Merge pull request #1 from eugeniop/master

Added WithComments canonicalization support
auth0 · Jun 5, 2015 · a20b99d · a20b99d
2 parents ab90b31 + 9aa3e9f
commit a20b99d
Show file tree

Hide file tree

Showing 4 changed files with 36 additions and 0 deletions.
diff --git a/lib/signed-xml.js b/lib/signed-xml.js
@@ -200,8 +200,10 @@ function SignedXml(idMode, options) {
   if (this.options.idAttribute) this.idAttributes.splice(0, 0, this.options.idAttribute);
 }
 
+//For now we are mapping WithComments canonicalization to ExclusiveCanonicalization
 SignedXml.CanonicalizationAlgorithms = {
   'http://www.w3.org/2001/10/xml-exc-c14n#': ExclusiveCanonicalization,
+  'http://www.w3.org/2001/10/xml-exc-c14n#WithComments': ExclusiveCanonicalization,
   'http://www.w3.org/2000/09/xmldsig#enveloped-signature': EnvelopedSignature
 }
 

diff --git a/test/saml-response-test.js b/test/saml-response-test.js
@@ -14,6 +14,18 @@ exports['test validating SAML response'] = function (test) {
   test.done();
 };
 
+exports['test validating SAML response with WithComments Canonicalization'] = function (test) {
+  var xml = fs.readFileSync('./test/static/saml_external_canonicalization_with_comments.xml', 'utf-8');
+  var doc = new xmldom.DOMParser().parseFromString(xml);
+  var signature = crypto.xpath(doc, "/*/*[local-name(.)='Signature' and namespace-uri(.)='http://www.w3.org/2000/09/xmldsig#']")[0];
+  var sig = new crypto.SignedXml();
+  sig.keyInfoProvider = new crypto.FileKeyInfo("./test/static/WithComments-Signing-Cert.pem");
+  sig.loadSignature(signature.toString());
+  var result = sig.checkSignature(xml);
+  test.equal(result, true);
+  test.done();
+};
+
 exports['test validating SAML response where a namespace is defined outside the signed element'] = function (test) {
   var xml = fs.readFileSync('./test/static/saml_external_ns.xml', 'utf-8');
   var doc = new xmldom.DOMParser().parseFromString(xml);

diff --git a/test/static/WithComments-Signing-Cert.pem b/test/static/WithComments-Signing-Cert.pem
@@ -0,0 +1,17 @@
+-----BEGIN CERTIFICATE-----
+MIICoDCCAYigAwIBAgIGHg9wUUEQMA0GCSqGSIb3DQEBCwUAMBQxEjAQBgNVBAMM
+CUNsb3VkR2F0ZTAeFw0xNDA3MjIwODExMjNaFw0yNDA3MjIwODExMjNaMA4xDDAK
+BgNVBAMMA2N5MjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKtVuICl
+FLEs3sjYAWvq5UcI7LJt6AY47axylNsAGPgYFtd3W6q/lXXyG01P4vsh6GF4iZou
+PrNBFa6fFom9xJ9f5b3ge/LgBcj9wbc0tsUhs+RXOaHiKUrlIS3ieUjyq3KWUvsD
+eEMrTiItzn7+RqnZ6V5wjFg2Chqzc2+133Xp1S9S7J2GHAL/BwdF/2iIzFW5Fk7t
+XQ0p5vtWvRdzGObY08ivl8s5+DQYaRU8xjrXvzUqQYAzj5Tns+kqjphMJ2B9/TRV
+tVQ4IPa8agzjidGXlveIFB3F0QuoginSmGPaTb9nzVipSk5FEg1nscCvjDO7uBGc
+huIHx8KWz8NJ0vcCAwEAATANBgkqhkiG9w0BAQsFAAOCAQEAdo/PpgdHCbSaxliy
+YDrvk2f09I/6sv7asj5/ChCQX/1ZeD1vQfX9e8GX6HHkUbv/lzdTk02zM5v/nQCU
+enPaM/29lpsp8+CSxj7+FR6FB5IIIDkMxUPSyyaXjAaF5AhtH9XBw2RWzdCmgbfz
+ukXYu58DGAsAGs+fzxZnctgxe0l7AjX/sgeIVfSrlbIWDuY+pXraoL7fFsyBG3R4
+qbldSUoLI6brspEs2j9uf+lG6Ss9ucviMKK0auNP8eXsOa85nXUt14a6d8wScEoF
+R0u/G2zb+CgQx8sQRl63vOk9krlxymblrR6Uv+F1KoFb9F8Sfg3NeCIa3hYOd66/
+yKN1Tg==
+-----END CERTIFICATE-----
diff --git a/test/static/saml_external_canonicalization_with_comments.xml b/test/static/saml_external_canonicalization_with_comments.xml
@@ -0,0 +1,5 @@
+<saml2p:Response xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol" Destination="https://optimizely.auth0.com/login/callback" ID="cg-9c8b9925-20fb-48a2-a990-34c97c9ff495" InResponseTo="_5af5ed82c117b5ea2a04" IssueInstant="2015-06-04T08:14:19.230Z" Version="2.0"><saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://ng-qa.isr.co.jp/sso/cy2/</saml2:Issuer><ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#"><ds:SignedInfo><ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#WithComments"/><ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/><ds:Reference URI="#cg-9c8b9925-20fb-48a2-a990-34c97c9ff495"><ds:Transforms><ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/><ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/></ds:Transforms><ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><ds:DigestValue>66EcBXuIS5btQTYJINZiDfynHOc=</ds:DigestValue></ds:Reference></ds:SignedInfo><ds:SignatureValue>eIb5bM1NwrQdlImifS8T3qA0bRpqTAWr1y7JadC1KON/xrB3Gn1TIa5AZBgiAujgqrQt/NBbC4cF50n4p3Y/qs0eValKxhnfgOA5uWyyQXF1hZjovWvgS3PH9JAUPHx5klQ16F6Mf6vk1mUJ36mFQWbjAo6NS2AWSxciv06RWaiimBwoK4P0XqeyqfBxjplE/v4s55ZwGofaY6X5NibZCyHfnfQrIim48fZeAa3LJ+55dcy8LmT4DXqlBDjssmdbTP/UUrXoXMLVfLD4Fb+tp83Tf8CGAzIyq65q0ADyd7mJBCHUthFny9lDNYRU8XhZEIosJtiLzWiul8Pm+JcoVg==</ds:SignatureValue><ds:KeyInfo><ds:KeyValue><ds:RSAKeyValue><ds:Modulus>q1W4gKUUsSzeyNgBa+rlRwjssm3oBjjtrHKU2wAY+BgW13dbqr+VdfIbTU/i+yHoYXiJmi4+s0EV
+rp8Wib3En1/lveB78uAFyP3BtzS2xSGz5Fc5oeIpSuUhLeJ5SPKrcpZS+wN4QytOIi3Ofv5Gqdnp
+XnCMWDYKGrNzb7XfdenVL1LsnYYcAv8HB0X/aIjMVbkWTu1dDSnm+1a9F3MY5tjTyK+Xyzn4NBhp
+FTzGOte/NSpBgDOPlOez6SqOmEwnYH39NFW1VDgg9rxqDOOJ0ZeW94gUHcXRC6iCKdKYY9pNv2fN
+WKlKTkUSDWexwK+MM7u4EZyG4gfHwpbPw0nS9w==</ds:Modulus><ds:Exponent>AQAB</ds:Exponent></ds:RSAKeyValue></ds:KeyValue></ds:KeyInfo></ds:Signature><saml2p:Status><saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/></saml2p:Status><saml2:Assertion xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" ID="cg-9c627648-53fe-483f-8aba-bb1a304671db" IssueInstant="2015-06-04T08:14:19.230Z" Version="2.0"><saml2:Issuer>https://ng-qa.isr.co.jp/sso/cy2/</saml2:Issuer><saml2:Subject><saml2:NameID Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient">kaneko@isr.co.jp</saml2:NameID><saml2:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer"><saml2:SubjectConfirmationData InResponseTo="_5af5ed82c117b5ea2a04" NotOnOrAfter="2015-06-04T08:15:19.230Z" Recipient="https://optimizely.auth0.com/login/callback"/></saml2:SubjectConfirmation></saml2:Subject><saml2:Conditions NotBefore="2015-06-04T08:14:19.230Z" NotOnOrAfter="2015-06-04T08:15:19.230Z"><saml2:AudienceRestriction><saml2:Audience>urn:auth0:optimizely:recruitjobs06032015</saml2:Audience></saml2:AudienceRestriction></saml2:Conditions><saml2:AuthnStatement AuthnInstant="2015-06-04T08:14:19.230Z"><saml2:AuthnContext><saml2:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:Password</saml2:AuthnContextClassRef></saml2:AuthnContext></saml2:AuthnStatement></saml2:Assertion></saml2p:Response>