Add support for inserting and signing Object elements inside the Signature #506
Conversation
shunkica
force-pushed
the
signature-object
branch
from
77f860c to
b10a651
Compare
|
@cjbarth I am happy with this PR. Let me know if you need any changes for this to be merged. |
shunkica
force-pushed
the
signature-object
branch
from
50d8350 to
014b0fb
Compare
|
I have added the option to specify custom This is required to allow XAdES implementations because the Reference must contain |
| @@ -164,6 +176,7 @@ export class SignedXml { | |||
| this.keyInfoAttributes = keyInfoAttributes ?? this.keyInfoAttributes; | |||
| this.getKeyInfoContent = getKeyInfoContent ?? this.getKeyInfoContent; | |||
| this.getCertFromKeyInfo = getCertFromKeyInfo ?? SignedXml.noop; | |||
| this.getObjectContent = getObjectContent ?? this.getObjectContent; | |||
There was a problem hiding this comment.
Why not just have this return SignedXml.noop instead of the custom this.getObjectContent?
There was a problem hiding this comment.
True. Looking at the property initializers and the constructor these are also redundant:
getKeyInfoContent = SignedXml.getKeyInfoContent;
getCertFromKeyInfo = SignedXml.getCertFromKeyInfo;
getObjectContent = SignedXml.getObjectContent;
Since they get overwritten in the constructor anyway.
Could probably be something like getKeyInfoContent: (args?: GetKeyInfoContentArgs) => string | null; etc.
| const objectNodesWithNull = xpath.select("//*[local-name(.)='Object']", docWithNull); | ||
|
|
||
| if (Array.isArray(objectNodesWithNull)) { | ||
| expect(objectNodesWithNull.length).to.equal(0); |
There was a problem hiding this comment.
This is your test, why would you put an if/else around expect() Don't you know what is coming back?
There was a problem hiding this comment.
The result comes from a third party library and the return type is Array<Node> | Node | string | number | boolean | null but yes it could be whittled down.
| const objectNodesWithEmpty = xpath.select("//*[local-name(.)='Object']", docWithEmpty); | ||
|
|
||
| if (Array.isArray(objectNodesWithEmpty)) { | ||
| expect(objectNodesWithEmpty.length).to.equal(0); |
There was a problem hiding this comment.
Same as before; I wouldn't expect an if/else around an expect() in a test.
| @@ -58,6 +73,7 @@ export interface SignedXmlOptions { | |||
| keyInfoAttributes?: Record<string, string>; | |||
| getKeyInfoContent?(args?: GetKeyInfoContentArgs): string | null; | |||
| getCertFromKeyInfo?(keyInfo?: Node | null): string | null; | |||
| getObjectContent?(): Array<{ content: string; attributes?: ObjectAttributes }> | null; | |||
There was a problem hiding this comment.
Why make this a function? Why not just an Array?
There was a problem hiding this comment.
It is not strictly necessary but at the time I thought it was more in line with the current code since it provides more flexibility and allows for dynamic generation of objects at signature time.
Co-authored-by: Chris Barth <[email protected]>
Added support for custom
<Object>elements within the<Signature>element via a newgetObjectContent?(): Array<{ content: string; attributes?: ObjectAttributes; }> | nullmethod.This is specified in xmldsig-core1/#sec-Object
Modified the signature creation process to sign and reference these internal objects.
These changes are also a step towards XAdES support.