qs6Mw6FrOvRPuud
+B7lo1+OgxMb/Gjyu6XnEaPu7Vq4XlLYMoCD2xrV7WEADaDTm7KcNLczVAYqWSF1WUqYSxmPoQDFY
++kMTThJyCXBlE0NADInrkwWgLLygkKI7zXkwaw==
 </X509Certificate>
 </X509Data>
 </KeyInfo>

src/tests/test_libs_xml_utils.py

@@ -3,7 +3,7 @@
 
 import lxml.etree
 
-from cl_sii.libs.crypto_utils import load_pem_x509_cert
+from cl_sii.libs.crypto_utils import _X509CertOpenSsl, load_pem_x509_cert
 from cl_sii.libs.xml_utils import (  # noqa: F401
     XmlElement,
     XmlFeatureForbidden,
@@ -135,6 +135,9 @@ def setUpClass(cls) -> None:
         cls.with_valid_signature = read_test_file_bytes(
             'test_data/sii-dte/DTE--76354771-K--33--170--cleaned.xml'
         )
+        cls.with_valid_signature_not_expired = read_test_file_bytes(
+            'test_data/sii-dte/DTE--60910000-1--33--no-expired-sign.xml',
+        )
         cls.with_valid_signature_signed_data = read_test_file_bytes(
             'test_data/sii-dte/DTE--76354771-K--33--170--cleaned-signed_data.xml'
         )
@@ -185,6 +188,28 @@ def test_ok_external_trusted_cert(self) -> None:
         signature_xml_bytes = f.getvalue()
         self.assertEqual(signature_xml_bytes, self.with_valid_signature_signature_xml)
 
+    def test_ok_external_trusted_open_ssl_cert_with_signature(self) -> None:
+        xml_doc = parse_untrusted_xml(self.with_valid_signature)
+        cert = load_pem_x509_cert(self.xml_doc_cert_pem_bytes)
+
+        open_ssl_cert = _X509CertOpenSsl.from_cryptography(cert)
+
+        signed_data, signed_xml, signature_xml = verify_xml_signature(
+            xml_doc, trusted_x509_cert=open_ssl_cert
+        )
+
+        self.assertEqual(signed_data, self.with_valid_signature_signed_data)
+
+        f = io.BytesIO()
+        write_xml_doc(signed_xml, f)
+        signed_xml_bytes = f.getvalue()
+        self.assertEqual(signed_xml_bytes, self.with_valid_signature_signed_xml)
+
+        f = io.BytesIO()
+        write_xml_doc(signature_xml, f)
+        signature_xml_bytes = f.getvalue()
+        self.assertEqual(signature_xml_bytes, self.with_valid_signature_signature_xml)
+
     def test_ok_cert_in_signature(self) -> None:
         # TODO: implement!
 
@@ -221,7 +246,7 @@ def test_fail_verify_with_other_cert(self) -> None:
             verify_xml_signature(xml_doc, trusted_x509_cert=cert)
         self.assertEqual(
             cm.exception.args,
-            ("Signature verification failed: wrong signature length",),
+            ("Signature verification failed: ",),
         )
 
     def test_bad_cert_included(self) -> None:
@@ -244,25 +269,29 @@ def test_bad_cert_included(self) -> None:
         )
 
     def test_fail_replaced_cert(self) -> None:
+        """
+        Tests that the signature verification fails
+        when the certificate is not the one that was used to sign the document.
+        """
         xml_doc = parse_untrusted_xml(self.with_replaced_cert)
-        cert = load_pem_x509_cert(self.any_x509_cert_pem_file)
+        cert = load_pem_x509_cert(self.xml_doc_cert_pem_bytes)
 
         with self.assertRaises(XmlSignatureInvalid) as cm:
             verify_xml_signature(xml_doc, trusted_x509_cert=cert)
         self.assertEqual(
             cm.exception.args,
-            ("Signature verification failed: []",),
+            ("Signature verification failed: ",),
         )
 
     def test_fail_included_cert_not_from_a_known_ca(self) -> None:
-        xml_doc = parse_untrusted_xml(self.with_valid_signature)
+        xml_doc = parse_untrusted_xml(self.with_valid_signature_not_expired)
 
         # Without cert: fails because the issuer of the cert in the signature is not a known CA.
         with self.assertRaises(XmlSignatureInvalidCertificate) as cm:
             verify_xml_signature(xml_doc, trusted_x509_cert=None)
         self.assertEqual(
             cm.exception.args,
-            ('unable to get local issuer certificate',),
+            ('validation failed: Certificate is missing required extension',),
         )
 
     def test_fail_signed_data_modified(self) -> None: