Add callback options to sign/verify asynchronously

troyfactor4 · troyfactor4 · commit 17bbd1314404 · 2020-04-11T17:13:52.000-03:00
-Hardware Security Module (HSM) signing/verification usually takes
 place over an async connection.
-Used callbacks instead of async/await for minimal code changes
 and backward compatibility
diff --git a/lib/signed-xml.js b/lib/signed-xml.js
@@ -333,28 +333,56 @@ SignedXml.defaultNsForPrefix = {
 
 SignedXml.findAncestorNs = findAncestorNs;
 
-SignedXml.prototype.checkSignature = function(xml) {
+SignedXml.prototype.checkSignature = function(xml, callback) {
+  if (callback != null && typeof callback !== 'function') {
+    throw new Error("Last paramater must be a callback function")
+  }
+
   this.validationErrors = []
   this.signedXml = xml
 
   if (!this.keyInfoProvider) {
-    throw new Error("cannot validate signature since no key info resolver was provided")
+    var err = new Error("cannot validate signature since no key info resolver was provided")
+    if (!callback){
+      throw err
+    }else{
+      callback(err)
+      return
+    }
   }
 
   this.signingKey = this.keyInfoProvider.getKey(this.keyInfo)
-  if (!this.signingKey) throw new Error("key info provider could not resolve key info " + this.keyInfo)
+  if (!this.signingKey) {
+    var err = new Error("key info provider could not resolve key info " + this.keyInfo)
+    if (!callback){
+      throw err
+    }else{
+      callback(err)
+      return
+    }
+  }
 
   var doc = new Dom().parseFromString(xml)
 
   if (!this.validateReferences(doc)) {
-    return false;
-  }
-  
-  if (!this.validateSignatureValue(doc)) {
-    return false;
+    if (!callback){
+      return false;
+    }else{
+      callback(new Error('Could not validate references'))
+    }
   }
 
-  return true
+  var ret = this.validateSignatureValue(doc)
+  if (ret instanceof Promise){
+    ret.then((asyncValidateSig)=>{
+      callback(null, asyncValidateSig)
+    })
+  }else{
+    if (!ret) {
+      return false;
+    }
+    return true
+  }
 }
 
 SignedXml.prototype.getCanonSignedInfoXml = function(doc) {
@@ -411,7 +439,7 @@ SignedXml.prototype.validateSignatureValue = function(doc) {
 SignedXml.prototype.calculateSignatureValue = function(doc) {
   var signedInfoCanon = this.getCanonSignedInfoXml(doc)
   var signer = this.findSignatureAlgorithm(this.signatureAlgorithm)
-  this.signatureValue = signer.getSignature(signedInfoCanon, this.signingKey)
+  return this.signatureValue = signer.getSignature(signedInfoCanon, this.signingKey)
 }
 
 SignedXml.prototype.findSignatureAlgorithm = function(name) {
@@ -654,7 +682,15 @@ SignedXml.prototype.addReference = function(xpath, transforms, digestAlgorithm,
  *   `append`, `prepend`, `before`, `after`
  *
  */
-SignedXml.prototype.computeSignature = function(xml, opts) {
+SignedXml.prototype.computeSignature = function(xml, opts, callback) {
+  if (typeof opts === 'function' && callback == null){
+    callback = opts
+  }
+
+  if (callback != null && typeof callback !== 'function'){
+    throw new Error("Last paramater must be a callback function")
+  }
+
   var doc = new Dom().parseFromString(xml),
       xmlNsAttr = "xmlns",
       signatureAttrs = [],
@@ -676,8 +712,14 @@ SignedXml.prototype.computeSignature = function(xml, opts) {
   location.action = location.action || "append";
 
   if (validActions.indexOf(location.action) === -1) {
-    throw new Error("location.action option has an invalid action: " + location.action +
-                    ", must be any of the following values: " + validActions.join(", "));
+    var err = new Error("location.action option has an invalid action: " + location.action +
+      ", must be any of the following values: " + validActions.join(", "));
+    if (!callback){
+      throw err;
+    }else{
+      callback(err, null)
+      return
+    }
   }
 
   // automatic insertion of `:`
@@ -719,7 +761,13 @@ SignedXml.prototype.computeSignature = function(xml, opts) {
   var referenceNode = xpath.select(location.reference, doc);
 
   if (!referenceNode || referenceNode.length === 0) {
-    throw new Error("the following xpath cannot be used because it was not found: " + location.reference);
+    var err = new Error("the following xpath cannot be used because it was not found: " + location.reference);
+    if (!callback){
+      throw err
+    }else{
+      callback(err, null)
+      return
+    }
   }
 
   referenceNode = referenceNode[0];
@@ -735,16 +783,36 @@ SignedXml.prototype.computeSignature = function(xml, opts) {
   }
 
   this.signatureNode = signatureDoc
-  this.calculateSignatureValue(doc)
-
   var signedInfoNode = utils.findChilds(this.signatureNode, "SignedInfo")
-  if (signedInfoNode.length==0) throw new Error("could not find SignedInfo element in the message")
-
+  if (signedInfoNode.length == 0) {
+    var err = new Error("could not find SignedInfo element in the message")
+    if (!callback){
+      throw err
+    }else{
+      callback(err)
+      return
+    }
+  }
   signedInfoNode = signedInfoNode[0];
-  signatureDoc.insertBefore(this.createSignature(prefix), signedInfoNode.nextSibling)
 
-  this.signatureXml = signatureDoc.toString()
-  this.signedXml = doc.toString()
+  var ret = this.calculateSignatureValue(doc)
+  if (ret instanceof Promise){
+    ret.then((asyncSig)=>{
+      this.signatureValue = asyncSig
+
+      signatureDoc.insertBefore(this.createSignature(prefix), signedInfoNode.nextSibling)
+      this.signatureXml = signatureDoc.toString()
+      this.signedXml = doc.toString()
+
+      if (callback) callback()
+    }).catch(function(err){
+      if (callback) callback(err)
+    })
+  }else{
+    signatureDoc.insertBefore(this.createSignature(prefix), signedInfoNode.nextSibling)
+    this.signatureXml = signatureDoc.toString()
+    this.signedXml = doc.toString()
+  }
 }
 
 SignedXml.prototype.getKeyInfo = function(prefix) {
diff --git a/test/signature-unit-tests.js b/test/signature-unit-tests.js
@@ -3,6 +3,7 @@ var select = require('xpath').select
   , SignedXml = require('../lib/signed-xml.js').SignedXml
   , FileKeyInfo = require('../lib/signed-xml.js').FileKeyInfo
   , fs = require('fs')
+  , crypto = require('crypto')
 
 module.exports = {
 
@@ -473,6 +474,70 @@ module.exports = {
     test.done();
   },
 
+  "signer creates correct signature values using async callback": function (test) {
+
+    function DummySignatureAlgorithm() {
+      this.getSignature = function (signedInfo, signingKey) {
+        return new Promise((resolve, reject) => {
+          var signer = crypto.createSign("RSA-SHA1")
+          signer.update(signedInfo)
+          var res = signer.sign(signingKey, 'base64')
+          resolve(res)
+        })
+      }
+      this.getAlgorithmName = function () {
+        return "http://www.w3.org/2000/09/xmldsig#rsa-sha1"
+      }
+    }
+
+    var xml = "<root><x xmlns=\"ns\" Id=\"_0\"></x><y attr=\"value\" Id=\"_1\"></y><z><w Id=\"_2\"></w></z></root>"
+    SignedXml.SignatureAlgorithms["http://dummySignatureAlgorithmAsync"] = DummySignatureAlgorithm
+    var sig = new SignedXml()
+    sig.signatureAlgorithm = "http://dummySignatureAlgorithmAsync"
+    sig.signingKey = fs.readFileSync("./test/static/client.pem")
+    sig.keyInfoProvider = null
+
+    sig.addReference("//*[local-name(.)='x']")
+    sig.addReference("//*[local-name(.)='y']")
+    sig.addReference("//*[local-name(.)='w']")
+
+    sig.computeSignature(xml, function(err){
+      var signedXml = sig.getSignedXml()
+      var expected = "<root><x xmlns=\"ns\" Id=\"_0\"/><y attr=\"value\" Id=\"_1\"/><z><w Id=\"_2\"/></z>" +
+        "<Signature xmlns=\"http://www.w3.org/2000/09/xmldsig#\">" +
+        "<SignedInfo>" +
+        "<CanonicalizationMethod Algorithm=\"http://www.w3.org/2001/10/xml-exc-c14n#\"/>" +
+        "<SignatureMethod Algorithm=\"http://www.w3.org/2000/09/xmldsig#rsa-sha1\"/>" +
+        "<Reference URI=\"#_0\">" +
+        "<Transforms>" +
+        "<Transform Algorithm=\"http://www.w3.org/2001/10/xml-exc-c14n#\"/></Transforms>" +
+        "<DigestMethod Algorithm=\"http://www.w3.org/2000/09/xmldsig#sha1\"/>" +
+        "<DigestValue>b5GCZ2xpP5T7tbLWBTkOl4CYupQ=</DigestValue>" +
+        "</Reference>" +
+        "<Reference URI=\"#_1\">" +
+        "<Transforms>" +
+        "<Transform Algorithm=\"http://www.w3.org/2001/10/xml-exc-c14n#\"/>" +
+        "</Transforms>" +
+        "<DigestMethod Algorithm=\"http://www.w3.org/2000/09/xmldsig#sha1\"/>" +
+        "<DigestValue>4Pq/sBri+AyOtxtSFsPSOyylyzk=</DigestValue>" +
+        "</Reference>" +
+        "<Reference URI=\"#_2\">" +
+        "<Transforms>" +
+        "<Transform Algorithm=\"http://www.w3.org/2001/10/xml-exc-c14n#\"/>" +
+        "</Transforms>" +
+        "<DigestMethod Algorithm=\"http://www.w3.org/2000/09/xmldsig#sha1\"/>" +
+        "<DigestValue>6I7SDu1iV2YOajTlf+iMLIBfLnE=</DigestValue>" +
+        "</Reference>" +
+        "</SignedInfo>" +
+        "<SignatureValue>NejzGB9MDUddKCt3GL2vJhEd5q6NBuhLdQc3W4bJI5q34hk7Hk6zBRoW3OliX+/f7Hpi9y0INYoqMSUfrsAVm3IuPzUETKlI6xiNZo07ULRj1DwxRo6cU66ar1EKUQLRuCZas795FjB8jvUI2lyhcax/00uMJ+Cjf4bwAQ+9gOQ=</SignatureValue>" +
+        "</Signature>" +
+        "</root>"
+
+      test.equal(expected, signedXml, "wrong signature format")
+      test.done();
+    })
+  },
+
   "correctly loads signature": function(test) {
     passLoadSignature(test, "./test/static/valid_signature.xml")
     passLoadSignature(test, "./test/static/valid_signature.xml", true)
