[ENHANCEMENT]: Making the signature wrap the content that it's signing

[mhd3v]

Is your feature request related to a problem? Please describe...

Hi, thank you so much for creating this amazing package. I am trying to make the signature element wrap the content that it is using to generate the signature. Is this possible with this package? I've tried a lot of things, but unfortunately none of the location options seems to support this use-case.

So basically what i'm trying to achieve is something like below:

<ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
 <ds:SignedInfo>
 <ds:CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/>
 <ds:SignatureMethod Algorithm="http://www.w3.org/2007/05/xmldsig-more#sha256-rsaMGF1"/>
 <ds:Reference URI="#object">
 <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
 <ds:DigestValue><!-- insert base64-encoded digest value --></ds:DigestValue>
 </ds:Reference>
 </ds:SignedInfo>
 <ds:SignatureValue><!-- insert base64-encoded signature --></ds:SignatureValue>
 <ds:KeyInfo>
 <ds:X509Data>
 <ds:X509SubjectName><!-- Insert subject name --></ds:X509SubjectName>
 <ds:X509Certificate><!-- Insert base64-encoded certificate --></ds:X509Certificate>
 </ds:X509Data>
 </ds:KeyInfo>
 <ds:Object Id="object">
 <dip xmlns="http://itzbund.de/ozg/bzst/post/dip/v1/" version="1.0">
 <header environment="TEST">
 ...
 </header>
 <body>
 ...
 </body>
 </dip>
 </ds:Object>
</ds:Signature>

Describe the solution you'd like...

A mechanism to allow the signature to wrap the content.

Describe the alternatives you've considered...

Tried to move the signature after the xml is signed, but it causes the verification to fail.

[srd90]

Seems like you are trying to add Object to Signature. Quote from your description:

...
<ds:Object Id="object">
<dip xmlns="http://itzbund.de/ozg/bzst/post/dip/v1/" version="1.0">
<header environment="TEST">
...
</header>
<body>
...
</body>
</dip>
</ds:Object>
...

At least one enabler is missing from this library (and this issue seems to be duplicate of):

• [ENHANCEMENT]: AddObject to SignedXml instance #446

[cjbarth]

Perhaps some of the things I've played around with in #464 are helpful to you. I don't need this functionality, so I'm planing around with it in my spare time. Feel free to push to that branch and I'll make sure to give you credit when it lands.

[mhd3v]

@srd90 that is exactly what I'm trying to do. I'm sorry I didn't realize a similar issue was already open. In this case this one can be closed.

@cjbarth thank you! Since I couldn't really figure out initially with this package, and had a strict deadline, I just decided to make a custom Java script that does this instead. Otherwise I would have loved to test your branch.

Thanks for the help guys.

I'll close this issue now that there's already #446

[cjbarth]

@mhd3v , I'm glad you got it working. If you test some existing branches, or put up the code you've added, we can work to get it added to the mainline so that you won't have to maintain custom code all by yourself. It would also help the community.