adding countersign to an already signed xml doc

Question

adding countersign to an already signed xml doc

dzejdzi opened this issue a year ago · 0 comments

hello,
I want to use "xadesjs" for countersinging an already signed XML document. The more I try several different approaches the more I think that the API is not tailored to do that. The thing is that the structure of my countersigned XML doc is fine(according to XAdES-BES spec), but when it comes to the verification process, it turns out that Integrity was not retained :(

Assuming that my signed XML document contains attribute Id for SignedValue property, and also there are given privateKey, publicKey and certificate, I try to run a code that looks like this:

const strippedCertificate = '...' //  prepared encode certificate without pem header
const alreadySignedDocument = XAdES.Parse('documentInString')
 const counterSignature = new XAdES.SignedXml();
const sigValueElement = alreadySignedDocument.getElementsByTagNameNS(
      'http://www.w3.org/2000/09/xmldsig#',
      'SignatureValue'
    )[0];
const sigValueId = sigValueElement.getAttribute('Id');
return Promise.resolve()
     ... // pre-stuff needed to run further instructions 
      .then(() =>
      counterSignature.Sign(
          { name: 'RSASSA-PKCS1-v1_5', hash: { name: 'SHA-256' } },
          privateKey,
          alreadySignedDocument, // is this okay ? or should it be SignatureValue property according to W3C spec or ETSI XAdES spec. ?
          {
            // @ts-ignore
            keyValue: publicKey,
            references: [
              {
                hash: 'SHA-256',
                type: 'http://uri.etsi.org/01903#CountersignedSignature',
                uri: '#' + sigValueId // reference to SignatureValue property of the signature
              }
            ],
            x509: [strippedCertificate],
            signingCertificate: strippedCertificate
          }
        )
      ).then(...
      // Here it goes appending the countersign element to UnsignedSigntureProperties and then to UnsignedProperties, and eventually to the QualifyingProperties 
      )

Could you write down the appropriate code for achieving a countersignature?

By the way are there any limitations for achieving that within xadesjs@2.0.15 vs. the last version?
And one more question: how can I add or pass some config to "Sign()" method to add "Id" attribute for "SignatureValue" property during the signing (I mean during adding the first qualified signature)?

I appreciate your help with any tips you will give me.

Best,
Jakub