Merge 86d23b3 into ce72ca5

Mifiel · Jun 30, 2021 · c37a4d6 · c37a4d6
2 parents ce72ca5 + 86d23b3
commit c37a4d6
Show file tree

Hide file tree

Showing 3 changed files with 35 additions and 6 deletions.
diff --git a/spec/encryptedDocumentSpec.ts b/spec/encryptedDocumentSpec.ts
@@ -1,17 +1,24 @@
+import { expect } from 'chai';
 import Document from '../src/document';
 import { FromXMLResponse } from '../src/document';
-import { hextoB64 } from '../src/common'
-import { expect } from 'chai';
+import { hextoB64, sha256 } from '../src/common'
+import XML from '../src/xml';
 
 const fs = require('fs');
 
 describe('Encrypted Document', () => {
   describe('when everything is ok', () => {
     let doc;
     let result: FromXMLResponse;
+    let xml: XML;
+
     beforeEach(async () => {
-      const xml = fs.readFileSync(`${__dirname}/fixtures/example_signed.enc.xml`).toString();
-      result = await Document.fromXml(xml);
+      const xmlEnc = `${__dirname}/fixtures/example_signed.enc.xml`;
+      const xmlString = fs.readFileSync(xmlEnc);
+      xml = new XML();
+      await xml.parse(xmlString);
+
+      result = await Document.fromXml(xmlString);
       doc = result.document;
     });
 
@@ -51,5 +58,14 @@ describe('Encrypted Document', () => {
         expect(xml).not.to.include('encrypted');
       })
     })
+
+    describe('original xml hash', () => {
+      const originalXmlHash = '52d36a70e4d9a0fa1464d19bbd4b2e4d936ec0c680d6f677c9b58d1b5c883551';
+
+      it('should be the sha256 of the XML without geolocation', () => {
+        const calculated = sha256(xml.canonical());
+        expect(calculated).to.eq(originalXmlHash);
+      });
+    });
   });
 })
diff --git a/spec/fixtures/example_signed.enc.xml b/spec/fixtures/example_signed.enc.xml
@@ -1659,7 +1659,7 @@ MmJmMGUwNDFlOWY0ZTFmM2M5ZjkxNjg2ZDg0M2JhYzNkYjBiODQ4MDI4YTEy
 MzAyMzhiMmJkZTc5MzQ2OTU5Y2RhNzgyNDQ4OWRiZDE3OTZlYzMyYmI2MzEw
 YWUxMjJlZGI5ZDU2YTA5YjQ2NWNlYmE5YjczMTIxNGIxMjVjZWRmNGYxZWE5
 MTAxMjBiNmYzZTIzZmIwMzQ
-</ePass></signer><signer id="AAA010101AAA" name="ACCEM SERVICIOS EMPRESARIALES SC" email="other@email.com"><certificate number="20001000000200001428" issuer="Servicio de Administración Tributaria">MIIEYTCCA0mgAwIBAgIUMjAwMDEwMDAwMDAyMDAwMDE0MjgwDQYJKoZIhvcN
+</ePass><auditTrail><event id="b6913103-f93f-4a78-8883-5dcdea675d6c" name="document-signed" timestamp="2021-06-29T20:04:52+00:00"><details><attribute name="browser-url" value="http://app.mifiel.localhost:3000/api/v1/signers/635fbaca-c19e-4cc6-be5f-c3af0f9ba2c7/signature_package"></attribute><attribute name="ip-address" value="::1"></attribute><attribute name="browser-agent" value="Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.114 Safari/537.36"></attribute></details></event><event id="b6913103-f93f-4a78-8883-5dcdea675d6c" name="geolocation" timestamp="2021-06-25T22:43:46+00:00"><details><attribute name="coords" value="23,-102"></attribute><attribute name="country-name" value="Mexico"></attribute><attribute name="region-name" value=""></attribute><attribute name="city" value=""></attribute><attribute name="zip" value=""></attribute></details></event></auditTrail></signer><signer id="AAA010101AAA" name="ACCEM SERVICIOS EMPRESARIALES SC" email="other@email.com"><certificate number="20001000000200001428" issuer="Servicio de Administración Tributaria">MIIEYTCCA0mgAwIBAgIUMjAwMDEwMDAwMDAyMDAwMDE0MjgwDQYJKoZIhvcN
 AQEFBQAwggFcMRowGAYDVQQDDBFBLkMuIDIgZGUgcHJ1ZWJhczEvMC0GA1UE
 CgwmU2VydmljaW8gZGUgQWRtaW5pc3RyYWNpw7NuIFRyaWJ1dGFyaWExODA2
 BgNVBAsML0FkbWluaXN0cmFjacOzbiBkZSBTZWd1cmlkYWQgZGUgbGEgSW5m
@@ -1699,4 +1699,4 @@ MmJmMGUwNDFlOWY0ZTFmM2M5ZjkxNjg2ZDg0M2JhYzNkYjBiODQ4MDI4YTEy
 MzAyMzhiMmJkZTc5MzQ2OTU5Y2RhNzgyNDQ4OWRiZDE3OTZlYzMyYmI2MzEw
 YWUxMjJlZGI5ZDU2YTA5YjQ2NWNlYmE5YjczMTIxNGIxMjVjZWRmNGYxZWE5
 MTAxMjBiNmYzZTIzZmIwMzQ
-</ePass></signer></signers></electronicDocument>
+</ePass><auditTrail><event id="c5e3cd55-af3a-47cd-ac36-9f631eb40439" name="document-signed" timestamp="2021-06-29T20:04:52+00:00"><details><attribute name="browser-url" value="http://app.mifiel.localhost:3000/api/v1/signers/5fbbe92b-5fc8-4fe6-a897-fa6637eef98c/signature_package"></attribute><attribute name="ip-address" value="::1"></attribute><attribute name="browser-agent" value="Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.114 Safari/537.36"></attribute></details></event><event id="c5e3cd55-af3a-47cd-ac36-9f631eb40439" name="geolocation" timestamp="2021-06-25T22:43:46+00:00"><details><attribute name="coords" value="23,-102"></attribute><attribute name="country-name" value="Mexico"></attribute><attribute name="region-name" value=""></attribute><attribute name="city" value=""></attribute><attribute name="zip" value=""></attribute></details></event></auditTrail></signer></signers></electronicDocument>
diff --git a/src/xml.ts b/src/xml.ts
@@ -50,6 +50,18 @@ export default class XML {
     });
   }
 
+  static removeGeolocation(xmljs: any) {
+    xmljs.signers[0].signer.forEach(function(signer) {
+      if(signer.auditTrail) {
+        signer.auditTrail[0].event.forEach(function(event, index) {
+          if (event.$.name === 'geolocation') {
+            delete signer.auditTrail[0].event[index];
+          }
+        });
+      }
+    });
+  }
+
   parse(xml) {
     const el = this;
     return new Promise((resolve, reject) => parseString(xml, function(err, result) {
@@ -80,6 +92,7 @@ export default class XML {
     const edoc = JSON.parse(JSON.stringify(this.eDocument));
     delete edoc.conservancyRecord;
     XML.removeEncrypedData(edoc);
+    XML.removeGeolocation(edoc);
 
     if (this.version_int >= 100) {
       edoc[this.fileElementName][0]._ = '';