Support XAdES

[ningzhang422]

Is it possible to extend this gems to support XAdES Signature ?

[benoist]

Hi,

I'm sure it will be possible, but unfortunately I won't be able to implement it due to time constrictions.
I personally don't use this gem anymore, but I'm happy to take pull requests.

[ningzhang422]

This is my propose
I really want to contribute the part XAdES
Please give us some suggestions to start the dev in this gem.

[ningzhang422]

If i'm not wrong
xmldsig can only sign the xml of the envoloped structure
We need to expand the development to suppport the envoloping structure
please confirm that thank you

[benoist]

It supports a few transforms. Enveloped signature is one of them.
It also supports xpath. I would assumes XAdES would be another transform?
I haven't read the spec, so I could be wrong

[ningzhang422]

XAdES transform :
http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments

[benoist]

So you need the canonicalization and the XPath transform. They are already present...

[benoist]

#25

[ningzhang422]

Transform => OK
But when the reference point to inside signature (Enveloping signature)
I got a error message :
ruby/3.0.0/gems/xmldsig-0.7.0/lib/xmldsig/reference.rb:42:in referenced_node: Could not find the referenced node IHEManifest

[benoist]

Do you have a gist with reproducable steps?

[ningzhang422]

Thank you for your quick answer

In the image, Step 1 and Step 2 have passed already. We are in step 3 to sign two references make DigestValues and SignatureValue

[benoist]

Should it not be ID instead of Id on the manifests?

https://github.com/benoist/xmldsig/blob/master/lib/xmldsig/reference.rb#L37

[ningzhang422]

When I try to sign a content which is separate from node signature.
Which means making a Detached Signature.
I got a error like below
/nemoweb/vendor/ruby/3.0.0/gems/nokogiri-1.11.6-x86_64-linux/lib/nokogiri/xml/document.rb:75:in read_memory: 2:1: FATAL: Extra content at the end of the document (Nokogiri::XML::SyntaxError)

Could you please tell me if this error is due to gem not supported Detached Signature ？

[benoist]

It's really hard to help if you don't have an example in code :)

Perhaps you can add a fixture with to the specs and try to write a spec for it in a pull request..

Just like here with the transform that you need

https://github.com/benoist/xmldsig/blob/master/spec/fixtures/signed_xml-exc-c14n%23with_comments.xml

[ningzhang422]

I've been trying to write test data for the past two days.
I found that this gem can't take the value in the attachment with 'reference'.

Do you have any suggestions please
How to write test data for such scenarios ?

[xxswingxx]

Thank you for your quick answer

In the image, Step 1 and Step 2 have passed already. We are in step 3 to sign two references make DigestValues and SignatureValue

Hey @ningzhang422 , I'm not sure if you've figured it out already but you can indicate the name of the the Id attribute so matches your case. By default this gem supports "ID" but in your screenshots it appears as "Id", so you should be able to define it using the id_attrduring the initialization:

unsigned_document = Xmldsig::SignedDocument.new(unsigned_xml, id_attr: 'Id')
signed_xml = unsigned_document.sign(private_key)