Reference URI is empty upon the pub.security.xml:signXML

srinivasan.ravikumar2 · November 7, 2022, 11:15am

Currently using the IS 10.3 version

Problem Description:
1. I have an XML Payload to sign it using the certificate.
2. Currently using the service pub.security.xml:signXML to sign the XML.
3. The payload that i need to sign is located with the below tag

  <vog.li:SignedInfo Id="li-21a152XXXXXXXXXXXXXXXXXXXXXXXXX">
  <vog.li:Data DataEncodingType="base64" MimeType="text/xml"> **Data to Sign** </vog.li:Data>

4. After i sign my payload i don't get to see the below tag which is Reference URI
			/SignedRoot/Signature/SignedInfo/Reference (URI value)
		its empty technically <Reference URI="">

Source Xpath : /SignedRoot/Signature/SignedInfo/Reference (URI value)
Target X path : /Signature/SignedInfo/Reference (URI value)

What am i missing / How do it bring the URI value with my Sign Info ID?

Nagendra_Prasad · November 10, 2022, 9:00am

Hi @srinivasan.ravikumar2 ,
pub.security.xml:signXML has the optional inputs nodeSelectors which lets you specify the XPath notation that identifies the nodes to be signed,
The generated signature can be placed in a specific position using the input signatureNodeSelector. Please check if using these inputs works for you.
The full documentation for this built-in service is at pub.security.xml:signXML built in services reference
-NP

srinivasan.ravikumar2 · November 11, 2022, 5:08pm

Hi NP, I have explored the same. I am able to sign the object by using the Node selector by what i am missing is the below reference ID Reference URI=“” tag.

Current Output

<SignedInfo>
<CanonicalizationMethod Algorithm="xxxxxxxx"/>
<SignatureMethod Algorithm="Xxxxxxxx"/>
*[u]<Reference URI="">[/u]*
<Transforms>
<Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
<Transforms>
<Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
<Transform Algorithm="http://www.w3.org/TR/1999/REC-xpath-19991116">
<XPath xmlns:vog.li="XXXXX">/vog.li:SignedRoot/gov.il:SignedObject/vog.li:SignedInfo/@Id</XPath>
</Transform>
</Transforms><DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<DigestValue>xxxxxxxxxxxxxxxx</DigestValue>
</Reference>
</SignedInfo>

Expected Output

<SignedInfo>
<CanonicalizationMethod Algorithm="xxxxxxxx"/>
<SignatureMethod Algorithm="Xxxxxxxx"/>
*[u]<Reference URI="#il-21a15287-b764-4fca-bad5-49dc56265d78">[/u]*
<Transforms>
<Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
<Transform Algorithm="http://www.w3.org/TR/1999/REC-xpath-19991116">
<XPath xmlns:vog.li="xxxxxxx">/</XPath>
</Transform>
</Transforms>
<DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<DigestValue>xxxxxxxxxxxxxxxx</DigestValue>
</Reference>
</SignedInfo>

SAGUser · November 24, 2022, 9:13am

Hi Srinivasan,
Here is the solution for it. To get the URI, schema location should be provided having Id attribute in it.
• Create an XSD for the input XML and provide Id attribute as Type ID.
• Set input schemaLocation to NameSpace URI and schema location as key value pair
• Provide uri value as #IdValue to appear in reference URI output (this should be with respect to node selector)
• Select the Node to encrypt. uri value should match this node Id attribute value
• Above is valid for isEveloping=true. Else you need to pass this value idXmlObject variable

Thank you.

system · May 23, 2023, 9:14am

This topic was automatically closed 180 days after the last reply. New replies are no longer allowed.