I've downloaded all sample iDEAL code I could find. None worked. They were either for the old iDEAL version or they simply did not work.
I don't understand what I'm doing wrong. According to every single piece of documentation I've read about iDEAL and signing XML, it should work yet iDEAL keeps returning "invalid digital signature".
This is what I do:
# $digest contains the digest of the message (confirmed to be correct)
my $SignedInfo = <<EOT;
<SignedInfo>
<CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
<SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256" />
<Reference URI="">
<Transforms>
<Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" />
</Transforms>
<DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256" />
<DigestValue>$digest</DigestValue>
</Reference>
</SignedInfo>
EOT
# SignedInfo needs to be signed using RSAWithSHA256
my $dataToSign = _CanonicalizeXML( $signedInfo, 1 ); # Does exclusive canonicalization
my $pkrsa = Crypt::PK::RSA->new( "priv.pem", $password );
my $sig = $pkrsa->sign_message( $dataToSign, "SHA256", "v1.5" );
$sig = encode_base64( $sig );
chomp( $sig );
.
. I then continue building the XML message.
.
sub _CanonicalizeXML {
my ($xml, $exclusive) = @_;
my $xpath = '<XPath>(//. | //@* | //namespace::*)</XPath>';
return XML::CanonicalizeXML::canonicalize( $xml, $xpath, [], $exclusive, 0 );
}
When I send the XML message to the iDEAL server, it returns "invalid digital signture"...
| [reply] |