Skip to content

Commit

Permalink
Ensure the X509Certificate tag is properly prefixed (#377)
Browse files Browse the repository at this point in the history
  • Loading branch information
@casewalker
casewalker authored Oct 7, 2023
1 parent 2aa2d13 commit 073d4a6
Show file tree
Hide file tree
Showing 2 changed files with 16 additions and 9 deletions.
7 changes: 6 additions & 1 deletion src/signed-xml.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -194,7 +194,12 @@ export class SignedXml {

if (publicCertMatches.length > 0) {
x509Certs = publicCertMatches
.map((c) => `<X509Certificate>${utils.pemToDer(c).toString("base64")}</X509Certificate>`)
.map(
(c) =>
`<${prefix}X509Certificate>${utils
.pemToDer(c)
.toString("base64")}</${prefix}X509Certificate>`,
)
.join("");
}

Expand Down
18 changes: 10 additions & 8 deletions test/signature-unit-tests.spec.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -555,15 +555,13 @@ describe("Signature unit tests", function () {
const xml = '<root><x xmlns="ns"></x><y attr="value"></y><z><w></w></z></root>';
const sig = new SignedXml();

sig.publicCert = fs.readFileSync("./test/static/client_public.pem");
sig.CanonicalizationAlgorithms["http://DummyTransformation"] = DummyTransformation;
sig.CanonicalizationAlgorithms["http://DummyCanonicalization"] = DummyCanonicalization;
sig.HashAlgorithms["http://dummyDigest"] = DummyDigest;
sig.SignatureAlgorithms["http://dummySignatureAlgorithm"] = DummySignatureAlgorithm;

sig.signatureAlgorithm = "http://dummySignatureAlgorithm";
sig.getKeyInfoContent = function () {
return "<ds:dummy>dummy key info</ds:dummy>";
};
sig.canonicalizationAlgorithm = "http://DummyCanonicalization";
sig.privateKey = "";

Expand Down Expand Up @@ -615,11 +613,13 @@ describe("Signature unit tests", function () {
"</ds:SignedInfo>" +
"<ds:SignatureValue>dummy signature</ds:SignatureValue>" +
"<ds:KeyInfo>" +
"<ds:dummy>dummy key info</ds:dummy>" +
"<ds:X509Data>" +
"<ds:X509Certificate>MIIBxDCCAW6gAwIBAgIQxUSXFzWJYYtOZnmmuOMKkjANBgkqhkiG9w0BAQQFADAWMRQwEgYDVQQDEwtSb290IEFnZW5jeTAeFw0wMzA3MDgxODQ3NTlaFw0zOTEyMzEyMzU5NTlaMB8xHTAbBgNVBAMTFFdTRTJRdWlja1N0YXJ0Q2xpZW50MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC+L6aB9x928noY4+0QBsXnxkQE4quJl7c3PUPdVu7k9A02hRG481XIfWhrDY5i7OEB7KGW7qFJotLLeMec/UkKUwCgv3VvJrs2nE9xO3SSWIdNzADukYh+Cxt+FUU6tUkDeqg7dqwivOXhuOTRyOI3HqbWTbumaLdc8jufz2LhaQIDAQABo0swSTBHBgNVHQEEQDA+gBAS5AktBh0dTwCNYSHcFmRjoRgwFjEUMBIGA1UEAxMLUm9vdCBBZ2VuY3mCEAY3bACqAGSKEc+41KpcNfQwDQYJKoZIhvcNAQEEBQADQQAfIbnMPVYkNNfX1tG1F+qfLhHwJdfDUZuPyRPucWF5qkh6sSdWVBY5sT/txBnVJGziyO8DPYdu2fPMER8ajJfl</ds:X509Certificate>" +
"</ds:X509Data>" +
"</ds:KeyInfo>" +
"</ds:Signature>";

expect(expected, "wrong signature format").to.equal(signature);
expect(signature, "wrong signature format").to.equal(expected);

const signedXml = sig.getSignedXml();
const expectedSignedXml =
Expand Down Expand Up @@ -652,17 +652,19 @@ describe("Signature unit tests", function () {
"</ds:SignedInfo>" +
"<ds:SignatureValue>dummy signature</ds:SignatureValue>" +
"<ds:KeyInfo>" +
"<ds:dummy>dummy key info</ds:dummy>" +
"<ds:X509Data>" +
"<ds:X509Certificate>MIIBxDCCAW6gAwIBAgIQxUSXFzWJYYtOZnmmuOMKkjANBgkqhkiG9w0BAQQFADAWMRQwEgYDVQQDEwtSb290IEFnZW5jeTAeFw0wMzA3MDgxODQ3NTlaFw0zOTEyMzEyMzU5NTlaMB8xHTAbBgNVBAMTFFdTRTJRdWlja1N0YXJ0Q2xpZW50MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC+L6aB9x928noY4+0QBsXnxkQE4quJl7c3PUPdVu7k9A02hRG481XIfWhrDY5i7OEB7KGW7qFJotLLeMec/UkKUwCgv3VvJrs2nE9xO3SSWIdNzADukYh+Cxt+FUU6tUkDeqg7dqwivOXhuOTRyOI3HqbWTbumaLdc8jufz2LhaQIDAQABo0swSTBHBgNVHQEEQDA+gBAS5AktBh0dTwCNYSHcFmRjoRgwFjEUMBIGA1UEAxMLUm9vdCBBZ2VuY3mCEAY3bACqAGSKEc+41KpcNfQwDQYJKoZIhvcNAQEEBQADQQAfIbnMPVYkNNfX1tG1F+qfLhHwJdfDUZuPyRPucWF5qkh6sSdWVBY5sT/txBnVJGziyO8DPYdu2fPMER8ajJfl</ds:X509Certificate>" +
"</ds:X509Data>" +
"</ds:KeyInfo>" +
"</ds:Signature>" +
"</root>";

expect(expectedSignedXml, "wrong signedXml format").to.equal(signedXml);
expect(signedXml, "wrong signedXml format").to.equal(expectedSignedXml);

const originalXmlWithIds = sig.getOriginalXmlWithIds();
const expectedOriginalXmlWithIds =
'<root><x xmlns="ns" Id="_0"/><y attr="value" Id="_1"/><z><w Id="_2"/></z></root>';
expect(expectedOriginalXmlWithIds, "wrong OriginalXmlWithIds").to.equal(originalXmlWithIds);
expect(originalXmlWithIds, "wrong OriginalXmlWithIds").to.equal(expectedOriginalXmlWithIds);
});

it("signer creates correct signature values", function () {
Expand Down

0 comments on commit 073d4a6

Please sign in to comment.