diff --git a/package-lock.json b/package-lock.json
index dc9511ea..81b92e7f 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -10,7 +10,7 @@
"license": "MIT",
"dependencies": {
"@xmldom/is-dom-node": "^1.0.1",
- "@xmldom/xmldom": "^0.8.10",
+ "@xmldom/xmldom": "^0.9.8",
"xpath": "^0.0.33"
},
"devDependencies": {
@@ -1613,11 +1613,12 @@
}
},
"node_modules/@xmldom/xmldom": {
- "version": "0.8.10",
- "resolved": "https://registry.npmjs.org/@xmldom/xmldom/-/xmldom-0.8.10.tgz",
- "integrity": "sha512-2WALfTl4xo2SkGCYRt6rDTFfk9R1czmBvUQy12gK2KuRKIpWEhcbbzy8EZXtz/jkRqHX8bFEc6FC1HjX4TUWYw==",
+ "version": "0.9.8",
+ "resolved": "https://a0us.jfrog.io/artifactory/api/npm/npm/@xmldom/xmldom/-/xmldom-0.9.8.tgz",
+ "integrity": "sha512-p96FSY54r+WJ50FIOsCOjyj/wavs8921hG5+kVMmZgKcvIKxMXHTrjNJvRgWa/zuX3B6t2lijLNFaOyuxUH+2A==",
+ "license": "MIT",
"engines": {
- "node": ">=10.0.0"
+ "node": ">=14.6"
}
},
"node_modules/abbrev": {
@@ -13177,9 +13178,9 @@
"integrity": "sha512-CJDxIgE5I0FH+ttq/Fxy6nRpxP70+e2O048EPe85J2use3XKdatVM7dDVvFNjQudd9B49NPoZ+8PG49zj4Er8Q=="
},
"@xmldom/xmldom": {
- "version": "0.8.10",
- "resolved": "https://registry.npmjs.org/@xmldom/xmldom/-/xmldom-0.8.10.tgz",
- "integrity": "sha512-2WALfTl4xo2SkGCYRt6rDTFfk9R1czmBvUQy12gK2KuRKIpWEhcbbzy8EZXtz/jkRqHX8bFEc6FC1HjX4TUWYw=="
+ "version": "0.9.8",
+ "resolved": "https://a0us.jfrog.io/artifactory/api/npm/npm/@xmldom/xmldom/-/xmldom-0.9.8.tgz",
+ "integrity": "sha512-p96FSY54r+WJ50FIOsCOjyj/wavs8921hG5+kVMmZgKcvIKxMXHTrjNJvRgWa/zuX3B6t2lijLNFaOyuxUH+2A=="
},
"abbrev": {
"version": "2.0.0",
diff --git a/package.json b/package.json
index 8bd4caa0..2e933d53 100644
--- a/package.json
+++ b/package.json
@@ -39,7 +39,7 @@
},
"dependencies": {
"@xmldom/is-dom-node": "^1.0.1",
- "@xmldom/xmldom": "^0.8.10",
+ "@xmldom/xmldom": "^0.9.8",
"xpath": "^0.0.33"
},
"devDependencies": {
diff --git a/src/signed-xml.ts b/src/signed-xml.ts
index bc31cda7..978d3a76 100644
--- a/src/signed-xml.ts
+++ b/src/signed-xml.ts
@@ -264,12 +264,12 @@ export class SignedXml {
this.signedXml = xml;
- const doc = new xmldom.DOMParser().parseFromString(xml);
+ const doc = new xmldom.DOMParser().parseFromString(xml, "text/xml");
// Reset the references as only references from our re-parsed signedInfo node can be trusted
this.references = [];
- const unverifiedSignedInfoCanon = this.getCanonSignedInfoXml(doc);
+ const unverifiedSignedInfoCanon = this.getCanonSignedInfoXml(doc as unknown as Document);
if (!unverifiedSignedInfoCanon) {
if (callback) {
callback(new Error("Canonical signed info cannot be empty"), false);
@@ -295,7 +295,7 @@ export class SignedXml {
throw new Error("Could not parse unverifiedSignedInfoCanon into a document");
}
- const references = utils.findChildren(unverifiedSignedInfoDoc, "Reference");
+ const references = utils.findChildren(unverifiedSignedInfoDoc as unknown as Node, "Reference");
if (!utils.isArrayHasLength(references)) {
if (callback) {
callback(new Error("could not find any Reference elements"), false);
@@ -313,7 +313,9 @@ export class SignedXml {
}
/* eslint-disable-next-line deprecation/deprecation */
- if (!this.getReferences().every((ref) => this.validateReference(ref, doc))) {
+ if (
+ !this.getReferences().every((ref) => this.validateReference(ref, doc as unknown as Document))
+ ) {
/* Trustworthiness can only be determined if SignedInfo's (which holds References' DigestValue(s)
which were validated at this stage) signature is valid. Execution does not proceed to validate
signature phase thus each References' DigestValue must be considered to be untrusted (attacker
@@ -406,7 +408,10 @@ export class SignedXml {
/**
* Search for ancestor namespaces before canonicalization.
*/
- const ancestorNamespaces = utils.findAncestorNs(doc, "//*[local-name()='SignedInfo']");
+ const ancestorNamespaces = utils.findAncestorNs(
+ doc as unknown as Document,
+ "//*[local-name()='SignedInfo']",
+ );
const c14nOptions = {
ancestorNamespaces: ancestorNamespaces,
@@ -596,7 +601,10 @@ export class SignedXml {
*/
loadSignature(signatureNode: Node | string): void {
if (typeof signatureNode === "string") {
- this.signatureNode = signatureNode = new xmldom.DOMParser().parseFromString(signatureNode);
+ this.signatureNode = signatureNode = new xmldom.DOMParser().parseFromString(
+ signatureNode,
+ "text/xml",
+ ) as unknown as Node;
} else {
this.signatureNode = signatureNode;
}
@@ -605,7 +613,7 @@ export class SignedXml {
const node = xpath.select1(
".//*[local-name(.)='CanonicalizationMethod']/@Algorithm",
- signatureNode,
+ signatureNode as unknown as Node,
);
if (!isDomNode.isNodeLike(node)) {
throw new Error("could not find CanonicalizationMethod/@Algorithm element");
@@ -617,14 +625,14 @@ export class SignedXml {
const signatureAlgorithm = xpath.select1(
".//*[local-name(.)='SignatureMethod']/@Algorithm",
- signatureNode,
+ signatureNode as unknown as Node,
);
if (isDomNode.isAttributeNode(signatureAlgorithm)) {
this.signatureAlgorithm = signatureAlgorithm.value as SignatureAlgorithmType;
}
- const signedInfoNodes = utils.findChildren(this.signatureNode, "SignedInfo");
+ const signedInfoNodes = utils.findChildren(this.signatureNode as unknown as Node, "SignedInfo");
if (!utils.isArrayHasLength(signedInfoNodes)) {
throw new Error("no signed info node found");
}
@@ -659,7 +667,7 @@ export class SignedXml {
const signedInfoDoc = temporaryCanonSignedInfoXml.documentElement;
this.references = [];
- const references = utils.findChildren(signedInfoDoc, "Reference");
+ const references = utils.findChildren(signedInfoDoc as unknown as Node, "Reference");
if (!utils.isArrayHasLength(references)) {
throw new Error("could not find any Reference elements");
@@ -671,14 +679,17 @@ export class SignedXml {
const signatureValue = xpath.select1(
".//*[local-name(.)='SignatureValue']/text()",
- signatureNode,
+ signatureNode as unknown as Node,
);
if (isDomNode.isTextNode(signatureValue)) {
this.signatureValue = signatureValue.data.replace(/\r?\n/g, "");
}
- const keyInfo = xpath.select1(".//*[local-name(.)='KeyInfo']", signatureNode);
+ const keyInfo = xpath.select1(
+ ".//*[local-name(.)='KeyInfo']",
+ signatureNode as unknown as Node,
+ );
if (isDomNode.isNodeLike(keyInfo)) {
this.keyInfo = keyInfo;
@@ -900,7 +911,7 @@ export class SignedXml {
options = (options ?? {}) as ComputeSignatureOptions;
}
- const doc = new xmldom.DOMParser().parseFromString(xml);
+ const doc = new xmldom.DOMParser().parseFromString(xml, "text/xml");
let xmlNsAttr = "xmlns";
const signatureAttrs: string[] = [];
let currentPrefix: string;
@@ -970,13 +981,15 @@ export class SignedXml {
// A trick to remove the namespaces that already exist in the xml
// This only works if the prefix and namespace match with those in the xml
const dummySignatureWrapper = `${signatureXml}`;
- const nodeXml = new xmldom.DOMParser().parseFromString(dummySignatureWrapper);
+ const nodeXml = new xmldom.DOMParser().parseFromString(dummySignatureWrapper, "text/xml");
// Because we are using a dummy wrapper hack described above, we know there will be a `firstChild`
+ // eslint-disable-next-line @typescript-eslint/ban-ts-comment
+ // @ts-ignore
// eslint-disable-next-line @typescript-eslint/no-non-null-assertion
const signatureDoc = nodeXml.documentElement.firstChild!;
- const referenceNode = xpath.select1(location.reference, doc);
+ const referenceNode = xpath.select1(location.reference, doc as unknown as Document);
if (!isDomNode.isNodeLike(referenceNode)) {
const err2 = new Error(
@@ -991,26 +1004,29 @@ export class SignedXml {
}
if (location.action === "append") {
- referenceNode.appendChild(signatureDoc);
+ referenceNode.appendChild(signatureDoc as unknown as Node);
} else if (location.action === "prepend") {
- referenceNode.insertBefore(signatureDoc, referenceNode.firstChild);
+ referenceNode.insertBefore(signatureDoc as unknown as Node, referenceNode.firstChild);
} else if (location.action === "before") {
if (referenceNode.parentNode == null) {
throw new Error(
"`location.reference` refers to the root node (by default), so we can't insert `before`",
);
}
- referenceNode.parentNode.insertBefore(signatureDoc, referenceNode);
+ referenceNode.parentNode.insertBefore(signatureDoc as unknown as Node, referenceNode);
} else if (location.action === "after") {
if (referenceNode.parentNode == null) {
throw new Error(
"`location.reference` refers to the root node (by default), so we can't insert `after`",
);
}
- referenceNode.parentNode.insertBefore(signatureDoc, referenceNode.nextSibling);
+ referenceNode.parentNode.insertBefore(
+ signatureDoc as unknown as Node,
+ referenceNode.nextSibling,
+ );
}
- this.signatureNode = signatureDoc;
+ this.signatureNode = signatureDoc as unknown as Node;
const signedInfoNodes = utils.findChildren(this.signatureNode, "SignedInfo");
if (signedInfoNodes.length === 0) {
const err3 = new Error("could not find SignedInfo element in the message");
@@ -1025,12 +1041,15 @@ export class SignedXml {
if (typeof callback === "function") {
// Asynchronous flow
- this.calculateSignatureValue(doc, (err, signature) => {
+ this.calculateSignatureValue(doc as unknown as Document, (err, signature) => {
if (err) {
callback(err);
} else {
this.signatureValue = signature || "";
- signatureDoc.insertBefore(this.createSignature(prefix), signedInfoNode.nextSibling);
+ signatureDoc.insertBefore(
+ this.createSignature(prefix),
+ signedInfoNode.nextSibling as unknown as xmldom.Node,
+ );
this.signatureXml = signatureDoc.toString();
this.signedXml = doc.toString();
callback(null, this);
@@ -1038,8 +1057,11 @@ export class SignedXml {
});
} else {
// Synchronous flow
- this.calculateSignatureValue(doc);
- signatureDoc.insertBefore(this.createSignature(prefix), signedInfoNode.nextSibling);
+ this.calculateSignatureValue(doc as unknown as Document);
+ signatureDoc.insertBefore(
+ this.createSignature(prefix),
+ signedInfoNode.nextSibling as unknown as xmldom.Node,
+ );
this.signatureXml = signatureDoc.toString();
this.signedXml = doc.toString();
}
@@ -1248,9 +1270,11 @@ export class SignedXml {
//we need to wrap the info in a dummy signature since it contains the default namespace.
const dummySignatureWrapper = `<${prefix}Signature ${xmlNsAttr}="http://www.w3.org/2000/09/xmldsig#">${signatureValueXml}`;
- const doc = new xmldom.DOMParser().parseFromString(dummySignatureWrapper);
+ const doc = new xmldom.DOMParser().parseFromString(dummySignatureWrapper, "text/xml");
// Because we are using a dummy wrapper hack described above, we know there will be a `firstChild`
+ // eslint-disable-next-line @typescript-eslint/ban-ts-comment
+ // @ts-ignore
// eslint-disable-next-line @typescript-eslint/no-non-null-assertion
return doc.documentElement.firstChild!;
}
diff --git a/test/c14n-non-exclusive-unit-tests.spec.ts b/test/c14n-non-exclusive-unit-tests.spec.ts
index ee7f2ba4..3e0f1e76 100644
--- a/test/c14n-non-exclusive-unit-tests.spec.ts
+++ b/test/c14n-non-exclusive-unit-tests.spec.ts
@@ -7,14 +7,14 @@ import * as utils from "../src/utils";
import * as isDomNode from "@xmldom/is-dom-node";
const test_C14nCanonicalization = function (xml, xpathArg, expected) {
- const doc = new xmldom.DOMParser().parseFromString(xml);
- const node = xpath.select1(xpathArg, doc);
+ const doc = new xmldom.DOMParser().parseFromString(xml, "text/xml");
+ const node = xpath.select1(xpathArg, doc as unknown as Node);
const can = new C14nCanonicalization();
isDomNode.assertIsNodeLike(node);
const result = can
.process(node, {
- ancestorNamespaces: utils.findAncestorNs(doc, xpathArg),
+ ancestorNamespaces: utils.findAncestorNs(doc as unknown as Document, xpathArg),
})
.toString();
@@ -22,8 +22,8 @@ const test_C14nCanonicalization = function (xml, xpathArg, expected) {
};
const test_findAncestorNs = function (xml, xpath, expected) {
- const doc = new xmldom.DOMParser().parseFromString(xml);
- const result = utils.findAncestorNs(doc, xpath);
+ const doc = new xmldom.DOMParser().parseFromString(xml, "text/xml");
+ const result = utils.findAncestorNs(doc as unknown as Document, xpath);
expect(result).to.deep.equal(expected);
};
diff --git a/test/c14nWithComments-unit-tests.spec.ts b/test/c14nWithComments-unit-tests.spec.ts
index fbf36895..12c3f1c6 100644
--- a/test/c14nWithComments-unit-tests.spec.ts
+++ b/test/c14nWithComments-unit-tests.spec.ts
@@ -7,8 +7,8 @@ import { SignedXml } from "../src/index";
import * as isDomNode from "@xmldom/is-dom-node";
const compare = function (xml, xpathArg, expected, inclusiveNamespacesPrefixList?: string[]) {
- const doc = new xmldom.DOMParser().parseFromString(xml);
- const elem = xpath.select1(xpathArg, doc);
+ const doc = new xmldom.DOMParser().parseFromString(xml, "text/xml");
+ const elem = xpath.select1(xpathArg, doc as unknown as Node);
const can = new c14nWithComments();
isDomNode.assertIsElementNode(elem);
const result = can.process(elem, { inclusiveNamespacesPrefixList }).toString();
@@ -350,8 +350,9 @@ describe("Exclusive canonicalization with comments", function () {
it("Multiple Canonicalization with namespace definition outside of signed element", function () {
const doc = new xmldom.DOMParser().parseFromString(
'',
+ "text/xml",
);
- const node = xpath.select1("//*[local-name(.)='y']", doc);
+ const node = xpath.select1("//*[local-name(.)='y']", doc as unknown as Node);
isDomNode.assertIsNodeLike(node);
const sig = new SignedXml();
const res = sig.getCanonXml(
@@ -370,8 +371,8 @@ describe("Exclusive canonicalization with comments", function () {
// in a document.
const xml =
'';
- const doc = new xmldom.DOMParser().parseFromString(xml);
- const node = xpath.select1("//*[local-name(.)='y']", doc);
+ const doc = new xmldom.DOMParser().parseFromString(xml, "text/xml");
+ const node = xpath.select1("//*[local-name(.)='y']", doc as unknown as Node);
const sig = new SignedXml();
const transforms = ["http://www.w3.org/2000/09/xmldsig#enveloped-signature"];
isDomNode.assertIsNodeLike(node);
diff --git a/test/canonicalization-unit-tests.spec.ts b/test/canonicalization-unit-tests.spec.ts
index 7a39f168..43e7881d 100644
--- a/test/canonicalization-unit-tests.spec.ts
+++ b/test/canonicalization-unit-tests.spec.ts
@@ -13,8 +13,8 @@ const compare = function (
inclusiveNamespacesPrefixList?: string[],
defaultNsForPrefix?: Record,
) {
- const doc = new xmldom.DOMParser().parseFromString(xml);
- const elem = xpath.select1(xpathArg, doc);
+ const doc = new xmldom.DOMParser().parseFromString(xml, "text/xml");
+ const elem = xpath.select1(xpathArg, doc as unknown as Node);
const can = new ExclusiveCanonicalization();
isDomNode.assertIsElementNode(elem);
const result = can
@@ -54,7 +54,7 @@ describe("Canonicalization unit tests", function () {
it("Exclusive canonicalization works with default namespace for prefix", function () {
compare(
- '',
+ '',
"//*[local-name(.)='SignedInfo']",
'',
undefined,
@@ -400,8 +400,9 @@ describe("Canonicalization unit tests", function () {
it("Multiple Canonicalization with namespace definition outside of signed element", function () {
const doc = new xmldom.DOMParser().parseFromString(
'',
+ "text/xml",
);
- const node = xpath.select1("//*[local-name(.)='y']", doc);
+ const node = xpath.select1("//*[local-name(.)='y']", doc as unknown as Node);
isDomNode.assertIsNodeLike(node);
const sig = new SignedXml();
@@ -418,9 +419,10 @@ describe("Canonicalization unit tests", function () {
it("Shouldn't continue processing transforms if we end up with a string as a result of a transform", function () {
const doc = new xmldom.DOMParser().parseFromString(
'',
+ "text/xml",
);
- const node1 = xpath.select1("//*[local-name(.)='y']", doc);
- const node2 = xpath.select1("//*[local-name(.)='y']", doc);
+ const node1 = xpath.select1("//*[local-name(.)='y']", doc as unknown as Node);
+ const node2 = xpath.select1("//*[local-name(.)='y']", doc as unknown as Node);
isDomNode.assertIsNodeLike(node1);
isDomNode.assertIsNodeLike(node2);
const sig = new SignedXml();
@@ -445,8 +447,8 @@ describe("Canonicalization unit tests", function () {
// in a document.
const xml =
'';
- const doc = new xmldom.DOMParser().parseFromString(xml);
- const node = xpath.select1("//*[local-name(.)='y']", doc);
+ const doc = new xmldom.DOMParser().parseFromString(xml, "text/xml");
+ const node = xpath.select1("//*[local-name(.)='y']", doc as unknown as Node);
isDomNode.assertIsNodeLike(node);
const sig = new SignedXml();
diff --git a/test/document-tests.spec.ts b/test/document-tests.spec.ts
index b8311994..2f11ad7f 100644
--- a/test/document-tests.spec.ts
+++ b/test/document-tests.spec.ts
@@ -8,10 +8,10 @@ import * as isDomNode from "@xmldom/is-dom-node";
describe("Document tests", function () {
it("test with a document (using FileKeyInfo)", function () {
const xml = fs.readFileSync("./test/static/valid_saml.xml", "utf-8");
- const doc = new xmldom.DOMParser().parseFromString(xml);
+ const doc = new xmldom.DOMParser().parseFromString(xml, "text/xml");
const node = xpath.select1(
"/*/*[local-name(.)='Signature' and namespace-uri(.)='http://www.w3.org/2000/09/xmldsig#']",
- doc,
+ doc as unknown as Node,
);
isDomNode.assertIsNodeLike(node);
@@ -26,10 +26,10 @@ describe("Document tests", function () {
it("test with a document (using StringKeyInfo)", function () {
const xml = fs.readFileSync("./test/static/valid_saml.xml", "utf-8");
- const doc = new xmldom.DOMParser().parseFromString(xml);
+ const doc = new xmldom.DOMParser().parseFromString(xml, "text/xml");
const node = xpath.select1(
"/*/*[local-name(.)='Signature' and namespace-uri(.)='http://www.w3.org/2000/09/xmldsig#']",
- doc,
+ doc as unknown as Node,
);
isDomNode.assertIsNodeLike(node);
@@ -47,10 +47,10 @@ describe("Document tests", function () {
describe("Validated node references tests", function () {
it("should return references if the document is validly signed", function () {
const xml = fs.readFileSync("./test/static/valid_saml.xml", "utf-8");
- const doc = new xmldom.DOMParser().parseFromString(xml);
+ const doc = new xmldom.DOMParser().parseFromString(xml, "text/xml");
const sig = new SignedXml();
sig.getCertFromKeyInfo = SignedXml.getCertFromKeyInfo;
- sig.loadSignature(sig.findSignatures(doc)[0]);
+ sig.loadSignature(sig.findSignatures(doc as unknown as Node)[0]);
const validSignature = sig.checkSignature(xml);
expect(validSignature).to.be.true;
expect(sig.getSignedReferences().length).to.equal(1);
@@ -64,9 +64,9 @@ describe("Validated node references tests", function () {
it("should not return references if the document is not validly signed", function () {
const xml = fs.readFileSync("./test/static/invalid_signature - changed content.xml", "utf-8");
- const doc = new xmldom.DOMParser().parseFromString(xml);
+ const doc = new xmldom.DOMParser().parseFromString(xml, "text/xml");
const sig = new SignedXml();
- sig.loadSignature(sig.findSignatures(doc)[0]);
+ sig.loadSignature(sig.findSignatures(doc as unknown as Node)[0]);
const validSignature = sig.checkSignature(xml);
expect(validSignature).to.be.false;
expect(sig.getSignedReferences().length).to.equal(0);
@@ -80,10 +80,10 @@ describe("Validated node references tests", function () {
it("should return `null` if the selected node isn't found", function () {
const xml = fs.readFileSync("./test/static/valid_saml.xml", "utf-8");
- const doc = new xmldom.DOMParser().parseFromString(xml);
+ const doc = new xmldom.DOMParser().parseFromString(xml, "text/xml");
const sig = new SignedXml();
sig.getCertFromKeyInfo = SignedXml.getCertFromKeyInfo;
- sig.loadSignature(sig.findSignatures(doc)[0]);
+ sig.loadSignature(sig.findSignatures(doc as unknown as Node)[0]);
const validSignature = sig.checkSignature(xml);
expect(validSignature).to.be.true;
expect(sig.getSignedReferences().length).to.equal(1);
@@ -96,10 +96,10 @@ describe("Validated node references tests", function () {
it("should return the selected node if it is validly signed", function () {
const xml = fs.readFileSync("./test/static/valid_saml.xml", "utf-8");
- const doc = new xmldom.DOMParser().parseFromString(xml);
+ const doc = new xmldom.DOMParser().parseFromString(xml, "text/xml");
const sig = new SignedXml();
sig.getCertFromKeyInfo = SignedXml.getCertFromKeyInfo;
- sig.loadSignature(sig.findSignatures(doc)[0]);
+ sig.loadSignature(sig.findSignatures(doc as unknown as Node)[0]);
const validSignature = sig.checkSignature(xml);
expect(validSignature).to.be.true;
expect(sig.getSignedReferences().length).to.equal(1);
@@ -115,9 +115,9 @@ describe("Validated node references tests", function () {
it("should return `null` if the selected node isn't validly signed", function () {
const xml = fs.readFileSync("./test/static/invalid_signature - changed content.xml", "utf-8");
- const doc = new xmldom.DOMParser().parseFromString(xml);
+ const doc = new xmldom.DOMParser().parseFromString(xml, "text/xml");
const sig = new SignedXml();
- sig.loadSignature(sig.findSignatures(doc)[0]);
+ sig.loadSignature(sig.findSignatures(doc as unknown as Node)[0]);
const validSignature = sig.checkSignature(xml);
expect(validSignature).to.be.false;
expect(sig.getSignedReferences().length).to.equal(0);
diff --git a/test/hmac-tests.spec.ts b/test/hmac-tests.spec.ts
index 6573ca6b..07a43361 100644
--- a/test/hmac-tests.spec.ts
+++ b/test/hmac-tests.spec.ts
@@ -8,10 +8,10 @@ import * as isDomNode from "@xmldom/is-dom-node";
describe("HMAC tests", function () {
it("test validating HMAC signature", function () {
const xml = fs.readFileSync("./test/static/hmac_signature.xml", "utf-8");
- const doc = new xmldom.DOMParser().parseFromString(xml);
+ const doc = new xmldom.DOMParser().parseFromString(xml, "text/xml");
const signature = xpath.select1(
"/*/*[local-name(.)='Signature' and namespace-uri(.)='http://www.w3.org/2000/09/xmldsig#']",
- doc,
+ doc as unknown as Node,
);
isDomNode.assertIsNodeLike(signature);
@@ -27,10 +27,10 @@ describe("HMAC tests", function () {
it("test HMAC signature with incorrect key", function () {
const xml = fs.readFileSync("./test/static/hmac_signature.xml", "utf-8");
- const doc = new xmldom.DOMParser().parseFromString(xml);
+ const doc = new xmldom.DOMParser().parseFromString(xml, "text/xml");
const signature = xpath.select1(
"/*/*[local-name(.)='Signature' and namespace-uri(.)='http://www.w3.org/2000/09/xmldsig#']",
- doc,
+ doc as unknown as Node,
);
isDomNode.assertIsNodeLike(signature);
@@ -57,10 +57,10 @@ describe("HMAC tests", function () {
sig.canonicalizationAlgorithm = "http://www.w3.org/2001/10/xml-exc-c14n#";
sig.computeSignature(xml);
- const doc = new xmldom.DOMParser().parseFromString(sig.getSignedXml());
+ const doc = new xmldom.DOMParser().parseFromString(sig.getSignedXml(), "text/xml");
const signature = xpath.select1(
"/*/*[local-name(.)='Signature' and namespace-uri(.)='http://www.w3.org/2000/09/xmldsig#']",
- doc,
+ doc as unknown as Node,
);
isDomNode.assertIsNodeLike(signature);
diff --git a/test/key-info-tests.spec.ts b/test/key-info-tests.spec.ts
index 19c8f4a7..f4b5478c 100644
--- a/test/key-info-tests.spec.ts
+++ b/test/key-info-tests.spec.ts
@@ -15,8 +15,11 @@ describe("KeyInfo tests", function () {
sig.signatureAlgorithm = "http://www.w3.org/2000/09/xmldsig#rsa-sha1";
sig.computeSignature(xml);
const signedXml = sig.getSignedXml();
- const doc = new xmldom.DOMParser().parseFromString(signedXml);
- const x509 = xpath.select("//*[local-name(.)='X509Certificate']", doc.documentElement);
+ const doc = new xmldom.DOMParser().parseFromString(signedXml, "text/xml");
+ const x509 = xpath.select(
+ "//*[local-name(.)='X509Certificate']",
+ doc.documentElement as unknown as Node,
+ );
isDomNode.assertIsArrayOfNodes(x509);
expect(x509.length, "X509Certificate element should exist").to.equal(1);
@@ -37,8 +40,8 @@ describe("KeyInfo tests", function () {
sig.canonicalizationAlgorithm = "http://www.w3.org/2001/10/xml-exc-c14n#";
sig.computeSignature(xml);
- const doc = new xmldom.DOMParser().parseFromString(sig.getSignedXml());
- const keyInfo = xpath.select1("//*[local-name(.)='KeyInfo']", doc);
+ const doc = new xmldom.DOMParser().parseFromString(sig.getSignedXml(), "text/xml");
+ const keyInfo = xpath.select1("//*[local-name(.)='KeyInfo']", doc as unknown as Node);
expect(keyInfo).to.be.undefined;
});
diff --git a/test/saml-response-tests.spec.ts b/test/saml-response-tests.spec.ts
index 4208ecfa..5f1d79c4 100644
--- a/test/saml-response-tests.spec.ts
+++ b/test/saml-response-tests.spec.ts
@@ -8,10 +8,10 @@ import * as isDomNode from "@xmldom/is-dom-node";
describe("SAML response tests", function () {
it("test validating SAML response", function () {
const xml = fs.readFileSync("./test/static/valid_saml.xml", "utf-8");
- const doc = new xmldom.DOMParser().parseFromString(xml);
+ const doc = new xmldom.DOMParser().parseFromString(xml, "text/xml");
const signature = xpath.select1(
"/*/*[local-name(.)='Signature' and namespace-uri(.)='http://www.w3.org/2000/09/xmldsig#']",
- doc,
+ doc as unknown as Node,
);
isDomNode.assertIsNodeLike(signature);
const sig = new SignedXml();
@@ -25,8 +25,8 @@ describe("SAML response tests", function () {
it("test validating wrapped assertion signature", function () {
const xml = fs.readFileSync("./test/static/valid_saml_signature_wrapping.xml", "utf-8");
- const doc = new xmldom.DOMParser().parseFromString(xml);
- const assertion = xpath.select1("//*[local-name(.)='Assertion']", doc);
+ const doc = new xmldom.DOMParser().parseFromString(xml, "text/xml");
+ const assertion = xpath.select1("//*[local-name(.)='Assertion']", doc as unknown as Node);
isDomNode.assertIsNodeLike(assertion);
const signature = xpath.select1(
"//*[local-name(.)='Signature' and namespace-uri(.)='http://www.w3.org/2000/09/xmldsig#']",
@@ -49,10 +49,10 @@ describe("SAML response tests", function () {
it("test validating SAML response where a namespace is defined outside the signed element", function () {
const xml = fs.readFileSync("./test/static/saml_external_ns.xml", "utf-8");
- const doc = new xmldom.DOMParser().parseFromString(xml);
+ const doc = new xmldom.DOMParser().parseFromString(xml, "text/xml");
const signature = xpath.select1(
"//*//*[local-name(.)='Signature' and namespace-uri(.)='http://www.w3.org/2000/09/xmldsig#']",
- doc,
+ doc as unknown as Node,
);
isDomNode.assertIsNodeLike(signature);
const sig = new SignedXml();
@@ -65,8 +65,8 @@ describe("SAML response tests", function () {
it("test reference id does not contain quotes", function () {
const xml = fs.readFileSync("./test/static/id_with_quotes.xml", "utf-8");
- const doc = new xmldom.DOMParser().parseFromString(xml);
- const assertion = xpath.select1("//*[local-name(.)='Assertion']", doc);
+ const doc = new xmldom.DOMParser().parseFromString(xml, "text/xml");
+ const assertion = xpath.select1("//*[local-name(.)='Assertion']", doc as unknown as Node);
isDomNode.assertIsNodeLike(assertion);
const signature = xpath.select1(
"//*[local-name(.)='Signature' and namespace-uri(.)='http://www.w3.org/2000/09/xmldsig#']",
@@ -83,10 +83,10 @@ describe("SAML response tests", function () {
it("test validating SAML response WithComments", function () {
const xml = fs.readFileSync("./test/static/valid_saml_withcomments.xml", "utf-8");
- const doc = new xmldom.DOMParser().parseFromString(xml);
+ const doc = new xmldom.DOMParser().parseFromString(xml, "text/xml");
const signature = xpath.select1(
"/*/*[local-name(.)='Signature' and namespace-uri(.)='http://www.w3.org/2000/09/xmldsig#']",
- doc,
+ doc as unknown as Node,
);
isDomNode.assertIsNodeLike(signature);
const sig = new SignedXml();
@@ -99,10 +99,10 @@ describe("SAML response tests", function () {
it("throws an error for a document with no `SignedInfo` node", function () {
const xml = fs.readFileSync("./test/static/invalid_saml_no_signed_info.xml", "utf-8");
- const doc = new xmldom.DOMParser().parseFromString(xml);
+ const doc = new xmldom.DOMParser().parseFromString(xml, "text/xml");
const node = xpath.select1(
"/*/*[local-name(.)='Signature' and namespace-uri(.)='http://www.w3.org/2000/09/xmldsig#']",
- doc,
+ doc as unknown as Node,
);
isDomNode.assertIsNodeLike(node);
@@ -115,8 +115,8 @@ describe("SAML response tests", function () {
it("test validation ignores an additional wrapped `SignedInfo` node", function () {
const xml = fs.readFileSync("./test/static/saml_wrapped_signed_info_node.xml", "utf-8");
- const doc = new xmldom.DOMParser().parseFromString(xml);
- const assertion = xpath.select1("//*[local-name(.)='Assertion']", doc);
+ const doc = new xmldom.DOMParser().parseFromString(xml, "text/xml");
+ const assertion = xpath.select1("//*[local-name(.)='Assertion']", doc as unknown as Node);
isDomNode.assertIsNodeLike(assertion);
const signature = xpath.select1(
"//*[local-name(.)='Signature' and namespace-uri(.)='http://www.w3.org/2000/09/xmldsig#']",
@@ -136,8 +136,8 @@ describe("SAML response tests", function () {
it("test signature throws if multiple `SignedInfo` nodes are found", function () {
const xml = fs.readFileSync("./test/static/saml_multiple_signed_info_nodes.xml", "utf-8");
- const doc = new xmldom.DOMParser().parseFromString(xml);
- const assertion = xpath.select1("//*[local-name(.)='Assertion'][1]", doc);
+ const doc = new xmldom.DOMParser().parseFromString(xml, "text/xml");
+ const assertion = xpath.select1("//*[local-name(.)='Assertion'][1]", doc as unknown as Node);
isDomNode.assertIsNodeLike(assertion);
const signature = xpath.select1(
"//*[local-name(.)='Signature' and namespace-uri(.)='http://www.w3.org/2000/09/xmldsig#']",
@@ -155,8 +155,8 @@ describe("SAML response tests", function () {
describe("for a SAML response with a digest value comment", () => {
it("loads digest value from text content instead of comment", function () {
const xml = fs.readFileSync("./test/static/valid_saml_with_digest_comment.xml", "utf-8");
- const doc = new xmldom.DOMParser().parseFromString(xml);
- const assertion = xpath.select1("//*[local-name(.)='Assertion']", doc);
+ const doc = new xmldom.DOMParser().parseFromString(xml, "text/xml");
+ const assertion = xpath.select1("//*[local-name(.)='Assertion']", doc as unknown as Node);
isDomNode.assertIsNodeLike(assertion);
const signature = xpath.select1(
"//*[local-name(.)='Signature' and namespace-uri(.)='http://www.w3.org/2000/09/xmldsig#']",
diff --git a/test/signature-integration-tests.spec.ts b/test/signature-integration-tests.spec.ts
index 02da0949..5341482b 100644
--- a/test/signature-integration-tests.spec.ts
+++ b/test/signature-integration-tests.spec.ts
@@ -97,12 +97,12 @@ describe("Signature integration tests", function () {
*/
xml = xml.replace(/>\s*<");
- const doc = new xmldom.DOMParser().parseFromString(xml);
+ const doc = new xmldom.DOMParser().parseFromString(xml, "text/xml");
const childXml = doc.firstChild?.toString();
const signature = xpath.select1(
"//*//*[local-name(.)='Signature' and namespace-uri(.)='http://www.w3.org/2000/09/xmldsig#']",
- doc,
+ doc as unknown as Node,
);
isDomNode.assertIsNodeLike(signature);
const sig = new SignedXml();
@@ -116,12 +116,12 @@ describe("Signature integration tests", function () {
it("signature with inclusive namespaces", function () {
const xml = fs.readFileSync("./test/static/signature_with_inclusivenamespaces.xml", "utf-8");
- const doc = new xmldom.DOMParser().parseFromString(xml);
+ const doc = new xmldom.DOMParser().parseFromString(xml, "text/xml");
const childXml = doc.firstChild?.toString();
const signature = xpath.select1(
"//*//*[local-name(.)='Signature' and namespace-uri(.)='http://www.w3.org/2000/09/xmldsig#']",
- doc,
+ doc as unknown as Node,
);
isDomNode.assertIsNodeLike(signature);
const sig = new SignedXml();
@@ -138,12 +138,12 @@ describe("Signature integration tests", function () {
"./test/static/signature_with_inclusivenamespaces_lines.xml",
"utf-8",
);
- const doc = new xmldom.DOMParser().parseFromString(xml);
+ const doc = new xmldom.DOMParser().parseFromString(xml, "text/xml");
const childXml = doc.firstChild?.toString();
const signature = xpath.select1(
"//*//*[local-name(.)='Signature' and namespace-uri(.)='http://www.w3.org/2000/09/xmldsig#']",
- doc,
+ doc as unknown as Node,
);
isDomNode.assertIsNodeLike(signature);
const sig = new SignedXml();
@@ -160,12 +160,12 @@ describe("Signature integration tests", function () {
"./test/static/signature_with_inclusivenamespaces_lines_windows.xml",
"utf-8",
);
- const doc = new xmldom.DOMParser().parseFromString(xml);
+ const doc = new xmldom.DOMParser().parseFromString(xml, "text/xml");
const childXml = doc.firstChild?.toString();
const signature = xpath.select1(
"//*//*[local-name(.)='Signature' and namespace-uri(.)='http://www.w3.org/2000/09/xmldsig#']",
- doc,
+ doc as unknown as Node,
);
isDomNode.assertIsNodeLike(signature);
const sig = new SignedXml();
@@ -193,7 +193,7 @@ describe("Signature integration tests", function () {
const signed = sig.getSignedXml();
- const doc = new xmldom.DOMParser().parseFromString(signed);
+ const doc = new xmldom.DOMParser().parseFromString(signed, "text/xml");
/*
Expecting this structure:
@@ -216,9 +216,13 @@ describe("Signature integration tests", function () {
*/
+ // eslint-disable-next-line @typescript-eslint/ban-ts-comment
+ // @ts-ignore
expect(doc.documentElement.nodeName, "root node = .").to.equal("library");
expect(doc.childNodes.length, "only one root node is expected.").to.equal(1);
expect(
+ // eslint-disable-next-line @typescript-eslint/ban-ts-comment
+ // @ts-ignore
doc.documentElement.childNodes.length,
" should have two child nodes : and ",
).to.equal(2);
diff --git a/test/signature-unit-tests.spec.ts b/test/signature-unit-tests.spec.ts
index baa382db..06c3da1d 100644
--- a/test/signature-unit-tests.spec.ts
+++ b/test/signature-unit-tests.spec.ts
@@ -42,7 +42,7 @@ describe("Signature unit tests", function () {
sig.signatureAlgorithm = "http://www.w3.org/2000/09/xmldsig#rsa-sha1";
sig.computeSignature(xml);
const signedXml = sig.getOriginalXmlWithIds();
- const doc = new xmldom.DOMParser().parseFromString(signedXml);
+ const doc = new xmldom.DOMParser().parseFromString(signedXml, "text/xml");
const op = nsMode === "equal" ? "=" : "!=";
@@ -85,8 +85,8 @@ describe("Signature unit tests", function () {
});
const signedXml = sig.getSignatureXml();
- const doc = new xmldom.DOMParser().parseFromString(signedXml);
- const references = xpath.select("//*[local-name(.)='Reference']", doc);
+ const doc = new xmldom.DOMParser().parseFromString(signedXml, "text/xml");
+ const references = xpath.select("//*[local-name(.)='Reference']", doc as unknown as Node);
isDomNode.assertIsArrayOfNodes(references);
expect(references.length).to.equal(2);
});
@@ -105,8 +105,8 @@ describe("Signature unit tests", function () {
sig.signatureAlgorithm = "http://www.w3.org/2000/09/xmldsig#rsa-sha1";
sig.computeSignature(xml);
const signedXml = sig.getOriginalXmlWithIds();
- const doc = new xmldom.DOMParser().parseFromString(signedXml);
- const attrs = xpath.select("//@*", doc);
+ const doc = new xmldom.DOMParser().parseFromString(signedXml, "text/xml");
+ const attrs = xpath.select("//@*", doc as unknown as Node);
isDomNode.assertIsArrayOfNodes(attrs);
expect(attrs.length, "wrong number of attributes").to.equal(2);
}
@@ -144,9 +144,13 @@ describe("Signature unit tests", function () {
});
const signedXml = sig.getSignatureXml();
- const doc = new xmldom.DOMParser().parseFromString(signedXml);
+ const doc = new xmldom.DOMParser().parseFromString(signedXml, "text/xml");
const signatureNode = doc.documentElement;
+ if (!signatureNode) {
+ throw new Error("signatureNode is not defined");
+ }
+
expect(attrs.Id, `Id attribute is not equal to the expected value: "${attrs.Id}"`).to.equal(
signatureNode.getAttribute("Id"),
);
@@ -177,8 +181,10 @@ describe("Signature unit tests", function () {
sig.signatureAlgorithm = "http://www.w3.org/2000/09/xmldsig#rsa-sha1";
sig.computeSignature(xml);
- const doc = new xmldom.DOMParser().parseFromString(sig.getSignedXml());
+ const doc = new xmldom.DOMParser().parseFromString(sig.getSignedXml(), "text/xml");
+ // eslint-disable-next-line @typescript-eslint/ban-ts-comment
+ // @ts-ignore
const lastChild = doc.documentElement.lastChild;
isDomNode.assertIsElementNode(lastChild);
expect(
@@ -207,8 +213,8 @@ describe("Signature unit tests", function () {
},
});
- const doc = new xmldom.DOMParser().parseFromString(sig.getSignedXml());
- const referenceNode = xpath.select1("/root/name", doc);
+ const doc = new xmldom.DOMParser().parseFromString(sig.getSignedXml(), "text/xml");
+ const referenceNode = xpath.select1("/root/name", doc as unknown as Node);
isDomNode.assertIsNodeLike(referenceNode);
const lastChild = referenceNode.lastChild;
@@ -239,8 +245,8 @@ describe("Signature unit tests", function () {
},
});
- const doc = new xmldom.DOMParser().parseFromString(sig.getSignedXml());
- const referenceNode = xpath.select1("/root/name", doc);
+ const doc = new xmldom.DOMParser().parseFromString(sig.getSignedXml(), "text/xml");
+ const referenceNode = xpath.select1("/root/name", doc as unknown as Node);
isDomNode.assertIsNodeLike(referenceNode);
const firstChild = referenceNode.firstChild;
@@ -270,8 +276,8 @@ describe("Signature unit tests", function () {
},
});
- const doc = new xmldom.DOMParser().parseFromString(sig.getSignedXml());
- const referenceNode = xpath.select1("/root/name", doc);
+ const doc = new xmldom.DOMParser().parseFromString(sig.getSignedXml(), "text/xml");
+ const referenceNode = xpath.select1("/root/name", doc as unknown as Node);
isDomNode.assertIsNodeLike(referenceNode);
const previousSibling = referenceNode.previousSibling;
@@ -302,8 +308,8 @@ describe("Signature unit tests", function () {
},
});
- const doc = new xmldom.DOMParser().parseFromString(sig.getSignedXml());
- const referenceNode = xpath.select1("/root/name", doc);
+ const doc = new xmldom.DOMParser().parseFromString(sig.getSignedXml(), "text/xml");
+ const referenceNode = xpath.select1("/root/name", doc as unknown as Node);
isDomNode.assertIsNodeLike(referenceNode);
const nextSibling = referenceNode.nextSibling;
@@ -782,10 +788,10 @@ describe("Signature unit tests", function () {
describe("pass loading signatures", function () {
function passLoadSignature(file: string, toString?: boolean) {
const xml = fs.readFileSync(file, "utf8");
- const doc = new xmldom.DOMParser().parseFromString(xml);
+ const doc = new xmldom.DOMParser().parseFromString(xml, "text/xml");
const signature = xpath.select1(
"/*//*[local-name(.)='Signature' and namespace-uri(.)='http://www.w3.org/2000/09/xmldsig#']",
- doc,
+ doc as unknown as Node,
);
isDomNode.assertIsElementNode(signature);
const sig = new SignedXml();
@@ -828,7 +834,10 @@ describe("Signature unit tests", function () {
const firstGrandchild = doc.firstChild?.firstChild;
isDomNode.assertIsElementNode(firstGrandchild);
- const matchedReference = sig.validateElementAgainstReferences(firstGrandchild, doc);
+ const matchedReference = sig.validateElementAgainstReferences(
+ firstGrandchild,
+ doc as unknown as Document,
+ );
expect(matchedReference).to.not.be.false;
/* eslint-disable-next-line deprecation/deprecation */
@@ -862,10 +871,10 @@ describe("Signature unit tests", function () {
describe("pass verify signature", function () {
function loadSignature(xml: string, idMode?: "wssecurity") {
- const doc = new xmldom.DOMParser().parseFromString(xml);
+ const doc = new xmldom.DOMParser().parseFromString(xml, "text/xml");
const node = xpath.select1(
"//*[local-name(.)='Signature' and namespace-uri(.)='http://www.w3.org/2000/09/xmldsig#']",
- doc,
+ doc as unknown as Node,
);
isDomNode.assertIsNodeLike(node);
const sig = new SignedXml({ idMode });
@@ -1000,8 +1009,8 @@ describe("Signature unit tests", function () {
sig.signatureAlgorithm = "http://www.w3.org/2000/09/xmldsig#rsa-sha1";
sig.computeSignature(xml);
const signedXml = sig.getSignedXml();
- const doc = new xmldom.DOMParser().parseFromString(signedXml);
- const URI = xpath.select1("//*[local-name(.)='Reference']/@URI", doc);
+ const doc = new xmldom.DOMParser().parseFromString(signedXml, "text/xml");
+ const URI = xpath.select1("//*[local-name(.)='Reference']/@URI", doc as unknown as Node);
isDomNode.assertIsAttributeNode(URI);
expect(URI.value, `uri should be empty but instead was ${URI.value}`).to.equal("");
});
@@ -1093,10 +1102,10 @@ describe("Signature unit tests", function () {
sig.computeSignature(xml);
const signedXml = sig.getSignedXml();
- const doc = new xmldom.DOMParser().parseFromString(signedXml);
+ const doc = new xmldom.DOMParser().parseFromString(signedXml, "text/xml");
const inclusiveNamespaces = xpath.select(
"//*[local-name(.)='Reference']/*[local-name(.)='Transforms']/*[local-name(.)='Transform']/*[local-name(.)='InclusiveNamespaces']",
- doc.documentElement,
+ doc.documentElement as unknown as Node,
);
isDomNode.assertIsArrayOfNodes(inclusiveNamespaces);
expect(inclusiveNamespaces.length, "InclusiveNamespaces element should exist").to.equal(1);
@@ -1130,10 +1139,10 @@ describe("Signature unit tests", function () {
sig.computeSignature(xml);
const signedXml = sig.getSignedXml();
- const doc = new xmldom.DOMParser().parseFromString(signedXml);
+ const doc = new xmldom.DOMParser().parseFromString(signedXml, "text/xml");
const inclusiveNamespaces = xpath.select1(
"//*[local-name(.)='Reference']/*[local-name(.)='Transforms']/*[local-name(.)='Transform']/*[local-name(.)='InclusiveNamespaces']",
- doc.documentElement,
+ doc.documentElement as unknown as Node,
);
expect(inclusiveNamespaces, "InclusiveNamespaces element should not exist").to.be.undefined;
@@ -1155,10 +1164,10 @@ describe("Signature unit tests", function () {
sig.computeSignature(xml);
const signedXml = sig.getSignedXml();
- const doc = new xmldom.DOMParser().parseFromString(signedXml);
+ const doc = new xmldom.DOMParser().parseFromString(signedXml, "text/xml");
const inclusiveNamespaces = xpath.select(
"//*[local-name(.)='CanonicalizationMethod']/*[local-name(.)='InclusiveNamespaces']",
- doc.documentElement,
+ doc.documentElement as unknown as Node,
);
isDomNode.assertIsArrayOfNodes(inclusiveNamespaces);
@@ -1194,10 +1203,10 @@ describe("Signature unit tests", function () {
sig.computeSignature(xml);
const signedXml = sig.getSignedXml();
- const doc = new xmldom.DOMParser().parseFromString(signedXml);
+ const doc = new xmldom.DOMParser().parseFromString(signedXml, "text/xml");
const inclusiveNamespaces = xpath.select1(
"//*[local-name(.)='CanonicalizationMethod']/*[local-name(.)='InclusiveNamespaces']",
- doc.documentElement,
+ doc.documentElement as unknown as Node,
);
expect(
@@ -1221,8 +1230,11 @@ describe("Signature unit tests", function () {
sig.computeSignature(xml);
const signedXml = sig.getSignedXml();
- const doc = new xmldom.DOMParser().parseFromString(signedXml);
- const keyInfoElements = xpath.select("//*[local-name(.)='KeyInfo']", doc.documentElement);
+ const doc = new xmldom.DOMParser().parseFromString(signedXml, "text/xml");
+ const keyInfoElements = xpath.select(
+ "//*[local-name(.)='KeyInfo']",
+ doc.documentElement as unknown as Node,
+ );
isDomNode.assertIsArrayOfNodes(keyInfoElements);
expect(keyInfoElements.length, "KeyInfo element should exist").to.equal(1);
@@ -1253,11 +1265,11 @@ describe("Signature unit tests", function () {
sig.computeSignature(xml);
const signedXml = sig.getSignedXml();
- const doc = new xmldom.DOMParser().parseFromString(signedXml);
+ const doc = new xmldom.DOMParser().parseFromString(signedXml, "text/xml");
const x509certificates = xpath.select(
"//*[local-name(.)='X509Certificate']",
- doc.documentElement,
+ doc.documentElement as unknown as Node,
);
isDomNode.assertIsArrayOfNodes(x509certificates);
expect(x509certificates.length, "There should be exactly two certificates").to.equal(2);
diff --git a/test/static/wsfederation_metadata.xml b/test/static/wsfederation_metadata.xml
index e21d104b..400544f3 100644
--- a/test/static/wsfederation_metadata.xml
+++ b/test/static/wsfederation_metadata.xml
@@ -1 +1 @@
-qIVhfzD3HVMA4BUQZ+zUF6AlFgcL7FyQ8tN35NZWFJs=HxgwvF+xtlUb4Qa9AzEiti4X3rHu6xWOmew2sVH+BBWpuwhDWWPxK9hHVhYYcuCHZDBnN7LLTY1L80/D2+KruNug9B1kOb6c3S/VWV09wbmIyocG1nH4/FGQf8+AU7ajFizG+ODhfJY0xEOag1E5cwXqrM4ULu6HBSAkLDNBA85m8qi/UAd6INyel0DzwfANvjz34VZOLMX+rydyXoKhSpKoBlip1eHdUdzOM4HtlnemIZhMkgofNjxbFjRNwPclizwWJuF0I0Xj1jwT8wR4X7wWvPO9JgxgR6CixveZRt/is5IVgKl/UeqHCzS/a5tYatoF0o35byC0E2ehOJGCBw==MIIC4jCCAcqgAwIBAgIQQNXrmzhLN4VGlUXDYCRT3zANBgkqhkiG9w0BAQsFADAtMSswKQYDVQQDEyJhY2NvdW50cy5hY2Nlc3Njb250cm9sLndpbmRvd3MubmV0MB4XDTE0MTAyODAwMDAwMFoXDTE2MTAyNzAwMDAwMFowLTErMCkGA1UEAxMiYWNjb3VudHMuYWNjZXNzY29udHJvbC53aW5kb3dzLm5ldDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALyKs/uPhEf7zVizjfcr/ISGFe9+yUOqwpel38zgutvLHmFD39E2hpPdQhcXn4c4dt1fU5KvkbcDdVbP8+e4TvNpJMy/nEB2V92zCQ/hhBjilwhF1ETe1TMmVjALs0KFvbxW9ZN3EdUVvxFvz/gvG29nQhl4QWKj3x8opr89lmq14Z7T0mzOV8kub+cgsOU/1bsKqrIqN1fMKKFhjKaetctdjYTfGzVQ0AJAzzbtg0/Q1wdYNAnhSDafygEv6kNiquk0r0RyasUUevEXs2LY3vSgKsKseI8ZZlQEMtE9/k/iAG7JNcEbVg53YTurNTrPnXJOU88mf3TToX14HpYsS1ECAwEAATANBgkqhkiG9w0BAQsFAAOCAQEAfolx45w0i8CdAUjjeAaYdhG9+NDHxop0UvNOqlGqYJexqPLuvX8iyUaYxNGzZxFgGI3GpKfmQP2JQWQ1E5JtY/n8iNLOKRMwqkuxSCKJxZJq4Sl/m/Yv7TS1P5LNgAj8QLCypxsWrTAmq2HSpkeSk4JBtsYxX6uhbGM/K1sEktKybVTHu22/7TmRqWTmOUy9wQvMjJb2IXdMGLG3hVntN/WWcs5w8vbt1i8Kk6o19W2MjZ95JaECKjBDYRlhG1KmSBtrsKsCBQoBzwH/rXfksTO9JoUYLXiW0IppB7DhNH4PJ5hZI91R8rR0H3/bKkLSuDaKLWSqMhozdhXsIIKvJQ==MIIDPjCCAiqgAwIBAgIQsRiM0jheFZhKk49YD0SK1TAJBgUrDgMCHQUAMC0xKzApBgNVBAMTImFjY291bnRzLmFjY2Vzc2NvbnRyb2wud2luZG93cy5uZXQwHhcNMTQwMTAxMDcwMDAwWhcNMTYwMTAxMDcwMDAwWjAtMSswKQYDVQQDEyJhY2NvdW50cy5hY2Nlc3Njb250cm9sLndpbmRvd3MubmV0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkSCWg6q9iYxvJE2NIhSyOiKvqoWCO2GFipgH0sTSAs5FalHQosk9ZNTztX0ywS/AHsBeQPqYygfYVJL6/EgzVuwRk5txr9e3n1uml94fLyq/AXbwo9yAduf4dCHTP8CWR1dnDR+Qnz/4PYlWVEuuHHONOw/blbfdMjhY+C/BYM2E3pRxbohBb3x//CfueV7ddz2LYiH3wjz0QS/7kjPiNCsXcNyKQEOTkbHFi3mu0u13SQwNddhcynd/GTgWN8A+6SN1r4hzpjFKFLbZnBt77ACSiYx+IHK4Mp+NaVEi5wQtSsjQtI++XsokxRDqYLwus1I1SihgbV/STTg5enufuwIDAQABo2IwYDBeBgNVHQEEVzBVgBDLebM6bK3BjWGqIBrBNFeNoS8wLTErMCkGA1UEAxMiYWNjb3VudHMuYWNjZXNzY29udHJvbC53aW5kb3dzLm5ldIIQsRiM0jheFZhKk49YD0SK1TAJBgUrDgMCHQUAA4IBAQCJ4JApryF77EKC4zF5bUaBLQHQ1PNtA1uMDbdNVGKCmSf8M65b8h0NwlIjGGGy/unK8P6jWFdm5IlZ0YPTOgzcRZguXDPj7ajyvlVEQ2K2ICvTYiRQqrOhEhZMSSZsTKXFVwNfW6ADDkN3bvVOVbtpty+nBY5UqnI7xbcoHLZ4wYD251uj5+lo13YLnsVrmQ16NCBYq2nQFNPuNJw6t3XUbwBHXpF46aLT1/eGf/7Xx6iy8yPJX4DyrpFTutDz882RWofGEO5t4Cw+zZg70dJ/hH/ODYRMorfXEW+8uKmXMKmX2wyxMKvfiPbTy5LmAU8Jvjs2tLg4rOBcXWLAIarZMIIC4jCCAcqgAwIBAgIQQNXrmzhLN4VGlUXDYCRT3zANBgkqhkiG9w0BAQsFADAtMSswKQYDVQQDEyJhY2NvdW50cy5hY2Nlc3Njb250cm9sLndpbmRvd3MubmV0MB4XDTE0MTAyODAwMDAwMFoXDTE2MTAyNzAwMDAwMFowLTErMCkGA1UEAxMiYWNjb3VudHMuYWNjZXNzY29udHJvbC53aW5kb3dzLm5ldDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALyKs/uPhEf7zVizjfcr/ISGFe9+yUOqwpel38zgutvLHmFD39E2hpPdQhcXn4c4dt1fU5KvkbcDdVbP8+e4TvNpJMy/nEB2V92zCQ/hhBjilwhF1ETe1TMmVjALs0KFvbxW9ZN3EdUVvxFvz/gvG29nQhl4QWKj3x8opr89lmq14Z7T0mzOV8kub+cgsOU/1bsKqrIqN1fMKKFhjKaetctdjYTfGzVQ0AJAzzbtg0/Q1wdYNAnhSDafygEv6kNiquk0r0RyasUUevEXs2LY3vSgKsKseI8ZZlQEMtE9/k/iAG7JNcEbVg53YTurNTrPnXJOU88mf3TToX14HpYsS1ECAwEAATANBgkqhkiG9w0BAQsFAAOCAQEAfolx45w0i8CdAUjjeAaYdhG9+NDHxop0UvNOqlGqYJexqPLuvX8iyUaYxNGzZxFgGI3GpKfmQP2JQWQ1E5JtY/n8iNLOKRMwqkuxSCKJxZJq4Sl/m/Yv7TS1P5LNgAj8QLCypxsWrTAmq2HSpkeSk4JBtsYxX6uhbGM/K1sEktKybVTHu22/7TmRqWTmOUy9wQvMjJb2IXdMGLG3hVntN/WWcs5w8vbt1i8Kk6o19W2MjZ95JaECKjBDYRlhG1KmSBtrsKsCBQoBzwH/rXfksTO9JoUYLXiW0IppB7DhNH4PJ5hZI91R8rR0H3/bKkLSuDaKLWSqMhozdhXsIIKvJQ==NameThe mutable display name of the user.SubjectAn immutable, globally unique, non-reusable identifier of the user that is unique to the application for which a token is issued.Given NameFirst name of the user.SurnameLast name of the user.Display NameDisplay name of the user.Nick NameNick name of the user.Authentication InstantThe time (UTC) when the user is authenticated to Windows Azure Active Directory.Authentication MethodThe method that Windows Azure Active Directory uses to authenticate users.ObjectIdentifierPrimary identifier for the user in the directory. Immutable, globally unique, non-reusable.TenantIdIdentifier for the user's tenant.IdentityProviderIdentity provider for the user.EmailEmail address of the user.GroupsGroups of the user.External Access TokenAccess token issued by external identity provider.External Access Token ExpirationUTC expiration time of access token issued by external identity provider.External OpenID 2.0 IdentifierOpenID 2.0 identifier issued by external identity provider.GroupsOverageClaimIssued when number of user's group claims exceeds return limit.Role ClaimRoles that the user or Service Principal is attached toRoleTemplate Id ClaimRole template id of the Built-in Directory Roles that the user is a member ofhttps://login.windows.net/8bd6e98d-e212-4022-b13f-a244fab4c253/wsfedhttps://login.windows.net/8bd6e98d-e212-4022-b13f-a244fab4c253/wsfedMIIDPjCCAiqgAwIBAgIQsRiM0jheFZhKk49YD0SK1TAJBgUrDgMCHQUAMC0xKzApBgNVBAMTImFjY291bnRzLmFjY2Vzc2NvbnRyb2wud2luZG93cy5uZXQwHhcNMTQwMTAxMDcwMDAwWhcNMTYwMTAxMDcwMDAwWjAtMSswKQYDVQQDEyJhY2NvdW50cy5hY2Nlc3Njb250cm9sLndpbmRvd3MubmV0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkSCWg6q9iYxvJE2NIhSyOiKvqoWCO2GFipgH0sTSAs5FalHQosk9ZNTztX0ywS/AHsBeQPqYygfYVJL6/EgzVuwRk5txr9e3n1uml94fLyq/AXbwo9yAduf4dCHTP8CWR1dnDR+Qnz/4PYlWVEuuHHONOw/blbfdMjhY+C/BYM2E3pRxbohBb3x//CfueV7ddz2LYiH3wjz0QS/7kjPiNCsXcNyKQEOTkbHFi3mu0u13SQwNddhcynd/GTgWN8A+6SN1r4hzpjFKFLbZnBt77ACSiYx+IHK4Mp+NaVEi5wQtSsjQtI++XsokxRDqYLwus1I1SihgbV/STTg5enufuwIDAQABo2IwYDBeBgNVHQEEVzBVgBDLebM6bK3BjWGqIBrBNFeNoS8wLTErMCkGA1UEAxMiYWNjb3VudHMuYWNjZXNzY29udHJvbC53aW5kb3dzLm5ldIIQsRiM0jheFZhKk49YD0SK1TAJBgUrDgMCHQUAA4IBAQCJ4JApryF77EKC4zF5bUaBLQHQ1PNtA1uMDbdNVGKCmSf8M65b8h0NwlIjGGGy/unK8P6jWFdm5IlZ0YPTOgzcRZguXDPj7ajyvlVEQ2K2ICvTYiRQqrOhEhZMSSZsTKXFVwNfW6ADDkN3bvVOVbtpty+nBY5UqnI7xbcoHLZ4wYD251uj5+lo13YLnsVrmQ16NCBYq2nQFNPuNJw6t3XUbwBHXpF46aLT1/eGf/7Xx6iy8yPJX4DyrpFTutDz882RWofGEO5t4Cw+zZg70dJ/hH/ODYRMorfXEW+8uKmXMKmX2wyxMKvfiPbTy5LmAU8Jvjs2tLg4rOBcXWLAIarZMIIC4jCCAcqgAwIBAgIQQNXrmzhLN4VGlUXDYCRT3zANBgkqhkiG9w0BAQsFADAtMSswKQYDVQQDEyJhY2NvdW50cy5hY2Nlc3Njb250cm9sLndpbmRvd3MubmV0MB4XDTE0MTAyODAwMDAwMFoXDTE2MTAyNzAwMDAwMFowLTErMCkGA1UEAxMiYWNjb3VudHMuYWNjZXNzY29udHJvbC53aW5kb3dzLm5ldDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALyKs/uPhEf7zVizjfcr/ISGFe9+yUOqwpel38zgutvLHmFD39E2hpPdQhcXn4c4dt1fU5KvkbcDdVbP8+e4TvNpJMy/nEB2V92zCQ/hhBjilwhF1ETe1TMmVjALs0KFvbxW9ZN3EdUVvxFvz/gvG29nQhl4QWKj3x8opr89lmq14Z7T0mzOV8kub+cgsOU/1bsKqrIqN1fMKKFhjKaetctdjYTfGzVQ0AJAzzbtg0/Q1wdYNAnhSDafygEv6kNiquk0r0RyasUUevEXs2LY3vSgKsKseI8ZZlQEMtE9/k/iAG7JNcEbVg53YTurNTrPnXJOU88mf3TToX14HpYsS1ECAwEAATANBgkqhkiG9w0BAQsFAAOCAQEAfolx45w0i8CdAUjjeAaYdhG9+NDHxop0UvNOqlGqYJexqPLuvX8iyUaYxNGzZxFgGI3GpKfmQP2JQWQ1E5JtY/n8iNLOKRMwqkuxSCKJxZJq4Sl/m/Yv7TS1P5LNgAj8QLCypxsWrTAmq2HSpkeSk4JBtsYxX6uhbGM/K1sEktKybVTHu22/7TmRqWTmOUy9wQvMjJb2IXdMGLG3hVntN/WWcs5w8vbt1i8Kk6o19W2MjZ95JaECKjBDYRlhG1KmSBtrsKsCBQoBzwH/rXfksTO9JoUYLXiW0IppB7DhNH4PJ5hZI91R8rR0H3/bKkLSuDaKLWSqMhozdhXsIIKvJQ==https://sts.windows.net/8bd6e98d-e212-4022-b13f-a244fab4c253/https://login.windows.net/8bd6e98d-e212-4022-b13f-a244fab4c253/wsfedhttps://login.windows.net/8bd6e98d-e212-4022-b13f-a244fab4c253/wsfedMIIDPjCCAiqgAwIBAgIQsRiM0jheFZhKk49YD0SK1TAJBgUrDgMCHQUAMC0xKzApBgNVBAMTImFjY291bnRzLmFjY2Vzc2NvbnRyb2wud2luZG93cy5uZXQwHhcNMTQwMTAxMDcwMDAwWhcNMTYwMTAxMDcwMDAwWjAtMSswKQYDVQQDEyJhY2NvdW50cy5hY2Nlc3Njb250cm9sLndpbmRvd3MubmV0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkSCWg6q9iYxvJE2NIhSyOiKvqoWCO2GFipgH0sTSAs5FalHQosk9ZNTztX0ywS/AHsBeQPqYygfYVJL6/EgzVuwRk5txr9e3n1uml94fLyq/AXbwo9yAduf4dCHTP8CWR1dnDR+Qnz/4PYlWVEuuHHONOw/blbfdMjhY+C/BYM2E3pRxbohBb3x//CfueV7ddz2LYiH3wjz0QS/7kjPiNCsXcNyKQEOTkbHFi3mu0u13SQwNddhcynd/GTgWN8A+6SN1r4hzpjFKFLbZnBt77ACSiYx+IHK4Mp+NaVEi5wQtSsjQtI++XsokxRDqYLwus1I1SihgbV/STTg5enufuwIDAQABo2IwYDBeBgNVHQEEVzBVgBDLebM6bK3BjWGqIBrBNFeNoS8wLTErMCkGA1UEAxMiYWNjb3VudHMuYWNjZXNzY29udHJvbC53aW5kb3dzLm5ldIIQsRiM0jheFZhKk49YD0SK1TAJBgUrDgMCHQUAA4IBAQCJ4JApryF77EKC4zF5bUaBLQHQ1PNtA1uMDbdNVGKCmSf8M65b8h0NwlIjGGGy/unK8P6jWFdm5IlZ0YPTOgzcRZguXDPj7ajyvlVEQ2K2ICvTYiRQqrOhEhZMSSZsTKXFVwNfW6ADDkN3bvVOVbtpty+nBY5UqnI7xbcoHLZ4wYD251uj5+lo13YLnsVrmQ16NCBYq2nQFNPuNJw6t3XUbwBHXpF46aLT1/eGf/7Xx6iy8yPJX4DyrpFTutDz882RWofGEO5t4Cw+zZg70dJ/hH/ODYRMorfXEW+8uKmXMKmX2wyxMKvfiPbTy5LmAU8Jvjs2tLg4rOBcXWLAIarZMIIC4jCCAcqgAwIBAgIQQNXrmzhLN4VGlUXDYCRT3zANBgkqhkiG9w0BAQsFADAtMSswKQYDVQQDEyJhY2NvdW50cy5hY2Nlc3Njb250cm9sLndpbmRvd3MubmV0MB4XDTE0MTAyODAwMDAwMFoXDTE2MTAyNzAwMDAwMFowLTErMCkGA1UEAxMiYWNjb3VudHMuYWNjZXNzY29udHJvbC53aW5kb3dzLm5ldDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALyKs/uPhEf7zVizjfcr/ISGFe9+yUOqwpel38zgutvLHmFD39E2hpPdQhcXn4c4dt1fU5KvkbcDdVbP8+e4TvNpJMy/nEB2V92zCQ/hhBjilwhF1ETe1TMmVjALs0KFvbxW9ZN3EdUVvxFvz/gvG29nQhl4QWKj3x8opr89lmq14Z7T0mzOV8kub+cgsOU/1bsKqrIqN1fMKKFhjKaetctdjYTfGzVQ0AJAzzbtg0/Q1wdYNAnhSDafygEv6kNiquk0r0RyasUUevEXs2LY3vSgKsKseI8ZZlQEMtE9/k/iAG7JNcEbVg53YTurNTrPnXJOU88mf3TToX14HpYsS1ECAwEAATANBgkqhkiG9w0BAQsFAAOCAQEAfolx45w0i8CdAUjjeAaYdhG9+NDHxop0UvNOqlGqYJexqPLuvX8iyUaYxNGzZxFgGI3GpKfmQP2JQWQ1E5JtY/n8iNLOKRMwqkuxSCKJxZJq4Sl/m/Yv7TS1P5LNgAj8QLCypxsWrTAmq2HSpkeSk4JBtsYxX6uhbGM/K1sEktKybVTHu22/7TmRqWTmOUy9wQvMjJb2IXdMGLG3hVntN/WWcs5w8vbt1i8Kk6o19W2MjZ95JaECKjBDYRlhG1KmSBtrsKsCBQoBzwH/rXfksTO9JoUYLXiW0IppB7DhNH4PJ5hZI91R8rR0H3/bKkLSuDaKLWSqMhozdhXsIIKvJQ==
\ No newline at end of file
+qIVhfzD3HVMA4BUQZ+zUF6AlFgcL7FyQ8tN35NZWFJs=HxgwvF+xtlUb4Qa9AzEiti4X3rHu6xWOmew2sVH+BBWpuwhDWWPxK9hHVhYYcuCHZDBnN7LLTY1L80/D2+KruNug9B1kOb6c3S/VWV09wbmIyocG1nH4/FGQf8+AU7ajFizG+ODhfJY0xEOag1E5cwXqrM4ULu6HBSAkLDNBA85m8qi/UAd6INyel0DzwfANvjz34VZOLMX+rydyXoKhSpKoBlip1eHdUdzOM4HtlnemIZhMkgofNjxbFjRNwPclizwWJuF0I0Xj1jwT8wR4X7wWvPO9JgxgR6CixveZRt/is5IVgKl/UeqHCzS/a5tYatoF0o35byC0E2ehOJGCBw==MIIC4jCCAcqgAwIBAgIQQNXrmzhLN4VGlUXDYCRT3zANBgkqhkiG9w0BAQsFADAtMSswKQYDVQQDEyJhY2NvdW50cy5hY2Nlc3Njb250cm9sLndpbmRvd3MubmV0MB4XDTE0MTAyODAwMDAwMFoXDTE2MTAyNzAwMDAwMFowLTErMCkGA1UEAxMiYWNjb3VudHMuYWNjZXNzY29udHJvbC53aW5kb3dzLm5ldDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALyKs/uPhEf7zVizjfcr/ISGFe9+yUOqwpel38zgutvLHmFD39E2hpPdQhcXn4c4dt1fU5KvkbcDdVbP8+e4TvNpJMy/nEB2V92zCQ/hhBjilwhF1ETe1TMmVjALs0KFvbxW9ZN3EdUVvxFvz/gvG29nQhl4QWKj3x8opr89lmq14Z7T0mzOV8kub+cgsOU/1bsKqrIqN1fMKKFhjKaetctdjYTfGzVQ0AJAzzbtg0/Q1wdYNAnhSDafygEv6kNiquk0r0RyasUUevEXs2LY3vSgKsKseI8ZZlQEMtE9/k/iAG7JNcEbVg53YTurNTrPnXJOU88mf3TToX14HpYsS1ECAwEAATANBgkqhkiG9w0BAQsFAAOCAQEAfolx45w0i8CdAUjjeAaYdhG9+NDHxop0UvNOqlGqYJexqPLuvX8iyUaYxNGzZxFgGI3GpKfmQP2JQWQ1E5JtY/n8iNLOKRMwqkuxSCKJxZJq4Sl/m/Yv7TS1P5LNgAj8QLCypxsWrTAmq2HSpkeSk4JBtsYxX6uhbGM/K1sEktKybVTHu22/7TmRqWTmOUy9wQvMjJb2IXdMGLG3hVntN/WWcs5w8vbt1i8Kk6o19W2MjZ95JaECKjBDYRlhG1KmSBtrsKsCBQoBzwH/rXfksTO9JoUYLXiW0IppB7DhNH4PJ5hZI91R8rR0H3/bKkLSuDaKLWSqMhozdhXsIIKvJQ==MIIDPjCCAiqgAwIBAgIQsRiM0jheFZhKk49YD0SK1TAJBgUrDgMCHQUAMC0xKzApBgNVBAMTImFjY291bnRzLmFjY2Vzc2NvbnRyb2wud2luZG93cy5uZXQwHhcNMTQwMTAxMDcwMDAwWhcNMTYwMTAxMDcwMDAwWjAtMSswKQYDVQQDEyJhY2NvdW50cy5hY2Nlc3Njb250cm9sLndpbmRvd3MubmV0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkSCWg6q9iYxvJE2NIhSyOiKvqoWCO2GFipgH0sTSAs5FalHQosk9ZNTztX0ywS/AHsBeQPqYygfYVJL6/EgzVuwRk5txr9e3n1uml94fLyq/AXbwo9yAduf4dCHTP8CWR1dnDR+Qnz/4PYlWVEuuHHONOw/blbfdMjhY+C/BYM2E3pRxbohBb3x//CfueV7ddz2LYiH3wjz0QS/7kjPiNCsXcNyKQEOTkbHFi3mu0u13SQwNddhcynd/GTgWN8A+6SN1r4hzpjFKFLbZnBt77ACSiYx+IHK4Mp+NaVEi5wQtSsjQtI++XsokxRDqYLwus1I1SihgbV/STTg5enufuwIDAQABo2IwYDBeBgNVHQEEVzBVgBDLebM6bK3BjWGqIBrBNFeNoS8wLTErMCkGA1UEAxMiYWNjb3VudHMuYWNjZXNzY29udHJvbC53aW5kb3dzLm5ldIIQsRiM0jheFZhKk49YD0SK1TAJBgUrDgMCHQUAA4IBAQCJ4JApryF77EKC4zF5bUaBLQHQ1PNtA1uMDbdNVGKCmSf8M65b8h0NwlIjGGGy/unK8P6jWFdm5IlZ0YPTOgzcRZguXDPj7ajyvlVEQ2K2ICvTYiRQqrOhEhZMSSZsTKXFVwNfW6ADDkN3bvVOVbtpty+nBY5UqnI7xbcoHLZ4wYD251uj5+lo13YLnsVrmQ16NCBYq2nQFNPuNJw6t3XUbwBHXpF46aLT1/eGf/7Xx6iy8yPJX4DyrpFTutDz882RWofGEO5t4Cw+zZg70dJ/hH/ODYRMorfXEW+8uKmXMKmX2wyxMKvfiPbTy5LmAU8Jvjs2tLg4rOBcXWLAIarZMIIC4jCCAcqgAwIBAgIQQNXrmzhLN4VGlUXDYCRT3zANBgkqhkiG9w0BAQsFADAtMSswKQYDVQQDEyJhY2NvdW50cy5hY2Nlc3Njb250cm9sLndpbmRvd3MubmV0MB4XDTE0MTAyODAwMDAwMFoXDTE2MTAyNzAwMDAwMFowLTErMCkGA1UEAxMiYWNjb3VudHMuYWNjZXNzY29udHJvbC53aW5kb3dzLm5ldDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALyKs/uPhEf7zVizjfcr/ISGFe9+yUOqwpel38zgutvLHmFD39E2hpPdQhcXn4c4dt1fU5KvkbcDdVbP8+e4TvNpJMy/nEB2V92zCQ/hhBjilwhF1ETe1TMmVjALs0KFvbxW9ZN3EdUVvxFvz/gvG29nQhl4QWKj3x8opr89lmq14Z7T0mzOV8kub+cgsOU/1bsKqrIqN1fMKKFhjKaetctdjYTfGzVQ0AJAzzbtg0/Q1wdYNAnhSDafygEv6kNiquk0r0RyasUUevEXs2LY3vSgKsKseI8ZZlQEMtE9/k/iAG7JNcEbVg53YTurNTrPnXJOU88mf3TToX14HpYsS1ECAwEAATANBgkqhkiG9w0BAQsFAAOCAQEAfolx45w0i8CdAUjjeAaYdhG9+NDHxop0UvNOqlGqYJexqPLuvX8iyUaYxNGzZxFgGI3GpKfmQP2JQWQ1E5JtY/n8iNLOKRMwqkuxSCKJxZJq4Sl/m/Yv7TS1P5LNgAj8QLCypxsWrTAmq2HSpkeSk4JBtsYxX6uhbGM/K1sEktKybVTHu22/7TmRqWTmOUy9wQvMjJb2IXdMGLG3hVntN/WWcs5w8vbt1i8Kk6o19W2MjZ95JaECKjBDYRlhG1KmSBtrsKsCBQoBzwH/rXfksTO9JoUYLXiW0IppB7DhNH4PJ5hZI91R8rR0H3/bKkLSuDaKLWSqMhozdhXsIIKvJQ==NameThe mutable display name of the user.SubjectAn immutable, globally unique, non-reusable identifier of the user that is unique to the application for which a token is issued.Given NameFirst name of the user.SurnameLast name of the user.Display NameDisplay name of the user.Nick NameNick name of the user.Authentication InstantThe time (UTC) when the user is authenticated to Windows Azure Active Directory.Authentication MethodThe method that Windows Azure Active Directory uses to authenticate users.ObjectIdentifierPrimary identifier for the user in the directory. Immutable, globally unique, non-reusable.TenantIdIdentifier for the user's tenant.IdentityProviderIdentity provider for the user.EmailEmail address of the user.GroupsGroups of the user.External Access TokenAccess token issued by external identity provider.External Access Token ExpirationUTC expiration time of access token issued by external identity provider.External OpenID 2.0 IdentifierOpenID 2.0 identifier issued by external identity provider.GroupsOverageClaimIssued when number of user's group claims exceeds return limit.Role ClaimRoles that the user or Service Principal is attached toRoleTemplate Id ClaimRole template id of the Built-in Directory Roles that the user is a member ofhttps://login.windows.net/8bd6e98d-e212-4022-b13f-a244fab4c253/wsfedhttps://login.windows.net/8bd6e98d-e212-4022-b13f-a244fab4c253/wsfedMIIDPjCCAiqgAwIBAgIQsRiM0jheFZhKk49YD0SK1TAJBgUrDgMCHQUAMC0xKzApBgNVBAMTImFjY291bnRzLmFjY2Vzc2NvbnRyb2wud2luZG93cy5uZXQwHhcNMTQwMTAxMDcwMDAwWhcNMTYwMTAxMDcwMDAwWjAtMSswKQYDVQQDEyJhY2NvdW50cy5hY2Nlc3Njb250cm9sLndpbmRvd3MubmV0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkSCWg6q9iYxvJE2NIhSyOiKvqoWCO2GFipgH0sTSAs5FalHQosk9ZNTztX0ywS/AHsBeQPqYygfYVJL6/EgzVuwRk5txr9e3n1uml94fLyq/AXbwo9yAduf4dCHTP8CWR1dnDR+Qnz/4PYlWVEuuHHONOw/blbfdMjhY+C/BYM2E3pRxbohBb3x//CfueV7ddz2LYiH3wjz0QS/7kjPiNCsXcNyKQEOTkbHFi3mu0u13SQwNddhcynd/GTgWN8A+6SN1r4hzpjFKFLbZnBt77ACSiYx+IHK4Mp+NaVEi5wQtSsjQtI++XsokxRDqYLwus1I1SihgbV/STTg5enufuwIDAQABo2IwYDBeBgNVHQEEVzBVgBDLebM6bK3BjWGqIBrBNFeNoS8wLTErMCkGA1UEAxMiYWNjb3VudHMuYWNjZXNzY29udHJvbC53aW5kb3dzLm5ldIIQsRiM0jheFZhKk49YD0SK1TAJBgUrDgMCHQUAA4IBAQCJ4JApryF77EKC4zF5bUaBLQHQ1PNtA1uMDbdNVGKCmSf8M65b8h0NwlIjGGGy/unK8P6jWFdm5IlZ0YPTOgzcRZguXDPj7ajyvlVEQ2K2ICvTYiRQqrOhEhZMSSZsTKXFVwNfW6ADDkN3bvVOVbtpty+nBY5UqnI7xbcoHLZ4wYD251uj5+lo13YLnsVrmQ16NCBYq2nQFNPuNJw6t3XUbwBHXpF46aLT1/eGf/7Xx6iy8yPJX4DyrpFTutDz882RWofGEO5t4Cw+zZg70dJ/hH/ODYRMorfXEW+8uKmXMKmX2wyxMKvfiPbTy5LmAU8Jvjs2tLg4rOBcXWLAIarZMIIC4jCCAcqgAwIBAgIQQNXrmzhLN4VGlUXDYCRT3zANBgkqhkiG9w0BAQsFADAtMSswKQYDVQQDEyJhY2NvdW50cy5hY2Nlc3Njb250cm9sLndpbmRvd3MubmV0MB4XDTE0MTAyODAwMDAwMFoXDTE2MTAyNzAwMDAwMFowLTErMCkGA1UEAxMiYWNjb3VudHMuYWNjZXNzY29udHJvbC53aW5kb3dzLm5ldDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALyKs/uPhEf7zVizjfcr/ISGFe9+yUOqwpel38zgutvLHmFD39E2hpPdQhcXn4c4dt1fU5KvkbcDdVbP8+e4TvNpJMy/nEB2V92zCQ/hhBjilwhF1ETe1TMmVjALs0KFvbxW9ZN3EdUVvxFvz/gvG29nQhl4QWKj3x8opr89lmq14Z7T0mzOV8kub+cgsOU/1bsKqrIqN1fMKKFhjKaetctdjYTfGzVQ0AJAzzbtg0/Q1wdYNAnhSDafygEv6kNiquk0r0RyasUUevEXs2LY3vSgKsKseI8ZZlQEMtE9/k/iAG7JNcEbVg53YTurNTrPnXJOU88mf3TToX14HpYsS1ECAwEAATANBgkqhkiG9w0BAQsFAAOCAQEAfolx45w0i8CdAUjjeAaYdhG9+NDHxop0UvNOqlGqYJexqPLuvX8iyUaYxNGzZxFgGI3GpKfmQP2JQWQ1E5JtY/n8iNLOKRMwqkuxSCKJxZJq4Sl/m/Yv7TS1P5LNgAj8QLCypxsWrTAmq2HSpkeSk4JBtsYxX6uhbGM/K1sEktKybVTHu22/7TmRqWTmOUy9wQvMjJb2IXdMGLG3hVntN/WWcs5w8vbt1i8Kk6o19W2MjZ95JaECKjBDYRlhG1KmSBtrsKsCBQoBzwH/rXfksTO9JoUYLXiW0IppB7DhNH4PJ5hZI91R8rR0H3/bKkLSuDaKLWSqMhozdhXsIIKvJQ==https://sts.windows.net/8bd6e98d-e212-4022-b13f-a244fab4c253/https://login.windows.net/8bd6e98d-e212-4022-b13f-a244fab4c253/wsfedhttps://login.windows.net/8bd6e98d-e212-4022-b13f-a244fab4c253/wsfedMIIDPjCCAiqgAwIBAgIQsRiM0jheFZhKk49YD0SK1TAJBgUrDgMCHQUAMC0xKzApBgNVBAMTImFjY291bnRzLmFjY2Vzc2NvbnRyb2wud2luZG93cy5uZXQwHhcNMTQwMTAxMDcwMDAwWhcNMTYwMTAxMDcwMDAwWjAtMSswKQYDVQQDEyJhY2NvdW50cy5hY2Nlc3Njb250cm9sLndpbmRvd3MubmV0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkSCWg6q9iYxvJE2NIhSyOiKvqoWCO2GFipgH0sTSAs5FalHQosk9ZNTztX0ywS/AHsBeQPqYygfYVJL6/EgzVuwRk5txr9e3n1uml94fLyq/AXbwo9yAduf4dCHTP8CWR1dnDR+Qnz/4PYlWVEuuHHONOw/blbfdMjhY+C/BYM2E3pRxbohBb3x//CfueV7ddz2LYiH3wjz0QS/7kjPiNCsXcNyKQEOTkbHFi3mu0u13SQwNddhcynd/GTgWN8A+6SN1r4hzpjFKFLbZnBt77ACSiYx+IHK4Mp+NaVEi5wQtSsjQtI++XsokxRDqYLwus1I1SihgbV/STTg5enufuwIDAQABo2IwYDBeBgNVHQEEVzBVgBDLebM6bK3BjWGqIBrBNFeNoS8wLTErMCkGA1UEAxMiYWNjb3VudHMuYWNjZXNzY29udHJvbC53aW5kb3dzLm5ldIIQsRiM0jheFZhKk49YD0SK1TAJBgUrDgMCHQUAA4IBAQCJ4JApryF77EKC4zF5bUaBLQHQ1PNtA1uMDbdNVGKCmSf8M65b8h0NwlIjGGGy/unK8P6jWFdm5IlZ0YPTOgzcRZguXDPj7ajyvlVEQ2K2ICvTYiRQqrOhEhZMSSZsTKXFVwNfW6ADDkN3bvVOVbtpty+nBY5UqnI7xbcoHLZ4wYD251uj5+lo13YLnsVrmQ16NCBYq2nQFNPuNJw6t3XUbwBHXpF46aLT1/eGf/7Xx6iy8yPJX4DyrpFTutDz882RWofGEO5t4Cw+zZg70dJ/hH/ODYRMorfXEW+8uKmXMKmX2wyxMKvfiPbTy5LmAU8Jvjs2tLg4rOBcXWLAIarZMIIC4jCCAcqgAwIBAgIQQNXrmzhLN4VGlUXDYCRT3zANBgkqhkiG9w0BAQsFADAtMSswKQYDVQQDEyJhY2NvdW50cy5hY2Nlc3Njb250cm9sLndpbmRvd3MubmV0MB4XDTE0MTAyODAwMDAwMFoXDTE2MTAyNzAwMDAwMFowLTErMCkGA1UEAxMiYWNjb3VudHMuYWNjZXNzY29udHJvbC53aW5kb3dzLm5ldDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALyKs/uPhEf7zVizjfcr/ISGFe9+yUOqwpel38zgutvLHmFD39E2hpPdQhcXn4c4dt1fU5KvkbcDdVbP8+e4TvNpJMy/nEB2V92zCQ/hhBjilwhF1ETe1TMmVjALs0KFvbxW9ZN3EdUVvxFvz/gvG29nQhl4QWKj3x8opr89lmq14Z7T0mzOV8kub+cgsOU/1bsKqrIqN1fMKKFhjKaetctdjYTfGzVQ0AJAzzbtg0/Q1wdYNAnhSDafygEv6kNiquk0r0RyasUUevEXs2LY3vSgKsKseI8ZZlQEMtE9/k/iAG7JNcEbVg53YTurNTrPnXJOU88mf3TToX14HpYsS1ECAwEAATANBgkqhkiG9w0BAQsFAAOCAQEAfolx45w0i8CdAUjjeAaYdhG9+NDHxop0UvNOqlGqYJexqPLuvX8iyUaYxNGzZxFgGI3GpKfmQP2JQWQ1E5JtY/n8iNLOKRMwqkuxSCKJxZJq4Sl/m/Yv7TS1P5LNgAj8QLCypxsWrTAmq2HSpkeSk4JBtsYxX6uhbGM/K1sEktKybVTHu22/7TmRqWTmOUy9wQvMjJb2IXdMGLG3hVntN/WWcs5w8vbt1i8Kk6o19W2MjZ95JaECKjBDYRlhG1KmSBtrsKsCBQoBzwH/rXfksTO9JoUYLXiW0IppB7DhNH4PJ5hZI91R8rR0H3/bKkLSuDaKLWSqMhozdhXsIIKvJQ==
\ No newline at end of file
diff --git a/test/utils-tests.spec.ts b/test/utils-tests.spec.ts
index b5fe41aa..f3a49ebb 100644
--- a/test/utils-tests.spec.ts
+++ b/test/utils-tests.spec.ts
@@ -47,8 +47,9 @@ describe("Utils tests", function () {
it("will return a normalized PEM format when given a base64 string with line breaks and spaces at the line breaks", function () {
const xml = new xmldom.DOMParser().parseFromString(
fs.readFileSync("./test/static/keyinfo - pretty-printed.xml", "latin1"),
+ "text/xml",
);
- const cert = xpath.select1(".//*[local-name(.)='X509Certificate']", xml);
+ const cert = xpath.select1(".//*[local-name(.)='X509Certificate']", xml as unknown as Node);
isDomNode.assertIsNodeLike(cert);
const normalizedPem = fs.readFileSync("./test/static/keyinfo.pem", "latin1");
diff --git a/test/wsfed-metadata-tests.spec.ts b/test/wsfed-metadata-tests.spec.ts
index 7ddea8e8..8a208c30 100644
--- a/test/wsfed-metadata-tests.spec.ts
+++ b/test/wsfed-metadata-tests.spec.ts
@@ -8,10 +8,10 @@ import * as isDomNode from "@xmldom/is-dom-node";
describe("WS-Fed Metadata tests", function () {
it("test validating WS-Fed Metadata", function () {
const xml = fs.readFileSync("./test/static/wsfederation_metadata.xml", "utf-8");
- const doc = new xmldom.DOMParser().parseFromString(xml);
+ const doc = new xmldom.DOMParser().parseFromString(xml, "text/xml");
const signature = xpath.select1(
"/*/*[local-name(.)='Signature' and namespace-uri(.)='http://www.w3.org/2000/09/xmldsig#']",
- doc,
+ doc as unknown as Node,
);
isDomNode.assertIsNodeLike(signature);
const sig = new SignedXml();