Prefix "ds" in Signature node.

[GoogleCodeExporter]

I had problems with my signature validations by the prefix "ds", so I made 
changes to indicate whether the firm is required prefix or not.


Attachment changes made.


require(dirname(__FILE__) . '/../xmlseclibs.php');

if (file_exists(dirname(__FILE__) . '/sign-basic-test.xml')) {
    unlink(dirname(__FILE__) . '/sign-basic-test.xml');
}

$doc = new DOMDocument(); 
$doc->formatOutput = FALSE; 
$doc->preserveWhiteSpace = TRUE;

$semilla = getSeed();
$xml = 
"<getToken>\n\t<item>\n\t\t<Semilla>$semilla</Semilla>\n\t</item>\n</getToken>";

$doc->loadXML($xml);
$objDSig = new XMLSecurityDSig(FALSE);
//die;
$objDSig->setCanonicalMethod(XMLSecurityDSig::C14N);
$options['prefix'] = '';
$options['prefix_ns'] = '';
$options['force_uri'] = TRUE;
$options['id_name'] = 'ID';
$objDSig->addReference($doc, XMLSecurityDSig::SHA1, 
array(XMLSecurityDSig::TR_ENV_SIG), $options);

$objKey = new XMLSecurityKey(XMLSecurityKey::RSA_SHA1, 
array('type'=>'private'));
$pfx = file_get_contents(dirname(__FILE__) . "/file.pfx");
openssl_pkcs12_read($pfx, $key, "pass");
$objKey->loadKey($key["pkey"]);
$objDSig->add509Cert($key["cert"]);
$objDSig->sign($objKey, $doc->documentElement);

$doc->save(dirname(__FILE__) . '/sign-basic-test.xml');

Original issue reported on code.google.com by atiruz on 20 Sep 2012 at 9:35

Attachments:

• xmlseclibs.php
• sign-basic-test.xml

[GoogleCodeExporter]

I've also added the node <RSAKeyValue>

Original comment by atiruz on 20 Sep 2012 at 9:47

• Added labels: ****
• Removed labels: ****

[GoogleCodeExporter]

Issue 12 has been merged into this issue.

Original comment by cdatazon...@gmail.com on 19 Jun 2013 at 7:58

• Added labels: ****
• Removed labels: ****

[GoogleCodeExporter]

Hello,

This patch doesn't seem to be functionnal.

Neither the internal method (verify) nor external one validate the signature 
generated without prefix 'ns', the signature seems to be broken.

Which is the right way to generate XML-DSig without any prefix ?

Cédric

Original comment by cedric.clement@gmail.com on 12 Aug 2013 at 12:30

• Added labels: ****
• Removed labels: ****

[GoogleCodeExporter]

I need to go through the entire code base as adding the support will require 
changes in numerous places as I need to make sure that it doesn't break BC

Original comment by cdatazon...@gmail.com on 12 Aug 2013 at 1:30

• Added labels: ****
• Removed labels: ****

[GoogleCodeExporter]

This is in attached file the effective patch that seems to validate both sides 
(works fine for us in production environnement).

Best regards,

Cédric

Original comment by cedric.clement@gmail.com on 12 Aug 2013 at 1:46

• Added labels: ****
• Removed labels: ****

Attachments:

• xmlseclibs.php

[GoogleCodeExporter]

Thank you, Cédric!
It was wery helpfull for me. =)

Original comment by das.gust...@gmail.com on 16 Sep 2013 at 3:56

• Added labels: ****
• Removed labels: ****

[GoogleCodeExporter]

Thank you Cedric!

Original comment by narkiss...@gmail.com on 6 Feb 2015 at 7:33

• Added labels: ****
• Removed labels: ****

[GoogleCodeExporter]

how to add <RSAKeyValue> node???

Original comment by esteban....@ddsi.cl on 25 Mar 2015 at 9:00

• Added labels: ****
• Removed labels: ****

[robrichards]

The constructor for the XMLSecurityDSig now takes an optional argument for defining the prefix, if any, to be used. When not passed it uses default behavior. When set to an empty string or null, it won't use a prefix, otherwise it will use the prefix passed in. See the xml-sign-prefix.phpt test for an example

[akshaykmr286]

Wdf..
Not helpfull..Y do u suggest nonsense..

[rodrigoferra]

To remove the prefix you can pass a new prefix as parameter to class.
$objDSig = new XMLSecurityDSig('');

[langaro]

@rodrigoferra Thank you!

[falinhares]

Thanks @rodrigoferra for the tip. Solved my problem here!