I am using xml-crypto library to digitally sign the XML. The library is generating the digitally signed XML with no problem. However, when I try to verify it, it throws an error:
invalid signature: for uri #_0 calculated digest is h101O5ejoHaQM8NHtoPDHqPLGnk= but the xml to validate supplies digest mcTUHt6CDkvKevb+7hBObU1uomY=
I am just trying to verify the XML signature in the same code block where it is being generating but it is failing.
const sig = new SignedXml();
sig.addReference("//*[local-name(.)='data']");
sig.keyInfoProvider = keyProvider;
sig.signingKey = privateKey;
sig.computeSignature(xml);
const signedXML = sig.getSignedXml();
logger.debug(`Signed XMl: ${signedXML}`);
const doc = new dom().parseFromString(signedXML);
logger.debug(select(doc, "//*[local-name(.)='data']")[0].toString());
const signature = select(doc, "//*[local-name(.)='Signature' and namespace-uri(.)='http://www.w3.org/2000/09/xmldsig#']")[0];
const signed = new SignedXml();
signed.keyInfoProvider = keyProvider;
signed.loadSignature(signature.toString());
const res = signed.checkSignature(signedXML);
if (!res) {
logger.error(JSON.stringify(signed.validationErrors));
} else {
logger.debug('Signature is valid');
}