From f9bd619ebe33d234d461beb0b6aa74de976dfe47 Mon Sep 17 00:00:00 2001 From: Ivan Date: Tue, 6 Jun 2023 12:33:44 +0200 Subject: [PATCH 01/14] update typings --- index.d.ts | 283 +++++++++++++++++++++++++++++++++++++++-------------- 1 file changed, 211 insertions(+), 72 deletions(-) diff --git a/index.d.ts b/index.d.ts index 20644918..015069e5 100644 --- a/index.d.ts +++ b/index.d.ts @@ -7,100 +7,239 @@ import { SelectedValue } from "xpath"; +type CanonicalizationAlgorithmType = + | "http://www.w3.org/TR/2001/REC-xml-c14n-20010315" + | "http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments" + | "http://www.w3.org/2001/10/xml-exc-c14n#" + | "http://www.w3.org/2001/10/xml-exc-c14n#WithComments" + | "http://www.w3.org/2000/09/xmldsig#enveloped-signature"; + +type HashAlgorithmType = + | "http://www.w3.org/2000/09/xmldsig#sha1" + | "http://www.w3.org/2001/04/xmlenc#sha256" + | "http://www.w3.org/2001/04/xmlenc#sha512"; + +type SignatureAlgorithmType = + | "http://www.w3.org/2000/09/xmldsig#rsa-sha1" + | "http://www.w3.org/2001/04/xmldsig-more#rsa-sha256" + | "http://www.w3.org/2001/04/xmldsig-more#rsa-sha512" + | "http://www.w3.org/2000/09/xmldsig#hmac-sha1"; + +/** + * Options for the computeSignature method. + */ +type ComputeSignatureOptions = { + prefix?: string; + attrs?: { [attrName: string]: string }; + location?: { + reference?: string; + action?: "append" | "prepend" | "before" | "after"; + }; + existingPrefixes?: { [prefix: string]: string }; +}; + +/** + * Callback signature for the computeSignature method. + */ +type ComputeSignatureCallback = (error: Error | null, signature: SignedXml | null) => void; + export class HashAlgorithm { - getAlgorithmName(): string; - getHash(xml: string): string; + getAlgorithmName(): string; + + getHash(xml: string): string; } export interface Reference { - xpath: string; - transforms?: ReadonlyArray | undefined; - digestAlgorithm?: string | undefined; - uri?: string | undefined; - digestValue?: string | undefined; - inclusiveNamespacesPrefixList?: string | undefined; - isEmptyUri?: boolean | undefined; + xpath: string; + transforms?: ReadonlyArray | undefined; + digestAlgorithm?: HashAlgorithmType | undefined; + uri?: string | undefined; + digestValue?: string | undefined; + inclusiveNamespacesPrefixList?: string | undefined; + isEmptyUri?: boolean | undefined; } export class SignatureAlgorithm { - getAlgorithmName(): string; - getSignature(signedInfo: Node, signingKey: Buffer): string; + getAlgorithmName(): string; + + getSignature(signedInfo: Node, signingKey: Buffer): string; } export class TransformationAlgorithm { - getAlgorithmName(): string; - process(node: Node): string; + getAlgorithmName(): string; + + process(node: Node): string; } export class SignedXml { - static CanonicalizationAlgorithms: { [uri: string]: new () => TransformationAlgorithm }; - static HashAlgorithms: { [uri: string]: new () => HashAlgorithm }; - static SignatureAlgorithms: { [uri: string]: new () => SignatureAlgorithm }; - canonicalizationAlgorithm: string; - inclusiveNamespacesPrefixList: string; - keyInfoProvider: KeyInfo; - references: Reference[]; - signatureAlgorithm: string; - signingKey: Buffer | string; - validationErrors: string[]; - constructor( - idMode?: string | null, - options?: { - canonicalizationAlgorithm?: string | undefined; - inclusiveNamespacesPrefixList?: string | undefined; - idAttribute?: string | undefined; - implicitTransforms?: ReadonlyArray | undefined; - signatureAlgorithm?: string | undefined; - } - ); - addReference( - xpath: string, - transforms?: ReadonlyArray, - digestAlgorithm?: string, - uri?: string, - digestValue?: string, - inclusiveNamespacesPrefixList?: string, - isEmptyUri?: boolean - ): void; - checkSignature(xml: string): boolean; - computeSignature( - xml: string, - opts?: { - prefix?: string | undefined; - attrs?: { [key: string]: any } | undefined; - location?: - | { - reference: string; - action: "append" | "prepend" | "before" | "after"; - } - | undefined; - existingPrefixes?: { [prefix: string]: string } | undefined; - } - ): void; - getOriginalXmlWithIds(): string; - getSignatureXml(): string; - getSignedXml(): string; - loadSignature(signatureNode: string | Node): void; + static CanonicalizationAlgorithms: { + [uri in CanonicalizationAlgorithmType]: new () => TransformationAlgorithm; + }; + static HashAlgorithms: { [uri in HashAlgorithmType]: new () => HashAlgorithm }; + static SignatureAlgorithms: { [uri in SignatureAlgorithmType]: new () => SignatureAlgorithm }; + canonicalizationAlgorithm: CanonicalizationAlgorithmType; + inclusiveNamespacesPrefixList: string; + keyInfoProvider: KeyInfo; + references: Reference[]; + signatureAlgorithm: SignatureAlgorithmType; + signingKey: Buffer | string; + validationErrors: string[]; + + constructor( + idMode?: string | null, + options?: { + canonicalizationAlgorithm?: CanonicalizationAlgorithmType | undefined; + inclusiveNamespacesPrefixList?: string | undefined; + idAttribute?: string | undefined; + implicitTransforms?: ReadonlyArray | undefined; + signatureAlgorithm?: SignatureAlgorithmType | undefined; + } + ); + + /** + * Due to key-confusion issues, its risky to have both hmac + * and digital signature algos enabled at the same time. + * This enables HMAC and disables other signing algos. + */ + enableHMAC(): void; + + /** + * Validates the signature of the provided XML document synchronously using the configured key info provider. + * + * @param xml The XML document containing the signature to be validated. + * @returns `true` if the signature is valid + * @throws Error if no key info resolver is provided. + */ + checkSignature(xml: string): boolean; + + /** + * Validates the signature of the provided XML document asynchronously using the configured key info provider. + * + * @param xml The XML document containing the signature to be validated. + * @param callback Callback function to handle the validation result asynchronously. + * @throws Error if the last parameter is provided and is not a function, or if no key info resolver is provided. + */ + checkSignature(xml: string, callback: (error: Error | null, isValid?: boolean) => void): void; + + /** + * Loads the signature information from the provided XML node or string. + * + * @param signatureNode The XML node or string representing the signature. + * @throws Error if the canonicalization or signature method elements are not found, or if there are no reference elements. + */ + loadSignature(signatureNode: Node | string): void; + + /** + * Adds a reference to the signature. + * + * @param xpath The XPath expression to select the XML nodes to be referenced. + * @param transforms An array of transform algorithms to be applied to the selected nodes. Defaults to ["http://www.w3.org/2001/10/xml-exc-c14n#"]. + * @param digestAlgorithm The digest algorithm to use for computing the digest value. Defaults to "http://www.w3.org/2000/09/xmldsig#sha1". + * @param uri The URI identifier for the reference. If empty, an empty URI will be used. + * @param digestValue The expected digest value for the reference. + * @param inclusiveNamespacesPrefixList The prefix list for inclusive namespace canonicalization. + * @param isEmptyUri Indicates whether the URI is empty. Defaults to `false`. + */ + addReference( + xpath: string, + transforms?: CanonicalizationAlgorithmType[], + digestAlgorithm?: HashAlgorithmType, + uri?: string, + digestValue?: string, + inclusiveNamespacesPrefixList?: string, + isEmptyUri?: boolean + ): void; + + /** + * Compute the signature of the given XML (using the already defined settings). + * + * @param xml The XML to compute the signature for. + * @returns If no callback is provided, returns `this` (the instance of SignedXml). + */ + computeSignature(xml: string): SignedXml; + + /** + * Compute the signature of the given XML (using the already defined settings). + * + * @param xml The XML to compute the signature for. + * @param callback A callback function to handle the signature computation asynchronously. + * @returns void + */ + computeSignature(xml: string, callback: ComputeSignatureCallback): void; + + /** + * Compute the signature of the given XML (using the already defined settings). + * + * @param xml The XML to compute the signature for. + * @param opts An object containing options for the signature computation. + * @returns If no callback is provided, returns `this` (the instance of SignedXml). + * @throws If the `location.action` option has an invalid action value. + */ + computeSignature(xml: string, opts: ComputeSignatureOptions): SignedXml; + + /** + * Compute the signature of the given XML (using the already defined settings). + * + * @param xml The XML to compute the signature for. + * @param opts An object containing options for the signature computation. + * @param callback A callback function to handle the signature computation asynchronously. + * @returns void + * @throws If the `location.action` option has an invalid action value. + */ + computeSignature( + xml: string, + opts: ComputeSignatureOptions, + callback: ComputeSignatureCallback + ): void; + + /** + * Get the signature XML as a string. + * + * @returns The signature XML. + */ + getSignatureXml(): string; + + /** + * Get the original XML with IDs as a string. + * + * @returns The original XML with IDs. + */ + getOriginalXmlWithIds(): string; + + /** + * Get the signed XML as a string. + * + * @returns The signed XML. + */ + getSignedXml(): string; } export interface KeyInfo { - getKey(keyInfo?: Node[] | null): Buffer; - getKeyInfo(key?: string, prefix?: string): string; - attrs?: { [key: string]: any } | undefined; + getKey(keyInfo?: Node[] | null): Buffer; + + getKeyInfo(key?: string, prefix?: string): string; + + attrs?: { [key: string]: any } | undefined; } export class FileKeyInfo implements KeyInfo { - file: string; - constructor(file?: string); - getKey(keyInfo?: Node[] | null): Buffer; - getKeyInfo(key?: string, prefix?: string): string; + file: string; + + constructor(file?: string); + + getKey(keyInfo?: Node[] | null): Buffer; + + getKeyInfo(key?: string, prefix?: string): string; } export class StringKeyInfo implements KeyInfo { - key: string; - constructor(key?: string); - getKey(keyInfo?: Node[] | null): Buffer; - getKeyInfo(key?: string, prefix?: string): string; + key: string; + + constructor(key?: string); + + getKey(keyInfo?: Node[] | null): Buffer; + + getKeyInfo(key?: string, prefix?: string): string; } export function xpath(node: Node, xpath: string): SelectedValue[]; From 250489c733d7e01c7dc203774cb41407c65ba6c4 Mon Sep 17 00:00:00 2001 From: Ivan Date: Tue, 6 Jun 2023 12:36:42 +0200 Subject: [PATCH 02/14] formatting --- index.d.ts | 366 ++++++++++++++++++++++++++--------------------------- 1 file changed, 183 insertions(+), 183 deletions(-) diff --git a/index.d.ts b/index.d.ts index 015069e5..c7329ba2 100644 --- a/index.d.ts +++ b/index.d.ts @@ -8,34 +8,34 @@ import { SelectedValue } from "xpath"; type CanonicalizationAlgorithmType = - | "http://www.w3.org/TR/2001/REC-xml-c14n-20010315" - | "http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments" - | "http://www.w3.org/2001/10/xml-exc-c14n#" - | "http://www.w3.org/2001/10/xml-exc-c14n#WithComments" - | "http://www.w3.org/2000/09/xmldsig#enveloped-signature"; + | "http://www.w3.org/TR/2001/REC-xml-c14n-20010315" + | "http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments" + | "http://www.w3.org/2001/10/xml-exc-c14n#" + | "http://www.w3.org/2001/10/xml-exc-c14n#WithComments" + | "http://www.w3.org/2000/09/xmldsig#enveloped-signature"; type HashAlgorithmType = - | "http://www.w3.org/2000/09/xmldsig#sha1" - | "http://www.w3.org/2001/04/xmlenc#sha256" - | "http://www.w3.org/2001/04/xmlenc#sha512"; + | "http://www.w3.org/2000/09/xmldsig#sha1" + | "http://www.w3.org/2001/04/xmlenc#sha256" + | "http://www.w3.org/2001/04/xmlenc#sha512"; type SignatureAlgorithmType = - | "http://www.w3.org/2000/09/xmldsig#rsa-sha1" - | "http://www.w3.org/2001/04/xmldsig-more#rsa-sha256" - | "http://www.w3.org/2001/04/xmldsig-more#rsa-sha512" - | "http://www.w3.org/2000/09/xmldsig#hmac-sha1"; + | "http://www.w3.org/2000/09/xmldsig#rsa-sha1" + | "http://www.w3.org/2001/04/xmldsig-more#rsa-sha256" + | "http://www.w3.org/2001/04/xmldsig-more#rsa-sha512" + | "http://www.w3.org/2000/09/xmldsig#hmac-sha1"; /** * Options for the computeSignature method. */ type ComputeSignatureOptions = { - prefix?: string; - attrs?: { [attrName: string]: string }; - location?: { - reference?: string; - action?: "append" | "prepend" | "before" | "after"; - }; - existingPrefixes?: { [prefix: string]: string }; + prefix?: string; + attrs?: { [attrName: string]: string }; + location?: { + reference?: string; + action?: "append" | "prepend" | "before" | "after"; + }; + existingPrefixes?: { [prefix: string]: string }; }; /** @@ -44,202 +44,202 @@ type ComputeSignatureOptions = { type ComputeSignatureCallback = (error: Error | null, signature: SignedXml | null) => void; export class HashAlgorithm { - getAlgorithmName(): string; + getAlgorithmName(): string; - getHash(xml: string): string; + getHash(xml: string): string; } export interface Reference { - xpath: string; - transforms?: ReadonlyArray | undefined; - digestAlgorithm?: HashAlgorithmType | undefined; - uri?: string | undefined; - digestValue?: string | undefined; - inclusiveNamespacesPrefixList?: string | undefined; - isEmptyUri?: boolean | undefined; + xpath: string; + transforms?: ReadonlyArray | undefined; + digestAlgorithm?: HashAlgorithmType | undefined; + uri?: string | undefined; + digestValue?: string | undefined; + inclusiveNamespacesPrefixList?: string | undefined; + isEmptyUri?: boolean | undefined; } export class SignatureAlgorithm { - getAlgorithmName(): string; + getAlgorithmName(): string; - getSignature(signedInfo: Node, signingKey: Buffer): string; + getSignature(signedInfo: Node, signingKey: Buffer): string; } export class TransformationAlgorithm { - getAlgorithmName(): string; + getAlgorithmName(): string; - process(node: Node): string; + process(node: Node): string; } export class SignedXml { - static CanonicalizationAlgorithms: { - [uri in CanonicalizationAlgorithmType]: new () => TransformationAlgorithm; - }; - static HashAlgorithms: { [uri in HashAlgorithmType]: new () => HashAlgorithm }; - static SignatureAlgorithms: { [uri in SignatureAlgorithmType]: new () => SignatureAlgorithm }; - canonicalizationAlgorithm: CanonicalizationAlgorithmType; - inclusiveNamespacesPrefixList: string; - keyInfoProvider: KeyInfo; - references: Reference[]; - signatureAlgorithm: SignatureAlgorithmType; - signingKey: Buffer | string; - validationErrors: string[]; - - constructor( - idMode?: string | null, - options?: { - canonicalizationAlgorithm?: CanonicalizationAlgorithmType | undefined; - inclusiveNamespacesPrefixList?: string | undefined; - idAttribute?: string | undefined; - implicitTransforms?: ReadonlyArray | undefined; - signatureAlgorithm?: SignatureAlgorithmType | undefined; - } - ); - - /** - * Due to key-confusion issues, its risky to have both hmac - * and digital signature algos enabled at the same time. - * This enables HMAC and disables other signing algos. - */ - enableHMAC(): void; - - /** - * Validates the signature of the provided XML document synchronously using the configured key info provider. - * - * @param xml The XML document containing the signature to be validated. - * @returns `true` if the signature is valid - * @throws Error if no key info resolver is provided. - */ - checkSignature(xml: string): boolean; - - /** - * Validates the signature of the provided XML document asynchronously using the configured key info provider. - * - * @param xml The XML document containing the signature to be validated. - * @param callback Callback function to handle the validation result asynchronously. - * @throws Error if the last parameter is provided and is not a function, or if no key info resolver is provided. - */ - checkSignature(xml: string, callback: (error: Error | null, isValid?: boolean) => void): void; - - /** - * Loads the signature information from the provided XML node or string. - * - * @param signatureNode The XML node or string representing the signature. - * @throws Error if the canonicalization or signature method elements are not found, or if there are no reference elements. - */ - loadSignature(signatureNode: Node | string): void; - - /** - * Adds a reference to the signature. - * - * @param xpath The XPath expression to select the XML nodes to be referenced. - * @param transforms An array of transform algorithms to be applied to the selected nodes. Defaults to ["http://www.w3.org/2001/10/xml-exc-c14n#"]. - * @param digestAlgorithm The digest algorithm to use for computing the digest value. Defaults to "http://www.w3.org/2000/09/xmldsig#sha1". - * @param uri The URI identifier for the reference. If empty, an empty URI will be used. - * @param digestValue The expected digest value for the reference. - * @param inclusiveNamespacesPrefixList The prefix list for inclusive namespace canonicalization. - * @param isEmptyUri Indicates whether the URI is empty. Defaults to `false`. - */ - addReference( - xpath: string, - transforms?: CanonicalizationAlgorithmType[], - digestAlgorithm?: HashAlgorithmType, - uri?: string, - digestValue?: string, - inclusiveNamespacesPrefixList?: string, - isEmptyUri?: boolean - ): void; - - /** - * Compute the signature of the given XML (using the already defined settings). - * - * @param xml The XML to compute the signature for. - * @returns If no callback is provided, returns `this` (the instance of SignedXml). - */ - computeSignature(xml: string): SignedXml; - - /** - * Compute the signature of the given XML (using the already defined settings). - * - * @param xml The XML to compute the signature for. - * @param callback A callback function to handle the signature computation asynchronously. - * @returns void - */ - computeSignature(xml: string, callback: ComputeSignatureCallback): void; - - /** - * Compute the signature of the given XML (using the already defined settings). - * - * @param xml The XML to compute the signature for. - * @param opts An object containing options for the signature computation. - * @returns If no callback is provided, returns `this` (the instance of SignedXml). - * @throws If the `location.action` option has an invalid action value. - */ - computeSignature(xml: string, opts: ComputeSignatureOptions): SignedXml; - - /** - * Compute the signature of the given XML (using the already defined settings). - * - * @param xml The XML to compute the signature for. - * @param opts An object containing options for the signature computation. - * @param callback A callback function to handle the signature computation asynchronously. - * @returns void - * @throws If the `location.action` option has an invalid action value. - */ - computeSignature( - xml: string, - opts: ComputeSignatureOptions, - callback: ComputeSignatureCallback - ): void; - - /** - * Get the signature XML as a string. - * - * @returns The signature XML. - */ - getSignatureXml(): string; - - /** - * Get the original XML with IDs as a string. - * - * @returns The original XML with IDs. - */ - getOriginalXmlWithIds(): string; - - /** - * Get the signed XML as a string. - * - * @returns The signed XML. - */ - getSignedXml(): string; + static CanonicalizationAlgorithms: { + [uri in CanonicalizationAlgorithmType]: new () => TransformationAlgorithm; + }; + static HashAlgorithms: { [uri in HashAlgorithmType]: new () => HashAlgorithm }; + static SignatureAlgorithms: { [uri in SignatureAlgorithmType]: new () => SignatureAlgorithm }; + canonicalizationAlgorithm: CanonicalizationAlgorithmType; + inclusiveNamespacesPrefixList: string; + keyInfoProvider: KeyInfo; + references: Reference[]; + signatureAlgorithm: SignatureAlgorithmType; + signingKey: Buffer | string; + validationErrors: string[]; + + constructor( + idMode?: string | null, + options?: { + canonicalizationAlgorithm?: CanonicalizationAlgorithmType | undefined; + inclusiveNamespacesPrefixList?: string | undefined; + idAttribute?: string | undefined; + implicitTransforms?: ReadonlyArray | undefined; + signatureAlgorithm?: SignatureAlgorithmType | undefined; + } + ); + + /** + * Due to key-confusion issues, its risky to have both hmac + * and digital signature algos enabled at the same time. + * This enables HMAC and disables other signing algos. + */ + enableHMAC(): void; + + /** + * Validates the signature of the provided XML document synchronously using the configured key info provider. + * + * @param xml The XML document containing the signature to be validated. + * @returns `true` if the signature is valid + * @throws Error if no key info resolver is provided. + */ + checkSignature(xml: string): boolean; + + /** + * Validates the signature of the provided XML document asynchronously using the configured key info provider. + * + * @param xml The XML document containing the signature to be validated. + * @param callback Callback function to handle the validation result asynchronously. + * @throws Error if the last parameter is provided and is not a function, or if no key info resolver is provided. + */ + checkSignature(xml: string, callback: (error: Error | null, isValid?: boolean) => void): void; + + /** + * Loads the signature information from the provided XML node or string. + * + * @param signatureNode The XML node or string representing the signature. + * @throws Error if the canonicalization or signature method elements are not found, or if there are no reference elements. + */ + loadSignature(signatureNode: Node | string): void; + + /** + * Adds a reference to the signature. + * + * @param xpath The XPath expression to select the XML nodes to be referenced. + * @param transforms An array of transform algorithms to be applied to the selected nodes. Defaults to ["http://www.w3.org/2001/10/xml-exc-c14n#"]. + * @param digestAlgorithm The digest algorithm to use for computing the digest value. Defaults to "http://www.w3.org/2000/09/xmldsig#sha1". + * @param uri The URI identifier for the reference. If empty, an empty URI will be used. + * @param digestValue The expected digest value for the reference. + * @param inclusiveNamespacesPrefixList The prefix list for inclusive namespace canonicalization. + * @param isEmptyUri Indicates whether the URI is empty. Defaults to `false`. + */ + addReference( + xpath: string, + transforms?: CanonicalizationAlgorithmType[], + digestAlgorithm?: HashAlgorithmType, + uri?: string, + digestValue?: string, + inclusiveNamespacesPrefixList?: string, + isEmptyUri?: boolean + ): void; + + /** + * Compute the signature of the given XML (using the already defined settings). + * + * @param xml The XML to compute the signature for. + * @returns If no callback is provided, returns `this` (the instance of SignedXml). + */ + computeSignature(xml: string): SignedXml; + + /** + * Compute the signature of the given XML (using the already defined settings). + * + * @param xml The XML to compute the signature for. + * @param callback A callback function to handle the signature computation asynchronously. + * @returns void + */ + computeSignature(xml: string, callback: ComputeSignatureCallback): void; + + /** + * Compute the signature of the given XML (using the already defined settings). + * + * @param xml The XML to compute the signature for. + * @param opts An object containing options for the signature computation. + * @returns If no callback is provided, returns `this` (the instance of SignedXml). + * @throws If the `location.action` option has an invalid action value. + */ + computeSignature(xml: string, opts: ComputeSignatureOptions): SignedXml; + + /** + * Compute the signature of the given XML (using the already defined settings). + * + * @param xml The XML to compute the signature for. + * @param opts An object containing options for the signature computation. + * @param callback A callback function to handle the signature computation asynchronously. + * @returns void + * @throws If the `location.action` option has an invalid action value. + */ + computeSignature( + xml: string, + opts: ComputeSignatureOptions, + callback: ComputeSignatureCallback + ): void; + + /** + * Get the signature XML as a string. + * + * @returns The signature XML. + */ + getSignatureXml(): string; + + /** + * Get the original XML with IDs as a string. + * + * @returns The original XML with IDs. + */ + getOriginalXmlWithIds(): string; + + /** + * Get the signed XML as a string. + * + * @returns The signed XML. + */ + getSignedXml(): string; } export interface KeyInfo { - getKey(keyInfo?: Node[] | null): Buffer; + getKey(keyInfo?: Node[] | null): Buffer; - getKeyInfo(key?: string, prefix?: string): string; + getKeyInfo(key?: string, prefix?: string): string; - attrs?: { [key: string]: any } | undefined; + attrs?: { [key: string]: any } | undefined; } export class FileKeyInfo implements KeyInfo { - file: string; + file: string; - constructor(file?: string); + constructor(file?: string); - getKey(keyInfo?: Node[] | null): Buffer; + getKey(keyInfo?: Node[] | null): Buffer; - getKeyInfo(key?: string, prefix?: string): string; + getKeyInfo(key?: string, prefix?: string): string; } export class StringKeyInfo implements KeyInfo { - key: string; + key: string; - constructor(key?: string); + constructor(key?: string); - getKey(keyInfo?: Node[] | null): Buffer; + getKey(keyInfo?: Node[] | null): Buffer; - getKeyInfo(key?: string, prefix?: string): string; + getKeyInfo(key?: string, prefix?: string): string; } export function xpath(node: Node, xpath: string): SelectedValue[]; From 3935007f2f5c63e2c84adf40b2442a7f3e8d15d5 Mon Sep 17 00:00:00 2001 From: Ivan Date: Tue, 6 Jun 2023 13:03:41 +0200 Subject: [PATCH 03/14] extract signedxml options into interface, change HashAlgorithm, SignatureAlgorithm, TransformationAlgorithm into interfaces --- index.d.ts | 38 ++++++++++++++++++++------------------ 1 file changed, 20 insertions(+), 18 deletions(-) diff --git a/index.d.ts b/index.d.ts index c7329ba2..c9cf722a 100644 --- a/index.d.ts +++ b/index.d.ts @@ -25,6 +25,17 @@ type SignatureAlgorithmType = | "http://www.w3.org/2001/04/xmldsig-more#rsa-sha512" | "http://www.w3.org/2000/09/xmldsig#hmac-sha1"; +/** + * Options for the SignedXml constructor. + */ +type SignedXmlOptions = { + canonicalizationAlgorithm?: CanonicalizationAlgorithmType | undefined; + inclusiveNamespacesPrefixList?: string | undefined; + idAttribute?: string | undefined; + implicitTransforms?: ReadonlyArray | undefined; + signatureAlgorithm?: SignatureAlgorithmType | undefined; +}; + /** * Options for the computeSignature method. */ @@ -43,12 +54,6 @@ type ComputeSignatureOptions = { */ type ComputeSignatureCallback = (error: Error | null, signature: SignedXml | null) => void; -export class HashAlgorithm { - getAlgorithmName(): string; - - getHash(xml: string): string; -} - export interface Reference { xpath: string; transforms?: ReadonlyArray | undefined; @@ -59,13 +64,19 @@ export interface Reference { isEmptyUri?: boolean | undefined; } -export class SignatureAlgorithm { +export interface HashAlgorithm { + getAlgorithmName(): string; + + getHash(xml: string): string; +} + +export interface SignatureAlgorithm { getAlgorithmName(): string; getSignature(signedInfo: Node, signingKey: Buffer): string; } -export class TransformationAlgorithm { +export interface TransformationAlgorithm { getAlgorithmName(): string; process(node: Node): string; @@ -85,16 +96,7 @@ export class SignedXml { signingKey: Buffer | string; validationErrors: string[]; - constructor( - idMode?: string | null, - options?: { - canonicalizationAlgorithm?: CanonicalizationAlgorithmType | undefined; - inclusiveNamespacesPrefixList?: string | undefined; - idAttribute?: string | undefined; - implicitTransforms?: ReadonlyArray | undefined; - signatureAlgorithm?: SignatureAlgorithmType | undefined; - } - ); + constructor(idMode?: string | null, options?: SignedXmlOptions); /** * Due to key-confusion issues, its risky to have both hmac From ca94b962e37c39e71504825150826d6d06630be5 Mon Sep 17 00:00:00 2001 From: Ivan Novak Date: Wed, 7 Jun 2023 06:53:06 +0200 Subject: [PATCH 04/14] fixed doc, changed keyinfo return type --- index.d.ts | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/index.d.ts b/index.d.ts index c9cf722a..afe72738 100644 --- a/index.d.ts +++ b/index.d.ts @@ -156,7 +156,7 @@ export class SignedXml { * Compute the signature of the given XML (using the already defined settings). * * @param xml The XML to compute the signature for. - * @returns If no callback is provided, returns `this` (the instance of SignedXml). + * @returns `this` (the instance of SignedXml). */ computeSignature(xml: string): SignedXml; @@ -217,7 +217,7 @@ export class SignedXml { } export interface KeyInfo { - getKey(keyInfo?: Node[] | null): Buffer; + getKey(keyInfo?: Node[] | undefined): string | Buffer; getKeyInfo(key?: string, prefix?: string): string; @@ -229,7 +229,7 @@ export class FileKeyInfo implements KeyInfo { constructor(file?: string); - getKey(keyInfo?: Node[] | null): Buffer; + getKey(keyInfo?: Node[] | undefined): Buffer; getKeyInfo(key?: string, prefix?: string): string; } @@ -239,7 +239,7 @@ export class StringKeyInfo implements KeyInfo { constructor(key?: string); - getKey(keyInfo?: Node[] | null): Buffer; + getKey(keyInfo?: Node[] | undefined): string; getKeyInfo(key?: string, prefix?: string): string; } From e5e15fa97961e6ae805e07df98ef61d986645748 Mon Sep 17 00:00:00 2001 From: Ivan Novak Date: Wed, 7 Jun 2023 07:12:20 +0200 Subject: [PATCH 05/14] add typescript support --- package.json | 3 ++- tsconfig.json | 21 +++++++++++++++++++++ 2 files changed, 23 insertions(+), 1 deletion(-) create mode 100644 tsconfig.json diff --git a/package.json b/package.json index dfdffd54..8a9ccaf7 100644 --- a/package.json +++ b/package.json @@ -51,7 +51,8 @@ "nyc": "^15.1.0", "prettier": "^2.8.8", "prettier-plugin-packagejson": "^2.4.3", - "release-it": "^15.11.0" + "release-it": "^15.11.0", + "typescript": "^5.1.3" }, "engines": { "node": ">=14" diff --git a/tsconfig.json b/tsconfig.json new file mode 100644 index 00000000..c0d54a1d --- /dev/null +++ b/tsconfig.json @@ -0,0 +1,21 @@ +{ + // Change this to match your project + "include": ["lib/**/*"], + "compilerOptions": { + // Tells TypeScript to read JS files, as + // normally they are ignored as source files + "allowJs": true, + // Generate d.ts files + "declaration": true, + // This compiler run should + // only output d.ts files + "emitDeclarationOnly": true, + // Types should go into this directory. + // Removing this would place the .d.ts files + // next to the .js files + "outDir": "types", + // go to js file when using IDE functions like + // "Go to Definition" in VSCode + "declarationMap": true + } +} From 85788b031ef51f1cf43ee21ff15b168cc70b11f5 Mon Sep 17 00:00:00 2001 From: Ivan Novak Date: Wed, 7 Jun 2023 07:27:44 +0200 Subject: [PATCH 06/14] add types for node because -> Cannot find name 'Buffer' --- package.json | 1 + 1 file changed, 1 insertion(+) diff --git a/package.json b/package.json index 8a9ccaf7..a8802df2 100644 --- a/package.json +++ b/package.json @@ -41,6 +41,7 @@ "devDependencies": { "@cjbarth/github-release-notes": "^4.0.0", "@prettier/plugin-xml": "^2.2.0", + "@types/node": "^20.2.5", "chai": "^4.3.7", "choma": "^1.2.1", "ejs": "^3.1.9", From 89fa6a9a862e1efab8891f3cb467527e71d49bfb Mon Sep 17 00:00:00 2001 From: Ivan Date: Wed, 7 Jun 2023 09:06:32 +0200 Subject: [PATCH 07/14] renamed KeyInfo interface to KeyInfoProvider --- index.d.ts | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/index.d.ts b/index.d.ts index afe72738..dfb41b3d 100644 --- a/index.d.ts +++ b/index.d.ts @@ -90,7 +90,7 @@ export class SignedXml { static SignatureAlgorithms: { [uri in SignatureAlgorithmType]: new () => SignatureAlgorithm }; canonicalizationAlgorithm: CanonicalizationAlgorithmType; inclusiveNamespacesPrefixList: string; - keyInfoProvider: KeyInfo; + keyInfoProvider: KeyInfoProvider; references: Reference[]; signatureAlgorithm: SignatureAlgorithmType; signingKey: Buffer | string; @@ -216,7 +216,7 @@ export class SignedXml { getSignedXml(): string; } -export interface KeyInfo { +export interface KeyInfoProvider { getKey(keyInfo?: Node[] | undefined): string | Buffer; getKeyInfo(key?: string, prefix?: string): string; @@ -224,7 +224,7 @@ export interface KeyInfo { attrs?: { [key: string]: any } | undefined; } -export class FileKeyInfo implements KeyInfo { +export class FileKeyInfo implements KeyInfoProvider { file: string; constructor(file?: string); @@ -234,7 +234,7 @@ export class FileKeyInfo implements KeyInfo { getKeyInfo(key?: string, prefix?: string): string; } -export class StringKeyInfo implements KeyInfo { +export class StringKeyInfo implements KeyInfoProvider { key: string; constructor(key?: string); From 1669cf8d07629732f12d1de330904f89fe3b9bc6 Mon Sep 17 00:00:00 2001 From: Ivan Novak Date: Wed, 7 Jun 2023 21:33:47 +0200 Subject: [PATCH 08/14] update documentation --- index.d.ts | 205 +++++++++++++++++++++++++++++++++++++++++++++++------ 1 file changed, 185 insertions(+), 20 deletions(-) diff --git a/index.d.ts b/index.d.ts index dfb41b3d..b8339b16 100644 --- a/index.d.ts +++ b/index.d.ts @@ -12,18 +12,21 @@ type CanonicalizationAlgorithmType = | "http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments" | "http://www.w3.org/2001/10/xml-exc-c14n#" | "http://www.w3.org/2001/10/xml-exc-c14n#WithComments" - | "http://www.w3.org/2000/09/xmldsig#enveloped-signature"; + | "http://www.w3.org/2000/09/xmldsig#enveloped-signature" + | string; type HashAlgorithmType = | "http://www.w3.org/2000/09/xmldsig#sha1" | "http://www.w3.org/2001/04/xmlenc#sha256" - | "http://www.w3.org/2001/04/xmlenc#sha512"; + | "http://www.w3.org/2001/04/xmlenc#sha512" + | string; type SignatureAlgorithmType = | "http://www.w3.org/2000/09/xmldsig#rsa-sha1" | "http://www.w3.org/2001/04/xmldsig-more#rsa-sha256" | "http://www.w3.org/2001/04/xmldsig-more#rsa-sha512" - | "http://www.w3.org/2000/09/xmldsig#hmac-sha1"; + | "http://www.w3.org/2000/09/xmldsig#hmac-sha1" + | string; /** * Options for the SignedXml constructor. @@ -54,54 +57,125 @@ type ComputeSignatureOptions = { */ type ComputeSignatureCallback = (error: Error | null, signature: SignedXml | null) => void; +/** + * Represents a reference node for XML digital signature. + */ export interface Reference { + /** + * The XPath expression that selects the data to be signed. + */ xpath: string; - transforms?: ReadonlyArray | undefined; - digestAlgorithm?: HashAlgorithmType | undefined; - uri?: string | undefined; - digestValue?: string | undefined; - inclusiveNamespacesPrefixList?: string | undefined; - isEmptyUri?: boolean | undefined; + + /** + * Optional. An array of transforms to be applied to the data before signing. + */ + transforms?: ReadonlyArray; + + /** + * Optional. The algorithm used to calculate the digest value of the data. + */ + digestAlgorithm?: HashAlgorithmType; + + /** + * Optional. The URI that identifies the data to be signed. + */ + uri?: string; + + /** + * Optional. The digest value of the referenced data. + */ + digestValue?: string; + + /** + * Optional. A list of namespace prefixes to be treated as "inclusive" during canonicalization. + */ + inclusiveNamespacesPrefixList?: string; + + /** + * Optional. Indicates whether the URI is empty. + */ + isEmptyUri?: boolean; } + +/** Implement this to create a new HashAlgorithm */ export interface HashAlgorithm { getAlgorithmName(): string; getHash(xml: string): string; } +/** Implement this to create a new SignatureAlgorithm */ export interface SignatureAlgorithm { getAlgorithmName(): string; getSignature(signedInfo: Node, signingKey: Buffer): string; } +/** Implement this to create a new TransformationAlgorithm */ export interface TransformationAlgorithm { getAlgorithmName(): string; process(node: Node): string; } +/** + * ### Sign + * #### Properties + * - {@link SignedXml#signingKey} [required] + * - {@link SignedXml#keyInfoProvider} [optional] + * - {@link SignedXml#signatureAlgorithm} [optional] + * - {@link SignedXml#canonicalizationAlgorithm} [optional] + * #### Api + * - {@link SignedXml#addReference} + * - {@link SignedXml#computeSignature} + * - {@link SignedXml#getSignedXml} + * - {@link SignedXml#getSignatureXml} + * - {@link SignedXml#getOriginalXmlWithIds} + * + * ### Verify + * #### Properties + * - {@link SignedXml#keyInfoProvider} [required] + * #### Api + * - {@link SignedXml#loadSignature} + * - {@link SignedXml#checkSignature} + * - {@link SignedXml#validationErrors} + */ export class SignedXml { + // To add a new canonicalization algorithm create a new class that implements the {@link TransformationAlgorithm} interface, and register it here. static CanonicalizationAlgorithms: { [uri in CanonicalizationAlgorithmType]: new () => TransformationAlgorithm; }; + // To add a new hash algorithm create a new class that implements the {@link HashAlgorithm} interface, and register it here. static HashAlgorithms: { [uri in HashAlgorithmType]: new () => HashAlgorithm }; + // To add a new signature algorithm create a new class that implements the {@link SignatureAlgorithm} interface, and register it here. static SignatureAlgorithms: { [uri in SignatureAlgorithmType]: new () => SignatureAlgorithm }; + // Rules used to convert an XML document into its canonical form. canonicalizationAlgorithm: CanonicalizationAlgorithmType; + // It specifies a list of namespace prefixes that should be considered "inclusive" during the canonicalization process. inclusiveNamespacesPrefixList: string; + // The structure for managing keys and KeyInfo section in XML data. See {@link KeyInfoProvider} keyInfoProvider: KeyInfoProvider; + // Specifies the data to be signed within an XML document. See {@link Reference} references: Reference[]; + // One of the supported signature algorithms. See {@link SignatureAlgorithmType} signatureAlgorithm: SignatureAlgorithmType; + // A {@link Buffer} or pem encoded {@link String} containing your private key signingKey: Buffer | string; + // Contains validation errors (if any) after {@link checkSignature} method is called validationErrors: string[]; + /** + * The SignedXml constructor provides an abstraction for sign and verify xml documents. The object is constructed using + * @param idMode if the value of "wssecurity" is passed it will create/validate id's with the ws-security namespace. + * @param options {@link SignedXmlOptions + */ constructor(idMode?: string | null, options?: SignedXmlOptions); /** - * Due to key-confusion issues, its risky to have both hmac - * and digital signature algos enabled at the same time. - * This enables HMAC and disables other signing algos. + * Due to key-confusion issues, it's risky to have both hmac + * and digital signature algorithms enabled at the same time. + * This enables HMAC and disables other signing algorithms. */ enableHMAC(): void; @@ -157,6 +231,7 @@ export class SignedXml { * * @param xml The XML to compute the signature for. * @returns `this` (the instance of SignedXml). + * @throws TypeError If the xml can not be parsed. */ computeSignature(xml: string): SignedXml; @@ -166,6 +241,7 @@ export class SignedXml { * @param xml The XML to compute the signature for. * @param callback A callback function to handle the signature computation asynchronously. * @returns void + * @throws TypeError If the xml can not be parsed. */ computeSignature(xml: string, callback: ComputeSignatureCallback): void; @@ -175,7 +251,7 @@ export class SignedXml { * @param xml The XML to compute the signature for. * @param opts An object containing options for the signature computation. * @returns If no callback is provided, returns `this` (the instance of SignedXml). - * @throws If the `location.action` option has an invalid action value. + * @throws TypeError If the xml can not be parsed, or Error if there were invalid options passed. */ computeSignature(xml: string, opts: ComputeSignatureOptions): SignedXml; @@ -186,7 +262,7 @@ export class SignedXml { * @param opts An object containing options for the signature computation. * @param callback A callback function to handle the signature computation asynchronously. * @returns void - * @throws If the `location.action` option has an invalid action value. + * @throws TypeError If the xml can not be parsed, or Error if there were invalid options passed. */ computeSignature( xml: string, @@ -195,53 +271,142 @@ export class SignedXml { ): void; /** - * Get the signature XML as a string. + * Returns just the signature part, must be called only after {@link computeSignature} * * @returns The signature XML. */ getSignatureXml(): string; /** - * Get the original XML with IDs as a string. + * Returns the original xml with Id attributes added on relevant elements (required for validation), must be called only after {@link computeSignature} * * @returns The original XML with IDs. */ getOriginalXmlWithIds(): string; /** - * Get the signed XML as a string. + * Returns the original xml document with the signature in it, must be called only after {@link computeSignature} * * @returns The signed XML. */ getSignedXml(): string; } +/** + * KeyInfoProvider interface represents the structure for managing keys + * and KeyInfo section in XML data when dealing with XML digital signatures. + */ export interface KeyInfoProvider { + /** + * Method to return the key based on the contents of the specified KeyInfo. + * + * @param keyInfo - An optional array of XML Nodes. + * @return A string or Buffer representing the key. + */ getKey(keyInfo?: Node[] | undefined): string | Buffer; - + + /** + * Method to return an XML string representing the contents of a KeyInfo element. + * + * @param key - An optional string representing the key. + * @param prefix - An optional string representing the namespace alias. + * @return An XML string representation of the contents of a KeyInfo element. + */ getKeyInfo(key?: string, prefix?: string): string; + /** + * An optional dictionary of attributes for the KeyInfo element. + */ attrs?: { [key: string]: any } | undefined; } +/** + * The FileKeyInfo class loads the certificate from the file provided in the constructor. + */ export class FileKeyInfo implements KeyInfoProvider { + /** + * The path to the file from which the certificate is to be read. + */ file: string; - + + /** + * Initializes a new instance of the FileKeyInfo class. + * + * @param file - An optional string representing the file path of the certificate. + */ constructor(file?: string); + /** + * Return the loaded certificate. The certificate is read from the file specified in the constructor. + * The keyInfo parameter is ignored. (not implemented) + * + * @param keyInfo - (not used) An optional array of XML Elements. + * @return A Buffer representing the certificate. + */ getKey(keyInfo?: Node[] | undefined): Buffer; + /** + * Builds the contents of a KeyInfo element as an XML string. + * + * Currently, this returns exactly one empty X509Data element + * (e.g. ""). The resultant X509Data element will be + * prefaced with a namespace alias if a value for the prefix argument + * is provided. In example, if the value of the prefix argument is 'foo', then + * the resultant XML string will be "" + * + * @param key (not used) the signing/private key as a string + * @param prefix an optional namespace alias to be used for the generated XML + * @return an XML string representation of the contents of a KeyInfo element + */ getKeyInfo(key?: string, prefix?: string): string; } +/** + * The StringKeyInfo class loads the certificate from the string provided in the constructor. + */ export class StringKeyInfo implements KeyInfoProvider { + /** + * The certificate in string form. + */ key: string; + /** + * Initializes a new instance of the StringKeyInfo class. + * @param key - An optional string representing the certificate. + */ constructor(key?: string); - + + /** + * Returns the certificate loaded in the constructor. + * The keyInfo parameter is ignored. (not implemented) + * + * @param keyInfo (not used) an array with exactly one KeyInfo element + * @return the signing certificate as a string + */ getKey(keyInfo?: Node[] | undefined): string; + /** + * Builds the contents of a KeyInfo element as an XML string. + * + * Currently, this returns exactly one empty X509Data element + * (e.g. ""). The resultant X509Data element will be + * prefaced with a namespace alias if a value for the prefix argument + * is provided. In example, if the value of the prefix argument is 'foo', then + * the resultant XML string will be "" + * + * @param key (not used) the signing/private key as a string + * @param prefix an optional namespace alias to be used for the generated XML + * @return an XML string representation of the contents of a KeyInfo element + */ getKeyInfo(key?: string, prefix?: string): string; } +/** + * {@link https://github.com/goto100/xpath/blob/HEAD/README.md|xpath} options + * Uses the `xpath` package's select method to perform an XPath query on an XML node. + * + * @param {Node} node - The node to perform the XPath query on. + * @param {string} xpath - The XPath query string. + * @returns {SelectedValue[]} The values selected by the XPath query. + */ export function xpath(node: Node, xpath: string): SelectedValue[]; From bec7352a03764525669427c6802539a716dee8bc Mon Sep 17 00:00:00 2001 From: Ivan Novak Date: Wed, 7 Jun 2023 21:34:25 +0200 Subject: [PATCH 09/14] Revert "add typescript support" This reverts commit e5e15fa97961e6ae805e07df98ef61d986645748. --- package.json | 3 +-- tsconfig.json | 21 --------------------- 2 files changed, 1 insertion(+), 23 deletions(-) delete mode 100644 tsconfig.json diff --git a/package.json b/package.json index a8802df2..1c16082d 100644 --- a/package.json +++ b/package.json @@ -52,8 +52,7 @@ "nyc": "^15.1.0", "prettier": "^2.8.8", "prettier-plugin-packagejson": "^2.4.3", - "release-it": "^15.11.0", - "typescript": "^5.1.3" + "release-it": "^15.11.0" }, "engines": { "node": ">=14" diff --git a/tsconfig.json b/tsconfig.json deleted file mode 100644 index c0d54a1d..00000000 --- a/tsconfig.json +++ /dev/null @@ -1,21 +0,0 @@ -{ - // Change this to match your project - "include": ["lib/**/*"], - "compilerOptions": { - // Tells TypeScript to read JS files, as - // normally they are ignored as source files - "allowJs": true, - // Generate d.ts files - "declaration": true, - // This compiler run should - // only output d.ts files - "emitDeclarationOnly": true, - // Types should go into this directory. - // Removing this would place the .d.ts files - // next to the .js files - "outDir": "types", - // go to js file when using IDE functions like - // "Go to Definition" in VSCode - "declarationMap": true - } -} From 12a3ead49740745bfda58b82ce07ce38655bfb6f Mon Sep 17 00:00:00 2001 From: Ivan Novak Date: Wed, 7 Jun 2023 21:58:35 +0200 Subject: [PATCH 10/14] format --- index.d.ts | 11 +++++------ 1 file changed, 5 insertions(+), 6 deletions(-) diff --git a/index.d.ts b/index.d.ts index b8339b16..959ac718 100644 --- a/index.d.ts +++ b/index.d.ts @@ -97,7 +97,6 @@ export interface Reference { isEmptyUri?: boolean; } - /** Implement this to create a new HashAlgorithm */ export interface HashAlgorithm { getAlgorithmName(): string; @@ -132,7 +131,7 @@ export interface TransformationAlgorithm { * - {@link SignedXml#getSignedXml} * - {@link SignedXml#getSignatureXml} * - {@link SignedXml#getOriginalXmlWithIds} - * + * * ### Verify * #### Properties * - {@link SignedXml#keyInfoProvider} [required] @@ -304,7 +303,7 @@ export interface KeyInfoProvider { * @return A string or Buffer representing the key. */ getKey(keyInfo?: Node[] | undefined): string | Buffer; - + /** * Method to return an XML string representing the contents of a KeyInfo element. * @@ -328,7 +327,7 @@ export class FileKeyInfo implements KeyInfoProvider { * The path to the file from which the certificate is to be read. */ file: string; - + /** * Initializes a new instance of the FileKeyInfo class. * @@ -375,11 +374,11 @@ export class StringKeyInfo implements KeyInfoProvider { * @param key - An optional string representing the certificate. */ constructor(key?: string); - + /** * Returns the certificate loaded in the constructor. * The keyInfo parameter is ignored. (not implemented) - * + * * @param keyInfo (not used) an array with exactly one KeyInfo element * @return the signing certificate as a string */ From 5da46517282dc2feb46e8b48b79e4ddce9111fb3 Mon Sep 17 00:00:00 2001 From: Chris Barth Date: Wed, 7 Jun 2023 17:13:03 -0400 Subject: [PATCH 11/14] fix linting so tests pass --- .prettierignore | 2 ++ package.json | 5 ++--- 2 files changed, 4 insertions(+), 3 deletions(-) diff --git a/.prettierignore b/.prettierignore index 6f813d60..2b6e5f27 100644 --- a/.prettierignore +++ b/.prettierignore @@ -5,3 +5,5 @@ package-lock.json .prettierignore test/static/* test/validators/* +.nyc_output/* +coverage/* diff --git a/package.json b/package.json index 1c16082d..da8141af 100644 --- a/package.json +++ b/package.json @@ -26,8 +26,8 @@ }, "scripts": { "changelog": "gren changelog --override --generate --head master", - "lint": "eslint --ext .js \"**/*.js\" --cache && npm run prettier-check", - "lint:fix": "eslint --ext .js --fix \"**/*.js\" && npm run prettier-format", + "lint": "eslint --ext .js \"{lib,test}/*.js\" --cache && npm run prettier-check", + "lint:fix": "eslint --ext .js --fix \"{lib,test}/*.js\" && npm run prettier-format", "prettier-check": "prettier --config .prettierrc.json --check .", "prettier-format": "prettier --config .prettierrc.json --write .", "prerelease": "git clean -xfd && npm ci && npm test", @@ -41,7 +41,6 @@ "devDependencies": { "@cjbarth/github-release-notes": "^4.0.0", "@prettier/plugin-xml": "^2.2.0", - "@types/node": "^20.2.5", "chai": "^4.3.7", "choma": "^1.2.1", "ejs": "^3.1.9", From 95556b8ab03e2c5bb9ceb89839a8dd594382d88d Mon Sep 17 00:00:00 2001 From: Ivan Novak Date: Thu, 8 Jun 2023 12:45:48 +0200 Subject: [PATCH 12/14] remove undefined from optional parameters --- index.d.ts | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/index.d.ts b/index.d.ts index 959ac718..7f91d001 100644 --- a/index.d.ts +++ b/index.d.ts @@ -32,11 +32,11 @@ type SignatureAlgorithmType = * Options for the SignedXml constructor. */ type SignedXmlOptions = { - canonicalizationAlgorithm?: CanonicalizationAlgorithmType | undefined; - inclusiveNamespacesPrefixList?: string | undefined; - idAttribute?: string | undefined; - implicitTransforms?: ReadonlyArray | undefined; - signatureAlgorithm?: SignatureAlgorithmType | undefined; + canonicalizationAlgorithm?: CanonicalizationAlgorithmType; + inclusiveNamespacesPrefixList?: string; + idAttribute?: string; + implicitTransforms?: ReadonlyArray; + signatureAlgorithm?: SignatureAlgorithmType; }; /** @@ -302,7 +302,7 @@ export interface KeyInfoProvider { * @param keyInfo - An optional array of XML Nodes. * @return A string or Buffer representing the key. */ - getKey(keyInfo?: Node[] | undefined): string | Buffer; + getKey(keyInfo?: Node[]): string | Buffer; /** * Method to return an XML string representing the contents of a KeyInfo element. @@ -316,7 +316,7 @@ export interface KeyInfoProvider { /** * An optional dictionary of attributes for the KeyInfo element. */ - attrs?: { [key: string]: any } | undefined; + attrs?: { [key: string]: any }; } /** @@ -342,7 +342,7 @@ export class FileKeyInfo implements KeyInfoProvider { * @param keyInfo - (not used) An optional array of XML Elements. * @return A Buffer representing the certificate. */ - getKey(keyInfo?: Node[] | undefined): Buffer; + getKey(keyInfo?: Node[]): Buffer; /** * Builds the contents of a KeyInfo element as an XML string. @@ -382,7 +382,7 @@ export class StringKeyInfo implements KeyInfoProvider { * @param keyInfo (not used) an array with exactly one KeyInfo element * @return the signing certificate as a string */ - getKey(keyInfo?: Node[] | undefined): string; + getKey(keyInfo?: Node[]): string; /** * Builds the contents of a KeyInfo element as an XML string. From 4e682df122bca3dac554921cb588842f86e96c0a Mon Sep 17 00:00:00 2001 From: Ivan Novak Date: Thu, 8 Jun 2023 13:43:55 +0200 Subject: [PATCH 13/14] improve types, add comments, changed name of CanonicalizationAlgorithmType To TransformAlgorithmType --- index.d.ts | 71 ++++++++++++++++++++++-------------------------------- 1 file changed, 29 insertions(+), 42 deletions(-) diff --git a/index.d.ts b/index.d.ts index 7f91d001..96c6589b 100644 --- a/index.d.ts +++ b/index.d.ts @@ -7,11 +7,12 @@ import { SelectedValue } from "xpath"; -type CanonicalizationAlgorithmType = - | "http://www.w3.org/TR/2001/REC-xml-c14n-20010315" +type CanonicalizationAlgorithmType = "http://www.w3.org/TR/2001/REC-xml-c14n-20010315" | "http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments" | "http://www.w3.org/2001/10/xml-exc-c14n#" - | "http://www.w3.org/2001/10/xml-exc-c14n#WithComments" + | "http://www.w3.org/2001/10/xml-exc-c14n#WithComments"; + +type TransformAlgorithmType = CanonicalizationAlgorithmType | "http://www.w3.org/2000/09/xmldsig#enveloped-signature" | string; @@ -32,10 +33,10 @@ type SignatureAlgorithmType = * Options for the SignedXml constructor. */ type SignedXmlOptions = { - canonicalizationAlgorithm?: CanonicalizationAlgorithmType; + canonicalizationAlgorithm?: TransformAlgorithmType; inclusiveNamespacesPrefixList?: string; idAttribute?: string; - implicitTransforms?: ReadonlyArray; + implicitTransforms?: ReadonlyArray; signatureAlgorithm?: SignatureAlgorithmType; }; @@ -53,7 +54,7 @@ type ComputeSignatureOptions = { }; /** - * Callback signature for the computeSignature method. + * Callback signature for the {@link SignedXml#computeSignature} method. */ type ComputeSignatureCallback = (error: Error | null, signature: SignedXml | null) => void; @@ -61,59 +62,45 @@ type ComputeSignatureCallback = (error: Error | null, signature: SignedXml | nul * Represents a reference node for XML digital signature. */ export interface Reference { - /** - * The XPath expression that selects the data to be signed. - */ + // The XPath expression that selects the data to be signed. xpath: string; - /** - * Optional. An array of transforms to be applied to the data before signing. - */ - transforms?: ReadonlyArray; + // Optional. An array of transforms to be applied to the data before signing. + transforms?: ReadonlyArray; - /** - * Optional. The algorithm used to calculate the digest value of the data. - */ + // Optional. The algorithm used to calculate the digest value of the data. digestAlgorithm?: HashAlgorithmType; - /** - * Optional. The URI that identifies the data to be signed. - */ + // Optional. The URI that identifies the data to be signed. uri?: string; - /** - * Optional. The digest value of the referenced data. - */ + // Optional. The digest value of the referenced data. digestValue?: string; - /** - * Optional. A list of namespace prefixes to be treated as "inclusive" during canonicalization. - */ + // Optional. A list of namespace prefixes to be treated as "inclusive" during canonicalization. inclusiveNamespacesPrefixList?: string; - /** - * Optional. Indicates whether the URI is empty. - */ + // Optional. Indicates whether the URI is empty. isEmptyUri?: boolean; } /** Implement this to create a new HashAlgorithm */ export interface HashAlgorithm { - getAlgorithmName(): string; + getAlgorithmName(): HashAlgorithmType; getHash(xml: string): string; } /** Implement this to create a new SignatureAlgorithm */ export interface SignatureAlgorithm { - getAlgorithmName(): string; + getAlgorithmName(): SignatureAlgorithmType; getSignature(signedInfo: Node, signingKey: Buffer): string; } -/** Implement this to create a new TransformationAlgorithm */ -export interface TransformationAlgorithm { - getAlgorithmName(): string; +/** Implement this to create a new TransformAlgorithm */ +export interface TransformAlgorithm { + getAlgorithmName(): TransformAlgorithmType; process(node: Node): string; } @@ -141,16 +128,16 @@ export interface TransformationAlgorithm { * - {@link SignedXml#validationErrors} */ export class SignedXml { - // To add a new canonicalization algorithm create a new class that implements the {@link TransformationAlgorithm} interface, and register it here. + // To add a new transformation algorithm create a new class that implements the {@link TransformationAlgorithm} interface, and register it here. More info: {@link https://github.com/node-saml/xml-crypto#customizing-algorithms|Customizing Algorithms} static CanonicalizationAlgorithms: { - [uri in CanonicalizationAlgorithmType]: new () => TransformationAlgorithm; + [uri in TransformAlgorithmType]: new () => TransformAlgorithm; }; - // To add a new hash algorithm create a new class that implements the {@link HashAlgorithm} interface, and register it here. + // To add a new hash algorithm create a new class that implements the {@link HashAlgorithm} interface, and register it here. More info: {@link https://github.com/node-saml/xml-crypto#customizing-algorithms|Customizing Algorithms} static HashAlgorithms: { [uri in HashAlgorithmType]: new () => HashAlgorithm }; - // To add a new signature algorithm create a new class that implements the {@link SignatureAlgorithm} interface, and register it here. + // To add a new signature algorithm create a new class that implements the {@link SignatureAlgorithm} interface, and register it here. More info: {@link https://github.com/node-saml/xml-crypto#customizing-algorithms|Customizing Algorithms} static SignatureAlgorithms: { [uri in SignatureAlgorithmType]: new () => SignatureAlgorithm }; // Rules used to convert an XML document into its canonical form. - canonicalizationAlgorithm: CanonicalizationAlgorithmType; + canonicalizationAlgorithm: TransformAlgorithmType; // It specifies a list of namespace prefixes that should be considered "inclusive" during the canonicalization process. inclusiveNamespacesPrefixList: string; // The structure for managing keys and KeyInfo section in XML data. See {@link KeyInfoProvider} @@ -169,7 +156,7 @@ export class SignedXml { * @param idMode if the value of "wssecurity" is passed it will create/validate id's with the ws-security namespace. * @param options {@link SignedXmlOptions */ - constructor(idMode?: string | null, options?: SignedXmlOptions); + constructor(idMode?: "wssecurity" | null, options?: SignedXmlOptions); /** * Due to key-confusion issues, it's risky to have both hmac @@ -217,7 +204,7 @@ export class SignedXml { */ addReference( xpath: string, - transforms?: CanonicalizationAlgorithmType[], + transforms?: TransformAlgorithmType[], digestAlgorithm?: HashAlgorithmType, uri?: string, digestValue?: string, @@ -314,9 +301,9 @@ export interface KeyInfoProvider { getKeyInfo(key?: string, prefix?: string): string; /** - * An optional dictionary of attributes for the KeyInfo element. + * An optional dictionary of attributes which will be added to the KeyInfo element. */ - attrs?: { [key: string]: any }; + attrs?: { [key: string]: string }; } /** From 4e631d5e13018529f9ae0045078e5b9b2588678f Mon Sep 17 00:00:00 2001 From: Ivan Novak Date: Thu, 8 Jun 2023 13:56:03 +0200 Subject: [PATCH 14/14] prettier --- index.d.ts | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/index.d.ts b/index.d.ts index 96c6589b..736977d1 100644 --- a/index.d.ts +++ b/index.d.ts @@ -7,12 +7,14 @@ import { SelectedValue } from "xpath"; -type CanonicalizationAlgorithmType = "http://www.w3.org/TR/2001/REC-xml-c14n-20010315" +type CanonicalizationAlgorithmType = + | "http://www.w3.org/TR/2001/REC-xml-c14n-20010315" | "http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments" | "http://www.w3.org/2001/10/xml-exc-c14n#" | "http://www.w3.org/2001/10/xml-exc-c14n#WithComments"; -type TransformAlgorithmType = CanonicalizationAlgorithmType +type TransformAlgorithmType = + | CanonicalizationAlgorithmType | "http://www.w3.org/2000/09/xmldsig#enveloped-signature" | string;