Remove incorrect deprecation of xml-c14n11 URI

README.rst

@@ -58,16 +58,16 @@ SignXML uses the `lxml ElementTree API <https://lxml.de/tutorial.html>`_ to work
     from signxml import XMLSigner, XMLVerifier
 
     data_to_sign = "<Test/>"
-    cert = open("example.pem").read()
-    key = open("example.key").read()
+    cert = open("cert.pem").read()
+    key = open("privkey.pem").read()
     root = etree.fromstring(data_to_sign)
     signed_root = XMLSigner().sign(root, key=key, cert=cert)
     verified_data = XMLVerifier().verify(signed_root).signed_xml
 
 To make this example self-sufficient for test purposes:
 
 - Generate a test certificate and key using
-  ``openssl req -x509 -sha256 -nodes -subj "/CN=test" -days 1 -newkey rsa:2048 -keyout example.key -out example.pem``
+  ``openssl req -x509 -nodes -subj "/CN=test" -days 1 -newkey rsa:2048 > cert.pem``
   (run ``yum install openssl`` on Red Hat).
 - Pass the ``x509_cert=cert`` keyword argument to ``XMLVerifier.verify()``. (In production, ensure this is replaced with
   the correct configuration for the trusted CA or certificate - this determines which signatures your application trusts.)

signxml/algorithms.py

@@ -151,9 +151,8 @@ class CanonicalizationMethod(InvalidInputErrorMixin, Enum):
 
     CANONICAL_XML_1_0 = "http://www.w3.org/TR/2001/REC-xml-c14n-20010315"
     CANONICAL_XML_1_0_WITH_COMMENTS = "http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments"
-    CANONICAL_XML_1_1 = "http://www.w3.org/2006/12/xmlc14n11#"
-    CANONICAL_XML_1_1_DEPRECATED_URI = "http://www.w3.org/2006/12/xml-c14n11"
-    CANONICAL_XML_1_1_WITH_COMMENTS = "http://www.w3.org/2006/12/xmlc14n11#WithComments"
+    CANONICAL_XML_1_1 = "http://www.w3.org/2006/12/xml-c14n11"
+    CANONICAL_XML_1_1_WITH_COMMENTS = "http://www.w3.org/2006/12/xml-c14n11#WithComments"
     EXCLUSIVE_XML_CANONICALIZATION_1_0 = "http://www.w3.org/2001/10/xml-exc-c14n#"
     EXCLUSIVE_XML_CANONICALIZATION_1_0_WITH_COMMENTS = "http://www.w3.org/2001/10/xml-exc-c14n#WithComments"
 

signxml/processor.py

@@ -140,7 +140,9 @@ def _c14n(self, nodes, algorithm: CanonicalizationMethod, inclusive_ns_prefixes=
 
     def _resolve_reference(self, doc_root, reference, uri_resolver=None):
         uri = reference.get("URI")
-        if not uri:
+        if uri is None:
+            raise InvalidInput("References without URIs are not supported")
+        elif uri == "":
             return doc_root
         elif uri.startswith("#xpointer("):
             raise InvalidInput("XPointer references are not supported")

signxml/verifier.py

@@ -294,8 +294,10 @@ def verify(
             ``resolve_entities=False``. See https://lxml.de/FAQ.html#how-do-i-use-lxml-safely-as-a-web-service-endpoint.
         :type parser: :class:`lxml.etree.XMLParser` compatible parser
         :param uri_resolver:
-            Function to use to resolve reference URIs that don't start with "#". The function is called with a single
-            string argument containing the URI to be resolved, and is expected to return a lxml.etree node or string.
+            Function to use to resolve reference URIs that are not empty and don't start with "#" (such references are
+            only expected in detached signatures; if you don't expect such signatures, leave this unset to prevent them
+            from validating). The function is called with a single string argument containing the URI to be resolved,
+            and is expected to return a :class:`lxml.etree._Element` node or bytes.
         :param id_attribute:
             Name of the attribute whose value ``URI`` refers to. By default, SignXML will search for "Id", then "ID".
         :param expect_config: