WSSecurityCert generates duplicate IDs for Body and Timestamp elements, causing "Incorrect reference digest value" errors #1381
Description
Bug Description
WSSecurityCert assigns the same ID (_1) to both Timestamp and Body elements, causing duplicate Reference URIs in the XML signature. This results in "Incorrect reference digest value" SOAP faults.
Environment
- node-soap version: 1.1.10 (also tested with 1.6.0)
- Node.js version: 22.5.1
- Operating System: MacOS 15.6.1
Expected Behavior
- Body and Timestamp elements should have unique IDs
- Custom IDs from
signerOptions.attrs.Idshould be respected - XML signature should validate properly
Actual Behavior
<Timestamp Id="_1">
<soap:Body Id="_1"> <!-- Same ID! -->
<Reference URI="#_1"> <!-- First reference -->
<Reference URI="#_1"> <!-- Duplicate reference to same element -->Configuration Attempted
const wsSecurityOptions = {
hasTimeStamp: true,
signerOptions: {
attrs: {
Id: `_body_${Date.now()}`, // This is ignored
},
},
};Error Response
<faultstring>Incorrect reference digest value</faultstring>Reproduction Steps
- Create WSSecurityCert with custom Body ID in signerOptions
- Make SOAP request with both timestamp and signature
- Observe duplicate IDs in generated XML
- Receive SOAP fault from service
Investigation Notes
- Constructor accepts
signerOptionsbut doesn't applyattrs.Id - Both v1.1.10 and v1.6.0 show same issue
- Library initializes
this.signerOptions = {}without copying provided options
Would appreciate guidance on proper configuration or confirmation if this is a bug that needs fixing.