@ripwords/myinvois-client 0.1.0 → 0.1.3

package/src/utils/signature/canonicalize.ts

@@ -1,104 +0,0 @@
-import * as crypto from 'crypto'
-import c14nFactory from 'xml-c14n'
-
-/**
- * Canonicalizes the XML document using the best available canonicalization algorithm,
- * hashes it using SHA-256, and returns the Base64 encoded digest.
- *
- * Corresponds to Step 3 in the MyInvois Signature Creation guide:
- * https://sdk.myinvois.hasil.gov.my/signature-creation/#step-3-canonicalize-the-document-and-generate-the-document-hash-digest
- *
- * Note: MyInvois documentation specifies C14N 1.1, but due to limited Node.js library support,
- * this implementation uses Exclusive C14N which is widely supported and should be compatible
- * in most cases. If signature validation fails, this may need to be updated.
- *
- * @param doc The XML Document object (from xmldom-ts) after transformations (Step 2).
- * @param algorithm Optional canonicalization algorithm URI. Defaults to Exclusive C14N.
- * @returns A Promise resolving to the Base64 encoded SHA-256 hash (DocDigest).
- * @throws {Error} If canonicalization or hashing fails.
- */
-export function canonicalizeAndHashDocument(
-  doc: Document,
-  algorithm: string = 'http://www.w3.org/2001/10/xml-exc-c14n#',
-): Promise<string> {
-  return new Promise((resolve, reject) => {
-    try {
-      // Get the canonicalization factory instance
-      const c14n = c14nFactory()
-
-      // Create a canonicaliser instance for the desired algorithm
-      // Try C14N 1.1 first, fallback to Exclusive C14N
-      let algorithmUri = algorithm
-
-      // If C14N 1.1 is requested but not available, use Exclusive C14N
-      if (algorithm === 'https://www.w3.org/TR/xml-c14n11') {
-        console.warn(
-          'C14N 1.1 requested but may not be supported, falling back to Exclusive C14N',
-        )
-        algorithmUri = 'http://www.w3.org/2001/10/xml-exc-c14n#'
-      }
-
-      const canonicaliser = c14n.createCanonicaliser(algorithmUri)
-
-      // Canonicalize the document using the callback pattern
-      canonicaliser.canonicalise(doc, (error, canonicalXml) => {
-        if (error) {
-          console.error('Error during canonicalization:', error)
-          return reject(
-            new Error(`Canonicalization failed: ${error.message || error}`),
-          )
-        }
-
-        if (typeof canonicalXml !== 'string') {
-          return reject(
-            new Error('Canonicalization did not return a string result.'),
-          )
-        }
-
-        try {
-          // Hash the canonicalized document using SHA-256
-          const hash = crypto.createHash('sha256')
-          hash.update(canonicalXml, 'utf8')
-
-          // Encode the hash digest to Base64
-          const base64Digest = hash.digest('base64')
-
-          resolve(base64Digest)
-        } catch (hashError: any) {
-          console.error('Error during hashing:', hashError)
-          reject(new Error(`Hashing failed: ${hashError.message || hashError}`))
-        }
-      })
-    } catch (setupError: any) {
-      console.error('Error setting up canonicalizer:', setupError)
-      reject(
-        new Error(
-          `Canonicalizer setup failed: ${setupError.message || setupError}`,
-        ),
-      )
-    }
-  })
-}
-
-/**
- * Attempts to use C14N 1.1 if available, otherwise falls back to Exclusive C14N.
- * This function provides a way to try the MyInvois-specified algorithm first.
- */
-export async function canonicalizeAndHashDocumentWithC14N11Fallback(
-  doc: Document,
-): Promise<string> {
-  try {
-    // Try C14N 1.1 first (may not be supported by xml-c14n library)
-    return await canonicalizeAndHashDocument(
-      doc,
-      'http://www.w3.org/2006/12/xml-c14n11',
-    )
-  } catch (error) {
-    console.warn('C14N 1.1 failed, falling back to Exclusive C14N:', error)
-    // Fallback to Exclusive C14N
-    return await canonicalizeAndHashDocument(
-      doc,
-      'http://www.w3.org/2001/10/xml-exc-c14n#',
-    )
-  }
-}

package/src/utils/signature/hashCert.ts

@@ -1,115 +0,0 @@
-import * as crypto from 'crypto'
-
-/**
- * Extracts the Base64 encoded DER certificate from a PEM string.
- * Removes headers/footers and newlines.
- *
- * @param pemCert The certificate in PEM format (string).
- * @returns The Base64 encoded DER certificate string.
- * @throws {Error} If the PEM format is invalid or content is not found.
- */
-function extractBase64FromPem(pemCert: string): string {
-  const beginMarker = '-----BEGIN CERTIFICATE-----'
-  const endMarker = '-----END CERTIFICATE-----'
-
-  let startIndex = pemCert.indexOf(beginMarker)
-  let endIndex = pemCert.indexOf(endMarker)
-  let currentBeginMarker = beginMarker
-
-  // Check for primary markers
-  if (startIndex === -1 || endIndex === -1 || endIndex <= startIndex) {
-    // Try finding other common markers if the primary one fails
-    const altBeginMarker = '-----BEGIN PUBLIC KEY-----'
-    const altEndMarker = '-----END PUBLIC KEY-----'
-    startIndex = pemCert.indexOf(altBeginMarker)
-    endIndex = pemCert.indexOf(altEndMarker)
-    currentBeginMarker = altBeginMarker
-
-    if (startIndex === -1 || endIndex === -1 || endIndex <= startIndex) {
-      throw new Error(
-        'Invalid PEM format: Missing or misplaced BEGIN/END markers (CERTIFICATE or other expected type).',
-      )
-    }
-  }
-
-  // Extract the raw content between markers (including newlines, etc.)
-  const content = pemCert.substring(
-    startIndex + currentBeginMarker.length,
-    endIndex,
-  )
-
-  // Validate the raw content *before* cleaning - check for invalid chars within the block
-  // This regex checks if there's anything *other than* whitespace or Base64 characters.
-  const invalidCharRegex = /[^A-Za-z0-9+/=\s]/
-  if (invalidCharRegex.test(content)) {
-    throw new Error(
-      'Invalid non-Base64, non-whitespace characters detected in PEM content block.',
-    )
-  }
-
-  // Clean the extracted content: remove only whitespace (newlines, spaces)
-  const base64Der = content.replace(/\s/g, '')
-
-  // Final check: ensure the cleaned string is valid Base64 format (e.g., correct padding)
-  const base64FormatRegex = /^[A-Za-z0-9+/]*={0,2}$/
-  if (!base64FormatRegex.test(base64Der)) {
-    // This might catch incorrect padding or other structural issues post-cleaning
-    throw new Error(
-      'Invalid Base64 structure (e.g., padding) after cleaning PEM content.',
-    )
-  }
-
-  if (base64Der.length === 0) {
-    throw new Error(
-      'Invalid PEM format: No Base64 content found between markers after cleaning.',
-    )
-  }
-
-  return base64Der
-}
-
-/**
- * Hashes the signing certificate using SHA-256 and encodes the hash in Base64.
- *
- * Corresponds to Step 5 in the MyInvois Signature Creation guide:
- * https://sdk.myinvois.hasil.gov.my/signature-creation/#step-5-generate-the-certificate-hash
- *
- * @param certificatePem The signing certificate in PEM format (string).
- * @returns The Base64 encoded SHA-256 hash of the certificate (CertDigest).
- * @throws {Error} If hashing fails or PEM is invalid.
- */
-export function hashCertificate(certificatePem: string): string {
-  try {
-    // 1. Extract *and validate* Base64 DER content from PEM
-    const base64Der = extractBase64FromPem(certificatePem)
-
-    // Base64 validation is now done inside extractBase64FromPem
-    // const base64Regex = /^[A-Za-z0-9+/]*={0,2}$/;
-    // if (base64Der.length > 0 && !base64Regex.test(base64Der)) {
-    //   throw new Error('Invalid Base64 characters detected in PEM certificate content.')
-    // }
-
-    // 2. Decode Base64 to get the raw DER bytes
-    const rawDer = Buffer.from(base64Der, 'base64')
-
-    // The check below might be redundant now with the improved extraction/validation,
-    // but kept as a fallback safety measure.
-    if (base64Der.length > 0 && rawDer.length === 0) {
-      throw new Error(
-        'Invalid Base64 content characters in PEM certificate (Buffer decoding check).',
-      )
-    }
-
-    // 3. Hash the raw DER certificate using SHA-256
-    const hash = crypto.createHash('sha256')
-    hash.update(rawDer)
-
-    // 4. Encode the hash digest to Base64
-    const base64CertDigest = hash.digest('base64')
-
-    return base64CertDigest
-  } catch (error: any) {
-    console.error('Error hashing certificate:', error)
-    throw new Error(`Failed to hash certificate: ${error.message || error}`)
-  }
-}

package/src/utils/signature/hashSignedProperties.ts

@@ -1,155 +0,0 @@
-import * as crypto from 'crypto'
-import * as xpath from 'xpath-ts'
-import c14nFactory from 'xml-c14n'
-
-/**
- * Selects the SignedProperties element, canonicalizes it using the best available
- * canonicalization algorithm, hashes it using SHA-256, and returns the Base64 encoded digest.
- *
- * Corresponds to Step 7 in the MyInvois Signature Creation guide:
- * https://sdk.myinvois.hasil.gov.my/signature-creation/#step-7-generate-signed-properties-hash
- *
- * Note: MyInvois documentation specifies C14N 1.1, but due to limited Node.js library support,
- * this implementation uses Exclusive C14N which is widely supported and should be compatible
- * in most cases. If signature validation fails, this may need to be updated.
- *
- * @param doc The XML Document object (from xmldom-ts) after SignedProperties population (Step 6).
- * @param algorithm Optional canonicalization algorithm URI. Defaults to Exclusive C14N.
- * @returns A Promise resolving to the Base64 encoded SHA-256 hash (PropsDigest).
- * @throws {Error} If the SignedProperties element cannot be found or canonicalization/hashing fails.
- */
-export function hashSignedProperties(
-  doc: Document,
-  algorithm: string = 'http://www.w3.org/2001/10/xml-exc-c14n#',
-): Promise<string> {
-  return new Promise((resolve, reject) => {
-    try {
-      // Define namespaces, including the default namespace for Invoice
-      const ns = {
-        inv: 'urn:oasis:names:specification:ubl:schema:xsd:Invoice-2',
-        ext: 'urn:oasis:names:specification:ubl:schema:xsd:CommonExtensionComponents-2',
-        sig: 'urn:oasis:names:specification:ubl:schema:xsd:CommonSignatureComponents-2',
-        sac: 'urn:oasis:names:specification:ubl:schema:xsd:SignatureAggregateComponents-2',
-        ds: 'http://www.w3.org/2000/09/xmldsig#',
-        xades: 'http://uri.etsi.org/01903/v1.3.2#',
-      }
-      const select = xpath.useNamespaces(ns)
-
-      // 1. Get the SignedProperties element using XPath
-      const signedPropertiesXPath =
-        '/inv:Invoice/ext:UBLExtensions/ext:UBLExtension/ext:ExtensionContent/sig:UBLDocumentSignatures/sac:SignatureInformation/ds:Signature/ds:Object/xades:QualifyingProperties/xades:SignedProperties'
-      const nodes = select(signedPropertiesXPath, doc)
-
-      if (!Array.isArray(nodes) || nodes.length === 0) {
-        throw new Error(
-          `SignedProperties element not found for XPath: ${signedPropertiesXPath}`,
-        )
-      }
-      if (nodes.length > 1) {
-        throw new Error(
-          `Multiple SignedProperties elements found (expected 1): ${signedPropertiesXPath}`,
-        )
-      }
-      const signedPropertiesNode = nodes[0] as Node
-
-      if (!signedPropertiesNode) {
-        throw new Error('Selected SignedProperties node is invalid or null.')
-      }
-
-      // 2. Canonicalize the SignedProperties node
-      const c14n = c14nFactory()
-
-      // Try C14N 1.1 first, fallback to Exclusive C14N
-      let algorithmUri = algorithm
-
-      // If C14N 1.1 is requested but not available, use Exclusive C14N
-      if (algorithm === 'https://www.w3.org/TR/xml-c14n11') {
-        console.warn(
-          'C14N 1.1 requested for SignedProperties but may not be supported, falling back to Exclusive C14N',
-        )
-        algorithmUri = 'http://www.w3.org/2001/10/xml-exc-c14n#'
-      }
-
-      const canonicaliser = c14n.createCanonicaliser(algorithmUri)
-
-      // Canonicalize the SignedProperties node using the callback pattern
-      canonicaliser.canonicalise(
-        signedPropertiesNode,
-        (error, canonicalXml) => {
-          if (error) {
-            console.error(
-              'Error during SignedProperties canonicalization:',
-              error,
-            )
-            return reject(
-              new Error(
-                `SignedProperties canonicalization failed: ${error.message || error}`,
-              ),
-            )
-          }
-
-          if (typeof canonicalXml !== 'string') {
-            return reject(
-              new Error(
-                'SignedProperties canonicalization did not return a string result.',
-              ),
-            )
-          }
-
-          try {
-            // 3. Hash the canonicalized property tag using SHA-256
-            const hash = crypto.createHash('sha256')
-            hash.update(canonicalXml, 'utf8')
-
-            // 4. Encode the hashed property tag using Base64 Encoder
-            const base64PropsDigest = hash.digest('base64')
-
-            resolve(base64PropsDigest)
-          } catch (hashError: any) {
-            console.error('Error during SignedProperties hashing:', hashError)
-            reject(
-              new Error(
-                `SignedProperties hashing failed: ${hashError.message || hashError}`,
-              ),
-            )
-          }
-        },
-      )
-    } catch (setupError: any) {
-      console.error(
-        'Error setting up or selecting SignedProperties:',
-        setupError,
-      )
-      reject(
-        new Error(
-          `SignedProperties processing setup failed: ${setupError.message || setupError}`,
-        ),
-      )
-    }
-  })
-}
-
-/**
- * Attempts to use C14N 1.1 for SignedProperties if available, otherwise falls back to Exclusive C14N.
- */
-export async function hashSignedPropertiesWithC14N11Fallback(
-  doc: Document,
-): Promise<string> {
-  try {
-    // Try C14N 1.1 first (may not be supported by xml-c14n library)
-    return await hashSignedProperties(
-      doc,
-      'http://www.w3.org/2006/12/xml-c14n11',
-    )
-  } catch (error) {
-    console.warn(
-      'C14N 1.1 failed for SignedProperties, falling back to Exclusive C14N:',
-      error,
-    )
-    // Fallback to Exclusive C14N
-    return await hashSignedProperties(
-      doc,
-      'http://www.w3.org/2001/10/xml-exc-c14n#',
-    )
-  }
-}

package/src/utils/signature/populateFinalDocument.ts

@@ -1,187 +0,0 @@
-import * as xpath from 'xpath-ts'
-
-export interface FinalDocumentData {
-  signatureValue: string // Base64 encoded RSA signature (Sig from Step 4)
-  propsDigest: string // Base64 encoded hash of SignedProperties (PropsDigest from Step 7)
-  docDigest: string // Base64 encoded hash of Canonicalized Document (DocDigest from Step 3)
-  certificatePem: string // Signing certificate in PEM format
-}
-
-/**
- * Extracts the Base64 encoded DER certificate content from a PEM string,
- * removing headers, footers, and newlines.
- * @param pemCert The certificate in PEM format.
- * @returns The cleaned Base64 DER string.
- */
-function cleanCertificatePem(pemCert: string): string {
-  const beginMarker = '-----BEGIN CERTIFICATE-----'
-  const endMarker = '-----END CERTIFICATE-----'
-  let content = pemCert
-
-  const startIndex = pemCert.indexOf(beginMarker)
-  const endIndex = pemCert.indexOf(endMarker)
-
-  if (startIndex !== -1 && endIndex !== -1 && endIndex > startIndex) {
-    content = pemCert.substring(startIndex + beginMarker.length, endIndex)
-  } // else: Assume it might be just the Base64 part already, or another PEM type
-
-  // Remove any remaining non-Base64 characters (newlines, etc.)
-  return content.replace(/[^A-Za-z0-9+/=]/g, '')
-}
-
-/**
- * Populates the final signature information fields within the UBL document's signature structure.
- *
- * Corresponds to Step 8 in the MyInvois Signature Creation guide:
- * https://sdk.myinvois.hasil.gov.my/signature-creation/#step-8-populate-the-information-in-the-document-to-create-the-signed-document
- *
- * Modifies the passed Document object in place.
- *
- * @param doc The XML Document object (from xmldom-ts) containing the signature structure.
- * @param finalData An object containing the final signature data to populate.
- * @throws {Error} If any target element cannot be found or if multiple are found.
- */
-export function populateFinalDocument(
-  doc: Document,
-  finalData: FinalDocumentData,
-): void {
-  const ns = {
-    inv: 'urn:oasis:names:specification:ubl:schema:xsd:Invoice-2',
-    ext: 'urn:oasis:names:specification:ubl:schema:xsd:CommonExtensionComponents-2',
-    sig: 'urn:oasis:names:specification:ubl:schema:xsd:CommonSignatureComponents-2',
-    sac: 'urn:oasis:names:specification:ubl:schema:xsd:SignatureAggregateComponents-2',
-    ds: 'http://www.w3.org/2000/09/xmldsig#',
-    // No xades needed here, but cac might be needed if populating /Invoice/cac:Signature
-    // cac: 'urn:oasis:names:specification:ubl:schema:xsd:CommonAggregateComponents-2'
-    cac: 'urn:oasis:names:specification:ubl:schema:xsd:CommonAggregateComponents-2',
-    cbc: 'urn:oasis:names:specification:ubl:schema:xsd:CommonBasicComponents-2',
-  }
-  const select = xpath.useNamespaces(ns)
-
-  // Helper function to find a single node and set its text content
-  const setElementValue = (xpathExpr: string, value: string) => {
-    try {
-      const selectionResult = select(xpathExpr, doc) // Store the result first
-
-      // Check 0: Explicitly check for null/undefined before array check
-      if (selectionResult == null) {
-        // Use == to catch both null and undefined
-        throw new Error(
-          `XPath selection returned null or undefined for: ${xpathExpr}`,
-        )
-      }
-
-      // Check 1: Ensure it's an array (xpath.select can return other types)
-      if (!Array.isArray(selectionResult)) {
-        throw new Error(
-          `XPath selection did not return an array for: ${xpathExpr}. Result: ${typeof selectionResult}`,
-        )
-      }
-
-      // Check 2: Ensure exactly one node was found
-      if (selectionResult.length === 0) {
-        throw new Error(`Element not found for XPath: ${xpathExpr}`)
-      }
-      if (selectionResult.length > 1) {
-        throw new Error(
-          `Multiple elements found for XPath (expected 1): ${xpathExpr}`,
-        )
-      }
-
-      // Check 3: Ensure the found item is a Node and specifically an Element node (type 1)
-      const node = selectionResult[0] as Node // Assert as Node for type checking
-      // Node.ELEMENT_NODE is typically 1
-      if (
-        !node ||
-        typeof node !== 'object' ||
-        !('nodeType' in node) ||
-        node.nodeType !== 1
-      ) {
-        throw new Error(
-          `Selected item is not an Element Node for XPath: ${xpathExpr}. Node details: ${JSON.stringify(node)}`,
-        )
-      }
-
-      // Check 4: Ensure textContent can be set (should be true for element nodes)
-      if ('textContent' in node) {
-        // Ensure the property is writable (though typically it is for elements)
-        node.textContent = value
-      } else {
-        // This case should technically be impossible if nodeType is 1
-        throw new Error(
-          `Selected Element Node does not have textContent property for XPath: ${xpathExpr}`,
-        )
-      }
-    } catch (error: any) {
-      console.error(`Error setting value for XPath ${xpathExpr}:`, error)
-      // Keep the wrapping error message format consistent with tests
-      throw new Error(
-        `Failed to set value for XPath ${xpathExpr}: ${error.message}`,
-      )
-    }
-  }
-
-  // Helper function to check if *at least one* node exists for an XPath
-  const checkElementExists = (xpathExpr: string): boolean => {
-    try {
-      const selectionResult = select(xpathExpr, doc)
-      // Check if it's an array and has at least one element
-      return Array.isArray(selectionResult) && selectionResult.length > 0
-    } catch (error) {
-      console.error(`Error checking existence for XPath ${xpathExpr}:`, error)
-      return false // Treat errors during check as non-existent
-    }
-  }
-
-  // Define XPaths based on UBL documentation for Step 8
-  const basePath =
-    '/inv:Invoice/ext:UBLExtensions/ext:UBLExtension/ext:ExtensionContent/sig:UBLDocumentSignatures/sac:SignatureInformation/ds:Signature'
-
-  // Define XPaths for the parent Reference elements
-  const propsRefPath = `${basePath}/ds:SignedInfo/ds:Reference[@URI='#id-xades-signed-props']`
-  const docRefPath = `${basePath}/ds:SignedInfo/ds:Reference[@Id='id-doc-signed-data']`
-
-  // Define XPaths for the target elements
-  const signatureValuePath = `${basePath}/ds:SignatureValue`
-  const x509CertPath = `${basePath}/ds:KeyInfo/ds:X509Data/ds:X509Certificate`
-  const propsDigestPath = `${propsRefPath}/ds:DigestValue`
-  const docDigestPath = `${docRefPath}/ds:DigestValue`
-
-  // Populate the values, adding existence checks for Reference parents
-  setElementValue(signatureValuePath, finalData.signatureValue)
-  setElementValue(x509CertPath, cleanCertificatePem(finalData.certificatePem))
-
-  // Check propsDigest parent before setting value
-  if (!checkElementExists(propsRefPath)) {
-    // Throw using the child path to match original test intent
-    throw new Error(
-      `Failed to set value for XPath ${propsDigestPath}: Element not found for XPath: ${propsDigestPath}`,
-    )
-  }
-  setElementValue(propsDigestPath, finalData.propsDigest)
-
-  // Check docDigest parent before setting value
-  if (!checkElementExists(docRefPath)) {
-    // Throw using the child path to match original test intent
-    throw new Error(
-      `Failed to set value for XPath ${docDigestPath}: Element not found for XPath: ${docDigestPath}`,
-    )
-  }
-  setElementValue(docDigestPath, finalData.docDigest)
-
-  // Populate the /Invoice/cac:Signature elements
-  const cacSignatureIdPath = '/inv:Invoice/cac:Signature/cbc:ID'
-  const cacSignatureMethodPath =
-    '/inv:Invoice/cac:Signature/cbc:SignatureMethod'
-
-  // Static values based on the user's example XML
-  const cacSignatureIdValue =
-    'urn:oasis:names:specification:ubl:signature:Invoice'
-  const cacSignatureMethodValue =
-    'urn:oasis:names:specification:ubl:dsig:enveloped:xades'
-
-  setElementValue(cacSignatureIdPath, cacSignatureIdValue)
-  setElementValue(cacSignatureMethodPath, cacSignatureMethodValue)
-
-  // Document `doc` is modified in place.
-}

package/src/utils/signature/populateSignedProperties.ts

@@ -1,87 +0,0 @@
-import * as xpath from 'xpath-ts'
-
-export interface SignedPropertiesData {
-  certDigest: string // Base64 encoded SHA-256 hash of certificate (Step 5)
-  signingTime: string // ISO 8601 UTC timestamp string (e.g., 2023-10-26T10:30:00Z)
-  issuerName: string // Certificate Issuer Name
-  serialNumber: string // Certificate Serial Number
-}
-
-/**
- * Populates the SignedProperties section within the UBL document's signature structure.
- *
- * Corresponds to Step 6 in the MyInvois Signature Creation guide:
- * https://sdk.myinvois.hasil.gov.my/signature-creation/#step-6-populate-the-signed-properties-section
- *
- * Modifies the passed Document object in place.
- *
- * @param doc The XML Document object (from xmldom-ts) containing the signature structure.
- * @param properties An object containing the data to populate.
- * @throws {Error} If any target element cannot be found or if multiple are found.
- */
-export function populateSignedProperties(
-  doc: Document,
-  properties: SignedPropertiesData,
-): void {
-  // Define namespaces used in the XPaths
-  const ns = {
-    inv: 'urn:oasis:names:specification:ubl:schema:xsd:Invoice-2', // Define prefix for default NS
-    ext: 'urn:oasis:names:specification:ubl:schema:xsd:CommonExtensionComponents-2',
-    sig: 'urn:oasis:names:specification:ubl:schema:xsd:CommonSignatureComponents-2',
-    sac: 'urn:oasis:names:specification:ubl:schema:xsd:SignatureAggregateComponents-2',
-    ds: 'http://www.w3.org/2000/09/xmldsig#',
-    xades: 'http://uri.etsi.org/01903/v1.3.2#', // Common XAdES namespace
-  }
-  const select = xpath.useNamespaces(ns)
-
-  // Helper function to find a single node and set its text content
-  const setElementValue = (xpathExpr: string, value: string) => {
-    try {
-      const nodes = select(xpathExpr, doc)
-
-      // Refine check: Explicitly look for an empty array result
-      if (!Array.isArray(nodes) || nodes.length === 0) {
-        throw new Error(`Element not found for XPath: ${xpathExpr}`)
-      }
-      if (nodes.length > 1) {
-        throw new Error(
-          `Multiple elements found for XPath (expected 1): ${xpathExpr}`,
-        )
-      }
-
-      const node = nodes[0]
-
-      // Ensure it's a valid Node (like Element or Attr) before setting textContent
-      if (node && typeof node === 'object' && 'textContent' in node) {
-        // Type assertion might be needed if TS struggles with union type from select
-        ;(node as Node).textContent = value
-      } else {
-        throw new Error(
-          `Selected item is not a valid Node for XPath: ${xpathExpr}`,
-        )
-      }
-    } catch (error: any) {
-      console.error(`Error setting value for XPath ${xpathExpr}:`, error)
-      // Re-throw to indicate failure to populate
-      throw new Error(
-        `Failed to set value for XPath ${xpathExpr}: ${error.message}`,
-      )
-    }
-  }
-
-  // Define XPaths based on UBL documentation
-  // Use the defined prefix 'inv' for the root Invoice element
-  const basePath =
-    '/inv:Invoice/ext:UBLExtensions/ext:UBLExtension/ext:ExtensionContent/sig:UBLDocumentSignatures/sac:SignatureInformation/ds:Signature/ds:Object/xades:QualifyingProperties/xades:SignedProperties/xades:SignedSignatureProperties'
-
-  const certDigestPath = `${basePath}/xades:SigningCertificate/xades:Cert/xades:CertDigest/ds:DigestValue`
-  const signingTimePath = `${basePath}/xades:SigningTime`
-  const issuerNamePath = `${basePath}/xades:SigningCertificate/xades:Cert/xades:IssuerSerial/ds:X509IssuerName`
-  const serialNumberPath = `${basePath}/xades:SigningCertificate/xades:Cert/xades:IssuerSerial/ds:X509SerialNumber`
-
-  // Populate the values
-  setElementValue(certDigestPath, properties.certDigest)
-  setElementValue(signingTimePath, properties.signingTime)
-  setElementValue(issuerNamePath, properties.issuerName)
-  setElementValue(serialNumberPath, properties.serialNumber)
-}