lint

.eslintrc.json

@@ -19,7 +19,7 @@
   ],
   "rules": {
     "no-console": "error",
-    "no-unused-vars": "error",
+    "no-unused-vars": "warn",
     "no-prototype-builtins": "error",
     "one-var": ["error", "never"],
     "no-duplicate-imports": "error",
@@ -30,6 +30,7 @@
     "prefer-const": "error",
     "deprecation/deprecation": "warn",
     "@typescript-eslint/no-non-null-assertion": "error",
-    "@typescript-eslint/no-unused-vars": "error"
+    "@typescript-eslint/no-unused-vars": "warn",
+    "@typescript-eslint/no-this-alias": "warn"
   }
 }

src/c14n-canonicalization.ts

@@ -1,10 +1,13 @@
-import { CanonicalizationOrTransformationAlgorithm, ProcessOptions } from "./types";
+import {
+  CanonicalizationOrTransformationAlgorithm,
+  NamespacePrefix,
+  ProcessOptions,
+  RenderedNamespace,
+} from "./types";
 import * as utils from "./utils";
 
 export class C14nCanonicalization implements CanonicalizationOrTransformationAlgorithm {
-  includeComments: boolean = false;
-
-  constructor() {}
+  includeComments = false;
 
   attrCompare(a, b) {
     if (!a.namespaceURI && b.namespaceURI) {
@@ -67,16 +70,21 @@ export class C14nCanonicalization implements CanonicalizationOrTransformationAlg
   /**
    * Create the string of all namespace declarations that should appear on this element
    *
-   * @param {Node} node. The node we now render
-   * @param {Array} prefixesInScope. The prefixes defined on this node
+   * @param node. The node we now render
+   * @param prefixesInScope. The prefixes defined on this node
    *                parents which are a part of the output set
-   * @param {String} defaultNs. The current default namespace
-   * @param {String} defaultNsForPrefix.
-   * @param {String} ancestorNamespaces - Import ancestor namespaces if it is specified
-   * @return {String}
+   * @param defaultNs. The current default namespace
+   * @param  defaultNsForPrefix.
+   * @param ancestorNamespaces - Import ancestor namespaces if it is specified
    * @api private
    */
-  renderNs(node, prefixesInScope, defaultNs, defaultNsForPrefix, ancestorNamespaces) {
+  renderNs(
+    node: Element,
+    prefixesInScope: string[],
+    defaultNs: string,
+    defaultNsForPrefix: string,
+    ancestorNamespaces: NamespacePrefix[]
+  ): RenderedNamespace {
     let i;
     let attr;
     const res: string[] = [];
@@ -95,7 +103,7 @@ export class C14nCanonicalization implements CanonicalizationOrTransformationAlg
       }
     } else if (defaultNs !== currNs) {
       //new default ns
-      newDefaultNs = node.namespaceURI;
+      newDefaultNs = node.namespaceURI || "";
       res.push(' xmlns="', newDefaultNs, '"');
     }
 
@@ -149,7 +157,7 @@ export class C14nCanonicalization implements CanonicalizationOrTransformationAlg
     //render namespaces
     res.push(...nsListToRender.map((attr) => ` xmlns:${attr.prefix}="${attr.namespaceURI}"`));
 
-    return { rendered: res.join(""), newDefaultNs: newDefaultNs };
+    return { rendered: res.join(""), newDefaultNs };
   }
 
   processInner(node, prefixesInScope, defaultNs, defaultNsForPrefix, ancestorNamespaces) {

src/enveloped-signature.ts

@@ -1,19 +1,20 @@
-const xpath = require("xpath");
+import * as xpath from "xpath";
+
 import {
   CanonicalizationOrTransformationAlgorithm,
   CanonicalizationOrTransformationAlgorithmProcessOptions,
   CanonicalizationOrTransformAlgorithmType,
 } from "./types";
-import * as utils from "./utils";
+
 export class EnvelopedSignature implements CanonicalizationOrTransformationAlgorithm {
-  includeComments: boolean = false;
+  includeComments = false;
   process(node: Node, options: CanonicalizationOrTransformationAlgorithmProcessOptions) {
     if (null == options.signatureNode) {
-      const signature = xpath.select(
+      const signature = xpath.select1(
         "./*[local-name(.)='Signature' and namespace-uri(.)='http://www.w3.org/2000/09/xmldsig#']",
         node
-      )[0];
-      if (signature) {
+      );
+      if (xpath.isNodeLike(signature) && signature.parentNode) {
         signature.parentNode.removeChild(signature);
       }
       return node;
@@ -22,18 +23,27 @@ export class EnvelopedSignature implements CanonicalizationOrTransformationAlgor
     const expectedSignatureValue = xpath.select1(
       ".//*[local-name(.)='SignatureValue']/text()",
       signatureNode
-    ).data;
-    const signatures = xpath.select(
-      ".//*[local-name(.)='Signature' and namespace-uri(.)='http://www.w3.org/2000/09/xmldsig#']",
-      node
     );
-    for (const nodeSignature of signatures) {
-      const signatureValue = xpath.select1(
-        ".//*[local-name(.)='SignatureValue']/text()",
-        nodeSignature
-      ).data;
-      if (expectedSignatureValue === signatureValue) {
-        nodeSignature.parentNode.removeChild(nodeSignature);
+    if (xpath.isTextNode(expectedSignatureValue)) {
+      const expectedSignatureValueData = expectedSignatureValue.data;
+
+      const signatures = xpath.select(
+        ".//*[local-name(.)='Signature' and namespace-uri(.)='http://www.w3.org/2000/09/xmldsig#']",
+        node
+      );
+      for (const nodeSignature of Array.isArray(signatures) ? signatures : []) {
+        const signatureValue = xpath.select1(
+          ".//*[local-name(.)='SignatureValue']/text()",
+          nodeSignature
+        );
+        if (xpath.isTextNode(signatureValue)) {
+          const signatureValueData = signatureValue.data;
+          if (expectedSignatureValueData === signatureValueData) {
+            if (nodeSignature.parentNode) {
+              nodeSignature.parentNode.removeChild(nodeSignature);
+            }
+          }
+        }
       }
     }
     return node;

src/exclusive-canonicalization.ts

@@ -13,9 +13,7 @@ function isPrefixInScope(prefixesInScope, prefix, namespaceURI) {
 }
 
 export class ExclusiveCanonicalization implements CanonicalizationOrTransformationAlgorithm {
-  includeComments: boolean = false;
-
-  constructor() {}
+  includeComments = false;
 
   attrCompare(a, b) {
     if (!a.namespaceURI && b.namespaceURI) {

src/hash-algorithms.ts

@@ -2,7 +2,6 @@ import * as crypto from "crypto";
 import { HashAlgorithm } from "./types";
 
 export class Sha1 implements HashAlgorithm {
-  constructor() {}
   getHash = function (xml) {
     const shasum = crypto.createHash("sha1");
     shasum.update(xml, "utf8");
@@ -16,8 +15,6 @@ export class Sha1 implements HashAlgorithm {
 }
 
 export class Sha256 implements HashAlgorithm {
-  constructor() {}
-
   getHash = function (xml) {
     const shasum = crypto.createHash("sha256");
     shasum.update(xml, "utf8");
@@ -31,7 +28,6 @@ export class Sha256 implements HashAlgorithm {
 }
 
 export class Sha512 implements HashAlgorithm {
-  constructor() {}
   getHash = function (xml) {
     const shasum = crypto.createHash("sha512");
     shasum.update(xml, "utf8");

src/signature-algorithms.ts

@@ -2,8 +2,6 @@ import * as crypto from "crypto";
 import { SignatureAlgorithm, createOptionalCallbackFunction } from "./types";
 
 export class RsaSha1 implements SignatureAlgorithm {
-  constructor() {}
-
   getSignature = createOptionalCallbackFunction(
     (signedInfo: crypto.BinaryLike, privateKey: crypto.KeyLike): string => {
       const signer = crypto.createSign("RSA-SHA1");
@@ -30,7 +28,6 @@ export class RsaSha1 implements SignatureAlgorithm {
 }
 
 export class RsaSha256 implements SignatureAlgorithm {
-  constructor() {}
   getSignature = createOptionalCallbackFunction(
     (signedInfo: crypto.BinaryLike, privateKey: crypto.KeyLike): string => {
       const signer = crypto.createSign("RSA-SHA256");
@@ -57,7 +54,6 @@ export class RsaSha256 implements SignatureAlgorithm {
 }
 
 export class RsaSha512 implements SignatureAlgorithm {
-  constructor() {}
   getSignature = createOptionalCallbackFunction(
     (signedInfo: crypto.BinaryLike, privateKey: crypto.KeyLike): string => {
       const signer = crypto.createSign("RSA-SHA512");
@@ -84,7 +80,6 @@ export class RsaSha512 implements SignatureAlgorithm {
 }
 
 export class HmacSha1 implements SignatureAlgorithm {
-  constructor() {}
   getSignature = createOptionalCallbackFunction(
     (signedInfo: crypto.BinaryLike, privateKey: crypto.KeyLike): string => {
       const signer = crypto.createHmac("SHA1", privateKey);

src/signed-xml.ts

@@ -13,15 +13,14 @@ import {
   ErrorFirstCallback,
 } from "./types";
 
-const xpath = require("xpath");
-const xmldom = require("@xmldom/xmldom");
-const Dom = require("@xmldom/xmldom").DOMParser;
+import * as xpath from "xpath";
+import { DOMParser as Dom } from "@xmldom/xmldom";
 import * as utils from "./utils";
-const c14n = require("./c14n-canonicalization");
-const execC14n = require("./exclusive-canonicalization");
-const envelopedSignatures = require("./enveloped-signature");
-const hashAlgorithms = require("./hash-algorithms");
-const signatureAlgorithms = require("./signature-algorithms");
+import * as c14n from "./c14n-canonicalization";
+import * as execC14n from "./exclusive-canonicalization";
+import * as envelopedSignatures from "./enveloped-signature";
+import * as hashAlgorithms from "./hash-algorithms";
+import * as signatureAlgorithms from "./signature-algorithms";
 import * as crypto from "crypto";
 
 export class SignedXml {
@@ -44,7 +43,7 @@ export class SignedXml {
   /**
    * It specifies a list of namespace prefixes that should be considered "inclusive" during the canonicalization process.
    */
-  inclusiveNamespacesPrefixList: string = "";
+  inclusiveNamespacesPrefixList = "";
   namespaceResolver: XPathNSResolver = {
     lookupNamespaceURI: function (prefix) {
       throw new Error("Not implemented");
@@ -786,7 +785,7 @@ export class SignedXml {
     }
 
     this.signatureNode = signatureDoc;
-    let signedInfoNodes = utils.findChilds(this.signatureNode, "SignedInfo");
+    const signedInfoNodes = utils.findChilds(this.signatureNode, "SignedInfo");
     if (signedInfoNodes.length === 0) {
       const err3 = new Error("could not find SignedInfo element in the message");
       if (!callback) {

src/types.ts

@@ -1,3 +1,4 @@
+/* eslint-disable no-unused-vars */
 // Type definitions for @node-saml/xml-crypto
 // Project: https://github.com/node-saml/xml-crypto#readme
 // Original definitions by: Eric Heikes <https://github.com/eheikes>
@@ -7,6 +8,8 @@
 
 import * as crypto from "crypto";
 
+export type ErrorFirstCallback<T> = (err: Error | null, result?: T) => void;
+
 export type CanonicalizationAlgorithmType =
   | "http://www.w3.org/TR/2001/REC-xml-c14n-20010315"
   | "http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments"
@@ -31,6 +34,15 @@ export type SignatureAlgorithmType =
   | "http://www.w3.org/2000/09/xmldsig#hmac-sha1"
   | string;
 
+/**
+ * @param cert the certificate as a string or array of strings (see https://www.w3.org/TR/2008/REC-xmldsig-core-20080610/#sec-X509Data)
+ * @param prefix an optional namespace alias to be used for the generated XML
+ */
+export type GetKeyInfoContentArgs = {
+  publicCert?: crypto.KeyLike;
+  prefix?: string | null;
+};
+
 /**
  * Options for the SignedXml constructor.
  */
@@ -52,15 +64,21 @@ export type NamespacePrefix = {
   prefix: string;
   namespaceURI: string;
 };
+
 export type ProcessOptions = {
   defaultNs?: string;
   defaultNsForPrefix?: NamespacePrefix;
   ancestorNamespaces?: NamespacePrefix[];
 };
 
+export type RenderedNamespace = {
+  rendered: string;
+  newDefaultNs: string;
+};
+
 export type CanonicalizationOrTransformationAlgorithmProcessOptions = {
   defaultNs?: string;
-  defaultForPrefix?: {};
+  defaultForPrefix?: object;
   ancestorNamespaces?: [];
   signatureNode: Node;
 };
@@ -186,17 +204,6 @@ export interface TransformAlgorithm {
  *  - {@link SignedXml#validationErrors}
  */
 
-/**
- * @param cert the certificate as a string or array of strings (see https://www.w3.org/TR/2008/REC-xmldsig-core-20080610/#sec-X509Data)
- * @param prefix an optional namespace alias to be used for the generated XML
- */
-export type GetKeyInfoContentArgs = {
-  publicCert?: crypto.KeyLike;
-  prefix?: string | null;
-};
-
-export type ErrorFirstCallback<T> = (err: Error | null, result?: T) => void;
-
 /**
  * This function will add a callback version of a sync function.
  *
@@ -223,3 +230,9 @@ export function createOptionalCallbackFunction<T, A extends any[]>(
     }
   }) as any;
 }
+
+declare global {
+  interface ArrayConstructor {
+    isArray(arg: unknown): arg is Array<unknown> | ReadonlyArray<unknown>;
+  }
+}

src/utils.ts

@@ -265,15 +265,15 @@ export function validateDigestValue(digest, expectedDigest) {
   let buffer;
   let expectedBuffer;
 
-  const majorVersion = /^v(\d+)/.exec(process.version)![1];
+  const majorVersion = (/^v(\d+)/.exec(process.version) || [0, 0])[1];
 
   if (+majorVersion >= 6) {
     buffer = Buffer.from(digest, "base64");
     expectedBuffer = Buffer.from(expectedDigest, "base64");
   } else {
     // Compatibility with Node < 5.10.0
-    buffer = new Buffer(digest, "base64");
-    expectedBuffer = new Buffer(expectedDigest, "base64");
+    buffer = Buffer.from(digest, "base64");
+    expectedBuffer = Buffer.from(expectedDigest, "base64");
   }
 
   if (typeof buffer.equals === "function") {

tsconfig.eslint.json

@@ -1,5 +1,5 @@
 {
   "extends": "./tsconfig.json",
   "exclude": [],
-  "include": ["test"]
+  "include": ["test", "src"]
 }

tsconfig.json

@@ -65,5 +65,6 @@
     "skipLibCheck": true /* Skip type checking of declaration files. */,
     "forceConsistentCasingInFileNames": true /* Disallow inconsistently-cased references to the same file. */
   },
-  "exclude": ["node_modules", "docs", "lib", "test", "coverage", "example"]
+  "exclude": ["node_modules", "docs", "lib", "test", "coverage", "example"],
+  "include": ["src"]
 }