Once your UBL invoice XML is built and ready for signing, the most important part before generating <ds:SignatureValue> is to ensure your canonicalized digest values are correct.
IRBM validates your signature by re-computing the SHA256 digests of <SignedInfo> and <SignedProperties>. If even a single space or newline is different, your submission will fail with errors like DS320 or DS333.
✅ What to log:
$canonicalSignedInfo = $signedInfoNode->C14N(true, false);
$canonicalProps = $signedPropertiesNode->C14N(true, false);
Log::debug('Canonical SignedInfo:', [$canonicalSignedInfo]);
Log::debug('Canonical Props:', [$canonicalProps]);
Log::debug('SHA256 SignedInfo Digest:', [base64_encode(hash('sha256', $canonicalSignedInfo, true))]);
Log::debug('SHA256 Props Digest:', [base64_encode(hash('sha256', $canonicalProps, true))]);
💡 Why this matters:
- Helps catch digest mismatches before submission
- Makes it easier to compare with IRBM response errors
- Lets you test against XML samples locally without guessing
In Laravel, log this in your signature service before inserting <ds:SignatureValue>. Store in a dedicated channel like irb_hash_debug if needed.
Coming up in Day 2:
We’ll cache your IRBM access token in Redis so you don’t repeatedly request it for every submission.
