wip

node-saml · Oct 2, 2023 · 9a297d7 · 9a297d7
1 parent b46439b
commit 9a297d7
Show file tree

Hide file tree

Showing 3 changed files with 76 additions and 14 deletions.
diff --git a/README.md b/README.md
@@ -157,14 +157,14 @@ var elem = xpath.select("/xpath_to_interesting_element", doc);
 var uri = sig.references[0].uri; // might not be 0 - depending on the document you verify
 var id = uri[0] === "#" ? uri.substring(1) : uri;
 if (elem.getAttribute("ID") != id && elem.getAttribute("Id") != id && elem.getAttribute("id") != id)
-  throw new Error("the interesting element was not the one verified by the signature");
+  throw new Error("The interesting element was not the one verified by the signature");
 
 // Use the built-in method
-let elem = xpath.select("/xpath_to_interesting_element", doc);
+let elem = xpath.select1("/xpath_to_interesting_element", doc);
 try {
   const matchingReference = sig.validateElementAgainstReferences(elem, doc);
 } catch {
-  throw new Error("the interesting element was not the one verified by the signature");
+  throw new Error("The interesting element was not the one verified by the signature");
 }
 ```
 

diff --git a/src/signed-xml.ts b/src/signed-xml.ts
@@ -468,17 +468,17 @@ export class SignedXml {
       this.validationErrors.push(validationError.message);
 
       return false;
-    }
-
-    ref.getValidatedNode = () => {
-      if (typeof ref.xpath !== "string") {
-        return null;
-      }
-      const selectedValue = xpath.select1(ref.xpath, doc);
-      return isDomNode.isNodeLike(selectedValue) ? selectedValue : null;
-    };
+    } else {
+      ref.getValidatedNode = () => {
+        if (typeof ref.xpath !== "string") {
+          return null;
+        }
+        const selectedValue = xpath.select1(ref.xpath, doc);
+        return isDomNode.isNodeLike(selectedValue) ? selectedValue : null;
+      };
 
-    return true;
+      return true;
+    }
   }
 
   validateReferences(doc: Document) {
@@ -667,7 +667,9 @@ export class SignedXml {
       digestValue,
       inclusiveNamespacesPrefixList,
       isEmptyUri,
-      getValidatedNode: () => null,
+      getValidatedNode: () => {
+        throw new Error("Reference has not been validated yet");
+      },
     });
   }
 

diff --git a/test/document-tests.spec.ts b/test/document-tests.spec.ts
@@ -43,3 +43,63 @@ describe("Document tests", function () {
     expect(result).to.be.true;
   });
 });
+
+describe("Validated node references tests", function () {
+  it("should return references if the document is validly signed", function () {
+    const xml = fs.readFileSync("./test/static/valid_saml.xml", "utf-8");
+    const doc = new xmldom.DOMParser().parseFromString(xml);
+    const sig = new SignedXml();
+    sig.loadSignature(doc.documentElement);
+    sig.checkSignature(xml);
+    const ref = sig.references[0];
+    const result = ref.getValidatedNode();
+    expect(result?.toString()).to.equal(doc.toString());
+  });
+
+  it("should not return references if the document is not validly signed", function () {
+    const xml = fs.readFileSync("./test/static/invalid_signature - changed content.xml", "utf-8");
+    const doc = new xmldom.DOMParser().parseFromString(xml);
+    const sig = new SignedXml();
+    sig.loadSignature(doc.documentElement);
+    sig.checkSignature(xml);
+    const ref = sig.references[0];
+    const result = ref.getValidatedNode();
+    expect(result?.toString()).to.equal(doc.toString());
+  });
+
+  it("should return `null` if the selected node isn't found", function () {
+    const xml = fs.readFileSync("./test/static/valid_saml.xml", "utf-8");
+    const doc = new xmldom.DOMParser().parseFromString(xml);
+    const sig = new SignedXml();
+    sig.loadSignature(doc.documentElement);
+    sig.checkSignature(xml);
+    const ref = sig.references[0];
+    ref.xpath = "/non-existent-node";
+    const result = ref.getValidatedNode();
+    expect(result).to.be.null;
+  });
+
+  it("should return the selected node if it is validly signed", function () {
+    const xml = fs.readFileSync("./test/static/valid_saml.xml", "utf-8");
+    const doc = new xmldom.DOMParser().parseFromString(xml);
+    const sig = new SignedXml();
+    sig.loadSignature(doc.documentElement);
+    sig.checkSignature(xml);
+    const ref = sig.references[0];
+    ref.xpath = "//*[local-name()='Attribute' and @Name='mail']/*[local-name()='AttributeValue']/text()";
+    const result = ref.getValidatedNode();
+    expect(result?.nodeValue).to.equal("henri.bergius@nemein.com");
+  });
+
+  it("should return `null` if the selected node isn't validly signed", function () {
+    const xml = fs.readFileSync("./test/static/invalid_signature - changed content.xml", "utf-8");
+    const doc = new xmldom.DOMParser().parseFromString(xml);
+    const sig = new SignedXml();
+    sig.loadSignature(doc.documentElement);
+    sig.checkSignature(xml);
+    const ref = sig.references[0];
+    ref.xpath = "//*[local-name()='Attribute' and @Name='mail']/*[local-name()='AttributeValue']/text()";
+    const result = ref.getValidatedNode();
+    expect(result).to.be.null;
+  });
+});