Error signature verification

[pwypustek]

XmlError {
prefix: 'XMLJS',
code: 13,
name: 'XmlError',
message: "XMLJS0013: Cryptographic error: Invalid digest for uri ''. Calculated digest is qku/9zAVZ7Z22iOioiIf4melWeCWluGiAMdRX1Kl5kk= but the xml to validate supplies digest SAX3z9B5nivRbZSf3MXsdvxESqf5Kj4sn7d/HBvztnY=",
stack: "Error: XMLJS0013: Cryptographic error: Invalid digest for uri ''. Calculated digest is qku/9zAVZ7Z22iOioiIf4melWeCWluGiAMdRX1Kl5kk= but the xml to validate supplies digest SAX3z9B5nivRbZSf3MXsdvxESqf5Kj4sn7d/HBvztnY=\n" +
' at new XmlError (C:\test_xadesj_js\node_modules\xml-core\dist\index.js:217:22)\n' +
' at SignedXml.ValidateReferences (C:\test_xadesj_js\node_modules\xmldsigjs\build\index.js:2867:23)\n' +
' at async SignedXml.Verify (C:\test_xadesj_js\node_modules\xmldsigjs\build\index.js:2502:21)\n' +
' at async signXml (file:///C:/test_xadesj_js/main.js:82:13)\n' +
' at async main (file:///C:/test_xadesj_js/main.js:14:5)'

import { Crypto as CryptoP11 } from "node-webcrypto-p11";
import * as xadesjs from "xadesjs";
import * as fs from "fs";

let crypto = null;

async function main() {
try {
crypto = new CryptoP11({ library: "C:/Windows/System32/cryptoCertum3PKCS.dll", name: "Certum", slot: 0, pin: "111111" });
xadesjs.Application.setEngine("pkcs11", crypto);
let xmlString = fs.readFileSync("./jpk-initupload.xml", "utf8");
const keyPair = await getKeyPair("01f842b96b81152fb9ee715784e5478012f9d555");
const algorithm = { name: "RSASSA-PKCS1-v1_5", hash: { name: "SHA-256" } };
await signXml(xmlString, keyPair, algorithm);
} catch (error) {
console.error(error);
}
}

main().catch((error) => {
console.error(error);
process.exit(1);
});

async function findKey(id, type) {
const keys = await crypto.keyStorage.keys();
const keyId = keys.find((o) => {
const [t, , i] = o.split("-");
return t === type && i === id;
});
if (keyId) {
return await crypto.keyStorage.getItem(keyId);
}
return null;
}

async function findCert(id) {
const certs = await crypto.certStorage.keys();
const certId = certs.find((o) => {
const [t, , i] = o.split("-");
return t === "x509" && i === id;
});
if (certId) {
return await crypto.certStorage.getItem(certId);
}
return null;
}

async function getKeyPair(id) {
const privateKey = await findKey(id, "private");
const publicKey = await findKey(id, "public");
return { privateKey, publicKey, certificate: await findCert(id) };
}

async function signXml(xmlString, keys, algorithm) {
var xmlDoc = xadesjs.Parse(xmlString);
var signedXml = new xadesjs.SignedXml();
var { privateKey, publicKey, certificate } = keys;

algorithm = { name: "RSASSA-PKCS1-v1_5", hash: "SHA-256" };

const options = {
keyValue: publicKey,
references: [{ id: "Signature_1849c276-8917-45fe-8e57-431cb265751a_40", uri: "", hash: "SHA-256", transforms: ["enveloped", "c14n"] }],
signingCertificate: null,
signatureType: "XAdES-BES",
};

if (certificate) {
const raw = await crypto.certStorage.exportCert("raw", certificate);
const encoded = Buffer.from(raw).toString("base64");
options.x509 = [encoded];
options.signingCertificate = encoded;
}

let root = xmlDoc.documentElement;
const signature = await signedXml.Sign(algorithm, privateKey, xmlDoc, options);
fs.writeFileSync("./signature.xml", signature.toString(), { encoding: "utf-8" });
root.appendChild(signature.GetXml());
const finalXml = new XMLSerializer().serializeToString(xmlDoc);
fs.writeFileSync("./jpk-initupload-signed.xml", finalXml, { encoding: "utf-8" });
let res = await signedXml.Verify();
console.log(res);
}