Thank you for your response. Below I will show you how the signature is generated in the signed XML:
<ds:Signature Id="FacturaWeb-3e202a94-b9b0-4674-ba37-acfd6c90bc80"> <ds:SignedInfo> <ds:CanonicalizationMethod Algorithm=" http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/> <ds:SignatureMethod Algorithm=" http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/> <ds:Reference Id="REF-f7e51bf9-3fc5-4119-887a-661e596e380e" URI=""> <ds:Transforms> <ds:Transform Algorithm=" http://www.w3.org/2000/09/xmldsig#enveloped-signature"/> </ds:Transforms> <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/> <ds:DigestValue>8oelP7Wj8Ot705qCgyV1TbSo7p5EAu1L0VpqidzkfBc=</ds:DigestValue> </ds:Reference> <ds:Reference URI="#KEY-INFO-c3aa5411-75f6-4a40-bf4a-a27cfd813b73"> <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/> <ds:DigestValue>0cYEzLcne6qnWfnGxT/oKXjIg7SiNwnrH53chO2gpGw=</ds:DigestValue> </ds:Reference> <ds:Reference Type="http://uri.etsi.org/01903#SignedProperties"; URI="#SIGNED-PROPS-384a4f25-5fd6-46ba-a61b-91d00ff7e012"> <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/> <ds:DigestValue>db7mhJsUslzrSax2zCj00UvITEuXSpBAFXSTBY5By1M=</ds:DigestValue> </ds:Reference> </ds:SignedInfo> <ds:SignatureValue Id="SIG-VALUE-e564f1df-3e81-45d3-ac4a-bd0d8b4694ab"> ... BQbRpJOzDxx45P1gBDSyNkVRtSGO2taUf46y7w== </ds:SignatureValue> <ds:KeyInfo Id="KEY-INFO-c3aa5411-75f6-4a40-bf4a-a27cfd813b73"> <ds:X509Data> <ds:X509Certificate> ... </ds:X509Certificate> </ds:X509Data> <ds:KeyValue> <ds:RSAKeyValue> <ds:Modulus>y9PGqQzDF++gcJJ0OtUlxGck0Re0KO+u9hjBxx6eg7sV8rcEB6X0HgTUyC94GxTENRDW+HrXoIXm 22qjUW/cbr8lvdRKplmv/zOlG+qd5UBXkYDOelZDBwIPGOIevZbLsUA0yHElrb/x5/dQneF0de1X aXea/LtuiyBSHUApag4G/Y1rS2/0kskC/BJmilfwaqEPcsdY+wJyuE8McCJYmq/07rEdLiq8v+4s xrWD+cdu5UkSBBo7qASzh0urAiMc4ciBAXW/nY1IsHWL4sO8aGR0ywCAG8qtSqRzAeXSVX9Y3veg c2oAurFZ62txWV829nHXiyd6YOzTaj9b0weYFw==</ds:Modulus> <ds:Exponent>AQAB</ds:Exponent> </ds:RSAKeyValue> </ds:KeyValue> </ds:KeyInfo> <ds:Object><xades:QualifyingProperties Target="#FacturaWeb-3e202a94-b9b0-4674-ba37-acfd6c90bc80"><xades:SignedProperties Id="SIGNED-PROPS-384a4f25-5fd6-46ba-a61b-91d00ff7e012"><xades:SignedSignatureProperties><xades:SigningTime>2024-06-26T16:01:09.610-05:00</xades:SigningTime><xades:SigningCertificate><xades:Cert><xades:CertDigest><ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/><ds:DigestValue>+6jZjq/uhu43+Roe1cJNFWbMo5V0qr7dHsTG/CuUxW4=</ds:DigestValue></xades:CertDigest><xades:IssuerSerial><ds:X509IssuerName>C=CO,L=BOGOTA D.C.,O=CAMERFIRMA COLOMBIA SAS,OU=Certificados Para Firma Electronica Camerfirma Colombia,2.5.4.5=#130b3930313331323131322d34,CN=SUBCA CAMERFIRMA COLOMBIA SAS</ds:X509IssuerName><ds:X509SerialNumber>6312948056428341490</ds:X509SerialNumber></xades:IssuerSerial></xades:Cert></xades:SigningCertificate><xades:SignaturePolicyIdentifier><xades:SignaturePolicyId><xades:SigPolicyId><xades:Identifier> https://facturaelectronica.dian.gov.co/politicadefirma/v2/politicadefirmav2.pdf</xades:Identifier></xades:SigPolicyId><xades:SigPolicyHash><ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256 "/><ds:DigestValue>dMoMvtcG5aIzgYo0tIsSQeVJBDnUnfSOfBpxXrmor0Y=</ds:DigestValue></xades:SigPolicyHash></xades:SignaturePolicyId></xades:SignaturePolicyIdentifier><xades:SignerRole><xades:ClaimedRoles><xades:ClaimedRole>supplier</xades:ClaimedRole></xades:ClaimedRoles></xades:SignerRole></xades:SignedSignatureProperties></xades:SignedProperties></xades:QualifyingProperties></ds:Object> </ds:Signature> As you can see, the reference to SIGNED-PROPS-384a4f25-5fd6-46ba-a61b-91d00ff7e012 exists in the saved file. Even if I create a method to validate the ID in the saved file, it is not a solution for me because I need to send the signed XML to an entity (DIAN in Colombia), and they are the ones who validate the signature in that signed file. That's why, when I send it, the signature is rejected. Isn't the already signed doc content supposed to be faithfully saved in the xml file on disk? El mié, 26 jun 2024 a la(s) 2:06 p.m., Cantor, Scott ([email protected]) escribió: > Unless you have a schema or some other set of code dealing with it, the > parsed document does not know that the ID attribute you want it to know > about is in fact an ID. Setting it while signing and before you lose the > DOM will work, but parsing it again from disk is not going to be done in a > way that gets that ID established, so you'll get an error as it tries to > locate the proper element in the DOM. > > That may not be right, but for a quick eyeball over that much code, that > would be my guess. > > -- Scott > > >
