xml-crypto
xml-crypto copied to clipboard
yaronn
addReference with empty URI i.e. `URI=""`
Couldn't find a way to sign the whole XML document and have the URL as an empty string while adding the reference
Reference URI=""
Went through the code and was able to find the way to sign the document and add the reference with URI=""
The addReference method takes the 7th argument as isEmptyUri and when it's value is true the URI is saved as "" which was the desired output.
It can be achieve something like
sign.addReference("/*", undefined, undefined, undefined, undefined, undefined, true);
@LoneRifle Probably you can help here.
Suggestion: The 4th argument in addReference method takes uri as input and if the argument's value is passed as "" it should automatically set isEmptyUri to be true. That would make the functionality easier to achieve with a cleaner code.
If you agree, I would be happy to implement it.
Also, It would be nice to add this to the documentation.
Signing the XML document with reference URI="" is one of the most basic requirements. And the library supports it, it would be really nice to add it to the README. Willing to take the documentation task as well
I'm having issues when using isEmptyUri=true.
When I try isEmptyUri = false I can verify my signature and it is all good but,
When try isEmptyUri = true I get the bellow error when verifying the signature
VERIFY ERROR: 'invalid signature: for uri calculated digest is 4jyM3Mma3Wo1zTUT8njmv9wHWVnsf2cz4bAS2POf6Do= but the xml to validate supplies digest cJ1B4QVSGSggHteZGcwznrpo5aZy+3L+tK3ZF9PXwj8='
@jaikathuria are you having the same issue?
Not actually. I had to sign the XML to be verified by an external library and I was only able to validate it with isEmptyUri=true.
I didn't try to verify the XML myself though.
How you are trying to sign and verify, I might be able to assist.
Feel free to put up a PR that includes some better documentation about this or that improves the user experience.
