Use inclusiveNamespacesPrefixList to generate InclusiveNamespaces (#284)

index.d.ts

@@ -37,13 +37,15 @@ export class SignedXml {
     static HashAlgorithms: {[uri: string]: new () => HashAlgorithm};
     static SignatureAlgorithms: {[uri: string]: new () => SignatureAlgorithm};
     canonicalizationAlgorithm: string;
+    inclusiveNamespacesPrefixList: string;
     keyInfoProvider: KeyInfo;
     references: Reference[];
     signatureAlgorithm: string;
     signingKey: Buffer | string;
     validationErrors: string[];
     constructor(idMode?: string | null, options?: {
         canonicalizationAlgorithm?: string | undefined
+        inclusiveNamespacesPrefixList?: string | undefined
         idAttribute?: string | undefined
         implicitTransforms?: ReadonlyArray<string> | undefined
         signatureAlgorithm?: string | undefined

lib/signed-xml.js

@@ -286,6 +286,7 @@ function SignedXml(idMode, options) {
   this.signatureAlgorithm = this.options.signatureAlgorithm || "http://www.w3.org/2000/09/xmldsig#rsa-sha1";
   this.keyInfoProvider = null
   this.canonicalizationAlgorithm = this.options.canonicalizationAlgorithm || "http://www.w3.org/2001/10/xml-exc-c14n#"
+  this.inclusiveNamespacesPrefixList = this.options.inclusiveNamespacesPrefixList || ""
   this.signedXml = ""
   this.signatureXml = ""
   this.signatureNode = null
@@ -891,7 +892,14 @@ SignedXml.prototype.createReferences = function(doc, prefix) {
 
         var trans = ref.transforms[t]
         var transform = this.findCanonicalizationAlgorithm(trans)
-        res += "<" + prefix + "Transform Algorithm=\"" + transform.getAlgorithmName() + "\" />"
+        res += "<" + prefix + "Transform Algorithm=\"" + transform.getAlgorithmName() + "\""
+        if (ref.inclusiveNamespacesPrefixList) {
+          res += ">"
+          res += "<InclusiveNamespaces PrefixList=\"" + ref.inclusiveNamespacesPrefixList + "\" xmlns=\""+transform.getAlgorithmName()+"\"/>"
+          res += "</" + prefix + "Transform>"
+        } else {
+          res += " />"
+        }
       }
 
       var canonXml = this.getCanonReferenceXml(doc, ref, node)
@@ -984,8 +992,15 @@ SignedXml.prototype.createSignedInfo = function(doc, prefix) {
   currentPrefix = currentPrefix ? currentPrefix + ':' : currentPrefix
 
   var res = "<" + currentPrefix + "SignedInfo>"
-  res += "<" + currentPrefix + "CanonicalizationMethod Algorithm=\"" + transform.getAlgorithmName() + "\" />" +
-          "<" + currentPrefix + "SignatureMethod Algorithm=\"" + algo.getAlgorithmName() + "\" />"
+  res += "<" + currentPrefix + "CanonicalizationMethod Algorithm=\"" + transform.getAlgorithmName() + "\""
+  if (this.inclusiveNamespacesPrefixList) {
+    res += ">"
+    res += "<InclusiveNamespaces PrefixList=\"" + this.inclusiveNamespacesPrefixList + "\" xmlns=\""+transform.getAlgorithmName()+"\"/>"
+    res += "</" + currentPrefix + "CanonicalizationMethod>"
+  } else {
+    res += " />"
+  }
+  res += "<" + currentPrefix + "SignatureMethod Algorithm=\"" + algo.getAlgorithmName() + "\" />"
 
   res += this.createReferences(doc, prefix)
   res += "</" + currentPrefix + "SignedInfo>"

test/signature-unit-tests.js

@@ -621,7 +621,7 @@ module.exports = {
       };
     }
 
-    var xml = 
+    var xml =
       '<SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/"> ' +
         '<SOAP-ENV:Header> ' +
           '<wsse:Security ' +
@@ -652,7 +652,87 @@ module.exports = {
     test.equal((result.match(/xmlns:wsu=/g) || []).length, 1)
     test.equal((result.match(/xmlns:wsse=/g) || []).length, 1)
     test.done();
-  }
+  },
+
+  "creates InclusiveNamespaces element when inclusiveNamespacesPrefixList is set on Reference": function (test) {
+    var xml = "<root><x /></root>";
+    var sig = new SignedXml();
+    sig.signingKey = fs.readFileSync("./test/static/client.pem");
+    sig.keyInfoProvider = null;
+
+    sig.addReference("//*[local-name(.)='root']", ["http://www.w3.org/2000/09/xmldsig#enveloped-signature"], "http://www.w3.org/2000/09/xmldsig#sha1", "", "", "prefix1 prefix2");
+
+    sig.computeSignature(xml);
+    var signedXml = sig.getSignedXml()
+
+    var doc = new dom().parseFromString(signedXml);
+    var inclusiveNamespaces = select("//*[local-name(.)='Reference']/*[local-name(.)='Transforms']/*[local-name(.)='Transform']/*[local-name(.)='InclusiveNamespaces']", doc.documentElement);
+    test.equal(inclusiveNamespaces.length, 1, "InclusiveNamespaces element should exist");
+
+    var prefixListAttribute = inclusiveNamespaces[0].getAttribute('PrefixList');
+    test.equal(prefixListAttribute, 'prefix1 prefix2', "InclusiveNamespaces element should have the correct PrefixList attribute value");
+
+    test.done();
+  },
+
+  "does not create InclusiveNamespaces element when inclusiveNamespacesPrefixList is not set on Reference": function (test) {
+    var xml = "<root><x /></root>";
+    var sig = new SignedXml();
+    sig.signingKey = fs.readFileSync("./test/static/client.pem");
+    sig.keyInfoProvider = null;
+
+    sig.addReference("//*[local-name(.)='root']", ["http://www.w3.org/2000/09/xmldsig#enveloped-signature"], "http://www.w3.org/2000/09/xmldsig#sha1", "", "", "");
+
+    sig.computeSignature(xml);
+    var signedXml = sig.getSignedXml();
+
+    var doc = new dom().parseFromString(signedXml);
+    var inclusiveNamespaces = select("//*[local-name(.)='Reference']/*[local-name(.)='Transforms']/*[local-name(.)='Transform']/*[local-name(.)='InclusiveNamespaces']", doc.documentElement);
+    test.equal(inclusiveNamespaces.length, 0, "InclusiveNamespaces element should not exist");
+
+    test.done();
+  },
+
+  "creates InclusiveNamespaces element inside CanonicalizationMethod when inclusiveNamespacesPrefixList is set on SignedXml options": function (test) {
+    var xml = "<root><x /></root>";
+    var sig = new SignedXml(null, {inclusiveNamespacesPrefixList: "prefix1 prefix2"});
+    sig.signingKey = fs.readFileSync("./test/static/client.pem");
+    sig.keyInfoProvider = null;
+
+    sig.addReference("//*[local-name(.)='root']", ["http://www.w3.org/2000/09/xmldsig#enveloped-signature"], "http://www.w3.org/2000/09/xmldsig#sha1");
+
+    sig.computeSignature(xml);
+    var signedXml = sig.getSignedXml()
+
+    var doc = new dom().parseFromString(signedXml);
+    var inclusiveNamespaces = select("//*[local-name(.)='CanonicalizationMethod']/*[local-name(.)='InclusiveNamespaces']", doc.documentElement);
+
+    test.equal(inclusiveNamespaces.length, 1, "InclusiveNamespaces element should exist inside CanonicalizationMethod");
+
+    var prefixListAttribute = inclusiveNamespaces[0].getAttribute('PrefixList');
+    test.equal(prefixListAttribute, 'prefix1 prefix2', "InclusiveNamespaces element inside CanonicalizationMethod should have the correct PrefixList attribute value");
+
+    test.done();
+  },
+
+  "does not create InclusiveNamespaces element inside CanonicalizationMethod when inclusiveNamespacesPrefixList is not set on SignedXml options": function (test) {
+    var xml = "<root><x /></root>";
+    var sig = new SignedXml(null); // Omit inclusiveNamespacesPrefixList property
+    sig.signingKey = fs.readFileSync("./test/static/client.pem");
+    sig.keyInfoProvider = null;
+
+    sig.addReference("//*[local-name(.)='root']", ["http://www.w3.org/2000/09/xmldsig#enveloped-signature"], "http://www.w3.org/2000/09/xmldsig#sha1");
+
+    sig.computeSignature(xml);
+    var signedXml = sig.getSignedXml()
+
+    var doc = new dom().parseFromString(signedXml);
+    var inclusiveNamespaces = select("//*[local-name(.)='CanonicalizationMethod']/*[local-name(.)='InclusiveNamespaces']", doc.documentElement);
+
+    test.equal(inclusiveNamespaces.length, 0, "InclusiveNamespaces element should not exist inside CanonicalizationMethod");
+
+    test.done();
+  },
 
 }
 
@@ -797,7 +877,7 @@ function verifyReferenceNS(test) {
     }
   })
 
-  var signedXml = sig.getSignatureXml()  
+  var signedXml = sig.getSignatureXml()
   var doc = new dom().parseFromString(signedXml)
   var references = select("//*[local-name(.)='Reference']", doc)
   test.equal(references.length, 2)