Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Empty reference URI for enveloped signature #10

Open
alphanso opened this issue Jul 28, 2017 · 11 comments
Open

Empty reference URI for enveloped signature #10

alphanso opened this issue Jul 28, 2017 · 11 comments
Assignees
@microshine
Labels
enhancement

Comments

@alphanso
Copy link

I was using this library for signing xml using the following: -

Signed XML is verified by vendor and they need empty URI or signature verification fails.

https://www.w3.org/TR/xmldsig-core/#sec-URI says

If the URI attribute is omitted altogether, the receiving application is expected to know the identity of the object.

I believe we should default to empty URI in case of enveloped signature and should make it possible to omit only by choice.
@rmhrisk
Copy link
Contributor

rmhrisk commented Jul 28, 2017

I am OK with us taking that as a change, feel free to submit a PR, absent that we can look at this when we get time.

@gine gine mentioned this issue Feb 16, 2018
Open
@gine
Copy link

gine commented Feb 16, 2018

@rmhrisk i think that there is bug on this.

If you set uri : "" in the ReferenceOptions, the code produced doesn't have the empty uri attribute. I'm trying to find where i can fix it, but i don't find the where. Can you point me.

@microshine
Copy link
Collaborator

microshine commented Feb 16, 2018
edited
Loading

@gine xmldsig has default value for Reference.Uri
https://github.com/PeculiarVentures/xmldsigjs/blob/master/src/xml/reference.ts#L45

URI is optional value in xmldsig XSD
https://github.com/PeculiarVentures/xmldsigjs/blob/master/src/xml/reference.ts#L18

You can recompile xmdsig.js file and remove defaultValue from XmlAttribute decorator
I think it'll fix your problem

@rmhrisk
Copy link
Contributor

rmhrisk commented Feb 17, 2018

@microshine it seems intuitive that setting uri : "" in the ReferenceOptions would produce a value of "" and nul an empty one? Is that right?

@microshine
Copy link
Collaborator

@rmhrisk I think so. I'll update library

@microshine microshine self-assigned this Feb 17, 2018
@microshine
Copy link
Collaborator

microshine commented Feb 17, 2018
edited
Loading

@gine I updated xmldsig. I can't publish it, cause it have some security/snyc issues. I'll fix it later. But you can try new version

npm i https://github.com/PeculiarVentures/xmldsigjs#update

If uri isn't in option, then <Reference>
If uri is "", then <Reference Uri="">
If uri is "some-id", then <Reference Uri="some-id">

@gine
Copy link

gine commented Feb 18, 2018

I made a stupid fix. I presume that your fix is better. Tomorrow i'll try it

@Ameb
Copy link

Ameb commented Feb 20, 2018
edited
Loading

Hello. I wanted to try the new version but i won't install properly. dist folder isn't generated.
image
Could you try it, @gine ?

@microshine
Copy link
Collaborator

@Ameb I added prepare script to package.json. It must fix error. Can you try it again?

@Ameb
Copy link

Ameb commented Feb 20, 2018

Thank you! Nice to have <ds:Reference URI="">

@microshine
Copy link
Collaborator

@Ameb I'll fix security/snyc issue and publish new version. Thank you for test

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@microshine microshine

Labels
enhancement
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
5 participants
@gine @Ameb @rmhrisk @alphanso @microshine