refactor: rename XmlSigner to XmlDSigSigner, update examples and tests

Author: shunkica

example/new-api-example.js

@@ -0,0 +1,306 @@
+const fs = require("fs");
+
+// Try to import from local build first, fallback to published package
+let XmlSignerFactory, XmlDSigValidator, Algorithms;
+try {
+  ({ XmlSignerFactory, XmlDSigValidator, Algorithms } = require("../lib/index"));
+} catch (error) {
+  ({ XmlSignerFactory, XmlDSigValidator, Algorithms } = require("xml-crypto"));
+}
+
+// Import the signer examples to get signed XML documents
+const {
+  signWithXPathExample,
+  signWithUriExample,
+  signWithCustomIdAttributesExample,
+  signWithWSSecurityModeExample,
+  signWithAllAttributesExample,
+  multipleSignaturesExample,
+} = require("./xmldsig-signer-example");
+
+// Example: Standard validation
+function validateStandardExample(signedXml) {
+  console.log("\n=== Standard Validation Example ===");
+
+  // Create a validator with configuration
+  const validator = new XmlDSigValidator({
+    publicCert: fs.readFileSync("./test/static/client_public.pem"),
+    throwOnError: false, // Return errors in result instead of throwing
+    maxTransforms: 5, // Allow up to 5 transforms per reference
+  });
+
+  try {
+    const result = validator.validate(signedXml);
+
+    console.log("Standard validation result:", result.valid);
+    if (!result.valid) {
+      console.log("Validation error:", result.error);
+    }
+
+    // Get the signed content (only available after successful validation)
+    if (result.valid && result.signedReferences) {
+      console.log("Signed references count:", result.signedReferences.length);
+      result.signedReferences.forEach((ref, index) => {
+        console.log(`Signed reference ${index + 1} length:`, ref.length);
+      });
+    }
+  } catch (error) {
+    console.error("Standard validation failed:", error.message);
+  }
+}
+
+// Example: Validation with custom ID attributes
+function validateWithCustomIdAttributesExample(signedXml) {
+  console.log("\n=== Custom ID Attributes Validation Example ===");
+
+  // Create a validator with custom ID attributes
+  const validator = new XmlDSigValidator({
+    publicCert: fs.readFileSync("./test/static/client_public.pem"),
+    idAttributeQNames: ["customId", "id", "Id"], // Same order as used in signing
+    throwOnError: false,
+    maxTransforms: 3,
+  });
+
+  try {
+    const result = validator.validate(signedXml);
+    console.log("Custom ID attributes validation result:", result.valid);
+    if (result.valid && result.signedReferences) {
+      console.log("Custom ID validation - signed references:", result.signedReferences.length);
+    } else if (!result.valid) {
+      console.log("Custom ID validation error:", result.error);
+    }
+  } catch (error) {
+    console.error("Custom ID attributes validation failed:", error.message);
+  }
+}
+
+// Example: WS-Security mode validation
+function validateWSSecurityModeExample(signedXml) {
+  console.log("\n=== WS-Security Mode Validation Example ===");
+
+  // Create a validator with WS-Security mode
+  const validator = new XmlDSigValidator({
+    publicCert: fs.readFileSync("./test/static/client_public.pem"),
+    idAttributeQNames: ["wsu:Id"],
+    namespaceMap: {
+      wsu: "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd",
+    },
+    throwOnError: false,
+    maxTransforms: 4,
+    implicitTransforms: [Algorithms.transform.EXCLUSIVE_C14N], // Default transforms
+  });
+
+  try {
+    const result = validator.validate(signedXml);
+    console.log("WS-Security mode validation result:", result.valid);
+    if (result.valid && result.signedReferences) {
+      console.log("WS-Security validation - signed references:", result.signedReferences.length);
+      result.signedReferences.forEach((ref, index) => {
+        console.log(`WS-Security reference ${index + 1} length:`, ref.length);
+      });
+    } else if (!result.valid) {
+      console.log("WS-Security validation error:", result.error);
+    }
+  } catch (error) {
+    console.error("WS-Security mode validation failed:", error.message);
+  }
+}
+
+// Example: Validation with getCertFromKeyInfo
+function validateWithKeyInfoCertExample(signedXml) {
+  console.log("\n=== KeyInfo Certificate Extraction Validation Example ===");
+
+  // Create a validator with getCertFromKeyInfo function
+  const validator = new XmlDSigValidator({
+    getCertFromKeyInfo: (keyInfo) => {
+      console.log("Extracting certificate from KeyInfo...");
+      // In a real scenario, you would extract the certificate from KeyInfo
+      // For this example, we'll just return the test certificate
+      return fs.readFileSync("./test/static/client_public.pem", "utf8");
+    },
+    throwOnError: false,
+    maxTransforms: 6,
+  });
+
+  try {
+    const result = validator.validate(signedXml);
+    console.log("KeyInfo cert extraction validation result:", result.valid);
+    if (result.valid && result.signedReferences) {
+      console.log("KeyInfo validation - signed references:", result.signedReferences.length);
+    } else if (!result.valid) {
+      console.log("KeyInfo validation error:", result.error);
+    }
+  } catch (error) {
+    console.error("KeyInfo cert extraction validation failed:", error.message);
+  }
+}
+
+// Example: Validation with certificate override
+function validateWithCertificateOverrideExample(signedXml) {
+  console.log("\n=== Certificate Override Validation Example ===");
+
+  // Create a validator with a specific certificate
+  const specificCert = fs.readFileSync("./test/static/client_public.pem");
+  const validator = new XmlDSigValidator({
+    publicCert: specificCert,
+    throwOnError: false,
+  });
+
+  try {
+    const result = validator.validate(signedXml);
+    console.log("Certificate override validation result:", result.valid);
+    if (result.valid && result.signedReferences) {
+      console.log("Certificate override - signed references:", result.signedReferences.length);
+    } else if (!result.valid) {
+      console.log("Certificate override validation error:", result.error);
+    }
+  } catch (error) {
+    console.error("Certificate override validation failed:", error.message);
+  }
+}
+
+// Example: Reusable validator
+function validateReusableExample(signedXml) {
+  console.log("\n=== Reusable Validator Example ===");
+
+  const validator = new XmlDSigValidator({
+    publicCert: fs.readFileSync("./test/static/client_public.pem"),
+    throwOnError: false,
+  });
+
+  try {
+    // First validation
+    const result1 = validator.validate(signedXml);
+    console.log("First validation result:", result1.valid);
+    if (result1.valid && result1.signedReferences) {
+      console.log("First validation - signed references count:", result1.signedReferences.length);
+    }
+
+    // Second validation with same validator (demonstrating reusability)
+    const result2 = validator.validate(signedXml);
+    console.log("Second validation result:", result2.valid);
+    if (result2.valid && result2.signedReferences) {
+      console.log("Second validation - signed references count:", result2.signedReferences.length);
+    }
+  } catch (error) {
+    console.error("Reusable validation failed:", error.message);
+  }
+}
+
+// Example: Multiple signatures validation
+function validateMultipleSignaturesExample() {
+  console.log("\n=== Multiple Signatures Validation Example ===");
+
+  // Get XML with multiple signatures
+  const signedTwice = multipleSignaturesExample();
+
+  const validator = new XmlDSigValidator({
+    publicCert: fs.readFileSync("./test/static/client_public.pem"),
+  });
+
+  // This will fail because multiple signatures are present
+  const result1 = validator.validate(signedTwice);
+  console.log("Validation without specifying signature node:", result1.valid);
+  if (!result1.valid) {
+    console.log("Error:", result1.error);
+  }
+
+  // Validate a specific signature by passing the signature node
+  const { DOMParser } = require("@xmldom/xmldom");
+  const xpath = require("xpath");
+  const doc = new DOMParser().parseFromString(signedTwice);
+  const firstSignature = xpath.select1("//*[local-name(.)='Signature'][@Id='sig1']", doc);
+
+  const result2 = validator.validate(signedTwice, firstSignature);
+  console.log("Validation with specific signature node:", result2.valid);
+}
+
+// Example: Error handling
+function validateErrorHandlingExample() {
+  console.log("\n=== Error Handling Example ===");
+
+  const validator = new XmlDSigValidator({
+    publicCert: fs.readFileSync("./test/static/client_public.pem"),
+    throwOnError: false, // Don't throw, return errors in result
+  });
+
+  // Test with invalid XML
+  const result1 = validator.validate("<invalid>xml");
+  console.log("Invalid XML validation result:", result1.valid);
+  if (!result1.valid) {
+    console.log("Invalid XML error:", result1.error);
+  }
+
+  // Test with XML without signature
+  const result2 = validator.validate("<root><data>no signature</data></root>");
+  console.log("No signature validation result:", result2.valid);
+  if (!result2.valid) {
+    console.log("No signature error:", result2.error);
+  }
+
+  // Test with throwOnError: true
+  const throwingValidator = new XmlDSigValidator({
+    publicCert: fs.readFileSync("./test/static/client_public.pem"),
+    throwOnError: true,
+  });
+
+  try {
+    throwingValidator.validate("<root><data>no signature</data></root>");
+  } catch (error) {
+    console.log("Caught thrown error:", error.message);
+  }
+}
+
+// Run the examples
+if (require.main === module) {
+  console.log("🔐 XML Digital Signature Validator Examples\n");
+
+  // Generate signed XML documents from signer examples
+  console.log("Generating signed XML documents for validation...\n");
+
+  const xpathSignedXml = signWithXPathExample();
+  const uriSignedXml = signWithUriExample();
+  const customIdSignedXml = signWithCustomIdAttributesExample();
+  const wsSecuritySignedXml = signWithWSSecurityModeExample();
+  const comprehensiveSignedXml = signWithAllAttributesExample();
+
+  // Validation examples
+  if (xpathSignedXml) {
+    validateStandardExample(xpathSignedXml);
+    validateWithKeyInfoCertExample(xpathSignedXml);
+    validateWithCertificateOverrideExample(xpathSignedXml);
+    validateReusableExample(xpathSignedXml);
+  }
+
+  if (uriSignedXml) {
+    validateStandardExample(uriSignedXml);
+  }
+
+  if (customIdSignedXml) {
+    validateWithCustomIdAttributesExample(customIdSignedXml);
+  }
+
+  if (wsSecuritySignedXml) {
+    validateWSSecurityModeExample(wsSecuritySignedXml);
+  }
+
+  if (comprehensiveSignedXml) {
+    validateStandardExample(comprehensiveSignedXml);
+    validateReusableExample(comprehensiveSignedXml);
+  }
+
+  // Additional validation examples
+  validateMultipleSignaturesExample();
+  validateErrorHandlingExample();
+}
+
+module.exports = {
+  validateStandardExample,
+  validateWithCustomIdAttributesExample,
+  validateWSSecurityModeExample,
+  validateWithKeyInfoCertExample,
+  validateWithCertificateOverrideExample,
+  validateReusableExample,
+  validateMultipleSignaturesExample,
+  validateErrorHandlingExample,
+};

example/xmldsig-signer-example.js

@@ -4,7 +4,7 @@ export {
   ExclusiveCanonicalizationWithComments,
 } from "./exclusive-canonicalization";
 export { SignedXml } from "./signed-xml";
-export { XmlSigner, XmlSignerFactory } from "./xml-signer";
+export { XmlDSigSigner } from "./xmldsig-signer";
 export { XmlDSigValidator } from "./xmldsig-validator";
 export { Algorithms } from "./algorithms";
 export * from "./types";

example/xmldsig-validator-example.js

@@ -378,16 +378,6 @@ function buildXPathLiteral(value: string): string {
     .join(", ")})`;
 }
 
-export function buildIdXPath(idAttributes: string[], idValue: string): string {
-  if (idAttributes.length === 0) {
-    throw new Error("No ID attributes provided for XPath generation.");
-  }
-
-  const idLiteral = buildXPathLiteral(idValue);
-  const conditions = idAttributes.map((attr) => `local-name()=${buildXPathLiteral(attr)}`);
-  return `//*[@*[${conditions.join(" or ")}]=${idLiteral}]`;
-}
-
 export function splitQName(qName: string): [string | undefined, string] {
   if (qName.includes(":")) {
     const [prefix, localName] = qName.split(":", 2);
@@ -413,3 +403,25 @@ export function resolveQName(
   }
   return [prefix, localName, namespaceURI];
 }
+
+export function buildIdXPathWithNamespaces(
+  idAttributeQNames: string[],
+  idValue: string,
+  namespaceMap?: Record<string, string>,
+): string {
+  if (idAttributeQNames.length === 0) {
+    throw new Error("No ID attributes provided for XPath generation.");
+  }
+  const idLiteral = buildXPathLiteral(idValue);
+  const conditions: string[] = [];
+  for (const qName of idAttributeQNames) {
+    const [, localName, namespaceURI] = resolveQName(qName, namespaceMap);
+    if (namespaceURI) {
+      conditions.push(`local-name()="${localName}" and namespace-uri()="${namespaceURI}"`);
+    } else {
+      conditions.push(`local-name()="${localName}"`);
+    }
+  }
+
+  return `//*[@*[${conditions.join(" or ")}]=${idLiteral}]`;
+}