xml-crypto icon indicating copy to clipboard operation
xml-crypto copied to clipboard

Published 20 hours ago verified publisher icon yaronn

Basic xades support

Open GauriSpears opened this issue 1 year ago • 3 comments

Finally I managed to understand minimum changes required for xades support:

  1. Add <Object><xadesQualifyingProperties>...</Object> between KeyInfo and Signature tags. I defined xadesQualifyingProperties function which should be redefined by user.
  2. Support reference to SignedProperties node which is inside xadesQualifyingProperties node.
  3. Reference to SignedProperties should have Type="http://uri.etsi.org/01903#SignedProperties" attribute.

Proposed usage example:

const sig = new SignedXml({publicCert: ..., privateKey: ..., etc.});
sig.addReference({ //your main reference to xml part needed to be signed
  xpath: "//*[local-name() = 'Body']/*[1]",
  transforms: ["http://www.w3.org/2000/09/xmldsig#enveloped-signature", "http://www.w3.org/2001/10/xml-exc-c14n#"],
  digestAlgorithm: "your algorithm",
});
sig.addReference({ //additional reference needed for xades compliance
  xpath: "//*[name()='xades:SignedProperties']",
  transforms: ["http://www.w3.org/2001/10/xml-exc-c14n#"],
  digestAlgorithm: "your algorithm",
});
const cdate=new Date().toISOString();
sig.xadesQualifyingProperties = function () { //your xadesQualifyingProperties part creation
  return '<xades:QualifyingProperties Target="#xmldsig-001'+'" xmlns:xades="http://uri.etsi.org/01903/v1.3.2#">'+
              '<xades:SignedProperties Id="xmldsig-001-signedprops">' +
                '<xades:SignedSignatureProperties>'+
                  '<xades:SigningTime>' + cdate + '</xades:SigningTime>'+
                  '<xades:SigningCertificate>'+
                    '<xades:Cert>'+
                      ...
                    '</xades:Cert>'+
                  '</xades:SigningCertificate>'+
                '</xades:SignedSignatureProperties>'+
              '</xades:SignedProperties>'+
            '</xades:QualifyingProperties>';
}
const sigpar = {location: { reference: "//*[local-name() = 'Body']/*[1]/*[1]", action: "before" }, attrs: { Id: 'xmldsig-001'}, prefix:"ds" }; //additional preferences
sig.computeSignature(your_xml, sigpar);
const result = sig.getSignedXml();

GauriSpears avatar Jan 17 '24 09:01 GauriSpears

Thank you for putting this up. Please include some tests so that this doesn't break in the future. Also, please make sure that you run npm test and npm run lint:fix, otherwise your PR might not pass the checks. After you do that, I'll review the code.

cjbarth avatar Jan 17 '24 20:01 cjbarth

Codecov Report

Attention: 10 lines in your changes are missing coverage. Please review.

Comparison is base (627d83f) 73.05% compared to head (f1ac51c) 72.47%.

Files Patch % Lines
src/signed-xml.ts 28.57% 7 Missing and 3 partials :warning:
Additional details and impacted files 
@@            Coverage Diff             @@
##           master     #444      +/-   ##
==========================================
- Coverage   73.05%   72.47%   -0.59%     
==========================================
  Files           9        9              
  Lines         902      912      +10     
  Branches      239      244       +5     
==========================================
+ Hits          659      661       +2     
- Misses        143      149       +6     
- Partials      100      102       +2

:umbrella: View full report in Codecov by Sentry.
:loudspeaker: Have feedback on the report? Share it here.

codecov[bot] avatar Jan 26 '24 18:01 codecov[bot]

Do you need help with this?

shunkica avatar Apr 18 '24 11:04 shunkica