add test for empty URI

Yaron Naveh · Yaron Naveh · commit 72fcad4d47bd · 2013-06-22T19:05:27.000+03:00
diff --git a/lib/signed-xml.js b/lib/signed-xml.js
@@ -185,9 +185,8 @@ SignedXml.prototype.checkSignature = function(xml) {
   if (!this.validateReferences(doc)) {
     return false;
   }
-
-
-  if (!this.validateSignatureValue(doc)) {    
+  
+  if (!this.validateSignatureValue(doc)) {      
     return false;
   }
 
@@ -197,8 +196,8 @@ SignedXml.prototype.checkSignature = function(xml) {
 SignedXml.prototype.validateSignatureValue = function(doc) {
   var signedInfo = utils.findChilds(this.signatureXmlDoc.documentElement, "SignedInfo") 
   if (signedInfo.length==0) throw new Error("could not find SignedInfo element in the message")
-  var signedInfoCanon = this.getCanonXml([this.canonicalizationAlgorithm], signedInfo[0])  
-  var signer = this.findSignatureAlgorithm(this.signatureAlgorithm)  
+  var signedInfoCanon = this.getCanonXml([this.canonicalizationAlgorithm], signedInfo[0])    
+  var signer = this.findSignatureAlgorithm(this.signatureAlgorithm)    
   var res = signer.verifySignature(signedInfoCanon, this.signingKey, this.signatureValue)
   if (!res) this.validationErrors.push("invalid signature: the signature value " +
                                         this.signatureValue + " is incorrect")
@@ -251,6 +250,10 @@ SignedXml.prototype.validateReferences = function(doc) {
 
     var hash = this.findHashAlgorithm(ref.digestAlgorithm)    
     var digest = hash.getHash(canonXml)    
+    
+    //console.log(digest)
+    //console.log(ref.digestValue)
+
     if (digest!=ref.digestValue) {      
       this.validationErrors.push("invalid signature: for uri " + ref.uri +
                                 " calculated digest is "  + digest +
@@ -321,7 +324,7 @@ SignedXml.prototype.loadReference = function(ref) {
     }
   }
 
-  //workaround for validating windows mobile store signatures - it uses c14n but does not state it in the transforms
+  //***workaround for validating windows mobile store signatures - it uses c14n but does not state it in the transforms
   //transforms.push("http://www.w3.org/2001/10/xml-exc-c14n#")
 
   this.addReference(null, transforms, digestAlgo, utils.findAttr(ref, "URI").value, digestValue)
diff --git a/test/signature-integration-tests.js b/test/signature-integration-tests.js
@@ -27,7 +27,37 @@ module.exports = {
 
     verifySignature(test, xml, ["//*[local-name(.)='book']"])
   },
+
 /*
+  "empty URI reference should consider the whole document": function(test) {    
+
+    var sampleXml=["<?xml version=\"1.0\" encoding=\"UTF-8\"?>",
+                           "<root>",
+                           "    <a>",
+                           "        <b/>",
+                           "    </a>",
+                           "    <Seal><Signature xmlns=\"http://www.w3.org/2000/09/xmldsig#\"><SignedInfo><CanonicalizationMethod Algorithm=\"http://www.w3.org/2001/10/xml-exc-c14n#\"/><SignatureMethod Algorithm=\"http://www.w3.org/2001/04/xmldsig-more#rsa-sha256\"/><Reference URI=\"\"><Transforms><Transform Algorithm=\"http://www.w3.org/2000/09/xmldsig#enveloped-signature\"/></Transforms><DigestMethod Algorithm=\"http://www.w3.org/2001/04/xmlenc#sha256\"/><DigestValue>FOezc5yb1O+LfQaD4UBKEUphrGzFAq5DM9B9ll37JOA=</DigestValue></Reference></SignedInfo><SignatureValue>AjkQ5NF71bwJ2YHIs8jbqva9qaNv66BYZiZw0JJZ1cW6jf3mjWShIMQZWcw78QGpzzr+ZspzUbs4",
+                           "6VAnHApJElOTDylSf3rDSvzsklKcFpHJ9yCJV+PnipEsY8qWhzKHlKCdtEn1xH0BCP/2JfMYgLQl",
+                           "PCvaR8XrgdODeQ2Gn6g=</SignatureValue><KeyInfo><KeyValue><RSAKeyValue><Modulus>t+qknJd/Kdo09fvQrRThqh/3EyDQj8zT1ZT7uXmivni4Vaysf6zHv+oORIvAt9ntZE2ZCif9v6CC",
+                           "W+hmRFkdgRoVpmD2TErjykzowx6Ffyf5BkVnVB89+g/ZqNyyvXiBe8SmpBrRLOMifnbacyrJcsrH",
+                           "fwlCnuyGKXj1LfzDcR8=</Modulus><Exponent>AQAB</Exponent></RSAKeyValue></KeyValue></KeyInfo></Signature></Seal>",
+                           "    <c>",
+                           "        <d e=\"f\"/>",
+                           "    </c>",
+                           "</root>"].join("\n");
+    
+    var doc = new Dom().parseFromString(sampleXml);    
+    
+    var signature = crypto.xpath(doc, "//*//*[local-name(.)='Signature' and namespace-uri(.)='http://www.w3.org/2000/09/xmldsig#']")[0];
+    var sig = new crypto.SignedXml();
+    sig.keyInfoProvider = new crypto.FileKeyInfo("./test/static/empty_uri.pem");
+    sig.loadSignature(signature.toString());    
+    var result = sig.checkSignature(sampleXml);
+    test.equal(result, true);
+    test.done();
+  },
+
+
   "windows store signature": function(test) {    
 
     var xml = fs.readFileSync('./test/static/windows_store_signature.xml', 'utf-8');        
diff --git a/test/static/empty_uri.pem b/test/static/empty_uri.pem
@@ -0,0 +1,14 @@
+-----BEGIN CERTIFICATE-----
+MIICcTCCAVmgAwIBAgIBATANBgkqhkiG9w0BAQQFADA+MQswCQYDVQQGEwJFUzEbMBkGA1UEChMS
+U2N5dGwgVU5JVCBURVNUIENBMRIwEAYDVQQLEwlVTklUIFRFU1QwHhcNMDYwMzAyMTEwOTEyWhcN
+MzAwNDA2MTEwOTEyWjA+MQswCQYDVQQGEwJFUzEbMBkGA1UEChMSU2N5dGwgVU5JVCBURVNUIENB
+MRIwEAYDVQQLEwlVTklUIFRFU1QwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBALfqpJyXfyna
+NPX70K0U4aof9xMg0I/M09WU+7l5or54uFWsrH+sx7/qDkSLwLfZ7WRNmQon/b+gglvoZkRZHYEa
+FaZg9kxK48pM6MMehX8n+QZFZ1QfPfoP2ajcsr14gXvEpqQa0SzjIn522nMqyXLKx38JQp7shil4
+9S38w3EfAgMBAAEwDQYJKoZIhvcNAQEEBQADggEBAJrtSsuqdB3RvGZMriETpO0pqQsBhZ+JRYqs
+5dFIiC+bdJE+dUB6v8fpv1exSQ0+i+e1oTs2I9Wd4eIQ4rlZCG9K6EYBKP9Z59OBDTf6luaisoul
+6gnKW7+kUfQQkBfJJw/4RA7FbaAmYNGEEfXTwDMU+ZoqIO/PV+JsfOtFUdPcwv1hPQHTE+KR1DtR
+AC+A4Ak+fOoaRnyTprvbT4inaPdn6D9fBrIpO6hQSAtM5K9+/VaskMSFqw03DkADRyxHacdz9JLp
+5ChDbRrXCDdT/a832acPDViS3nG/GhuSTK8mlrXeHjpG6vaSbKiXNXwrwz80k/XoNh3k5jlfrzUM
+CQ4=
+-----END CERTIFICATE-----
