signedxml icon indicating copy to clipboard operation
signedxml copied to clipboard

Published 20 hours ago verified publisher icon moov-io

how to support old CanonicalizationMethod ?

Open chenghonour opened this issue 4 years ago • 5 comments

For some reasons, the following algorithm must be used in the project http://www.w3.org/TR/2001/REC-xml-c14n-20010315

chenghonour avatar Apr 15 '20 14:04 chenghonour

I ran into the same problem. The version you're trying to use is 1.0 which is now outdated. The new 1.1 version is backward compatible and is supported by this library. Swap the URL for the new one (http://www.w3.org/2001/10/xml-exc-c14n#) and sign the document, everything should work fine.

In some cases, you will need to change the URL back again to the old one (http://www.w3.org/TR/2001/REC-xml-c14n-20010315) after signing for schema compatibility.

EDIT: Changed the URL from https://www.w3.org/TR/xml-c14n/ to http://www.w3.org/2001/10/xml-exc-c14n#. See below.

ccuetoh avatar Apr 15 '20 14:04 ccuetoh

@CamiloHernandez but https://www.w3.org/TR/xml-c14n/ is not in the support list..it run out a unsupported error

chenghonour avatar Apr 15 '20 15:04 chenghonour

Whops, sorry. Misread the question.

Ok, so you are trying to use plain Canonicalization but as far as I can see this library only supports Exclusive Canonicalization, which means that it "excludes ancestor context from a canonicalized subdocument". Generally speaking, that should not be a problem unless you need the ancestor context in your signature, otherwise, in its current state, this library will not work for you.

If excluding ancestor context is not a problem for you, then the general idea of my last answer still holds. You can swap the URL for the ExclusiveCanonicalization one: http://www.w3.org/2001/10/xml-exc-c14n#

Do keep in mind that this is a workaround, as this algorithm you're trying to use not technically supported.

ccuetoh avatar Apr 15 '20 16:04 ccuetoh

@CamiloHernandez Okay, i will try it . Thank you for your patient explanation.

chenghonour avatar Apr 15 '20 16:04 chenghonour

@CamiloHernandez ohh, so hard.Because to connect to the old institutional system, I must use this expired algorithm. Otherwise, the signature will be inconsistent. Do you have a recommended tool library to support http://www.w3.org/TR/2001/REC-xml-c14n-20010315 ?

chenghonour avatar Apr 16 '20 00:04 chenghonour

It looks like this is supported on a fork of signedxml so would cherry-picking that onto master be accepted? I need this REC- algorithm as well.

adamdecaf avatar Mar 23 '23 15:03 adamdecaf

We support C14N10Rec now. Can you try out the v1.0.0 release and let us know how it works?

adamdecaf avatar Apr 21 '23 18:04 adamdecaf