add support for generating .NET compliant signed xml

Author: winsome

lib/exclusive-canonicalization.js

@@ -151,5 +151,5 @@ ExclusiveCanonicalization.prototype.process = function(node, options) {
 };
 
 ExclusiveCanonicalization.prototype.getAlgorithmName = function() {
-  return "http://www.w3.org/2001/10/xml-exc-c14n#";
+  return "http://www.w3.org/TR/2001/REC-xml-c14n-20010315";
 };

lib/signed-xml.js

@@ -140,7 +140,7 @@ function SignedXml(idMode, options) {
   this.signingKey = null
   this.signatureAlgorithm = this.options.signatureAlgorithm || "http://www.w3.org/2000/09/xmldsig#rsa-sha1";
   this.keyInfoProvider = null
-  this.canonicalizationAlgorithm = "http://www.w3.org/2001/10/xml-exc-c14n#"
+  this.canonicalizationAlgorithm = "http://www.w3.org/TR/2001/REC-xml-c14n-20010315"
   this.signedXml = ""
   this.signatureXml = ""
   this.signatureXmlDoc = null
@@ -153,7 +153,7 @@ function SignedXml(idMode, options) {
 }
 
 SignedXml.CanonicalizationAlgorithms = {
-  'http://www.w3.org/2001/10/xml-exc-c14n#': ExclusiveCanonicalization,
+  'http://www.w3.org/TR/2001/REC-xml-c14n-20010315': ExclusiveCanonicalization,
   'http://www.w3.org/2000/09/xmldsig#enveloped-signature': EnvelopedSignature
 }
 
@@ -247,7 +247,8 @@ SignedXml.prototype.validateReferences = function(doc) {
                         ref.uri + " but could not find such element in the xml")
       return false
     }
-    var canonXml = this.getCanonXml(ref.transforms, elem[0], { inclusiveNamespacesPrefixList: ref.inclusiveNamespacesPrefixList });        
+    var canonXml = this.getCanonXml(ref.transforms, elem[0], { inclusiveNamespacesPrefixList: ref.inclusiveNamespacesPrefixList });  
+    fs.writeFileSync("../canon.xml", canonXml);      
 
     var hash = this.findHashAlgorithm(ref.digestAlgorithm)    
     var digest = hash.getHash(canonXml)    
@@ -334,15 +335,15 @@ SignedXml.prototype.loadReference = function(ref) {
 
   //***workaround for validating windows mobile store signatures - it uses c14n but does not state it in the transforms
   if (transforms.length==1 && transforms[0]=="http://www.w3.org/2000/09/xmldsig#enveloped-signature")
-    transforms.push("http://www.w3.org/2001/10/xml-exc-c14n#")
+    transforms.push("http://www.w3.org/TR/2001/REC-xml-c14n-20010315")
 
   this.addReference(null, transforms, digestAlgo, utils.findAttr(ref, "URI").value, digestValue, inclusiveNamespacesPrefixList, false)
 }
 
 SignedXml.prototype.addReference = function(xpath, transforms, digestAlgorithm, uri, digestValue, inclusiveNamespacesPrefixList, isEmptyUri) {    
   this.references.push({
     "xpath": xpath, 
-    "transforms": transforms ? transforms : ["http://www.w3.org/2001/10/xml-exc-c14n#"] ,    
+    "transforms": transforms ? transforms : ["http://www.w3.org/TR/2001/REC-xml-c14n-20010315"] ,    
     "digestAlgorithm": digestAlgorithm ? digestAlgorithm : "http://www.w3.org/2000/09/xmldsig#sha1",
     "uri": uri,
     "digestValue": digestValue,
@@ -447,10 +448,16 @@ SignedXml.prototype.createReferences = function(doc) {
 
 SignedXml.prototype.getCanonXml = function(transforms, node, options) {      
   var canonXml = node
-  for (var t in transforms) {
-    if (!transforms.hasOwnProperty(t)) continue;
 
-    var transform = this.findCanonicalizationAlgorithm(transforms[t])
+  //***workaround for creating signatures that can be validated by .NET's SignedXml class - it uses c14n but does not state it in the transforms
+  var transformsCopy = transforms.slice()
+  if (transformsCopy.length==1 && transformsCopy[0]=="http://www.w3.org/2000/09/xmldsig#enveloped-signature")
+    transformsCopy.push("http://www.w3.org/TR/2001/REC-xml-c14n-20010315")
+
+  for (var t in transformsCopy) {
+    if (!transformsCopy.hasOwnProperty(t)) continue;
+
+    var transform = this.findCanonicalizationAlgorithm(transformsCopy[t])
     canonXml = transform.process(canonXml, options);
     //TODO: currently transform.process may return either Node or String value (enveloped transformation returns Node, exclusive-canonicalization returns String).
     //This eitehr needs to be more explicit in the API, or all should return the same.