xades-bes-signer 1.0.3 → 1.0.5

package/dist/src/libs/credentials.d.ts

@@ -1,8 +1,8 @@
 import * as forge from "node-forge";
-import { PKCS88Bags } from "./types";
+import { PKCS8Bags } from "./types";
 export declare function getP12(certificate: Uint8Array<ArrayBufferLike>, certKey: string): forge.pkcs12.Pkcs12Pfx;
 export declare function getIssuerName(cert: forge.pkcs12.Bag): string | undefined;
-export declare function getKeyContainer(pkcs8Bags: PKCS88Bags, friendlyName: string): forge.pkcs12.Bag;
+export declare function getKeyContainer(pkcs8Bags: PKCS8Bags, friendlyName: string): forge.pkcs12.Bag;
 export declare function getKey(pckcs8: forge.pkcs12.Bag): forge.pki.rsa.PrivateKey;
 export declare function getCertificate(certBag: forge.pkcs12.Bag[]): forge.pkcs12.Bag;
 export declare function isCerticateValid(certficate: forge.pki.Certificate): boolean;
@@ -22,10 +22,10 @@ export declare function getPCK12CertInfo(certificate: Uint8Array<ArrayBufferLike
     certInfo: {
         digestValue: string;
         issuerName: string | undefined;
-        issuerSerialNumber: number;
+        issuerSerialNumber: string;
         signingTime: string;
         certificateX509: string;
-        modulus: string | undefined;
+        modulus: string;
         exponent: string;
         key: forge.pki.rsa.PrivateKey;
     };

package/dist/src/libs/credentials.js

@@ -54,7 +54,7 @@ function getIssuerName(cert) {
     const issuerTributes = (_a = cert.cert) === null || _a === void 0 ? void 0 : _a.issuer.attributes;
     let issuerName = issuerTributes === null || issuerTributes === void 0 ? void 0 : issuerTributes.reverse().map((attr) => {
         return `${attr.shortName}=${attr.value}`;
-    }).join(", ");
+    }).join(",");
     return issuerName;
 }
 function getKeyContainer(pkcs8Bags, friendlyName) {
@@ -133,14 +133,26 @@ function getPCK12CertInfo(certificate, certKey) {
     let key = getKey(pckcs8);
     const pem = certX509ToPem(cert);
     let certificateX509 = pem.substring(pem.indexOf("\n") + 1, pem.indexOf("-----END CERTIFICATE-----"));
-    certificateX509.replace(/\r?\n|\r/g, "").replace(/([^\0]{76})/g, "$1\n");
-    const ISODateTime = new Date().toISOString().slice(0, 19);
+    certificateX509 = certificateX509
+        .replace(/\r?\n|\r/g, "")
+        .replace(/([^\0]{76})/g, "$1\n");
+    const currentDate = new Date();
+    const timeZone = (currentDate.getTimezoneOffset() / 60) * -1;
+    const signingTime = `${currentDate.getFullYear()}-` +
+        `${(currentDate.getMonth() + 1).toString().padStart(2, "0")}-` +
+        `${currentDate.getDate().toString().padStart(2, "0")}T` +
+        `${currentDate.getHours().toString().padStart(2, "0")}:` +
+        `${currentDate.getMinutes().toString().padStart(2, "0")}:` +
+        `${currentDate.getSeconds().toString().padStart(2, "0")}` +
+        `${timeZone > 0 ? "+" : "-"}` +
+        `${(timeZone > 0 ? timeZone.toString() : timeZone.toString().substring(1)).padStart(2, "0")}:00`;
     const certificateANS1 = certX509ToASN1(cert);
     const certificateDER = forge.asn1.toDer(certificateANS1).getBytes();
-    const hashCErtificateX509DER = (0, security_1.sha1ToBase64)(certificateDER, "utf-8");
-    const certificateX509SN = parseInt(cert === null || cert === void 0 ? void 0 : cert.serialNumber, 16);
+    const hashCertificateX509DER = (0, security_1.sha1ToBase64)(certificateDER);
+    const certificateX509SN = BigInt(`0x${cert.serialNumber}`).toString(10);
     const exponent = (0, security_1.hexToBase64)(key.e.data[0].toString(16));
-    const modulus = (0, security_1.bigintToBase64)(BigInt(key.n.toString()));
+    let modulus = (0, security_1.bigintToBase64)(BigInt(key.n.toString()));
+    modulus = modulus.replace(/\r?\n|\r/g, "").replace(/([^\0]{76})/g, "$1\n");
     const certificateNumber = (0, security_1.getRandomValues)(999990, 9999999);
     const signatureNumber = (0, security_1.getRandomValues)(99990, 999999);
     const signedPropertiesNumber = (0, security_1.getRandomValues)(99990, 999999);
@@ -161,10 +173,10 @@ function getPCK12CertInfo(certificate, certKey) {
             objectNumber,
         },
         certInfo: {
-            digestValue: hashCErtificateX509DER,
+            digestValue: hashCertificateX509DER,
             issuerName,
             issuerSerialNumber: certificateX509SN,
-            signingTime: ISODateTime,
+            signingTime: signingTime,
             certificateX509,
             modulus,
             exponent,

package/dist/src/libs/security.d.ts

@@ -1,6 +1,5 @@
-import { Encoding } from "node:crypto";
 import * as forge from "node-forge";
-export declare function sha1ToBase64(text: string, encoding: Encoding): string;
+export declare function sha1ToBase64(text: string, encoding?: forge.Encoding): string;
 export declare function hexToBase64(hashHex: string): string;
 export declare function bigintToBase64(param: bigint): string | undefined;
 export declare function getRandomValues(min?: number, max?: number): number;

package/dist/src/libs/security.js

@@ -40,12 +40,14 @@ exports.getRandomValues = getRandomValues;
 exports.isHexString = isHexString;
 exports.toSha1 = toSha1;
 exports.toBase64String = toBase64String;
-const crypto = __importStar(require("node:crypto"));
 const forge = __importStar(require("node-forge"));
 function sha1ToBase64(text, encoding) {
-    const HASH = crypto.createHash("sha1").update(text, encoding).digest("hex");
-    const BUFFER = Buffer.from(HASH, "hex");
-    return BUFFER.toString("base64");
+    let md = forge.md.sha1.create();
+    forge.util.encode64(forge.sha1.create().update(text).digest().bytes());
+    md.update(text, encoding);
+    const HASH = md.digest().toHex();
+    const BUFFER = Buffer.from(HASH, "hex").toString("base64");
+    return BUFFER;
 }
 function hexToBase64(hashHex) {
     if (hashHex.length % 2 !== 0) {
@@ -81,6 +83,5 @@ function toSha1(content, encoding) {
     return md;
 }
 function toBase64String(content) {
-    const buffer = Buffer.from(content, 'utf-8');
-    return buffer.toString('base64');
+    return forge.util.encode64(content);
 }

package/dist/src/libs/signer.js

@@ -40,21 +40,22 @@ function getXML(path) {
     });
 }
 function getSignedPropertiesNode(params) {
-    return (`<etsi:SignedProperties Id="Signature${params.signatureNumber} SignedProperties${params.signedPropertiesNumber}">` +
+    return (`<etsi:SignedProperties Id="Signature${params.signatureNumber}-SignedProperties${params.signedPropertiesNumber}">` +
         `<etsi:SignedSignatureProperties>` +
-        `<etsi:SignedTime>${params.signingTime}</etsi:SignedTime>` +
+        `<etsi:SigningTime>${params.signingTime}</etsi:SigningTime>` +
         `<etsi:SigningCertificate>` +
         `<etsi:Cert>` +
-        `<etsi:CertDigest><ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1">` +
-        `<etsi:DigestValue>${params.digestValue}</etsi:DigestValue></etsi:CertDigest>` +
+        `<etsi:CertDigest><ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>` +
+        `<ds:DigestValue>${params.digestValue}</ds:DigestValue></etsi:CertDigest>` +
         `<etsi:IssuerSerial>` +
         `<ds:X509IssuerName>${params.issuerName}</ds:X509IssuerName>` +
         `<ds:X509SerialNumber>${params.issuerSerialNumber}</ds:X509SerialNumber>` +
         `</etsi:IssuerSerial>` +
         `</etsi:Cert>` +
         `</etsi:SigningCertificate>` +
+        `</etsi:SignedSignatureProperties>` +
         `<etsi:SignedDataObjectProperties>` +
-        `<etsi:DataObjectFormat ObjectReference="#Reference-ID=${params.referenceIdNumber}">` +
+        `<etsi:DataObjectFormat ObjectReference="#Reference-ID-${params.referenceIdNumber}">` +
         `<etsi:Description>contenido comprobante</etsi:Description>` +
         `<etsi:MimeType>text/xml</etsi:MimeType>` +
         `</etsi:DataObjectFormat>` +
@@ -66,32 +67,32 @@ function getKeyInfoNode(params) {
         `\n<ds:X509Data>` +
         `\n<ds:X509Certificate>\n${params.certificateX509}\n</ds:X509Certificate>` +
         `\n</ds:X509Data>` +
-        `\n</ds:KeyValue>\n<ds:RSAKeyValue>\n<ds:Modulus>\n${params.modulus}\n</ds:Modulus>` +
-        `\n<ds:Exponent>\n${params.exponent}</ds:Exponent>` +
+        `\n<ds:KeyValue>\n<ds:RSAKeyValue>\n<ds:Modulus>\n${params.modulus}\n</ds:Modulus>` +
+        `\n<ds:Exponent>${params.exponent}</ds:Exponent>` +
         `\n</ds:RSAKeyValue>` +
+        `\n</ds:KeyValue>` +
         `\n</ds:KeyInfo>`);
 }
 function getSignedInfoNode(params) {
     return (`<ds:SignedInfo Id="Signature-SignedInfo${params.signedInfoNumber}">` +
-        `\n<ds:CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n20010315"></ds:CanonicalizationMethod>` +
-        `\n<ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"></ds:SignatureMethod>` +
-        `\n<ds:Reference Id="SignedPropertiesID${params.signedPropertiesIdNumber}" `
-        + `Type="http://uri.etsi.org/01903#SignedProperties" URI="#Signature${params.signatureNumber}-SignedProperties${params.signedPropertiesNumber}">` +
-        `\n<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"></ds:DigestMethod>` +
+        `\n<ds:CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/>` +
+        `\n<ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>` +
+        `\n<ds:Reference Id="SignedPropertiesID${params.signedPropertiesIdNumber}" Type="http://uri.etsi.org/01903#SignedProperties" URI="#Signature${params.signatureNumber}-SignedProperties${params.signedPropertiesNumber}">` +
+        `\n<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>` +
         `\n<ds:DigestValue>${params.sha1SignedProperties}</ds:DigestValue>` +
         `\n</ds:Reference>` +
-        `\n<ds:Reference URI="Certificate${params.certificateNumber}">` +
-        `\n<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"></ds:DigestMethod>` +
+        `\n<ds:Reference URI="#Certificate${params.certificateNumber}">` +
+        `\n<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>` +
         `\n<ds:DigestValue>${params.sha1KeyInfo}</ds:DigestValue>` +
         `\n</ds:Reference>` +
         `\n<ds:Reference Id="Reference-ID-${params.referenceIdNumber}" URI="#comprobante">` +
         `\n<ds:Transforms>` +
-        `\n<ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"></ds:Transform>` +
+        `\n<ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>` +
         `\n</ds:Transforms>` +
-        `\n<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"></ds:DigestMethod>` +
+        `\n<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>` +
         `\n<ds:DigestValue>${params.sha1Xml}</ds:DigestValue>` +
         `\n</ds:Reference>` +
-        `</ds:SignedInfo>`);
+        `\n</ds:SignedInfo>`);
 }
 function getSignatureObject(params) {
     const objectSignature = `<ds:Object Id="Signature${params.signatureNumber}-Object${params.objectNumber}">` +
@@ -132,11 +133,12 @@ function sign(params) {
             .replace(/(?=<\>)(\r?\n)|(\r?\n)(?=\<\/) /g, "")
             .trim()
             .replace(/(?=<\>)(\s*)/g, "")
-            .replace(/\t|\r/g, "");
+            .replace(/\t|\r/g, "")
+            .replace(/>\s+</g, "><");
         const arayuint8 = new Uint8Array(p12Buffer === null || p12Buffer === void 0 ? void 0 : p12Buffer.buffer);
         let certInfo = (0, credentials_1.getPCK12CertInfo)(arayuint8, p12Password);
         const sha1Xml = (0, security_1.sha1ToBase64)(xmlData.replace(`<?xml version="1.0" encoding="UTF-8"?>`, ""), "utf8");
-        const namespaces = 'xmlns:ds="http://www.w3.org/2000/09/xmldsig#" xmlns:estsi="http://uri.etsi.org/01903/v1.3.2#"';
+        const namespaces = 'xmlns:ds="http://www.w3.org/2000/09/xmldsig#" xmlns:etsi="http://uri.etsi.org/01903/v1.3.2#"';
         let signedProperties = getSignedPropertiesNode({
             signatureNumber: certInfo.radomValues.signatureNumber,
             signedPropertiesNumber: certInfo.radomValues.signedPropertiesNumber,
@@ -151,7 +153,7 @@ function sign(params) {
             nodeName: "<etsi:SignedProperties",
             namespaces,
         });
-        const sha1SignedProperties = (0, security_1.sha1ToBase64)(signedPropertiesCanonicalized, "utf8");
+        const sha1SignedProperties = (0, security_1.sha1ToBase64)(signedPropertiesCanonicalized);
         const keyInfo = getKeyInfoNode({
             certificateNumber: certInfo.radomValues.certificateNumber,
             certificateX509: certInfo.certInfo.certificateX509,
@@ -163,7 +165,7 @@ function sign(params) {
             nodeName: "<ds:KeyInfo",
             namespaces,
         });
-        const sha1KeyInfo = (0, security_1.sha1ToBase64)(keyInfoCanonicalized, "utf-8");
+        const sha1KeyInfo = (0, security_1.sha1ToBase64)(keyInfoCanonicalized);
         const signedInfo = getSignedInfoNode({
             signedInfoNumber: certInfo.radomValues.signedInfoNumber,
             signedPropertiesIdNumber: certInfo.radomValues.signedPropertiesIdNumber,
@@ -183,8 +185,8 @@ function sign(params) {
         const md = (0, security_1.toSha1)(signedInfoCanonicalized, "utf8");
         const signatureValue = (_b = (_a = (0, security_1.toBase64String)(certInfo.certInfo.key.sign(md))
             .match(/.{1,76}/g)) === null || _a === void 0 ? void 0 : _a.join("\n")) !== null && _b !== void 0 ? _b : "";
-        const signatureValueNode = `\n<ds:SignatureValue Id="SignatureValue${certInfo.radomValues.signatureValueNumber}">` +
-            `${signatureValue}\n</ds:SignatureValue>`;
+        const signatureValueNode = `<ds:SignatureValue Id="SignatureValue${certInfo.radomValues.signatureValueNumber}">` +
+            `\n${signatureValue}\n</ds:SignatureValue>`;
         const objectSignature = getSignatureObject({
             signatureNumber: certInfo.radomValues.signatureNumber,
             objectNumber: certInfo.radomValues.objectNumber,
@@ -199,7 +201,7 @@ function sign(params) {
             objectSignarureNode: objectSignature,
         });
         return addSignatureNode({
-            xml: xmlData,
+            xml: xmlData.replace(`encoding="UTF-8"?>`, 'encoding="UTF-8"?>\n'),
             rootElement: params.rootElement,
             signatureNode,
         });

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "xades-bes-signer",
-  "version": "1.0.3",
+  "version": "1.0.5",
   "description": "XAdES-BES signer utilities for Node.js (TypeScript) — certificate handling and XAdES-BES signature helpers.",
   "main": "/dist/src/main.js",
   "types": "/dist/src/main.d.ts",