# ManageX XML Signing SDK
[](https://python.org)
[](https://github.com/Aniketc068/managex_xml_sdk)
A comprehensive Python SDK for digital certificate management and XML digital signing with enterprise-grade security and multi-platform support.
## 📋 Latest Updates
- ✅ **Complete OCSP Implementation**: Full OCSP certificate validation with real-time revocation checking
- ✅ **Enhanced Security**: Comprehensive certificate chain validation and revocation checking via CRL and OCSP
- 🔒 **Enterprise-Grade**: Production-ready security implementation for enterprise applications
## 🚀 Features
- ✅ **Multi-platform Support**: Windows, Linux, macOS
- ✅ **Multiple Certificate Sources**: Windows Store, PFX files, HSM tokens
- ✅ **Enterprise Security**: Cryptographic verification against trusted root CAs
- ✅ **XML Digital Signing**: Full XML-DSig standard (RFC 3275) compliance
- ✅ **Advanced Certificate Validation**: AKI/SKI matching, CRL/OCSP checking
- ✅ **Flexible Certificate Filtering**: By CN, Organization, Email, Serial Number, CA
- ✅ **HSM Token Support**: PKCS#11 compatible hardware security modules
- ✅ **User-Friendly**: Windows certificate selection dialog integration
- ✅ **Production Ready**: Comprehensive error handling and logging
## 📦 Installation
### 1. Create and Activate Virtual Environment
#### Windows:
```cmd
python -m venv ocsp
pdf\Scripts\activate
```
#### macOS/Linux:
```cmd
python3 -m venv ocsp
source pdf/bin/activate
```
### pip install -r requirements.txt
```bash
# SDK
managex-xml-sdk
# Core dependencies
cryptography>=3.4.8
lxml>=4.6.3
requests>=2.25.1
# Windows-specific dependencies
pywin32>=228; sys_platform == "win32"
# HSM token support (optional)
PyKCS11>=1.5.12
# Development dependencies (optional)
pytest>=6.2.5
pytest-cov>=2.12.1
black>=21.9b0
flake8>=3.9.2
mypy>=0.910
# Documentation (optional)
sphinx>=4.2.0
sphinx-rtd-theme>=1.0.0
# Build tools
setuptools>=57.4.0
wheel>=0.37.0
twine>=3.4.2
```
## 🏃 Quick Start
### Basic XML Signing with Windows Certificate Store
```python
from managex_xml_sdk.core.xml_signer import XMLSigner
# Create signer with automatic certificate selection dialog
signer = XMLSigner.create(
method="store",
store="MY",
trusted_roots_folder="root_certificates"
)
# Sign XML file - Windows dialog will appear for certificate selection
success = signer.sign_file("document.xml", "signed_document.xml")
print(f"Signing successful: {success}")
```
### Advanced Configuration
```python
from managex_xml_sdk import (
XMLSigner,
WindowsStoreConfig,
CertificateFilter,
ValidationConfig,
SignatureEnvelopeParameters
)
# Configure certificate filtering
cert_filter = CertificateFilter(
cn="Aniket Chaturvedi", # Common Name
o="ManageX", # Organization
email="user@company.com", # Email from SAN
ca="Capricorn CA" # Issuing CA
)
# Configure validation with trusted root certificates
validation = ValidationConfig(
check_validity=True, # Check certificate expiration
check_revocation_crl=True, # Check CRL revocation
check_revocation_ocsp=False, # Check OCSP revocation
trusted_roots_folder="root_certificates" # Folder with trusted root CAs
)
# Create Windows Store configuration
config = WindowsStoreConfig(
store="MY",
certificate_filter=cert_filter,
validation_config=validation
)
# Create XML signer
signer = XMLSigner(config)
# Sign with custom signature parameters
signature_params = SignatureEnvelopeParameters.create_default("ManageX-Signature")
signer.sign_file("document.xml", "signed_document.xml")
```
## 🔧 Command Line Usage
The SDK includes a comprehensive command-line tool compatible with existing workflows:
```bash
# Basic signing with Windows Store (shows certificate selection dialog)
python managex_xml_signing_example.py --use-store --file document.xml
# Sign with specific certificate criteria
python managex_xml_signing_example.py --cn "Aniket" --o "ManageX" --file document.xml
# HSM token signing with PIN protection
python managex_xml_signing_example.py --use-hsm --file document.xml
# PFX file signing
python managex_xml_signing_example.py --use-pfx mycert.pfx --file document.xml
# List available certificates
python managex_xml_signing_example.py --list-certs
# List HSM tokens
python managex_xml_signing_example.py --list-tokens
```
## 📁 Certificate Sources
### 1. Windows Certificate Store
```python
config = WindowsStoreConfig(
store="MY", # Personal certificate store
certificate_filter=CertificateFilter(cn="Your Name"),
validation_config=ValidationConfig.basic_validation("root_certificates")
)
```
### 2. PFX Files (PKCS#12)
```python
config = PFXConfig(
pfx_file="certificate.pfx",
password="your_password",
certificate_filter=CertificateFilter(cn="Your Name"),
validation_config=ValidationConfig.basic_validation("root_certificates")
)
```
### 3. HSM Tokens (PKCS#11)
```python
config = HSMConfig(
dll_path="C:\\Windows\\System32\\eToken.dll", # Auto-detected if None
pin="123456", # Will prompt if not provided
certificate_filter=CertificateFilter(cn="Your Name"),
validation_config=ValidationConfig.basic_validation("root_certificates")
)
```
## 🔐 Security Features
### Trusted Root Certificate Validation
Place your trusted root CA certificates in PEM format:
```
root_certificates/
├── CCA_India/
│ └── CCA_India_2022.pem
├── Capricorn/
│ ├── Capricorn_CA_2022.pem
│ └── Capricorn_Sub_CA_Individual_2022.pem
├── eMudhra/
│ └── eMudhra_Root_CA.pem
└── Other_CAs/
└── custom_ca.pem
```
### Certificate Chain Validation
- **AKI/SKI Matching**: Authority Key Identifier to Subject Key Identifier validation
- **Cryptographic Verification**: Digital signature verification against root CAs
- **Key Usage Validation**: Ensures certificates have proper key usage for signing
- **Revocation Checking**: CRL and OCSP support
### HSM Token Protection
- **PIN Retry Limits**: Prevents token locking with multiple failed attempts
- **Token Status Monitoring**: Checks remaining PIN attempts before proceeding
- **Graceful Abort**: User can cancel operations to prevent token lock
## 📖 API Reference
### Core Classes
#### XMLSigner
Main class for XML signing operations.
```python
signer = XMLSigner(config, signature_params)
signer.sign_file(input_file, output_file) # Sign file
signed_content = signer.sign_content(xml_bytes) # Sign content
```
#### Configuration Classes
- `WindowsStoreConfig`: Windows Certificate Store configuration
- `PFXConfig`: PFX file configuration
- `HSMConfig`: HSM token configuration
#### Filter and Validation
- `CertificateFilter`: Certificate selection criteria
- `ValidationConfig`: Certificate validation rules
- `SignatureEnvelopeParameters`: XML signature customization
### Utility Functions
#### Certificate Discovery
```python
from managex_xml_sdk.signers.windows_store_signer import WindowsStoreSigner
signer = WindowsStoreSigner(config)
certificates = signer.get_all_certificates_from_store()
valid_certs = signer.filter_valid_signing_certificates(certificates)
```
#### HSM Token Discovery
```python
from managex_xml_sdk.signers.hsm_signer import HSMSigner
tokens = HSMSigner.get_all_available_tokens()
for token in tokens:
print(f"Token: {token['label']} - {token['manufacturer']}")
```
## 🛠️ Development
### Prerequisites
- Python 3.8+
- Windows: pywin32, PyKCS11 (for HSM support)
- Linux/macOS: PyKCS11 (for HSM support)
## 👨💻 Author & Support
**Aniket Chaturvedi**
- 📧 Email: [chaturvedianiket007@gmail.com](mailto:chaturvedianiket007@gmail.com)
- 🐙 GitHub: [@Aniketc068](https://github.com/Aniketc068)
- 🏢 Organization: ManageX
### Support
- 📧 **Email Support**: [chaturvedianiket007@gmail.com](mailto:chaturvedianiket007@gmail.com)
## 🙏 Acknowledgments
- Thanks to all contributors and the open-source community
- Built with ❤️ for the digital certificate and XML signing ecosystem
- Special thanks to collaborators and early adopters
## 📊 Project Status
- ✅ **Stable**: Production ready
- 🔄 **Active Development**: Regular updates and improvements
- 🌍 **Community Driven**: Open to contributions and feedback
---
**Made with ❤️ by [Aniket Chaturvedi](https://github.com/Aniketc068) for ManageX**
Raw data
{
"_id": null,
"home_page": "https://github.com/Aniketc068/managex_xml_sdk",
"name": "managex-xml-sdk",
"maintainer": "Aniket Chaturvedi",
"docs_url": null,
"requires_python": ">=3.8",
"maintainer_email": "Aniket Chaturvedi <chaturvedianiket007@gmail.com>",
"keywords": "xml, digital-signature, certificate, pkcs11, hsm, pfx, windows-store, cryptography, security, signing, managex, enterprise, pki",
"author": "Aniket Chaturvedi",
"author_email": "Aniket Chaturvedi <chaturvedianiket007@gmail.com>",
"download_url": "https://files.pythonhosted.org/packages/fb/56/cea7f9dd2e4d87675fe57cd625b65193e4c1504e096b5a5f04afe14e5b5f/managex_xml_sdk-1.0.2.tar.gz",
"platform": "any",
"description": "# ManageX XML Signing SDK\r\n\r\n[](https://python.org)\r\n[](https://github.com/Aniketc068/managex_xml_sdk)\r\n\r\nA comprehensive Python SDK for digital certificate management and XML digital signing with enterprise-grade security and multi-platform support.\r\n\r\n## \ud83d\udccb Latest Updates\r\n\r\n- \u2705 **Complete OCSP Implementation**: Full OCSP certificate validation with real-time revocation checking\r\n- \u2705 **Enhanced Security**: Comprehensive certificate chain validation and revocation checking via CRL and OCSP\r\n- \ud83d\udd12 **Enterprise-Grade**: Production-ready security implementation for enterprise applications\r\n\r\n## \ud83d\ude80 Features\r\n\r\n- \u2705 **Multi-platform Support**: Windows, Linux, macOS\r\n- \u2705 **Multiple Certificate Sources**: Windows Store, PFX files, HSM tokens\r\n- \u2705 **Enterprise Security**: Cryptographic verification against trusted root CAs\r\n- \u2705 **XML Digital Signing**: Full XML-DSig standard (RFC 3275) compliance\r\n- \u2705 **Advanced Certificate Validation**: AKI/SKI matching, CRL/OCSP checking\r\n- \u2705 **Flexible Certificate Filtering**: By CN, Organization, Email, Serial Number, CA\r\n- \u2705 **HSM Token Support**: PKCS#11 compatible hardware security modules\r\n- \u2705 **User-Friendly**: Windows certificate selection dialog integration\r\n- \u2705 **Production Ready**: Comprehensive error handling and logging\r\n\r\n## \ud83d\udce6 Installation\r\n\r\n### 1. Create and Activate Virtual Environment\r\n\r\n#### Windows:\r\n```cmd\r\npython -m venv ocsp\r\npdf\\Scripts\\activate\r\n```\r\n\r\n#### macOS/Linux:\r\n```cmd\r\npython3 -m venv ocsp\r\nsource pdf/bin/activate\r\n```\r\n\r\n### pip install -r requirements.txt\r\n```bash\r\n# SDK\r\nmanagex-xml-sdk\r\n\r\n# Core dependencies\r\ncryptography>=3.4.8\r\nlxml>=4.6.3\r\nrequests>=2.25.1\r\n\r\n# Windows-specific dependencies\r\npywin32>=228; sys_platform == \"win32\"\r\n\r\n# HSM token support (optional)\r\nPyKCS11>=1.5.12\r\n\r\n# Development dependencies (optional)\r\npytest>=6.2.5\r\npytest-cov>=2.12.1\r\nblack>=21.9b0\r\nflake8>=3.9.2\r\nmypy>=0.910\r\n\r\n# Documentation (optional)\r\nsphinx>=4.2.0\r\nsphinx-rtd-theme>=1.0.0\r\n\r\n# Build tools\r\nsetuptools>=57.4.0\r\nwheel>=0.37.0\r\ntwine>=3.4.2\r\n```\r\n\r\n## \ud83c\udfc3 Quick Start\r\n\r\n### Basic XML Signing with Windows Certificate Store\r\n\r\n```python\r\nfrom managex_xml_sdk.core.xml_signer import XMLSigner\r\n\r\n# Create signer with automatic certificate selection dialog\r\nsigner = XMLSigner.create(\r\n method=\"store\",\r\n store=\"MY\",\r\n trusted_roots_folder=\"root_certificates\"\r\n)\r\n\r\n# Sign XML file - Windows dialog will appear for certificate selection\r\nsuccess = signer.sign_file(\"document.xml\", \"signed_document.xml\")\r\nprint(f\"Signing successful: {success}\")\r\n```\r\n\r\n### Advanced Configuration\r\n\r\n```python\r\nfrom managex_xml_sdk import (\r\n XMLSigner,\r\n WindowsStoreConfig,\r\n CertificateFilter,\r\n ValidationConfig,\r\n SignatureEnvelopeParameters\r\n)\r\n\r\n# Configure certificate filtering\r\ncert_filter = CertificateFilter(\r\n cn=\"Aniket Chaturvedi\", # Common Name\r\n o=\"ManageX\", # Organization\r\n email=\"user@company.com\", # Email from SAN\r\n ca=\"Capricorn CA\" # Issuing CA\r\n)\r\n\r\n# Configure validation with trusted root certificates\r\nvalidation = ValidationConfig(\r\n check_validity=True, # Check certificate expiration\r\n check_revocation_crl=True, # Check CRL revocation\r\n check_revocation_ocsp=False, # Check OCSP revocation\r\n trusted_roots_folder=\"root_certificates\" # Folder with trusted root CAs\r\n)\r\n\r\n# Create Windows Store configuration\r\nconfig = WindowsStoreConfig(\r\n store=\"MY\",\r\n certificate_filter=cert_filter,\r\n validation_config=validation\r\n)\r\n\r\n# Create XML signer\r\nsigner = XMLSigner(config)\r\n\r\n# Sign with custom signature parameters\r\nsignature_params = SignatureEnvelopeParameters.create_default(\"ManageX-Signature\")\r\nsigner.sign_file(\"document.xml\", \"signed_document.xml\")\r\n```\r\n\r\n## \ud83d\udd27 Command Line Usage\r\n\r\nThe SDK includes a comprehensive command-line tool compatible with existing workflows:\r\n\r\n```bash\r\n# Basic signing with Windows Store (shows certificate selection dialog)\r\npython managex_xml_signing_example.py --use-store --file document.xml\r\n\r\n# Sign with specific certificate criteria\r\npython managex_xml_signing_example.py --cn \"Aniket\" --o \"ManageX\" --file document.xml\r\n\r\n# HSM token signing with PIN protection\r\npython managex_xml_signing_example.py --use-hsm --file document.xml\r\n\r\n# PFX file signing\r\npython managex_xml_signing_example.py --use-pfx mycert.pfx --file document.xml\r\n\r\n# List available certificates\r\npython managex_xml_signing_example.py --list-certs\r\n\r\n# List HSM tokens\r\npython managex_xml_signing_example.py --list-tokens\r\n```\r\n\r\n## \ud83d\udcc1 Certificate Sources\r\n\r\n### 1. Windows Certificate Store\r\n```python\r\nconfig = WindowsStoreConfig(\r\n store=\"MY\", # Personal certificate store\r\n certificate_filter=CertificateFilter(cn=\"Your Name\"),\r\n validation_config=ValidationConfig.basic_validation(\"root_certificates\")\r\n)\r\n```\r\n\r\n### 2. PFX Files (PKCS#12)\r\n```python\r\nconfig = PFXConfig(\r\n pfx_file=\"certificate.pfx\",\r\n password=\"your_password\",\r\n certificate_filter=CertificateFilter(cn=\"Your Name\"),\r\n validation_config=ValidationConfig.basic_validation(\"root_certificates\")\r\n)\r\n```\r\n\r\n### 3. HSM Tokens (PKCS#11)\r\n```python\r\nconfig = HSMConfig(\r\n dll_path=\"C:\\\\Windows\\\\System32\\\\eToken.dll\", # Auto-detected if None\r\n pin=\"123456\", # Will prompt if not provided\r\n certificate_filter=CertificateFilter(cn=\"Your Name\"),\r\n validation_config=ValidationConfig.basic_validation(\"root_certificates\")\r\n)\r\n```\r\n\r\n## \ud83d\udd10 Security Features\r\n\r\n### Trusted Root Certificate Validation\r\nPlace your trusted root CA certificates in PEM format:\r\n```\r\nroot_certificates/\r\n\u251c\u2500\u2500 CCA_India/\r\n\u2502 \u2514\u2500\u2500 CCA_India_2022.pem\r\n\u251c\u2500\u2500 Capricorn/\r\n\u2502 \u251c\u2500\u2500 Capricorn_CA_2022.pem\r\n\u2502 \u2514\u2500\u2500 Capricorn_Sub_CA_Individual_2022.pem\r\n\u251c\u2500\u2500 eMudhra/\r\n\u2502 \u2514\u2500\u2500 eMudhra_Root_CA.pem\r\n\u2514\u2500\u2500 Other_CAs/\r\n \u2514\u2500\u2500 custom_ca.pem\r\n```\r\n\r\n### Certificate Chain Validation\r\n- **AKI/SKI Matching**: Authority Key Identifier to Subject Key Identifier validation\r\n- **Cryptographic Verification**: Digital signature verification against root CAs\r\n- **Key Usage Validation**: Ensures certificates have proper key usage for signing\r\n- **Revocation Checking**: CRL and OCSP support\r\n\r\n### HSM Token Protection\r\n- **PIN Retry Limits**: Prevents token locking with multiple failed attempts\r\n- **Token Status Monitoring**: Checks remaining PIN attempts before proceeding\r\n- **Graceful Abort**: User can cancel operations to prevent token lock\r\n\r\n## \ud83d\udcd6 API Reference\r\n\r\n### Core Classes\r\n\r\n#### XMLSigner\r\nMain class for XML signing operations.\r\n```python\r\nsigner = XMLSigner(config, signature_params)\r\nsigner.sign_file(input_file, output_file) # Sign file\r\nsigned_content = signer.sign_content(xml_bytes) # Sign content\r\n```\r\n\r\n#### Configuration Classes\r\n- `WindowsStoreConfig`: Windows Certificate Store configuration\r\n- `PFXConfig`: PFX file configuration\r\n- `HSMConfig`: HSM token configuration\r\n\r\n#### Filter and Validation\r\n- `CertificateFilter`: Certificate selection criteria\r\n- `ValidationConfig`: Certificate validation rules\r\n- `SignatureEnvelopeParameters`: XML signature customization\r\n\r\n### Utility Functions\r\n\r\n#### Certificate Discovery\r\n```python\r\nfrom managex_xml_sdk.signers.windows_store_signer import WindowsStoreSigner\r\n\r\nsigner = WindowsStoreSigner(config)\r\ncertificates = signer.get_all_certificates_from_store()\r\nvalid_certs = signer.filter_valid_signing_certificates(certificates)\r\n```\r\n\r\n#### HSM Token Discovery\r\n```python\r\nfrom managex_xml_sdk.signers.hsm_signer import HSMSigner\r\n\r\ntokens = HSMSigner.get_all_available_tokens()\r\nfor token in tokens:\r\n print(f\"Token: {token['label']} - {token['manufacturer']}\")\r\n```\r\n\r\n## \ud83d\udee0\ufe0f Development\r\n\r\n### Prerequisites\r\n- Python 3.8+\r\n- Windows: pywin32, PyKCS11 (for HSM support)\r\n- Linux/macOS: PyKCS11 (for HSM support)\r\n\r\n## \ud83d\udc68\u200d\ud83d\udcbb Author & Support\r\n\r\n**Aniket Chaturvedi**\r\n- \ud83d\udce7 Email: [chaturvedianiket007@gmail.com](mailto:chaturvedianiket007@gmail.com)\r\n- \ud83d\udc19 GitHub: [@Aniketc068](https://github.com/Aniketc068)\r\n- \ud83c\udfe2 Organization: ManageX\r\n\r\n### Support\r\n- \ud83d\udce7 **Email Support**: [chaturvedianiket007@gmail.com](mailto:chaturvedianiket007@gmail.com)\r\n\r\n\r\n## \ud83d\ude4f Acknowledgments\r\n\r\n- Thanks to all contributors and the open-source community\r\n- Built with \u2764\ufe0f for the digital certificate and XML signing ecosystem\r\n- Special thanks to collaborators and early adopters\r\n\r\n## \ud83d\udcca Project Status\r\n\r\n- \u2705 **Stable**: Production ready\r\n- \ud83d\udd04 **Active Development**: Regular updates and improvements\r\n- \ud83c\udf0d **Community Driven**: Open to contributions and feedback\r\n\r\n---\r\n\r\n**Made with \u2764\ufe0f by [Aniket Chaturvedi](https://github.com/Aniketc068) for ManageX**\r\n",
"bugtrack_url": null,
"license": "MIT",
"summary": "A comprehensive Python SDK for digital certificate management and XML digital signing",
"version": "1.0.2",
"project_urls": {
"Bug Reports": "https://github.com/Aniketc068/managex_xml_sdk/issues",
"Discussions": "https://github.com/Aniketc068/managex_xml_sdk/discussions",
"Documentation": "https://github.com/Aniketc068/managex_xml_sdk/wiki",
"Homepage": "https://github.com/Aniketc068/managex_xml_sdk",
"Source": "https://github.com/Aniketc068/managex_xml_sdk"
},
"split_keywords": [
"xml",
" digital-signature",
" certificate",
" pkcs11",
" hsm",
" pfx",
" windows-store",
" cryptography",
" security",
" signing",
" managex",
" enterprise",
" pki"
],
"urls": [
{
"comment_text": null,
"digests": {
"blake2b_256": "34c4542463b85f4e2c7bc4766b674d7b554d7d7422c7b5c455f89de3062e8f6d",
"md5": "fd6506cb55e76a0b67f43f87afca87c0",
"sha256": "033dd6236b4f2d3cf65e8d4827f81d5e49478d36e39fcddd32236662a36eeeb5"
},
"downloads": -1,
"filename": "managex_xml_sdk-1.0.2-py3-none-any.whl",
"has_sig": false,
"md5_digest": "fd6506cb55e76a0b67f43f87afca87c0",
"packagetype": "bdist_wheel",
"python_version": "py3",
"requires_python": ">=3.8",
"size": 40209,
"upload_time": "2025-10-07T12:34:28",
"upload_time_iso_8601": "2025-10-07T12:34:28.681680Z",
"url": "https://files.pythonhosted.org/packages/34/c4/542463b85f4e2c7bc4766b674d7b554d7d7422c7b5c455f89de3062e8f6d/managex_xml_sdk-1.0.2-py3-none-any.whl",
"yanked": false,
"yanked_reason": null
},
{
"comment_text": null,
"digests": {
"blake2b_256": "fb56cea7f9dd2e4d87675fe57cd625b65193e4c1504e096b5a5f04afe14e5b5f",
"md5": "e6d20ee46188bdd4777fd7a123a7d1de",
"sha256": "0fba53e346a169894ee80b1c2c509adbb5461d35b141baf6e7e4f1128afc301d"
},
"downloads": -1,
"filename": "managex_xml_sdk-1.0.2.tar.gz",
"has_sig": false,
"md5_digest": "e6d20ee46188bdd4777fd7a123a7d1de",
"packagetype": "sdist",
"python_version": "source",
"requires_python": ">=3.8",
"size": 76361,
"upload_time": "2025-10-07T12:34:30",
"upload_time_iso_8601": "2025-10-07T12:34:30.111538Z",
"url": "https://files.pythonhosted.org/packages/fb/56/cea7f9dd2e4d87675fe57cd625b65193e4c1504e096b5a5f04afe14e5b5f/managex_xml_sdk-1.0.2.tar.gz",
"yanked": false,
"yanked_reason": null
}
],
"upload_time": "2025-10-07 12:34:30",
"github": true,
"gitlab": false,
"bitbucket": false,
"codeberg": false,
"github_user": "Aniketc068",
"github_project": "managex_xml_sdk",
"github_not_found": true,
"lcname": "managex-xml-sdk"
}
JSON
