Documentation for adding InclusiveNamespaces and PrefixList to CanonicalizationMethod and Transforms

[crabey]

Hello

I’m having trouble getting InclusiveNamespaces to work like intended. It would be great to have an example in the library documentation that shows how to achieve this.

I want my XML SignedInfo part to look like this:

<ds:SignedInfo>
  <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
    <ec:InclusiveNamespaces xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#" PrefixList="soapenv urn urn1 urn2"/>
  </ds:CanonicalizationMethod>
  <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
  <ds:Reference URI="#TS-94B652AC5EA054E08B156034518270218">
    <ds:Transforms>
      <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
        <ec:InclusiveNamespaces xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#" PrefixList="wsse soapenv urn urn1 urn2"/>
      </ds:Transform>
    </ds:Transforms>
    <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
    <ds:DigestValue>h5Evftf429SeUkW0UMnMt2EregM=</ds:DigestValue>
  </ds:Reference>
  <ds:Reference URI="#id-94B6F97C5E5232E08B156034518272522">
    <ds:Transforms>
      <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
        <ec:InclusiveNamespaces xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#" PrefixList="urn urn1 urn2"/>
      </ds:Transform>
    </ds:Transforms>
    <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
    <ds:DigestValue>IgGy8/m034pkLmcDBBlzQLHl6rA=</ds:DigestValue>
  </ds:Reference>
</ds:SignedInfo>

This is what I’m currently getting:

<ds:SignedInfo>
  <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
  <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
  <ds:Reference URI="#TS">
    <ds:Transforms>
      <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
    </ds:Transforms>
    <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
    <ds:DigestValue>fzJUjLMVenr1+Tfdu09w0TfsFb8=</ds:DigestValue>
  </ds:Reference>
  <ds:Reference URI="#_0">
    <ds:Transforms>
      <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
    </ds:Transforms>
    <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
    <ds:DigestValue>V7l52Hu7LCRcV1MCLsHZ4fsO2uo=</ds:DigestValue>
  </ds:Reference>
</ds:SignedInfo>

The difference between the two is the missing InclusiveNamespaces children, with PrefixList and ec namespaces.

How can I pass these values to the CanonicalizationMethod and Transforms?

Thanks for creating and maintaining this library!

[zygimantus]

Hi, I am facing same issue, I would like to add InclusiveNamespaces tags but now sure where do I begin. Maybe you solved this?

[crabey]

@zygimantus yes, I changed some things in signed-xml.js. Some of these changes use hardcoded values that are specific for my use case. But it does work for me, so maybe it can be helpful for you as well. Just tweak it to your requirements.

let i = 0; // Add this to beginning of file.

// Make this if statement add KeyInfo ID.
if (this.keyInfoProvider) {
  res += "<" + currentPrefix + `KeyInfo Id="<your key here>">`
  res += this.keyInfoProvider.getKeyInfo(this.signingKey, prefix)
  res += "</" + currentPrefix + "KeyInfo>"
}

// Comment out the line below, and add the following
// res += "<" + prefix + "Transform Algorithm=\"" + transform.getAlgorithmName() + "\" />"

res += "<" + prefix + "Transform Algorithm=\"" + transform.getAlgorithmName() + "\">"
if (i === 0) {
  res += '<ec:InclusiveNamespaces xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#" PrefixList="wsse soapenv urn urn1 urn2"/>'
  ref.inclusiveNamespacesPrefixList = 'wsse soapenv urn urn1 urn2';
}

if (i === 1) {
  res += '<ec:InclusiveNamespaces xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#" PrefixList="urn urn1 urn2"/>'
  ref.inclusiveNamespacesPrefixList = 'urn urn1 urn2';
}

res += "</" + prefix + "Transform>"
i = i + 1;