xadesjs icon indicating copy to clipboard operation
xadesjs copied to clipboard

Published 20 hours ago verified publisher icon PeculiarVentures

Hardcoded namespaces for QualifyingProperties triggers LoadXml error

Open Ulterior opened this issue 5 years ago • 0 comments 

verifying signature for:test_ns.xml
XmlError {
  prefix: 'XMLJS',
  code: 9,
  name: 'XmlError',
  message: "XMLJS0009: Malformed element 'QualifyingProperties'",
  stack: "Error: XMLJS0009: Malformed element 'QualifyingProperties'\n" +
    '    at new XmlError (..\\node_modules\\xml-core\\dist\\index.js:216:22)\n' +
    '    at QualifyingProperties.LoadXml (..\\node_modules\\xml-core\\dist\\index.js:782:19)\n' +
    '    at Function.LoadXml (..\\node_modules\\xml-core\\dist\\index.js:546:13)\n' +
    '    at ..\\node_modules\\xadesjs\\dist\\index.js:2093:59\n' +
    '    at Array.some (<anonymous>)\n' +
    '    at DataObjects.Some (..\\node_modules\\xml-core\\dist\\index.js:1009:35)\n' +
    '    at SignedXml.LoadXml (..\\node_modules\\xadesjs\\dist\\index.js:2087:38)\n' +
    '    at verify (..\\sign-verify.js:200:19)\n' +
    '    at Object.<anonymous> (..\\sign-verify.js:372:5)\n' +
    '    at Module._compile (internal/modules/cjs/loader.js:959:30)'
}

test_ns.log

Xml uploaded as log, please rename :)

I had to monkey patch xadesjs for it to be able to read xml with namespace other than NamespaceURI: "http://uri.etsi.org/01903/v1.3.2#"

    var xmlString = fs.readFileSync(fileName, "utf8");
    var signedDocument = xadesjs.Parse(xmlString, "application/xml");
    var xmlSignature = signedDocument.getElementsByTagNameNS("http://www.w3.org/2000/09/xmldsig#", "Signature");
    var signedXml = new xadesjs.SignedXml(signedDocument);

    try {
        xadesjs.Application.QualifyingProperties = class custQualifyingProperties extends xadesjs.xml.QualifyingProperties {};
        var savedNsURI = Object.getPrototypeOf(xadesjs.Application.QualifyingProperties).namespaceURI;

        const dsObjs = signedDocument.getElementsByTagNameNS("*", "Object");
        if (dsObjs.length > 0) {
            var qProps = dsObjs[0].getElementsByTagNameNS("*", "QualifyingProperties");
            if (qProps.length > 0) {
                Object.getPrototypeOf(xadesjs.Application.QualifyingProperties).namespaceURI = qProps[0].namespaceURI;
            }
        }

        signedXml.LoadXml(xmlSignature[0]);

after that it loads and verifies OK. Normally, in my opinion, xadesjs should accept namespace set up in xml as I am doing it now with my monkey patch

Ulterior avatar Dec 10 '19 12:12 Ulterior