Builds XML-DSig elements for the XAdES B-B sign flow.
The shape produced is the W3C XML Signature 1.1 envelope:
<ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<ds:SignedInfo>
<ds:CanonicalizationMethod Algorithm=".../exc-c14n#"/>
<ds:SignatureMethod Algorithm="..."/>
<ds:Reference URI="...">
<ds:Transforms>
<ds:Transform Algorithm=".../enveloped-signature"/>
<ds:Transform Algorithm=".../exc-c14n#"/>
</ds:Transforms>
<ds:DigestMethod Algorithm=".../sha256"/>
<ds:DigestValue>...</ds:DigestValue>
</ds:Reference>
<ds:Reference Type="...SignedProperties" URI="#xades-...">
<ds:Transforms>
<ds:Transform Algorithm=".../exc-c14n#"/>
</ds:Transforms>
<ds:DigestMethod Algorithm=".../sha256"/>
<ds:DigestValue>...</ds:DigestValue>
</ds:Reference>
</ds:SignedInfo>
<ds:SignatureValue>...</ds:SignatureValue>
<ds:KeyInfo>
<ds:X509Data>
<ds:X509Certificate>...</ds:X509Certificate>
...
</ds:X509Data>
</ds:KeyInfo>
<ds:Object>
<xades:QualifyingProperties .../>
</ds:Object>
</ds:Signature>Builder functions emit raw binary XML — exc-c14n is applied during digest / signature computation, so attribute order and whitespace in these strings is normalised away before any hash is taken.
Summary
Functions
Map an XML Signature URI back to a JOSE alg atom. Inverse of
signature_method_uri/1.
Canonicalisation method URI for Exclusive XML C14N 1.0.
Digest method URI for SHA-256.
URI namespace for the XML Signature ds: prefix (W3C XMLDSig).
Helper: 8-byte hex random id suitable for XML Id attributes.
Build a <ds:Reference> element targeting a fragment of the
enveloping document. :transforms is a list of transform URIs
applied left-to-right; the typical XAdES B-B set is
[envelope, exc_c14n] for the data reference and [exc_c14n]
for the SignedProperties reference.
URI tag for the standard XAdES SignedProperties reference Type attribute.
Returns the XML Signature URI for a given JOSE alg atom.
Build a standalone <ds:SignatureValue> element with the ds
namespace declared inline. Used by the B-T attach path to compute
the canonical bytes of the signature-value element exactly the way
a verifier would re-derive them when extracting it from the signed
document.
Build a <ds:SignedInfo> element wrapping the supplied
references. The :alg selects the <ds:SignatureMethod> URI.
Transform URI for the enveloped-signature rewrite.
URI namespace for the XAdES xades: prefix.
Functions
Map an XML Signature URI back to a JOSE alg atom. Inverse of
signature_method_uri/1.
Canonicalisation method URI for Exclusive XML C14N 1.0.
Digest method URI for SHA-256.
URI namespace for the XML Signature ds: prefix (W3C XMLDSig).
@spec random_id() :: String.t()
Helper: 8-byte hex random id suitable for XML Id attributes.
Build a <ds:Reference> element targeting a fragment of the
enveloping document. :transforms is a list of transform URIs
applied left-to-right; the typical XAdES B-B set is
[envelope, exc_c14n] for the data reference and [exc_c14n]
for the SignedProperties reference.
URI tag for the standard XAdES SignedProperties reference Type attribute.
Returns the XML Signature URI for a given JOSE alg atom.
iex> SignCore.XML.Builder.signature_method_uri(:RS256)
"http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"
iex> SignCore.XML.Builder.signature_method_uri(:PS256)
"http://www.w3.org/2007/05/xmldsig-more#sha256-rsa-MGF1"Build a standalone <ds:SignatureValue> element with the ds
namespace declared inline. Used by the B-T attach path to compute
the canonical bytes of the signature-value element exactly the way
a verifier would re-derive them when extracting it from the signed
document.
value_b64 MUST be base64 already (RFC 4648). The caller is
responsible for producing it; this builder just wraps the bytes.
Build a <ds:SignedInfo> element wrapping the supplied
references. The :alg selects the <ds:SignatureMethod> URI.
Transform URI for the enveloped-signature rewrite.
URI namespace for the XAdES xades: prefix.