Replace xpath.js with xpath

xpath.js was forked and has since been more actively maintained
than the original, so switch to using that instead

This commit seeks to resolve the issues found in #165 by
using the abovementioned package to avoid a possible bug
with xpath.js. See #165 for further information

Author: LoneRifle

README.md

@@ -179,7 +179,7 @@ You might find it difficult to guess such transforms, but there are typical tran
 
 ### xpath
 
-See [xpath.js](https://github.com/yaronn/xpath.js) for usage
+See [xpath](https://github.com/goto100/xpath) for usage
 
 ### SignedXml
 

example/example.js

@@ -16,7 +16,7 @@ function signXml(xml, xpath, key, dest)
 function validateXml(xml, key)
 {
   var doc = new dom().parseFromString(xml)    
-  var signature = select(doc, "/*/*[local-name(.)='Signature' and namespace-uri(.)='http://www.w3.org/2000/09/xmldsig#']")[0]
+  var signature = select("/*/*[local-name(.)='Signature' and namespace-uri(.)='http://www.w3.org/2000/09/xmldsig#']", doc)[0]
   var sig = new SignedXml()
   sig.keyInfoProvider = new FileKeyInfo(key)
   sig.loadSignature(signature.toString())

index.js

@@ -1,2 +1,2 @@
 module.exports = require('./lib/signed-xml')
-module.exports.xpath = require('xpath.js')
+module.exports.xpath = require('xpath').select

lib/enveloped-signature.js

@@ -1,12 +1,12 @@
-var xpath = require('xpath.js');
+var xpath = require('xpath');
 
 exports.EnvelopedSignature = EnvelopedSignature;
 
 function EnvelopedSignature() {
 }
 
 EnvelopedSignature.prototype.process = function (node) {
-  var signature = xpath(node, "./*[local-name(.)='Signature' and namespace-uri(.)='http://www.w3.org/2000/09/xmldsig#']")[0];  
+  var signature = xpath.select("./*[local-name(.)='Signature' and namespace-uri(.)='http://www.w3.org/2000/09/xmldsig#']", node)[0];  
   if (signature) signature.parentNode.removeChild(signature);
   return node;
 };

lib/signed-xml.js

@@ -1,12 +1,11 @@
-var select = require('xpath.js')
+var xpath = require('xpath')
   , Dom = require('xmldom').DOMParser
   , utils = require('./utils')
   , c14n = require('./c14n-canonicalization')
   , execC14n = require('./exclusive-canonicalization')
   , EnvelopedSignature = require('./enveloped-signature').EnvelopedSignature
   , crypto = require('crypto')
   , fs = require('fs')
-  , xpath = require('xpath.js')
 
 exports.SignedXml = SignedXml
 exports.FileKeyInfo = FileKeyInfo
@@ -209,7 +208,7 @@ function HMACSHA1() {
  * @returns {Array} i.e. [{prefix: "saml", namespaceURI: "urn:oasis:names:tc:SAML:2.0:assertion"}]
  */
 function findAncestorNs(doc, docSubsetXpath){
-  var docSubset = xpath(doc, docSubsetXpath);
+  var docSubset = xpath.select(docSubsetXpath, doc);
 
   if(!Array.isArray(docSubset) || docSubset.length < 1){
     return [];
@@ -418,7 +417,7 @@ SignedXml.prototype.validateReferences = function(doc) {
     var elemXpath;
 
     if (uri=="") {
-      elem = select(doc, "//*")
+      elem = xpath.select("//*", doc)
     }
     else if (uri.indexOf("'") != -1) {
       // xpath injection
@@ -429,7 +428,7 @@ SignedXml.prototype.validateReferences = function(doc) {
       for (var index in this.idAttributes) {
         if (!this.idAttributes.hasOwnProperty(index)) continue;
         var tmp_elemXpath = "//*[@*[local-name(.)='" + this.idAttributes[index] + "']='" + uri + "']";
-        var tmp_elem = select(doc, tmp_elemXpath)
+        var tmp_elem = xpath.select(tmp_elemXpath, doc)
         num_elements_for_id += tmp_elem.length;
         if (tmp_elem.length > 0) {
           elem = tmp_elem;
@@ -519,15 +518,15 @@ SignedXml.prototype.loadSignature = function(signatureNode) {
 
   this.signatureXml = signatureNode.toString();
 
-  var nodes = select(signatureNode, ".//*[local-name(.)='CanonicalizationMethod']/@Algorithm")
+  var nodes = xpath.select(".//*[local-name(.)='CanonicalizationMethod']/@Algorithm", signatureNode)
   if (nodes.length==0) throw new Error("could not find CanonicalizationMethod/@Algorithm element")
   this.canonicalizationAlgorithm = nodes[0].value
 
   this.signatureAlgorithm =
     utils.findFirst(signatureNode, ".//*[local-name(.)='SignatureMethod']/@Algorithm").value
 
   this.references = []
-  var references = select(signatureNode, ".//*[local-name(.)='SignedInfo']/*[local-name(.)='Reference']")
+  var references = xpath.select(".//*[local-name(.)='SignedInfo']/*[local-name(.)='Reference']", signatureNode)
   if (references.length == 0) throw new Error("could not find any Reference elements")
 
   for (var i in references) {
@@ -539,7 +538,7 @@ SignedXml.prototype.loadSignature = function(signatureNode) {
   this.signatureValue =
     utils.findFirst(signatureNode, ".//*[local-name(.)='SignatureValue']/text()").data.replace(/\r?\n/g, '')
 
-  this.keyInfo = select(signatureNode, ".//*[local-name(.)='KeyInfo']")
+  this.keyInfo = xpath.select(".//*[local-name(.)='KeyInfo']", signatureNode)
 }
 
 /**
@@ -576,7 +575,7 @@ SignedXml.prototype.loadReference = function(ref) {
       transforms.push(utils.findAttr(trans, "Algorithm").value)
     }
 
-    var inclusiveNamespaces = select(transformsNode, "//*[local-name(.)='InclusiveNamespaces']");
+    var inclusiveNamespaces = xpath.select("//*[local-name(.)='InclusiveNamespaces']", transformsNode);
     if (inclusiveNamespaces.length > 0) {
       inclusiveNamespacesPrefixList = inclusiveNamespaces[0].getAttribute('PrefixList');
     }
@@ -685,7 +684,7 @@ SignedXml.prototype.computeSignature = function(xml, opts) {
 
   var signatureDoc = new Dom().parseFromString(this.signatureXml)
 
-  var referenceNode = select(doc, location.reference);
+  var referenceNode = xpath.select(location.reference, doc);
 
   if (!referenceNode || referenceNode.length === 0) {
     throw new Error("the following xpath cannot be used because it was not found: " + location.reference);
@@ -736,7 +735,7 @@ SignedXml.prototype.createReferences = function(doc, prefix) {
     if (!this.references.hasOwnProperty(n)) continue;
 
     var ref = this.references[n]
-      , nodes = select(doc, ref.xpath)
+      , nodes = xpath.select(ref.xpath, doc)
 
     if (nodes.length==0) {
       throw new Error('the following xpath cannot be signed because it was not found: ' + ref.xpath)

lib/utils.js

@@ -1,4 +1,4 @@
-var select = require('xpath.js');
+var select = require('xpath').select
 
 function findAttr(node, localName, namespace) {
   for (var i = 0; i<node.attributes.length; i++) {
@@ -12,7 +12,7 @@ function findAttr(node, localName, namespace) {
 }
 
 function findFirst(doc, xpath) {  
-  var nodes = select(doc, xpath)    
+  var nodes = select(xpath, doc)    
   if (nodes.length==0) throw "could not find xpath " + xpath
   return nodes[0]
 }

package-lock.json

@@ -11,7 +11,7 @@
   ],
   "dependencies": {
     "xmldom": "0.1.27",
-    "xpath.js": ">=0.0.3"
+    "xpath": "0.0.27"
   },
   "devDependencies": {
     "nodeunit": "^0.11.3"

package.json

@@ -1,11 +1,11 @@
 var C14nCanonicalization = require("../lib/c14n-canonicalization").C14nCanonicalization
   , Dom = require('xmldom').DOMParser
-  , select = require('xpath.js')
+  , select = require('xpath').select
   , findAncestorNs = require('../lib/signed-xml').SignedXml.findAncestorNs
 
 var test_C14nCanonicalization = function(test, xml, xpath, expected) {
   var doc = new Dom().parseFromString(xml);
-  var elem = select(doc, xpath)[0];
+  var elem = select(xpath, doc)[0];
   var can = new C14nCanonicalization();
   var result = can.process(elem, {
     ancestorNamespaces: findAncestorNs(doc, xpath)

test/c14n-non-exclusive-unit-test.js

@@ -1,13 +1,13 @@
 var c14nWithComments = require("../lib/exclusive-canonicalization").ExclusiveCanonicalizationWithComments
   , Dom = require('xmldom').DOMParser
-  , select = require('xpath.js')
+  , select = require('xpath').select
   , SignedXml = require('../lib/signed-xml.js').SignedXml
 
 
 var compare = function(test, xml, xpath, expected, inclusiveNamespacesPrefixList) {
     test.expect(1)
     var doc = new Dom().parseFromString(xml)
-    var elem = select(doc, xpath)[0]
+    var elem = select(xpath, doc)[0]
     var can = new c14nWithComments()
     var result = can.process(elem, { inclusiveNamespacesPrefixList: inclusiveNamespacesPrefixList }).toString()
 
@@ -345,7 +345,7 @@ module.exports = {
   "Multiple Canonicalization with namespace definition outside of signed element": function (test) {
       //var doc = new Dom().parseFromString("<x xmlns:p=\"myns\"><p:y><ds:Signature xmlns:ds=\"http://www.w3.org/2000/09/xmldsig#\"></ds:Signature></p:y></x>")
       var doc = new Dom().parseFromString("<x xmlns:p=\"myns\"><p:y></p:y></x>")
-      var node = select(doc, "//*[local-name(.)='y']")[0]      
+      var node = select("//*[local-name(.)='y']", doc)[0]      
       var sig = new SignedXml()
       var res = sig.getCanonXml(["http://www.w3.org/2000/09/xmldsig#enveloped-signature", "http://www.w3.org/2001/10/xml-exc-c14n#"], node)
       test.equal("<p:y xmlns:p=\"myns\"></p:y>", res)
@@ -358,7 +358,7 @@ module.exports = {
     //   in a document.
     var xml = '<x><ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#" /><y><ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#" /></y></x>';
     var doc = new Dom().parseFromString(xml);
-    var node = select(doc, "//*[local-name(.)='y']")[0];
+    var node = select("//*[local-name(.)='y']", doc)[0];
     var sig = new SignedXml();
     var transforms = ["http://www.w3.org/2000/09/xmldsig#enveloped-signature"];
     var res = sig.getCanonXml(transforms, node);