npm - edockit - Versions diffs - 0.1.1-beta.1 → 0.1.2 - Mend

edockit 0.1.1-beta.1 → 0.1.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (11) hide show

package/README.md +1 -1
package/dist/core/parser/types.d.ts +1 -0
package/dist/core/rsa-modulus-padding-fix.d.ts +15 -0
package/dist/core/verification.d.ts +8 -0
package/dist/index.cjs.js +343 -12
package/dist/index.cjs.js.map +1 -1
package/dist/index.esm.js +343 -12
package/dist/index.esm.js.map +1 -1
package/dist/index.umd.js +12 -9
package/dist/index.umd.js.map +1 -1
package/package.json +11 -2

package/dist/index.esm.js CHANGED Viewed

@@ -1,3 +1,7 @@
+/*!
+ * MIT License
+ * Copyright (c) 2025 Edgars Jēkabsons, ZenomyTech SIA
+ */
 import { unzipSync } from 'fflate';
 import { X509Certificate } from '@peculiar/x509';
@@ -1242,6 +1246,7 @@ function parseSignatureElement(signatureElement, xmlDoc) {
     // Get references and checksums
     const references = [];
     const signedChecksums = {};
+    const digestAlgorithms = {};
     const referenceElements = querySelectorAll(signedInfo, "ds\\:Reference, Reference");
     for (const reference of referenceElements) {
         const uri = reference.getAttribute("URI") || "";
@@ -1261,6 +1266,14 @@ function parseSignatureElement(signatureElement, xmlDoc) {
         // Clean up URI
         const cleanUri = decodedUri.startsWith("./") ? decodedUri.substring(2) : decodedUri;
         references.push(cleanUri);
+        // Find DigestMethod algorithm
+        const digestMethodEl = querySelector(reference, "ds\\:DigestMethod, DigestMethod");
+        if (digestMethodEl) {
+            const algo = digestMethodEl.getAttribute("Algorithm");
+            if (algo) {
+                digestAlgorithms[cleanUri] = algo;
+            }
+        }
         // Find DigestValue
         const digestValueEl = querySelector(reference, "ds\\:DigestValue, DigestValue");
         if (digestValueEl && digestValueEl.textContent) {
@@ -1275,6 +1288,7 @@ function parseSignatureElement(signatureElement, xmlDoc) {
         publicKey,
         signerInfo,
         signedChecksums,
+        digestAlgorithms,
         references,
         algorithm: signatureAlgorithm,
         signatureValue,
@@ -1403,6 +1417,206 @@ function parseEdoc(edocBuffer) {
     }
 }
+/**
+ * Fixes ASN.1 DER encoding of RSA keys to be compatible with browser Web Crypto
+ *
+ * This specifically targets the issue with modulus padding in SPKI format RSA keys.
+ * In DER encoding, when the high bit of an INTEGER is set, a 0x00 byte must be
+ * prepended to distinguish it from a negative number. Some libraries omit this padding,
+ * which works in Node.js but causes browsers to reject the key.
+ */
+/**
+ * Fixes ASN.1 DER encoding of RSA modulus to ensure proper padding
+ *
+ * @param publicKeyData The original public key data as ArrayBuffer
+ * @returns Fixed key with proper modulus padding
+ */
+function fixRSAModulusPadding(publicKeyData) {
+    const log = () => { };
+    const keyBytes = new Uint8Array(publicKeyData);
+    // Check if we have a valid SPKI format RSA key
+    // It should start with SEQUENCE tag (0x30)
+    if (keyBytes[0] !== 0x30) {
+        return publicKeyData;
+    }
+    // Look for RSA OID to confirm it's an RSA key
+    const RSA_OID = [0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01];
+    let oidPosition = -1;
+    for (let i = 0; i <= keyBytes.length - RSA_OID.length; i++) {
+        let match = true;
+        for (let j = 0; j < RSA_OID.length; j++) {
+            if (keyBytes[i + j] !== RSA_OID[j]) {
+                match = false;
+                break;
+            }
+        }
+        if (match) {
+            oidPosition = i;
+            break;
+        }
+    }
+    if (oidPosition === -1) {
+        return publicKeyData;
+    }
+    // Find the BitString that contains the key
+    let bitStringPosition = -1;
+    for (let i = oidPosition + RSA_OID.length; i < keyBytes.length; i++) {
+        if (keyBytes[i] === 0x03) {
+            // BIT STRING tag
+            bitStringPosition = i;
+            break;
+        }
+    }
+    if (bitStringPosition === -1) {
+        return publicKeyData;
+    }
+    // Skip BIT STRING tag and length bytes to find unused bits byte
+    let bitStringLengthBytes = 0;
+    if ((keyBytes[bitStringPosition + 1] & 0x80) === 0) {
+        // Short form length
+        bitStringLengthBytes = 1;
+    }
+    else {
+        // Long form length
+        bitStringLengthBytes = 1 + (keyBytes[bitStringPosition + 1] & 0x7f);
+    }
+    // The unused bits byte follows the length bytes
+    const unusedBitsPosition = bitStringPosition + 1 + bitStringLengthBytes;
+    if (unusedBitsPosition >= keyBytes.length) {
+        return publicKeyData;
+    }
+    // The inner SEQUENCE (RSA key) should follow the unused bits byte
+    const innerSequencePosition = unusedBitsPosition + 1;
+    if (innerSequencePosition >= keyBytes.length || keyBytes[innerSequencePosition] !== 0x30) {
+        return publicKeyData;
+    }
+    // Skip the inner SEQUENCE tag and length bytes to find the modulus
+    let innerSequenceLengthBytes = 0;
+    if ((keyBytes[innerSequencePosition + 1] & 0x80) === 0) {
+        // Short form length
+        innerSequenceLengthBytes = 1;
+    }
+    else {
+        // Long form length
+        innerSequenceLengthBytes = 1 + (keyBytes[innerSequencePosition + 1] & 0x7f);
+    }
+    // The modulus should be an INTEGER (tag 0x02) after the inner SEQUENCE
+    const modulusPosition = innerSequencePosition + 1 + innerSequenceLengthBytes;
+    if (modulusPosition >= keyBytes.length || keyBytes[modulusPosition] !== 0x02) {
+        return publicKeyData;
+    }
+    // Skip the INTEGER tag and parse its length to find the modulus value
+    let modulusLengthBytes = 0;
+    let modulusLength = 0;
+    if ((keyBytes[modulusPosition + 1] & 0x80) === 0) {
+        // Short form length
+        modulusLength = keyBytes[modulusPosition + 1];
+        modulusLengthBytes = 1;
+    }
+    else {
+        // Long form length
+        const numLengthBytes = keyBytes[modulusPosition + 1] & 0x7f;
+        modulusLengthBytes = 1 + numLengthBytes;
+        // Calculate multi-byte length
+        modulusLength = 0;
+        for (let i = 0; i < numLengthBytes; i++) {
+            modulusLength = (modulusLength << 8) | keyBytes[modulusPosition + 2 + i];
+        }
+    }
+    // The first byte of the modulus value
+    const modulusValuePosition = modulusPosition + 1 + modulusLengthBytes;
+    if (modulusValuePosition >= keyBytes.length) {
+        return publicKeyData;
+    }
+    // Check if the high bit is set and padding is needed
+    if ((keyBytes[modulusValuePosition] & 0x80) !== 0) {
+        // Create a new key buffer with room for the padding byte
+        const fixedKey = new Uint8Array(keyBytes.length + 1);
+        // Copy bytes up to the modulus value
+        fixedKey.set(keyBytes.slice(0, modulusValuePosition));
+        // Add the padding byte
+        fixedKey[modulusValuePosition] = 0x00;
+        // Copy the rest of the original key after the padding
+        fixedKey.set(keyBytes.slice(modulusValuePosition), modulusValuePosition + 1);
+        // Now fix all the length fields that need to be incremented
+        // 1. Fix modulus length field
+        if ((keyBytes[modulusPosition + 1] & 0x80) === 0) {
+            // Short form
+            fixedKey[modulusPosition + 1] = keyBytes[modulusPosition + 1] + 1;
+        }
+        else {
+            // Long form
+            const numLengthBytes = keyBytes[modulusPosition + 1] & 0x7f;
+            let lengthValue = 0;
+            for (let i = 0; i < numLengthBytes; i++) {
+                lengthValue = (lengthValue << 8) | keyBytes[modulusPosition + 2 + i];
+            }
+            lengthValue += 1;
+            for (let i = numLengthBytes - 1; i >= 0; i--) {
+                fixedKey[modulusPosition + 2 + i] = lengthValue & 0xff;
+                lengthValue >>= 8;
+            }
+        }
+        // 2. Fix inner SEQUENCE length field
+        if ((keyBytes[innerSequencePosition + 1] & 0x80) === 0) {
+            // Short form
+            fixedKey[innerSequencePosition + 1] = keyBytes[innerSequencePosition + 1] + 1;
+        }
+        else {
+            // Long form
+            const numLengthBytes = keyBytes[innerSequencePosition + 1] & 0x7f;
+            let lengthValue = 0;
+            for (let i = 0; i < numLengthBytes; i++) {
+                lengthValue = (lengthValue << 8) | keyBytes[innerSequencePosition + 2 + i];
+            }
+            lengthValue += 1;
+            for (let i = numLengthBytes - 1; i >= 0; i--) {
+                fixedKey[innerSequencePosition + 2 + i] = lengthValue & 0xff;
+                lengthValue >>= 8;
+            }
+        }
+        // 3. Fix BIT STRING length field
+        if ((keyBytes[bitStringPosition + 1] & 0x80) === 0) {
+            // Short form
+            fixedKey[bitStringPosition + 1] = keyBytes[bitStringPosition + 1] + 1;
+        }
+        else {
+            // Long form
+            const numLengthBytes = keyBytes[bitStringPosition + 1] & 0x7f;
+            let lengthValue = 0;
+            for (let i = 0; i < numLengthBytes; i++) {
+                lengthValue = (lengthValue << 8) | keyBytes[bitStringPosition + 2 + i];
+            }
+            lengthValue += 1;
+            for (let i = numLengthBytes - 1; i >= 0; i--) {
+                fixedKey[bitStringPosition + 2 + i] = lengthValue & 0xff;
+                lengthValue >>= 8;
+            }
+        }
+        // 4. Fix outer SEQUENCE length field
+        if ((keyBytes[1] & 0x80) === 0) {
+            // Short form
+            fixedKey[1] = keyBytes[1] + 1;
+        }
+        else {
+            // Long form
+            const numLengthBytes = keyBytes[1] & 0x7f;
+            let lengthValue = 0;
+            for (let i = 0; i < numLengthBytes; i++) {
+                lengthValue = (lengthValue << 8) | keyBytes[1 + 1 + i];
+            }
+            lengthValue += 1;
+            for (let i = numLengthBytes - 1; i >= 0; i--) {
+                fixedKey[1 + 1 + i] = lengthValue & 0xff;
+                lengthValue >>= 8;
+            }
+        }
+        log("Fixed key length: " + fixedKey.length);
+        return fixedKey.buffer;
+    }
+    return publicKeyData;
+}
 /**
  * Detects if code is running in a browser environment
  * @returns true if in browser, false otherwise
@@ -1489,6 +1703,23 @@ function nodeDigest(fileContent, hashAlgo) {
         }
     });
 }
+/**
+ * Parse digest algorithm URI to normalized algorithm name
+ * @param algorithmUri The algorithm URI (e.g., http://www.w3.org/2001/04/xmlenc#sha256)
+ * @returns Normalized algorithm name (e.g., SHA-256)
+ */
+function parseDigestAlgorithmUri(algorithmUri) {
+    const uri = algorithmUri.toLowerCase();
+    if (uri.includes("sha512"))
+        return "SHA-512";
+    if (uri.includes("sha384"))
+        return "SHA-384";
+    if (uri.includes("sha256"))
+        return "SHA-256";
+    if (uri.includes("sha1"))
+        return "SHA-1";
+    return "SHA-256"; // Default fallback
+}
 /**
  * Verify checksums of files against signature
  * @param signature The signature information
@@ -1498,20 +1729,24 @@ function nodeDigest(fileContent, hashAlgo) {
 async function verifyChecksums(signature, files) {
     const results = {};
     let allValid = true;
-    // Determine hash algorithm from signature algorithm or use default
-    let digestAlgorithm = "SHA-256";
+    // Default digest algorithm from signature algorithm (fallback if per-file not available)
+    let defaultDigestAlgorithm = "SHA-256";
     if (signature.algorithm) {
         if (signature.algorithm.includes("sha1")) {
-            digestAlgorithm = "SHA-1";
+            defaultDigestAlgorithm = "SHA-1";
         }
         else if (signature.algorithm.includes("sha384")) {
-            digestAlgorithm = "SHA-384";
+            defaultDigestAlgorithm = "SHA-384";
         }
         else if (signature.algorithm.includes("sha512")) {
-            digestAlgorithm = "SHA-512";
+            defaultDigestAlgorithm = "SHA-512";
         }
     }
     const checksumPromises = Object.entries(signature.signedChecksums).map(async ([filename, expectedChecksum]) => {
+        // Get the per-file digest algorithm, or fall back to default
+        const digestAlgorithm = signature.digestAlgorithms?.[filename]
+            ? parseDigestAlgorithmUri(signature.digestAlgorithms[filename])
+            : defaultDigestAlgorithm;
         // Check if file exists in the container
         const fileContent = files.get(filename);
         if (!fileContent) {
@@ -1671,12 +1906,50 @@ async function verifySignedInfo(signatureXml, signatureValue, publicKeyData, alg
         let publicKey;
         try {
             const subtle = getCryptoSubtle();
+            if (isBrowser() && algorithm.name === "RSASSA-PKCS1-v1_5") {
+                // console.log("Browser environment detected, applying RSA key fix");
+                publicKeyData = fixRSAModulusPadding(publicKeyData);
+            }
             publicKey = await subtle.importKey("spki", publicKeyData, algorithm, false, ["verify"]);
         }
-        catch (error) {
+        catch (unknownError) {
+            // First cast to Error type if applicable
+            const error = unknownError instanceof Error ? unknownError : new Error(String(unknownError));
+            // Determine detailed error reason
+            let detailedReason = "Unknown reason";
+            let errorCategory = "KEY_IMPORT_ERROR";
+            // Categorize the error
+            if (error.name === "DataError") {
+                detailedReason = "Key data format is invalid or incompatible";
+                errorCategory = "INVALID_KEY_FORMAT";
+            }
+            else if (error.name === "NotSupportedError") {
+                detailedReason = "Algorithm or parameters not supported";
+                errorCategory = "UNSUPPORTED_ALGORITHM";
+            }
+            else if (error.message.includes("namedCurve")) {
+                detailedReason = "Missing or invalid namedCurve parameter";
+                errorCategory = "INVALID_CURVE";
+            }
+            else if (error.message.includes("hash")) {
+                detailedReason = "Incompatible or unsupported hash algorithm";
+                errorCategory = "INVALID_HASH";
+            }
+            // Add ECDSA-specific diagnostics
+            if (algorithm.name === "ECDSA") {
+                const keyLength = publicKeyData.byteLength;
+                detailedReason += ` (Key length: ${keyLength})`;
+            }
             return {
                 isValid: false,
-                reason: `Failed to import public key: ${error instanceof Error ? error.message : String(error)}`,
+                reason: `Failed to import public key: ${detailedReason}`,
+                errorDetails: {
+                    category: errorCategory,
+                    originalMessage: error.message,
+                    algorithm: { ...algorithm },
+                    environment: isBrowser() ? "browser" : "node",
+                    keyLength: publicKeyData.byteLength,
+                },
             };
         }
         // Verify the signature
@@ -1714,10 +1987,23 @@ async function verifySignature(signatureInfo, files, options = {}) {
     const errors = [];
     // Verify certificate
     const certResult = await verifyCertificate(signatureInfo.certificatePEM, options.verifyTime || signatureInfo.signingTime);
+    // If certificate validation failed, add detailed error
+    if (!certResult.isValid) {
+        const certErrorMsg = `Certificate validation error: ${certResult.reason || "Unknown reason"}`;
+        errors.push(certErrorMsg);
+    }
     // Verify checksums
     const checksumResult = options.verifyChecksums !== false
         ? await verifyChecksums(signatureInfo, files)
         : { isValid: true, details: {} };
+    // If checksum validation failed, add detailed error
+    if (!checksumResult.isValid) {
+        const failedChecksums = Object.entries(checksumResult.details)
+            .filter(([_, details]) => !details.matches)
+            .map(([filename]) => filename)
+            .join(", ");
+        errors.push(`Checksum validation failed for files: ${failedChecksums}`);
+    }
     // Verify XML signature if we have the necessary components
     let signatureResult = { isValid: true };
     if (options.verifySignatures !== false &&
@@ -1730,19 +2016,64 @@ async function verifySignature(signatureInfo, files, options = {}) {
             name: "RSASSA-PKCS1-v1_5",
             hash: "SHA-256",
         };
-        if (algorithm.includes("ecdsa-sha256")) {
+        if (algorithm.includes("ecdsa") && signatureInfo.publicKey.namedCurve) {
+            keyAlgorithm.namedCurve = signatureInfo.publicKey.namedCurve;
             keyAlgorithm.name = "ECDSA";
+        }
+        if (algorithm.includes("ecdsa-sha256")) {
             keyAlgorithm.hash = "SHA-256";
-            if (signatureInfo.publicKey.namedCurve) {
-                keyAlgorithm.namedCurve = signatureInfo.publicKey.namedCurve;
-            }
+        }
+        else if (algorithm.includes("ecdsa-sha384")) {
+            keyAlgorithm.hash = "SHA-384";
+        }
+        else if (algorithm.includes("ecdsa-sha512")) {
+            keyAlgorithm.hash = "SHA-512";
         }
         else if (algorithm.includes("rsa-sha1")) {
             keyAlgorithm.hash = "SHA-1";
         }
+        else if (algorithm.includes("rsa-pss")) {
+            keyAlgorithm.name = "RSA-PSS";
+            keyAlgorithm.saltLength = 32; // Default salt length (adjust based on hash size)
+            if (algorithm.includes("sha384")) {
+                keyAlgorithm.hash = "SHA-384";
+                keyAlgorithm.saltLength = 48;
+            }
+            else if (algorithm.includes("sha512")) {
+                keyAlgorithm.hash = "SHA-512";
+                keyAlgorithm.saltLength = 64;
+            }
+            else {
+                keyAlgorithm.hash = "SHA-256"; // Default
+            }
+        }
+        else if (algorithm.includes("rsa-sha384")) {
+            keyAlgorithm.hash = "SHA-384";
+        }
+        else if (algorithm.includes("rsa-sha512")) {
+            keyAlgorithm.hash = "SHA-512";
+        }
         signatureResult = await verifySignedInfo(signatureInfo.rawXml, signatureInfo.signatureValue, signatureInfo.publicKey.rawData, keyAlgorithm, signatureInfo.canonicalizationMethod);
+        // If signature validation failed, add detailed error
         if (!signatureResult.isValid) {
-            errors.push(signatureResult.reason || "XML signature verification failed");
+            // Format a detailed error message with the error details
+            let detailedErrorMessage = signatureResult.reason || "XML signature verification failed";
+            // Add error details if available
+            if (signatureResult.errorDetails) {
+                const details = signatureResult.errorDetails;
+                detailedErrorMessage += ` [Category: ${details.category}, Environment: ${details.environment}`;
+                if (details.algorithm) {
+                    detailedErrorMessage += `, Algorithm: ${details.algorithm.name}`;
+                    if (details.algorithm.namedCurve) {
+                        detailedErrorMessage += `, Curve: ${details.algorithm.namedCurve}`;
+                    }
+                }
+                if (details.keyLength) {
+                    detailedErrorMessage += `, Key length: ${details.keyLength} bytes`;
+                }
+                detailedErrorMessage += `]`;
+            }
+            errors.push(detailedErrorMessage);
         }
     }
     else if (options.verifySignatures !== false) {