Skip to content
This repository was archived by the owner on Aug 12, 2025. It is now read-only.
This repository was archived by the owner on Aug 12, 2025. It is now read-only.

adding countersign to an already signed xml doc #136

Open
Open
adding countersign to an already signed xml doc#136
@dzejdzi

Description

@dzejdzi
dzejdzi
opened on Oct 23, 2023

hello,
I want to use "xadesjs" for countersinging an already signed XML document. The more I try several different approaches the more I think that the API is not tailored to do that. The thing is that the structure of my countersigned XML doc is fine(according to XAdES-BES spec), but when it comes to the verification process, it turns out that Integrity was not retained :(

Assuming that my signed XML document contains attribute Id for SignedValue property, and also there are given privateKey, publicKey and certificate, I try to run a code that looks like this:

const strippedCertificate = '...' //  prepared encode certificate without pem header
const alreadySignedDocument = XAdES.Parse('documentInString')
 const counterSignature = new XAdES.SignedXml();
const sigValueElement = alreadySignedDocument.getElementsByTagNameNS(
      'http://www.w3.org/2000/09/xmldsig#',
      'SignatureValue'
    )[0];
const sigValueId = sigValueElement.getAttribute('Id');
return Promise.resolve()
     ... // pre-stuff needed to run further instructions 
      .then(() =>
      counterSignature.Sign(
          { name: 'RSASSA-PKCS1-v1_5', hash: { name: 'SHA-256' } },
          privateKey,
          alreadySignedDocument, // is this okay ? or should it be SignatureValue property according to W3C spec or ETSI XAdES spec. ?
          {
            // @ts-ignore
            keyValue: publicKey,
            references: [
              {
                hash: 'SHA-256',
                type: 'http://uri.etsi.org/01903#CountersignedSignature',
                uri: '#' + sigValueId // reference to SignatureValue property of the signature
              }
            ],
            x509: [strippedCertificate],
            signingCertificate: strippedCertificate
          }
        )
      ).then(...
      // Here it goes appending the countersign element to UnsignedSigntureProperties and then to UnsignedProperties, and eventually to the QualifyingProperties 
      )

Could you write down the appropriate code for achieving a countersignature?

  • By the way are there any limitations for achieving that within [email protected] vs. the last version?
  • And one more question: how can I add or pass some config to "Sign()" method to add "Id" attribute for "SignatureValue" property during the signing (I mean during adding the first qualified signature)?

I appreciate your help with any tips you will give me.

Best,
Jakub

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions