-convert promises to callback for backwards compatibility

troyfactor4 · troyfactor4 · commit 3e1c2f949a68 · 2020-04-12T03:13:30.000-03:00
-fixed formatting
-added async to README
diff --git a/README.md b/README.md
@@ -365,6 +365,33 @@ Now do the signing. Note how we configure the signature to use the above algorit
 
 You can always look at the actual code as a sample (or drop me a [mail](mailto:yaronn01@gmail.com)).
 
+## Asynchronous signing and verification
+
+If the private key is not stored locally and you wish to use a signing server or Hardware Security Module (HSM) to sign documents you can create a custom signing algorithm that uses an asynchronous callback.
+
+`````javascript
+  function AsyncSignatureAlgorithm() {
+    this.getSignature = function (signedInfo, signingKey, callback) {
+      var signer = crypto.createSign("RSA-SHA1")
+      signer.update(signedInfo)
+      var res = signer.sign(signingKey, 'base64')
+      //Do some asynchronous things here
+      callback(null, res)
+    }
+    this.getAlgorithmName = function () {
+      return "http://www.w3.org/2000/09/xmldsig#rsa-sha1"
+    }
+  }
+
+  SignedXml.SignatureAlgorithms["http://asyncSignatureAlgorithm"] = AsyncSignatureAlgorithm
+  var sig = new SignedXml()
+  sig.signatureAlgorithm = "http://asyncSignatureAlgorithm"
+  sig.computeSignature(xml, opts, function(err){
+    var signedResponse = sig.getSignedXml()
+  })
+`````
+
+The function `sig.checkSignature` may also use a callback if asynchronous verification is needed.
 
 ## X.509 / Key formats
 Xml-Crypto internally relies on node's crypto module. This means pem encoded certificates are supported. So to sign an xml use key.pem that looks like this (only the begining of the key content is shown):
diff --git a/lib/signed-xml.js b/lib/signed-xml.js
@@ -345,7 +345,7 @@ SignedXml.prototype.checkSignature = function(xml, callback) {
     var err = new Error("cannot validate signature since no key info resolver was provided")
     if (!callback){
       throw err
-    }else{
+    } else {
       callback(err)
       return
     }
@@ -356,7 +356,7 @@ SignedXml.prototype.checkSignature = function(xml, callback) {
     var err = new Error("key info provider could not resolve key info " + this.keyInfo)
     if (!callback){
       throw err
-    }else{
+    } else {
       callback(err)
       return
     }
@@ -367,21 +367,28 @@ SignedXml.prototype.checkSignature = function(xml, callback) {
   if (!this.validateReferences(doc)) {
     if (!callback){
       return false;
-    }else{
+    } else {
       callback(new Error('Could not validate references'))
     }
   }
 
-  var ret = this.validateSignatureValue(doc)
-  if (ret instanceof Promise){
-    ret.then((asyncValidateSig)=>{
-      callback(null, asyncValidateSig)
-    })
-  }else{
-    if (!ret) {
-      return false;
+  if (!callback){
+    //Syncronous flow
+    if (!this.validateSignatureValue(doc)) {
+      return false
     }
     return true
+  } else {
+    //Asyncronous flow
+    this.validateSignatureValue(doc, function (err, isValidSignature) {
+      if (err) {
+        this.validationErrors.push("invalid signature: the signature value " +
+                                        this.signatureValue + " is incorrect")
+        callback(err)
+      } else {
+        callback(null, isValidSignature)
+      }
+    })
   }
 }
 
@@ -427,19 +434,19 @@ SignedXml.prototype.getCanonReferenceXml = function(doc, ref, node) {
   return this.getCanonXml(ref.transforms, node, c14nOptions)
 }
 
-SignedXml.prototype.validateSignatureValue = function(doc) {
+SignedXml.prototype.validateSignatureValue = function(doc, callback) {
   var signedInfoCanon = this.getCanonSignedInfoXml(doc)
   var signer = this.findSignatureAlgorithm(this.signatureAlgorithm)
-  var res = signer.verifySignature(signedInfoCanon, this.signingKey, this.signatureValue)
-  if (!res) this.validationErrors.push("invalid signature: the signature value " +
+  var res = signer.verifySignature(signedInfoCanon, this.signingKey, this.signatureValue, callback)
+  if (!res && !callback) this.validationErrors.push("invalid signature: the signature value " +
                                         this.signatureValue + " is incorrect")
   return res
 }
 
-SignedXml.prototype.calculateSignatureValue = function(doc) {
+SignedXml.prototype.calculateSignatureValue = function(doc, callback) {
   var signedInfoCanon = this.getCanonSignedInfoXml(doc)
   var signer = this.findSignatureAlgorithm(this.signatureAlgorithm)
-  return this.signatureValue = signer.getSignature(signedInfoCanon, this.signingKey)
+  this.signatureValue = signer.getSignature(signedInfoCanon, this.signingKey, callback)
 }
 
 SignedXml.prototype.findSignatureAlgorithm = function(name) {
@@ -716,7 +723,7 @@ SignedXml.prototype.computeSignature = function(xml, opts, callback) {
       ", must be any of the following values: " + validActions.join(", "));
     if (!callback){
       throw err;
-    }else{
+    } else {
       callback(err, null)
       return
     }
@@ -764,7 +771,7 @@ SignedXml.prototype.computeSignature = function(xml, opts, callback) {
     var err = new Error("the following xpath cannot be used because it was not found: " + location.reference);
     if (!callback){
       throw err
-    }else{
+    } else {
       callback(err, null)
       return
     }
@@ -788,30 +795,32 @@ SignedXml.prototype.computeSignature = function(xml, opts, callback) {
     var err = new Error("could not find SignedInfo element in the message")
     if (!callback){
       throw err
-    }else{
+    } else {
       callback(err)
       return
     }
   }
   signedInfoNode = signedInfoNode[0];
 
-  var ret = this.calculateSignatureValue(doc)
-  if (ret instanceof Promise){
-    ret.then((asyncSig)=>{
-      this.signatureValue = asyncSig
-
-      signatureDoc.insertBefore(this.createSignature(prefix), signedInfoNode.nextSibling)
-      this.signatureXml = signatureDoc.toString()
-      this.signedXml = doc.toString()
-
-      if (callback) callback()
-    }).catch(function(err){
-      if (callback) callback(err)
-    })
-  }else{
+  if (!callback){
+    //Synchronous flow
+    this.calculateSignatureValue(doc)
     signatureDoc.insertBefore(this.createSignature(prefix), signedInfoNode.nextSibling)
     this.signatureXml = signatureDoc.toString()
     this.signedXml = doc.toString()
+  } else {
+    //Asynchronous flow
+    this.calculateSignatureValue(doc, (err, signature) => {
+      if (err) {
+        callback(err)
+      } else {
+        this.signatureValue = signature
+        signatureDoc.insertBefore(this.createSignature(prefix), signedInfoNode.nextSibling)
+        this.signatureXml = signatureDoc.toString()
+        this.signedXml = doc.toString()
+        callback()
+      }
+    })
   }
 }
 
diff --git a/test/signature-unit-tests.js b/test/signature-unit-tests.js
@@ -477,13 +477,12 @@ module.exports = {
   "signer creates correct signature values using async callback": function (test) {
 
     function DummySignatureAlgorithm() {
-      this.getSignature = function (signedInfo, signingKey) {
-        return new Promise((resolve, reject) => {
-          var signer = crypto.createSign("RSA-SHA1")
-          signer.update(signedInfo)
-          var res = signer.sign(signingKey, 'base64')
-          resolve(res)
-        })
+      this.getSignature = function (signedInfo, signingKey, callback) {
+        var signer = crypto.createSign("RSA-SHA1")
+        signer.update(signedInfo)
+        var res = signer.sign(signingKey, 'base64')
+        //Do some asynchronous things here
+        callback(null, res)
       }
       this.getAlgorithmName = function () {
         return "http://www.w3.org/2000/09/xmldsig#rsa-sha1"
