chore: Remove whitespace normalization before xml-crypto calls

mcab · mcab · commit 50e8ce68a54c · 2022-10-14T19:51:15.000-07:00
For [0]. Any usage of @xmldom/xmldom >= 0.8.0 will normalize these, see [1] and [2]. The current xml-encryption (2.0.0) does not do this normalization, but will in 2.0.1 [3]. It's technically within the path of xmlenc.decrypt() [4], but this follows how assertions have been handled (not handling non-normalized whitespace). For xml-crypto, this was changed in 3.0.0 with [5]. [0] https://github.com/Clever/saml2/blob/6da3e9c39c326a2f6793bb87c6d12c9ab4446585/lib/saml2.coffee#L242-L245 [1] xmldom/xmldom#307 [2] xmldom/xmldom#314 [3] auth0/node-xml-encryption#101 [4] https://github.com/auth0/node-xml-encryption/blob/291f3f10d5d1d571a3b6da2d411aa323398f5650/lib/xmlenc.js#L185 [5] node-saml/xml-crypto#261
diff --git a/lib/saml2.coffee b/lib/saml2.coffee
@@ -239,10 +239,7 @@ decrypt_assertion = (dom, private_keys, cb) ->
 # This checks the signature of a saml document and returns either array containing the signed data if valid, or null
 # if the signature is invalid. Comparing the result against null is NOT sufficient for signature checks as it doesn't
 # verify the signature is signing the important content, nor is it preventing the parsing of unsigned content.
-check_saml_signature = (_xml, certificate) ->
-  # xml-crypto requires that whitespace is normalized as such:
-  # https://github.com/yaronn/xml-crypto/commit/17f75c538674c0afe29e766b058004ad23bd5136#diff-5dfe38baf287dcf756a17c2dd63483781b53bf4b669e10efdd01e74bcd8e780aL69
-  xml = _xml.replace(/\r\n?/g, '\n')
+check_saml_signature = (xml, certificate) ->
   doc = (new xmldom.DOMParser()).parseFromString(xml)
 
   # xpath failed to capture <ds:Signature> nodes of direct descendents of the root.
