Skip to content

Commit

Permalink
fix double transformationentries in WSSecCert
Browse files Browse the repository at this point in the history 
Upon multiple client calls, everytime the reference is added. This is fixed by checking the xpath on already added references.

I was tempted to add it in the constructor, because it is not likely that one would change the body namespace on an existing client. It would also add some extra changes though ...
  • Loading branch information
@RaymondKroon @jsdevel
RaymondKroon authored and jsdevel committed Jan 25, 2019
1 parent 7a215e0 commit 2bed4c7
Show file tree
Hide file tree
Showing 2 changed files with 14 additions and 3 deletions.
10 changes: 7 additions & 3 deletions lib/security/WSSecurityCert.js
View file
Expand Up @@ -79,10 +79,14 @@ WSSecurityCert.prototype.postProcess = function (xml, envelopeKey) {

var references = this.signatureTransformations;

this.signer.addReference("//*[name(.)='" + envelopeKey + ":Body']", references);
var bodyXpath = "//*[name(.)='" + envelopeKey + ":Body']";
if (!this.signer.references.filter(function(ref){ return ref.xpath === bodyXpath; }).length > 0) {
this.signer.addReference(bodyXpath, references);
}

if (this.hasTimeStamp) {
this.signer.addReference("//*[name(.)='wsse:Security']/*[local-name(.)='Timestamp']", references);
var timestampXpath = "//*[name(.)='wsse:Security']/*[local-name(.)='Timestamp']"
if (this.hasTimeStamp && !this.signer.references.filter(function(ref){ return ref.xpath === timestampXpath; }).length > 0) {
this.signer.addReference(timestampXpath, references);
}

this.signer.computeSignature(xmlWithSec);
Expand Down
7 changes: 7 additions & 0 deletions test/security/WSSecurityCert.js
View file
Expand Up @@ -95,6 +95,13 @@ describe('WSSecurityCert', function() {
xml.match(/<Reference URI="#/g).should.have.length(1);
});

it('double post process should not add extra alments', function() {
var instance = new WSSecurityCert(key, cert, '');
var _ = instance.postProcess('<soap:Header></soap:Header><soap:Body><Body></Body><Timestamp></Timestamp></soap:Body>', 'soap');
var xml = instance.postProcess('<soap:Header></soap:Header><soap:Body><Body></Body><Timestamp></Timestamp></soap:Body>', 'soap');
xml.match(/<Reference URI="#/g).should.have.length(2);
});

it('should have no timestamp when addTimestamp is false', function() {
var instance = new WSSecurityCert(key, cert, '', {hasTimeStamp: false});
var xml = instance.postProcess('<soap:Header></soap:Header><soap:Body><Body></Body><Timestamp></Timestamp></soap:Body>', 'soap');
Expand Down

0 comments on commit 2bed4c7

Please sign in to comment.