Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Another question about xades-xl #192

Open
gdiazs opened this issue Jul 20, 2019 · 1 comment
Open

Another question about xades-xl #192

gdiazs opened this issue Jul 20, 2019 · 1 comment
Labels
question

Comments

@gdiazs
Copy link

gdiazs commented Jul 20, 2019
edited

Hi there, I found this library years ago, when its source code was in google code.

  • Firstly I just want to ask why the project has not include complete support for xades-xl standard yet?
  • Sencondly, what can I do in order to help to enabl it, if is not a active this support.
    • How can I start to colabrate here
    • Which knowns do I need before to start
    • It is mandatory a complete mastery and understading of the standard?

I'll appreciate all resource you can give me to start

I want to build a platform for digital documents (like google drive) to handle and manage signatures (XML and PDF), but I want first start adding complete support of xades-xl to this libraries and create a app client and then start with the a web project.

Can sound abitious but I haven't seen a solution like I have mentioned.
@luisgoncalves
Copy link
Owner

luisgoncalves commented Jul 21, 2019
edited

Hi Guillermo,

The library was initially designed without fully considering extended forms. For instance, it is possible to extend a XAdES-C signature to XAdES -X-L upon verification, but not to directly sign in X-L. This wasn't a big problem, however, as many use-cases for extended forms imply a grace period before applying the extended form.

Later I realized that the lib had some design limitations that made signing/verifying all extended forms complicated. One of the biggest problems was that some of the qualifying properties in the advanced formats depend on XML order (e.g. archival timestamp) and xades4j implementation doesn't keep the connection between the internal property model and the XML node(s). Changing this was a big task and I didn't have the time. Then there was some lack of interest and demand...

Somewhere along the way another developer started submitting PRs to better support extended forms (and other stuff). We discussed a lot of things, we had some different opinions in some parts, but in the end I couldn't keep up with his work.

Last year, yet another group of developers picked up that work and resubmitted a PR: #146. I merged it into a feature branch and it has been laying there since then. It's a big amount of work with a lot of breaking changes. That, together with other ideas I had in the past, made me wonder that it would be better to eventually do a reboot on the lib's implementation. Anyway, maybe that PR/branch can help you. I haven't tested it; only did a brief review of the code.

If you want to go deeper in the code, it will require some knowledge of the inner workings of the lib as initially designed. There's the Prezi (link in home page) and my Msc write up. Also, it would be good to have a good understanding of the standard, namely on the properties for extended forms and the corresponding generation/verification rules.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
question
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@gdiazs @luisgoncalves