You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
XMLVerifier.verify processes the first reference and calls the XMLVerifier._apply_transforms method, and because transformation algorithm http://www.w3.org/2000/09/xmldsig#enveloped-signature is being used, the function _remove_sig is called, which has the effect of detaching signature_ref from root;
XMLVerifier.verify then processes the second reference, and tries to locate the element with URI #xades-id-7881ca95cf9ee505158353417687039e in root - however, because the signature has been detached from root, and the element with that ID is enveloped by the signature, the _resolve_references method cannot find the referenced element, and fails;
I would solve the issue in the following way: in the loop that processes the references, instead of operating on root and signature_ref directly, the handling would be done on a copy of the root variable, and signature_ref would be re-resolved from the copy of root.
Please do not hesitate in giving your feedback, if you have any issues. Otherwise, I will try to make a PR implementing the solution above in the coming days.
The text was updated successfully, but these errors were encountered:
jhominal
added a commit
to jhominal/signxml
that referenced
this issue
Mar 20, 2019
I am trying to validate the following document:
https://ec.europa.eu/information_society/policy/esignature/trusted-list/tl-mp.xml
If you look at the document content, you will see that it has the following Signed Information:
In other words, for the first reference, the signature is enveloped, and for the second, the signature is enveloping.
In the 2.6.0 implementation of
XMLVerifier.verify
, I cannot validate this document, because the following sequence happens:root
and extracts the signature to variablesignature_ref
;XMLVerifier.verify
processes the first reference and calls theXMLVerifier._apply_transforms
method, and because transformation algorithmhttp://www.w3.org/2000/09/xmldsig#enveloped-signature
is being used, the function_remove_sig
is called, which has the effect of detachingsignature_ref
fromroot
;XMLVerifier.verify
then processes the second reference, and tries to locate the element with URI#xades-id-7881ca95cf9ee505158353417687039e
inroot
- however, because the signature has been detached fromroot
, and the element with that ID is enveloped by the signature, the_resolve_references
method cannot find the referenced element, and fails;I would solve the issue in the following way: in the loop that processes the references, instead of operating on
root
andsignature_ref
directly, the handling would be done on a copy of theroot
variable, andsignature_ref
would be re-resolved from the copy ofroot
.Please do not hesitate in giving your feedback, if you have any issues. Otherwise, I will try to make a PR implementing the solution above in the coming days.
The text was updated successfully, but these errors were encountered: