Fix validation for XaDES signatures

go.sum

@@ -1,5 +1,3 @@
-github.com/beevik/etree v1.5.0 h1:iaQZFSDS+3kYZiGoc9uKeOkUY3nYMXOKLl6KIJxiJWs=
-github.com/beevik/etree v1.5.0/go.mod h1:gPNJNaBGVZ9AwsidazFZyygnd+0pAU38N4D+WemwKNs=
 github.com/beevik/etree v1.5.1 h1:TC3zyxYp+81wAmbsi8SWUpZCurbxa6S8RITYRSkNRwo=
 github.com/beevik/etree v1.5.1/go.mod h1:gPNJNaBGVZ9AwsidazFZyygnd+0pAU38N4D+WemwKNs=
 github.com/creack/pty v1.1.9/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E=

signedxml.go

@@ -8,6 +8,7 @@ import (
 	"encoding/pem"
 	"errors"
 	"fmt"
+	"log"
 	"strings"
 
 	"github.com/beevik/etree"
@@ -220,6 +221,38 @@ func (s *signatureData) parseCanonAlgorithm() error {
 		"CanonicalizationMethod")
 }
 
+func findNs(in *etree.Element, ns map[string]string) {
+	ns[in.Space] = in.NamespaceURI()
+	for _, c := range in.ChildElements() {
+		findNs(c, ns)
+	}
+}
+
+func findNamespaces(in *etree.Document) map[string]string {
+	var ns = make(map[string]string)
+	findNs(in.Root(), ns)
+	return ns
+}
+
+func fixNs(e *etree.Element, ns map[string]string) {
+	if e.NamespaceURI() == "" && e.Space != "" {
+		if uri, ok := ns[e.Space]; ok {
+			e.CreateAttr(fmt.Sprintf("xmlns:%s", e.Space), uri)
+		} else {
+			log.Printf("signedxml: Missing namespace tag %s\n", e.Space)
+		}
+	}
+
+	for _, c := range e.ChildElements() {
+		fixNs(c, ns)
+	}
+}
+
+func fixNamespaces(in *etree.Document, out *etree.Document) {
+	ns := findNamespaces(in)
+	fixNs(out.Root(), ns)
+}
+
 func (s *signatureData) getReferencedXML(reference *etree.Element, inputDoc *etree.Document) (outputDoc *etree.Document, err error) {
 	uri := reference.SelectAttrValue("URI", "")
 	uri = strings.Replace(uri, "#", "", 1)
@@ -247,6 +280,8 @@ func (s *signatureData) getReferencedXML(reference *etree.Element, inputDoc *etr
 		}
 	}
 
+	fixNamespaces(inputDoc, outputDoc)
+
 	if outputDoc == nil {
 		return nil, errors.New("signedxml: unable to find refereced xml")
 	}

validator.go

@@ -108,6 +108,12 @@ func (v *Validator) validateReferences() (referenced []*etree.Document, err erro
 	for _, ref := range references {
 		doc := v.xml.Copy()
 
+		refUri := ref.SelectAttrValue("URI", "")
+		doc, err = v.getReferencedXML(ref, doc)
+		if err != nil {
+			return nil, err
+		}
+
 		transforms := ref.SelectElement("Transforms")
 		if transforms != nil {
 			for _, transform := range transforms.SelectElements("Transform") {
@@ -118,27 +124,21 @@ func (v *Validator) validateReferences() (referenced []*etree.Document, err erro
 			}
 		}
 
-		doc, err = v.getReferencedXML(ref, doc)
-		if err != nil {
-			return nil, err
-		}
-
 		referenced = append(referenced, doc)
 
 		digestValueElement := ref.SelectElement("DigestValue")
 		if digestValueElement == nil {
-			return nil, errors.New("signedxml: unable to find DigestValue")
+			return nil, fmt.Errorf("signedxml [%s]: unable to find DigestValue", refUri)
 		}
 		digestValue := digestValueElement.Text()
-
 		calculatedValue, err := calculateHash(ref, doc)
 		if err != nil {
 			return nil, err
 		}
 
 		if calculatedValue != digestValue {
-			return nil, fmt.Errorf("signedxml: Calculated digest does not match the"+
-				" expected digestvalue of %s", digestValue)
+			return nil, fmt.Errorf("signedxml [%s]: Calculated digest (%s) does not match the"+
+				" expected digestvalue of %s", refUri, calculatedValue, digestValue)
 		}
 	}
 	return referenced, nil