how to sign XML string correctly

[davi-canuto]

Is your feature request related to a problem? Please describe...

import fs from 'fs'
import { SignedXml } from 'xml-crypto'

const privateKey = fs.readFileSync('./private-key.pem', 'utf-8')
const certBase64 = fs.readFileSync('./cert.pem', 'utf-8')
  .replace(/-----BEGIN CERTIFICATE-----|-----END CERTIFICATE-----|\r?\n/g, '')

export function signInfNFe(infNFeXml: string): string {
  const id = infNFeXml.match(/Id="([^"]+)"/)?.[1]
  if (!id) throw new Error('Não foi possível extrair o ID do infNFe')

  const signer = new SignedXml()
  signer.signingKey = privateKey
  signer.signatureAlgorithm = 'http://www.w3.org/2000/09/xmldsig#rsa-sha1'
  signer.canonicalizationAlgorithm = 'http://www.w3.org/TR/2001/REC-xml-c14n-20010315'

  signer.keyInfoProvider = {
    getKeyInfo: () => `<X509Data><X509Certificate>${certBase64}</X509Certificate></X509Data>`,
    getKey: () => Buffer.from('')
  } as any

  signer.addReference(
    `//*[@Id='${id}']`,
    [
      'http://www.w3.org/2000/09/xmldsig#enveloped-signature',
      'http://www.w3.org/TR/2001/REC-xml-c14n-20010315'
    ],
    'http://www.w3.org/2000/09/xmldsig#sha1'
  )

  signer.computeSignature(infNFeXml)
  return signer.getSignatureXml()
}
 

i have this code for sign my XML before send it inside my soap envelope, but ever return for me "Signature differs from calculated".

context: i wanna connect with sefaz to create for a homologation NF-e https://www.nfe.fazenda.gov.br/portal/listaConteudo.aspx?tipoConteudo=ndIjl+iEFdE=

any problems visible with my signature?

Describe teh solution you'd like...

i want to sign my xml correctly

Describe the alternatives you've considered...

create another microservice in another language to sign correctly my xml before send to the consumer

"xml-crypto": "^2.1.2",

[cjbarth]

It seems like you're asking for help, not looking for an enhancement. I can move this to a discussion if you just need help.

[davi-canuto]

yes, i'm labelled this issue wrong, if you can help, I would appreciate it

when i'm assign my xml with java and get success, but i would like to do this work in node

[srd90]

@davi-canuto Your example code is "useless" from "puzzle solving" point of view without example input (or without prior knowledge of NFe ... which is behind language wall) and example output.

when i'm assign my xml with java and get success, but i would like to do this work in node

So you have some test input which you could attach to your question and output of that exact input from your nodejs (which does not validate against some reference implementation) and from your java implementation? Why didn't you/could you share those 3 files?

FWIW, I see that you have some nfe generator https://github.com/davi-canuto/nfe-async/blob/33abd695379e9f3f348944cce418a1b6b9fa64ea/src/nfe/helpers/generateNFe.ts but at least I am not interest enought of this puzzle to start to build documents which shows issue from "atoms".

Did you search any previous issues related systems used at south america (in this case NFe):
https://github.com/search?q=repo%3Anode-saml%2Fxml-crypto%20nfe&type=issues

which provides hit like: #113

Unrelated sidenote: code you provided at description of #510 uses regex to interpret xml. Using regex to interpret xml/xhtml/html is considered bad ( https://stackoverflow.com/a/1732454 ).
Consider using e.g. xpath to get Id value.