Update signed-xml.js (#172)

fix namespace issue documented in #72
node-saml · Feb 10, 2019 · d686c4e · d686c4e
1 parent 8d46b73
commit d686c4e
Showing 1 changed file with 24 additions and 0 deletions.
diff --git a/lib/signed-xml.js b/lib/signed-xml.js
@@ -478,6 +478,30 @@ SignedXml.prototype.validateReferences = function(doc) {
 
     var hash = this.findHashAlgorithm(ref.digestAlgorithm)
     var digest = hash.getHash(canonXml)
+
+    if (!validateDigestValue(digest, ref.digestValue)) {
+      if (ref.inclusiveNamespacesPrefixList) {
+        // fallback: apply InclusiveNamespaces workaround (https://github.com/yaronn/xml-crypto/issues/72)
+        var prefixList = ref.inclusiveNamespacesPrefixList instanceof Array ? ref.inclusiveNamespacesPrefixList : ref.inclusiveNamespacesPrefixList.split(' ');
+        var supported_definitions = {
+          'xs': 'http://www.w3.org/2001/XMLSchema',
+          'xsi': 'http://www.w3.org/2001/XMLSchema-instance',
+          'saml': 'urn:oasis:names:tc:SAML:2.0:assertion'
+        }
+
+        prefixList.forEach(function (prefix) {
+          if (supported_definitions[prefix]) {
+            elem[0].setAttributeNS('http://www.w3.org/2000/xmlns/', 'xmlns:' + prefix, supported_definitions[prefix]);
+          }
+        });
+
+        canonXml = this.getCanonXml(ref.transforms, elem[0], { inclusiveNamespacesPrefixList: ref.inclusiveNamespacesPrefixList });
+        digest = hash.getHash(canonXml);
+        if (digest === ref.digestValue) {
+          return true;
+        }
+      }
+    }
 
     if (!validateDigestValue(digest, ref.digestValue)) {
       this.validationErrors.push("invalid signature: for uri " + ref.uri +