moov-io / signedxml

pure go library for processing signed XML documents
MIT License
52 stars 44 forks source link

how to support old CanonicalizationMethod ? #14

Closed chenghonour closed 1 year ago

chenghonour commented 4 years ago

For some reasons, the following algorithm must be used in the project http://www.w3.org/TR/2001/REC-xml-c14n-20010315

ccuetoh commented 4 years ago

I ran into the same problem. The version you're trying to use is 1.0 which is now outdated. The new 1.1 version is backward compatible and is supported by this library. Swap the URL for the new one (http://www.w3.org/2001/10/xml-exc-c14n#) and sign the document, everything should work fine.

In some cases, you will need to change the URL back again to the old one (http://www.w3.org/TR/2001/REC-xml-c14n-20010315) after signing for schema compatibility.

EDIT: Changed the URL from https://www.w3.org/TR/xml-c14n/ to http://www.w3.org/2001/10/xml-exc-c14n#. See below.

chenghonour commented 4 years ago

@CamiloHernandez but https://www.w3.org/TR/xml-c14n/ is not in the support list..it run out a unsupported error

ccuetoh commented 4 years ago

Whops, sorry. Misread the question.

Ok, so you are trying to use plain Canonicalization but as far as I can see this library only supports Exclusive Canonicalization, which means that it "excludes ancestor context from a canonicalized subdocument". Generally speaking, that should not be a problem unless you need the ancestor context in your signature, otherwise, in its current state, this library will not work for you.

If excluding ancestor context is not a problem for you, then the general idea of my last answer still holds. You can swap the URL for the ExclusiveCanonicalization one: http://www.w3.org/2001/10/xml-exc-c14n#

Do keep in mind that this is a workaround, as this algorithm you're trying to use not technically supported.

chenghonour commented 4 years ago

@CamiloHernandez Okay, i will try it . Thank you for your patient explanation.

chenghonour commented 4 years ago

@CamiloHernandez ohh, so hard.Because to connect to the old institutional system, I must use this expired algorithm. Otherwise, the signature will be inconsistent. Do you have a recommended tool library to support http://www.w3.org/TR/2001/REC-xml-c14n-20010315 ?

adamdecaf commented 1 year ago

It looks like this is supported on a fork of signedxml so would cherry-picking that onto master be accepted? I need this REC- algorithm as well.

adamdecaf commented 1 year ago

We support C14N10Rec now. Can you try out the v1.0.0 release and let us know how it works?