Revert "Bugfix: ensure inclusive namespaces written on root node (#163)"

LoneRifle · LoneRifle · commit 08ba71f69cef · 2019-01-28T19:49:52.000+08:00
PR #163 modifies the root node, which may be a problem when creating the signature value, which uses a dummy signature wrapper. Revert first, investigate later. This attempts to quick fix #167 and #164 This reverts commit a0de707.
diff --git a/lib/exclusive-canonicalization.js b/lib/exclusive-canonicalization.js
@@ -78,19 +78,13 @@ function isPrefixInScope(prefixesInScope, prefix, namespaceURI)
  * @return {String}
  * @api private
  */
-ExclusiveCanonicalization.prototype.renderNs = function(node,
-                                                        prefixesInScope,
-                                                        defaultNs,
-                                                        defaultNsForPrefix,
-                                                        inclusiveNamespacesPrefixList,
-                                                        ancestorNamespaces,
-                                                        topNode
-                                                        ) {
+ExclusiveCanonicalization.prototype.renderNs = function(node, prefixesInScope, defaultNs, defaultNsForPrefix, inclusiveNamespacesPrefixList) {
   var a, i, p, attr
     , res = []
     , newDefaultNs = defaultNs
     , nsListToRender = []
     , currNs = node.namespaceURI || "";
+
   //handle the namespaceof the node itself
   if (node.prefix) {
     if (!isPrefixInScope(prefixesInScope, node.prefix, node.namespaceURI || defaultNsForPrefix[node.prefix])) {
@@ -104,57 +98,23 @@ ExclusiveCanonicalization.prototype.renderNs = function(node,
       res.push(' xmlns="', newDefaultNs, '"');
   }
 
-  if(topNode) {
-    for(var j = 0; j < ancestorNamespaces.length; j++) {
-      var ancestorNs = ancestorNamespaces[j];
-      for(var k = 0; k < inclusiveNamespacesPrefixList.length; k++) {
-        var inclusiveNs = inclusiveNamespacesPrefixList[k];
-        if(ancestorNs.prefix === inclusiveNs && !isPrefixInScope(prefixesInScope, ancestorNs.prefix, ancestorNs.namespaceURI)) {
-          nsListToRender.push({"prefix": ancestorNs.prefix, "namespaceURI": ancestorNs.namespaceURI});
-          prefixesInScope.push({"prefix": ancestorNs.prefix, "namespaceURI": ancestorNs.namespaceURI});
-        }
-      }
-    }
-  }
-
   //handle the attributes namespace
   if (node.attributes) {
     for (i = 0; i < node.attributes.length; ++i) {
       attr = node.attributes[i];
 
-
       //handle all prefixed attributes that are included in the prefix list and where
       //the prefix is not defined already
-      if (attr.prefix &&
-        !isPrefixInScope(prefixesInScope, attr.localName, attr.value) &&
-        (inclusiveNamespacesPrefixList.indexOf(attr.localName) >= 0)) {
+      if (attr.prefix && !isPrefixInScope(prefixesInScope, attr.localName, attr.value) && inclusiveNamespacesPrefixList.indexOf(attr.localName) >= 0) {
         nsListToRender.push({"prefix": attr.localName, "namespaceURI": attr.value});
         prefixesInScope.push({"prefix": attr.localName, "namespaceURI": attr.value});
       }
 
       //handle all prefixed attributes that are not xmlns definitions and where
       //the prefix is not defined already
-      if (attr.prefix && attr.prefix!=="xmlns" && attr.prefix!=="xml") {
-        var artificiallyIntroduced = false;
-        if(attr.namespaceURI === undefined) {
-          //This could mean that the namespace Uri has been reset to "", or it could mean we have artificially
-          //introduced it because it was in inclusiveNamespacePrefixList
-          if(inclusiveNamespacesPrefixList.indexOf(attr.prefix) >= 0) {
-            for(var j = 0; j < ancestorNamespaces.length; j++) {
-              var ancestorNs = ancestorNamespaces[j];
-              if(ancestorNs.prefix === attr.prefix) {
-                artificiallyIntroduced = true;
-                break;
-              }
-            }
-          }
-        }
-        if(!artificiallyIntroduced) {
-          if(!isPrefixInScope(prefixesInScope, attr.prefix, attr.namespaceURI)) {
-            nsListToRender.push({"prefix": attr.prefix, "namespaceURI": attr.namespaceURI|| defaultNsForPrefix[attr.prefix]});
-            prefixesInScope.push({"prefix": attr.prefix, "namespaceURI": attr.namespaceURI|| defaultNsForPrefix[attr.prefix]});
-          }
-        }
+      if (attr.prefix && !isPrefixInScope(prefixesInScope, attr.prefix, attr.namespaceURI) && attr.prefix!="xmlns" && attr.prefix!="xml") {
+        nsListToRender.push({"prefix": attr.prefix, "namespaceURI": attr.namespaceURI});
+        prefixesInScope.push({"prefix": attr.prefix, "namespaceURI": attr.namespaceURI});
       }
     }
   }
@@ -172,23 +132,18 @@ ExclusiveCanonicalization.prototype.renderNs = function(node,
   return {"rendered": res.join(""), "newDefaultNs": newDefaultNs};
 };
 
-ExclusiveCanonicalization.prototype.processInner = function(node,
-                                                            prefixesInScope,
-                                                            defaultNs,
-                                                            defaultNsForPrefix,
-                                                            inclusiveNamespacesPrefixList,
-                                                            ancestorNamespaces,
-                                                            topNode) {
+ExclusiveCanonicalization.prototype.processInner = function(node, prefixesInScope, defaultNs, defaultNsForPrefix, inclusiveNamespacesPrefixList) {
+
   if (node.nodeType === 8) { return this.renderComment(node); }
   if (node.data) { return utils.encodeSpecialCharactersInText(node.data); }
 
   var i, pfxCopy
-    , ns = this.renderNs(node, prefixesInScope, defaultNs, defaultNsForPrefix, inclusiveNamespacesPrefixList, ancestorNamespaces, topNode)
+    , ns = this.renderNs(node, prefixesInScope, defaultNs, defaultNsForPrefix, inclusiveNamespacesPrefixList)
     , res = ["<", node.tagName, ns.rendered, this.renderAttrs(node, ns.newDefaultNs), ">"];
 
   for (i = 0; i < node.childNodes.length; ++i) {
     pfxCopy = prefixesInScope.slice(0);
-    res.push(this.processInner(node.childNodes[i], pfxCopy, ns.newDefaultNs, defaultNsForPrefix, inclusiveNamespacesPrefixList, ancestorNamespaces, false));
+    res.push(this.processInner(node.childNodes[i], pfxCopy, ns.newDefaultNs, defaultNsForPrefix, inclusiveNamespacesPrefixList));
   }
 
   res.push("</", node.tagName, ">");
@@ -242,10 +197,9 @@ ExclusiveCanonicalization.prototype.process = function(node, options) {
   var inclusiveNamespacesPrefixList = options.inclusiveNamespacesPrefixList || [];
   var defaultNs = options.defaultNs || "";
   var defaultNsForPrefix = options.defaultNsForPrefix || {};
-  var ancestorNamespaces = options.ancestorNamespaces || [];
   if (!(inclusiveNamespacesPrefixList instanceof Array)) { inclusiveNamespacesPrefixList = inclusiveNamespacesPrefixList.split(' '); }
 
-  var res = this.processInner(node, [], defaultNs, defaultNsForPrefix, inclusiveNamespacesPrefixList, ancestorNamespaces, true);
+  var res = this.processInner(node, [], defaultNs, defaultNsForPrefix, inclusiveNamespacesPrefixList);
   return res;
 };
 
diff --git a/lib/signed-xml.js b/lib/signed-xml.js
@@ -373,9 +373,9 @@ SignedXml.prototype.validateSignatureValue = function(doc) {
       throw new Error("When canonicalization method is non-exclusive, whole xml dom must be provided as an argument");
     }
     
+    ancestorNamespaces = findAncestorNs(doc, "//*[local-name()='SignedInfo']");
   }
-  ancestorNamespaces = findAncestorNs(doc, "//*[local-name()='SignedInfo']");
-
+  
   var c14nOptions = {
     ancestorNamespaces: ancestorNamespaces
   };
@@ -449,12 +449,25 @@ SignedXml.prototype.validateReferences = function(doc) {
     }
   
     /**
-     * Search for ancestor namespaces before validating references. Ancestor namespaces are needed
-     * even for exclusive canonicalization because they may be needed for namespaces that are on the
-     * inclusive namespace prefix list.
+     * When canonicalization algorithm is non-exclusive, search for ancestor namespaces
+     * before validating references.
      */
     if(Array.isArray(ref.transforms)){
-      ref.ancestorNamespaces = findAncestorNs(doc, elemXpath);
+      var hasNonExcC14nTransform = false;
+      for(var t in ref.transforms){
+        if(!ref.transforms.hasOwnProperty(t)) continue;
+        
+        if(ref.transforms[t] === "http://www.w3.org/TR/2001/REC-xml-c14n-20010315"
+        || ref.transforms[t] === "http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments")
+        {
+          hasNonExcC14nTransform = true;
+          break;
+        }
+      }
+    
+      if(hasNonExcC14nTransform){
+        ref.ancestorNamespaces = findAncestorNs(doc, elemXpath);
+      }
     }
   
     var c14nOptions = {
diff --git a/test/canonicalization-unit-tests.js b/test/canonicalization-unit-tests.js
@@ -4,15 +4,14 @@ var ExclusiveCanonicalization = require("../lib/exclusive-canonicalization").Exc
   , SignedXml = require('../lib/signed-xml.js').SignedXml
 
 
-var compare = function(test, xml, xpath, expected, inclusiveNamespacesPrefixList, defaultNsForPrefix, ancestorNamespaces) {
+var compare = function(test, xml, xpath, expected, inclusiveNamespacesPrefixList, defaultNsForPrefix) {
     test.expect(1)
     var doc = new Dom().parseFromString(xml)
     var elem = select(xpath, doc)[0]
     var can = new ExclusiveCanonicalization()
     var result = can.process(elem, {
       inclusiveNamespacesPrefixList: inclusiveNamespacesPrefixList,
-      defaultNsForPrefix: defaultNsForPrefix,
-      ancestorNamespaces: ancestorNamespaces
+      defaultNsForPrefix: defaultNsForPrefix
     }).toString()
 
     test.equal(expected, result)
@@ -443,14 +442,5 @@ module.exports = {
             '//*',
             '<ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#"><ds:InclusiveNamespaces xmlns:ds="http://www.w3.org/2001/10/xml-exc-c14n#"></ds:InclusiveNamespaces></ds:Signature>',
             'ds')
-  },
-
-  "An ancestor namespace, which is included in the inclusiveNamespacePrefixList should be added to the top level element": function (test) {
-    compare(test, '<root><child inclusive:attr="value"></child></root>',
-            '//*',
-             '<root xmlns:inclusive="urn:inclusive"><child inclusive:attr="value"></child></root>',
-      "inclusive",
-      {},
-      [{"prefix": "inclusive", "namespaceURI": "urn:inclusive"}]);
   }
 }
