Bug Description
WSSecurityCert assigns the same ID (_1) to both Timestamp and Body elements, causing duplicate Reference URIs in the XML signature. This results in "Incorrect reference digest value" SOAP faults.
Environment
- node-soap version: 1.1.10 (also tested with 1.6.0)
- Node.js version: 22.5.1
- Operating System: MacOS 15.6.1
Expected Behavior
- Body and Timestamp elements should have unique IDs
- Custom IDs from
signerOptions.attrs.Id should be respected
- XML signature should validate properly
Actual Behavior
<Timestamp Id="_1">
<soap:Body Id="_1"> <!-- Same ID! -->
<Reference URI="#_1"> <!-- First reference -->
<Reference URI="#_1"> <!-- Duplicate reference to same element -->
Configuration Attempted
const wsSecurityOptions = {
hasTimeStamp: true,
signerOptions: {
attrs: {
Id: `_body_${Date.now()}`, // This is ignored
},
},
};Error Response
<faultstring>Incorrect reference digest value</faultstring>
Reproduction Steps
- Create WSSecurityCert with custom Body ID in signerOptions
- Make SOAP request with both timestamp and signature
- Observe duplicate IDs in generated XML
- Receive SOAP fault from service
Investigation Notes
- Constructor accepts
signerOptions but doesn't apply attrs.Id
- Both v1.1.10 and v1.6.0 show same issue
- Library initializes
this.signerOptions = {} without copying provided options
Would appreciate guidance on proper configuration or confirmation if this is a bug that needs fixing.
Bug Description
WSSecurityCert assigns the same ID (
_1) to both Timestamp and Body elements, causing duplicate Reference URIs in the XML signature. This results in "Incorrect reference digest value" SOAP faults.Environment
Expected Behavior
signerOptions.attrs.Idshould be respectedActual Behavior
Configuration Attempted
Error Response
Reproduction Steps
Investigation Notes
signerOptionsbut doesn't applyattrs.Idthis.signerOptions = {}without copying provided optionsWould appreciate guidance on proper configuration or confirmation if this is a bug that needs fixing.