Writing an id in the tag

[gabriel-cruz]

Hello everyone,

When I try to sign my XML file using the xmlseclibs, the library put an id with some kind of token on it, but the xsd schema for the xml don't allowed this. How can I fix this? I already tried to put the 'overwrite' => false in the addReference function and don't work. Can someone please help me?
Here is the code:

`$doc = new DOMDocument();
$doc->load('gerados/07-2021/arquivo_1_05_21.xml');
$Alvara = $doc->getElementsByTagName('Alvara')->item(0);
$Habitese = $doc->getElementsByTagName('Habitese')->item(0);

// Cria um objeto do tipo Security
$objDSig = new XMLSecurityDSig();
// Usa o c14n exclusive canonicalization
$objDSig->setCanonicalMethod(XMLSecurityDSig::C14N);
// Assina usando a criptografia
$objDSig->addReference(
$Alvara,
XMLSecurityDSig::SHA1,
array('http://www.w3.org/TR/2001/REC-xml-c14n-20010315'),
array('id_name' => '', 'overwrite' => false)

);

// Cria uma nova chave de segurança privada
$objKey = new XMLSecurityKey(XMLSecurityKey::RSA_SHA1, array('type'=>'private'));
/*
If key has a passphrase, set it using
$objKey->passphrase = '';
*/
// Carrega a chave privada do certificado
$objKey->loadKey('certificado/private.pem', TRUE);

// assina usando a chave privada
$objDSig->sign($objKey);

// Associa a chave publica na assinatura
$objDSig->add509Cert(file_get_contents('certificado/public.pem'));

// Escreve a assinatura na tag passada pelo parametro
$objDSig->appendSignature($Alvara);
// Salva o xml assinado
$doc->save('gerados/07-2021/assinado.xml');`

[tvdijen]

Try adding force_uri => true to the array of options... If I understand the code correctly, it will add a reference with en empty URI-string, in which case it references the containing element..

[gabriel-cruz]

I tried adding the force_uri => true but it continue adding an id in the tag.
Here is this part of the code:

`$objDSig->addReference(
$Alvara,
XMLSecurityDSig::SHA1,
array('http://www.w3.org/TR/2001/REC-xml-c14n-20010315'),
array('force_uri' => true, 'overwrite' => false)

);`

Am I doing something wrong?

[tvdijen]

I'm not sure this library is capable of what you want/need.. The ID-attribute is used in the ds:Reference URI-attribute so you know what element the signature belongs to.. Technically, if URI='', it means the signature belongs to the containing element.. This is defined in the dsig specifications.. I would have assumed that an empty URI would lead to not setting an ID.. I was wrong.
I hope the owner of the lib can help you out.

[gabriel-cruz]

I don't know if I was specific in my question, sorry about that. But the XML signed looks like this:

<?xml version="1.0" encoding="UTF-8"?> <sisobraPref versao="1.01"> <Alvara Id="pfxf20752db-f4d7-50d4-c37e-0b4dfbb8c0d4">

But I need it like this:
<?xml version="1.0" encoding="UTF-8"?> <sisobraPref versao="1.01"> <Alvara>

You are basically saying that there is no way for me to remove the ID from the Alvara tag, correct?

[tvdijen]

You were specific enough, it's clear to me what you want/need.... I'm just not sure if this library can do what you want..
Based on dsig-specs it should be possible, but it seems to me this library can't do it.. Throwing sad smiley faces at me is not gonna help you.. I refuse to deal with those..

[gabriel-cruz]

Ok, thanks to trying to help. Even not solving the problem, you helped a lot. Thanks again.