How to sign an XML choose some settings?

Question

How to sign an XML choose some settings?

faelp22 opened this issue 5 months ago · 5 comments

faelp22 commented 5 months ago

Hello everyone, could anyone create an example of how to sign an XML using the following settings?

Hash
http://www.w3.org/2000/09/xmldsig#sha1

Signature
http://www.w3.org/2000/09/xmldsig#rsa-sha1

Canonicalization Methods/Transforms
http://www.w3.org/TR/2001/REC-xml-c14n-20010315

I've tried to do it, but I can't understand it.

Answer 1 · 2024-04-17T18:19:07.000Z

Your Signature element would have those settings included. The XML specifications have all of the values, but they're in code as well

Then you'll marshal and sign the xml. See tests in this repository for examples.

Answer 2 · 2024-06-11T16:53:37.000Z

I couldn't find any example on the tests folder :/

Answer 3 · 2024-06-11T21:21:07.000Z

You can specify those in the xml - https://github.com/moov-io/signedxml/blob/master/tests/testdata/issue55.xml

Then create a Signer and call .Sign - https://github.com/moov-io/signedxml/blob/master/tests/issue55_test.go#L22

Answer 4 · 2024-06-14T13:23:25.000Z

Can you help me to do this using the Signature struct that I created? @adamdecaf Here's my code:

func SignXML(xpath, canonicalizationAlgorithm, certificate, digestAlgorithm, publicKey, privateKey, xmlString string, transforms []string) error {
	if digestAlgorithm == "" {
		digestAlgorithm = "http://www.w3.org/2000/09/xmldsig#sha1"
	}

	if len(transforms) == 0 {
		transforms = []string{
			"http://www.w3.org/2000/09/xmldsig#enveloped-signature",
			"http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments",
		}
	}

	if certificate == "" {
		certificate = models.GetX509Cert(publicKey)
	}

	if canonicalizationAlgorithm == "" {
		canonicalizationAlgorithm = dsig.CanonicalXML10WithCommentsAlgorithmId.String()
	}

	if publicKey == "" {
		p, err := GetPublicKeyFromFile()
		if err != nil {
			return err
		}

		publicKey = p
	}

	if privateKey == "" {
		p, err := GetPrivateKeyFromFile()
		if err != nil {
			return err
		}

		privateKey = p
	}

	if xpath == "" {
		return errors.New("xpath is required")
	}

	transformsTypes := xmldsig.TransformsType{Transform: make([]xmldsig.TransformType, len(transforms))}

	for i, t := range transforms {
		transformsTypes.Transform[i] = xmldsig.TransformType{
			Algorithm: t,
			XPath:     []*string{&xpath},
		}
	}

	sig := xmldsig.Signature{
		KeyInfo: &xmldsig.KeyInfoType{
			X509Data: []*xmldsig.X509DataType{
				{
					X509Certificate: &certificate,
				},
			},
		},
		SignedInfo: xmldsig.SignedInfoType{
			CanonicalizationMethod: xmldsig.CanonicalizationMethodType{
				Algorithm: canonicalizationAlgorithm,
			},
			Reference: []xmldsig.ReferenceType{
				{
					Transforms: &transformsTypes,
					DigestMethod: xmldsig.DigestMethodType{
						Algorithm: digestAlgorithm,
					},
				},
			},
		},
	}

	spew.Dump(sig)
	return nil
}

Answer 5 · 2024-06-14T22:10:55.000Z

What error are you getting?