edockit 0.2.3 → 0.3.0

package/CHANGELOG.md

@@ -5,6 +5,33 @@ All notable changes to this project will be documented in this file.
 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.1.0/),
 and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
+## [0.3.0] - 2026-01-04
+
+### Added
+
+- **Multi-state validation results** - `VerificationResult` now includes granular status beyond boolean `isValid`:
+  - `status`: `"VALID"` | `"INVALID"` | `"INDETERMINATE"` | `"UNSUPPORTED"`
+  - `statusMessage`: Human-readable explanation
+  - `limitations`: Array describing platform/environment constraints
+- **Platform limitation detection** - Detect unsupported RSA key sizes (>4096 bits) in Safari/WebKit and return `UNSUPPORTED` status instead of failing as `INVALID`
+- **Cross-browser testing** - Added Safari/WebKit and Firefox to browser test suite locally
+
+### Fixed
+
+- **C14N 1.1 canonicalization** - Fixed bug where C14N 1.1 incorrectly added newlines between XML elements when the original had none. This caused signature verification to fail for compact XML.
+- **INDETERMINATE for expired timestamps** - Return `INDETERMINATE` status (instead of `INVALID`) when timestamp or certificate has expired but signature is otherwise valid
+- **Legacy RSA DigestInfo verification** - Fix signature verification for old documents signed with pre-Java 8 tools that produced non-standard DigestInfo format (missing NULL in AlgorithmIdentifier)
+
+## [0.2.4] - 2025-12-31
+
+### Fixed
+
+- **OCSP issuerKeyHash calculation** - Fixed critical bug where OCSP requests used wrong hash (full SPKI instead of public key BIT STRING), causing incorrect revocation status responses
+- **Timestamp signature coverage verification** - Now correctly verifies that timestamps cover the canonicalized ds:SignatureValue XML element per XAdES (ETSI EN 319 132-1) specification, fixing `coversSignature: false` issue
+- **TSA name formatting** - Fixed timestamp TSA name showing as `[object Object]` instead of readable DN string like `CN=..., O=..., C=...`
+- **Base64 whitespace handling** - Fixed browser `atob` errors when decoding base64 strings containing whitespace from XML
+- **ECDSA signature format normalization** - Fixed signature verification failures for ECDSA signatures with leading zero padding by normalizing to IEEE P1363 format expected by Web Crypto API
+
 ## [0.2.3] - 2025-12-30
 
 ### Fixed
@@ -60,6 +87,9 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 - File checksum verification (SHA-256/384/512)
 - Browser and Node.js support
 
+[Unreleased]: https://github.com/edgarsj/edockit/compare/v0.3.0...HEAD
+[0.3.0]: https://github.com/edgarsj/edockit/compare/v0.2.4...v0.3.0
+[0.2.4]: https://github.com/edgarsj/edockit/compare/v0.2.3...v0.2.4
 [0.2.3]: https://github.com/edgarsj/edockit/compare/v0.2.2...v0.2.3
 [0.2.2]: https://github.com/edgarsj/edockit/compare/v0.2.1...v0.2.2
 [0.2.1]: https://github.com/edgarsj/edockit/compare/v0.2.0...v0.2.1

package/README.md

@@ -51,7 +51,14 @@ const result = await verifySignature(container.signatures[0], container.files, {
   verifyTime: new Date()   // Verify certificate at specific time (default: timestamp time if present, otherwise now)
 });
 // result = {
-//   isValid: boolean,                // Overall validity
+//   isValid: boolean,                // Overall validity (for backwards compatibility)
+//   status: 'VALID' | 'INVALID' | 'INDETERMINATE' | 'UNSUPPORTED',  // Granular status
+//   statusMessage?: string,          // Human-readable explanation
+//   limitations?: [{                 // Platform/environment constraints (if any)
+//     code: string,                  // e.g., 'RSA_KEY_SIZE_UNSUPPORTED'
+//     description: string,
+//     platform?: string              // e.g., 'Safari/WebKit'
+//   }],
 //   certificate: {
 //     isValid: boolean,              // Certificate validity (time-based)
 //     revocation: {                  // Revocation check result
@@ -90,7 +97,22 @@ for (const signature of container.signatures) {
     checkRevocation: true,
     verifyTimestamps: true
   });
-  console.log(`Signature valid: ${result.isValid}`);
+
+  // Use granular status for detailed handling
+  console.log(`Status: ${result.status}`);  // VALID, INVALID, INDETERMINATE, or UNSUPPORTED
+
+  if (result.status === 'VALID') {
+    console.log('Signature is valid');
+  } else if (result.status === 'UNSUPPORTED') {
+    // Platform limitation (e.g., RSA >4096 bits in Safari)
+    console.log(`Cannot verify: ${result.statusMessage}`);
+  } else if (result.status === 'INDETERMINATE') {
+    // Can't conclude (e.g., revocation status unknown)
+    console.log(`Inconclusive: ${result.statusMessage}`);
+  } else {
+    // INVALID - definitely wrong
+    console.log(`Invalid: ${result.statusMessage}`);
+  }
 
   if (result.timestamp?.info) {
     console.log(`Signed at (TSA): ${result.timestamp.info.genTime}`);
@@ -99,10 +121,6 @@ for (const signature of container.signatures) {
   if (result.certificate.revocation) {
     console.log(`Revocation status: ${result.certificate.revocation.status}`);
   }
-
-  if (!result.isValid && result.errors) {
-    console.log(`Errors: ${result.errors.join(', ')}`);
-  }
 }
 ```
 
@@ -128,14 +146,19 @@ async function verifyDocument(url) {
       },
     });
 
-    console.log(`Valid: ${result.isValid}`);
+    // Handle different validation states
+    if (result.status === 'VALID') {
+      console.log('Signature verified successfully');
+    } else if (result.status === 'UNSUPPORTED') {
+      // Some signatures can't be verified in certain browsers (e.g., RSA >4096 in Safari)
+      console.log(`Browser limitation: ${result.statusMessage}`);
+    } else {
+      console.log(`${result.status}: ${result.statusMessage}`);
+    }
 
     if (result.timestamp?.info) {
       console.log(`Timestamp: ${result.timestamp.info.genTime}`);
     }
-    if (result.certificate.revocation) {
-      console.log(`Revocation: ${result.certificate.revocation.status}`);
-    }
   }
 }
 ```

package/dist/core/parser/types.d.ts

@@ -34,6 +34,7 @@ export interface SignatureInfo {
     references: string[];
     algorithm?: string;
     signatureValue?: string;
+    canonicalSignatureValue?: string;
     signedInfoXml?: string;
     rawXml?: string;
     canonicalizationMethod?: string;

package/dist/core/rsa-digestinfo-workaround.d.ts

@@ -0,0 +1,29 @@
+/**
+ * RSA DigestInfo Workaround
+ *
+ * Some older signing tools (particularly pre-Java 8) produced RSA signatures with
+ * non-standard DigestInfo format - missing the NULL parameter in AlgorithmIdentifier.
+ *
+ * Standard DigestInfo for SHA-1:  30 21 30 09 06 05 2b0e03021a 05 00 04 14 [hash]
+ * Non-standard (missing NULL):    30 1f 30 07 06 05 2b0e03021a       04 14 [hash]
+ *
+ * Web Crypto API's subtle.verify() is strict and rejects the non-standard format.
+ * This module provides a fallback that manually performs RSA verification using
+ * BigInt math, which works in both browser and Node.js environments.
+ */
+/**
+ * Verify RSA signature with non-standard DigestInfo format.
+ *
+ * This function performs RSA signature verification that tolerates
+ * non-standard DigestInfo formats (missing NULL in AlgorithmIdentifier).
+ *
+ * - Node.js: Uses native crypto.publicDecrypt() for speed
+ * - Browser: Uses BigInt math (Web Crypto doesn't expose raw RSA)
+ *
+ * @param publicKeyData SPKI-formatted public key
+ * @param signatureBytes Raw signature bytes
+ * @param dataToVerify The data that was signed
+ * @param hashAlgorithm Hash algorithm name (e.g., "SHA-1", "SHA-256")
+ * @returns true if signature is valid, false otherwise
+ */
+export declare function verifyRsaWithNonStandardDigestInfo(publicKeyData: ArrayBuffer, signatureBytes: Uint8Array, dataToVerify: Uint8Array, hashAlgorithm: string): Promise<boolean>;

package/dist/core/timestamp/types.d.ts

@@ -39,8 +39,8 @@ export interface TimestampVerificationResult {
  * Options for timestamp verification
  */
 export interface TimestampVerificationOptions {
-    /** The signature value that the timestamp should cover (base64) */
-    signatureValue?: string;
+    /** The canonicalized ds:SignatureValue XML element (per XAdES spec) */
+    canonicalSignatureValue?: string;
     /** Verify the TSA certificate chain */
     verifyTsaCertificate?: boolean;
     /** Check TSA certificate revocation */

package/dist/core/timestamp/verify.d.ts

@@ -7,15 +7,15 @@ import { TimestampInfo, TimestampVerificationResult, TimestampVerificationOption
 export declare function parseTimestamp(timestampBase64: string): TimestampInfo | null;
 /**
  * Verify that timestamp covers the signature value
- * XAdES timestamps can cover either:
- * 1. The decoded signature value bytes (standard per ETSI EN 319 132-1)
- * 2. The base64-encoded string (some implementations)
+ *
+ * Per XAdES (ETSI EN 319 132-1), the SignatureTimeStamp covers the canonicalized
+ * ds:SignatureValue XML element, not just its base64 content.
  *
  * @param timestampInfo Parsed timestamp info
- * @param signatureValueBase64 Base64-encoded signature value
+ * @param canonicalSignatureValue Canonicalized ds:SignatureValue XML element
  * @returns True if the timestamp covers the signature
  */
-export declare function verifyTimestampCoversSignature(timestampInfo: TimestampInfo, signatureValueBase64: string): Promise<boolean>;
+export declare function verifyTimestampCoversSignature(timestampInfo: TimestampInfo, canonicalSignatureValue: string): Promise<boolean>;
 /**
  * Verify an RFC 3161 timestamp token
  * @param timestampBase64 Base64-encoded timestamp token

package/dist/core/verification.d.ts

@@ -35,6 +35,8 @@ export interface ChecksumVerificationResult {
 export interface SignatureVerificationResult {
     isValid: boolean;
     reason?: string;
+    /** True if verification failed due to platform limitation (e.g., RSA >4096 in Safari) */
+    unsupportedPlatform?: boolean;
     errorDetails?: {
         category: string;
         originalMessage: string;
@@ -53,11 +55,37 @@ export interface CertificateVerificationResult {
     /** Revocation check result (if checkRevocation was enabled) */
     revocation?: RevocationResult;
 }
+/**
+ * Validation status for granular verification results
+ * - VALID: Signature cryptographically valid, all checks pass
+ * - INVALID: Definitely wrong (bad checksum, tampered content, crypto failure with supported key)
+ * - INDETERMINATE: Can't conclude (expired cert without POE, missing chain, revocation unknown)
+ * - UNSUPPORTED: Platform can't verify (e.g., RSA >4096 bits in Safari/WebKit)
+ */
+export type ValidationStatus = "VALID" | "INVALID" | "INDETERMINATE" | "UNSUPPORTED";
+/**
+ * Describes a limitation that prevented full verification
+ */
+export interface ValidationLimitation {
+    /** Machine-readable code (e.g., 'RSA_KEY_SIZE_UNSUPPORTED', 'CERT_EXPIRED_NO_POE') */
+    code: string;
+    /** Human-readable description */
+    description: string;
+    /** Platform where this limitation applies (e.g., 'Safari/WebKit') */
+    platform?: string;
+}
 /**
  * Complete verification result
  */
 export interface VerificationResult {
+    /** Whether the signature is valid (for backwards compatibility) */
     isValid: boolean;
+    /** Granular validation status */
+    status: ValidationStatus;
+    /** Human-readable status explanation */
+    statusMessage?: string;
+    /** Limitations that prevented full verification (for INDETERMINATE/UNSUPPORTED) */
+    limitations?: ValidationLimitation[];
     certificate: CertificateVerificationResult;
     checksums: ChecksumVerificationResult;
     signature?: SignatureVerificationResult;