File tree Expand file tree Collapse file tree 1 file changed +24
-0
lines changed Expand file tree Collapse file tree 1 file changed +24
-0
lines changed Original file line number Diff line number Diff line change @@ -478,6 +478,30 @@ SignedXml.prototype.validateReferences = function(doc) {
478478
479479 var hash = this . findHashAlgorithm ( ref . digestAlgorithm )
480480 var digest = hash . getHash ( canonXml )
481+
482+ if ( ! validateDigestValue ( digest , ref . digestValue ) ) {
483+ if ( ref . inclusiveNamespacesPrefixList ) {
484+ // fallback: apply InclusiveNamespaces workaround (https://github.com/yaronn/xml-crypto/issues/72)
485+ var prefixList = ref . inclusiveNamespacesPrefixList instanceof Array ? ref . inclusiveNamespacesPrefixList : ref . inclusiveNamespacesPrefixList . split ( ' ' ) ;
486+ var supported_definitions = {
487+ 'xs' : 'http://www.w3.org/2001/XMLSchema' ,
488+ 'xsi' : 'http://www.w3.org/2001/XMLSchema-instance' ,
489+ 'saml' : 'urn:oasis:names:tc:SAML:2.0:assertion'
490+ }
491+
492+ prefixList . forEach ( function ( prefix ) {
493+ if ( supported_definitions [ prefix ] ) {
494+ elem [ 0 ] . setAttributeNS ( 'http://www.w3.org/2000/xmlns/' , 'xmlns:' + prefix , supported_definitions [ prefix ] ) ;
495+ }
496+ } ) ;
497+
498+ canonXml = this . getCanonXml ( ref . transforms , elem [ 0 ] , { inclusiveNamespacesPrefixList : ref . inclusiveNamespacesPrefixList } ) ;
499+ digest = hash . getHash ( canonXml ) ;
500+ if ( digest === ref . digestValue ) {
501+ return true ;
502+ }
503+ }
504+ }
481505
482506 if ( ! validateDigestValue ( digest , ref . digestValue ) ) {
483507 this . validationErrors . push ( "invalid signature: for uri " + ref . uri +
You can’t perform that action at this time.
0 commit comments