edockit 0.1.1-beta.1 → 0.1.2

package/README.md

@@ -8,7 +8,7 @@ A JavaScript/TypeScript library for viewing and verifying EU standard ASiC-E con
 
 ## About
 
-This library supports standard European ASiC-E (.asice) containers as defined by the ETSI standards. Latvian eDoc (.edoc) files are effectively ASiC-E containers with a different file extension, so they are also supported. While the core functionality exists, extensive testing with real-world documents from various EU countries is still needed to ensure complete compatibility across different implementations.
+This library supports standard European ASiC-E (.asice, .sce) containers as defined by the ETSI standards. Latvian eDoc (.edoc) files are effectively ASiC-E containers with a different file extension, so they are also supported. While the core functionality exists, extensive testing with real-world documents from various EU countries is still needed to ensure complete compatibility across different implementations.
 
 ## Installation
 

package/dist/core/parser/types.d.ts

@@ -16,6 +16,7 @@ export interface SignatureInfo {
         rawData: ArrayBuffer;
     };
     signedChecksums: Record<string, string>;
+    digestAlgorithms?: Record<string, string>;
     signerInfo?: {
         commonName?: string;
         organization?: string;

package/dist/core/rsa-modulus-padding-fix.d.ts

@@ -0,0 +1,15 @@
+/**
+ * Fixes ASN.1 DER encoding of RSA keys to be compatible with browser Web Crypto
+ *
+ * This specifically targets the issue with modulus padding in SPKI format RSA keys.
+ * In DER encoding, when the high bit of an INTEGER is set, a 0x00 byte must be
+ * prepended to distinguish it from a negative number. Some libraries omit this padding,
+ * which works in Node.js but causes browsers to reject the key.
+ */
+/**
+ * Fixes ASN.1 DER encoding of RSA modulus to ensure proper padding
+ *
+ * @param publicKeyData The original public key data as ArrayBuffer
+ * @returns Fixed key with proper modulus padding
+ */
+export declare function fixRSAModulusPadding(publicKeyData: ArrayBuffer): ArrayBuffer;

package/dist/core/verification.d.ts

@@ -27,6 +27,13 @@ export interface ChecksumVerificationResult {
 export interface SignatureVerificationResult {
     isValid: boolean;
     reason?: string;
+    errorDetails?: {
+        category: string;
+        originalMessage: string;
+        algorithm: any;
+        environment: string;
+        keyLength: number;
+    };
 }
 /**
  * Result of a certificate verification
@@ -61,6 +68,7 @@ export declare function computeDigest(fileContent: Uint8Array, algorithm: string
  */
 export declare function verifyChecksums(signature: {
     signedChecksums: Record<string, string>;
+    digestAlgorithms?: Record<string, string>;
     algorithm?: string;
 }, files: Map<string, Uint8Array>): Promise<ChecksumVerificationResult>;
 /**

package/dist/index.cjs.js

@@ -1,3 +1,7 @@
+/*!
+ * MIT License
+ * Copyright (c) 2025 Edgars Jēkabsons, ZenomyTech SIA
+ */
 'use strict';
 
 Object.defineProperty(exports, '__esModule', { value: true });
@@ -1246,6 +1250,7 @@ function parseSignatureElement(signatureElement, xmlDoc) {
     // Get references and checksums
     const references = [];
     const signedChecksums = {};
+    const digestAlgorithms = {};
     const referenceElements = querySelectorAll(signedInfo, "ds\\:Reference, Reference");
     for (const reference of referenceElements) {
         const uri = reference.getAttribute("URI") || "";
@@ -1265,6 +1270,14 @@ function parseSignatureElement(signatureElement, xmlDoc) {
         // Clean up URI
         const cleanUri = decodedUri.startsWith("./") ? decodedUri.substring(2) : decodedUri;
         references.push(cleanUri);
+        // Find DigestMethod algorithm
+        const digestMethodEl = querySelector(reference, "ds\\:DigestMethod, DigestMethod");
+        if (digestMethodEl) {
+            const algo = digestMethodEl.getAttribute("Algorithm");
+            if (algo) {
+                digestAlgorithms[cleanUri] = algo;
+            }
+        }
         // Find DigestValue
         const digestValueEl = querySelector(reference, "ds\\:DigestValue, DigestValue");
         if (digestValueEl && digestValueEl.textContent) {
@@ -1279,6 +1292,7 @@ function parseSignatureElement(signatureElement, xmlDoc) {
         publicKey,
         signerInfo,
         signedChecksums,
+        digestAlgorithms,
         references,
         algorithm: signatureAlgorithm,
         signatureValue,
@@ -1407,6 +1421,206 @@ function parseEdoc(edocBuffer) {
     }
 }
 
+/**
+ * Fixes ASN.1 DER encoding of RSA keys to be compatible with browser Web Crypto
+ *
+ * This specifically targets the issue with modulus padding in SPKI format RSA keys.
+ * In DER encoding, when the high bit of an INTEGER is set, a 0x00 byte must be
+ * prepended to distinguish it from a negative number. Some libraries omit this padding,
+ * which works in Node.js but causes browsers to reject the key.
+ */
+/**
+ * Fixes ASN.1 DER encoding of RSA modulus to ensure proper padding
+ *
+ * @param publicKeyData The original public key data as ArrayBuffer
+ * @returns Fixed key with proper modulus padding
+ */
+function fixRSAModulusPadding(publicKeyData) {
+    const log = () => { };
+    const keyBytes = new Uint8Array(publicKeyData);
+    // Check if we have a valid SPKI format RSA key
+    // It should start with SEQUENCE tag (0x30)
+    if (keyBytes[0] !== 0x30) {
+        return publicKeyData;
+    }
+    // Look for RSA OID to confirm it's an RSA key
+    const RSA_OID = [0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01];
+    let oidPosition = -1;
+    for (let i = 0; i <= keyBytes.length - RSA_OID.length; i++) {
+        let match = true;
+        for (let j = 0; j < RSA_OID.length; j++) {
+            if (keyBytes[i + j] !== RSA_OID[j]) {
+                match = false;
+                break;
+            }
+        }
+        if (match) {
+            oidPosition = i;
+            break;
+        }
+    }
+    if (oidPosition === -1) {
+        return publicKeyData;
+    }
+    // Find the BitString that contains the key
+    let bitStringPosition = -1;
+    for (let i = oidPosition + RSA_OID.length; i < keyBytes.length; i++) {
+        if (keyBytes[i] === 0x03) {
+            // BIT STRING tag
+            bitStringPosition = i;
+            break;
+        }
+    }
+    if (bitStringPosition === -1) {
+        return publicKeyData;
+    }
+    // Skip BIT STRING tag and length bytes to find unused bits byte
+    let bitStringLengthBytes = 0;
+    if ((keyBytes[bitStringPosition + 1] & 0x80) === 0) {
+        // Short form length
+        bitStringLengthBytes = 1;
+    }
+    else {
+        // Long form length
+        bitStringLengthBytes = 1 + (keyBytes[bitStringPosition + 1] & 0x7f);
+    }
+    // The unused bits byte follows the length bytes
+    const unusedBitsPosition = bitStringPosition + 1 + bitStringLengthBytes;
+    if (unusedBitsPosition >= keyBytes.length) {
+        return publicKeyData;
+    }
+    // The inner SEQUENCE (RSA key) should follow the unused bits byte
+    const innerSequencePosition = unusedBitsPosition + 1;
+    if (innerSequencePosition >= keyBytes.length || keyBytes[innerSequencePosition] !== 0x30) {
+        return publicKeyData;
+    }
+    // Skip the inner SEQUENCE tag and length bytes to find the modulus
+    let innerSequenceLengthBytes = 0;
+    if ((keyBytes[innerSequencePosition + 1] & 0x80) === 0) {
+        // Short form length
+        innerSequenceLengthBytes = 1;
+    }
+    else {
+        // Long form length
+        innerSequenceLengthBytes = 1 + (keyBytes[innerSequencePosition + 1] & 0x7f);
+    }
+    // The modulus should be an INTEGER (tag 0x02) after the inner SEQUENCE
+    const modulusPosition = innerSequencePosition + 1 + innerSequenceLengthBytes;
+    if (modulusPosition >= keyBytes.length || keyBytes[modulusPosition] !== 0x02) {
+        return publicKeyData;
+    }
+    // Skip the INTEGER tag and parse its length to find the modulus value
+    let modulusLengthBytes = 0;
+    let modulusLength = 0;
+    if ((keyBytes[modulusPosition + 1] & 0x80) === 0) {
+        // Short form length
+        modulusLength = keyBytes[modulusPosition + 1];
+        modulusLengthBytes = 1;
+    }
+    else {
+        // Long form length
+        const numLengthBytes = keyBytes[modulusPosition + 1] & 0x7f;
+        modulusLengthBytes = 1 + numLengthBytes;
+        // Calculate multi-byte length
+        modulusLength = 0;
+        for (let i = 0; i < numLengthBytes; i++) {
+            modulusLength = (modulusLength << 8) | keyBytes[modulusPosition + 2 + i];
+        }
+    }
+    // The first byte of the modulus value
+    const modulusValuePosition = modulusPosition + 1 + modulusLengthBytes;
+    if (modulusValuePosition >= keyBytes.length) {
+        return publicKeyData;
+    }
+    // Check if the high bit is set and padding is needed
+    if ((keyBytes[modulusValuePosition] & 0x80) !== 0) {
+        // Create a new key buffer with room for the padding byte
+        const fixedKey = new Uint8Array(keyBytes.length + 1);
+        // Copy bytes up to the modulus value
+        fixedKey.set(keyBytes.slice(0, modulusValuePosition));
+        // Add the padding byte
+        fixedKey[modulusValuePosition] = 0x00;
+        // Copy the rest of the original key after the padding
+        fixedKey.set(keyBytes.slice(modulusValuePosition), modulusValuePosition + 1);
+        // Now fix all the length fields that need to be incremented
+        // 1. Fix modulus length field
+        if ((keyBytes[modulusPosition + 1] & 0x80) === 0) {
+            // Short form
+            fixedKey[modulusPosition + 1] = keyBytes[modulusPosition + 1] + 1;
+        }
+        else {
+            // Long form
+            const numLengthBytes = keyBytes[modulusPosition + 1] & 0x7f;
+            let lengthValue = 0;
+            for (let i = 0; i < numLengthBytes; i++) {
+                lengthValue = (lengthValue << 8) | keyBytes[modulusPosition + 2 + i];
+            }
+            lengthValue += 1;
+            for (let i = numLengthBytes - 1; i >= 0; i--) {
+                fixedKey[modulusPosition + 2 + i] = lengthValue & 0xff;
+                lengthValue >>= 8;
+            }
+        }
+        // 2. Fix inner SEQUENCE length field
+        if ((keyBytes[innerSequencePosition + 1] & 0x80) === 0) {
+            // Short form
+            fixedKey[innerSequencePosition + 1] = keyBytes[innerSequencePosition + 1] + 1;
+        }
+        else {
+            // Long form
+            const numLengthBytes = keyBytes[innerSequencePosition + 1] & 0x7f;
+            let lengthValue = 0;
+            for (let i = 0; i < numLengthBytes; i++) {
+                lengthValue = (lengthValue << 8) | keyBytes[innerSequencePosition + 2 + i];
+            }
+            lengthValue += 1;
+            for (let i = numLengthBytes - 1; i >= 0; i--) {
+                fixedKey[innerSequencePosition + 2 + i] = lengthValue & 0xff;
+                lengthValue >>= 8;
+            }
+        }
+        // 3. Fix BIT STRING length field
+        if ((keyBytes[bitStringPosition + 1] & 0x80) === 0) {
+            // Short form
+            fixedKey[bitStringPosition + 1] = keyBytes[bitStringPosition + 1] + 1;
+        }
+        else {
+            // Long form
+            const numLengthBytes = keyBytes[bitStringPosition + 1] & 0x7f;
+            let lengthValue = 0;
+            for (let i = 0; i < numLengthBytes; i++) {
+                lengthValue = (lengthValue << 8) | keyBytes[bitStringPosition + 2 + i];
+            }
+            lengthValue += 1;
+            for (let i = numLengthBytes - 1; i >= 0; i--) {
+                fixedKey[bitStringPosition + 2 + i] = lengthValue & 0xff;
+                lengthValue >>= 8;
+            }
+        }
+        // 4. Fix outer SEQUENCE length field
+        if ((keyBytes[1] & 0x80) === 0) {
+            // Short form
+            fixedKey[1] = keyBytes[1] + 1;
+        }
+        else {
+            // Long form
+            const numLengthBytes = keyBytes[1] & 0x7f;
+            let lengthValue = 0;
+            for (let i = 0; i < numLengthBytes; i++) {
+                lengthValue = (lengthValue << 8) | keyBytes[1 + 1 + i];
+            }
+            lengthValue += 1;
+            for (let i = numLengthBytes - 1; i >= 0; i--) {
+                fixedKey[1 + 1 + i] = lengthValue & 0xff;
+                lengthValue >>= 8;
+            }
+        }
+        log("Fixed key length: " + fixedKey.length);
+        return fixedKey.buffer;
+    }
+    return publicKeyData;
+}
+
 /**
  * Detects if code is running in a browser environment
  * @returns true if in browser, false otherwise
@@ -1493,6 +1707,23 @@ function nodeDigest(fileContent, hashAlgo) {
         }
     });
 }
+/**
+ * Parse digest algorithm URI to normalized algorithm name
+ * @param algorithmUri The algorithm URI (e.g., http://www.w3.org/2001/04/xmlenc#sha256)
+ * @returns Normalized algorithm name (e.g., SHA-256)
+ */
+function parseDigestAlgorithmUri(algorithmUri) {
+    const uri = algorithmUri.toLowerCase();
+    if (uri.includes("sha512"))
+        return "SHA-512";
+    if (uri.includes("sha384"))
+        return "SHA-384";
+    if (uri.includes("sha256"))
+        return "SHA-256";
+    if (uri.includes("sha1"))
+        return "SHA-1";
+    return "SHA-256"; // Default fallback
+}
 /**
  * Verify checksums of files against signature
  * @param signature The signature information
@@ -1502,20 +1733,24 @@ function nodeDigest(fileContent, hashAlgo) {
 async function verifyChecksums(signature, files) {
     const results = {};
     let allValid = true;
-    // Determine hash algorithm from signature algorithm or use default
-    let digestAlgorithm = "SHA-256";
+    // Default digest algorithm from signature algorithm (fallback if per-file not available)
+    let defaultDigestAlgorithm = "SHA-256";
     if (signature.algorithm) {
         if (signature.algorithm.includes("sha1")) {
-            digestAlgorithm = "SHA-1";
+            defaultDigestAlgorithm = "SHA-1";
         }
         else if (signature.algorithm.includes("sha384")) {
-            digestAlgorithm = "SHA-384";
+            defaultDigestAlgorithm = "SHA-384";
         }
         else if (signature.algorithm.includes("sha512")) {
-            digestAlgorithm = "SHA-512";
+            defaultDigestAlgorithm = "SHA-512";
         }
     }
     const checksumPromises = Object.entries(signature.signedChecksums).map(async ([filename, expectedChecksum]) => {
+        // Get the per-file digest algorithm, or fall back to default
+        const digestAlgorithm = signature.digestAlgorithms?.[filename]
+            ? parseDigestAlgorithmUri(signature.digestAlgorithms[filename])
+            : defaultDigestAlgorithm;
         // Check if file exists in the container
         const fileContent = files.get(filename);
         if (!fileContent) {
@@ -1675,12 +1910,50 @@ async function verifySignedInfo(signatureXml, signatureValue, publicKeyData, alg
         let publicKey;
         try {
             const subtle = getCryptoSubtle();
+            if (isBrowser() && algorithm.name === "RSASSA-PKCS1-v1_5") {
+                // console.log("Browser environment detected, applying RSA key fix");
+                publicKeyData = fixRSAModulusPadding(publicKeyData);
+            }
             publicKey = await subtle.importKey("spki", publicKeyData, algorithm, false, ["verify"]);
         }
-        catch (error) {
+        catch (unknownError) {
+            // First cast to Error type if applicable
+            const error = unknownError instanceof Error ? unknownError : new Error(String(unknownError));
+            // Determine detailed error reason
+            let detailedReason = "Unknown reason";
+            let errorCategory = "KEY_IMPORT_ERROR";
+            // Categorize the error
+            if (error.name === "DataError") {
+                detailedReason = "Key data format is invalid or incompatible";
+                errorCategory = "INVALID_KEY_FORMAT";
+            }
+            else if (error.name === "NotSupportedError") {
+                detailedReason = "Algorithm or parameters not supported";
+                errorCategory = "UNSUPPORTED_ALGORITHM";
+            }
+            else if (error.message.includes("namedCurve")) {
+                detailedReason = "Missing or invalid namedCurve parameter";
+                errorCategory = "INVALID_CURVE";
+            }
+            else if (error.message.includes("hash")) {
+                detailedReason = "Incompatible or unsupported hash algorithm";
+                errorCategory = "INVALID_HASH";
+            }
+            // Add ECDSA-specific diagnostics
+            if (algorithm.name === "ECDSA") {
+                const keyLength = publicKeyData.byteLength;
+                detailedReason += ` (Key length: ${keyLength})`;
+            }
             return {
                 isValid: false,
-                reason: `Failed to import public key: ${error instanceof Error ? error.message : String(error)}`,
+                reason: `Failed to import public key: ${detailedReason}`,
+                errorDetails: {
+                    category: errorCategory,
+                    originalMessage: error.message,
+                    algorithm: { ...algorithm },
+                    environment: isBrowser() ? "browser" : "node",
+                    keyLength: publicKeyData.byteLength,
+                },
             };
         }
         // Verify the signature
@@ -1718,10 +1991,23 @@ async function verifySignature(signatureInfo, files, options = {}) {
     const errors = [];
     // Verify certificate
     const certResult = await verifyCertificate(signatureInfo.certificatePEM, options.verifyTime || signatureInfo.signingTime);
+    // If certificate validation failed, add detailed error
+    if (!certResult.isValid) {
+        const certErrorMsg = `Certificate validation error: ${certResult.reason || "Unknown reason"}`;
+        errors.push(certErrorMsg);
+    }
     // Verify checksums
     const checksumResult = options.verifyChecksums !== false
         ? await verifyChecksums(signatureInfo, files)
         : { isValid: true, details: {} };
+    // If checksum validation failed, add detailed error
+    if (!checksumResult.isValid) {
+        const failedChecksums = Object.entries(checksumResult.details)
+            .filter(([_, details]) => !details.matches)
+            .map(([filename]) => filename)
+            .join(", ");
+        errors.push(`Checksum validation failed for files: ${failedChecksums}`);
+    }
     // Verify XML signature if we have the necessary components
     let signatureResult = { isValid: true };
     if (options.verifySignatures !== false &&
@@ -1734,19 +2020,64 @@ async function verifySignature(signatureInfo, files, options = {}) {
             name: "RSASSA-PKCS1-v1_5",
             hash: "SHA-256",
         };
-        if (algorithm.includes("ecdsa-sha256")) {
+        if (algorithm.includes("ecdsa") && signatureInfo.publicKey.namedCurve) {
+            keyAlgorithm.namedCurve = signatureInfo.publicKey.namedCurve;
             keyAlgorithm.name = "ECDSA";
+        }
+        if (algorithm.includes("ecdsa-sha256")) {
             keyAlgorithm.hash = "SHA-256";
-            if (signatureInfo.publicKey.namedCurve) {
-                keyAlgorithm.namedCurve = signatureInfo.publicKey.namedCurve;
-            }
+        }
+        else if (algorithm.includes("ecdsa-sha384")) {
+            keyAlgorithm.hash = "SHA-384";
+        }
+        else if (algorithm.includes("ecdsa-sha512")) {
+            keyAlgorithm.hash = "SHA-512";
         }
         else if (algorithm.includes("rsa-sha1")) {
             keyAlgorithm.hash = "SHA-1";
         }
+        else if (algorithm.includes("rsa-pss")) {
+            keyAlgorithm.name = "RSA-PSS";
+            keyAlgorithm.saltLength = 32; // Default salt length (adjust based on hash size)
+            if (algorithm.includes("sha384")) {
+                keyAlgorithm.hash = "SHA-384";
+                keyAlgorithm.saltLength = 48;
+            }
+            else if (algorithm.includes("sha512")) {
+                keyAlgorithm.hash = "SHA-512";
+                keyAlgorithm.saltLength = 64;
+            }
+            else {
+                keyAlgorithm.hash = "SHA-256"; // Default
+            }
+        }
+        else if (algorithm.includes("rsa-sha384")) {
+            keyAlgorithm.hash = "SHA-384";
+        }
+        else if (algorithm.includes("rsa-sha512")) {
+            keyAlgorithm.hash = "SHA-512";
+        }
         signatureResult = await verifySignedInfo(signatureInfo.rawXml, signatureInfo.signatureValue, signatureInfo.publicKey.rawData, keyAlgorithm, signatureInfo.canonicalizationMethod);
+        // If signature validation failed, add detailed error
         if (!signatureResult.isValid) {
-            errors.push(signatureResult.reason || "XML signature verification failed");
+            // Format a detailed error message with the error details
+            let detailedErrorMessage = signatureResult.reason || "XML signature verification failed";
+            // Add error details if available
+            if (signatureResult.errorDetails) {
+                const details = signatureResult.errorDetails;
+                detailedErrorMessage += ` [Category: ${details.category}, Environment: ${details.environment}`;
+                if (details.algorithm) {
+                    detailedErrorMessage += `, Algorithm: ${details.algorithm.name}`;
+                    if (details.algorithm.namedCurve) {
+                        detailedErrorMessage += `, Curve: ${details.algorithm.namedCurve}`;
+                    }
+                }
+                if (details.keyLength) {
+                    detailedErrorMessage += `, Key length: ${details.keyLength} bytes`;
+                }
+                detailedErrorMessage += `]`;
+            }
+            errors.push(detailedErrorMessage);
         }
     }
     else if (options.verifySignatures !== false) {