xml-crypto - npm Package Compare versions

Comparing version 1.2.0 to 1.3.0

lib/exclusive-canonicalization.js

		@@ -202,2 +202,33 @@ /* jshint laxcomma: true */

		var ancestorNamespaces = options.ancestorNamespaces \|\| [];

		/**
		* If the inclusiveNamespacesPrefixList has not been explicitly provided then look it up in CanonicalizationMethod/InclusiveNamespaces
		*/
		if (inclusiveNamespacesPrefixList.length == 0) {
		var CanonicalizationMethod = utils.findChilds(node, "CanonicalizationMethod")
		if (CanonicalizationMethod.length != 0) {
		var inclusiveNamespaces = utils.findChilds(CanonicalizationMethod[0], "InclusiveNamespaces")
		if (inclusiveNamespaces.length != 0) {
		inclusiveNamespacesPrefixList = inclusiveNamespaces[0].getAttribute('PrefixList').split(" ");
		}
		}
		}

		/**
		* If you have a PrefixList then use it and the ancestors to add the necessary namespaces
		*/
		if (inclusiveNamespacesPrefixList) {
		var prefixList = inclusiveNamespacesPrefixList instanceof Array ? inclusiveNamespacesPrefixList : inclusiveNamespacesPrefixList.split(' ');
		prefixList.forEach(function (prefix) {
		if (ancestorNamespaces) {
		ancestorNamespaces.forEach(function (ancestorNamespace) {
		if (prefix == ancestorNamespace.prefix) {
		node.setAttributeNS('http://www.w3.org/2000/xmlns/', 'xmlns:' + prefix, ancestorNamespace.namespaceURI);
		}
		})
		}
		})
		}

		var res = this.processInner(node, [], defaultNs, defaultNsForPrefix, inclusiveNamespacesPrefixList);
		@@ -204,0 +235,0 @@ return res;

lib/signed-xml.js

		@@ -21,4 +21,4 @@ var xpath = require('xpath')
		this.getKeyInfo = function(key, prefix) {
		prefix = prefix \|\| ''
		prefix = prefix ? prefix + ':' : prefix
		prefix = prefix \|\| ''
		prefix = prefix ? prefix + ':' : prefix
		return "<" + prefix + "X509Data></" + prefix + "X509Data>"
		@@ -365,7 +365,2 @@ }

		/**
		* When canonicalization algorithm is non-exclusive, search for ancestor namespaces
		* before validating signature.
		*/
		var ancestorNamespaces = [];
		if(this.canonicalizationAlgorithm === "http://www.w3.org/TR/2001/REC-xml-c14n-20010315"
		@@ -377,6 +372,10 @@ \|\| this.canonicalizationAlgorithm === "http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments")
		}

		ancestorNamespaces = findAncestorNs(doc, "//*[local-name()='SignedInfo']");
		}

		/**
		* Search for ancestor namespaces before validating signature.
		*/
		var ancestorNamespaces = [];
		ancestorNamespaces = findAncestorNs(doc, "//*[local-name()='SignedInfo']");

		var c14nOptions = {
		@@ -455,21 +454,6 @@ ancestorNamespaces: ancestorNamespaces
		/**
		* When canonicalization algorithm is non-exclusive, search for ancestor namespaces
		* before validating references.
		* Search for ancestor namespaces before validating references.
		*/
		if(Array.isArray(ref.transforms)){
		var hasNonExcC14nTransform = false;
		for(var t in ref.transforms){
		if(!ref.transforms.hasOwnProperty(t)) continue;

		if(ref.transforms[t] === "http://www.w3.org/TR/2001/REC-xml-c14n-20010315"
		\|\| ref.transforms[t] === "http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments")
		{
		hasNonExcC14nTransform = true;
		break;
		}
		}

		if(hasNonExcC14nTransform){
		ref.ancestorNamespaces = findAncestorNs(doc, elemXpath);
		}
		if(Array.isArray(ref.transforms)){
		ref.ancestorNamespaces = findAncestorNs(doc, elemXpath);
		}
		@@ -481,2 +465,3 @@
		};

		var canonXml = this.getCanonXml(ref.transforms, elem[0], c14nOptions);
		@@ -486,27 +471,3 @@
		var digest = hash.getHash(canonXml)

		if (!validateDigestValue(digest, ref.digestValue)) {
		if (ref.inclusiveNamespacesPrefixList) {
		// fallback: apply InclusiveNamespaces workaround (https://github.com/yaronn/xml-crypto/issues/72)
		var prefixList = ref.inclusiveNamespacesPrefixList instanceof Array ? ref.inclusiveNamespacesPrefixList : ref.inclusiveNamespacesPrefixList.split(' ');
		var supported_definitions = {
		'xs': 'http://www.w3.org/2001/XMLSchema',
		'xsi': 'http://www.w3.org/2001/XMLSchema-instance',
		'saml': 'urn:oasis:names:tc:SAML:2.0:assertion'
		}

		prefixList.forEach(function (prefix) {
		if (supported_definitions[prefix]) {
		elem[0].setAttributeNS('http://www.w3.org/2000/xmlns/', 'xmlns:' + prefix, supported_definitions[prefix]);
		}
		});

		canonXml = this.getCanonXml(ref.transforms, elem[0], { inclusiveNamespacesPrefixList: ref.inclusiveNamespacesPrefixList });
		digest = hash.getHash(canonXml);
		if (digest === ref.digestValue) {
		return true;
		}
		}
		}

		if (!validateDigestValue(digest, ref.digestValue)) {
		@@ -621,5 +582,12 @@ this.validationErrors.push("invalid signature: for uri " + ref.uri +

		var inclusiveNamespaces = xpath.select("//*[local-name(.)='InclusiveNamespaces']", transformsNode);
		var inclusiveNamespaces = utils.findChilds(trans, "InclusiveNamespaces")
		if (inclusiveNamespaces.length > 0) {
		inclusiveNamespacesPrefixList = inclusiveNamespaces[0].getAttribute('PrefixList');
		//Should really only be one prefix list, but maybe there's some circumstances where more than one to lets handle it
		for (var i = 0; i<inclusiveNamespaces.length; i++) {
		if (inclusiveNamespacesPrefixList) {
		inclusiveNamespacesPrefixList = inclusiveNamespacesPrefixList + " " + inclusiveNamespaces[i].getAttribute('PrefixList');
		} else {
		inclusiveNamespacesPrefixList = inclusiveNamespaces[i].getAttribute('PrefixList');
		}
		}
		}
		@@ -926,6 +894,6 @@ }
		if (prefix) {
		xmlNsAttr += ':' + prefix;
		prefix += ':';
		xmlNsAttr += ':' + prefix;
		prefix += ':';
		} else {
		prefix = '';
		prefix = '';
		}
		@@ -932,0 +900,0 @@

package.json

		{
		"name": "xml-crypto",
		"version": "1.2.0",
		"version": "1.3.0",
		"description": "Xml digital signature and encryption library for Node.js",
		@@ -5,0 +5,0 @@ "engines": {

xml-crypto - npm Package Compare versions

New alerts

Fixed alerts

Improved metrics