Problem with xml signature
I'm trying to sign an xml but this is showing an Id attribute in the Signature tag and the xmlns attribute is not appearing.
This is the xml generated:
<Signature Id="Id-80170FF0-0678-47D5-8C8B-771AA4E334E6">
<SignedInfo>
<CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/>
<SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
<Reference URI="#ID2102103519037442275900010755000000003309115569507501">
<Transforms>
<Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
<Transform Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/>
</Transforms>
<DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<DigestValue>wwcIz10ydGwGr3DYsCl+l6IfwyY=</DigestValue>
</Reference>
</SignedInfo>
<SignatureValue>PyJvYnxxS/...</SignatureValue>
<KeyInfo>
<X509Data>
<X509Certificate>MIIHqjCCBZKg...</X509Certificate>
</X509Data>
</KeyInfo>
</Signature>
And this is the xml expected:
<Signature xmlns="http://www.w3.org/2000/09/xmldsig#"> <SignedInfo> <CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315" /> <SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" /> <Reference URI="#ID2102103519037442275900010755000000003309115569507501"> <Transforms> <Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" /> <Transform Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315" /> </Transforms> <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" /> <DigestValue>wwcIz10ydGwGr3DYsCl+l6IfwyY=</DigestValue> </Reference> </SignedInfo> <SignatureValue>aJLT3XDORDA8..</SignatureValue> <KeyInfo> <X509Data> <X509Certificate>MIIHqjCCBZKgAwIBAg...</X509Certificate> </X509Data> </KeyInfo> </Signature>
I'm trying sign the xml using this code:
SET tCredencial = ##class(%SYS.X509Credentials).GetByAlias("Credential") SET tParts = $$$SOAPWSIncludeSoapBody SET tRef = $$$KeyInfoX509Certificate SET tSignature = ##class(%XML.Security.Signature).CreateX509(tCredencial,tParts,tRef,.tSC) DO tSignature.SetSignatureMethod($$$SOAPWSrsasha1) DO tSignature.SetDigestMethod($$$SOAPWSsha1) Set tSignature.SignedInfo.CanonicalizationMethod.Algorithm=$$$SOAPWSc14n SET tRefid = XML.evento.infEvento.Id SET tAlgorithm = $$$SOAPWSEnvelopedSignature_","_$$$SOAPWSc14n #DIM tReference As %XML.Security.Reference SET tReference = ##class(%XML.Security.Reference).Create(tRefid,tAlgorithm) DO tSignature.AddReference(tReference) SET XML.evento.Signature = tSignature // this method convert %XML.Adapter on %XML.Document SET document = ..GetXMLDoc(XML) SET tSC = tSignature.SignDocument(document)
Is it Xades?
I've done Xades signing, but not with RSA algorithms. Still, might be useful for you. Drop me your GitHub username if you need the code.
To add Xades support I used a reference implementation in .Net - read the Xades docs on how it's supposed to work, then decompiled .Net libraries to see how it all actually works, and recreated it in ObjectScript.
Yes is a XADES, My github is https://github.com/SanchesDaniel
Nice! I will defenitly try this out, thanks
This is the full Xml I'm signing.
I set the tSignature inside my XML object that has a property Signature of type% XML.Security.Signature and then convert to% XML.Document and do the sign
SET XML.evento.Signature = tSignature // this method convert %XML.Adapter on %XML.Document SET document = ..GetXMLDoc(XML) SET tSC = tSignature.SignDocument(document)Hi.
I have the same problem in Ensemble.
I don't know how to hidden the Id's attribute in Signature's tag, on XML.
I've tried to change
Please, can you post the solution?
Thanks.
Done. Check isc.xades package.
@daniel-sanches-0, could you please include the complete XML output that you are seeing? (You may be able to exclude large, irrelevant portions of the content), but there may be relevant
xmlnsattributes higher up in the XML tree.Also, how are you adding the signature to your XML and getting your XML content back out from the objects?