Skip to content

Commit

Permalink
Merge pull request #61 from pboyd04/UseCanonicalizationFromSigInfo
Browse files Browse the repository at this point in the history 
Use canonicalization from sig info
  • Loading branch information
@russellhaering
russellhaering committed Sep 30, 2020
2 parents d396ec6 + da44dfd commit 0bf1c10
Show file tree
Hide file tree
Showing 2 changed files with 25 additions and 13 deletions.
26 changes: 21 additions & 5 deletions canonicalize.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -13,6 +13,22 @@ type Canonicalizer interface {
Algorithm() AlgorithmID
}

type NullCanonicalizer struct {
}

func MakeNullCanonicalizer() Canonicalizer {
return &NullCanonicalizer{}
}

func (c *NullCanonicalizer) Algorithm() AlgorithmID {
return AlgorithmID("NULL")
}

func (c *NullCanonicalizer) Canonicalize(el *etree.Element) ([]byte, error) {
scope := make(map[string]struct{})
return canonicalSerialize(canonicalPrep(el, scope, false))
}

type c14N10ExclusiveCanonicalizer struct {
prefixList string
}
Expand Down Expand Up @@ -49,7 +65,7 @@ func MakeC14N11Canonicalizer() Canonicalizer {
// Canonicalize transforms the input Element into a serialized XML document in canonical form.
func (c *c14N11Canonicalizer) Canonicalize(el *etree.Element) ([]byte, error) {
scope := make(map[string]struct{})
return canonicalSerialize(canonicalPrep(el, scope))
return canonicalSerialize(canonicalPrep(el, scope, true))
}

func (c *c14N11Canonicalizer) Algorithm() AlgorithmID {
Expand All @@ -66,7 +82,7 @@ func MakeC14N10RecCanonicalizer() Canonicalizer {
// Canonicalize transforms the input Element into a serialized XML document in canonical form.
func (c *c14N10RecCanonicalizer) Canonicalize(el *etree.Element) ([]byte, error) {
scope := make(map[string]struct{})
return canonicalSerialize(canonicalPrep(el, scope))
return canonicalSerialize(canonicalPrep(el, scope, true))
}

func (c *c14N10RecCanonicalizer) Algorithm() AlgorithmID {
Expand All @@ -83,7 +99,7 @@ func MakeC14N10CommentCanonicalizer() Canonicalizer {
// Canonicalize transforms the input Element into a serialized XML document in canonical form.
func (c *c14N10CommentCanonicalizer) Canonicalize(el *etree.Element) ([]byte, error) {
scope := make(map[string]struct{})
return canonicalSerialize(canonicalPrep(el, scope))
return canonicalSerialize(canonicalPrep(el, scope, true))
}

func (c *c14N10CommentCanonicalizer) Algorithm() AlgorithmID {
Expand Down Expand Up @@ -116,7 +132,7 @@ const nsSpace = "xmlns"
//
// TODO(russell_h): This is very similar to excCanonicalPrep - perhaps they should
// be unified into one parameterized function?
func canonicalPrep(el *etree.Element, seenSoFar map[string]struct{}) *etree.Element {
func canonicalPrep(el *etree.Element, seenSoFar map[string]struct{}, strip bool) *etree.Element {
_seenSoFar := make(map[string]struct{})
for k, v := range seenSoFar {
_seenSoFar[k] = v
Expand All @@ -141,7 +157,7 @@ func canonicalPrep(el *etree.Element, seenSoFar map[string]struct{}) *etree.Elem
for i, token := range ne.Child {
childElement, ok := token.(*etree.Element)
if ok {
ne.Child[i] = canonicalPrep(childElement, _seenSoFar)
ne.Child[i] = canonicalPrep(childElement, _seenSoFar, strip)
}
}

Expand Down
12 changes: 4 additions & 8 deletions validate.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -111,10 +111,6 @@ func (ctx *ValidationContext) transform(
ref *types.Reference) (*etree.Element, Canonicalizer, error) {
transforms := ref.Transforms.Transforms

if len(transforms) != 2 {
return nil, nil, errors.New("Expected Enveloped and C14N transforms")
}

// map the path to the passed signature relative to the passed root, in
// order to enable removal of the signature by an enveloped signature
// transform
Expand Down Expand Up @@ -157,7 +153,7 @@ func (ctx *ValidationContext) transform(
}

if canonicalizer == nil {
return nil, nil, errors.New("Expected canonicalization transform")
canonicalizer = MakeNullCanonicalizer()
}

return el, canonicalizer, nil
Expand Down Expand Up @@ -368,13 +364,13 @@ func (ctx *ValidationContext) findSignature(root *etree.Element) (*types.Signatu
canonicalSignedInfo = detachedSignedInfo

case CanonicalXML11AlgorithmId:
canonicalSignedInfo = canonicalPrep(detachedSignedInfo, map[string]struct{}{})
canonicalSignedInfo = canonicalPrep(detachedSignedInfo, map[string]struct{}{}, true)

case CanonicalXML10RecAlgorithmId:
canonicalSignedInfo = canonicalPrep(detachedSignedInfo, map[string]struct{}{})
canonicalSignedInfo = canonicalPrep(detachedSignedInfo, map[string]struct{}{}, true)

case CanonicalXML10CommentAlgorithmId:
canonicalSignedInfo = canonicalPrep(detachedSignedInfo, map[string]struct{}{})
canonicalSignedInfo = canonicalPrep(detachedSignedInfo, map[string]struct{}{}, true)

default:
return fmt.Errorf("invalid CanonicalizationMethod on Signature: %s", c14NAlgorithm)
Expand Down

0 comments on commit 0bf1c10

Please sign in to comment.