Merge remote-tracking branch 'origin/master' into pr/444

node-saml · Jan 26, 2024 · f1ac51c · f1ac51c
2 parents c943243 + 627d83f
commit f1ac51c
Show file tree

Hide file tree

Showing 6 changed files with 28 additions and 11 deletions.
diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml
@@ -43,7 +43,7 @@ jobs:
 
       # Initializes the CodeQL tools for scanning.
       - name: Initialize CodeQL
-        uses: github/codeql-action/init@v2
+        uses: github/codeql-action/init@v3
         with:
           languages: ${{ matrix.language }}
           # If you wish to specify custom queries, you can do so here or in a config file.
@@ -54,7 +54,7 @@ jobs:
       # Autobuild attempts to build any compiled languages  (C/C++, C#, or Java).
       # If this step fails, then you should remove it and run the build manually (see below)
       - name: Autobuild
-        uses: github/codeql-action/autobuild@v2
+        uses: github/codeql-action/autobuild@v3
 
       # ℹ️ Command-line programs to run using the OS shell.
       # 📚 https://git.io/JvXDl
@@ -68,4 +68,4 @@ jobs:
       #   make release
 
       - name: Perform CodeQL Analysis
-        uses: github/codeql-action/analyze@v2
+        uses: github/codeql-action/analyze@v3
diff --git a/README.md b/README.md
@@ -57,8 +57,8 @@ When signing a xml document you can pass the following options to the `SignedXml
 
 - `privateKey` - **[required]** a `Buffer` or pem encoded `String` containing your private key
 - `publicCert` - **[optional]** a `Buffer` or pem encoded `String` containing your public key
-- `signatureAlgorithm` - **[optional]** one of the supported [signature algorithms](#signature-algorithms). Ex: `sign.signatureAlgorithm = "http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"`
-- `canonicalizationAlgorithm` - **[optional]** one of the supported [canonicalization algorithms](#canonicalization-and-transformation-algorithms). Ex: `sign.canonicalizationAlgorithm = "http://www.w3.org/2001/10/xml-exc-c14n#WithComments"`
+- `signatureAlgorithm` - **[required]** one of the supported [signature algorithms](#signature-algorithms). Ex: `sign.signatureAlgorithm = "http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"`
+- `canonicalizationAlgorithm` - **[required]** one of the supported [canonicalization algorithms](#canonicalization-and-transformation-algorithms). Ex: `sign.canonicalizationAlgorithm = "http://www.w3.org/2001/10/xml-exc-c14n#WithComments"`
 
 Use this code:
 
@@ -106,7 +106,24 @@ The result will be:
 
 Note:
 
-If you set the `publicCert` property, a `<X509Data></X509Data>` element with the public certificate will be generated in the signature.
+If you set the `publicCert` and the `getKeyInfoContent` properties, a `<KeyInfo></KeyInfo>` element with the public certificate will be generated in the signature:
+
+```xml
+<Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
+  <SignedInfo>
+    ...[signature info removed]...
+  </SignedInfo>
+  <SignatureValue>vhWzpQyIYuncHUZV9W...[long base64 removed]...</SignatureValue>
+  <KeyInfo>
+    <X509Data>
+      <X509Certificate>MIIGYjCCBJagACCBN...[long base64 removed]...</X509Certificate>
+    </X509Data>
+  </KeyInfo>
+</Signature>
+```
+
+For `getKeyInfoContent`, a default implementation `SignedXml.getKeyInfoContent` is available.
+
 To customize this see [customizing algorithms](#customizing-algorithms) for an example.
 
 ## Verifying Xml documents

diff --git a/src/signed-xml.ts b/src/signed-xml.ts
@@ -151,8 +151,8 @@ export class SignedXml {
     }
     this.implicitTransforms = implicitTransforms ?? this.implicitTransforms;
     this.keyInfoAttributes = keyInfoAttributes ?? this.keyInfoAttributes;
-    this.getKeyInfoContent = getKeyInfoContent ?? SignedXml.noop;
-    this.getCertFromKeyInfo = getCertFromKeyInfo ?? this.getCertFromKeyInfo;
+    this.getKeyInfoContent = getKeyInfoContent ?? this.getKeyInfoContent;
+    this.getCertFromKeyInfo = getCertFromKeyInfo ?? SignedXml.noop;
     this.xadesQualifyingProperties = null;
     this.CanonicalizationAlgorithms;
     this.HashAlgorithms;

diff --git a/test/document-tests.spec.ts b/test/document-tests.spec.ts
@@ -47,6 +47,7 @@ describe("Validated node references tests", function () {
     const xml = fs.readFileSync("./test/static/valid_saml.xml", "utf-8");
     const doc = new xmldom.DOMParser().parseFromString(xml);
     const sig = new SignedXml();
+    sig.getCertFromKeyInfo = SignedXml.getCertFromKeyInfo;
     sig.loadSignature(sig.findSignatures(doc)[0]);
     const validSignature = sig.checkSignature(xml);
     expect(validSignature).to.be.true;
@@ -73,6 +74,7 @@ describe("Validated node references tests", function () {
     const xml = fs.readFileSync("./test/static/valid_saml.xml", "utf-8");
     const doc = new xmldom.DOMParser().parseFromString(xml);
     const sig = new SignedXml();
+    sig.getCertFromKeyInfo = SignedXml.getCertFromKeyInfo;
     sig.loadSignature(sig.findSignatures(doc)[0]);
     const validSignature = sig.checkSignature(xml);
     expect(validSignature).to.be.true;
@@ -86,6 +88,7 @@ describe("Validated node references tests", function () {
     const xml = fs.readFileSync("./test/static/valid_saml.xml", "utf-8");
     const doc = new xmldom.DOMParser().parseFromString(xml);
     const sig = new SignedXml();
+    sig.getCertFromKeyInfo = SignedXml.getCertFromKeyInfo;
     sig.loadSignature(sig.findSignatures(doc)[0]);
     const validSignature = sig.checkSignature(xml);
     expect(validSignature).to.be.true;

diff --git a/test/key-info-tests.spec.ts b/test/key-info-tests.spec.ts
@@ -13,7 +13,6 @@ describe("KeyInfo tests", function () {
     sig.publicCert = fs.readFileSync("./test/static/client_public.pem");
     sig.canonicalizationAlgorithm = "http://www.w3.org/2001/10/xml-exc-c14n#";
     sig.signatureAlgorithm = "http://www.w3.org/2000/09/xmldsig#rsa-sha1";
-    sig.getKeyInfoContent = SignedXml.getKeyInfoContent;
     sig.computeSignature(xml);
     const signedXml = sig.getSignedXml();
     const doc = new xmldom.DOMParser().parseFromString(signedXml);

diff --git a/test/signature-unit-tests.spec.ts b/test/signature-unit-tests.spec.ts
@@ -534,7 +534,6 @@ describe("Signature unit tests", function () {
     sig.signatureAlgorithm = "http://dummySignatureAlgorithm";
     sig.canonicalizationAlgorithm = "http://DummyCanonicalization";
     sig.privateKey = "";
-    sig.getKeyInfoContent = SignedXml.getKeyInfoContent;
 
     sig.addReference({
       xpath: "//*[local-name(.)='x']",
@@ -1237,7 +1236,6 @@ describe("Signature unit tests", function () {
     sig.publicCert = pemBuffer;
     sig.canonicalizationAlgorithm = "http://www.w3.org/2001/10/xml-exc-c14n#";
     sig.signatureAlgorithm = "http://www.w3.org/2000/09/xmldsig#rsa-sha1";
-    sig.getKeyInfoContent = SignedXml.getKeyInfoContent;
     sig.computeSignature(xml);
     const signedXml = sig.getSignedXml();