Comments (14)
can I send them to the email account in your GitHub profile?
Yes, you can. Please send me files to [email protected]
from xmldsigjs.
@microshine Just got the permission and sent you the files. Thanks! :)
from xmldsigjs.
@linkurzweg Thank you for the files you've shared. I found the problem and going to understand the reason for it and fix it.
The problem is that canonicalized reference doesn't have the new line char at the end of the XML document (xmlsec1
has that char).
from xmldsigjs.
yes
from xmldsigjs.
Here is an example of the problem
var doc = new DOMParser().parseFromString(`<?xml version="1.0" encoding="UTF-8" standalone="yes"?><Root/>\n`, "application/xml");
new XMLSerializer().serializeToString(doc);
// '<?xml version="1.0" encoding="UTF-8" standalone="yes"?><Root/>'
As you can see \n
doesn't present in the serialized document.
I'm looking for a solution how to solve it
from xmldsigjs.
@linkurzweg Thank you for the congratulation. Happy new year too!
I've just published the new version of [email protected]
. It fixes the issue.
const sigFile = fs.readFileSync("/path/to/file.sign.xml", { encoding: "utf-8" });
const dataFile = fs.readFileSync("/path/to/file.xml"); // You may use any file format (not only XML)
const sig = new xmldsig.SignedXml();
sig.LoadXml(sigFile);
const ok = await sig.Verify({
content: dataFile,
});
assert.ok(ok); // success
Please try this version
from xmldsigjs.
@microshine I just tried it and can confirm it works now! Thank you so much :)
from xmldsigjs.
Could you share your files for testing?
from xmldsigjs.
Sorry, I am not allowed to, because the files contain confidential information :/
from xmldsigjs.
Perhaps the canonicalization method returns the incorrect result.
Could you run xmlsec1
application with --store-references
option? It must print the result of <dsig:Reference/>
element processing just before calculating the digest. And log canonOutput
variable from DigestMethod
?
https://github.com/PeculiarVentures/xmldsigjs/blob/master/src/signed_xml.ts#L360
It could help to compare canonicalized results from different applications and catch the problem
from xmldsigjs.
@microshine Thank you very much for replying so quickly! I am not sure I understand. I ran xmlsec1
with the --store-references
option, but I am not sure which part of the printed output I'd need. Also, how exactly would I log the canonOutput
variable from my code? Unfortunately I don't really have a clue about how XML signature verification works.
In the meantime I have asked If I could make an exception and be allowed to send you two example files for testing. If I get the permission, can I send them to the email account in your GitHub profile? Thanks again!
from xmldsigjs.
@microshine Thank you very much for looking into it! So there's nothing I need to do on my side, just wait for an update on the package?
from xmldsigjs.
Very happy to read that it can be solved. Kind of crazy that a new line char is enough to break the signature verification.
from xmldsigjs.
@microshine Happy new year! Any news on this issue? Sorry for pestering you, just asking because I'm under a bit of pressure regarding my project. Thank you! :)
from xmldsigjs.
Related Issues (20)
- How Can I verify a file with a External Certificate file (.cer) HOT 2
- XML error HOT 1
- canonicalization result incorrect if default `xmlns` presents and text node contains `&` HOT 7
- XmlDsigEnvelopedSignatureTransform shouldn't remove all found Signatures HOT 3
- Uncaught ReferenceError: regeneratorRuntime is not defined - non-functional in browser HOT 3
- problems compiling with typescript HOT 5
- One <Transform> and c14n HOT 10
- Namespace prefix on root creates invalid signatures HOT 7
- Signature\KeyInfo\KeyName support
- Support for multiple content references to external files HOT 3
- How to set CanonicalizationMethod or default ? HOT 2
- Cannot apply transform to SignedProperties
- Cannot `Verify` signature with transforms applied HOT 5
- How to setEngine for OpenSSL without node-webcrypto-ossl
- Update dependencies HOT 1
- Need to update dependencies
- modify default reference HOT 1
- Question about ApplyTransformers
- Example for Enveloping signature
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from xmldsigjs.