-
Notifications
You must be signed in to change notification settings - Fork 174
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Signature did not verify #216
Comments
Hola compatriota, lograste solucionarlo? Tengo el mismo problema, obtengo este error como respuesta |
Lograron solucionar sobre el error Incorrect reference digest value? |
Hola, alguien pudo resolver ese problema de "reference digest value"? |
Buenas, lograron resolver este problema?, hasta ahora me valida que la firma esta mal |
@VaLThieL did you ever figure this out? If not, would you mind elaborating on what reference(s) failed signature validation? I was getting a similar problem, but I don't want to post my solution if the problem I was having is from a different root cause. |
hasta el momento no e podido solucionarlo, me devuelve error al validar la firma |
Si estimado, al final use un servicio de python para encriptar, en si es mi middleware por así decirlo
Cant with this library, at the end I use a python complement |
@cjbarth sorry - been pretty busy. Give me a few minutes to catch up and figure out where all this is at |
Hello guys, I managed to solve it, tomorrow I will share my solution |
Again, sorry for the late response! When I wasn't able to verify the signatures that I was generating, it was because I rolled my own implementation of WS-Security and the Timestamp element existed in the same namespace alias as the I'm honestly unsure whether this is a "bug" or a valid interpretation of the XML digital signature specification. I'm curious and eager to see how you solved your problem 😄 |
this was my solution const signature = new SignedXml();
signature.addReference(
"//*[local-name(.)='Invoice']",
[
'http://www.w3.org/2000/09/xmldsig#enveloped-signature',
'http://www.w3.org/2001/10/xml-exc-c14n#',
],
'http://www.w3.org/2001/04/xmlenc#sha256',
'',
'',
'',
true,
);
signature.signingKey = Buffer.from(certificate.key);
signature.canonicalizationAlgorithm =
'http://www.w3.org/2001/10/xml-exc-c14n#';
signature.signatureAlgorithm =
'http://www.w3.org/2001/04/xmldsig-more#rsa-sha256';
signature.keyInfoProvider = this.keyInfoProvider(certificate);
signature.computeSignature(xml, {
prefix: 'ds',
location: {
reference: ".//*[local-name(.)='ExtensionContent']",
action: 'prepend',
},
attrs: {
Id: 'SignatureSP',
},
});
return signature.getSignedXml(); |
@erwn2793 - is one of the elements your signing in the 'wsu' namespace? Setting the namespace prefix explicitly in As I mentioned, I had to alias the xml-dsig namespace to 'wsu0' for my Timestamp element, but I also explicitly set the prefix to 'wsu1' for computeSignature so that I could add the comment "must be a different namespace than the Timestamp element" Also, in your code, does |
I'm stuck by several days on this. The digest is correct but when I verify the xml generated, I got the signature is invalid
here's my code
I'm putting the generated zip too
20529473169-01-F001-256.zip
NOTE: I was using this link too besides the company service to check the xml generated
https://tools.chilkat.io/xmlDsigVerify.cshtml
Please I really need help, I'm stuck and I don't know what to do, add normalizeLineEndings function for check if is something with the break lines, try with implicit transforms too, but nothing.
The text was updated successfully, but these errors were encountered: