Fix default canonicalization to be non-exclusive and apply whenever the output of transforms returns a node-set rather than an octet stream, which is whenever there are no transforms or the last transform is enveloped signature. Add back test for when canonicalization method is not specified in transforms

meganmd · meganmd · commit 33f6a5944829 · 2018-08-07T22:29:19.000-07:00
diff --git a/lib/signed-xml.js b/lib/signed-xml.js
@@ -570,6 +570,19 @@ SignedXml.prototype.loadReference = function(ref) {
     });
   }
   
+/**
+ * DigestMethods take an octet stream rather than a node set. If the output of the last transform is a node set, we
+ * need to canonicalize the node set to an octet stream using non-exclusive canonicalization. If there are no
+ * transforms, we need to canonicalize because URI dereferencing for a same-document reference will return a node-set.
+ * See:
+ * https://www.w3.org/TR/xmldsig-core1/#sec-DigestMethod
+ * https://www.w3.org/TR/xmldsig-core1/#sec-ReferenceProcessingModel
+ * https://www.w3.org/TR/xmldsig-core1/#sec-Same-Document
+ */
+  if (transforms.length === 0 || transforms[transforms.length - 1] === "http://www.w3.org/2000/09/xmldsig#enveloped-signature") {
+      transforms.push("http://www.w3.org/TR/2001/REC-xml-c14n-20010315")
+  }
+
   this.addReference(null, transforms, digestAlgo, utils.findAttr(ref, "URI").value, digestValue, inclusiveNamespacesPrefixList, false)
 }
 
diff --git a/test/signature-integration-tests.js b/test/signature-integration-tests.js
@@ -58,7 +58,28 @@ module.exports = {
     var sig = new crypto.SignedXml()
     sig.keyInfoProvider = new crypto.FileKeyInfo("./test/static/client_public.pem")
     sig.loadSignature(signature);
-    
+    var result = sig.checkSignature(xml);
+    test.equal(result, true);
+    test.done();
+  },
+
+  "add canonicalization if output of transforms will be a node-set rather than an octet stream": function(test) {
+
+    var xml = fs.readFileSync('./test/static/windows_store_signature.xml', 'utf-8');
+
+    // Make sure that whitespace in the source document is removed -- see xml-crypto issue #23 and post at
+    //   http://webservices20.blogspot.co.il/2013/06/validating-windows-mobile-app-store.html
+    // This regex is naive but works for this test case; for a more general solution consider
+    //   the xmldom-fork-fixed library which can pass {ignoreWhiteSpace: true} into the Dom constructor.
+    xml = xml.replace(/>\s*</g, '><');
+
+    var doc = new Dom().parseFromString(xml);
+    xml = doc.firstChild.toString();
+
+    var signature = crypto.xpath(doc, "//*//*[local-name(.)='Signature' and namespace-uri(.)='http://www.w3.org/2000/09/xmldsig#']")[0];
+    var sig = new crypto.SignedXml();
+    sig.keyInfoProvider = new crypto.FileKeyInfo("./test/static/windows_store_certificate.pem");
+    sig.loadSignature(signature);
     var result = sig.checkSignature(xml);
     test.equal(result, true);
     test.done();
