refactor: change ...AlgorithmName to ...AlgorithmURI to more accurately reflect the contents, change Digest... back to Hash... to remain consistent with the existing library, consistently use XMLDSIG_URIS in the library instead of hardcoded strings

Author: shunkica

src/c14n-canonicalization.ts

@@ -1,5 +1,5 @@
 import type {
-  CanonicalizationAlgorithmName,
+  CanonicalizationAlgorithmURI,
   CanonicalizationAlgorithm,
   TransformAlgorithmOptions,
   NamespacePrefix,
@@ -278,7 +278,7 @@ export class C14nCanonicalization implements CanonicalizationAlgorithm {
     return res;
   }
 
-  getAlgorithmName(): CanonicalizationAlgorithmName {
+  getAlgorithmName(): CanonicalizationAlgorithmURI {
     return XMLDSIG_URIS.CANONICALIZATION_ALGORITHMS.C14N;
   }
 }
@@ -292,7 +292,7 @@ export class C14nCanonicalizationWithComments extends C14nCanonicalization {
     this.includeComments = true;
   }
 
-  getAlgorithmName(): CanonicalizationAlgorithmName {
+  getAlgorithmName(): CanonicalizationAlgorithmURI {
     return XMLDSIG_URIS.CANONICALIZATION_ALGORITHMS.C14N_WITH_COMMENTS;
   }
 }

src/enveloped-signature.ts

@@ -1,11 +1,7 @@
 import * as xpath from "xpath";
 import * as isDomNode from "@xmldom/is-dom-node";
-
-import type {
-  TransformAlgorithmOptions,
-  TransformAlgorithm,
-  TransformAlgorithmName,
-} from "./types";
+import { XMLDSIG_URIS } from "./xmldsig-uris";
+import type { TransformAlgorithmOptions, TransformAlgorithm, TransformAlgorithmURI } from "./types";
 
 export class EnvelopedSignature implements TransformAlgorithm {
   protected includeComments = false;
@@ -17,7 +13,7 @@ export class EnvelopedSignature implements TransformAlgorithm {
   process(node: Node, options: TransformAlgorithmOptions): Node {
     if (null == options.signatureNode) {
       const signature = xpath.select1(
-        "./*[local-name(.)='Signature' and namespace-uri(.)='http://www.w3.org/2000/09/xmldsig#']",
+        `./*[local-name(.)='Signature' and namespace-uri(.)='${XMLDSIG_URIS.NAMESPACES.ds}']`,
         node,
       );
       if (isDomNode.isNodeLike(signature) && signature.parentNode) {
@@ -34,7 +30,7 @@ export class EnvelopedSignature implements TransformAlgorithm {
       const expectedSignatureValueData = expectedSignatureValue.data;
 
       const signatures = xpath.select(
-        ".//*[local-name(.)='Signature' and namespace-uri(.)='http://www.w3.org/2000/09/xmldsig#']",
+        `.//*[local-name(.)='Signature' and namespace-uri(.)='${XMLDSIG_URIS.NAMESPACES.ds}']`,
         node,
       );
       for (const nodeSignature of Array.isArray(signatures) ? signatures : []) {
@@ -55,7 +51,7 @@ export class EnvelopedSignature implements TransformAlgorithm {
     return node;
   }
 
-  getAlgorithmName(): TransformAlgorithmName {
-    return "http://www.w3.org/2000/09/xmldsig#enveloped-signature";
+  getAlgorithmName(): TransformAlgorithmURI {
+    return XMLDSIG_URIS.TRANSFORM_ALGORITHMS.ENVELOPED_SIGNATURE;
   }
 }

src/exclusive-canonicalization.ts

@@ -1,5 +1,5 @@
 import type {
-  CanonicalizationAlgorithmName,
+  CanonicalizationAlgorithmURI,
   CanonicalizationAlgorithm,
   TransformAlgorithmOptions,
   NamespacePrefix,
@@ -301,7 +301,7 @@ export class ExclusiveCanonicalization implements CanonicalizationAlgorithm {
           ancestorNamespaces.forEach(function (ancestorNamespace) {
             if (prefix === ancestorNamespace.prefix) {
               elem.setAttributeNS(
-                "http://www.w3.org/2000/xmlns/",
+                XMLDSIG_URIS.NAMESPACES.xmlns,
                 `xmlns:${prefix}`,
                 ancestorNamespace.namespaceURI,
               );
@@ -321,7 +321,7 @@ export class ExclusiveCanonicalization implements CanonicalizationAlgorithm {
     return res;
   }
 
-  getAlgorithmName(): CanonicalizationAlgorithmName {
+  getAlgorithmName(): CanonicalizationAlgorithmURI {
     return XMLDSIG_URIS.CANONICALIZATION_ALGORITHMS.EXCLUSIVE_C14N;
   }
 }
@@ -332,7 +332,7 @@ export class ExclusiveCanonicalizationWithComments extends ExclusiveCanonicaliza
     this.includeComments = true;
   }
 
-  getAlgorithmName(): CanonicalizationAlgorithmName {
+  getAlgorithmName(): CanonicalizationAlgorithmURI {
     return XMLDSIG_URIS.CANONICALIZATION_ALGORITHMS.EXCLUSIVE_C14N_WITH_COMMENTS;
   }
 }

src/hash-algorithms.ts

@@ -1,5 +1,6 @@
 import * as crypto from "crypto";
 import type { HashAlgorithm } from "./types";
+import { XMLDSIG_URIS } from "./xmldsig-uris";
 
 export class Sha1 implements HashAlgorithm {
   getHash = function (xml) {
@@ -10,7 +11,7 @@ export class Sha1 implements HashAlgorithm {
   };
 
   getAlgorithmName = function () {
-    return "http://www.w3.org/2000/09/xmldsig#sha1";
+    return XMLDSIG_URIS.HASH_ALGORITHMS.SHA1;
   };
 }
 
@@ -23,7 +24,7 @@ export class Sha256 implements HashAlgorithm {
   };
 
   getAlgorithmName = function () {
-    return "http://www.w3.org/2001/04/xmlenc#sha256";
+    return XMLDSIG_URIS.HASH_ALGORITHMS.SHA256;
   };
 }
 
@@ -36,6 +37,6 @@ export class Sha512 implements HashAlgorithm {
   };
 
   getAlgorithmName = function () {
-    return "http://www.w3.org/2001/04/xmlenc#sha512";
+    return XMLDSIG_URIS.HASH_ALGORITHMS.SHA512;
   };
 }

src/signature-algorithms.ts

@@ -1,5 +1,6 @@
 import * as crypto from "crypto";
 import { type SignatureAlgorithm, createOptionalCallbackFunction } from "./types";
+import { XMLDSIG_URIS } from "./xmldsig-uris";
 
 export class RsaSha1 implements SignatureAlgorithm {
   getSignature = createOptionalCallbackFunction(
@@ -23,7 +24,7 @@ export class RsaSha1 implements SignatureAlgorithm {
   );
 
   getAlgorithmName = () => {
-    return "http://www.w3.org/2000/09/xmldsig#rsa-sha1";
+    return XMLDSIG_URIS.SIGNATURE_ALGORITHMS.RSA_SHA1;
   };
 }
 
@@ -49,7 +50,7 @@ export class RsaSha256 implements SignatureAlgorithm {
   );
 
   getAlgorithmName = () => {
-    return "http://www.w3.org/2001/04/xmldsig-more#rsa-sha256";
+    return XMLDSIG_URIS.SIGNATURE_ALGORITHMS.RSA_SHA256;
   };
 }
 
@@ -96,7 +97,7 @@ export class RsaSha256Mgf1 implements SignatureAlgorithm {
   );
 
   getAlgorithmName = () => {
-    return "http://www.w3.org/2007/05/xmldsig-more#sha256-rsa-MGF1";
+    return XMLDSIG_URIS.SIGNATURE_ALGORITHMS.RSA_SHA256_MGF1;
   };
 }
 
@@ -122,7 +123,7 @@ export class RsaSha512 implements SignatureAlgorithm {
   );
 
   getAlgorithmName = () => {
-    return "http://www.w3.org/2001/04/xmldsig-more#rsa-sha512";
+    return XMLDSIG_URIS.SIGNATURE_ALGORITHMS.RSA_SHA512;
   };
 }
 
@@ -148,6 +149,6 @@ export class HmacSha1 implements SignatureAlgorithm {
   );
 
   getAlgorithmName = () => {
-    return "http://www.w3.org/2000/09/xmldsig#hmac-sha1";
+    return XMLDSIG_URIS.SIGNATURE_ALGORITHMS.HMAC_SHA1;
   };
 }

src/signed-xml.ts

@@ -1,17 +1,17 @@
 import type {
-  CanonicalizationAlgorithmName,
-  TransformAlgorithmName,
+  CanonicalizationAlgorithmURI,
+  TransformAlgorithmURI,
   TransformAlgorithmOptions,
   ComputeSignatureOptions,
   ErrorFirstCallback,
   GetKeyInfoContentArgs,
-  HashAlgorithmName,
+  HashAlgorithmURI,
   IdAttributeType,
   ObjectAttributes,
   Reference,
-  SignatureAlgorithmName,
+  SignatureAlgorithmURI,
   SignedXmlOptions,
-  DigestAlgorithmMap,
+  HashAlgorithmMap,
   SignatureAlgorithmMap,
   CanonicalizationAlgorithmMap,
   TransformAlgorithmMap,
@@ -32,7 +32,7 @@ import * as utils from "./utils";
 import { XMLDSIG_URIS } from "./xmldsig-uris";
 const {
   CANONICALIZATION_ALGORITHMS,
-  DIGEST_ALGORITHMS,
+  HASH_ALGORITHMS,
   SIGNATURE_ALGORITHMS,
   TRANSFORM_ALGORITHMS,
   NAMESPACES,
@@ -60,13 +60,13 @@ export class SignedXml {
   publicCert?: crypto.KeyLike;
   /**
    * One of the supported signature algorithms.
-   * @see {@link SignatureAlgorithmName}
+   * @see {@link SignatureAlgorithmURI}
    */
-  signatureAlgorithm?: SignatureAlgorithmName = undefined;
+  signatureAlgorithm?: SignatureAlgorithmURI = undefined;
   /**
    * Rules used to convert an XML document into its canonical form.
    */
-  canonicalizationAlgorithm?: CanonicalizationAlgorithmName = undefined;
+  canonicalizationAlgorithm?: CanonicalizationAlgorithmURI = undefined;
   /**
    * It specifies a list of namespace prefixes that should be considered "inclusive" during the canonicalization process.
    * Only applicable when using exclusive canonicalization.
@@ -79,7 +79,7 @@ export class SignedXml {
   };
 
   maxTransforms: number | null;
-  implicitTransforms: ReadonlyArray<TransformAlgorithmName> = [];
+  implicitTransforms: ReadonlyArray<TransformAlgorithmURI> = [];
   keyInfoAttributes: { [attrName: string]: string } = {};
   getKeyInfoContent = SignedXml.getKeyInfoContent;
   getCertFromKeyInfo = SignedXml.getCertFromKeyInfo;
@@ -116,7 +116,7 @@ export class SignedXml {
   /**
    * To add a new hash algorithm create a new class that implements the {@link HashAlgorithm} interface, and register it here. More info: {@link https://github.com/node-saml/xml-crypto#customizing-algorithms|Customizing Algorithms}
    */
-  HashAlgorithms: DigestAlgorithmMap;
+  HashAlgorithms: HashAlgorithmMap;
 
   /**
    * To add a new signature algorithm create a new class that implements the {@link SignatureAlgorithm} interface, and register it here. More info: {@link https://github.com/node-saml/xml-crypto#customizing-algorithms|Customizing Algorithms}
@@ -144,11 +144,11 @@ export class SignedXml {
     [TRANSFORM_ALGORITHMS.ENVELOPED_SIGNATURE]: envelopedSignatures.EnvelopedSignature,
   });
 
-  static readonly getDefaultDigestAlgorithms = (): DigestAlgorithmMap => ({
+  static readonly getDefaultHashAlgorithms = (): HashAlgorithmMap => ({
     // TODO: In v7.x we may consider removing sha1 from defaults
-    [DIGEST_ALGORITHMS.SHA1]: hashAlgorithms.Sha1,
-    [DIGEST_ALGORITHMS.SHA256]: hashAlgorithms.Sha256,
-    [DIGEST_ALGORITHMS.SHA512]: hashAlgorithms.Sha512,
+    [HASH_ALGORITHMS.SHA1]: hashAlgorithms.Sha1,
+    [HASH_ALGORITHMS.SHA256]: hashAlgorithms.Sha256,
+    [HASH_ALGORITHMS.SHA512]: hashAlgorithms.Sha512,
   });
 
   static readonly getDefaultSignatureAlgorithms = (): SignatureAlgorithmMap => ({
@@ -187,7 +187,7 @@ export class SignedXml {
       getCertFromKeyInfo,
       objects,
       allowedSignatureAlgorithms,
-      allowedDigestAlgorithms,
+      allowedHashAlgorithms,
       allowedCanonicalizationAlgorithms,
       allowedTransformAlgorithms,
     } = options;
@@ -215,7 +215,7 @@ export class SignedXml {
     this.objects = objects;
     this.CanonicalizationAlgorithms =
       allowedCanonicalizationAlgorithms ?? SignedXml.getDefaultCanonicalizationAlgorithms();
-    this.HashAlgorithms = allowedDigestAlgorithms ?? SignedXml.getDefaultDigestAlgorithms();
+    this.HashAlgorithms = allowedHashAlgorithms ?? SignedXml.getDefaultHashAlgorithms();
     this.SignatureAlgorithms =
       allowedSignatureAlgorithms ?? SignedXml.getDefaultSignatureAlgorithms();
     // TODO: use default transform algorithms if not provided (breaking change)
@@ -503,7 +503,7 @@ export class SignedXml {
     }
   }
 
-  private findSignatureAlgorithm(name?: SignatureAlgorithmName) {
+  private findSignatureAlgorithm(name?: SignatureAlgorithmURI) {
     if (name == null) {
       throw new Error("signatureAlgorithm is required");
     }
@@ -515,7 +515,7 @@ export class SignedXml {
     }
   }
 
-  private findCanonicalizationAlgorithm(name: CanonicalizationAlgorithmName) {
+  private findCanonicalizationAlgorithm(name: CanonicalizationAlgorithmURI) {
     if (name != null) {
       const algo = this.CanonicalizationAlgorithms[name];
       if (algo) {
@@ -526,7 +526,7 @@ export class SignedXml {
     throw new Error(`canonicalization algorithm '${name}' is not supported`);
   }
 
-  private findHashAlgorithm(name: HashAlgorithmName) {
+  private findHashAlgorithm(name: HashAlgorithmURI) {
     const algo = this.HashAlgorithms[name];
     if (algo) {
       return new algo();
@@ -535,7 +535,7 @@ export class SignedXml {
     }
   }
 
-  private findTransformAlgorithm(name: TransformAlgorithmName) {
+  private findTransformAlgorithm(name: TransformAlgorithmURI) {
     // TODO: remove this fallback (breaking change)
     if (this.TransformAlgorithms == null) {
       return this.findCanonicalizationAlgorithm(name);
@@ -709,7 +709,7 @@ export class SignedXml {
     }
 
     if (isDomNode.isAttributeNode(node)) {
-      this.canonicalizationAlgorithm = node.value as CanonicalizationAlgorithmName;
+      this.canonicalizationAlgorithm = node.value as CanonicalizationAlgorithmURI;
 
       if (!this.findCanonicalizationAlgorithm(this.canonicalizationAlgorithm)) {
         throw new Error(
@@ -724,7 +724,7 @@ export class SignedXml {
     );
 
     if (isDomNode.isAttributeNode(signatureAlgorithm)) {
-      this.signatureAlgorithm = signatureAlgorithm.value as SignatureAlgorithmName;
+      this.signatureAlgorithm = signatureAlgorithm.value as SignatureAlgorithmURI;
     }
 
     const signedInfoNodes = utils.findChildren(this.signatureNode, "SignedInfo");
@@ -862,9 +862,9 @@ export class SignedXml {
      */
     if (
       transforms.length === 0 ||
-      transforms[transforms.length - 1] === "http://www.w3.org/2000/09/xmldsig#enveloped-signature"
+      transforms[transforms.length - 1] === TRANSFORM_ALGORITHMS.ENVELOPED_SIGNATURE
     ) {
-      transforms.push("http://www.w3.org/TR/2001/REC-xml-c14n-20010315");
+      transforms.push(CANONICALIZATION_ALGORITHMS.C14N);
     }
     const refUri = isDomNode.isElementNode(refNode)
       ? refNode.getAttribute("URI") || undefined
@@ -1192,7 +1192,7 @@ export class SignedXml {
     }
 
     const currentPrefix = prefix ? `${prefix}:` : "";
-    const signatureNamespace = "http://www.w3.org/2000/09/xmldsig#";
+    const signatureNamespace = XMLDSIG_URIS.NAMESPACES.ds;
 
     // Find the SignedInfo element to append to
     const signedInfoNode = xpath.select1(`./*[local-name(.)='SignedInfo']`, signatureElem);
@@ -1395,11 +1395,7 @@ export class SignedXml {
     let attr;
 
     if (this.idMode === "wssecurity") {
-      attr = utils.findAttr(
-        node,
-        "Id",
-        "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd",
-      );
+      attr = utils.findAttr(node, "Id", XMLDSIG_URIS.NAMESPACES.wsu);
     } else {
       this.idAttributes.some((idAttribute) => {
         if (typeof idAttribute === "string") {