xml-crypto-next 7.0.0

package/lib/utils.js

@@ -0,0 +1,271 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.BASE64_REGEX = exports.EXTRACT_X509_CERTS = exports.PEM_FORMAT_REGEX = void 0;
+exports.isArrayHasLength = isArrayHasLength;
+exports.findAttr = findAttr;
+exports.findChildren = findChildren;
+exports.findChilds = findChilds;
+exports.encodeSpecialCharactersInAttribute = encodeSpecialCharactersInAttribute;
+exports.encodeSpecialCharactersInText = encodeSpecialCharactersInText;
+exports.normalizePem = normalizePem;
+exports.pemToDer = pemToDer;
+exports.derToPem = derToPem;
+exports.findAncestorNs = findAncestorNs;
+exports.validateDigestValue = validateDigestValue;
+exports.isDescendantOf = isDescendantOf;
+const xpath = require("xpath");
+const isDomNode = require("@xmldom/is-dom-node");
+function isArrayHasLength(array) {
+    return Array.isArray(array) && array.length > 0;
+}
+function attrEqualsExplicitly(attr, localName, namespace) {
+    return attr.localName === localName && (attr.namespaceURI === namespace || namespace == null);
+}
+function attrEqualsImplicitly(attr, localName, namespace, node) {
+    return (attr.localName === localName &&
+        ((!attr.namespaceURI && node?.namespaceURI === namespace) || namespace == null));
+}
+function findAttr(element, localName, namespace) {
+    for (let i = 0; i < element.attributes.length; i++) {
+        const attr = element.attributes[i];
+        if (attrEqualsExplicitly(attr, localName, namespace) ||
+            attrEqualsImplicitly(attr, localName, namespace, element)) {
+            return attr;
+        }
+    }
+    return null;
+}
+function findChildren(node, localName, namespace) {
+    const element = node.documentElement ?? node;
+    const res = [];
+    for (let i = 0; i < element.childNodes.length; i++) {
+        const child = element.childNodes[i];
+        if (isDomNode.isElementNode(child) &&
+            child.localName === localName &&
+            (child.namespaceURI === namespace || namespace == null)) {
+            res.push(child);
+        }
+    }
+    return res;
+}
+/** @deprecated */
+function findChilds(node, localName, namespace) {
+    return findChildren(node, localName, namespace);
+}
+const xml_special_to_encoded_attribute = {
+    "&": "&amp;",
+    "<": "&lt;",
+    '"': "&quot;",
+    "\r": "&#xD;",
+    "\n": "&#xA;",
+    "\t": "&#x9;",
+};
+const xml_special_to_encoded_text = {
+    "&": "&amp;",
+    "<": "&lt;",
+    ">": "&gt;",
+    "\r": "&#xD;",
+};
+function encodeSpecialCharactersInAttribute(attributeValue) {
+    return attributeValue.replace(/([&<"\r\n\t])/g, function (str, item) {
+        /** Special character normalization.
+         * @see:
+         * - https://www.w3.org/TR/xml-c14n#ProcessingModel (Attribute Nodes)
+         * - https://www.w3.org/TR/xml-c14n#Example-Chars
+         */
+        return xml_special_to_encoded_attribute[item];
+    });
+}
+function encodeSpecialCharactersInText(text) {
+    return text.replace(/([&<>\r])/g, function (str, item) {
+        /** Special character normalization.
+         * @see:
+         * - https://www.w3.org/TR/xml-c14n#ProcessingModel (Text Nodes)
+         * - https://www.w3.org/TR/xml-c14n#Example-Chars
+         */
+        return xml_special_to_encoded_text[item];
+    });
+}
+/**
+ * PEM format has wide range of usages, but this library
+ * is enforcing RFC7468 which focuses on PKIX, PKCS and CMS.
+ *
+ * https://www.rfc-editor.org/rfc/rfc7468
+ *
+ * PEM_FORMAT_REGEX is validating given PEM file against RFC7468 'stricttextualmsg' definition.
+ *
+ * With few exceptions;
+ *  - 'posteb' MAY have 'eol', but it is not mandatory.
+ *  - 'preeb' and 'posteb' lines are limited to 64 characters, but
+ *     should not cause any issues in context of PKIX, PKCS and CMS.
+ */
+exports.PEM_FORMAT_REGEX = new RegExp("^-----BEGIN [A-Z\x20]{1,48}-----([^-]*)-----END [A-Z\x20]{1,48}-----$", "s");
+exports.EXTRACT_X509_CERTS = new RegExp("-----BEGIN CERTIFICATE-----[^-]*-----END CERTIFICATE-----", "g");
+exports.BASE64_REGEX = new RegExp("^(?:[A-Za-z0-9\\+\\/]{4}\\n{0,1})*(?:[A-Za-z0-9\\+\\/]{2}==|[A-Za-z0-9\\+\\/]{3}=)?$", "s");
+/**
+ * -----BEGIN [LABEL]-----
+ * base64([DATA])
+ * -----END [LABEL]-----
+ *
+ * Above is shown what PEM file looks like. As can be seen, base64 data
+ * can be in single line or multiple lines.
+ *
+ * This function normalizes PEM presentation to;
+ *  - contain PEM header and footer as they are given
+ *  - normalize line endings to '\n'
+ *  - normalize line length to maximum of 64 characters
+ *  - ensure that 'preeb' has line ending '\n'
+ *
+ * With a couple of notes:
+ *  - 'eol' is normalized to '\n'
+ *
+ * @param pem The PEM string to normalize to RFC7468 'stricttextualmsg' definition
+ */
+function normalizePem(pem) {
+    return `${(pem
+        .trim()
+        .replace(/(\r\n|\r)/g, "\n")
+        .match(/.{1,64}/g) ?? []).join("\n")}\n`;
+}
+/**
+ * @param pem The PEM-encoded base64 certificate to strip headers from
+ */
+function pemToDer(pem) {
+    if (!exports.PEM_FORMAT_REGEX.test(pem.trim())) {
+        throw new Error("Invalid PEM format.");
+    }
+    return Buffer.from(pem
+        .replace(/(\r\n|\r)/g, "")
+        .replace(/-----BEGIN [A-Z\x20]{1,48}-----\n?/, "")
+        .replace(/-----END [A-Z\x20]{1,48}-----\n?/, ""), "base64");
+}
+/**
+ * @param der The DER-encoded base64 certificate to add PEM headers too
+ * @param pemLabel The label of the header and footer to add
+ */
+function derToPem(der, pemLabel) {
+    const base64Der = Buffer.isBuffer(der)
+        ? der.toString("base64").trim()
+        : der.replace(/(\r\n|\r)/g, "").trim();
+    if (exports.PEM_FORMAT_REGEX.test(base64Der)) {
+        return normalizePem(base64Der);
+    }
+    if (exports.BASE64_REGEX.test(base64Der.replace(/ /g, ""))) {
+        if (pemLabel == null) {
+            throw new Error("PEM label is required when DER is given.");
+        }
+        const pem = `-----BEGIN ${pemLabel}-----\n${base64Der.replace(/ /g, "")}\n-----END ${pemLabel}-----`;
+        return normalizePem(pem);
+    }
+    throw new Error("Unknown DER format.");
+}
+function collectAncestorNamespaces(node, nsArray = []) {
+    if (!isDomNode.isElementNode(node.parentNode)) {
+        return nsArray;
+    }
+    const parent = node.parentNode;
+    if (!parent) {
+        return nsArray;
+    }
+    if (parent.attributes && parent.attributes.length > 0) {
+        for (let i = 0; i < parent.attributes.length; i++) {
+            const attr = parent.attributes[i];
+            if (attr && attr.nodeName && attr.nodeName.search(/^xmlns:?/) !== -1) {
+                nsArray.push({
+                    prefix: attr.nodeName.replace(/^xmlns:?/, ""),
+                    namespaceURI: attr.nodeValue || "",
+                });
+            }
+        }
+    }
+    return collectAncestorNamespaces(parent, nsArray);
+}
+function findNSPrefix(subset) {
+    const subsetAttributes = subset.attributes;
+    for (let k = 0; k < subsetAttributes.length; k++) {
+        const nodeName = subsetAttributes[k].nodeName;
+        if (nodeName.search(/^xmlns:?/) !== -1) {
+            return nodeName.replace(/^xmlns:?/, "");
+        }
+    }
+    return subset.prefix || "";
+}
+function isElementSubset(docSubset) {
+    return docSubset.every((node) => isDomNode.isElementNode(node));
+}
+/**
+ * Extract ancestor namespaces in order to import it to root of document subset
+ * which is being canonicalized for non-exclusive c14n.
+ *
+ * @param doc - Usually a product from `new xmldom.DOMParser().parseFromString()`
+ * @param docSubsetXpath - xpath query to get document subset being canonicalized
+ * @param namespaceResolver - xpath namespace resolver
+ * @returns i.e. [{prefix: "saml", namespaceURI: "urn:oasis:names:tc:SAML:2.0:assertion"}]
+ */
+function findAncestorNs(doc, docSubsetXpath, namespaceResolver) {
+    if (docSubsetXpath == null) {
+        return [];
+    }
+    const docSubset = xpath.selectWithResolver(docSubsetXpath, doc, namespaceResolver);
+    if (!isArrayHasLength(docSubset)) {
+        return [];
+    }
+    if (!isElementSubset(docSubset)) {
+        throw new Error("Document subset must be list of elements");
+    }
+    // Remove duplicate on ancestor namespace
+    const ancestorNs = collectAncestorNamespaces(docSubset[0]);
+    const ancestorNsWithoutDuplicate = [];
+    for (let i = 0; i < ancestorNs.length; i++) {
+        let notOnTheList = true;
+        for (const v in ancestorNsWithoutDuplicate) {
+            if (ancestorNsWithoutDuplicate[v].prefix === ancestorNs[i].prefix) {
+                notOnTheList = false;
+                break;
+            }
+        }
+        if (notOnTheList) {
+            ancestorNsWithoutDuplicate.push(ancestorNs[i]);
+        }
+    }
+    // Remove namespaces which are already declared in the subset with the same prefix
+    const returningNs = [];
+    const subsetNsPrefix = findNSPrefix(docSubset[0]);
+    for (const ancestorNs of ancestorNsWithoutDuplicate) {
+        if (ancestorNs.prefix !== subsetNsPrefix) {
+            returningNs.push(ancestorNs);
+        }
+    }
+    return returningNs;
+}
+function validateDigestValue(digest, expectedDigest) {
+    const buffer = Buffer.from(digest, "base64");
+    const expectedBuffer = Buffer.from(expectedDigest, "base64");
+    if (typeof buffer.equals === "function") {
+        return buffer.equals(expectedBuffer);
+    }
+    if (buffer.length !== expectedBuffer.length) {
+        return false;
+    }
+    for (let i = 0; i < buffer.length; i++) {
+        if (buffer[i] !== expectedBuffer[i]) {
+            return false;
+        }
+    }
+    return true;
+}
+// Check if the given node is descendant of the given parent node
+function isDescendantOf(node, parent) {
+    if (!node || !parent) {
+        return false;
+    }
+    let currentNode = node.parentNode;
+    while (currentNode) {
+        if (currentNode === parent) {
+            return true;
+        }
+        currentNode = currentNode.parentNode;
+    }
+    return false;
+}
+//# sourceMappingURL=utils.js.map

package/lib/utils.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"utils.js","sourceRoot":"","sources":["../src/utils.ts"],"names":[],"mappings":";;;AAIA,4CAEC;AAaD,4BAYC;AAED,oCAcC;AAGD,gCAEC;AAkBD,gFASC;AAED,sEASC;AA+CD,oCAOC;AAKD,4BAYC;AAMD,4BAyBC;AAuDD,wCA8CC;AAED,kDAmBC;AAGD,wCAeC;AA5UD,+BAA+B;AAE/B,iDAAiD;AAEjD,SAAgB,gBAAgB,CAAC,KAAc;IAC7C,OAAO,KAAK,CAAC,OAAO,CAAC,KAAK,CAAC,IAAI,KAAK,CAAC,MAAM,GAAG,CAAC,CAAC;AAClD,CAAC;AAED,SAAS,oBAAoB,CAAC,IAAU,EAAE,SAAiB,EAAE,SAAkB;IAC7E,OAAO,IAAI,CAAC,SAAS,KAAK,SAAS,IAAI,CAAC,IAAI,CAAC,YAAY,KAAK,SAAS,IAAI,SAAS,IAAI,IAAI,CAAC,CAAC;AAChG,CAAC;AAED,SAAS,oBAAoB,CAAC,IAAU,EAAE,SAAiB,EAAE,SAAkB,EAAE,IAAc;IAC7F,OAAO,CACL,IAAI,CAAC,SAAS,KAAK,SAAS;QAC5B,CAAC,CAAC,CAAC,IAAI,CAAC,YAAY,IAAI,IAAI,EAAE,YAAY,KAAK,SAAS,CAAC,IAAI,SAAS,IAAI,IAAI,CAAC,CAChF,CAAC;AACJ,CAAC;AAED,SAAgB,QAAQ,CAAC,OAAgB,EAAE,SAAiB,EAAE,SAAkB;IAC9E,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,OAAO,CAAC,UAAU,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;QACnD,MAAM,IAAI,GAAG,OAAO,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC;QAEnC,IACE,oBAAoB,CAAC,IAAI,EAAE,SAAS,EAAE,SAAS,CAAC;YAChD,oBAAoB,CAAC,IAAI,EAAE,SAAS,EAAE,SAAS,EAAE,OAAO,CAAC,EACzD,CAAC;YACD,OAAO,IAAI,CAAC;QACd,CAAC;IACH,CAAC;IACD,OAAO,IAAI,CAAC;AACd,CAAC;AAED,SAAgB,YAAY,CAAC,IAAqB,EAAE,SAAiB,EAAE,SAAkB;IACvF,MAAM,OAAO,GAAI,IAAiB,CAAC,eAAe,IAAI,IAAI,CAAC;IAC3D,MAAM,GAAG,GAAc,EAAE,CAAC;IAC1B,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,OAAO,CAAC,UAAU,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;QACnD,MAAM,KAAK,GAAG,OAAO,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC;QACpC,IACE,SAAS,CAAC,aAAa,CAAC,KAAK,CAAC;YAC9B,KAAK,CAAC,SAAS,KAAK,SAAS;YAC7B,CAAC,KAAK,CAAC,YAAY,KAAK,SAAS,IAAI,SAAS,IAAI,IAAI,CAAC,EACvD,CAAC;YACD,GAAG,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;QAClB,CAAC;IACH,CAAC;IACD,OAAO,GAAG,CAAC;AACb,CAAC;AAED,kBAAkB;AAClB,SAAgB,UAAU,CAAC,IAAqB,EAAE,SAAiB,EAAE,SAAkB;IACrF,OAAO,YAAY,CAAC,IAAI,EAAE,SAAS,EAAE,SAAS,CAAC,CAAC;AAClD,CAAC;AAED,MAAM,gCAAgC,GAAG;IACvC,GAAG,EAAE,OAAO;IACZ,GAAG,EAAE,MAAM;IACX,GAAG,EAAE,QAAQ;IACb,IAAI,EAAE,OAAO;IACb,IAAI,EAAE,OAAO;IACb,IAAI,EAAE,OAAO;CACd,CAAC;AAEF,MAAM,2BAA2B,GAAG;IAClC,GAAG,EAAE,OAAO;IACZ,GAAG,EAAE,MAAM;IACX,GAAG,EAAE,MAAM;IACX,IAAI,EAAE,OAAO;CACd,CAAC;AAEF,SAAgB,kCAAkC,CAAC,cAAc;IAC/D,OAAO,cAAc,CAAC,OAAO,CAAC,gBAAgB,EAAE,UAAU,GAAG,EAAE,IAAI;QACjE;;;;WAIG;QACH,OAAO,gCAAgC,CAAC,IAAI,CAAC,CAAC;IAChD,CAAC,CAAC,CAAC;AACL,CAAC;AAED,SAAgB,6BAA6B,CAAC,IAAY;IACxD,OAAO,IAAI,CAAC,OAAO,CAAC,YAAY,EAAE,UAAU,GAAG,EAAE,IAAI;QACnD;;;;WAIG;QACH,OAAO,2BAA2B,CAAC,IAAI,CAAC,CAAC;IAC3C,CAAC,CAAC,CAAC;AACL,CAAC;AAED;;;;;;;;;;;;GAYG;AACU,QAAA,gBAAgB,GAAG,IAAI,MAAM,CACxC,uEAAuE,EACvE,GAAG,CACJ,CAAC;AACW,QAAA,kBAAkB,GAAG,IAAI,MAAM,CAC1C,2DAA2D,EAC3D,GAAG,CACJ,CAAC;AACW,QAAA,YAAY,GAAG,IAAI,MAAM,CACpC,sFAAsF,EACtF,GAAG,CACJ,CAAC;AAEF;;;;;;;;;;;;;;;;;;GAkBG;AACH,SAAgB,YAAY,CAAC,GAAW;IACtC,OAAO,GAAG,CACR,GAAG;SACA,IAAI,EAAE;SACN,OAAO,CAAC,YAAY,EAAE,IAAI,CAAC;SAC3B,KAAK,CAAC,UAAU,CAAC,IAAI,EAAE,CAC3B,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC;AACnB,CAAC;AAED;;GAEG;AACH,SAAgB,QAAQ,CAAC,GAAW;IAClC,IAAI,CAAC,wBAAgB,CAAC,IAAI,CAAC,GAAG,CAAC,IAAI,EAAE,CAAC,EAAE,CAAC;QACvC,MAAM,IAAI,KAAK,CAAC,qBAAqB,CAAC,CAAC;IACzC,CAAC;IAED,OAAO,MAAM,CAAC,IAAI,CAChB,GAAG;SACA,OAAO,CAAC,YAAY,EAAE,EAAE,CAAC;SACzB,OAAO,CAAC,oCAAoC,EAAE,EAAE,CAAC;SACjD,OAAO,CAAC,kCAAkC,EAAE,EAAE,CAAC,EAClD,QAAQ,CACT,CAAC;AACJ,CAAC;AAED;;;GAGG;AACH,SAAgB,QAAQ,CACtB,GAAoB,EACpB,QAA2D;IAE3D,MAAM,SAAS,GAAG,MAAM,CAAC,QAAQ,CAAC,GAAG,CAAC;QACpC,CAAC,CAAC,GAAG,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC,IAAI,EAAE;QAC/B,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,YAAY,EAAE,EAAE,CAAC,CAAC,IAAI,EAAE,CAAC;IAEzC,IAAI,wBAAgB,CAAC,IAAI,CAAC,SAAS,CAAC,EAAE,CAAC;QACrC,OAAO,YAAY,CAAC,SAAS,CAAC,CAAC;IACjC,CAAC;IAED,IAAI,oBAAY,CAAC,IAAI,CAAC,SAAS,CAAC,OAAO,CAAC,IAAI,EAAE,EAAE,CAAC,CAAC,EAAE,CAAC;QACnD,IAAI,QAAQ,IAAI,IAAI,EAAE,CAAC;YACrB,MAAM,IAAI,KAAK,CAAC,0CAA0C,CAAC,CAAC;QAC9D,CAAC;QACD,MAAM,GAAG,GAAG,cAAc,QAAQ,UAAU,SAAS,CAAC,OAAO,CAC3D,IAAI,EACJ,EAAE,CACH,cAAc,QAAQ,OAAO,CAAC;QAE/B,OAAO,YAAY,CAAC,GAAG,CAAC,CAAC;IAC3B,CAAC;IAED,MAAM,IAAI,KAAK,CAAC,qBAAqB,CAAC,CAAC;AACzC,CAAC;AAED,SAAS,yBAAyB,CAChC,IAAa,EACb,UAA6B,EAAE;IAE/B,IAAI,CAAC,SAAS,CAAC,aAAa,CAAC,IAAI,CAAC,UAAU,CAAC,EAAE,CAAC;QAC9C,OAAO,OAAO,CAAC;IACjB,CAAC;IAED,MAAM,MAAM,GAAY,IAAI,CAAC,UAAU,CAAC;IAExC,IAAI,CAAC,MAAM,EAAE,CAAC;QACZ,OAAO,OAAO,CAAC;IACjB,CAAC;IAED,IAAI,MAAM,CAAC,UAAU,IAAI,MAAM,CAAC,UAAU,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QACtD,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,MAAM,CAAC,UAAU,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;YAClD,MAAM,IAAI,GAAG,MAAM,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC;YAClC,IAAI,IAAI,IAAI,IAAI,CAAC,QAAQ,IAAI,IAAI,CAAC,QAAQ,CAAC,MAAM,CAAC,UAAU,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC;gBACrE,OAAO,CAAC,IAAI,CAAC;oBACX,MAAM,EAAE,IAAI,CAAC,QAAQ,CAAC,OAAO,CAAC,UAAU,EAAE,EAAE,CAAC;oBAC7C,YAAY,EAAE,IAAI,CAAC,SAAS,IAAI,EAAE;iBACnC,CAAC,CAAC;YACL,CAAC;QACH,CAAC;IACH,CAAC;IAED,OAAO,yBAAyB,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;AACpD,CAAC;AAED,SAAS,YAAY,CAAC,MAAM;IAC1B,MAAM,gBAAgB,GAAG,MAAM,CAAC,UAAU,CAAC;IAC3C,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,gBAAgB,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;QACjD,MAAM,QAAQ,GAAG,gBAAgB,CAAC,CAAC,CAAC,CAAC,QAAQ,CAAC;QAC9C,IAAI,QAAQ,CAAC,MAAM,CAAC,UAAU,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC;YACvC,OAAO,QAAQ,CAAC,OAAO,CAAC,UAAU,EAAE,EAAE,CAAC,CAAC;QAC1C,CAAC;IACH,CAAC;IACD,OAAO,MAAM,CAAC,MAAM,IAAI,EAAE,CAAC;AAC7B,CAAC;AAED,SAAS,eAAe,CAAC,SAAiB;IACxC,OAAO,SAAS,CAAC,KAAK,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,SAAS,CAAC,aAAa,CAAC,IAAI,CAAC,CAAC,CAAC;AAClE,CAAC;AAED;;;;;;;;GAQG;AACH,SAAgB,cAAc,CAC5B,GAAa,EACb,cAAuB,EACvB,iBAAmC;IAEnC,IAAI,cAAc,IAAI,IAAI,EAAE,CAAC;QAC3B,OAAO,EAAE,CAAC;IACZ,CAAC;IAED,MAAM,SAAS,GAAG,KAAK,CAAC,kBAAkB,CAAC,cAAc,EAAE,GAAG,EAAE,iBAAiB,CAAC,CAAC;IAEnF,IAAI,CAAC,gBAAgB,CAAC,SAAS,CAAC,EAAE,CAAC;QACjC,OAAO,EAAE,CAAC;IACZ,CAAC;IAED,IAAI,CAAC,eAAe,CAAC,SAAS,CAAC,EAAE,CAAC;QAChC,MAAM,IAAI,KAAK,CAAC,0CAA0C,CAAC,CAAC;IAC9D,CAAC;IAED,yCAAyC;IACzC,MAAM,UAAU,GAAG,yBAAyB,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC,CAAC;IAC3D,MAAM,0BAA0B,GAAsB,EAAE,CAAC;IACzD,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,UAAU,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;QAC3C,IAAI,YAAY,GAAG,IAAI,CAAC;QACxB,KAAK,MAAM,CAAC,IAAI,0BAA0B,EAAE,CAAC;YAC3C,IAAI,0BAA0B,CAAC,CAAC,CAAC,CAAC,MAAM,KAAK,UAAU,CAAC,CAAC,CAAC,CAAC,MAAM,EAAE,CAAC;gBAClE,YAAY,GAAG,KAAK,CAAC;gBACrB,MAAM;YACR,CAAC;QACH,CAAC;QAED,IAAI,YAAY,EAAE,CAAC;YACjB,0BAA0B,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC,CAAC;QACjD,CAAC;IACH,CAAC;IAED,kFAAkF;IAClF,MAAM,WAAW,GAAsB,EAAE,CAAC;IAC1C,MAAM,cAAc,GAAG,YAAY,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC,CAAC;IAClD,KAAK,MAAM,UAAU,IAAI,0BAA0B,EAAE,CAAC;QACpD,IAAI,UAAU,CAAC,MAAM,KAAK,cAAc,EAAE,CAAC;YACzC,WAAW,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC;QAC/B,CAAC;IACH,CAAC;IAED,OAAO,WAAW,CAAC;AACrB,CAAC;AAED,SAAgB,mBAAmB,CAAC,MAAM,EAAE,cAAc;IACxD,MAAM,MAAM,GAAG,MAAM,CAAC,IAAI,CAAC,MAAM,EAAE,QAAQ,CAAC,CAAC;IAC7C,MAAM,cAAc,GAAG,MAAM,CAAC,IAAI,CAAC,cAAc,EAAE,QAAQ,CAAC,CAAC;IAE7D,IAAI,OAAO,MAAM,CAAC,MAAM,KAAK,UAAU,EAAE,CAAC;QACxC,OAAO,MAAM,CAAC,MAAM,CAAC,cAAc,CAAC,CAAC;IACvC,CAAC;IAED,IAAI,MAAM,CAAC,MAAM,KAAK,cAAc,CAAC,MAAM,EAAE,CAAC;QAC5C,OAAO,KAAK,CAAC;IACf,CAAC;IAED,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,MAAM,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;QACvC,IAAI,MAAM,CAAC,CAAC,CAAC,KAAK,cAAc,CAAC,CAAC,CAAC,EAAE,CAAC;YACpC,OAAO,KAAK,CAAC;QACf,CAAC;IACH,CAAC;IAED,OAAO,IAAI,CAAC;AACd,CAAC;AAED,iEAAiE;AACjE,SAAgB,cAAc,CAAC,IAAU,EAAE,MAAY;IACrD,IAAI,CAAC,IAAI,IAAI,CAAC,MAAM,EAAE,CAAC;QACrB,OAAO,KAAK,CAAC;IACf,CAAC;IAED,IAAI,WAAW,GAAgB,IAAI,CAAC,UAAU,CAAC;IAE/C,OAAO,WAAW,EAAE,CAAC;QACnB,IAAI,WAAW,KAAK,MAAM,EAAE,CAAC;YAC3B,OAAO,IAAI,CAAC;QACd,CAAC;QACD,WAAW,GAAG,WAAW,CAAC,UAAU,CAAC;IACvC,CAAC;IAED,OAAO,KAAK,CAAC;AACf,CAAC","sourcesContent":["import * as xpath from \"xpath\";\r\nimport type { NamespacePrefix } from \"./types\";\r\nimport * as isDomNode from \"@xmldom/is-dom-node\";\r\n\r\nexport function isArrayHasLength(array: unknown): array is unknown[] {\r\n  return Array.isArray(array) && array.length > 0;\r\n}\r\n\r\nfunction attrEqualsExplicitly(attr: Attr, localName: string, namespace?: string) {\r\n  return attr.localName === localName && (attr.namespaceURI === namespace || namespace == null);\r\n}\r\n\r\nfunction attrEqualsImplicitly(attr: Attr, localName: string, namespace?: string, node?: Element) {\r\n  return (\r\n    attr.localName === localName &&\r\n    ((!attr.namespaceURI && node?.namespaceURI === namespace) || namespace == null)\r\n  );\r\n}\r\n\r\nexport function findAttr(element: Element, localName: string, namespace?: string) {\r\n  for (let i = 0; i < element.attributes.length; i++) {\r\n    const attr = element.attributes[i];\r\n\r\n    if (\r\n      attrEqualsExplicitly(attr, localName, namespace) ||\r\n      attrEqualsImplicitly(attr, localName, namespace, element)\r\n    ) {\r\n      return attr;\r\n    }\r\n  }\r\n  return null;\r\n}\r\n\r\nexport function findChildren(node: Node | Document, localName: string, namespace?: string) {\r\n  const element = (node as Document).documentElement ?? node;\r\n  const res: Element[] = [];\r\n  for (let i = 0; i < element.childNodes.length; i++) {\r\n    const child = element.childNodes[i];\r\n    if (\r\n      isDomNode.isElementNode(child) &&\r\n      child.localName === localName &&\r\n      (child.namespaceURI === namespace || namespace == null)\r\n    ) {\r\n      res.push(child);\r\n    }\r\n  }\r\n  return res;\r\n}\r\n\r\n/** @deprecated */\r\nexport function findChilds(node: Node | Document, localName: string, namespace?: string) {\r\n  return findChildren(node, localName, namespace);\r\n}\r\n\r\nconst xml_special_to_encoded_attribute = {\r\n  \"&\": \"&amp;\",\r\n  \"<\": \"&lt;\",\r\n  '\"': \"&quot;\",\r\n  \"\\r\": \"&#xD;\",\r\n  \"\\n\": \"&#xA;\",\r\n  \"\\t\": \"&#x9;\",\r\n};\r\n\r\nconst xml_special_to_encoded_text = {\r\n  \"&\": \"&amp;\",\r\n  \"<\": \"&lt;\",\r\n  \">\": \"&gt;\",\r\n  \"\\r\": \"&#xD;\",\r\n};\r\n\r\nexport function encodeSpecialCharactersInAttribute(attributeValue) {\r\n  return attributeValue.replace(/([&<\"\\r\\n\\t])/g, function (str, item) {\r\n    /** Special character normalization.\r\n     * @see:\r\n     * - https://www.w3.org/TR/xml-c14n#ProcessingModel (Attribute Nodes)\r\n     * - https://www.w3.org/TR/xml-c14n#Example-Chars\r\n     */\r\n    return xml_special_to_encoded_attribute[item];\r\n  });\r\n}\r\n\r\nexport function encodeSpecialCharactersInText(text: string): string {\r\n  return text.replace(/([&<>\\r])/g, function (str, item) {\r\n    /** Special character normalization.\r\n     * @see:\r\n     * - https://www.w3.org/TR/xml-c14n#ProcessingModel (Text Nodes)\r\n     * - https://www.w3.org/TR/xml-c14n#Example-Chars\r\n     */\r\n    return xml_special_to_encoded_text[item];\r\n  });\r\n}\r\n\r\n/**\r\n * PEM format has wide range of usages, but this library\r\n * is enforcing RFC7468 which focuses on PKIX, PKCS and CMS.\r\n *\r\n * https://www.rfc-editor.org/rfc/rfc7468\r\n *\r\n * PEM_FORMAT_REGEX is validating given PEM file against RFC7468 'stricttextualmsg' definition.\r\n *\r\n * With few exceptions;\r\n *  - 'posteb' MAY have 'eol', but it is not mandatory.\r\n *  - 'preeb' and 'posteb' lines are limited to 64 characters, but\r\n *     should not cause any issues in context of PKIX, PKCS and CMS.\r\n */\r\nexport const PEM_FORMAT_REGEX = new RegExp(\r\n  \"^-----BEGIN [A-Z\\x20]{1,48}-----([^-]*)-----END [A-Z\\x20]{1,48}-----$\",\r\n  \"s\",\r\n);\r\nexport const EXTRACT_X509_CERTS = new RegExp(\r\n  \"-----BEGIN CERTIFICATE-----[^-]*-----END CERTIFICATE-----\",\r\n  \"g\",\r\n);\r\nexport const BASE64_REGEX = new RegExp(\r\n  \"^(?:[A-Za-z0-9\\\\+\\\\/]{4}\\\\n{0,1})*(?:[A-Za-z0-9\\\\+\\\\/]{2}==|[A-Za-z0-9\\\\+\\\\/]{3}=)?$\",\r\n  \"s\",\r\n);\r\n\r\n/**\r\n * -----BEGIN [LABEL]-----\r\n * base64([DATA])\r\n * -----END [LABEL]-----\r\n *\r\n * Above is shown what PEM file looks like. As can be seen, base64 data\r\n * can be in single line or multiple lines.\r\n *\r\n * This function normalizes PEM presentation to;\r\n *  - contain PEM header and footer as they are given\r\n *  - normalize line endings to '\\n'\r\n *  - normalize line length to maximum of 64 characters\r\n *  - ensure that 'preeb' has line ending '\\n'\r\n *\r\n * With a couple of notes:\r\n *  - 'eol' is normalized to '\\n'\r\n *\r\n * @param pem The PEM string to normalize to RFC7468 'stricttextualmsg' definition\r\n */\r\nexport function normalizePem(pem: string): string {\r\n  return `${(\r\n    pem\r\n      .trim()\r\n      .replace(/(\\r\\n|\\r)/g, \"\\n\")\r\n      .match(/.{1,64}/g) ?? []\r\n  ).join(\"\\n\")}\\n`;\r\n}\r\n\r\n/**\r\n * @param pem The PEM-encoded base64 certificate to strip headers from\r\n */\r\nexport function pemToDer(pem: string): Buffer {\r\n  if (!PEM_FORMAT_REGEX.test(pem.trim())) {\r\n    throw new Error(\"Invalid PEM format.\");\r\n  }\r\n\r\n  return Buffer.from(\r\n    pem\r\n      .replace(/(\\r\\n|\\r)/g, \"\")\r\n      .replace(/-----BEGIN [A-Z\\x20]{1,48}-----\\n?/, \"\")\r\n      .replace(/-----END [A-Z\\x20]{1,48}-----\\n?/, \"\"),\r\n    \"base64\",\r\n  );\r\n}\r\n\r\n/**\r\n * @param der The DER-encoded base64 certificate to add PEM headers too\r\n * @param pemLabel The label of the header and footer to add\r\n */\r\nexport function derToPem(\r\n  der: string | Buffer,\r\n  pemLabel?: \"CERTIFICATE\" | \"PRIVATE KEY\" | \"RSA PUBLIC KEY\",\r\n): string {\r\n  const base64Der = Buffer.isBuffer(der)\r\n    ? der.toString(\"base64\").trim()\r\n    : der.replace(/(\\r\\n|\\r)/g, \"\").trim();\r\n\r\n  if (PEM_FORMAT_REGEX.test(base64Der)) {\r\n    return normalizePem(base64Der);\r\n  }\r\n\r\n  if (BASE64_REGEX.test(base64Der.replace(/ /g, \"\"))) {\r\n    if (pemLabel == null) {\r\n      throw new Error(\"PEM label is required when DER is given.\");\r\n    }\r\n    const pem = `-----BEGIN ${pemLabel}-----\\n${base64Der.replace(\r\n      / /g,\r\n      \"\",\r\n    )}\\n-----END ${pemLabel}-----`;\r\n\r\n    return normalizePem(pem);\r\n  }\r\n\r\n  throw new Error(\"Unknown DER format.\");\r\n}\r\n\r\nfunction collectAncestorNamespaces(\r\n  node: Element,\r\n  nsArray: NamespacePrefix[] = [],\r\n): NamespacePrefix[] {\r\n  if (!isDomNode.isElementNode(node.parentNode)) {\r\n    return nsArray;\r\n  }\r\n\r\n  const parent: Element = node.parentNode;\r\n\r\n  if (!parent) {\r\n    return nsArray;\r\n  }\r\n\r\n  if (parent.attributes && parent.attributes.length > 0) {\r\n    for (let i = 0; i < parent.attributes.length; i++) {\r\n      const attr = parent.attributes[i];\r\n      if (attr && attr.nodeName && attr.nodeName.search(/^xmlns:?/) !== -1) {\r\n        nsArray.push({\r\n          prefix: attr.nodeName.replace(/^xmlns:?/, \"\"),\r\n          namespaceURI: attr.nodeValue || \"\",\r\n        });\r\n      }\r\n    }\r\n  }\r\n\r\n  return collectAncestorNamespaces(parent, nsArray);\r\n}\r\n\r\nfunction findNSPrefix(subset) {\r\n  const subsetAttributes = subset.attributes;\r\n  for (let k = 0; k < subsetAttributes.length; k++) {\r\n    const nodeName = subsetAttributes[k].nodeName;\r\n    if (nodeName.search(/^xmlns:?/) !== -1) {\r\n      return nodeName.replace(/^xmlns:?/, \"\");\r\n    }\r\n  }\r\n  return subset.prefix || \"\";\r\n}\r\n\r\nfunction isElementSubset(docSubset: Node[]): docSubset is Element[] {\r\n  return docSubset.every((node) => isDomNode.isElementNode(node));\r\n}\r\n\r\n/**\r\n * Extract ancestor namespaces in order to import it to root of document subset\r\n * which is being canonicalized for non-exclusive c14n.\r\n *\r\n * @param doc - Usually a product from `new xmldom.DOMParser().parseFromString()`\r\n * @param docSubsetXpath - xpath query to get document subset being canonicalized\r\n * @param namespaceResolver - xpath namespace resolver\r\n * @returns i.e. [{prefix: \"saml\", namespaceURI: \"urn:oasis:names:tc:SAML:2.0:assertion\"}]\r\n */\r\nexport function findAncestorNs(\r\n  doc: Document,\r\n  docSubsetXpath?: string,\r\n  namespaceResolver?: XPathNSResolver,\r\n): NamespacePrefix[] {\r\n  if (docSubsetXpath == null) {\r\n    return [];\r\n  }\r\n\r\n  const docSubset = xpath.selectWithResolver(docSubsetXpath, doc, namespaceResolver);\r\n\r\n  if (!isArrayHasLength(docSubset)) {\r\n    return [];\r\n  }\r\n\r\n  if (!isElementSubset(docSubset)) {\r\n    throw new Error(\"Document subset must be list of elements\");\r\n  }\r\n\r\n  // Remove duplicate on ancestor namespace\r\n  const ancestorNs = collectAncestorNamespaces(docSubset[0]);\r\n  const ancestorNsWithoutDuplicate: NamespacePrefix[] = [];\r\n  for (let i = 0; i < ancestorNs.length; i++) {\r\n    let notOnTheList = true;\r\n    for (const v in ancestorNsWithoutDuplicate) {\r\n      if (ancestorNsWithoutDuplicate[v].prefix === ancestorNs[i].prefix) {\r\n        notOnTheList = false;\r\n        break;\r\n      }\r\n    }\r\n\r\n    if (notOnTheList) {\r\n      ancestorNsWithoutDuplicate.push(ancestorNs[i]);\r\n    }\r\n  }\r\n\r\n  // Remove namespaces which are already declared in the subset with the same prefix\r\n  const returningNs: NamespacePrefix[] = [];\r\n  const subsetNsPrefix = findNSPrefix(docSubset[0]);\r\n  for (const ancestorNs of ancestorNsWithoutDuplicate) {\r\n    if (ancestorNs.prefix !== subsetNsPrefix) {\r\n      returningNs.push(ancestorNs);\r\n    }\r\n  }\r\n\r\n  return returningNs;\r\n}\r\n\r\nexport function validateDigestValue(digest, expectedDigest) {\r\n  const buffer = Buffer.from(digest, \"base64\");\r\n  const expectedBuffer = Buffer.from(expectedDigest, \"base64\");\r\n\r\n  if (typeof buffer.equals === \"function\") {\r\n    return buffer.equals(expectedBuffer);\r\n  }\r\n\r\n  if (buffer.length !== expectedBuffer.length) {\r\n    return false;\r\n  }\r\n\r\n  for (let i = 0; i < buffer.length; i++) {\r\n    if (buffer[i] !== expectedBuffer[i]) {\r\n      return false;\r\n    }\r\n  }\r\n\r\n  return true;\r\n}\r\n\r\n// Check if the given node is descendant of the given parent node\r\nexport function isDescendantOf(node: Node, parent: Node): boolean {\r\n  if (!node || !parent) {\r\n    return false;\r\n  }\r\n\r\n  let currentNode: Node | null = node.parentNode;\r\n\r\n  while (currentNode) {\r\n    if (currentNode === parent) {\r\n      return true;\r\n    }\r\n    currentNode = currentNode.parentNode;\r\n  }\r\n\r\n  return false;\r\n}\r\n"]}

package/package.json

@@ -0,0 +1,73 @@
+{
+  "name": "xml-crypto-next",
+  "version": "7.0.0",
+  "private": false,
+  "description": "Xml digital signature and encryption library for Node.js",
+  "keywords": [
+    "xml",
+    "digital signature",
+    "xml encryption",
+    "x.509 certificate"
+  ],
+  "repository": {
+    "type": "git",
+    "url": "https://github.com/node-saml/xml-crypto.git"
+  },
+  "license": "MIT",
+  "author": "Yaron Naveh <yaronn01@gmail.com> (http://webservices20.blogspot.com/)",
+  "contributors": [
+    "LoneRifle <LoneRifle@users.noreply.github.com>",
+    "Chris Barth <chrisjbarth@hotmail.com>"
+  ],
+  "main": "./lib",
+  "files": [
+    "lib",
+    "LICENSE",
+    "README.md"
+  ],
+  "scripts": {
+    "build": "tsc",
+    "changelog": "gren changelog --override --generate",
+    "lint": "eslint \"{src,test}/*.ts\" --cache && npm run prettier-check",
+    "lint:fix": "eslint --fix \"{src,test}/*.ts\" && npm run prettier-format",
+    "prepare": "tsc",
+    "prettier-check": "prettier --config .prettierrc.json --check .",
+    "prettier-format": "prettier --config .prettierrc.json --write .",
+    "prerelease": "git clean -xfd && npm ci && npm test",
+    "release": "release-it",
+    "test": "nyc mocha"
+  },
+  "dependencies": {
+    "@xmldom/is-dom-node": "^1.0.1",
+    "@xmldom/xmldom": "^0.8.10",
+    "xpath": "^0.0.33"
+  },
+  "devDependencies": {
+    "@cjbarth/github-release-notes": "^4.2.0",
+    "@istanbuljs/nyc-config-typescript": "^1.0.2",
+    "@prettier/plugin-xml": "^3.2.2",
+    "@types/chai": "^4.3.11",
+    "@types/mocha": "^10.0.6",
+    "@types/node": "^16.18.69",
+    "@typescript-eslint/eslint-plugin": "^6.18.1",
+    "@typescript-eslint/parser": "^6.18.1",
+    "chai": "^4.3.10",
+    "choma": "^1.2.1",
+    "ejs": "^3.1.9",
+    "eslint": "^8.56.0",
+    "eslint-config-prettier": "^9.0.0",
+    "eslint-plugin-deprecation": "^2.0.0",
+    "lcov": "^1.16.0",
+    "mocha": "^10.2.0",
+    "nyc": "^15.1.0",
+    "prettier": "^3.1.0",
+    "prettier-plugin-packagejson": "^2.4.6",
+    "release-it": "^16.3.0",
+    "source-map-support": "^0.5.21",
+    "ts-node": "^10.9.1",
+    "typescript": "^5.3.2"
+  },
+  "engines": {
+    "node": ">=16"
+  }
+}