shouldn't the XML be canonicalized before calculating the digest/hash value? #21
Comments
|
What you're saying makes sense, but its been quite awhile since I've committed to or used this library. So, I can't recall all the details. Its possible that the tests and my use cases at the time didn't catch a potential issue here. Its unlikely that I'll be able to spend much time looking into this, but I'd be happy to accept a PR that addresses your use cases/concerns. |
|
I've been looking at this but I still don't have a solution, the transform block is supposed not canonicalize the block but apparently it isn't doing it. |
|
so after commenting out this I'm comparing the signature procedure against: actually xmlsec creates an attribute with the namespace, signedxml do not creates it and if you add it to the original document it is removed Another issue I had was the |
|
That might be an issue with your InclusiveNamespaces or it might be a bug. Its hard to say without the xml.
This was contributed awhile back which may help with your reference issue: |
|
I tried adding inclusive namespaces but it didn't work and xmlsec which is what everybody uses doesn't need it, it automatically adds the missing namespace |
|
@dcu Are you still seeing this issue with the v1.0.0 release of signedxml? |
|
I haven't tested but my forked repo works at least for my case dcu/signedxml |
|
@dcu I see a small change as the only difference between moov-io/signedxml and dcu/signedxml. Could you try moov-io and see if we've fixed the issue? It may be a small change/fix needed otherwise. |
from what I see in the code it is only canonicalized when calculating the signature
The text was updated successfully, but these errors were encountered: